]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Switch from netcat-traditional to netcat6
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use UUID;
8
9 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
10 use PVE::SafeSyslog;
11 use PVE::Tools qw(extract_param);
12 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
13 use PVE::Storage;
14 use PVE::JSONSchema qw(get_standard_option);
15 use PVE::RESTHandler;
16 use PVE::QemuServer;
17 use PVE::QemuMigrate;
18 use PVE::RPCEnvironment;
19 use PVE::AccessControl;
20 use PVE::INotify;
21 use PVE::Network;
22 use PVE::API2::Firewall::VM;
23 use PVE::HA::Config;
24
25 use Data::Dumper; # fixme: remove
26
27 use base qw(PVE::RESTHandler);
28
29 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
30
31 my $resolve_cdrom_alias = sub {
32 my $param = shift;
33
34 if (my $value = $param->{cdrom}) {
35 $value .= ",media=cdrom" if $value !~ m/media=/;
36 $param->{ide2} = $value;
37 delete $param->{cdrom};
38 }
39 };
40
41 my $test_deallocate_drive = sub {
42 my ($storecfg, $vmid, $key, $drive, $force) = @_;
43
44 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
45 my $volid = $drive->{file};
46 if ( PVE::QemuServer::vm_is_volid_owner($storecfg, $vmid, $volid)) {
47 if ($force || $key =~ m/^unused/) {
48 my $sid = PVE::Storage::parse_volume_id($volid);
49 return $sid;
50 }
51 }
52 }
53
54 return undef;
55 };
56
57 my $check_storage_access = sub {
58 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
59
60 PVE::QemuServer::foreach_drive($settings, sub {
61 my ($ds, $drive) = @_;
62
63 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
64
65 my $volid = $drive->{file};
66
67 if (!$volid || $volid eq 'none') {
68 # nothing to check
69 } elsif ($isCDROM && ($volid eq 'cdrom')) {
70 $rpcenv->check($authuser, "/", ['Sys.Console']);
71 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
72 my ($storeid, $size) = ($2 || $default_storage, $3);
73 die "no storage ID specified (and no default storage)\n" if !$storeid;
74 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
75 } else {
76 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
77 }
78 });
79 };
80
81 my $check_storage_access_clone = sub {
82 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
83
84 my $sharedvm = 1;
85
86 PVE::QemuServer::foreach_drive($conf, sub {
87 my ($ds, $drive) = @_;
88
89 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
90
91 my $volid = $drive->{file};
92
93 return if !$volid || $volid eq 'none';
94
95 if ($isCDROM) {
96 if ($volid eq 'cdrom') {
97 $rpcenv->check($authuser, "/", ['Sys.Console']);
98 } else {
99 # we simply allow access
100 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
101 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
102 $sharedvm = 0 if !$scfg->{shared};
103
104 }
105 } else {
106 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
107 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
108 $sharedvm = 0 if !$scfg->{shared};
109
110 $sid = $storage if $storage;
111 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
112 }
113 });
114
115 return $sharedvm;
116 };
117
118 # Note: $pool is only needed when creating a VM, because pool permissions
119 # are automatically inherited if VM already exists inside a pool.
120 my $create_disks = sub {
121 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
122
123 my $vollist = [];
124
125 my $res = {};
126 PVE::QemuServer::foreach_drive($settings, sub {
127 my ($ds, $disk) = @_;
128
129 my $volid = $disk->{file};
130
131 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
132 delete $disk->{size};
133 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
134 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
135 my ($storeid, $size) = ($2 || $default_storage, $3);
136 die "no storage ID specified (and no default storage)\n" if !$storeid;
137 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
138 my $fmt = $disk->{format} || $defformat;
139 my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
140 $fmt, undef, $size*1024*1024);
141 $disk->{file} = $volid;
142 $disk->{size} = $size*1024*1024*1024;
143 push @$vollist, $volid;
144 delete $disk->{format}; # no longer needed
145 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
146 } else {
147
148 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
149
150 my $volid_is_new = 1;
151
152 if ($conf->{$ds}) {
153 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
154 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
155 }
156
157 if ($volid_is_new) {
158
159 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
160
161 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
162
163 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
164
165 die "volume $volid does not exists\n" if !$size;
166
167 $disk->{size} = $size;
168 }
169
170 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
171 }
172 });
173
174 # free allocated images on error
175 if (my $err = $@) {
176 syslog('err', "VM $vmid creating disks failed");
177 foreach my $volid (@$vollist) {
178 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
179 warn $@ if $@;
180 }
181 die $err;
182 }
183
184 # modify vm config if everything went well
185 foreach my $ds (keys %$res) {
186 $conf->{$ds} = $res->{$ds};
187 }
188
189 return $vollist;
190 };
191
192 my $delete_drive = sub {
193 my ($conf, $storecfg, $vmid, $key, $drive, $force) = @_;
194
195 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
196 my $volid = $drive->{file};
197
198 if (PVE::QemuServer::vm_is_volid_owner($storecfg, $vmid, $volid)) {
199 if ($force || $key =~ m/^unused/) {
200 eval {
201 # check if the disk is really unused
202 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, $key);
203 my $path = PVE::Storage::path($storecfg, $volid);
204
205 die "unable to delete '$volid' - volume is still in use (snapshot?)\n"
206 if $used_paths->{$path};
207
208 PVE::Storage::vdisk_free($storecfg, $volid);
209 };
210 die $@ if $@;
211 } else {
212 PVE::QemuServer::add_unused_volume($conf, $volid, $vmid);
213 }
214 }
215 }
216
217 delete $conf->{$key};
218 };
219
220 my $check_vm_modify_config_perm = sub {
221 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
222
223 return 1 if $authuser eq 'root@pam';
224
225 foreach my $opt (@$key_list) {
226 # disk checks need to be done somewhere else
227 next if PVE::QemuServer::valid_drivename($opt);
228
229 if ($opt eq 'sockets' || $opt eq 'cores' ||
230 $opt eq 'cpu' || $opt eq 'smp' || $opt eq 'vcpus' ||
231 $opt eq 'cpulimit' || $opt eq 'cpuunits') {
232 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
233 } elsif ($opt eq 'boot' || $opt eq 'bootdisk') {
234 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
235 } elsif ($opt eq 'memory' || $opt eq 'balloon' || $opt eq 'shares') {
236 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
237 } elsif ($opt eq 'args' || $opt eq 'lock') {
238 die "only root can set '$opt' config\n";
239 } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' || $opt eq 'machine' ||
240 $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet' || $opt eq 'smbios1') {
241 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
242 } elsif ($opt =~ m/^net\d+$/) {
243 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
244 } else {
245 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
246 }
247 }
248
249 return 1;
250 };
251
252 __PACKAGE__->register_method({
253 name => 'vmlist',
254 path => '',
255 method => 'GET',
256 description => "Virtual machine index (per node).",
257 permissions => {
258 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
259 user => 'all',
260 },
261 proxyto => 'node',
262 protected => 1, # qemu pid files are only readable by root
263 parameters => {
264 additionalProperties => 0,
265 properties => {
266 node => get_standard_option('pve-node'),
267 },
268 },
269 returns => {
270 type => 'array',
271 items => {
272 type => "object",
273 properties => {},
274 },
275 links => [ { rel => 'child', href => "{vmid}" } ],
276 },
277 code => sub {
278 my ($param) = @_;
279
280 my $rpcenv = PVE::RPCEnvironment::get();
281 my $authuser = $rpcenv->get_user();
282
283 my $vmstatus = PVE::QemuServer::vmstatus();
284
285 my $res = [];
286 foreach my $vmid (keys %$vmstatus) {
287 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
288
289 my $data = $vmstatus->{$vmid};
290 $data->{vmid} = int($vmid);
291 push @$res, $data;
292 }
293
294 return $res;
295 }});
296
297
298
299 __PACKAGE__->register_method({
300 name => 'create_vm',
301 path => '',
302 method => 'POST',
303 description => "Create or restore a virtual machine.",
304 permissions => {
305 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
306 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
307 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
308 user => 'all', # check inside
309 },
310 protected => 1,
311 proxyto => 'node',
312 parameters => {
313 additionalProperties => 0,
314 properties => PVE::QemuServer::json_config_properties(
315 {
316 node => get_standard_option('pve-node'),
317 vmid => get_standard_option('pve-vmid'),
318 archive => {
319 description => "The backup file.",
320 type => 'string',
321 optional => 1,
322 maxLength => 255,
323 },
324 storage => get_standard_option('pve-storage-id', {
325 description => "Default storage.",
326 optional => 1,
327 }),
328 force => {
329 optional => 1,
330 type => 'boolean',
331 description => "Allow to overwrite existing VM.",
332 requires => 'archive',
333 },
334 unique => {
335 optional => 1,
336 type => 'boolean',
337 description => "Assign a unique random ethernet address.",
338 requires => 'archive',
339 },
340 pool => {
341 optional => 1,
342 type => 'string', format => 'pve-poolid',
343 description => "Add the VM to the specified pool.",
344 },
345 }),
346 },
347 returns => {
348 type => 'string',
349 },
350 code => sub {
351 my ($param) = @_;
352
353 my $rpcenv = PVE::RPCEnvironment::get();
354
355 my $authuser = $rpcenv->get_user();
356
357 my $node = extract_param($param, 'node');
358
359 my $vmid = extract_param($param, 'vmid');
360
361 my $archive = extract_param($param, 'archive');
362
363 my $storage = extract_param($param, 'storage');
364
365 my $force = extract_param($param, 'force');
366
367 my $unique = extract_param($param, 'unique');
368
369 my $pool = extract_param($param, 'pool');
370
371 my $filename = PVE::QemuServer::config_file($vmid);
372
373 my $storecfg = PVE::Storage::config();
374
375 PVE::Cluster::check_cfs_quorum();
376
377 if (defined($pool)) {
378 $rpcenv->check_pool_exist($pool);
379 }
380
381 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
382 if defined($storage);
383
384 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
385 # OK
386 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
387 # OK
388 } elsif ($archive && $force && (-f $filename) &&
389 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
390 # OK: user has VM.Backup permissions, and want to restore an existing VM
391 } else {
392 raise_perm_exc();
393 }
394
395 if (!$archive) {
396 &$resolve_cdrom_alias($param);
397
398 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
399
400 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
401
402 foreach my $opt (keys %$param) {
403 if (PVE::QemuServer::valid_drivename($opt)) {
404 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
405 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
406
407 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
408 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
409 }
410 }
411
412 PVE::QemuServer::add_random_macs($param);
413 } else {
414 my $keystr = join(' ', keys %$param);
415 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
416
417 if ($archive eq '-') {
418 die "pipe requires cli environment\n"
419 if $rpcenv->{type} ne 'cli';
420 } else {
421 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
422 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
423 }
424 }
425
426 my $restorefn = sub {
427
428 # fixme: this test does not work if VM exists on other node!
