Advertisement
Guest User

Untitled

a guest
Feb 22nd, 2022
123
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. package PVE::API2::Qemu;
  2.  
  3. use strict;
  4. use warnings;
  5. use Cwd 'abs_path';
  6. use Net::SSLeay;
  7. use POSIX;
  8. use IO::Socket::IP;
  9. use URI::Escape;
  10. use Crypt::OpenSSL::Random;
  11.  
  12. use PVE::Cluster qw (cfs_read_file cfs_write_file);;
  13. use PVE::RRD;
  14. use PVE::SafeSyslog;
  15. use PVE::Tools qw(extract_param);
  16. use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
  17. use PVE::Storage;
  18. use PVE::JSONSchema qw(get_standard_option);
  19. use PVE::RESTHandler;
  20. use PVE::ReplicationConfig;
  21. use PVE::GuestHelpers;
  22. use PVE::QemuConfig;
  23. use PVE::QemuServer;
  24. use PVE::QemuServer::Drive;
  25. use PVE::QemuServer::CPUConfig;
  26. use PVE::QemuServer::Monitor qw(mon_cmd);
  27. use PVE::QemuServer::Machine;
  28. use PVE::QemuMigrate;
  29. use PVE::RPCEnvironment;
  30. use PVE::AccessControl;
  31. use PVE::INotify;
  32. use PVE::Network;
  33. use PVE::Firewall;
  34. use PVE::API2::Firewall::VM;
  35. use PVE::API2::Qemu::Agent;
  36. use PVE::VZDump::Plugin;
  37. use PVE::DataCenterConfig;
  38. use PVE::SSHInfo;
  39. use PVE::Replication;
  40.  
  41. BEGIN {
  42. if (!$ENV{PVE_GENERATING_DOCS}) {
  43. require PVE::HA::Env::PVE2;
  44. import PVE::HA::Env::PVE2;
  45. require PVE::HA::Config;
  46. import PVE::HA::Config;
  47. }
  48. }
  49.  
  50. use Data::Dumper; # fixme: remove
  51.  
  52. use base qw(PVE::RESTHandler);
  53.  
  54. my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
  55.  
  56. my $resolve_cdrom_alias = sub {
  57. my $param = shift;
  58.  
  59. if (my $value = $param->{cdrom}) {
  60. $value .= ",media=cdrom" if $value !~ m/media=/;
  61. $param->{ide2} = $value;
  62. delete $param->{cdrom};
  63. }
  64. };
  65.  
  66. my $NEW_DISK_RE = qr!^(([^/:\s]+):)?(\d+(\.\d+)?)$!;
  67. my $check_storage_access = sub {
  68. my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
  69.  
  70. PVE::QemuConfig->foreach_volume($settings, sub {
  71. my ($ds, $drive) = @_;
  72.  
  73. my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
  74.  
  75. my $volid = $drive->{file};
  76. my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
  77.  
  78. if (!$volid || ($volid eq 'none' || $volid eq 'cloudinit' || (defined($volname) && $volname eq 'cloudinit'))) {
  79. # nothing to check
  80. } elsif ($isCDROM && ($volid eq 'cdrom')) {
  81. $rpcenv->check($authuser, "/", ['Sys.Console']);
  82. } elsif (!$isCDROM && ($volid =~ $NEW_DISK_RE)) {
  83. my ($storeid, $size) = ($2 || $default_storage, $3);
  84. die "no storage ID specified (and no default storage)\n" if !$storeid;
  85. $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
  86. my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
  87. raise_param_exc({ storage => "storage '$storeid' does not support vm images"})
  88. if !$scfg->{content}->{images};
  89. } else {
  90. PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
  91. }
  92. });
  93.  
  94. $rpcenv->check($authuser, "/storage/$settings->{vmstatestorage}", ['Datastore.AllocateSpace'])
  95. if defined($settings->{vmstatestorage});
  96. };
  97.  
  98. my $check_storage_access_clone = sub {
  99. my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
  100.  
  101. my $sharedvm = 1;
  102.  
  103. PVE::QemuConfig->foreach_volume($conf, sub {
  104. my ($ds, $drive) = @_;
  105.  
  106. my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
  107.  
  108. my $volid = $drive->{file};
  109.  
  110. return if !$volid || $volid eq 'none';
  111.  
  112. if ($isCDROM) {
  113. if ($volid eq 'cdrom') {
  114. $rpcenv->check($authuser, "/", ['Sys.Console']);
  115. } else {
  116. # we simply allow access
  117. my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
  118. my $scfg = PVE::Storage::storage_config($storecfg, $sid);
  119. $sharedvm = 0 if !$scfg->{shared};
  120.  
  121. }
  122. } else {
  123. my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
  124. my $scfg = PVE::Storage::storage_config($storecfg, $sid);
  125. $sharedvm = 0 if !$scfg->{shared};
  126.  
  127. $sid = $storage if $storage;
  128. $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
  129. }
  130. });
  131.  
  132. $rpcenv->check($authuser, "/storage/$conf->{vmstatestorage}", ['Datastore.AllocateSpace'])
  133. if defined($conf->{vmstatestorage});
  134.  
  135. return $sharedvm;
  136. };
  137.  
  138. my $check_storage_access_migrate = sub {
  139. my ($rpcenv, $authuser, $storecfg, $storage, $node) = @_;
  140.  
  141. PVE::Storage::storage_check_enabled($storecfg, $storage, $node);
  142.  
  143. $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']);
  144.  
  145. my $scfg = PVE::Storage::storage_config($storecfg, $storage);
  146. die "storage '$storage' does not support vm images\n"
  147. if !$scfg->{content}->{images};
  148. };
  149.  
  150. # Note: $pool is only needed when creating a VM, because pool permissions
  151. # are automatically inherited if VM already exists inside a pool.
  152. my $create_disks = sub {
  153. my ($rpcenv, $authuser, $conf, $arch, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
  154.  
  155. my $vollist = [];
  156.  
  157. my $res = {};
  158.  
  159. my $code = sub {
  160. my ($ds, $disk) = @_;
  161.  
  162. my $volid = $disk->{file};
  163. my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
  164.  
  165. if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
  166. delete $disk->{size};
  167. $res->{$ds} = PVE::QemuServer::print_drive($disk);
  168. } elsif (defined($volname) && $volname eq 'cloudinit') {
  169. $storeid = $storeid // $default_storage;
  170. die "no storage ID specified (and no default storage)\n" if !$storeid;
  171. my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
  172. my $name = "vm-$vmid-cloudinit";
  173.  
  174. my $fmt = undef;
  175. if ($scfg->{path}) {
  176. $fmt = $disk->{format} // "qcow2";
  177. $name .= ".$fmt";
  178. } else {
  179. $fmt = $disk->{format} // "raw";
  180. }
  181.  
  182. # Initial disk created with 4 MB and aligned to 4MB on regeneration
  183. my $ci_size = PVE::QemuServer::Cloudinit::CLOUDINIT_DISK_SIZE;
  184. my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, $fmt, $name, $ci_size/1024);
  185. $disk->{file} = $volid;
  186. $disk->{media} = 'cdrom';
  187. push @$vollist, $volid;
  188. delete $disk->{format}; # no longer needed
  189. $res->{$ds} = PVE::QemuServer::print_drive($disk);
  190. } elsif ($volid =~ $NEW_DISK_RE) {
  191. my ($storeid, $size) = ($2 || $default_storage, $3);
  192. die "no storage ID specified (and no default storage)\n" if !$storeid;
  193. my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
  194. my $fmt = $disk->{format} || $defformat;
  195.  
  196. $size = PVE::Tools::convert_size($size, 'gb' => 'kb'); # vdisk_alloc uses kb
  197.  
  198. my $volid;
  199. if ($ds eq 'efidisk0') {
  200. my $smm = PVE::QemuServer::Machine::machine_type_is_q35($conf);
  201. ($volid, $size) = PVE::QemuServer::create_efidisk(
  202. $storecfg, $storeid, $vmid, $fmt, $arch, $disk, $smm);
  203. } elsif ($ds eq 'tpmstate0') {
  204. # swtpm can only use raw volumes, and uses a fixed size
  205. $size = PVE::Tools::convert_size(PVE::QemuServer::Drive::TPMSTATE_DISK_SIZE, 'b' => 'kb');
  206. $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, "raw", undef, $size);
  207. } else {
  208. $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, $fmt, undef, $size);
  209. }
  210. push @$vollist, $volid;
  211. $disk->{file} = $volid;
  212. $disk->{size} = PVE::Tools::convert_size($size, 'kb' => 'b');
  213. delete $disk->{format}; # no longer needed
  214. $res->{$ds} = PVE::QemuServer::print_drive($disk);
  215. } else {
  216.  
  217. PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
  218.  
  219. my $volid_is_new = 1;
  220.  
  221. if ($conf->{$ds}) {
  222. my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
  223. $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
  224. }
  225.  
  226. if ($volid_is_new) {
  227.  
  228. PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
  229.  
  230. my $size = PVE::Storage::volume_size_info($storecfg, $volid);
  231.  
  232. die "volume $volid does not exist\n" if !$size;
  233.  
  234. $disk->{size} = $size;
  235. }
  236.  
  237. $res->{$ds} = PVE::QemuServer::print_drive($disk);
  238. }
  239. };
  240.  
  241. eval { PVE::QemuConfig->foreach_volume($settings, $code); };
  242.  
  243. # free allocated images on error
  244. if (my $err = $@) {
  245. syslog('err', "VM $vmid creating disks failed");
  246. foreach my $volid (@$vollist) {
  247. eval { PVE::Storage::vdisk_free($storecfg, $volid); };
  248. warn $@ if $@;
  249. }
  250. die $err;
  251. }
  252.  
  253. # modify vm config if everything went well
  254. foreach my $ds (keys %$res) {
  255. $conf->{$ds} = $res->{$ds};
  256. }
  257.  
  258. return $vollist;
  259. };
  260.  
  261. my $check_cpu_model_access = sub {
  262. my ($rpcenv, $authuser, $new, $existing) = @_;
  263.  
  264. return if !defined($new->{cpu});
  265.  
  266. my $cpu = PVE::JSONSchema::check_format('pve-vm-cpu-conf', $new->{cpu});
  267. return if !$cpu || !$cpu->{cputype}; # always allow default
  268. my $cputype = $cpu->{cputype};
  269.  
  270. if ($existing && $existing->{cpu}) {
  271. # changing only other settings doesn't require permissions for CPU model
  272. my $existingCpu = PVE::JSONSchema::check_format('pve-vm-cpu-conf', $existing->{cpu});
  273. return if $existingCpu->{cputype} eq $cputype;
  274. }
  275.  
  276. if (PVE::QemuServer::CPUConfig::is_custom_model($cputype)) {
  277. $rpcenv->check($authuser, "/nodes", ['Sys.Audit']);
  278. }
  279. };
  280.  
  281. my $cpuoptions = {
  282. 'cores' => 1,
  283. 'cpu' => 1,
  284. 'cpulimit' => 1,
  285. 'cpuunits' => 1,
  286. 'numa' => 1,
  287. 'smp' => 1,
  288. 'sockets' => 1,
  289. 'vcpus' => 1,
  290. };
  291.  
  292. my $memoryoptions = {
  293. 'memory' => 1,
  294. 'balloon' => 1,
  295. 'shares' => 1,
  296. };
  297.  
  298. my $hwtypeoptions = {
  299. 'acpi' => 1,
  300. 'hotplug' => 1,
  301. 'kvm' => 1,
  302. 'machine' => 1,
  303. 'scsihw' => 1,
  304. 'smbios1' => 1,
  305. 'tablet' => 1,
  306. 'vga' => 1,
  307. 'watchdog' => 1,
  308. 'audio0' => 1,
  309. };
  310.  
  311. my $generaloptions = {
  312. 'agent' => 1,
  313. 'autostart' => 1,
  314. 'bios' => 1,
  315. 'description' => 1,
  316. 'keyboard' => 1,
  317. 'localtime' => 1,
  318. 'migrate_downtime' => 1,
  319. 'migrate_speed' => 1,
  320. 'name' => 1,
  321. 'onboot' => 1,
  322. 'ostype' => 1,
  323. 'protection' => 1,
  324. 'reboot' => 1,
  325. 'startdate' => 1,
  326. 'startup' => 1,
  327. 'tdf' => 1,
  328. 'template' => 1,
  329. 'tags' => 1,
  330. };
  331.  
  332. my $vmpoweroptions = {
  333. 'freeze' => 1,
  334. };
  335.  
  336. my $diskoptions = {
  337. 'boot' => 1,
  338. 'bootdisk' => 1,
  339. 'vmstatestorage' => 1,
  340. };
  341.  
  342. my $cloudinitoptions = {
  343. cicustom => 1,
  344. cipassword => 1,
  345. citype => 1,
  346. ciuser => 1,
  347. nameserver => 1,
  348. searchdomain => 1,
  349. sshkeys => 1,
  350. };
  351.  
  352. my $check_vm_create_serial_perm = sub {
  353. my ($rpcenv, $authuser, $vmid, $pool, $param) = @_;
  354.  
  355. return 1 if $authuser eq 'root@pam';
  356.  
  357. foreach my $opt (keys %{$param}) {
  358. next if $opt !~ m/^serial\d+$/;
  359.  
  360. if ($param->{$opt} eq 'socket') {
  361. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
  362. } else {
  363. die "only root can set '$opt' config for real devices\n";
  364. }
  365. }
  366.  
  367. return 1;
  368. };
  369.  
  370. my $check_vm_create_usb_perm = sub {
  371. my ($rpcenv, $authuser, $vmid, $pool, $param) = @_;
  372.  
  373. return 1 if $authuser eq 'root@pam';
  374.  
  375. foreach my $opt (keys %{$param}) {
  376. next if $opt !~ m/^usb\d+$/;
  377.  
  378. if ($param->{$opt} =~ m/spice/) {
  379. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
  380. } else {
  381. die "only root can set '$opt' config for real devices\n";
  382. }
  383. }
  384.  
  385. return 1;
  386. };
  387.  
  388. my $check_vm_modify_config_perm = sub {
  389. my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
  390.  
  391. return 1 if $authuser eq 'root@pam';
  392.  
  393. foreach my $opt (@$key_list) {
  394. # some checks (e.g., disk, serial port, usb) need to be done somewhere
  395. # else, as there the permission can be value dependend
  396. next if PVE::QemuServer::is_valid_drivename($opt);
  397. next if $opt eq 'cdrom';
  398. next if $opt =~ m/^(?:unused|serial|usb)\d+$/;
  399.  
  400.  
