VM.Snapshot.Rollback privilege added

[qemu-server.git] / PVE / API2 / Qemu.pm

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 4151f19b5281cb30c5ac1eeeacb9ff3ad588be53..869eb8c109aeb87883e43b0cbc2483b5adf53a2a 100644 (file)
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -52,6 +52,7 @@ my $resolve_cdrom_alias = sub {
     }
 };
 
+my $NEW_DISK_RE = qr!^(([^/:\s]+):)?(\d+(\.\d+)?)$!;
 my $check_storage_access = sub {
    my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
 
@@ -66,10 +67,13 @@ my $check_storage_access = sub {
            # nothing to check
        } elsif ($isCDROM && ($volid eq 'cdrom')) {
            $rpcenv->check($authuser, "/", ['Sys.Console']);
-       } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
+       } elsif (!$isCDROM && ($volid =~ $NEW_DISK_RE)) {
            my ($storeid, $size) = ($2 || $default_storage, $3);
            die "no storage ID specified (and no default storage)\n" if !$storeid;
            $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
+           my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
+           raise_param_exc({ storage => "storage '$storeid' does not support vm images"})
+               if !$scfg->{content}->{images};
        } else {
            PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
        }
@@ -130,41 +134,23 @@ my $create_disks = sub {
        if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
            delete $disk->{size};
            $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
-       } elsif ($volid =~ m!^(([^/:\s]+):)?(\d+(\.\d+)?)$!) {
+       } elsif ($volid =~ $NEW_DISK_RE) {
            my ($storeid, $size) = ($2 || $default_storage, $3);
            die "no storage ID specified (and no default storage)\n" if !$storeid;
            my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
            my $fmt = $disk->{format} || $defformat;
 
+           $size = PVE::Tools::convert_size($size, 'gb' => 'kb'); # vdisk_alloc uses kb
+
            my $volid;
            if ($ds eq 'efidisk0') {
-               # handle efidisk
-               my $ovmfvars = '/usr/share/kvm/OVMF_VARS-pure-efi.fd';
-               die "uefi vars image not found\n" if ! -f $ovmfvars;
-               $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
-                                                     $fmt, undef, 128);
-               $disk->{file} = $volid;
-               $disk->{size} = 128*1024;
-               my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
-               my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
-               my $qemufmt = PVE::QemuServer::qemu_img_format($scfg, $volname);
-               my $path = PVE::Storage::path($storecfg, $volid);
-               my $efidiskcmd = ['/usr/bin/qemu-img', 'convert', '-n', '-f', 'raw', '-O', $qemufmt];
-               push @$efidiskcmd, $ovmfvars;
-               push @$efidiskcmd, $path;
-
-               PVE::Storage::activate_volumes($storecfg, [$volid]);
-
-               eval { PVE::Tools::run_command($efidiskcmd); };
-               my $err = $@;
-               die "Copying of EFI Vars image failed: $err" if $err;
+               ($volid, $size) = PVE::QemuServer::create_efidisk($storecfg, $storeid, $vmid, $fmt);
            } else {
-               $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
-                                                     $fmt, undef, $size*1024*1024);
-               $disk->{file} = $volid;
-               $disk->{size} = $size*1024*1024*1024;
+               $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, $fmt, undef, $size);
            }
            push @$vollist, $volid;
+           $disk->{file} = $volid;
+           $disk->{size} = PVE::Tools::convert_size($size, 'kb' => 'b');
            delete $disk->{format}; # no longer needed
            $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
        } else {
@@ -525,6 +511,9 @@ __PACKAGE__->register_method({
                PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
            };
 
+           # ensure no old replication state are exists
+           PVE::ReplicationState::delete_guest_states($vmid);
+
            return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
        };
 
@@ -533,6 +522,9 @@ __PACKAGE__->register_method({
            # test after locking
            PVE::Cluster::check_vmid_unused($vmid);
 
+           # ensure no old replication state are exists
+           PVE::ReplicationState::delete_guest_states($vmid);
+
            my $realcmd = sub {
 
                my $vollist = [];
@@ -898,7 +890,7 @@ my $update_vm_api  = sub {
     my $background_delay = extract_param($param, 'background_delay');
 
     my @paramarr = (); # used for log message
-    foreach my $key (keys %$param) {
+    foreach my $key (sort keys %$param) {
        push @paramarr, "-$key", $param->{$key};
     }
 