429 if (-f $filename) {
430 die "unable to restore vm $vmid: config file already exists\n"
431 if !$force;
432
433 die "unable to restore vm $vmid: vm is running\n"
434 if PVE::QemuServer::check_running($vmid);
435 }
436
437 my $realcmd = sub {
438 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
439 storage => $storage,
440 pool => $pool,
441 unique => $unique });
442
443 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
444 };
445
446 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
447 };
448
449 my $createfn = sub {
450
451 # test after locking
452 die "unable to create vm $vmid: config file already exists\n"
453 if -f $filename;
454
455 my $realcmd = sub {
456
457 my $vollist = [];
458
459 my $conf = $param;
460
461 eval {
462
463 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
464
465 # try to be smart about bootdisk
466 my @disks = PVE::QemuServer::disknames();
467 my $firstdisk;
468 foreach my $ds (reverse @disks) {
469 next if !$conf->{$ds};
470 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
471 next if PVE::QemuServer::drive_is_cdrom($disk);
472 $firstdisk = $ds;
473 }
474
475 if (!$conf->{bootdisk} && $firstdisk) {
476 $conf->{bootdisk} = $firstdisk;
477 }
478
479 # auto generate uuid if user did not specify smbios1 option
480 if (!$conf->{smbios1}) {
481 my ($uuid, $uuid_str);
482 UUID::generate($uuid);
483 UUID::unparse($uuid, $uuid_str);
484 $conf->{smbios1} = "uuid=$uuid_str";
485 }
486
487 PVE::QemuServer::update_config_nolock($vmid, $conf);
488
489 };
490 my $err = $@;
491
492 if ($err) {
493 foreach my $volid (@$vollist) {
494 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
495 warn $@ if $@;
496 }
497 die "create failed - $err";
498 }
499
500 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
501 };
502
503 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
504 };
505
506 return PVE::QemuServer::lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
507 }});
508
509 __PACKAGE__->register_method({
510 name => 'vmdiridx',
511 path => '{vmid}',
512 method => 'GET',
513 proxyto => 'node',
514 description => "Directory index",
515 permissions => {
516 user => 'all',
517 },
518 parameters => {
519 additionalProperties => 0,
520 properties => {
521 node => get_standard_option('pve-node'),
522 vmid => get_standard_option('pve-vmid'),
523 },
524 },
525 returns => {
526 type => 'array',
527 items => {
528 type => "object",
529 properties => {
530 subdir => { type => 'string' },
531 },
532 },
533 links => [ { rel => 'child', href => "{subdir}" } ],
534 },
535 code => sub {
536 my ($param) = @_;
537
538 my $res = [
539 { subdir => 'config' },
540 { subdir => 'pending' },
541 { subdir => 'status' },
542 { subdir => 'unlink' },
543 { subdir => 'vncproxy' },
544 { subdir => 'migrate' },
545 { subdir => 'resize' },
546 { subdir => 'move' },
547 { subdir => 'rrd' },
548 { subdir => 'rrddata' },
549 { subdir => 'monitor' },
550 { subdir => 'snapshot' },
551 { subdir => 'spiceproxy' },
552 { subdir => 'sendkey' },
553 { subdir => 'firewall' },
554 ];
555
556 return $res;
557 }});
558
559 __PACKAGE__->register_method ({
560 subclass => "PVE::API2::Firewall::VM",
561 path => '{vmid}/firewall',
562 });
563
564 __PACKAGE__->register_method({
565 name => 'rrd',
566 path => '{vmid}/rrd',
567 method => 'GET',
568 protected => 1, # fixme: can we avoid that?
569 permissions => {
570 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
571 },
572 description => "Read VM RRD statistics (returns PNG)",
573 parameters => {
574 additionalProperties => 0,
575 properties => {
576 node => get_standard_option('pve-node'),
577 vmid => get_standard_option('pve-vmid'),
578 timeframe => {
579 description => "Specify the time frame you are interested in.",
580 type => 'string',
581 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
582 },
583 ds => {
584 description => "The list of datasources you want to display.",
585 type => 'string', format => 'pve-configid-list',
586 },
587 cf => {
588 description => "The RRD consolidation function",
589 type => 'string',
590 enum => [ 'AVERAGE', 'MAX' ],
591 optional => 1,
592 },
593 },
594 },
595 returns => {
596 type => "object",
597 properties => {
598 filename => { type => 'string' },
599 },
600 },
601 code => sub {
602 my ($param) = @_;
603
604 return PVE::Cluster::create_rrd_graph(
605 "pve2-vm/$param->{vmid}", $param->{timeframe},
606 $param->{ds}, $param->{cf});
607
608 }});
609
610 __PACKAGE__->register_method({
611 name => 'rrddata',
612 path => '{vmid}/rrddata',
613 method => 'GET',
614 protected => 1, # fixme: can we avoid that?
615 permissions => {
616 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
617 },
618 description => "Read VM RRD statistics",
619 parameters => {
620 additionalProperties => 0,
621 properties => {
622 node => get_standard_option('pve-node'),
623 vmid => get_standard_option('pve-vmid'),
624 timeframe => {
625 description => "Specify the time frame you are interested in.",
626 type => 'string',
627 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
628 },
629 cf => {
630 description => "The RRD consolidation function",
631 type => 'string',
632 enum => [ 'AVERAGE', 'MAX' ],
633 optional => 1,
634 },
635 },
636 },
637 returns => {
638 type => "array",
639 items => {
640 type => "object",
641 properties => {},
642 },
643 },
644 code => sub {
645 my ($param) = @_;
646
647 return PVE::Cluster::create_rrd_data(
648 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
649 }});
650
651
652 __PACKAGE__->register_method({
653 name => 'vm_config',
654 path => '{vmid}/config',
655 method => 'GET',
656 proxyto => 'node',
657 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
658 permissions => {
659 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
660 },
661 parameters => {
662 additionalProperties => 0,
663 properties => {
664 node => get_standard_option('pve-node'),
665 vmid => get_standard_option('pve-vmid'),
666 current => {
667 description => "Get current values (instead of pending values).",
668 optional => 1,
669 default => 0,
670 type => 'boolean',
671 },
672 },
673 },
674 returns => {
675 type => "object",
676 properties => {
677 digest => {
678 type => 'string',
679 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
680 }
681 },
682 },
683 code => sub {
684 my ($param) = @_;
685
686 my $conf = PVE::QemuServer::load_config($param->{vmid});
687
688 delete $conf->{snapshots};
689
690 if (!$param->{current}) {
691 foreach my $opt (keys %{$conf->{pending}}) {
692 next if $opt eq 'delete';
693 my $value = $conf->{pending}->{$opt};
694 next if ref($value); # just to be sure
695 $conf->{$opt} = $value;
696 }
697 foreach my $opt (PVE::Tools::split_list($conf->{pending}->{delete})) {
698 delete $conf->{$opt} if $conf->{$opt};
699 }
700 }
701
702 delete $conf->{pending};
703
704 return $conf;
705 }});
706
707 __PACKAGE__->register_method({
708 name => 'vm_pending',
709 path => '{vmid}/pending',
710 method => 'GET',
711 proxyto => 'node',
712 description => "Get virtual machine configuration, including pending changes.",
713 permissions => {
714 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
715 },
716 parameters => {
717 additionalProperties => 0,
718 properties => {
719 node => get_standard_option('pve-node'),
720 vmid => get_standard_option('pve-vmid'),
721 },
722 },
723 returns => {
724 type => "array",
725 items => {
726 type => "object",
727 properties => {
728 key => {
729 description => "Configuration option name.",
730 type => 'string',
731 },
732 value => {
733 description => "Current value.",
734 type => 'string',
735 optional => 1,
736 },
737 pending => {
738 description => "Pending value.",
739 type => 'string',
740 optional => 1,
741 },
742 delete => {
743 description => "Indicated a pending delete request.",
744 type => 'boolean',
745 optional => 1,
746 },
747 },
748 },
749 },
750 code => sub {
751 my ($param) = @_;
752
753 my $conf = PVE::QemuServer::load_config($param->{vmid});
754
755 my $pending_delete_hash = {};
756 foreach my $opt (PVE::Tools::split_list($conf->{pending}->{delete})) {
757 $pending_delete_hash->{$opt} = 1;
758 }
759
760 my $res = [];
761
762 foreach my $opt (keys %$conf) {
763 next if ref($conf->{$opt});
764 my $item = { key => $opt };
765 $item->{value} = $conf->{$opt} if defined($conf->{$opt});
766 $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
767 $item->{delete} = 1 if $pending_delete_hash->{$opt};
768 push @$res, $item;
769 }
770
771 foreach my $opt (keys %{$conf->{pending}}) {
772 next if $opt eq 'delete';
773 next if ref($conf->{pending}->{$opt}); # just to be sure
774 next if defined($conf->{$opt});
775 my $item = { key => $opt };
776 $item->{pending} = $conf->{pending}->{$opt};
777 push @$res, $item;
778 }
779
780 foreach my $opt (PVE::Tools::split_list($conf->{pending}->{delete})) {
781 next if $conf->{pending}->{$opt}; # just to be sure
782 next if $conf->{$opt};
783 my $item = { key => $opt, delete => 1};
784 push @$res, $item;
785 }
786
787 return $res;
788 }});
789
790 # POST/PUT {vmid}/config implementation
791 #
792 # The original API used PUT (idempotent) an we assumed that all operations
793 # are fast. But it turned out that almost any configuration change can
794 # involve hot-plug actions, or disk alloc/free. Such actions can take long
795 # time to complete and have side effects (not idempotent).
796 #
797 # The new implementation uses POST and forks a worker process. We added
798 # a new option 'background_delay'. If specified we wait up to
799 # 'background_delay' second for the worker task to complete. It returns null
800 # if the task is finished within that time, else we return the UPID.
801
802 my $update_vm_api = sub {
803 my ($param, $sync) = @_;
804
805 my $rpcenv = PVE::RPCEnvironment::get();
806
807 my $authuser = $rpcenv->get_user();
808
809 my $node = extract_param($param, 'node');
810
811 my $vmid = extract_param($param, 'vmid');
812
813 my $digest = extract_param($param, 'digest');
814
815 my $background_delay = extract_param($param, 'background_delay');
816
817 my @paramarr = (); # used for log message
818 foreach my $key (keys %$param) {
819 push @paramarr, "-$key", $param->{$key};
820 }
821
822 my $skiplock = extract_param($param, 'skiplock');
823 raise_param_exc({ skiplock => "Only root may use this option." })
824 if $skiplock && $authuser ne 'root@pam';
825
826 my $delete_str = extract_param($param, 'delete');
827
828 my $revert_str = extract_param($param, 'revert');
829
830 my $force = extract_param($param, 'force');
831
832 die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
833
834 my $storecfg = PVE::Storage::config();
835
836 my $defaults = PVE::QemuServer::load_defaults();
837
838 &$resolve_cdrom_alias($param);
839
840 # now try to verify all parameters
841
842 my $revert = {};
843 foreach my $opt (PVE::Tools::split_list($revert_str)) {
844 if (!PVE::QemuServer::option_exists($opt)) {
845 raise_param_exc({ revert => "unknown option '$opt'" });
846 }
847
848 raise_param_exc({ delete => "you can't use '-$opt' and " .