  401. if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) {
  402. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
  403. } elsif ($memoryoptions->{$opt}) {
  404. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
  405. } elsif ($hwtypeoptions->{$opt}) {
  406. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
  407. } elsif ($generaloptions->{$opt}) {
  408. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
  409. # special case for startup since it changes host behaviour
  410. if ($opt eq 'startup') {
  411. $rpcenv->check_full($authuser, "/", ['Sys.Modify']);
  412. }
  413. } elsif ($vmpoweroptions->{$opt}) {
  414. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt']);
  415. } elsif ($diskoptions->{$opt}) {
  416. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
  417. } elsif ($opt =~ m/^(?:net|ipconfig)\d+$/) {
  418. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
  419. } elsif ($cloudinitoptions->{$opt}) {
  420. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Cloudinit', 'VM.Config.Network'], 1);
  421. } elsif ($opt eq 'vmstate') {
  422. # the user needs Disk and PowerMgmt privileges to change the vmstate
  423. # also needs privileges on the storage, that will be checked later
  424. $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk', 'VM.PowerMgmt' ]);
  425. } else {
  426. # catches hostpci\d+, args, lock, etc.
  427. # new options will be checked here
  428. die "only root can set '$opt' config\n";
  429. }
  430. }
  431.  
  432. return 1;
  433. };
  434.  
  435. __PACKAGE__->register_method({
  436. name => 'vmlist',
  437. path => '',
  438. method => 'GET',
  439. description => "Virtual machine index (per node).",
  440. permissions => {
  441. description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
  442. user => 'all',
  443. },
  444. proxyto => 'node',
  445. protected => 1, # qemu pid files are only readable by root
  446. parameters => {
  447. additionalProperties => 0,
  448. properties => {
  449. node => get_standard_option('pve-node'),
  450. full => {
  451. type => 'boolean',
  452. optional => 1,
  453. description => "Determine the full status of active VMs.",
  454. },
  455. },
  456. },
  457. returns => {
  458. type => 'array',
  459. items => {
  460. type => "object",
  461. properties => $PVE::QemuServer::vmstatus_return_properties,
  462. },
  463. links => [ { rel => 'child', href => "{vmid}" } ],
  464. },
  465. code => sub {
  466. my ($param) = @_;
  467.  
  468. my $rpcenv = PVE::RPCEnvironment::get();
  469. my $authuser = $rpcenv->get_user();
  470.  
  471. my $vmstatus = PVE::QemuServer::vmstatus(undef, $param->{full});
  472.  
  473. my $res = [];
  474. foreach my $vmid (keys %$vmstatus) {
  475. next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
  476.  
  477. my $data = $vmstatus->{$vmid};
  478. push @$res, $data;
  479. }
  480.  
  481. return $res;
  482. }});
  483.  
  484. my $parse_restore_archive = sub {
  485. my ($storecfg, $archive) = @_;
  486.  
  487. my ($archive_storeid, $archive_volname) = PVE::Storage::parse_volume_id($archive, 1);
  488.  
  489. if (defined($archive_storeid)) {
  490. my $scfg = PVE::Storage::storage_config($storecfg, $archive_storeid);
  491. if ($scfg->{type} eq 'pbs') {
  492. return {
  493. type => 'pbs',
  494. volid => $archive,
  495. };
  496. }
  497. }
  498. my $path = PVE::Storage::abs_filesystem_path($storecfg, $archive);
  499. return {
  500. type => 'file',
  501. path => $path,
  502. };
  503. };
  504.  
  505.  
  506. __PACKAGE__->register_method({
  507. name => 'create_vm',
  508. path => '',
  509. method => 'POST',
  510. description => "Create or restore a virtual machine.",
  511. permissions => {
  512. description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
  513. "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
  514. "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
  515. user => 'all', # check inside
  516. },
  517. protected => 1,
  518. proxyto => 'node',
  519. parameters => {
  520. additionalProperties => 0,
  521. properties => PVE::QemuServer::json_config_properties(
  522. {
  523. node => get_standard_option('pve-node'),
  524. vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
  525. archive => {
  526. description => "The backup archive. Either the file system path to a .tar or .vma file (use '-' to pipe data from stdin) or a proxmox storage backup volume identifier.",
  527. type => 'string',
  528. optional => 1,
  529. maxLength => 255,
  530. completion => \&PVE::QemuServer::complete_backup_archives,
  531. },
  532. storage => get_standard_option('pve-storage-id', {
  533. description => "Default storage.",
  534. optional => 1,
  535. completion => \&PVE::QemuServer::complete_storage,
  536. }),
  537. force => {
  538. optional => 1,
  539. type => 'boolean',
  540. description => "Allow to overwrite existing VM.",
  541. requires => 'archive',
  542. },
  543. unique => {
  544. optional => 1,
  545. type => 'boolean',
  546. description => "Assign a unique random ethernet address.",
  547. requires => 'archive',
  548. },
  549. 'live-restore' => {
  550. optional => 1,
  551. type => 'boolean',
  552. description => "Start the VM immediately from the backup and restore in background. PBS only.",
  553. requires => 'archive',
  554. },
  555. pool => {
  556. optional => 1,
  557. type => 'string', format => 'pve-poolid',
  558. description => "Add the VM to the specified pool.",
  559. },
  560. bwlimit => {
  561. description => "Override I/O bandwidth limit (in KiB/s).",
  562. optional => 1,
  563. type => 'integer',
  564. minimum => '0',
  565. default => 'restore limit from datacenter or storage config',
  566. },
  567. start => {
  568. optional => 1,
  569. type => 'boolean',
  570. default => 0,
  571. description => "Start VM after it was created successfully.",
  572. },
  573. }),
  574. },
  575. returns => {
  576. type => 'string',
  577. },
  578. code => sub {
  579. my ($param) = @_;
  580.  
  581. my $rpcenv = PVE::RPCEnvironment::get();
  582. my $authuser = $rpcenv->get_user();
  583.  
  584. my $node = extract_param($param, 'node');
  585. my $vmid = extract_param($param, 'vmid');
  586.  
  587. my $archive = extract_param($param, 'archive');
  588. my $is_restore = !!$archive;
  589.  
  590. my $bwlimit = extract_param($param, 'bwlimit');
  591. my $force = extract_param($param, 'force');
  592. my $pool = extract_param($param, 'pool');
  593. my $start_after_create = extract_param($param, 'start');
  594. my $storage = extract_param($param, 'storage');
  595. my $unique = extract_param($param, 'unique');
  596. my $live_restore = extract_param($param, 'live-restore');
  597.  
  598. if (defined(my $ssh_keys = $param->{sshkeys})) {
  599. $ssh_keys = URI::Escape::uri_unescape($ssh_keys);
  600. PVE::Tools::validate_ssh_public_keys($ssh_keys);
  601. }
  602.  
  603. PVE::Cluster::check_cfs_quorum();
  604.  
  605. my $filename = PVE::QemuConfig->config_file($vmid);
  606. my $storecfg = PVE::Storage::config();
  607.  
  608. if (defined($pool)) {
  609. $rpcenv->check_pool_exist($pool);
  610. }
  611.  
  612. $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
  613. if defined($storage);
  614.  
  615. if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
  616. # OK
  617. } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
  618. # OK
  619. } elsif ($archive && $force && (-f $filename) &&
  620. $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
  621. # OK: user has VM.Backup permissions, and want to restore an existing VM
  622. } else {
  623. raise_perm_exc();
  624. }
  625.  
  626. if (!$archive) {
  627. &$resolve_cdrom_alias($param);
  628.  
  629. &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
  630.  
  631. &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
  632.  
  633. &$check_vm_create_serial_perm($rpcenv, $authuser, $vmid, $pool, $param);
  634. &$check_vm_create_usb_perm($rpcenv, $authuser, $vmid, $pool, $param);
  635.  
  636. &$check_cpu_model_access($rpcenv, $authuser, $param);
  637.  
  638. foreach my $opt (keys %$param) {
  639. if (PVE::QemuServer::is_valid_drivename($opt)) {
  640. my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
  641. raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
  642.  
  643. PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
  644. $param->{$opt} = PVE::QemuServer::print_drive($drive);
  645. }
  646. }
  647.  
  648. PVE::QemuServer::add_random_macs($param);
  649. } else {
  650. my $keystr = join(' ', keys %$param);
  651. raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
  652.  
  653. if ($archive eq '-') {
  654. die "pipe requires cli environment\n" if $rpcenv->{type} ne 'cli';
  655. $archive = { type => 'pipe' };
  656. } else {
  657. PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive);
  658.  
  659. $archive = $parse_restore_archive->($storecfg, $archive);
  660. }
  661. }
  662.  
  663. my $emsg = $is_restore ? "unable to restore VM $vmid -" : "unable to create VM $vmid -";
  664.  
  665. eval { PVE::QemuConfig->create_and_lock_config($vmid, $force) };
  666. die "$emsg $@" if $@;
  667.  
  668. my $restored_data = 0;
  669. my $restorefn = sub {
  670. my $conf = PVE::QemuConfig->load_config($vmid);
  671.  
  672. PVE::QemuConfig->check_protection($conf, $emsg);
  673.  
  674. die "$emsg vm is running\n" if PVE::QemuServer::check_running($vmid);
  675.  
  676. my $realcmd = sub {
  677. my $restore_options = {
  678. storage => $storage,
  679. pool => $pool,
  680. unique => $unique,
  681. bwlimit => $bwlimit,
  682. live => $live_restore,
  683. };
  684. if ($archive->{type} eq 'file' || $archive->{type} eq 'pipe') {
  685. die "live-restore is only compatible with backup images from a Proxmox Backup Server\n"
  686. if $live_restore;
  687. PVE::QemuServer::restore_file_archive($archive->{path} // '-', $vmid, $authuser, $restore_options);
  688. } elsif ($archive->{type} eq 'pbs') {
  689. PVE::QemuServer::restore_proxmox_backup_archive($archive->{volid}, $vmid, $authuser, $restore_options);
  690. } else {
  691. die "unknown backup archive type\n";
  692. }
  693. $restored_data = 1;
  694.  
  695. my $restored_conf = PVE::QemuConfig->load_config($vmid);
  696. # Convert restored VM to template if backup was VM template
  697. if (PVE::QemuConfig->is_template($restored_conf)) {
  698. warn "Convert to template.\n";
  699. eval { PVE::QemuServer::template_create($vmid, $restored_conf) };
  700. warn $@ if $@;
  701. }
  702. };
  703.  
  704. # ensure no old replication state are exists
  705. PVE::ReplicationState::delete_guest_states($vmid);
  706.  
  707. PVE::QemuConfig->lock_config_full($vmid, 1, $realcmd);
  708.  
  709. if ($start_after_create && !$live_restore) {
  710. print "Execute autostart\n";
  711. eval { PVE::API2::Qemu->vm_start({ vmid => $vmid, node => $node }) };
  712. warn $@ if $@;
  713. }
  714. };
  715.  
  716. my $createfn = sub {
  717. # ensure no old replication state are exists
  718. PVE::ReplicationState::delete_guest_states($vmid);
  719.  
  720. my $realcmd = sub {
  721. my $conf = $param;
  722. my $arch = PVE::QemuServer::get_vm_arch($conf);
  723.  
  724. $conf->{meta} = PVE::QemuServer::new_meta_info_string();
  725.  
  726. my $vollist = [];
  727. eval {
  728. $vollist = &$create_disks($rpcenv, $authuser, $conf, $arch, $storecfg, $vmid, $pool, $param, $storage);
  729.  
  730. if (!$conf->{boot}) {
  731. my $devs = PVE::QemuServer::get_default_bootdevices($conf);
  732. $conf->{boot} = PVE::QemuServer::print_bootorder($devs);
  733. }
  734.  
  735. # auto generate uuid if user did not specify smbios1 option
  736. if (!$conf->{smbios1}) {
  737. $conf->{smbios1} = PVE::QemuServer::generate_smbios1_uuid();
  738. }
  739.  
  740. if ((!defined($conf->{vmgenid}) || $conf->{vmgenid} eq '1') && $arch ne 'aarch64') {
  741. $conf->{vmgenid} = PVE::QemuServer::generate_uuid();
  742. }
  743.  
  744. my $machine = $conf->{machine};
  745. if (!$machine || $machine =~ m/^(?:pc|q35|virt)$/) {
  746. # always pin Windows' machine version on create, they get to easily confused
  747. if (PVE::QemuServer::windows_version($conf->{ostype})) {
  748. $conf->{machine} = PVE::QemuServer::windows_get_pinned_machine_version($machine);
  749. }
  750. }
  751.  
  752. PVE::QemuConfig->write_config($vmid, $conf);
  753.  
  754. };
  755. my $err = $@;
  756.  
  757. if ($err) {
  758. foreach my $volid (@$vollist) {
  759. eval { PVE::Storage::vdisk_free($storecfg, $volid); };
  760. warn $@ if $@;
  761. }
  762. die "$emsg $err";
  763. }
  764.  
  765. PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
  766. };
  767.  
  768. PVE::QemuConfig->lock_config_full($vmid, 1, $realcmd);
  769.  
  770. if ($start_after_create) {
  771. print "Execute autostart\n";
  772. eval { PVE::API2::Qemu->vm_start({vmid => $vmid, node => $node}) };
  773. warn $@ if $@;
  774. }
  775. };
  776.  
  777. my ($code, $worker_name);
  778. if ($is_restore) {
  779. $worker_name = 'qmrestore';
  780. $code = sub {
  781. eval { $restorefn->() };
  782. if (my $err = $@) {
  783. eval { PVE::QemuConfig->remove_lock($vmid, 'create') };
  784. warn $@ if $@;
  785. if ($restored_data) {
  786. warn "error after data was restored, VM disks should be OK but config may "
  787. ."require adaptions. VM $vmid state is NOT cleaned up.\n";
  788. } else {
  789. warn "error before or during data restore, some or all disks were not "
  790. ."completely restored. VM $vmid state is NOT cleaned up.\n";
  791. }
  792. die $err;
  793. }
  794. };
  795. } else {
  796. $worker_name = 'qmcreate';
  797. $code = sub {
  798. eval { $createfn->() };
  799. if (my $err = $@) {
  800. eval {
  801. my $conffile = PVE::QemuConfig->config_file($vmid);
  802. unlink($conffile) or die "failed to remove config file: $!\n";
  803. };
  804. warn $@ if $@;
  805. die $err;
  806. }
  807. };
  808. }
  809.  
  810. return $rpcenv->fork_worker($worker_name, $vmid, $authuser, $code);
  811. }});
  812.  