@@ -954,12 +946,35 @@ my $update_vm_api  = sub {
        push @delete, $opt;
     }
 
+    my $repl_conf = PVE::ReplicationConfig->new();
+    my $is_replicated = $repl_conf->check_for_existing_jobs($vmid, 1);
+    my $check_replication = sub {
+       my ($drive) = @_;
+       return if !$is_replicated;
+       my $volid = $drive->{file};
+       return if !$volid || !($drive->{replicate}//1);
+       return if PVE::QemuServer::drive_is_cdrom($drive);
+       my ($storeid, $format);
+       if ($volid =~ $NEW_DISK_RE) {
+           $storeid = $2;
+           $format = $drive->{format} || PVE::Storage::storage_default_format($storecfg, $storeid);
+       } else {
+           ($storeid, undef) = PVE::Storage::parse_volume_id($volid, 1);
+           $format = (PVE::Storage::parse_volname($storecfg, $volid))[6];
+       }
+       return if PVE::Storage::storage_can_replicate($storecfg, $storeid, $format);
+       my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
+       return if $scfg->{shared};
+       die "cannot add non-replicatable volume to a replicated VM\n";
+    };
+
     foreach my $opt (keys %$param) {
        if (PVE::QemuServer::is_valid_drivename($opt)) {
            # cleanup drive path
            my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
            raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
            PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
+           $check_replication->($drive);
            $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
        } elsif ($opt =~ m/^net(\d+)$/) {
            # add macaddr
@@ -1756,7 +1771,7 @@ __PACKAGE__->register_method({
 
                my $cmd = ['ha-manager', 'set', $service, '--state', 'started'];
 
-               print "Executing HA start for VM $vmid\n";
+               print "Requesting HA start for VM $vmid\n";
 
                PVE::Tools::run_command($cmd);
 
@@ -1853,7 +1868,7 @@ __PACKAGE__->register_method({
 
                my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped'];
 
-               print "Executing HA stop for VM $vmid\n";
+               print "Requesting HA stop for VM $vmid\n";
 
                PVE::Tools::run_command($cmd);
 
@@ -2023,7 +2038,7 @@ __PACKAGE__->register_method({
 
                my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped'];
 
-               print "Executing HA stop for VM $vmid\n";
+               print "Requesting HA stop for VM $vmid\n";
 
                PVE::Tools::run_command($cmd);
 
@@ -2499,7 +2514,10 @@ __PACKAGE__->register_method({
                my $jobs = {};
 
                eval {
-                   local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
+                   local $SIG{INT} =
+                       local $SIG{TERM} =
+                       local $SIG{QUIT} =
+                       local $SIG{HUP} = sub { die "interrupted by signal\n"; };
 
                    PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
 
@@ -2679,7 +2697,10 @@ __PACKAGE__->register_method({
                my $newvollist = [];
 
                eval {
-                   local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
+                   local $SIG{INT} =
+                       local $SIG{TERM} =
+                       local $SIG{QUIT} =
+                       local $SIG{HUP} = sub { die "interrupted by signal\n"; };
 
                    warn "moving disk with snapshots, snapshots will not be moved!\n"
                        if $snapshotted;
@@ -2846,7 +2867,7 @@ __PACKAGE__->register_method({
 
                my $cmd = ['ha-manager', 'migrate', $service, $target];
 
-               print "Executing HA migrate for VM $vmid to node $target\n";
+               print "Requesting HA migration for VM $vmid to node $target\n";
 
                PVE::Tools::run_command($cmd);
 
@@ -2858,8 +2879,6 @@ __PACKAGE__->register_method({
        } else {
 
            my $realcmd = sub {
-               my $upid = shift;
-
                PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
            };
 
@@ -3323,7 +3342,7 @@ __PACKAGE__->register_method({
     proxyto => 'node',
     description => "Get snapshot configuration",
     permissions => {
-       check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
+       check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 'VM.Snapshot.Rollback' ], any => 1],
     },
     parameters => {
        additionalProperties => 0,
@@ -3362,7 +3381,7 @@ __PACKAGE__->register_method({
     proxyto => 'node',
     description => "Rollback VM state to specified snapshot.",
     permissions => {
-       check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
+       check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 'VM.Snapshot.Rollback' ], any => 1],
     },
     parameters => {
        additionalProperties => 0,