849 "-revert $opt' at the same time" })
850 if defined($param->{$opt});
851
852 $revert->{$opt} = 1;
853 }
854
855 my @delete = ();
856 foreach my $opt (PVE::Tools::split_list($delete_str)) {
857 $opt = 'ide2' if $opt eq 'cdrom';
858
859 raise_param_exc({ delete => "you can't use '-$opt' and " .
860 "-delete $opt' at the same time" })
861 if defined($param->{$opt});
862
863 raise_param_exc({ revert => "you can't use '-delete $opt' and " .
864 "-revert $opt' at the same time" })
865 if $revert->{$opt};
866
867 if (!PVE::QemuServer::option_exists($opt)) {
868 raise_param_exc({ delete => "unknown option '$opt'" });
869 }
870
871 push @delete, $opt;
872 }
873
874 foreach my $opt (keys %$param) {
875 if (PVE::QemuServer::valid_drivename($opt)) {
876 # cleanup drive path
877 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
878 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
879 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
880 } elsif ($opt =~ m/^net(\d+)$/) {
881 # add macaddr
882 my $net = PVE::QemuServer::parse_net($param->{$opt});
883 $param->{$opt} = PVE::QemuServer::print_net($net);
884 }
885 }
886
887 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
888
889 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
890
891 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
892
893 my $updatefn = sub {
894
895 my $conf = PVE::QemuServer::load_config($vmid);
896
897 die "checksum missmatch (file change by other user?)\n"
898 if $digest && $digest ne $conf->{digest};
899
900 PVE::QemuServer::check_lock($conf) if !$skiplock;
901
902 foreach my $opt (keys %$revert) {
903 if (defined($conf->{$opt})) {
904 $param->{$opt} = $conf->{$opt};
905 } elsif (defined($conf->{pending}->{$opt})) {
906 push @delete, $opt;
907 }
908 }
909
910 if ($param->{memory} || defined($param->{balloon})) {
911 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
912 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
913
914 die "balloon value too large (must be smaller than assigned memory)\n"
915 if $balloon && $balloon > $maxmem;
916 }
917
918 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
919
920 my $worker = sub {
921
922 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
923
924 # write updates to pending section
925
926 my $modified = {}; # record what $option we modify
927
928 foreach my $opt (@delete) {
929 $modified->{$opt} = 1;
930 $conf = PVE::QemuServer::load_config($vmid); # update/reload
931 if ($opt =~ m/^unused/) {
932 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
933 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
934 if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
935 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
936 &$delete_drive($conf, $storecfg, $vmid, $opt, $drive);
937 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
938 }
939 } elsif (PVE::QemuServer::valid_drivename($opt)) {
940 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
941 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
942 if defined($conf->{pending}->{$opt});
943 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt);
944 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
945 } else {
946 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt);
947 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
948 }
949 }
950
951 foreach my $opt (keys %$param) { # add/change
952 $modified->{$opt} = 1;
953 $conf = PVE::QemuServer::load_config($vmid); # update/reload
954 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
955
956 if (PVE::QemuServer::valid_drivename($opt)) {
957 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
958 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
959 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
960 } else {
961 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
962 }
963 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
964 if defined($conf->{pending}->{$opt});
965
966 &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
967 } else {
968 $conf->{pending}->{$opt} = $param->{$opt};
969 }
970 PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt);
971 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
972 }
973
974 # remove pending changes when nothing changed
975 $conf = PVE::QemuServer::load_config($vmid); # update/reload
976 my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf);
977 PVE::QemuServer::update_config_nolock($vmid, $conf, 1) if $changes;
978
979 return if !scalar(keys %{$conf->{pending}});
980
981 my $running = PVE::QemuServer::check_running($vmid);
982
983 # apply pending changes
984
985 $conf = PVE::QemuServer::load_config($vmid); # update/reload
986
987 if ($running) {
988 my $errors = {};
989 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
990 raise_param_exc($errors) if scalar(keys %$errors);
991 } else {
992 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running);
993 }
994
995 return;
996 };
997
998 if ($sync) {
999 &$worker();
1000 return undef;
1001 } else {
1002 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1003
1004 if ($background_delay) {
1005
1006 # Note: It would be better to do that in the Event based HTTPServer
1007 # to avoid blocking call to sleep.
1008
1009 my $end_time = time() + $background_delay;
1010
1011 my $task = PVE::Tools::upid_decode($upid);
1012
1013 my $running = 1;
1014 while (time() < $end_time) {
1015 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1016 last if !$running;
1017 sleep(1); # this gets interrupted when child process ends
1018 }
1019
1020 if (!$running) {
1021 my $status = PVE::Tools::upid_read_status($upid);
1022 return undef if $status eq 'OK';
1023 die $status;
1024 }
1025 }
1026
1027 return $upid;
1028 }
1029 };
1030
1031 return PVE::QemuServer::lock_config($vmid, $updatefn);
1032 };
1033
1034 my $vm_config_perm_list = [
1035 'VM.Config.Disk',
1036 'VM.Config.CDROM',
1037 'VM.Config.CPU',
1038 'VM.Config.Memory',
1039 'VM.Config.Network',
1040 'VM.Config.HWType',
1041 'VM.Config.Options',
1042 ];
1043
1044 __PACKAGE__->register_method({
1045 name => 'update_vm_async',
1046 path => '{vmid}/config',
1047 method => 'POST',
1048 protected => 1,
1049 proxyto => 'node',
1050 description => "Set virtual machine options (asynchrounous API).",
1051 permissions => {
1052 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1053 },
1054 parameters => {
1055 additionalProperties => 0,
1056 properties => PVE::QemuServer::json_config_properties(
1057 {
1058 node => get_standard_option('pve-node'),
1059 vmid => get_standard_option('pve-vmid'),
1060 skiplock => get_standard_option('skiplock'),
1061 delete => {
1062 type => 'string', format => 'pve-configid-list',
1063 description => "A list of settings you want to delete.",
1064 optional => 1,
1065 },
1066 revert => {
1067 type => 'string', format => 'pve-configid-list',
1068 description => "Revert a pending change.",
1069 optional => 1,
1070 },
1071 force => {
1072 type => 'boolean',
1073 description => $opt_force_description,
1074 optional => 1,
1075 requires => 'delete',
1076 },
1077 digest => {
1078 type => 'string',
1079 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1080 maxLength => 40,
1081 optional => 1,
1082 },
1083 background_delay => {
1084 type => 'integer',
1085 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1086 minimum => 1,
1087 maximum => 30,
1088 optional => 1,
1089 },
1090 }),
1091 },
1092 returns => {
1093 type => 'string',
1094 optional => 1,
1095 },
1096 code => $update_vm_api,
1097 });
1098
1099 __PACKAGE__->register_method({
1100 name => 'update_vm',
1101 path => '{vmid}/config',
1102 method => 'PUT',
1103 protected => 1,
1104 proxyto => 'node',
1105 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1106 permissions => {
1107 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1108 },
1109 parameters => {
1110 additionalProperties => 0,
1111 properties => PVE::QemuServer::json_config_properties(
1112 {
1113 node => get_standard_option('pve-node'),
1114 vmid => get_standard_option('pve-vmid'),
1115 skiplock => get_standard_option('skiplock'),
1116 delete => {
1117 type => 'string', format => 'pve-configid-list',
1118 description => "A list of settings you want to delete.",
1119 optional => 1,
1120 },
1121 revert => {
1122 type => 'string', format => 'pve-configid-list',
1123 description => "Revert a pending change.",
1124 optional => 1,
1125 },
1126 force => {
1127 type => 'boolean',
1128 description => $opt_force_description,
1129 optional => 1,
1130 requires => 'delete',
1131 },
1132 digest => {
1133 type => 'string',
1134 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1135 maxLength => 40,
1136 optional => 1,
1137 },
1138 }),
1139 },
1140 returns => { type => 'null' },
1141 code => sub {
1142 my ($param) = @_;
1143 &$update_vm_api($param, 1);
1144 return undef;
1145 }
1146 });
1147
1148
1149 __PACKAGE__->register_method({
1150 name => 'destroy_vm',
1151 path => '{vmid}',
1152 method => 'DELETE',
1153 protected => 1,
1154 proxyto => 'node',
1155 description => "Destroy the vm (also delete all used/owned volumes).",
1156 permissions => {
1157 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1158 },
1159 parameters => {
1160 additionalProperties => 0,
1161 properties => {
1162 node => get_standard_option('pve-node'),
1163 vmid => get_standard_option('pve-vmid'),
1164 skiplock => get_standard_option('skiplock'),
1165 },
1166 },
1167 returns => {
1168 type => 'string',
1169 },
1170 code => sub {
1171 my ($param) = @_;
1172
1173 my $rpcenv = PVE::RPCEnvironment::get();
1174
1175 my $authuser = $rpcenv->get_user();
1176
1177 my $vmid = $param->{vmid};
1178
1179 my $skiplock = $param->{skiplock};
1180 raise_param_exc({ skiplock => "Only root may use this option." })
1181 if $skiplock && $authuser ne 'root@pam';
1182
1183 # test if VM exists
1184 my $conf = PVE::QemuServer::load_config($vmid);
1185
1186 my $storecfg = PVE::Storage::config();
1187
1188 my $delVMfromPoolFn = sub {
1189 my $usercfg = cfs_read_file("user.cfg");
1190 if (my $pool = $usercfg->{vms}->{$vmid}) {
1191 if (my $data = $usercfg->{pools}->{$pool}) {
1192 delete $data->{vms}->{$vmid};
1193 delete $usercfg->{vms}->{$vmid};
1194 cfs_write_file("user.cfg", $usercfg);
1195 }
1196 }
1197 };
1198
1199 my $realcmd = sub {
1200 my $upid = shift;
1201
1202 syslog('info', "destroy VM $vmid: $upid\n");
1203