  813. __PACKAGE__->register_method({
  814. name => 'vmdiridx',
  815. path => '{vmid}',
  816. method => 'GET',
  817. proxyto => 'node',
  818. description => "Directory index",
  819. permissions => {
  820. user => 'all',
  821. },
  822. parameters => {
  823. additionalProperties => 0,
  824. properties => {
  825. node => get_standard_option('pve-node'),
  826. vmid => get_standard_option('pve-vmid'),
  827. },
  828. },
  829. returns => {
  830. type => 'array',
  831. items => {
  832. type => "object",
  833. properties => {
  834. subdir => { type => 'string' },
  835. },
  836. },
  837. links => [ { rel => 'child', href => "{subdir}" } ],
  838. },
  839. code => sub {
  840. my ($param) = @_;
  841.  
  842. my $res = [
  843. { subdir => 'config' },
  844. { subdir => 'pending' },
  845. { subdir => 'status' },
  846. { subdir => 'unlink' },
  847. { subdir => 'vncproxy' },
  848. { subdir => 'termproxy' },
  849. { subdir => 'migrate' },
  850. { subdir => 'resize' },
  851. { subdir => 'move' },
  852. { subdir => 'rrd' },
  853. { subdir => 'rrddata' },
  854. { subdir => 'monitor' },
  855. { subdir => 'agent' },
  856. { subdir => 'snapshot' },
  857. { subdir => 'spiceproxy' },
  858. { subdir => 'sendkey' },
  859. { subdir => 'firewall' },
  860. ];
  861.  
  862. return $res;
  863. }});
  864.  
  865. __PACKAGE__->register_method ({
  866. subclass => "PVE::API2::Firewall::VM",
  867. path => '{vmid}/firewall',
  868. });
  869.  
  870. __PACKAGE__->register_method ({
  871. subclass => "PVE::API2::Qemu::Agent",
  872. path => '{vmid}/agent',
  873. });
  874.  
  875. __PACKAGE__->register_method({
  876. name => 'rrd',
  877. path => '{vmid}/rrd',
  878. method => 'GET',
  879. protected => 1, # fixme: can we avoid that?
  880. permissions => {
  881. check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
  882. },
  883. description => "Read VM RRD statistics (returns PNG)",
  884. parameters => {
  885. additionalProperties => 0,
  886. properties => {
  887. node => get_standard_option('pve-node'),
  888. vmid => get_standard_option('pve-vmid'),
  889. timeframe => {
  890. description => "Specify the time frame you are interested in.",
  891. type => 'string',
  892. enum => [ 'hour', 'day', 'week', 'month', 'year' ],
  893. },
  894. ds => {
  895. description => "The list of datasources you want to display.",
  896. type => 'string', format => 'pve-configid-list',
  897. },
  898. cf => {
  899. description => "The RRD consolidation function",
  900. type => 'string',
  901. enum => [ 'AVERAGE', 'MAX' ],
  902. optional => 1,
  903. },
  904. },
  905. },
  906. returns => {
  907. type => "object",
  908. properties => {
  909. filename => { type => 'string' },
  910. },
  911. },
  912. code => sub {
  913. my ($param) = @_;
  914.  
  915. return PVE::RRD::create_rrd_graph(
  916. "pve2-vm/$param->{vmid}", $param->{timeframe},
  917. $param->{ds}, $param->{cf});
  918.  
  919. }});
  920.  
  921. __PACKAGE__->register_method({
  922. name => 'rrddata',
  923. path => '{vmid}/rrddata',
  924. method => 'GET',
  925. protected => 1, # fixme: can we avoid that?
  926. permissions => {
  927. check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
  928. },
  929. description => "Read VM RRD statistics",
  930. parameters => {
  931. additionalProperties => 0,
  932. properties => {
  933. node => get_standard_option('pve-node'),
  934. vmid => get_standard_option('pve-vmid'),
  935. timeframe => {
  936. description => "Specify the time frame you are interested in.",
  937. type => 'string',
  938. enum => [ 'hour', 'day', 'week', 'month', 'year' ],
  939. },
  940. cf => {
  941. description => "The RRD consolidation function",
  942. type => 'string',
  943. enum => [ 'AVERAGE', 'MAX' ],
  944. optional => 1,
  945. },
  946. },
  947. },
  948. returns => {
  949. type => "array",
  950. items => {
  951. type => "object",
  952. properties => {},
  953. },
  954. },
  955. code => sub {
  956. my ($param) = @_;
  957.  
  958. return PVE::RRD::create_rrd_data(
  959. "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
  960. }});
  961.  
  962.  
  963. __PACKAGE__->register_method({
  964. name => 'vm_config',
  965. path => '{vmid}/config',
  966. method => 'GET',
  967. proxyto => 'node',
  968. description => "Get the virtual machine configuration with pending configuration " .
  969. "changes applied. Set the 'current' parameter to get the current configuration instead.",
  970. permissions => {
  971. check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
  972. },
  973. parameters => {
  974. additionalProperties => 0,
  975. properties => {
  976. node => get_standard_option('pve-node'),
  977. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  978. current => {
  979. description => "Get current values (instead of pending values).",
  980. optional => 1,
  981. default => 0,
  982. type => 'boolean',
  983. },
  984. snapshot => get_standard_option('pve-snapshot-name', {
  985. description => "Fetch config values from given snapshot.",
  986. optional => 1,
  987. completion => sub {
  988. my ($cmd, $pname, $cur, $args) = @_;
  989. PVE::QemuConfig->snapshot_list($args->[0]);
  990. },
  991. }),
  992. },
  993. },
  994. returns => {
  995. description => "The VM configuration.",
  996. type => "object",
  997. properties => PVE::QemuServer::json_config_properties({
  998. digest => {
  999. type => 'string',
  1000. description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
  1001. }
  1002. }),
  1003. },
  1004. code => sub {
  1005. my ($param) = @_;
  1006.  
  1007. raise_param_exc({ snapshot => "cannot use 'snapshot' parameter with 'current'",
  1008. current => "cannot use 'snapshot' parameter with 'current'"})
  1009. if ($param->{snapshot} && $param->{current});
  1010.  
  1011. my $conf;
  1012. if ($param->{snapshot}) {
  1013. $conf = PVE::QemuConfig->load_snapshot_config($param->{vmid}, $param->{snapshot});
  1014. } else {
  1015. $conf = PVE::QemuConfig->load_current_config($param->{vmid}, $param->{current});
  1016. }
  1017. $conf->{cipassword} = '**********' if $conf->{cipassword};
  1018. return $conf;
  1019.  
  1020. }});
  1021.  
  1022. __PACKAGE__->register_method({
  1023. name => 'vm_pending',
  1024. path => '{vmid}/pending',
  1025. method => 'GET',
  1026. proxyto => 'node',
  1027. description => "Get the virtual machine configuration with both current and pending values.",
  1028. permissions => {
  1029. check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
  1030. },
  1031. parameters => {
  1032. additionalProperties => 0,
  1033. properties => {
  1034. node => get_standard_option('pve-node'),
  1035. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  1036. },
  1037. },
  1038. returns => {
  1039. type => "array",
  1040. items => {
  1041. type => "object",
  1042. properties => {
  1043. key => {
  1044. description => "Configuration option name.",
  1045. type => 'string',
  1046. },
  1047. value => {
  1048. description => "Current value.",
  1049. type => 'string',
  1050. optional => 1,
  1051. },
  1052. pending => {
  1053. description => "Pending value.",
  1054. type => 'string',
  1055. optional => 1,
  1056. },
  1057. delete => {
  1058. description => "Indicates a pending delete request if present and not 0. " .
  1059. "The value 2 indicates a force-delete request.",
  1060. type => 'integer',
  1061. minimum => 0,
  1062. maximum => 2,
  1063. optional => 1,
  1064. },
  1065. },
  1066. },
  1067. },
  1068. code => sub {
  1069. my ($param) = @_;
  1070.  
  1071. my $conf = PVE::QemuConfig->load_config($param->{vmid});
  1072.  
  1073. my $pending_delete_hash = PVE::QemuConfig->parse_pending_delete($conf->{pending}->{delete});
  1074.  
  1075. $conf->{cipassword} = '**********' if defined($conf->{cipassword});
  1076. $conf->{pending}->{cipassword} = '********** ' if defined($conf->{pending}->{cipassword});
  1077.  
  1078. return PVE::GuestHelpers::config_with_pending_array($conf, $pending_delete_hash);
  1079. }});
  1080.  
  1081. # POST/PUT {vmid}/config implementation
  1082. #
  1083. # The original API used PUT (idempotent) an we assumed that all operations
  1084. # are fast. But it turned out that almost any configuration change can
  1085. # involve hot-plug actions, or disk alloc/free. Such actions can take long
  1086. # time to complete and have side effects (not idempotent).
  1087. #
  1088. # The new implementation uses POST and forks a worker process. We added
  1089. # a new option 'background_delay'. If specified we wait up to
  1090. # 'background_delay' second for the worker task to complete. It returns null
  1091. # if the task is finished within that time, else we return the UPID.
  1092.  
  1093. my $update_vm_api = sub {
  1094. my ($param, $sync) = @_;
  1095.  
  1096. my $rpcenv = PVE::RPCEnvironment::get();
  1097.  
  1098. my $authuser = $rpcenv->get_user();
  1099.  
  1100. my $node = extract_param($param, 'node');
  1101.  
  1102. my $vmid = extract_param($param, 'vmid');
  1103.  
  1104. my $digest = extract_param($param, 'digest');
  1105.  
  1106. my $background_delay = extract_param($param, 'background_delay');
  1107.  
  1108. my $conf = PVE::QemuConfig->load_config($vmid);
  1109.  
  1110. my $ostype = $conf->{ostype};
  1111.  
  1112. if (defined(my $cipassword = $param->{cipassword})) {
  1113. # Same logic as in cloud-init (but with the regex fixed...)
  1114. if (!(PVE::QemuServer::windows_version($ostype))) {
  1115. $param->{cipassword} = PVE::Tools::encrypt_pw($cipassword)
  1116. if $cipassword !~ /^\$(?:[156]|2[ay])(\$.+){2}/;
  1117. }
  1118. }
  1119.  
  1120. my @paramarr = (); # used for log message
  1121. foreach my $key (sort keys %$param) {
  1122. my $value = $key eq 'cipassword' ? '<hidden>' : $param->{$key};
  1123. push @paramarr, "-$key", $value;
  1124. }
  1125.  
  1126. my $skiplock = extract_param($param, 'skiplock');
  1127. raise_param_exc({ skiplock => "Only root may use this option." })
  1128. if $skiplock && $authuser ne 'root@pam';
  1129.  
  1130. my $delete_str = extract_param($param, 'delete');
  1131.  
  1132. my $revert_str = extract_param($param, 'revert');
  1133.  
  1134. my $force = extract_param($param, 'force');
  1135.  
  1136. if (defined(my $ssh_keys = $param->{sshkeys})) {
  1137. $ssh_keys = URI::Escape::uri_unescape($ssh_keys);
  1138. PVE::Tools::validate_ssh_public_keys($ssh_keys);
  1139. }
  1140.  
  1141. die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
  1142.  
  1143. my $storecfg = PVE::Storage::config();
  1144.  
  1145. my $defaults = PVE::QemuServer::load_defaults();
  1146.  
  1147. &$resolve_cdrom_alias($param);
  1148.  
  1149. # now try to verify all parameters
  1150.  
  1151. my $revert = {};
  1152. foreach my $opt (PVE::Tools::split_list($revert_str)) {
  1153. if (!PVE::QemuServer::option_exists($opt)) {
  1154. raise_param_exc({ revert => "unknown option '$opt'" });
  1155. }
  1156.  
  1157. raise_param_exc({ delete => "you can't use '-$opt' and " .
  1158. "-revert $opt' at the same time" })
  1159. if defined($param->{$opt});
  1160.  
  1161. $revert->{$opt} = 1;
  1162. }
  1163.  
  1164. my @delete = ();
  1165. foreach my $opt (PVE::Tools::split_list($delete_str)) {
  1166. $opt = 'ide2' if $opt eq 'cdrom';
  1167.  
  1168. raise_param_exc({ delete => "you can't use '-$opt' and " .
  1169. "-delete $opt' at the same time" })
  1170. if defined($param->{$opt});
  1171.  
  1172. raise_param_exc({ revert => "you can't use '-delete $opt' and " .
  1173. "-revert $opt' at the same time" })
  1174. if $revert->{$opt};
  1175.  
  1176. if (!PVE::QemuServer::option_exists($opt)) {
  1177. raise_param_exc({ delete => "unknown option '$opt'" });
  1178. }
  1179.  
  1180. push @delete, $opt;
  1181. }
  1182.  
  1183. my $repl_conf = PVE::ReplicationConfig->new();
  1184. my $is_replicated = $repl_conf->check_for_existing_jobs($vmid, 1);
  1185. my $check_replication = sub {
  1186. my ($drive) = @_;
  1187. return if !$is_replicated;
  1188. my $volid = $drive->{file};
  1189. return if !$volid || !($drive->{replicate}//1);
  1190. return if PVE::QemuServer::drive_is_cdrom($drive);
  1191.  
  1192. my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
  1193. die "cannot add non-managed/pass-through volume to a replicated VM\n"
  1194. if !defined($storeid);
  1195.  
  1196. return if defined($volname) && $volname eq 'cloudinit';
  1197.  
  1198. my $format;
  1199. if ($volid =~ $NEW_DISK_RE) {
  1200. $storeid = $2;
  1201. $format = $drive->{format} || PVE::Storage::storage_default_format($storecfg, $storeid);
  1202. } else {
  1203. $format = (PVE::Storage::parse_volname($storecfg, $volid))[6];
  1204. }
  1205. return if PVE::Storage::storage_can_replicate($storecfg, $storeid, $format);
  1206. my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
  1207. return if $scfg->{shared};
  1208. die "cannot add non-replicatable volume to a replicated VM\n";
  1209. };
  1210.  
  1211. foreach my $opt (keys %$param) {
  1212. if (PVE::QemuServer::is_valid_drivename($opt)) {
  1213. # cleanup drive path
  1214. my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
  1215. raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
  1216. PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
  1217. $check_replication->($drive);
  1218. $param->{$opt} = PVE::QemuServer::print_drive($drive);
  1219. } elsif ($opt =~ m/^net(\d+)$/) {
  1220. # add macaddr
  1221. my $net = PVE::QemuServer::parse_net($param->{$opt});
  1222. $param->{$opt} = PVE::QemuServer::print_net($net);
  1223. } elsif ($opt eq 'vmgenid') {
  1224. if ($param->{$opt} eq '1') {
  1225. $param->{$opt} = PVE::QemuServer::generate_uuid();
  1226. }
  1227. } elsif ($opt eq 'hookscript') {
  1228. eval { PVE::GuestHelpers::check_hookscript($param->{$opt}, $storecfg); };
  1229. raise_param_exc({ $opt => $@ }) if $@;
  1230. }
  1231. }
  1232.  
  1233. &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
  1234.  
  1235. &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
  1236.  
  1237. &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
  1238.  
  1239. my $updatefn = sub {
  1240.  
  1241. my $conf = PVE::QemuConfig->load_config($vmid);
  1242.  
  1243. die "checksum missmatch (file change by other user?)\n"
  1244. if $digest && $digest ne $conf->{digest};
  1245.  
  1246. &$check_cpu_model_access($rpcenv, $authuser, $param, $conf);
  1247.  
  1248. # FIXME: 'suspended' lock should probabyl be a state or "weak" lock?!
  1249. if (scalar(@delete) && grep { $_ eq 'vmstate'} @delete) {
  1250. if (defined($conf->{lock}) && $conf->{lock} eq 'suspended') {
  1251. delete $conf->{lock}; # for check lock check, not written out
  1252. push @delete, 'lock'; # this is the real deal to write it out
  1253. }
  1254. push @delete, 'runningmachine' if $conf->{runningmachine};
  1255. push @delete, 'runningcpu' if $conf->{runningcpu};
  1256. }
  1257.  
  1258. PVE::QemuConfig->check_lock($conf) if !$skiplock;
  1259.  
  1260. foreach my $opt (keys %$revert) {
  1261. if (defined($conf->{$opt})) {
  1262. $param->{$opt} = $conf->{$opt};
  1263. } elsif (defined($conf->{pending}->{$opt})) {
  1264. push @delete, $opt;
  1265. }
  1266. }
  1267.  
  1268. if ($param->{memory} || defined($param->{balloon})) {
  1269. my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
  1270. my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
  1271.  
  1272. die "balloon value too large (must be smaller than assigned memory)\n"
  1273. if $balloon && $balloon > $maxmem;
  1274. }
  1275.  
  1276. PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
  1277.  
  1278. my $worker = sub {
  1279.  
  1280. print "update VM $vmid: " . join (' ', @paramarr) . "\n";
  1281.  
  1282. # write updates to pending section
  1283.  
  1284. my $modified = {}; # record what $option we modify
  1285.  
  1286. my @bootorder;
  1287. if (my $boot = $conf->{boot}) {
  1288. my $bootcfg = PVE::JSONSchema::parse_property_string('pve-qm-boot', $boot);
  1289. @bootorder = PVE::Tools::split_list($bootcfg->{order}) if $bootcfg && $bootcfg->{order};
  1290. }
  1291. my $bootorder_deleted = grep {$_ eq 'bootorder'} @delete;
  1292.  
  1293. my $check_drive_perms = sub {
  1294. my ($opt, $val) = @_;
  1295. my $drive = PVE::QemuServer::parse_drive($opt, $val);
  1296. # FIXME: cloudinit: CDROM or Disk?
  1297. if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
  1298. $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
  1299. } else {
  1300. $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
  1301. }
  1302. };
  1303.  
  1304. foreach my $opt (@delete) {
  1305. $modified->{$opt} = 1;
  1306. $conf = PVE::QemuConfig->load_config($vmid); # update/reload
  1307.  
  1308. # value of what we want to delete, independent if pending or not
  1309. my $val = $conf->{$opt} // $conf->{pending}->{$opt};
  1310. if (!defined($val)) {
  1311. warn "cannot delete '$opt' - not set in current configuration!\n";
  1312. $modified->{$opt} = 0;
  1313. next;
  1314. }
  1315. my $is_pending_val = defined($conf->{pending}->{$opt});
  1316. delete $conf->{pending}->{$opt};
  1317.  
  1318. # remove from bootorder if necessary
  1319. if (!$bootorder_deleted && @bootorder && grep {$_ eq $opt} @bootorder) {
  1320. @bootorder = grep {$_ ne $opt} @bootorder;
  1321. $conf->{pending}->{boot} = PVE::QemuServer::print_bootorder(\@bootorder);
  1322. $modified->{boot} = 1;
  1323. }
  1324.  
  1325. if ($opt =~ m/^unused/) {
  1326. my $drive = PVE::QemuServer::parse_drive($opt, $val);
  1327. PVE::QemuConfig->check_protection($conf, "can't remove unused disk '$drive->{file}'");
  1328. $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
  1329. if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
  1330. delete $conf->{$opt};
  1331. PVE::QemuConfig->write_config($vmid, $conf);
  1332. }
  1333. } elsif ($opt eq 'vmstate') {
  1334. PVE::QemuConfig->check_protection($conf, "can't remove vmstate '$val'");
  1335. if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, { file => $val }, $rpcenv, $authuser, 1)) {
  1336. delete $conf->{$opt};
  1337. PVE::QemuConfig->write_config($vmid, $conf);
  1338. }
  1339. } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
  1340. PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'");
  1341. $check_drive_perms->($opt, $val);
  1342. PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $val))
  1343. if $is_pending_val;
  1344. PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
  1345. PVE::QemuConfig->write_config($vmid, $conf);
  1346. } elsif ($opt =~ m/^serial\d+$/) {
  1347. if ($val eq 'socket') {
  1348. $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
  1349. } elsif ($authuser ne 'root@pam') {
  1350. die "only root can delete '$opt' config for real devices\n";
  1351. }
  1352. PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
  1353. PVE::QemuConfig->write_config($vmid, $conf);
  1354. } elsif ($opt =~ m/^usb\d+$/) {
  1355. if ($val =~ m/spice/) {
  1356. $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
  1357. } elsif ($authuser ne 'root@pam') {
  1358. die "only root can delete '$opt' config for real devices\n";
  1359. }
  1360. PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
  1361. PVE::QemuConfig->write_config($vmid, $conf);
  1362. } else {
  1363. PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
  1364. PVE::QemuConfig->write_config($vmid, $conf);
  1365. }
  1366. }
  1367.  
  1368. foreach my $opt (keys %$param) { # add/change
  1369. $modified->{$opt} = 1;
  1370. $conf = PVE::QemuConfig->load_config($vmid); # update/reload
  1371. next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
  1372.  
  1373. my $arch = PVE::QemuServer::get_vm_arch($conf);
  1374.  
  1375. if (PVE::QemuServer::is_valid_drivename($opt)) {
  1376. # old drive
  1377. if ($conf->{$opt}) {
  1378. $check_drive_perms->($opt, $conf->{$opt});
  1379. }
  1380.  
  1381. # new drive
  1382. $check_drive_perms->($opt, $param->{$opt});
  1383. PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
  1384. if defined($conf->{pending}->{$opt});
  1385.  
  1386. &$create_disks($rpcenv, $authuser, $conf->{pending}, $arch, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
  1387.  
  1388. # default legacy boot order implies all cdroms anyway
  1389. if (@bootorder) {
  1390. # append new CD drives to bootorder to mark them bootable
  1391. my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
  1392. if (PVE::QemuServer::drive_is_cdrom($drive, 1) && !grep(/^$opt$/, @bootorder)) {
  1393. push @bootorder, $opt;
  1394. $conf->{pending}->{boot} = PVE::QemuServer::print_bootorder(\@bootorder);
  1395. $modified->{boot} = 1;
  1396. }
  1397. }
  1398. } elsif ($opt =~ m/^serial\d+/) {
  1399. if ((!defined($conf->{$opt}) || $conf->{$opt} eq 'socket') && $param->{$opt} eq 'socket') {
  1400. $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
  1401. } elsif ($authuser ne 'root@pam') {
  1402. die "only root can modify '$opt' config for real devices\n";
  1403. }
  1404. $conf->{pending}->{$opt} = $param->{$opt};
  1405. } elsif ($opt =~ m/^usb\d+/) {
  1406. if ((!defined($conf->{$opt}) || $conf->{$opt} =~ m/spice/) && $param->{$opt} =~ m/spice/) {
  1407. $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
  1408. } elsif ($authuser ne 'root@pam') {
  1409. die "only root can modify '$opt' config for real devices\n";
  1410. }
  1411. $conf->{pending}->{$opt} = $param->{$opt};
  1412. } else {
  1413. $conf->{pending}->{$opt} = $param->{$opt};
  1414.  
  1415. if ($opt eq 'boot') {
  1416. my $new_bootcfg = PVE::JSONSchema::parse_property_string('pve-qm-boot', $param->{$opt});
  1417. if ($new_bootcfg->{order}) {
  1418. my @devs = PVE::Tools::split_list($new_bootcfg->{order});
  1419. for my $dev (@devs) {
  1420. my $exists = $conf->{$dev} || $conf->{pending}->{$dev};
  1421. my $deleted = grep {$_ eq $dev} @delete;
  1422. die "invalid bootorder: device '$dev' does not exist'\n"
  1423. if !$exists || $deleted;
  1424. }
  1425.  
  1426. # remove legacy boot order settings if new one set
  1427. $conf->{pending}->{$opt} = PVE::QemuServer::print_bootorder(\@devs);
  1428. PVE::QemuConfig->add_to_pending_delete($conf, "bootdisk")
  1429. if $conf->{bootdisk};
  1430. }
  1431. }
  1432. }
  1433. PVE::QemuConfig->remove_from_pending_delete($conf, $opt);
  1434. PVE::QemuConfig->write_config($vmid, $conf);
  1435. }
  1436.  
  1437. # remove pending changes when nothing changed
  1438. $conf = PVE::QemuConfig->load_config($vmid); # update/reload
  1439. my $changes = PVE::QemuConfig->cleanup_pending($conf);
  1440. PVE::QemuConfig->write_config($vmid, $conf) if $changes;
  1441.  
  1442. return if !scalar(keys %{$conf->{pending}});
  1443.  
  1444. my $running = PVE::QemuServer::check_running($vmid);
  1445.  
  1446. # apply pending changes
  1447.  
  1448. $conf = PVE::QemuConfig->load_config($vmid); # update/reload
  1449.  
  1450. my $errors = {};
  1451. if ($running) {
  1452. PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
  1453. } else {
  1454. PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $errors);
  1455. }
  1456. raise_param_exc($errors) if scalar(keys %$errors);
  1457.  
  1458. return;
  1459. };
  1460.  
  1461. if ($sync) {
  1462. &$worker();
  1463. return;
  1464. } else {
  1465. my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
  1466.  
  1467. if ($background_delay) {
  1468.  
  1469. # Note: It would be better to do that in the Event based HTTPServer
  1470. # to avoid blocking call to sleep.
  1471.  
  1472. my $end_time = time() + $background_delay;
  1473.  
  1474. my $task = PVE::Tools::upid_decode($upid);
  1475.  
  1476. my $running = 1;
  1477. while (time() < $end_time) {
  1478. $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
  1479. last if !$running;
  1480. sleep(1); # this gets interrupted when child process ends
  1481. }
  1482.  
  1483. if (!$running) {
  1484. my $status = PVE::Tools::upid_read_status($upid);
  1485. return if !PVE::Tools::upid_status_is_error($status);
  1486. die "failed to update VM $vmid: $status\n";
  1487. }
  1488. }
  1489.  
  1490. return $upid;
  1491. }
  1492. };
  1493.  
  1494. return PVE::QemuConfig->lock_config($vmid, $updatefn);
  1495. };
  1496.  
  1497. my $vm_config_perm_list = [
  1498. 'VM.Config.Disk',
  1499. 'VM.Config.CDROM',
  1500. 'VM.Config.CPU',
  1501. 'VM.Config.Memory',
  1502. 'VM.Config.Network',
  1503. 'VM.Config.HWType',
  1504. 'VM.Config.Options',
  1505. 'VM.Config.Cloudinit',
  1506. ];
  1507.  
  1508. __PACKAGE__->register_method({
  1509. name => 'update_vm_async',
  1510. path => '{vmid}/config',
  1511. method => 'POST',
  1512. protected => 1,
  1513. proxyto => 'node',
  1514. description => "Set virtual machine options (asynchrounous API).",
  1515. permissions => {
  1516. check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
  1517. },
  1518. parameters => {
  1519. additionalProperties => 0,
  1520. properties => PVE::QemuServer::json_config_properties(
  1521. {
  1522. node => get_standard_option('pve-node'),
  1523. vmid => get_standard_option('pve-vmid'),
  1524. skiplock => get_standard_option('skiplock'),
  1525. delete => {
  1526. type => 'string', format => 'pve-configid-list',
  1527. description => "A list of settings you want to delete.",
  1528. optional => 1,
  1529. },
  1530. revert => {
  1531. type => 'string', format => 'pve-configid-list',
  1532. description => "Revert a pending change.",
  1533. optional => 1,
  1534. },
  1535. force => {
  1536. type => 'boolean',
  1537. description => $opt_force_description,
  1538. optional => 1,
  1539. requires => 'delete',
  1540. },
  1541. digest => {
  1542. type => 'string',
  1543. description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
  1544. maxLength => 40,
  1545. optional => 1,
  1546. },
  1547. background_delay => {
  1548. type => 'integer',
  1549. description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
  1550. minimum => 1,
  1551. maximum => 30,
  1552. optional => 1,
  1553. },
  1554. }),
  1555. },
  1556. returns => {
  1557. type => 'string',
  1558. optional => 1,
  1559. },
  1560. code => $update_vm_api,
  1561. });
  1562.  
  1563. __PACKAGE__->register_method({
  1564. name => 'update_vm',
  1565. path => '{vmid}/config',
  1566. method => 'PUT',
  1567. protected => 1,
  1568. proxyto => 'node',
  1569. description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
  1570. permissions => {
  1571. check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
  1572. },
  1573. parameters => {
  1574. additionalProperties => 0,
  1575. properties => PVE::QemuServer::json_config_properties(
  1576. {
  1577. node => get_standard_option('pve-node'),
  1578. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  1579. skiplock => get_standard_option('skiplock'),
  1580. delete => {
  1581. type => 'string', format => 'pve-configid-list',
  1582. description => "A list of settings you want to delete.",
  1583. optional => 1,
  1584. },
  1585. revert => {
  1586. type => 'string', format => 'pve-configid-list',
  1587. description => "Revert a pending change.",
  1588. optional => 1,
  1589. },
  1590. force => {
  1591. type => 'boolean',
  1592. description => $opt_force_description,
  1593. optional => 1,
  1594. requires => 'delete',
  1595. },
  1596. digest => {
  1597. type => 'string',
  1598. description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
  1599. maxLength => 40,
  1600. optional => 1,
  1601. },
  1602. }),
  1603. },
  1604. returns => { type => 'null' },
  1605. code => sub {
  1606. my ($param) = @_;
  1607. &$update_vm_api($param, 1);
  1608. return;
  1609. }
  1610. });
  1611.  