1204 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1205
1206 PVE::AccessControl::remove_vm_from_pool($vmid);
1207 };
1208
1209 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1210 }});
1211
1212 __PACKAGE__->register_method({
1213 name => 'unlink',
1214 path => '{vmid}/unlink',
1215 method => 'PUT',
1216 protected => 1,
1217 proxyto => 'node',
1218 description => "Unlink/delete disk images.",
1219 permissions => {
1220 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1221 },
1222 parameters => {
1223 additionalProperties => 0,
1224 properties => {
1225 node => get_standard_option('pve-node'),
1226 vmid => get_standard_option('pve-vmid'),
1227 idlist => {
1228 type => 'string', format => 'pve-configid-list',
1229 description => "A list of disk IDs you want to delete.",
1230 },
1231 force => {
1232 type => 'boolean',
1233 description => $opt_force_description,
1234 optional => 1,
1235 },
1236 },
1237 },
1238 returns => { type => 'null'},
1239 code => sub {
1240 my ($param) = @_;
1241
1242 $param->{delete} = extract_param($param, 'idlist');
1243
1244 __PACKAGE__->update_vm($param);
1245
1246 return undef;
1247 }});
1248
1249 my $sslcert;
1250
1251 __PACKAGE__->register_method({
1252 name => 'vncproxy',
1253 path => '{vmid}/vncproxy',
1254 method => 'POST',
1255 protected => 1,
1256 permissions => {
1257 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1258 },
1259 description => "Creates a TCP VNC proxy connections.",
1260 parameters => {
1261 additionalProperties => 0,
1262 properties => {
1263 node => get_standard_option('pve-node'),
1264 vmid => get_standard_option('pve-vmid'),
1265 websocket => {
1266 optional => 1,
1267 type => 'boolean',
1268 description => "starts websockify instead of vncproxy",
1269 },
1270 },
1271 },
1272 returns => {
1273 additionalProperties => 0,
1274 properties => {
1275 user => { type => 'string' },
1276 ticket => { type => 'string' },
1277 cert => { type => 'string' },
1278 port => { type => 'integer' },
1279 upid => { type => 'string' },
1280 },
1281 },
1282 code => sub {
1283 my ($param) = @_;
1284
1285 my $rpcenv = PVE::RPCEnvironment::get();
1286
1287 my $authuser = $rpcenv->get_user();
1288
1289 my $vmid = $param->{vmid};
1290 my $node = $param->{node};
1291 my $websocket = $param->{websocket};
1292
1293 my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists
1294
1295 my $authpath = "/vms/$vmid";
1296
1297 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1298
1299 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1300 if !$sslcert;
1301
1302 my $port = PVE::Tools::next_vnc_port();
1303
1304 my $remip;
1305 my $remcmd = [];
1306
1307 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1308 $remip = PVE::Cluster::remote_node_ip($node);
1309 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1310 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
1311 }
1312
1313 my $timeout = 10;
1314
1315 my $realcmd = sub {
1316 my $upid = shift;
1317
1318 syslog('info', "starting vnc proxy $upid\n");
1319
1320 my $cmd;
1321
1322 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
1323
1324 die "Websocket mode is not supported in vga serial mode!" if $websocket;
1325
1326 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1327 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1328 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1329 '-timeout', $timeout, '-authpath', $authpath,
1330 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
1331 } else {
1332
1333 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1334
1335 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1336
1337 my $qmstr = join(' ', @$qmcmd);
1338
1339 # also redirect stderr (else we get RFB protocol errors)
1340 $cmd = ['/bin/nc6', '-l', '-p', $port, '-w', $timeout, '-e', "$qmstr 2>/dev/null"];
1341 }
1342
1343 PVE::Tools::run_command($cmd);
1344
1345 return;
1346 };
1347
1348 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1349
1350 PVE::Tools::wait_for_vnc_port($port);
1351
1352 return {
1353 user => $authuser,
1354 ticket => $ticket,
1355 port => $port,
1356 upid => $upid,
1357 cert => $sslcert,
1358 };
1359 }});
1360
1361 __PACKAGE__->register_method({
1362 name => 'vncwebsocket',
1363 path => '{vmid}/vncwebsocket',
1364 method => 'GET',
1365 permissions => {
1366 description => "You also need to pass a valid ticket (vncticket).",
1367 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1368 },
1369 description => "Opens a weksocket for VNC traffic.",
1370 parameters => {
1371 additionalProperties => 0,
1372 properties => {
1373 node => get_standard_option('pve-node'),
1374 vmid => get_standard_option('pve-vmid'),
1375 vncticket => {
1376 description => "Ticket from previous call to vncproxy.",
1377 type => 'string',
1378 maxLength => 512,
1379 },
1380 port => {
1381 description => "Port number returned by previous vncproxy call.",
1382 type => 'integer',
1383 minimum => 5900,
1384 maximum => 5999,
1385 },
1386 },
1387 },
1388 returns => {
1389 type => "object",
1390 properties => {
1391 port => { type => 'string' },
1392 },
1393 },
1394 code => sub {
1395 my ($param) = @_;
1396
1397 my $rpcenv = PVE::RPCEnvironment::get();
1398
1399 my $authuser = $rpcenv->get_user();
1400
1401 my $vmid = $param->{vmid};
1402 my $node = $param->{node};
1403
1404 my $authpath = "/vms/$vmid";
1405
1406 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1407
1408 my $conf = PVE::QemuServer::load_config($vmid, $node); # VM exists ?
1409
1410 # Note: VNC ports are acessible from outside, so we do not gain any
1411 # security if we verify that $param->{port} belongs to VM $vmid. This
1412 # check is done by verifying the VNC ticket (inside VNC protocol).
1413
1414 my $port = $param->{port};
1415
1416 return { port => $port };
1417 }});
1418
1419 __PACKAGE__->register_method({
1420 name => 'spiceproxy',
1421 path => '{vmid}/spiceproxy',
1422 method => 'POST',
1423 protected => 1,
1424 proxyto => 'node',
1425 permissions => {
1426 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1427 },
1428 description => "Returns a SPICE configuration to connect to the VM.",
1429 parameters => {
1430 additionalProperties => 0,
1431 properties => {
1432 node => get_standard_option('pve-node'),
1433 vmid => get_standard_option('pve-vmid'),
1434 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1435 },
1436 },
1437 returns => get_standard_option('remote-viewer-config'),
1438 code => sub {
1439 my ($param) = @_;
1440
1441 my $rpcenv = PVE::RPCEnvironment::get();
1442
1443 my $authuser = $rpcenv->get_user();
1444
1445 my $vmid = $param->{vmid};
1446 my $node = $param->{node};
1447 my $proxy = $param->{proxy};
1448
1449 my $conf = PVE::QemuServer::load_config($vmid, $node);
1450 my $title = "VM $vmid - $conf->{'name'}",
1451
1452 my $port = PVE::QemuServer::spice_port($vmid);
1453
1454 my ($ticket, undef, $remote_viewer_config) =
1455 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1456
1457 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1458 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1459
1460 return $remote_viewer_config;
1461 }});
1462
1463 __PACKAGE__->register_method({
1464 name => 'vmcmdidx',
1465 path => '{vmid}/status',
1466 method => 'GET',
1467 proxyto => 'node',
1468 description => "Directory index",
1469 permissions => {
1470 user => 'all',
1471 },
1472 parameters => {
1473 additionalProperties => 0,
1474 properties => {
1475 node => get_standard_option('pve-node'),
1476 vmid => get_standard_option('pve-vmid'),
1477 },
1478 },
1479 returns => {
1480 type => 'array',
1481 items => {
1482 type => "object",
1483 properties => {
1484 subdir => { type => 'string' },
1485 },
1486 },
1487 links => [ { rel => 'child', href => "{subdir}" } ],
1488 },
1489 code => sub {
1490 my ($param) = @_;
1491
1492 # test if VM exists
1493 my $conf = PVE::QemuServer::load_config($param->{vmid});
1494
1495 my $res = [
1496 { subdir => 'current' },
1497 { subdir => 'start' },
1498 { subdir => 'stop' },
1499 ];
1500
1501 return $res;
1502 }});
1503
1504 __PACKAGE__->register_method({
1505 name => 'vm_status',
1506 path => '{vmid}/status/current',
1507 method => 'GET',
1508 proxyto => 'node',
1509 protected => 1, # qemu pid files are only readable by root
1510 description => "Get virtual machine status.",
1511 permissions => {
1512 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1513 },
1514 parameters => {
1515 additionalProperties => 0,
1516 properties => {
1517 node => get_standard_option('pve-node'),
1518 vmid => get_standard_option('pve-vmid'),
1519 },
1520 },
1521 returns => { type => 'object' },
1522 code => sub {
1523 my ($param) = @_;
1524
1525 # test if VM exists
1526 my $conf = PVE::QemuServer::load_config($param->{vmid});
1527
1528 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1529 my $status = $vmstatus->{$param->{vmid}};
1530
1531 $status->{ha} = PVE::HA::Config::vm_is_ha_managed($param->{vmid});
1532
1533 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1534
1535 return $status;
1536 }});
1537
1538 __PACKAGE__->register_method({
1539 name => 'vm_start',
1540 path => '{vmid}/status/start',
1541 method => 'POST',
1542 protected => 1,
1543 proxyto => 'node',
1544 description => "Start virtual machine.",
1545 permissions => {
1546 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1547 },
1548 parameters => {
1549 additionalProperties => 0,
1550 properties => {
1551 node => get_standard_option('pve-node'),
1552 vmid => get_standard_option('pve-vmid'),
1553 skiplock => get_standard_option('skiplock'),
1554 stateuri => get_standard_option('pve-qm-stateuri'),
1555 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1556 machine => get_standard_option('pve-qm-machine'),
1557 },
1558 },
1559 returns => {
1560 type => 'string',
1561 },
1562 code => sub {
1563 my ($param) = @_;
1564
1565 my $rpcenv = PVE::RPCEnvironment::get();
1566
1567 my $authuser = $rpcenv->get_user();
1568
1569 my $node = extract_param($param, 'node');
1570
1571 my $vmid = extract_param($param, 'vmid');
1572
1573 my $machine = extract_param($param, 'machine');
1574
1575 my $stateuri = extract_param($param, 'stateuri');
1576 raise_param_exc({ stateuri => "Only root may use this option." })
1577 if $stateuri && $authuser ne 'root@pam';
1578
1579 my $skiplock = extract_param($param, 'skiplock');
1580 raise_param_exc({ skiplock => "Only root may use this option." })