  1612. __PACKAGE__->register_method({
  1613. name => 'destroy_vm',
  1614. path => '{vmid}',
  1615. method => 'DELETE',
  1616. protected => 1,
  1617. proxyto => 'node',
  1618. description => "Destroy the VM and all used/owned volumes. Removes any VM specific permissions"
  1619. ." and firewall rules",
  1620. permissions => {
  1621. check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
  1622. },
  1623. parameters => {
  1624. additionalProperties => 0,
  1625. properties => {
  1626. node => get_standard_option('pve-node'),
  1627. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
  1628. skiplock => get_standard_option('skiplock'),
  1629. purge => {
  1630. type => 'boolean',
  1631. description => "Remove VMID from configurations, like backup & replication jobs and HA.",
  1632. optional => 1,
  1633. },
  1634. 'destroy-unreferenced-disks' => {
  1635. type => 'boolean',
  1636. description => "If set, destroy additionally all disks not referenced in the config"
  1637. ." but with a matching VMID from all enabled storages.",
  1638. optional => 1,
  1639. default => 0,
  1640. },
  1641. },
  1642. },
  1643. returns => {
  1644. type => 'string',
  1645. },
  1646. code => sub {
  1647. my ($param) = @_;
  1648.  
  1649. my $rpcenv = PVE::RPCEnvironment::get();
  1650. my $authuser = $rpcenv->get_user();
  1651. my $vmid = $param->{vmid};
  1652.  
  1653. my $skiplock = $param->{skiplock};
  1654. raise_param_exc({ skiplock => "Only root may use this option." })
  1655. if $skiplock && $authuser ne 'root@pam';
  1656.  
  1657. my $early_checks = sub {
  1658. # test if VM exists
  1659. my $conf = PVE::QemuConfig->load_config($vmid);
  1660. PVE::QemuConfig->check_protection($conf, "can't remove VM $vmid");
  1661.  
  1662. my $ha_managed = PVE::HA::Config::service_is_configured("vm:$vmid");
  1663.  
  1664. if (!$param->{purge}) {
  1665. die "unable to remove VM $vmid - used in HA resources and purge parameter not set.\n"
  1666. if $ha_managed;
  1667. # don't allow destroy if with replication jobs but no purge param
  1668. my $repl_conf = PVE::ReplicationConfig->new();
  1669. $repl_conf->check_for_existing_jobs($vmid);
  1670. }
  1671.  
  1672. die "VM $vmid is running - destroy failed\n"
  1673. if PVE::QemuServer::check_running($vmid);
  1674.  
  1675. return $ha_managed;
  1676. };
  1677.  
  1678. $early_checks->();
  1679.  
  1680. my $realcmd = sub {
  1681. my $upid = shift;
  1682.  
  1683. my $storecfg = PVE::Storage::config();
  1684.  
  1685. syslog('info', "destroy VM $vmid: $upid\n");
  1686. PVE::QemuConfig->lock_config($vmid, sub {
  1687. # repeat, config might have changed
  1688. my $ha_managed = $early_checks->();
  1689.  
  1690. my $purge_unreferenced = $param->{'destroy-unreferenced-disks'};
  1691.  
  1692. PVE::QemuServer::destroy_vm(
  1693. $storecfg,
  1694. $vmid,
  1695. $skiplock, { lock => 'destroyed' },
  1696. $purge_unreferenced,
  1697. );
  1698.  
  1699. PVE::AccessControl::remove_vm_access($vmid);
  1700. PVE::Firewall::remove_vmfw_conf($vmid);
  1701. if ($param->{purge}) {
  1702. print "purging VM $vmid from related configurations..\n";
  1703. PVE::ReplicationConfig::remove_vmid_jobs($vmid);
  1704. PVE::VZDump::Plugin::remove_vmid_from_backup_jobs($vmid);
  1705.  
  1706. if ($ha_managed) {
  1707. PVE::HA::Config::delete_service_from_config("vm:$vmid");
  1708. print "NOTE: removed VM $vmid from HA resource configuration.\n";
  1709. }
  1710. }
  1711.  
  1712. # only now remove the zombie config, else we can have reuse race
  1713. PVE::QemuConfig->destroy_config($vmid);
  1714. });
  1715. };
  1716.  
  1717. return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
  1718. }});
  1719.  
  1720. __PACKAGE__->register_method({
  1721. name => 'unlink',
  1722. path => '{vmid}/unlink',
  1723. method => 'PUT',
  1724. protected => 1,
  1725. proxyto => 'node',
  1726. description => "Unlink/delete disk images.",
  1727. permissions => {
  1728. check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
  1729. },
  1730. parameters => {
  1731. additionalProperties => 0,
  1732. properties => {
  1733. node => get_standard_option('pve-node'),
  1734. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  1735. idlist => {
  1736. type => 'string', format => 'pve-configid-list',
  1737. description => "A list of disk IDs you want to delete.",
  1738. },
  1739. force => {
  1740. type => 'boolean',
  1741. description => $opt_force_description,
  1742. optional => 1,
  1743. },
  1744. },
  1745. },
  1746. returns => { type => 'null'},
  1747. code => sub {
  1748. my ($param) = @_;
  1749.  
  1750. $param->{delete} = extract_param($param, 'idlist');
  1751.  
  1752. __PACKAGE__->update_vm($param);
  1753.  
  1754. return;
  1755. }});
  1756.  
  1757. # uses good entropy, each char is limited to 6 bit to get printable chars simply
  1758. my $gen_rand_chars = sub {
  1759. my ($length) = @_;
  1760.  
  1761. die "invalid length $length" if $length < 1;
  1762.  
  1763. my $min = ord('!'); # first printable ascii
  1764.  
  1765. my $rand_bytes = Crypt::OpenSSL::Random::random_bytes($length);
  1766. die "failed to generate random bytes!\n"
  1767. if !$rand_bytes;
  1768.  
  1769. my $str = join('', map { chr((ord($_) & 0x3F) + $min) } split('', $rand_bytes));
  1770.  
  1771. return $str;
  1772. };
  1773.  
  1774. my $sslcert;
  1775.  
  1776. __PACKAGE__->register_method({
  1777. name => 'vncproxy',
  1778. path => '{vmid}/vncproxy',
  1779. method => 'POST',
  1780. protected => 1,
  1781. permissions => {
  1782. check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
  1783. },
  1784. description => "Creates a TCP VNC proxy connections.",
  1785. parameters => {
  1786. additionalProperties => 0,
  1787. properties => {
  1788. node => get_standard_option('pve-node'),
  1789. vmid => get_standard_option('pve-vmid'),
  1790. websocket => {
  1791. optional => 1,
  1792. type => 'boolean',
  1793. description => "starts websockify instead of vncproxy",
  1794. },
  1795. 'generate-password' => {
  1796. optional => 1,
  1797. type => 'boolean',
  1798. default => 0,
  1799. description => "Generates a random password to be used as ticket instead of the API ticket.",
  1800. },
  1801. },
  1802. },
  1803. returns => {
  1804. additionalProperties => 0,
  1805. properties => {
  1806. user => { type => 'string' },
  1807. ticket => { type => 'string' },
  1808. password => {
  1809. optional => 1,
  1810. description => "Returned if requested with 'generate-password' param."
  1811. ." Consists of printable ASCII characters ('!' .. '~').",
  1812. type => 'string',
  1813. },
  1814. cert => { type => 'string' },
  1815. port => { type => 'integer' },
  1816. upid => { type => 'string' },
  1817. },
  1818. },
  1819. code => sub {
  1820. my ($param) = @_;
  1821.  
  1822. my $rpcenv = PVE::RPCEnvironment::get();
  1823.  
  1824. my $authuser = $rpcenv->get_user();
  1825.  
  1826. my $vmid = $param->{vmid};
  1827. my $node = $param->{node};
  1828. my $websocket = $param->{websocket};
  1829.  
  1830. my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
  1831.  
  1832. my $serial;
  1833. if ($conf->{vga}) {
  1834. my $vga = PVE::QemuServer::parse_vga($conf->{vga});
  1835. $serial = $vga->{type} if $vga->{type} =~ m/^serial\d+$/;
  1836. }
  1837.  
  1838. my $authpath = "/vms/$vmid";
  1839.  
  1840. my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
  1841. my $password = $ticket;
  1842. if ($param->{'generate-password'}) {
  1843. $password = $gen_rand_chars->(8);
  1844. }
  1845.  
  1846. $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
  1847. if !$sslcert;
  1848.  
  1849. my $family;
  1850. my $remcmd = [];
  1851.  
  1852. if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
  1853. (undef, $family) = PVE::Cluster::remote_node_ip($node);
  1854. my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
  1855. # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
  1856. $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, defined($serial) ? '-t' : '-T');
  1857. } else {
  1858. $family = PVE::Tools::get_host_address_family($node);
  1859. }
  1860.  
  1861. my $port = PVE::Tools::next_vnc_port($family);
  1862.  
  1863. my $timeout = 10;
  1864.  
  1865. my $realcmd = sub {
  1866. my $upid = shift;
  1867.  
  1868. syslog('info', "starting vnc proxy $upid\n");
  1869.  
  1870. my $cmd;
  1871.  
  1872. if (defined($serial)) {
  1873.  
  1874. my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $serial, '-escape', '0' ];
  1875.  
  1876. $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
  1877. '-timeout', $timeout, '-authpath', $authpath,
  1878. '-perm', 'Sys.Console'];
  1879.  
  1880. if ($param->{websocket}) {
  1881. $ENV{PVE_VNC_TICKET} = $password; # pass ticket to vncterm
  1882. push @$cmd, '-notls', '-listen', 'localhost';
  1883. }
  1884.  
  1885. push @$cmd, '-c', @$remcmd, @$termcmd;
  1886.  
  1887. PVE::Tools::run_command($cmd);
  1888.  
  1889. } else {
  1890.  
  1891. $ENV{LC_PVE_TICKET} = $password if $websocket; # set ticket with "qm vncproxy"
  1892.  
  1893. $cmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
  1894.  
  1895. my $sock = IO::Socket::IP->new(
  1896. ReuseAddr => 1,
  1897. Listen => 1,
  1898. LocalPort => $port,
  1899. Proto => 'tcp',
  1900. GetAddrInfoFlags => 0,
  1901. ) or die "failed to create socket: $!\n";
  1902. # Inside the worker we shouldn't have any previous alarms
  1903. # running anyway...:
  1904. alarm(0);
  1905. local $SIG{ALRM} = sub { die "connection timed out\n" };
  1906. alarm $timeout;
  1907. accept(my $cli, $sock) or die "connection failed: $!\n";
  1908. alarm(0);
  1909. close($sock);
  1910. if (PVE::Tools::run_command($cmd,
  1911. output => '>&'.fileno($cli),
  1912. input => '<&'.fileno($cli),
  1913. noerr => 1) != 0)
  1914. {
  1915. die "Failed to run vncproxy.\n";
  1916. }
  1917. }
  1918.  
  1919. return;
  1920. };
  1921.  
  1922. my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1);
  1923.  
  1924. PVE::Tools::wait_for_vnc_port($port);
  1925.  
  1926. my $res = {
  1927. user => $authuser,
  1928. ticket => $ticket,
  1929. port => $port,
  1930. upid => $upid,
  1931. cert => $sslcert,
  1932. };
  1933. $res->{password} = $password if $param->{'generate-password'};
  1934.  
  1935. return $res;
  1936. }});
  1937.  
  1938. __PACKAGE__->register_method({
  1939. name => 'termproxy',
  1940. path => '{vmid}/termproxy',
  1941. method => 'POST',
  1942. protected => 1,
  1943. permissions => {
  1944. check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
  1945. },
  1946. description => "Creates a TCP proxy connections.",
  1947. parameters => {
  1948. additionalProperties => 0,
  1949. properties => {
  1950. node => get_standard_option('pve-node'),
  1951. vmid => get_standard_option('pve-vmid'),
  1952. serial=> {
  1953. optional => 1,
  1954. type => 'string',
  1955. enum => [qw(serial0 serial1 serial2 serial3)],
  1956. description => "opens a serial terminal (defaults to display)",
  1957. },
  1958. },
  1959. },
  1960. returns => {
  1961. additionalProperties => 0,
  1962. properties => {
  1963. user => { type => 'string' },
  1964. ticket => { type => 'string' },
  1965. port => { type => 'integer' },
  1966. upid => { type => 'string' },
  1967. },
  1968. },
  1969. code => sub {
  1970. my ($param) = @_;
  1971.  
  1972. my $rpcenv = PVE::RPCEnvironment::get();
  1973.  
  1974. my $authuser = $rpcenv->get_user();
  1975.  
  1976. my $vmid = $param->{vmid};
  1977. my $node = $param->{node};
  1978. my $serial = $param->{serial};
  1979.  
  1980. my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
  1981.  
  1982. if (!defined($serial)) {
  1983. if ($conf->{vga}) {
  1984. my $vga = PVE::QemuServer::parse_vga($conf->{vga});
  1985. $serial = $vga->{type} if $vga->{type} =~ m/^serial\d+$/;
  1986. }
  1987. }
  1988.  
  1989. my $authpath = "/vms/$vmid";
  1990.  
  1991. my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
  1992.  
  1993. my $family;
  1994. my $remcmd = [];
  1995.  
  1996. if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
  1997. (undef, $family) = PVE::Cluster::remote_node_ip($node);
  1998. my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
  1999. $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, '-t');
  2000. push @$remcmd, '--';
  2001. } else {
  2002. $family = PVE::Tools::get_host_address_family($node);
  2003. }
  2004.  
  2005. my $port = PVE::Tools::next_vnc_port($family);
  2006.  
  2007. my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-escape', '0'];
  2008. push @$termcmd, '-iface', $serial if $serial;
  2009.  
  2010. my $realcmd = sub {
  2011. my $upid = shift;
  2012.  
  2013. syslog('info', "starting qemu termproxy $upid\n");
  2014.  
  2015. my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath,
  2016. '--perm', 'VM.Console', '--'];
  2017. push @$cmd, @$remcmd, @$termcmd;
  2018.  
  2019. PVE::Tools::run_command($cmd);
  2020. };
  2021.  
  2022. my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1);
  2023.  
  2024. PVE::Tools::wait_for_vnc_port($port);
  2025.  
  2026. return {
  2027. user => $authuser,
  2028. ticket => $ticket,
  2029. port => $port,
  2030. upid => $upid,
  2031. };
  2032. }});
  2033.  
  2034. __PACKAGE__->register_method({
  2035. name => 'vncwebsocket',
  2036. path => '{vmid}/vncwebsocket',
  2037. method => 'GET',
  2038. permissions => {
  2039. description => "You also need to pass a valid ticket (vncticket).",
  2040. check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
  2041. },
  2042. description => "Opens a weksocket for VNC traffic.",
  2043. parameters => {
  2044. additionalProperties => 0,
  2045. properties => {
  2046. node => get_standard_option('pve-node'),
  2047. vmid => get_standard_option('pve-vmid'),
  2048. vncticket => {
  2049. description => "Ticket from previous call to vncproxy.",
  2050. type => 'string',
  2051. maxLength => 512,
  2052. },
  2053. port => {
  2054. description => "Port number returned by previous vncproxy call.",
  2055. type => 'integer',
  2056. minimum => 5900,
  2057. maximum => 5999,
  2058. },
  2059. },
  2060. },
  2061. returns => {
  2062. type => "object",
  2063. properties => {
  2064. port => { type => 'string' },
  2065. },
  2066. },
  2067. code => sub {
  2068. my ($param) = @_;
  2069.  
  2070. my $rpcenv = PVE::RPCEnvironment::get();
  2071.  
  2072. my $authuser = $rpcenv->get_user();
  2073.  
  2074. my $vmid = $param->{vmid};
  2075. my $node = $param->{node};
  2076.  
  2077. my $authpath = "/vms/$vmid";
  2078.  
  2079. PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
  2080.  
  2081. my $conf = PVE::QemuConfig->load_config($vmid, $node); # VM exists ?
  2082.  
  2083. # Note: VNC ports are acessible from outside, so we do not gain any
  2084. # security if we verify that $param->{port} belongs to VM $vmid. This
  2085. # check is done by verifying the VNC ticket (inside VNC protocol).
  2086.  
  2087. my $port = $param->{port};
  2088.  
  2089. return { port => $port };
  2090. }});
  2091.  
  2092. __PACKAGE__->register_method({
  2093. name => 'spiceproxy',
  2094. path => '{vmid}/spiceproxy',
  2095. method => 'POST',
  2096. protected => 1,
  2097. proxyto => 'node',
  2098. permissions => {
  2099. check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
  2100. },
  2101. description => "Returns a SPICE configuration to connect to the VM.",
  2102. parameters => {
  2103. additionalProperties => 0,
  2104. properties => {
  2105. node => get_standard_option('pve-node'),
  2106. vmid => get_standard_option('pve-vmid'),
  2107. proxy => get_standard_option('spice-proxy', { optional => 1 }),
  2108. },
  2109. },
  2110. returns => get_standard_option('remote-viewer-config'),
  2111. code => sub {
  2112. my ($param) = @_;
  2113.  
  2114. my $rpcenv = PVE::RPCEnvironment::get();
  2115.  
  2116. my $authuser = $rpcenv->get_user();
  2117.  
  2118. my $vmid = $param->{vmid};
  2119. my $node = $param->{node};
  2120. my $proxy = $param->{proxy};
  2121.  
  2122. my $conf = PVE::QemuConfig->load_config($vmid, $node);
  2123. my $title = "VM $vmid";
  2124. $title .= " - ". $conf->{name} if $conf->{name};
  2125.  
  2126. my $port = PVE::QemuServer::spice_port($vmid);
  2127.  
  2128. my ($ticket, undef, $remote_viewer_config) =
  2129. PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
  2130.  
  2131. mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
  2132. mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
  2133.  
  2134. return $remote_viewer_config;
  2135. }});
  2136.  
  2137. __PACKAGE__->register_method({
  2138. name => 'vmcmdidx',
  2139. path => '{vmid}/status',
  2140. method => 'GET',
  2141. proxyto => 'node',
  2142. description => "Directory index",
  2143. permissions => {
  2144. user => 'all',
  2145. },
  2146. parameters => {
  2147. additionalProperties => 0,
  2148. properties => {
  2149. node => get_standard_option('pve-node'),
  2150. vmid => get_standard_option('pve-vmid'),
  2151. },
  2152. },
  2153. returns => {
  2154. type => 'array',
  2155. items => {
  2156. type => "object",
  2157. properties => {
  2158. subdir => { type => 'string' },
  2159. },
  2160. },
  2161. links => [ { rel => 'child', href => "{subdir}" } ],
  2162. },
  2163. code => sub {
  2164. my ($param) = @_;
  2165.  
  2166. # test if VM exists
  2167. my $conf = PVE::QemuConfig->load_config($param->{vmid});
  2168.  
  2169. my $res = [
  2170. { subdir => 'current' },
  2171. { subdir => 'start' },
  2172. { subdir => 'stop' },
  2173. { subdir => 'reset' },
  2174. { subdir => 'shutdown' },
  2175. { subdir => 'suspend' },
  2176. { subdir => 'reboot' },
  2177. ];
  2178.  
  2179. return $res;
  2180. }});
  2181.  
  2182. __PACKAGE__->register_method({
  2183. name => 'vm_status',
  2184. path => '{vmid}/status/current',
  2185. method => 'GET',
  2186. proxyto => 'node',
  2187. protected => 1, # qemu pid files are only readable by root
  2188. description => "Get virtual machine status.",
  2189. permissions => {
  2190. check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
  2191. },
  2192. parameters => {
  2193. additionalProperties => 0,
  2194. properties => {
  2195. node => get_standard_option('pve-node'),
  2196. vmid => get_standard_option('pve-vmid'),
  2197. },
  2198. },
  2199. returns => {
  2200. type => 'object',
  2201. properties => {
  2202. %$PVE::QemuServer::vmstatus_return_properties,
  2203. ha => {
  2204. description => "HA manager service status.",
  2205. type => 'object',
  2206. },
  2207. spice => {
  2208. description => "Qemu VGA configuration supports spice.",
  2209. type => 'boolean',
  2210. optional => 1,
  2211. },
  2212. agent => {
  2213. description => "Qemu GuestAgent enabled in config.",
  2214. type => 'boolean',
  2215. optional => 1,
  2216. },
  2217. },
  2218. },
  2219. code => sub {
  2220. my ($param) = @_;
  2221.  
  2222. # test if VM exists
  2223. my $conf = PVE::QemuConfig->load_config($param->{vmid});
  2224.  
  2225. my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
  2226. my $status = $vmstatus->{$param->{vmid}};
  2227.  
  2228. $status->{ha} = PVE::HA::Config::get_service_status("vm:$param->{vmid}");
  2229.  
  2230. $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
  2231. $status->{agent} = 1 if PVE::QemuServer::get_qga_key($conf, 'enabled');
  2232.  
  2233. return $status;
  2234. }});
  2235.  
  2236. __PACKAGE__->register_method({
  2237. name => 'vm_start',
  2238. path => '{vmid}/status/start',
  2239. method => 'POST',
  2240. protected => 1,
  2241. proxyto => 'node',
  2242. description => "Start virtual machine.",
  2243. permissions => {
  2244. check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
  2245. },
  2246. parameters => {
  2247. additionalProperties => 0,
  2248. properties => {
  2249. node => get_standard_option('pve-node'),
  2250. vmid => get_standard_option('pve-vmid',
  2251. { completion => \&PVE::QemuServer::complete_vmid_stopped }),
  2252. skiplock => get_standard_option('skiplock'),
  2253. stateuri => get_standard_option('pve-qm-stateuri'),
  2254. migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
  2255. migration_type => {
  2256. type => 'string',
  2257. enum => ['secure', 'insecure'],
  2258. description => "Migration traffic is encrypted using an SSH " .
  2259. "tunnel by default. On secure, completely private networks " .
  2260. "this can be disabled to increase performance.",
  2261. optional => 1,
  2262. },
  2263. migration_network => {
  2264. type => 'string', format => 'CIDR',
  2265. description => "CIDR of the (sub) network that is used for migration.",
  2266. optional => 1,
  2267. },
  2268. machine => get_standard_option('pve-qemu-machine'),
  2269. 'force-cpu' => {
  2270. description => "Override QEMU's -cpu argument with the given string.",
  2271. type => 'string',
  2272. optional => 1,
  2273. },
  2274. targetstorage => get_standard_option('pve-targetstorage'),
  2275. timeout => {
  2276. description => "Wait maximal timeout seconds.",
  2277. type => 'integer',
  2278. minimum => 0,
  2279. default => 'max(30, vm memory in GiB)',
  2280. optional => 1,
  2281. },
  2282. },
  2283. },
  2284. returns => {
  2285. type => 'string',
  2286. },
  2287. code => sub {
  2288. my ($param) = @_;
  2289.  
  2290. my $rpcenv = PVE::RPCEnvironment::get();
  2291. my $authuser = $rpcenv->get_user();
  2292.  
  2293. my $node = extract_param($param, 'node');
  2294. my $vmid = extract_param($param, 'vmid');
  2295. my $timeout = extract_param($param, 'timeout');
  2296.  
  2297. my $machine = extract_param($param, 'machine');
  2298. my $force_cpu = extract_param($param, 'force-cpu');
  2299.  
  2300. my $get_root_param = sub {
  2301. my $value = extract_param($param, $_[0]);
  2302. raise_param_exc({ "$_[0]" => "Only root may use this option." })
  2303. if $value && $authuser ne 'root@pam';
  2304. return $value;
  2305. };
  2306.  
  2307. my $stateuri = $get_root_param->('stateuri');
  2308. my $skiplock = $get_root_param->('skiplock');
  2309. my $migratedfrom = $get_root_param->('migratedfrom');
  2310. my $migration_type = $get_root_param->('migration_type');
  2311. my $migration_network = $get_root_param->('migration_network');
  2312. my $targetstorage = $get_root_param->('targetstorage');
  2313.  
  2314. my $storagemap;
  2315.  
  2316. if ($targetstorage) {
  2317. raise_param_exc({ targetstorage => "targetstorage can only by used with migratedfrom." })
  2318. if !$migratedfrom;
  2319. $storagemap = eval { PVE::JSONSchema::parse_idmap($targetstorage, 'pve-storage-id') };
  2320. raise_param_exc({ targetstorage => "failed to parse storage map: $@" })
  2321. if $@;
  2322. }
  2323.  
  2324. # read spice ticket from STDIN
  2325. my $spice_ticket;
  2326. my $nbd_protocol_version = 0;
  2327. my $replicated_volumes = {};
  2328. my $tpmstate_vol;
  2329. if ($stateuri && ($stateuri eq 'tcp' || $stateuri eq 'unix') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
  2330. while (defined(my $line = <STDIN>)) {
  2331. chomp $line;
  2332. if ($line =~ m/^spice_ticket: (.+)$/) {
  2333. $spice_ticket = $1;
  2334. } elsif ($line =~ m/^nbd_protocol_version: (\d+)$/) {
  2335. $nbd_protocol_version = $1;
  2336. } elsif ($line =~ m/^replicated_volume: (.*)$/) {
  2337. $replicated_volumes->{$1} = 1;
  2338. } elsif ($line =~ m/^tpmstate0: (.*)$/) {
  2339. $tpmstate_vol = $1;
  2340. } elsif (!$spice_ticket) {
  2341. # fallback for old source node
  2342. $spice_ticket = $line;
  2343. } else {
  2344. warn "unknown 'start' parameter on STDIN: '$line'\n";
  2345. }
  2346. }
  2347. }
  2348.  
  2349. PVE::Cluster::check_cfs_quorum();
  2350.  
  2351. my $storecfg = PVE::Storage::config();
  2352.  
  2353. if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri && $rpcenv->{type} ne 'ha') {
  2354. my $hacmd = sub {
  2355. my $upid = shift;
  2356.  
  2357. print "Requesting HA start for VM $vmid\n";
  2358.  
  2359. my $cmd = ['ha-manager', 'set', "vm:$vmid", '--state', 'started'];
  2360. PVE::Tools::run_command($cmd);
  2361. return;
  2362. };
  2363.  
  2364. return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
  2365.  
  2366. } else {
  2367.  
  2368. my $realcmd = sub {
  2369. my $upid = shift;
  2370.  
  2371. syslog('info', "start VM $vmid: $upid\n");
  2372.  
  2373. my $migrate_opts = {
  2374. migratedfrom => $migratedfrom,
  2375. spice_ticket => $spice_ticket,
  2376. network => $migration_network,
  2377. type => $migration_type,
  2378. storagemap => $storagemap,
  2379. nbd_proto_version => $nbd_protocol_version,
  2380. replicated_volumes => $replicated_volumes,
  2381. tpmstate_vol => $tpmstate_vol,
  2382. };
  2383.  
  2384. my $params = {
  2385. statefile => $stateuri,
  2386. skiplock => $skiplock,
  2387. forcemachine => $machine,
  2388. timeout => $timeout,
  2389. forcecpu => $force_cpu,
  2390. };
  2391.  
  2392. PVE::QemuServer::vm_start($storecfg, $vmid, $params, $migrate_opts);
  2393. return;
  2394. };
  2395.  
  2396. return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
  2397. }
  2398. }});
  2399.  
  2400. __PACKAGE__->register_method({
  2401. name => 'vm_stop',
  2402. path => '{vmid}/status/stop',
  2403. method => 'POST',
  2404. protected => 1,
  2405. proxyto => 'node',
  2406. description => "Stop virtual machine. The qemu process will exit immediately. This" .
  2407. "is akin to pulling the power plug of a running computer and may damage the VM data",
  2408. permissions => {
  2409. check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
  2410. },
  2411. parameters => {
  2412. additionalProperties => 0,
  2413. properties => {
  2414. node => get_standard_option('pve-node'),
  2415. vmid => get_standard_option('pve-vmid',
  2416. { completion => \&PVE::QemuServer::complete_vmid_running }),
  2417. skiplock => get_standard_option('skiplock'),
  2418. migratedfrom => get_standard_option('pve-node', { optional => 1 }),
  2419. timeout => {
  2420. description => "Wait maximal timeout seconds.",
  2421. type => 'integer',
  2422. minimum => 0,
  2423. optional => 1,
  2424. },
  2425. keepActive => {
  2426. description => "Do not deactivate storage volumes.",
  2427. type => 'boolean',
  2428. optional => 1,
  2429. default => 0,
  2430. }
  2431. },
  2432. },
  2433. returns => {
  2434. type => 'string',
  2435. },
  2436. code => sub {
  2437. my ($param) = @_;
  2438.  
  2439. my $rpcenv = PVE::RPCEnvironment::get();
  2440. my $authuser = $rpcenv->get_user();
  2441.  
  2442. my $node = extract_param($param, 'node');
  2443. my $vmid = extract_param($param, 'vmid');
  2444.  
  2445. my $skiplock = extract_param($param, 'skiplock');
  2446. raise_param_exc({ skiplock => "Only root may use this option." })
  2447. if $skiplock && $authuser ne 'root@pam';
  2448.  
  2449. my $keepActive = extract_param($param, 'keepActive');
  2450. raise_param_exc({ keepActive => "Only root may use this option." })
  2451. if $keepActive && $authuser ne 'root@pam';
  2452.  