1581 if $skiplock && $authuser ne 'root@pam';
1582
1583 my $migratedfrom = extract_param($param, 'migratedfrom');
1584 raise_param_exc({ migratedfrom => "Only root may use this option." })
1585 if $migratedfrom && $authuser ne 'root@pam';
1586
1587 # read spice ticket from STDIN
1588 my $spice_ticket;
1589 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
1590 if (defined(my $line = <>)) {
1591 chomp $line;
1592 $spice_ticket = $line;
1593 }
1594 }
1595
1596 my $storecfg = PVE::Storage::config();
1597
1598 if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri &&
1599 $rpcenv->{type} ne 'ha') {
1600
1601 my $hacmd = sub {
1602 my $upid = shift;
1603
1604 my $service = "vm:$vmid";
1605
1606 my $cmd = ['ha-manager', 'enable', $service];
1607
1608 print "Executing HA start for VM $vmid\n";
1609
1610 PVE::Tools::run_command($cmd);
1611
1612 return;
1613 };
1614
1615 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1616
1617 } else {
1618
1619 my $realcmd = sub {
1620 my $upid = shift;
1621
1622 syslog('info', "start VM $vmid: $upid\n");
1623
1624 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
1625 $machine, $spice_ticket);
1626
1627 return;
1628 };
1629
1630 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1631 }
1632 }});
1633
1634 __PACKAGE__->register_method({
1635 name => 'vm_stop',
1636 path => '{vmid}/status/stop',
1637 method => 'POST',
1638 protected => 1,
1639 proxyto => 'node',
1640 description => "Stop virtual machine.",
1641 permissions => {
1642 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1643 },
1644 parameters => {
1645 additionalProperties => 0,
1646 properties => {
1647 node => get_standard_option('pve-node'),
1648 vmid => get_standard_option('pve-vmid'),
1649 skiplock => get_standard_option('skiplock'),
1650 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
1651 timeout => {
1652 description => "Wait maximal timeout seconds.",
1653 type => 'integer',
1654 minimum => 0,
1655 optional => 1,
1656 },
1657 keepActive => {
1658 description => "Do not decativate storage volumes.",
1659 type => 'boolean',
1660 optional => 1,
1661 default => 0,
1662 }
1663 },
1664 },
1665 returns => {
1666 type => 'string',
1667 },
1668 code => sub {
1669 my ($param) = @_;
1670
1671 my $rpcenv = PVE::RPCEnvironment::get();
1672
1673 my $authuser = $rpcenv->get_user();
1674
1675 my $node = extract_param($param, 'node');
1676
1677 my $vmid = extract_param($param, 'vmid');
1678
1679 my $skiplock = extract_param($param, 'skiplock');
1680 raise_param_exc({ skiplock => "Only root may use this option." })
1681 if $skiplock && $authuser ne 'root@pam';
1682
1683 my $keepActive = extract_param($param, 'keepActive');
1684 raise_param_exc({ keepActive => "Only root may use this option." })
1685 if $keepActive && $authuser ne 'root@pam';
1686
1687 my $migratedfrom = extract_param($param, 'migratedfrom');
1688 raise_param_exc({ migratedfrom => "Only root may use this option." })
1689 if $migratedfrom && $authuser ne 'root@pam';
1690
1691
1692 my $storecfg = PVE::Storage::config();
1693
1694 if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
1695
1696 my $hacmd = sub {
1697 my $upid = shift;
1698
1699 my $service = "vm:$vmid";
1700
1701 my $cmd = ['ha-manager', 'disable', $service];
1702
1703 print "Executing HA stop for VM $vmid\n";
1704
1705 PVE::Tools::run_command($cmd);
1706
1707 return;
1708 };
1709
1710 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1711
1712 } else {
1713 my $realcmd = sub {
1714 my $upid = shift;
1715
1716 syslog('info', "stop VM $vmid: $upid\n");
1717
1718 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1719 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1720
1721 return;
1722 };
1723
1724 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1725 }
1726 }});
1727
1728 __PACKAGE__->register_method({
1729 name => 'vm_reset',
1730 path => '{vmid}/status/reset',
1731 method => 'POST',
1732 protected => 1,
1733 proxyto => 'node',
1734 description => "Reset virtual machine.",
1735 permissions => {
1736 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1737 },
1738 parameters => {
1739 additionalProperties => 0,
1740 properties => {
1741 node => get_standard_option('pve-node'),
1742 vmid => get_standard_option('pve-vmid'),
1743 skiplock => get_standard_option('skiplock'),
1744 },
1745 },
1746 returns => {
1747 type => 'string',
1748 },
1749 code => sub {
1750 my ($param) = @_;
1751
1752 my $rpcenv = PVE::RPCEnvironment::get();
1753
1754 my $authuser = $rpcenv->get_user();
1755
1756 my $node = extract_param($param, 'node');
1757
1758 my $vmid = extract_param($param, 'vmid');
1759
1760 my $skiplock = extract_param($param, 'skiplock');
1761 raise_param_exc({ skiplock => "Only root may use this option." })
1762 if $skiplock && $authuser ne 'root@pam';
1763
1764 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1765
1766 my $realcmd = sub {
1767 my $upid = shift;
1768
1769 PVE::QemuServer::vm_reset($vmid, $skiplock);
1770
1771 return;
1772 };
1773
1774 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1775 }});
1776
1777 __PACKAGE__->register_method({
1778 name => 'vm_shutdown',
1779 path => '{vmid}/status/shutdown',
1780 method => 'POST',
1781 protected => 1,
1782 proxyto => 'node',
1783 description => "Shutdown virtual machine.",
1784 permissions => {
1785 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1786 },
1787 parameters => {
1788 additionalProperties => 0,
1789 properties => {
1790 node => get_standard_option('pve-node'),
1791 vmid => get_standard_option('pve-vmid'),
1792 skiplock => get_standard_option('skiplock'),
1793 timeout => {
1794 description => "Wait maximal timeout seconds.",
1795 type => 'integer',
1796 minimum => 0,
1797 optional => 1,
1798 },
1799 forceStop => {
1800 description => "Make sure the VM stops.",
1801 type => 'boolean',
1802 optional => 1,
1803 default => 0,
1804 },
1805 keepActive => {
1806 description => "Do not decativate storage volumes.",
1807 type => 'boolean',
1808 optional => 1,
1809 default => 0,
1810 }
1811 },
1812 },
1813 returns => {
1814 type => 'string',
1815 },
1816 code => sub {
1817 my ($param) = @_;
1818
1819 my $rpcenv = PVE::RPCEnvironment::get();
1820
1821 my $authuser = $rpcenv->get_user();
1822
1823 my $node = extract_param($param, 'node');
1824
1825 my $vmid = extract_param($param, 'vmid');
1826
1827 my $skiplock = extract_param($param, 'skiplock');
1828 raise_param_exc({ skiplock => "Only root may use this option." })
1829 if $skiplock && $authuser ne 'root@pam';
1830
1831 my $keepActive = extract_param($param, 'keepActive');
1832 raise_param_exc({ keepActive => "Only root may use this option." })
1833 if $keepActive && $authuser ne 'root@pam';
1834
1835 my $storecfg = PVE::Storage::config();
1836
1837 my $realcmd = sub {
1838 my $upid = shift;
1839
1840 syslog('info', "shutdown VM $vmid: $upid\n");
1841
1842 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1843 1, $param->{forceStop}, $keepActive);
1844
1845 return;
1846 };
1847
1848 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1849 }});
1850
1851 __PACKAGE__->register_method({
1852 name => 'vm_suspend',
1853 path => '{vmid}/status/suspend',
1854 method => 'POST',
1855 protected => 1,
1856 proxyto => 'node',
1857 description => "Suspend virtual machine.",
1858 permissions => {
1859 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1860 },
1861 parameters => {
1862 additionalProperties => 0,
1863 properties => {
1864 node => get_standard_option('pve-node'),
1865 vmid => get_standard_option('pve-vmid'),
1866 skiplock => get_standard_option('skiplock'),
1867 },
1868 },
1869 returns => {
1870 type => 'string',
1871 },
1872 code => sub {
1873 my ($param) = @_;
1874
1875 my $rpcenv = PVE::RPCEnvironment::get();
1876
1877 my $authuser = $rpcenv->get_user();
1878
1879 my $node = extract_param($param, 'node');
1880
1881 my $vmid = extract_param($param, 'vmid');
1882
1883 my $skiplock = extract_param($param, 'skiplock');
1884 raise_param_exc({ skiplock => "Only root may use this option." })
1885 if $skiplock && $authuser ne 'root@pam';
1886
1887 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1888
1889 my $realcmd = sub {
1890 my $upid = shift;
1891
1892 syslog('info', "suspend VM $vmid: $upid\n");
1893
1894 PVE::QemuServer::vm_suspend($vmid, $skiplock);
1895
1896 return;
1897 };
1898
1899 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
1900 }});
1901
1902 __PACKAGE__->register_method({
1903 name => 'vm_resume',
1904 path => '{vmid}/status/resume',
1905 method => 'POST',
1906 protected => 1,
1907 proxyto => 'node',
1908 description => "Resume virtual machine.",
1909 permissions => {
1910 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1911 },
1912 parameters => {
1913 additionalProperties => 0,
1914 properties => {
1915 node => get_standard_option('pve-node'),
1916 vmid => get_standard_option('pve-vmid'),
1917 skiplock => get_standard_option('skiplock'),
1918 },
1919 },
1920 returns => {
1921 type => 'string',
1922 },
1923 code => sub {
1924 my ($param) = @_;
1925
1926 my $rpcenv = PVE::RPCEnvironment::get();
1927
1928 my $authuser = $rpcenv->get_user();
1929
1930 my $node = extract_param($param, 'node');
1931
1932 my $vmid = extract_param($param, 'vmid');
1933
1934 my $skiplock = extract_param($param, 'skiplock');
1935 raise_param_exc({ skiplock => "Only root may use this option." })
1936 if $skiplock && $authuser ne 'root@pam';
1937
1938 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1939
1940 my $realcmd = sub {
1941 my $upid = shift;
1942
1943 syslog('info', "resume VM $vmid: $upid\n");
1944
1945 PVE::QemuServer::vm_resume($vmid, $skiplock);
1946
1947 return;
1948 };
1949
1950 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
1951 }});
1952
1953 __PACKAGE__->register_method({
1954 name => 'vm_sendkey',
1955 path => '{vmid}/sendkey',
1956 method => 'PUT',
1957 protected => 1,
1958 proxyto => 'node',
1959 description => "Send key event to virtual machine.",
1960 permissions => {
1961 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1962 },
1963 parameters => {
1964 additionalProperties => 0,
1965 properties => {
1966 node => get_standard_option('pve-node'),
1967 vmid => get_standard_option('pve-vmid'),
1968 skiplock => get_standard_option('skiplock'),
1969 key => {
1970 description => "The key (qemu monitor encoding).",