  2453. my $migratedfrom = extract_param($param, 'migratedfrom');
  2454. raise_param_exc({ migratedfrom => "Only root may use this option." })
  2455. if $migratedfrom && $authuser ne 'root@pam';
  2456.  
  2457.  
  2458. my $storecfg = PVE::Storage::config();
  2459.  
  2460. if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
  2461.  
  2462. my $hacmd = sub {
  2463. my $upid = shift;
  2464.  
  2465. print "Requesting HA stop for VM $vmid\n";
  2466.  
  2467. my $cmd = ['ha-manager', 'crm-command', 'stop', "vm:$vmid", '0'];
  2468. PVE::Tools::run_command($cmd);
  2469. return;
  2470. };
  2471.  
  2472. return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
  2473.  
  2474. } else {
  2475. my $realcmd = sub {
  2476. my $upid = shift;
  2477.  
  2478. syslog('info', "stop VM $vmid: $upid\n");
  2479.  
  2480. PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
  2481. $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
  2482. return;
  2483. };
  2484.  
  2485. return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
  2486. }
  2487. }});
  2488.  
  2489. __PACKAGE__->register_method({
  2490. name => 'vm_reset',
  2491. path => '{vmid}/status/reset',
  2492. method => 'POST',
  2493. protected => 1,
  2494. proxyto => 'node',
  2495. description => "Reset virtual machine.",
  2496. permissions => {
  2497. check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
  2498. },
  2499. parameters => {
  2500. additionalProperties => 0,
  2501. properties => {
  2502. node => get_standard_option('pve-node'),
  2503. vmid => get_standard_option('pve-vmid',
  2504. { completion => \&PVE::QemuServer::complete_vmid_running }),
  2505. skiplock => get_standard_option('skiplock'),
  2506. },
  2507. },
  2508. returns => {
  2509. type => 'string',
  2510. },
  2511. code => sub {
  2512. my ($param) = @_;
  2513.  
  2514. my $rpcenv = PVE::RPCEnvironment::get();
  2515.  
  2516. my $authuser = $rpcenv->get_user();
  2517.  
  2518. my $node = extract_param($param, 'node');
  2519.  
  2520. my $vmid = extract_param($param, 'vmid');
  2521.  
  2522. my $skiplock = extract_param($param, 'skiplock');
  2523. raise_param_exc({ skiplock => "Only root may use this option." })
  2524. if $skiplock && $authuser ne 'root@pam';
  2525.  
  2526. die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
  2527.  
  2528. my $realcmd = sub {
  2529. my $upid = shift;
  2530.  
  2531. PVE::QemuServer::vm_reset($vmid, $skiplock);
  2532.  
  2533. return;
  2534. };
  2535.  
  2536. return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
  2537. }});
  2538.  
  2539. __PACKAGE__->register_method({
  2540. name => 'vm_shutdown',
  2541. path => '{vmid}/status/shutdown',
  2542. method => 'POST',
  2543. protected => 1,
  2544. proxyto => 'node',
  2545. description => "Shutdown virtual machine. This is similar to pressing the power button on a physical machine." .
  2546. "This will send an ACPI event for the guest OS, which should then proceed to a clean shutdown.",
  2547. permissions => {
  2548. check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
  2549. },
  2550. parameters => {
  2551. additionalProperties => 0,
  2552. properties => {
  2553. node => get_standard_option('pve-node'),
  2554. vmid => get_standard_option('pve-vmid',
  2555. { completion => \&PVE::QemuServer::complete_vmid_running }),
  2556. skiplock => get_standard_option('skiplock'),
  2557. timeout => {
  2558. description => "Wait maximal timeout seconds.",
  2559. type => 'integer',
  2560. minimum => 0,
  2561. optional => 1,
  2562. },
  2563. forceStop => {
  2564. description => "Make sure the VM stops.",
  2565. type => 'boolean',
  2566. optional => 1,
  2567. default => 0,
  2568. },
  2569. keepActive => {
  2570. description => "Do not deactivate storage volumes.",
  2571. type => 'boolean',
  2572. optional => 1,
  2573. default => 0,
  2574. }
  2575. },
  2576. },
  2577. returns => {
  2578. type => 'string',
  2579. },
  2580. code => sub {
  2581. my ($param) = @_;
  2582.  
  2583. my $rpcenv = PVE::RPCEnvironment::get();
  2584. my $authuser = $rpcenv->get_user();
  2585.  
  2586. my $node = extract_param($param, 'node');
  2587. my $vmid = extract_param($param, 'vmid');
  2588.  
  2589. my $skiplock = extract_param($param, 'skiplock');
  2590. raise_param_exc({ skiplock => "Only root may use this option." })
  2591. if $skiplock && $authuser ne 'root@pam';
  2592.  
  2593. my $keepActive = extract_param($param, 'keepActive');
  2594. raise_param_exc({ keepActive => "Only root may use this option." })
  2595. if $keepActive && $authuser ne 'root@pam';
  2596.  
  2597. my $storecfg = PVE::Storage::config();
  2598.  
  2599. my $shutdown = 1;
  2600.  
  2601. # if vm is paused, do not shutdown (but stop if forceStop = 1)
  2602. # otherwise, we will infer a shutdown command, but run into the timeout,
  2603. # then when the vm is resumed, it will instantly shutdown
  2604. #
  2605. # checking the qmp status here to get feedback to the gui/cli/api
  2606. # and the status query should not take too long
  2607. if (PVE::QemuServer::vm_is_paused($vmid)) {
  2608. if ($param->{forceStop}) {
  2609. warn "VM is paused - stop instead of shutdown\n";
  2610. $shutdown = 0;
  2611. } else {
  2612. die "VM is paused - cannot shutdown\n";
  2613. }
  2614. }
  2615.  
  2616. if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
  2617.  
  2618. my $timeout = $param->{timeout} // 60;
  2619. my $hacmd = sub {
  2620. my $upid = shift;
  2621.  
  2622. print "Requesting HA stop for VM $vmid\n";
  2623.  
  2624. my $cmd = ['ha-manager', 'crm-command', 'stop', "vm:$vmid", "$timeout"];
  2625. PVE::Tools::run_command($cmd);
  2626. return;
  2627. };
  2628.  
  2629. return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
  2630.  
  2631. } else {
  2632.  
  2633. my $realcmd = sub {
  2634. my $upid = shift;
  2635.  
  2636. syslog('info', "shutdown VM $vmid: $upid\n");
  2637.  
  2638. PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
  2639. $shutdown, $param->{forceStop}, $keepActive);
  2640. return;
  2641. };
  2642.  
  2643. return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
  2644. }
  2645. }});
  2646.  
  2647. __PACKAGE__->register_method({
  2648. name => 'vm_reboot',
  2649. path => '{vmid}/status/reboot',
  2650. method => 'POST',
  2651. protected => 1,
  2652. proxyto => 'node',
  2653. description => "Reboot the VM by shutting it down, and starting it again. Applies pending changes.",
  2654. permissions => {
  2655. check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
  2656. },
  2657. parameters => {
  2658. additionalProperties => 0,
  2659. properties => {
  2660. node => get_standard_option('pve-node'),
  2661. vmid => get_standard_option('pve-vmid',
  2662. { completion => \&PVE::QemuServer::complete_vmid_running }),
  2663. timeout => {
  2664. description => "Wait maximal timeout seconds for the shutdown.",
  2665. type => 'integer',
  2666. minimum => 0,
  2667. optional => 1,
  2668. },
  2669. },
  2670. },
  2671. returns => {
  2672. type => 'string',
  2673. },
  2674. code => sub {
  2675. my ($param) = @_;
  2676.  
  2677. my $rpcenv = PVE::RPCEnvironment::get();
  2678. my $authuser = $rpcenv->get_user();
  2679.  
  2680. my $node = extract_param($param, 'node');
  2681. my $vmid = extract_param($param, 'vmid');
  2682.  
  2683. die "VM is paused - cannot shutdown\n" if PVE::QemuServer::vm_is_paused($vmid);
  2684.  
  2685. die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
  2686.  
  2687. my $realcmd = sub {
  2688. my $upid = shift;
  2689.  
  2690. syslog('info', "requesting reboot of VM $vmid: $upid\n");
  2691. PVE::QemuServer::vm_reboot($vmid, $param->{timeout});
  2692. return;
  2693. };
  2694.  
  2695. return $rpcenv->fork_worker('qmreboot', $vmid, $authuser, $realcmd);
  2696. }});
  2697.  
  2698. __PACKAGE__->register_method({
  2699. name => 'vm_suspend',
  2700. path => '{vmid}/status/suspend',
  2701. method => 'POST',
  2702. protected => 1,
  2703. proxyto => 'node',
  2704. description => "Suspend virtual machine.",
  2705. permissions => {
  2706. description => "You need 'VM.PowerMgmt' on /vms/{vmid}, and if you have set 'todisk',".
  2707. " you need also 'VM.Config.Disk' on /vms/{vmid} and 'Datastore.AllocateSpace'".
  2708. " on the storage for the vmstate.",
  2709. check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
  2710. },
  2711. parameters => {
  2712. additionalProperties => 0,
  2713. properties => {
  2714. node => get_standard_option('pve-node'),
  2715. vmid => get_standard_option('pve-vmid',
  2716. { completion => \&PVE::QemuServer::complete_vmid_running }),
  2717. skiplock => get_standard_option('skiplock'),
  2718. todisk => {
  2719. type => 'boolean',
  2720. default => 0,
  2721. optional => 1,
  2722. description => 'If set, suspends the VM to disk. Will be resumed on next VM start.',
  2723. },
  2724. statestorage => get_standard_option('pve-storage-id', {
  2725. description => "The storage for the VM state",
  2726. requires => 'todisk',
  2727. optional => 1,
  2728. completion => \&PVE::Storage::complete_storage_enabled,
  2729. }),
  2730. },
  2731. },
  2732. returns => {
  2733. type => 'string',
  2734. },
  2735. code => sub {
  2736. my ($param) = @_;
  2737.  
  2738. my $rpcenv = PVE::RPCEnvironment::get();
  2739. my $authuser = $rpcenv->get_user();
  2740.  
  2741. my $node = extract_param($param, 'node');
  2742. my $vmid = extract_param($param, 'vmid');
  2743.  
  2744. my $todisk = extract_param($param, 'todisk') // 0;
  2745.  
  2746. my $statestorage = extract_param($param, 'statestorage');
  2747.  
  2748. my $skiplock = extract_param($param, 'skiplock');
  2749. raise_param_exc({ skiplock => "Only root may use this option." })
  2750. if $skiplock && $authuser ne 'root@pam';
  2751.  
  2752. die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
  2753.  
  2754. die "Cannot suspend HA managed VM to disk\n"
  2755. if $todisk && PVE::HA::Config::vm_is_ha_managed($vmid);
  2756.  
  2757. # early check for storage permission, for better user feedback
  2758. if ($todisk) {
  2759. $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
  2760.  
  2761. if (!$statestorage) {
  2762. # get statestorage from config if none is given
  2763. my $conf = PVE::QemuConfig->load_config($vmid);
  2764. my $storecfg = PVE::Storage::config();
  2765. $statestorage = PVE::QemuServer::find_vmstate_storage($conf, $storecfg);
  2766. }
  2767.  
  2768. $rpcenv->check($authuser, "/storage/$statestorage", ['Datastore.AllocateSpace']);
  2769. }
  2770.  
  2771. my $realcmd = sub {
  2772. my $upid = shift;
  2773.  
  2774. syslog('info', "suspend VM $vmid: $upid\n");
  2775.  
  2776. PVE::QemuServer::vm_suspend($vmid, $skiplock, $todisk, $statestorage);
  2777.  
  2778. return;
  2779. };
  2780.  
  2781. my $taskname = $todisk ? 'qmsuspend' : 'qmpause';
  2782. return $rpcenv->fork_worker($taskname, $vmid, $authuser, $realcmd);
  2783. }});
  2784.  
  2785. __PACKAGE__->register_method({
  2786. name => 'vm_resume',
  2787. path => '{vmid}/status/resume',
  2788. method => 'POST',
  2789. protected => 1,
  2790. proxyto => 'node',
  2791. description => "Resume virtual machine.",
  2792. permissions => {
  2793. check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
  2794. },
  2795. parameters => {
  2796. additionalProperties => 0,
  2797. properties => {
  2798. node => get_standard_option('pve-node'),
  2799. vmid => get_standard_option('pve-vmid',
  2800. { completion => \&PVE::QemuServer::complete_vmid_running }),
  2801. skiplock => get_standard_option('skiplock'),
  2802. nocheck => { type => 'boolean', optional => 1 },
  2803.  
  2804. },
  2805. },
  2806. returns => {
  2807. type => 'string',
  2808. },
  2809. code => sub {
  2810. my ($param) = @_;
  2811.  
  2812. my $rpcenv = PVE::RPCEnvironment::get();
  2813.  
  2814. my $authuser = $rpcenv->get_user();
  2815.  
  2816. my $node = extract_param($param, 'node');
  2817.  
  2818. my $vmid = extract_param($param, 'vmid');
  2819.  
  2820. my $skiplock = extract_param($param, 'skiplock');
  2821. raise_param_exc({ skiplock => "Only root may use this option." })
  2822. if $skiplock && $authuser ne 'root@pam';
  2823.  
  2824. my $nocheck = extract_param($param, 'nocheck');
  2825. raise_param_exc({ nocheck => "Only root may use this option." })
  2826. if $nocheck && $authuser ne 'root@pam';
  2827.  
  2828. my $to_disk_suspended;
  2829. eval {
  2830. PVE::QemuConfig->lock_config($vmid, sub {
  2831. my $conf = PVE::QemuConfig->load_config($vmid);
  2832. $to_disk_suspended = PVE::QemuConfig->has_lock($conf, 'suspended');
  2833. });
  2834. };
  2835.  
  2836. die "VM $vmid not running\n"
  2837. if !$to_disk_suspended && !PVE::QemuServer::check_running($vmid, $nocheck);
  2838.  
  2839. my $realcmd = sub {
  2840. my $upid = shift;
  2841.  
  2842. syslog('info', "resume VM $vmid: $upid\n");
  2843.  
  2844. if (!$to_disk_suspended) {
  2845. PVE::QemuServer::vm_resume($vmid, $skiplock, $nocheck);
  2846. } else {
  2847. my $storecfg = PVE::Storage::config();
  2848. PVE::QemuServer::vm_start($storecfg, $vmid, { skiplock => $skiplock });
  2849. }
  2850.  
  2851. return;
  2852. };
  2853.  
  2854. return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
  2855. }});
  2856.  