1971 type => 'string'
1972 }
1973 },
1974 },
1975 returns => { type => 'null'},
1976 code => sub {
1977 my ($param) = @_;
1978
1979 my $rpcenv = PVE::RPCEnvironment::get();
1980
1981 my $authuser = $rpcenv->get_user();
1982
1983 my $node = extract_param($param, 'node');
1984
1985 my $vmid = extract_param($param, 'vmid');
1986
1987 my $skiplock = extract_param($param, 'skiplock');
1988 raise_param_exc({ skiplock => "Only root may use this option." })
1989 if $skiplock && $authuser ne 'root@pam';
1990
1991 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
1992
1993 return;
1994 }});
1995
1996 __PACKAGE__->register_method({
1997 name => 'vm_feature',
1998 path => '{vmid}/feature',
1999 method => 'GET',
2000 proxyto => 'node',
2001 protected => 1,
2002 description => "Check if feature for virtual machine is available.",
2003 permissions => {
2004 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2005 },
2006 parameters => {
2007 additionalProperties => 0,
2008 properties => {
2009 node => get_standard_option('pve-node'),
2010 vmid => get_standard_option('pve-vmid'),
2011 feature => {
2012 description => "Feature to check.",
2013 type => 'string',
2014 enum => [ 'snapshot', 'clone', 'copy' ],
2015 },
2016 snapname => get_standard_option('pve-snapshot-name', {
2017 optional => 1,
2018 }),
2019 },
2020 },
2021 returns => {
2022 type => "object",
2023 properties => {
2024 hasFeature => { type => 'boolean' },
2025 nodes => {
2026 type => 'array',
2027 items => { type => 'string' },
2028 }
2029 },
2030 },
2031 code => sub {
2032 my ($param) = @_;
2033
2034 my $node = extract_param($param, 'node');
2035
2036 my $vmid = extract_param($param, 'vmid');
2037
2038 my $snapname = extract_param($param, 'snapname');
2039
2040 my $feature = extract_param($param, 'feature');
2041
2042 my $running = PVE::QemuServer::check_running($vmid);
2043
2044 my $conf = PVE::QemuServer::load_config($vmid);
2045
2046 if($snapname){
2047 my $snap = $conf->{snapshots}->{$snapname};
2048 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2049 $conf = $snap;
2050 }
2051 my $storecfg = PVE::Storage::config();
2052
2053 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2054 my $hasFeature = PVE::QemuServer::has_feature($feature, $conf, $storecfg, $snapname, $running);
2055
2056 return {
2057 hasFeature => $hasFeature,
2058 nodes => [ keys %$nodelist ],
2059 };
2060 }});
2061
2062 __PACKAGE__->register_method({
2063 name => 'clone_vm',
2064 path => '{vmid}/clone',
2065 method => 'POST',
2066 protected => 1,
2067 proxyto => 'node',
2068 description => "Create a copy of virtual machine/template.",
2069 permissions => {
2070 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2071 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2072 "'Datastore.AllocateSpace' on any used storage.",
2073 check =>
2074 [ 'and',
2075 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2076 [ 'or',
2077 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2078 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2079 ],
2080 ]
2081 },
2082 parameters => {
2083 additionalProperties => 0,
2084 properties => {
2085 node => get_standard_option('pve-node'),
2086 vmid => get_standard_option('pve-vmid'),
2087 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2088 name => {
2089 optional => 1,
2090 type => 'string', format => 'dns-name',
2091 description => "Set a name for the new VM.",
2092 },
2093 description => {
2094 optional => 1,
2095 type => 'string',
2096 description => "Description for the new VM.",
2097 },
2098 pool => {
2099 optional => 1,
2100 type => 'string', format => 'pve-poolid',
2101 description => "Add the new VM to the specified pool.",
2102 },
2103 snapname => get_standard_option('pve-snapshot-name', {
2104 optional => 1,
2105 }),
2106 storage => get_standard_option('pve-storage-id', {
2107 description => "Target storage for full clone.",
2108 requires => 'full',
2109 optional => 1,
2110 }),
2111 'format' => {
2112 description => "Target format for file storage.",
2113 requires => 'full',
2114 type => 'string',
2115 optional => 1,
2116 enum => [ 'raw', 'qcow2', 'vmdk'],
2117 },
2118 full => {
2119 optional => 1,
2120 type => 'boolean',
2121 description => "Create a full copy of all disk. This is always done when " .
2122 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2123 default => 0,
2124 },
2125 target => get_standard_option('pve-node', {
2126 description => "Target node. Only allowed if the original VM is on shared storage.",
2127 optional => 1,
2128 }),
2129 },
2130 },
2131 returns => {
2132 type => 'string',
2133 },
2134 code => sub {
2135 my ($param) = @_;
2136
2137 my $rpcenv = PVE::RPCEnvironment::get();
2138
2139 my $authuser = $rpcenv->get_user();
2140
2141 my $node = extract_param($param, 'node');
2142
2143 my $vmid = extract_param($param, 'vmid');
2144
2145 my $newid = extract_param($param, 'newid');
2146
2147 my $pool = extract_param($param, 'pool');
2148
2149 if (defined($pool)) {
2150 $rpcenv->check_pool_exist($pool);
2151 }
2152
2153 my $snapname = extract_param($param, 'snapname');
2154
2155 my $storage = extract_param($param, 'storage');
2156
2157 my $format = extract_param($param, 'format');
2158
2159 my $target = extract_param($param, 'target');
2160
2161 my $localnode = PVE::INotify::nodename();
2162
2163 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2164
2165 PVE::Cluster::check_node_exists($target) if $target;
2166
2167 my $storecfg = PVE::Storage::config();
2168
2169 if ($storage) {
2170 # check if storage is enabled on local node
2171 PVE::Storage::storage_check_enabled($storecfg, $storage);
2172 if ($target) {
2173 # check if storage is available on target node
2174 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2175 # clone only works if target storage is shared
2176 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2177 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2178 }
2179 }
2180
2181 PVE::Cluster::check_cfs_quorum();
2182
2183 my $running = PVE::QemuServer::check_running($vmid) || 0;
2184
2185 # exclusive lock if VM is running - else shared lock is enough;
2186 my $shared_lock = $running ? 0 : 1;
2187
2188 my $clonefn = sub {
2189
2190 # do all tests after lock
2191 # we also try to do all tests before we fork the worker
2192
2193 my $conf = PVE::QemuServer::load_config($vmid);
2194
2195 PVE::QemuServer::check_lock($conf);
2196
2197 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2198
2199 die "unexpected state change\n" if $verify_running != $running;
2200
2201 die "snapshot '$snapname' does not exist\n"
2202 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2203
2204 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2205
2206 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2207
2208 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2209
2210 my $conffile = PVE::QemuServer::config_file($newid);
2211
2212 die "unable to create VM $newid: config file already exists\n"
2213 if -f $conffile;
2214
2215 my $newconf = { lock => 'clone' };
2216 my $drives = {};
2217 my $vollist = [];
2218
2219 foreach my $opt (keys %$oldconf) {
2220 my $value = $oldconf->{$opt};
2221
2222 # do not copy snapshot related info
2223 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2224 $opt eq 'vmstate' || $opt eq 'snapstate';
2225
2226 # always change MAC! address
2227 if ($opt =~ m/^net(\d+)$/) {
2228 my $net = PVE::QemuServer::parse_net($value);
2229 $net->{macaddr} = PVE::Tools::random_ether_addr();
2230 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2231 } elsif (PVE::QemuServer::valid_drivename($opt)) {
2232 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2233 die "unable to parse drive options for '$opt'\n" if !$drive;
2234 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2235 $newconf->{$opt} = $value; # simply copy configuration
2236 } else {
2237 if ($param->{full}) {
2238 die "Full clone feature is not available"
2239 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2240 $drive->{full} = 1;
2241 } else {
2242 # not full means clone instead of copy
2243 die "Linked clone feature is not available"
2244 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2245 }
2246 $drives->{$opt} = $drive;
2247 push @$vollist, $drive->{file};
2248 }
2249 } else {
2250 # copy everything else
2251 $newconf->{$opt} = $value;
2252 }
2253 }
2254
2255 # auto generate a new uuid
2256 my ($uuid, $uuid_str);
2257 UUID::generate($uuid);
2258 UUID::unparse($uuid, $uuid_str);
2259 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2260 $smbios1->{uuid} = $uuid_str;
2261 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2262
2263 delete $newconf->{template};
2264
2265 if ($param->{name}) {
2266 $newconf->{name} = $param->{name};
2267 } else {
2268 if ($oldconf->{name}) {
2269 $newconf->{name} = "Copy-of-$oldconf->{name}";
2270 } else {
2271 $newconf->{name} = "Copy-of-VM-$vmid";
2272 }
2273 }
2274
2275 if ($param->{description}) {
2276 $newconf->{description} = $param->{description};
2277 }
2278
2279 # create empty/temp config - this fails if VM already exists on other node
2280 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2281
2282 my $realcmd = sub {
2283 my $upid = shift;
2284
2285 my $newvollist = [];
2286
2287 eval {
2288 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2289
2290 PVE::Storage::activate_volumes($storecfg, $vollist);
2291
2292 foreach my $opt (keys %$drives) {
2293 my $drive = $drives->{$opt};
2294
2295 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2296 $newid, $storage, $format, $drive->{full}, $newvollist);
2297
2298 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2299
2300 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2301 }
2302
2303 delete $newconf->{lock};
2304 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2305
2306 if ($target) {
2307 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2308 PVE::Storage::deactivate_volumes($storecfg, $vollist);
2309
2310 my $newconffile = PVE::QemuServer::config_file($newid, $target);
2311 die "Failed to move config to node '$target' - rename failed: $!\n"
2312 if !rename($conffile, $newconffile);
2313 }
2314
2315 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2316 };
2317 if (my $err = $@) {
2318 unlink $conffile;
2319
2320 sleep 1; # some storage like rbd need to wait before release volume - really?
2321
2322 foreach my $volid (@$newvollist) {
2323 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2324 warn $@ if $@;
2325 }
2326 die "clone failed: $err";
2327 }
2328
2329 return;
2330 };
2331
2332 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2333 };
2334
2335 return PVE::QemuServer::lock_config_mode($vmid, 1, $shared_lock, sub {
2336 # Aquire exclusive lock lock for $newid
2337 return PVE::QemuServer::lock_config_full($newid, 1, $clonefn);
2338 });
2339
2340 }});
2341
2342 __PACKAGE__->register_method({
2343 name => 'move_vm_disk',
2344 path => '{vmid}/move_disk',
2345 method => 'POST',
2346 protected => 1,
2347 proxyto => 'node',
2348 description => "Move volume to different storage.",
2349 permissions => {
2350 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2351 "and 'Datastore.AllocateSpace' permissions on the storage.",
2352 check =>
2353 [ 'and',
2354 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2355 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2356 ],
2357 },
2358 parameters => {
2359 additionalProperties => 0,
2360 properties => {
2361 node => get_standard_option('pve-node'),
2362 vmid => get_standard_option('pve-vmid'),
2363 disk => {
2364 type => 'string',
2365 description => "The disk you want to move.",
2366 enum => [ PVE::QemuServer::disknames() ],
2367 },
2368 storage => get_standard_option('pve-storage-id', { description => "Target Storage." }),
2369 'format' => {
2370 type => 'string',
2371 description => "Target Format.",
2372 enum => [ 'raw', 'qcow2', 'vmdk' ],
2373 optional => 1,
2374 },
2375 delete => {
2376 type => 'boolean',
2377 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2378 optional => 1,
2379 default => 0,
2380 },
2381 digest => {
2382 type => 'string',
2383 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2384 maxLength => 40,
2385 optional => 1,
2386 },
2387 },
2388 },
2389 returns => {
2390 type => 'string',
2391 description => "the task ID.",
2392 },
2393 code => sub {
2394 my ($param) = @_;
2395
2396 my $rpcenv = PVE::RPCEnvironment::get();
2397
2398 my $authuser = $rpcenv->get_user();
2399
2400 my $node = extract_param($param, 'node');
2401
2402 my $vmid = extract_param($param, 'vmid');
2403
2404 my $digest = extract_param($param, 'digest');
2405
2406 my $disk = extract_param($param, 'disk');
2407
2408 my $storeid = extract_param($param, 'storage');
2409
2410 my $format = extract_param($param, 'format');
2411
2412 my $storecfg = PVE::Storage::config();
2413
2414 my $updatefn = sub {
2415
2416 my $conf = PVE::QemuServer::load_config($vmid);
2417
2418 die "checksum missmatch (file change by other user?)\n"
2419 if $digest && $digest ne $conf->{digest};
2420
2421 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2422
2423 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2424
2425 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2426
2427 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2428
2429 my $oldfmt;
2430 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2431 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2432 $oldfmt = $1;
2433 }
2434
2435 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2436 (!$format || !$oldfmt || $oldfmt eq $format);
2437
2438 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2439
2440 my $running = PVE::QemuServer::check_running($vmid);
2441
2442 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2443
2444 my $realcmd = sub {
2445
2446 my $newvollist = [];
2447
2448 eval {
2449 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2450
2451 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2452 $vmid, $storeid, $format, 1, $newvollist);
2453
2454 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2455
2456 PVE::QemuServer::add_unused_volume($conf, $old_volid) if !$param->{delete};
2457
2458 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2459
2460 eval {
2461 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
2462 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
2463 if !$running;
2464 };
2465 warn $@ if $@;
2466 };
2467 if (my $err = $@) {
2468
2469 foreach my $volid (@$newvollist) {
2470 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2471 warn $@ if $@;
2472 }
2473 die "storage migration failed: $err";
2474 }
2475
2476 if ($param->{delete}) {
2477 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, 1);
2478 my $path = PVE::Storage::path($storecfg, $old_volid);
2479 if ($used_paths->{$path}){
2480 warn "volume $old_volid have snapshots. Can't delete it\n";
2481 PVE::QemuServer::add_unused_volume($conf, $old_volid);
2482 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2483 } else {
2484 eval { PVE::Storage::vdisk_free($storecfg, $old_volid); };
2485 warn $@ if $@;
2486 }
2487 }
2488 };
2489
2490 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2491 };
2492
2493 return PVE::QemuServer::lock_config($vmid, $updatefn);
2494 }});
2495
2496 __PACKAGE__->register_method({
2497 name => 'migrate_vm',
2498 path => '{vmid}/migrate',
2499 method => 'POST',
2500 protected => 1,
2501 proxyto => 'node',
2502 description => "Migrate virtual machine. Creates a new migration task.",
2503 permissions => {
2504 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2505 },
2506 parameters => {
2507 additionalProperties => 0,
2508 properties => {
2509 node => get_standard_option('pve-node'),
2510 vmid => get_standard_option('pve-vmid'),
2511 target => get_standard_option('pve-node', { description => "Target node." }),
2512 online => {
2513 type => 'boolean',
2514 description => "Use online/live migration.",
2515 optional => 1,
2516 },
2517 force => {
2518 type => 'boolean',
2519 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2520 optional => 1,
2521 },
2522 },
2523 },
2524 returns => {
2525 type => 'string',
2526 description => "the task ID.",
2527 },
2528 code => sub {
2529 my ($param) = @_;
2530
2531 my $rpcenv = PVE::RPCEnvironment::get();
2532
2533 my $authuser = $rpcenv->get_user();
2534
2535 my $target = extract_param($param, 'target');
2536
2537 my $localnode = PVE::INotify::nodename();
2538 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2539
2540 PVE::Cluster::check_cfs_quorum();
2541
2542 PVE::Cluster::check_node_exists($target);
2543
2544 my $targetip = PVE::Cluster::remote_node_ip($target);
2545
2546 my $vmid = extract_param($param, 'vmid');
2547
2548 raise_param_exc({ force => "Only root may use this option." })
2549 if $param->{force} && $authuser ne 'root@pam';
2550
2551 # test if VM exists
2552 my $conf = PVE::QemuServer::load_config($vmid);
2553
2554 # try to detect errors early
2555
2556 PVE::QemuServer::check_lock($conf);
2557
2558 if (PVE::QemuServer::check_running($vmid)) {
2559 die "cant migrate running VM without --online\n"
2560 if !$param->{online};
2561 }
2562
2563 my $storecfg = PVE::Storage::config();
2564 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2565
2566 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2567
2568 my $hacmd = sub {
2569 my $upid = shift;
2570
2571 my $service = "vm:$vmid";
2572
2573 my $cmd = ['ha-manager', 'migrate', $service, $target];
2574
2575 print "Executing HA migrate for VM $vmid to node $target\n";
2576
2577 PVE::Tools::run_command($cmd);
2578
2579 return;
2580 };
2581
2582 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2583
2584 } else {
2585
2586 my $realcmd = sub {
2587 my $upid = shift;
2588
2589 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2590 };
2591
2592 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2593 }
2594
2595 }});
2596
2597 __PACKAGE__->register_method({
2598 name => 'monitor',
2599 path => '{vmid}/monitor',
2600 method => 'POST',
2601 protected => 1,
2602 proxyto => 'node',
2603 description => "Execute Qemu monitor commands.",
2604 permissions => {
2605 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2606 },
2607 parameters => {
2608 additionalProperties => 0,
2609 properties => {
2610 node => get_standard_option('pve-node'),
2611 vmid => get_standard_option('pve-vmid'),
2612 command => {
2613 type => 'string',
2614 description => "The monitor command.",
2615 }
2616 },
2617 },
2618 returns => { type => 'string'},
2619 code => sub {
2620 my ($param) = @_;
2621
2622 my $vmid = $param->{vmid};
2623
2624 my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists
2625
2626 my $res = '';
2627 eval {
2628 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2629 };
2630 $res = "ERROR: $@" if $@;
2631
2632 return $res;
2633 }});
2634
2635 __PACKAGE__->register_method({
2636 name => 'resize_vm',
2637 path => '{vmid}/resize',
2638 method => 'PUT',
2639 protected => 1,
2640 proxyto => 'node',
2641 description => "Extend volume size.",
2642 permissions => {
2643 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2644 },
2645 parameters => {
2646 additionalProperties => 0,
2647 properties => {
2648 node => get_standard_option('pve-node'),
2649 vmid => get_standard_option('pve-vmid'),
2650 skiplock => get_standard_option('skiplock'),
2651 disk => {
2652 type => 'string',
2653 description => "The disk you want to resize.",
2654 enum => [PVE::QemuServer::disknames()],
2655 },
2656 size => {
2657 type => 'string',
2658 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2659 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2660 },
2661 digest => {
2662 type => 'string',
2663 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2664 maxLength => 40,
2665 optional => 1,
2666 },
2667 },
2668 },
2669 returns => { type => 'null'},
2670 code => sub {
2671 my ($param) = @_;
2672
2673 my $rpcenv = PVE::RPCEnvironment::get();
2674
2675 my $authuser = $rpcenv->get_user();
2676
2677 my $node = extract_param($param, 'node');
2678
2679 my $vmid = extract_param($param, 'vmid');
2680
2681 my $digest = extract_param($param, 'digest');
2682
2683 my $disk = extract_param($param, 'disk');
2684
2685 my $sizestr = extract_param($param, 'size');
2686
2687 my $skiplock = extract_param($param, 'skiplock');
2688 raise_param_exc({ skiplock => "Only root may use this option." })
2689 if $skiplock && $authuser ne 'root@pam';
2690
2691 my $storecfg = PVE::Storage::config();
2692
2693 my $updatefn = sub {
2694
2695 my $conf = PVE::QemuServer::load_config($vmid);
2696
2697 die "checksum missmatch (file change by other user?)\n"
2698 if $digest && $digest ne $conf->{digest};
2699 PVE::QemuServer::check_lock($conf) if !$skiplock;
2700
2701 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2702
2703 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2704
2705 my $volid = $drive->{file};
2706
2707 die "disk '$disk' has no associated volume\n" if !$volid;
2708
2709 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2710
2711 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2712
2713 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2714
2715 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2716
2717 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2718 my ($ext, $newsize, $unit) = ($1, $2, $4);
2719 if ($unit) {
2720 if ($unit eq 'K') {
2721 $newsize = $newsize * 1024;
2722 } elsif ($unit eq 'M') {
2723 $newsize = $newsize * 1024 * 1024;
2724 } elsif ($unit eq 'G') {
2725 $newsize = $newsize * 1024 * 1024 * 1024;
2726 } elsif ($unit eq 'T') {
2727 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2728 }
2729 }
2730 $newsize += $size if $ext;
2731 $newsize = int($newsize);
2732
2733 die "unable to skrink disk size\n" if $newsize < $size;
2734
2735 return if $size == $newsize;
2736
2737 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2738
2739 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2740
2741 $drive->{size} = $newsize;
2742 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2743
2744 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2745 };
2746
2747 PVE::QemuServer::lock_config($vmid, $updatefn);
2748 return undef;
2749 }});
2750
2751 __PACKAGE__->register_method({
2752 name => 'snapshot_list',
2753 path => '{vmid}/snapshot',
2754 method => 'GET',
2755 description => "List all snapshots.",
2756 permissions => {
2757 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2758 },
2759 proxyto => 'node',
2760 protected => 1, # qemu pid files are only readable by root
2761 parameters => {
2762 additionalProperties => 0,
2763 properties => {
2764 vmid => get_standard_option('pve-vmid'),
2765 node => get_standard_option('pve-node'),
2766 },
2767 },
2768 returns => {
2769 type => 'array',
2770 items => {
2771 type => "object",
2772 properties => {},
2773 },
2774 links => [ { rel => 'child', href => "{name}" } ],
2775 },
2776 code => sub {
2777 my ($param) = @_;
2778
2779 my $vmid = $param->{vmid};
2780
2781 my $conf = PVE::QemuServer::load_config($vmid);
2782 my $snaphash = $conf->{snapshots} || {};
2783
2784 my $res = [];
2785
2786 foreach my $name (keys %$snaphash) {
2787 my $d = $snaphash->{$name};
2788 my $item = {
2789 name => $name,
2790 snaptime => $d->{snaptime} || 0,
2791 vmstate => $d->{vmstate} ? 1 : 0,
2792 description => $d->{description} || '',
2793 };
2794 $item->{parent} = $d->{parent} if $d->{parent};
2795 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2796 push @$res, $item;
2797 }
2798
2799 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
2800 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
2801 $current->{parent} = $conf->{parent} if $conf->{parent};
2802
2803 push @$res, $current;
2804
2805 return $res;
2806 }});
2807
2808 __PACKAGE__->register_method({
2809 name => 'snapshot',
2810 path => '{vmid}/snapshot',
2811 method => 'POST',
2812 protected => 1,
2813 proxyto => 'node',
2814 description => "Snapshot a VM.",
2815 permissions => {
2816 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2817 },
2818 parameters => {
2819 additionalProperties => 0,
2820 properties => {
2821 node => get_standard_option('pve-node'),
2822 vmid => get_standard_option('pve-vmid'),
2823 snapname => get_standard_option('pve-snapshot-name'),
2824 vmstate => {
2825 optional => 1,
2826 type => 'boolean',
2827 description => "Save the vmstate",
2828 },
2829 description => {
2830 optional => 1,
2831 type => 'string',
2832 description => "A textual description or comment.",
2833 },
2834 },
2835 },
2836 returns => {
2837 type => 'string',
2838 description => "the task ID.",
2839 },
2840 code => sub {
2841 my ($param) = @_;
2842
2843 my $rpcenv = PVE::RPCEnvironment::get();
2844
2845 my $authuser = $rpcenv->get_user();
2846
2847 my $node = extract_param($param, 'node');
2848
2849 my $vmid = extract_param($param, 'vmid');
2850
2851 my $snapname = extract_param($param, 'snapname');
2852
2853 die "unable to use snapshot name 'current' (reserved name)\n"
2854 if $snapname eq 'current';
2855
2856 my $realcmd = sub {
2857 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
2858 PVE::QemuServer::snapshot_create($vmid, $snapname, $param->{vmstate},
2859 $param->{description});
2860 };
2861
2862 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
2863 }});
2864
2865 __PACKAGE__->register_method({
2866 name => 'snapshot_cmd_idx',
2867 path => '{vmid}/snapshot/{snapname}',
2868 description => '',
2869 method => 'GET',
2870 permissions => {
2871 user => 'all',
2872 },
2873 parameters => {
2874 additionalProperties => 0,
2875 properties => {
2876 vmid => get_standard_option('pve-vmid'),
2877 node => get_standard_option('pve-node'),
2878 snapname => get_standard_option('pve-snapshot-name'),
2879 },
2880 },
2881 returns => {
2882 type => 'array',
2883 items => {
2884 type => "object",
2885 properties => {},
2886 },
2887 links => [ { rel => 'child', href => "{cmd}" } ],
2888 },
2889 code => sub {
2890 my ($param) = @_;
2891
2892 my $res = [];
2893
2894 push @$res, { cmd => 'rollback' };
2895 push @$res, { cmd => 'config' };
2896
2897 return $res;
2898 }});
2899
2900 __PACKAGE__->register_method({
2901 name => 'update_snapshot_config',
2902 path => '{vmid}/snapshot/{snapname}/config',
2903 method => 'PUT',
2904 protected => 1,
2905 proxyto => 'node',
2906 description => "Update snapshot metadata.",
2907 permissions => {
2908 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2909 },
2910 parameters => {
2911 additionalProperties => 0,
2912 properties => {
2913 node => get_standard_option('pve-node'),
2914 vmid => get_standard_option('pve-vmid'),
2915 snapname => get_standard_option('pve-snapshot-name'),
2916 description => {
2917 optional => 1,
2918 type => 'string',
2919 description => "A textual description or comment.",
2920 },
2921 },
2922 },
2923 returns => { type => 'null' },
2924 code => sub {
2925 my ($param) = @_;
2926
2927 my $rpcenv = PVE::RPCEnvironment::get();
2928
2929 my $authuser = $rpcenv->get_user();
2930
2931 my $vmid = extract_param($param, 'vmid');
2932
2933 my $snapname = extract_param($param, 'snapname');
2934
2935 return undef if !defined($param->{description});
2936
2937 my $updatefn = sub {
2938
2939 my $conf = PVE::QemuServer::load_config($vmid);
2940
2941 PVE::QemuServer::check_lock($conf);
2942
2943 my $snap = $conf->{snapshots}->{$snapname};
2944
2945 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2946
2947 $snap->{description} = $param->{description} if defined($param->{description});
2948
2949 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2950 };
2951
2952 PVE::QemuServer::lock_config($vmid, $updatefn);
2953
2954 return undef;
2955 }});
2956
2957 __PACKAGE__->register_method({
2958 name => 'get_snapshot_config',
2959 path => '{vmid}/snapshot/{snapname}/config',
2960 method => 'GET',
2961 proxyto => 'node',
2962 description => "Get snapshot configuration",
2963 permissions => {
2964 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2965 },
2966 parameters => {
2967 additionalProperties => 0,
2968 properties => {
2969 node => get_standard_option('pve-node'),
2970 vmid => get_standard_option('pve-vmid'),
2971 snapname => get_standard_option('pve-snapshot-name'),
2972 },
2973 },
2974 returns => { type => "object" },
2975 code => sub {
2976 my ($param) = @_;
2977
2978 my $rpcenv = PVE::RPCEnvironment::get();
2979
2980 my $authuser = $rpcenv->get_user();
2981
2982 my $vmid = extract_param($param, 'vmid');
2983
2984 my $snapname = extract_param($param, 'snapname');
2985
2986 my $conf = PVE::QemuServer::load_config($vmid);
2987
2988 my $snap = $conf->{snapshots}->{$snapname};
2989
2990 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2991
2992 return $snap;
2993 }});
2994
2995 __PACKAGE__->register_method({
2996 name => 'rollback',
2997 path => '{vmid}/snapshot/{snapname}/rollback',
2998 method => 'POST',
2999 protected => 1,
3000 proxyto => 'node',
3001 description => "Rollback VM state to specified snapshot.",
3002 permissions => {
3003 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3004 },
3005 parameters => {
3006 additionalProperties => 0,
3007 properties => {
3008 node => get_standard_option('pve-node'),
3009 vmid => get_standard_option('pve-vmid'),
3010 snapname => get_standard_option('pve-snapshot-name'),
3011 },
3012 },
3013 returns => {
3014 type => 'string',
3015 description => "the task ID.",
3016 },
3017 code => sub {
3018 my ($param) = @_;
3019
3020 my $rpcenv = PVE::RPCEnvironment::get();
3021
3022 my $authuser = $rpcenv->get_user();
3023
3024 my $node = extract_param($param, 'node');
3025
3026 my $vmid = extract_param($param, 'vmid');
3027
3028 my $snapname = extract_param($param, 'snapname');
3029
3030 my $realcmd = sub {
3031 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3032 PVE::QemuServer::snapshot_rollback($vmid, $snapname);
3033 };
3034
3035 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3036 }});
3037
3038 __PACKAGE__->register_method({
3039 name => 'delsnapshot',
3040 path => '{vmid}/snapshot/{snapname}',
3041 method => 'DELETE',
3042 protected => 1,
3043 proxyto => 'node',
3044 description => "Delete a VM snapshot.",
3045 permissions => {
3046 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3047 },
3048 parameters => {
3049 additionalProperties => 0,
3050 properties => {
3051 node => get_standard_option('pve-node'),
3052 vmid => get_standard_option('pve-vmid'),
3053 snapname => get_standard_option('pve-snapshot-name'),
3054 force => {
3055 optional => 1,
3056 type => 'boolean',
3057 description => "For removal from config file, even if removing disk snapshots fails.",
3058 },
3059 },
3060 },
3061 returns => {
3062 type => 'string',
3063 description => "the task ID.",
3064 },
3065 code => sub {
3066 my ($param) = @_;
3067
3068 my $rpcenv = PVE::RPCEnvironment::get();
3069
3070 my $authuser = $rpcenv->get_user();
3071
3072 my $node = extract_param($param, 'node');
3073
3074 my $vmid = extract_param($param, 'vmid');
3075
3076 my $snapname = extract_param($param, 'snapname');
3077
3078 my $realcmd = sub {
3079 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3080 PVE::QemuServer::snapshot_delete($vmid, $snapname, $param->{force});
3081 };
3082
3083 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3084 }});
3085
3086 __PACKAGE__->register_method({
3087 name => 'template',
3088 path => '{vmid}/template',
3089 method => 'POST',
3090 protected => 1,
3091 proxyto => 'node',
3092 description => "Create a Template.",
3093 permissions => {
3094 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3095 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3096 },
3097 parameters => {
3098 additionalProperties => 0,
3099 properties => {
3100 node => get_standard_option('pve-node'),
3101 vmid => get_standard_option('pve-vmid'),
3102 disk => {
3103 optional => 1,
3104 type => 'string',
3105 description => "If you want to convert only 1 disk to base image.",
3106 enum => [PVE::QemuServer::disknames()],
3107 },
3108
3109 },
3110 },
3111 returns => { type => 'null'},
3112 code => sub {
3113 my ($param) = @_;
3114
3115 my $rpcenv = PVE::RPCEnvironment::get();
3116
3117 my $authuser = $rpcenv->get_user();
3118
3119 my $node = extract_param($param, 'node');
3120
3121 my $vmid = extract_param($param, 'vmid');
3122
3123 my $disk = extract_param($param, 'disk');
3124
3125 my $updatefn = sub {
3126
3127 my $conf = PVE::QemuServer::load_config($vmid);
3128
3129 PVE::QemuServer::check_lock($conf);
3130
3131 die "unable to create template, because VM contains snapshots\n"
3132 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3133
3134 die "you can't convert a template to a template\n"
3135 if PVE::QemuServer::is_template($conf) && !$disk;
3136
3137 die "you can't convert a VM to template if VM is running\n"
3138 if PVE::QemuServer::check_running($vmid);
3139
3140 my $realcmd = sub {
3141 PVE::QemuServer::template_create($vmid, $conf, $disk);
3142 };
3143
3144 $conf->{template} = 1;
3145 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
3146
3147 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3148 };
3149
3150 PVE::QemuServer::lock_config($vmid, $updatefn);
3151 return undef;
3152 }});
3153
3154 1;
Virtual Machine Manager