  2857. __PACKAGE__->register_method({
  2858. name => 'vm_sendkey',
  2859. path => '{vmid}/sendkey',
  2860. method => 'PUT',
  2861. protected => 1,
  2862. proxyto => 'node',
  2863. description => "Send key event to virtual machine.",
  2864. permissions => {
  2865. check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
  2866. },
  2867. parameters => {
  2868. additionalProperties => 0,
  2869. properties => {
  2870. node => get_standard_option('pve-node'),
  2871. vmid => get_standard_option('pve-vmid',
  2872. { completion => \&PVE::QemuServer::complete_vmid_running }),
  2873. skiplock => get_standard_option('skiplock'),
  2874. key => {
  2875. description => "The key (qemu monitor encoding).",
  2876. type => 'string'
  2877. }
  2878. },
  2879. },
  2880. returns => { type => 'null'},
  2881. code => sub {
  2882. my ($param) = @_;
  2883.  
  2884. my $rpcenv = PVE::RPCEnvironment::get();
  2885.  
  2886. my $authuser = $rpcenv->get_user();
  2887.  
  2888. my $node = extract_param($param, 'node');
  2889.  
  2890. my $vmid = extract_param($param, 'vmid');
  2891.  
  2892. my $skiplock = extract_param($param, 'skiplock');
  2893. raise_param_exc({ skiplock => "Only root may use this option." })
  2894. if $skiplock && $authuser ne 'root@pam';
  2895.  
  2896. PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
  2897.  
  2898. return;
  2899. }});
  2900.  
  2901. __PACKAGE__->register_method({
  2902. name => 'vm_feature',
  2903. path => '{vmid}/feature',
  2904. method => 'GET',
  2905. proxyto => 'node',
  2906. protected => 1,
  2907. description => "Check if feature for virtual machine is available.",
  2908. permissions => {
  2909. check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
  2910. },
  2911. parameters => {
  2912. additionalProperties => 0,
  2913. properties => {
  2914. node => get_standard_option('pve-node'),
  2915. vmid => get_standard_option('pve-vmid'),
  2916. feature => {
  2917. description => "Feature to check.",
  2918. type => 'string',
  2919. enum => [ 'snapshot', 'clone', 'copy' ],
  2920. },
  2921. snapname => get_standard_option('pve-snapshot-name', {
  2922. optional => 1,
  2923. }),
  2924. },
  2925. },
  2926. returns => {
  2927. type => "object",
  2928. properties => {
  2929. hasFeature => { type => 'boolean' },
  2930. nodes => {
  2931. type => 'array',
  2932. items => { type => 'string' },
  2933. }
  2934. },
  2935. },
  2936. code => sub {
  2937. my ($param) = @_;
  2938.  
  2939. my $node = extract_param($param, 'node');
  2940.  
  2941. my $vmid = extract_param($param, 'vmid');
  2942.  
  2943. my $snapname = extract_param($param, 'snapname');
  2944.  
  2945. my $feature = extract_param($param, 'feature');
  2946.  
  2947. my $running = PVE::QemuServer::check_running($vmid);
  2948.  
  2949. my $conf = PVE::QemuConfig->load_config($vmid);
  2950.  
  2951. if($snapname){
  2952. my $snap = $conf->{snapshots}->{$snapname};
  2953. die "snapshot '$snapname' does not exist\n" if !defined($snap);
  2954. $conf = $snap;
  2955. }
  2956. my $storecfg = PVE::Storage::config();
  2957.  
  2958. my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
  2959. my $hasFeature = PVE::QemuConfig->has_feature($feature, $conf, $storecfg, $snapname, $running);
  2960.  
  2961. return {
  2962. hasFeature => $hasFeature,
  2963. nodes => [ keys %$nodelist ],
  2964. };
  2965. }});
  2966.  
  2967. __PACKAGE__->register_method({
  2968. name => 'clone_vm',
  2969. path => '{vmid}/clone',
  2970. method => 'POST',
  2971. protected => 1,
  2972. proxyto => 'node',
  2973. description => "Create a copy of virtual machine/template.",
  2974. permissions => {
  2975. description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
  2976. "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
  2977. "'Datastore.AllocateSpace' on any used storage.",
  2978. check =>
  2979. [ 'and',
  2980. ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
  2981. [ 'or',
  2982. [ 'perm', '/vms/{newid}', ['VM.Allocate']],
  2983. [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
  2984. ],
  2985. ]
  2986. },
  2987. parameters => {
  2988. additionalProperties => 0,
  2989. properties => {
  2990. node => get_standard_option('pve-node'),
  2991. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  2992. newid => get_standard_option('pve-vmid', {
  2993. completion => \&PVE::Cluster::complete_next_vmid,
  2994. description => 'VMID for the clone.' }),
  2995. name => {
  2996. optional => 1,
  2997. type => 'string', format => 'dns-name',
  2998. description => "Set a name for the new VM.",
  2999. },
  3000. description => {
  3001. optional => 1,
  3002. type => 'string',
  3003. description => "Description for the new VM.",
  3004. },
  3005. pool => {
  3006. optional => 1,
  3007. type => 'string', format => 'pve-poolid',
  3008. description => "Add the new VM to the specified pool.",
  3009. },
  3010. snapname => get_standard_option('pve-snapshot-name', {
  3011. optional => 1,
  3012. }),
  3013. storage => get_standard_option('pve-storage-id', {
  3014. description => "Target storage for full clone.",
  3015. optional => 1,
  3016. }),
  3017. 'format' => {
  3018. description => "Target format for file storage. Only valid for full clone.",
  3019. type => 'string',
  3020. optional => 1,
  3021. enum => [ 'raw', 'qcow2', 'vmdk'],
  3022. },
  3023. full => {
  3024. optional => 1,
  3025. type => 'boolean',
  3026. description => "Create a full copy of all disks. This is always done when " .
  3027. "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
  3028. },
  3029. target => get_standard_option('pve-node', {
  3030. description => "Target node. Only allowed if the original VM is on shared storage.",
  3031. optional => 1,
  3032. }),
  3033. bwlimit => {
  3034. description => "Override I/O bandwidth limit (in KiB/s).",
  3035. optional => 1,
  3036. type => 'integer',
  3037. minimum => '0',
  3038. default => 'clone limit from datacenter or storage config',
  3039. },
  3040. },
  3041. },
  3042. returns => {
  3043. type => 'string',
  3044. },
  3045. code => sub {
  3046. my ($param) = @_;
  3047.  
  3048. my $rpcenv = PVE::RPCEnvironment::get();
  3049. my $authuser = $rpcenv->get_user();
  3050.  
  3051. my $node = extract_param($param, 'node');
  3052. my $vmid = extract_param($param, 'vmid');
  3053. my $newid = extract_param($param, 'newid');
  3054. my $pool = extract_param($param, 'pool');
  3055. $rpcenv->check_pool_exist($pool) if defined($pool);
  3056.  
  3057. my $snapname = extract_param($param, 'snapname');
  3058. my $storage = extract_param($param, 'storage');
  3059. my $format = extract_param($param, 'format');
  3060. my $target = extract_param($param, 'target');
  3061.  
  3062. my $localnode = PVE::INotify::nodename();
  3063.  
  3064. if ($target && ($target eq $localnode || $target eq 'localhost')) {
  3065. undef $target;
  3066. }
  3067.  
  3068. PVE::Cluster::check_node_exists($target) if $target;
  3069.  
  3070. my $storecfg = PVE::Storage::config();
  3071.  
  3072. if ($storage) {
  3073. # check if storage is enabled on local node
  3074. PVE::Storage::storage_check_enabled($storecfg, $storage);
  3075. if ($target) {
  3076. # check if storage is available on target node
  3077. PVE::Storage::storage_check_enabled($storecfg, $storage, $target);
  3078. # clone only works if target storage is shared
  3079. my $scfg = PVE::Storage::storage_config($storecfg, $storage);
  3080. die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
  3081. }
  3082. }
  3083.  
  3084. PVE::Cluster::check_cfs_quorum();
  3085.  
  3086. my $running = PVE::QemuServer::check_running($vmid) || 0;
  3087.  
  3088. my $clonefn = sub {
  3089. # do all tests after lock but before forking worker - if possible
  3090.  
  3091. my $conf = PVE::QemuConfig->load_config($vmid);
  3092. PVE::QemuConfig->check_lock($conf);
  3093.  
  3094. my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
  3095. die "unexpected state change\n" if $verify_running != $running;
  3096.  
  3097. die "snapshot '$snapname' does not exist\n"
  3098. if $snapname && !defined( $conf->{snapshots}->{$snapname});
  3099.  
  3100. my $full = extract_param($param, 'full') // !PVE::QemuConfig->is_template($conf);
  3101.  
  3102. die "parameter 'storage' not allowed for linked clones\n"
  3103. if defined($storage) && !$full;
  3104.  
  3105. die "parameter 'format' not allowed for linked clones\n"
  3106. if defined($format) && !$full;
  3107.  
  3108. my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
  3109.  
  3110. my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
  3111.  
  3112. die "can't clone VM to node '$target' (VM uses local storage)\n"
  3113. if $target && !$sharedvm;
  3114.  
  3115. my $conffile = PVE::QemuConfig->config_file($newid);
  3116. die "unable to create VM $newid: config file already exists\n"
  3117. if -f $conffile;
  3118.  
  3119. my $newconf = { lock => 'clone' };
  3120. my $drives = {};
  3121. my $fullclone = {};
  3122. my $vollist = [];
  3123.  
  3124. foreach my $opt (keys %$oldconf) {
  3125. my $value = $oldconf->{$opt};
  3126.  
  3127. # do not copy snapshot related info
  3128. next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
  3129. $opt eq 'vmstate' || $opt eq 'snapstate';
  3130.  
  3131. # no need to copy unused images, because VMID(owner) changes anyways
  3132. next if $opt =~ m/^unused\d+$/;
  3133.  
  3134. # always change MAC! address
  3135. if ($opt =~ m/^net(\d+)$/) {
  3136. my $net = PVE::QemuServer::parse_net($value);
  3137. my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
  3138. $net->{macaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
  3139. $newconf->{$opt} = PVE::QemuServer::print_net($net);
  3140. } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
  3141. my $drive = PVE::QemuServer::parse_drive($opt, $value);
  3142. die "unable to parse drive options for '$opt'\n" if !$drive;
  3143. if (PVE::QemuServer::drive_is_cdrom($drive, 1)) {
  3144. $newconf->{$opt} = $value; # simply copy configuration
  3145. } else {
  3146. if ($full || PVE::QemuServer::drive_is_cloudinit($drive)) {
  3147. die "Full clone feature is not supported for drive '$opt'\n"
  3148. if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
  3149. $fullclone->{$opt} = 1;
  3150. } else {
  3151. # not full means clone instead of copy
  3152. die "Linked clone feature is not supported for drive '$opt'\n"
  3153. if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
  3154. }
  3155. $drives->{$opt} = $drive;
  3156. next if PVE::QemuServer::drive_is_cloudinit($drive);
  3157. push @$vollist, $drive->{file};
  3158. }
  3159. } else {
  3160. # copy everything else
  3161. $newconf->{$opt} = $value;
  3162. }
  3163. }
  3164.  
  3165. # auto generate a new uuid
  3166. my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
  3167. $smbios1->{uuid} = PVE::QemuServer::generate_uuid();
  3168. $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
  3169. # auto generate a new vmgenid only if the option was set for template
  3170. if ($newconf->{vmgenid}) {
  3171. $newconf->{vmgenid} = PVE::QemuServer::generate_uuid();
  3172. }
  3173.  
  3174. delete $newconf->{template};
  3175.  
  3176. if ($param->{name}) {
  3177. $newconf->{name} = $param->{name};
  3178. } else {
  3179. $newconf->{name} = "Copy-of-VM-" . ($oldconf->{name} // $vmid);
  3180. }
  3181.  
  3182. if ($param->{description}) {
  3183. $newconf->{description} = $param->{description};
  3184. }
  3185.  
  3186. # create empty/temp config - this fails if VM already exists on other node
  3187. # FIXME use PVE::QemuConfig->create_and_lock_config and adapt code
  3188. PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
  3189.  
  3190. my $realcmd = sub {
  3191. my $upid = shift;
  3192.  
  3193. my $newvollist = [];
  3194. my $jobs = {};
  3195.  
  3196. eval {
  3197. local $SIG{INT} =
  3198. local $SIG{TERM} =
  3199. local $SIG{QUIT} =
  3200. local $SIG{HUP} = sub { die "interrupted by signal\n"; };
  3201.  
  3202. PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
  3203.  
  3204. my $bwlimit = extract_param($param, 'bwlimit');
  3205.  
  3206. my $total_jobs = scalar(keys %{$drives});
  3207. my $i = 1;
  3208.  
  3209. foreach my $opt (sort keys %$drives) {
  3210. my $drive = $drives->{$opt};
  3211. my $skipcomplete = ($total_jobs != $i); # finish after last drive
  3212. my $completion = $skipcomplete ? 'skip' : 'complete';
  3213.  
  3214. my $src_sid = PVE::Storage::parse_volume_id($drive->{file});
  3215. my $storage_list = [ $src_sid ];
  3216. push @$storage_list, $storage if defined($storage);
  3217. my $clonelimit = PVE::Storage::get_bandwidth_limit('clone', $storage_list, $bwlimit);
  3218.  
  3219. my $newdrive = PVE::QemuServer::clone_disk(
  3220. $storecfg,
  3221. $vmid,
  3222. $running,
  3223. $opt,
  3224. $drive,
  3225. $snapname,
  3226. $newid,
  3227. $storage,
  3228. $format,
  3229. $fullclone->{$opt},
  3230. $newvollist,
  3231. $jobs,
  3232. $completion,
  3233. $oldconf->{agent},
  3234. $clonelimit,
  3235. $oldconf
  3236. );
  3237.  
  3238. $newconf->{$opt} = PVE::QemuServer::print_drive($newdrive);
  3239.  
  3240. PVE::QemuConfig->write_config($newid, $newconf);
  3241. $i++;
  3242. }
  3243.  
  3244. delete $newconf->{lock};
  3245.  
  3246. # do not write pending changes
  3247. if (my @changes = keys %{$newconf->{pending}}) {
  3248. my $pending = join(',', @changes);
  3249. warn "found pending changes for '$pending', discarding for clone\n";
  3250. delete $newconf->{pending};
  3251. }
  3252.  
  3253. PVE::QemuConfig->write_config($newid, $newconf);
  3254.  
  3255. if ($target) {
  3256. # always deactivate volumes - avoid lvm LVs to be active on several nodes
  3257. PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running;
  3258. PVE::Storage::deactivate_volumes($storecfg, $newvollist);
  3259.  
  3260. my $newconffile = PVE::QemuConfig->config_file($newid, $target);
  3261. die "Failed to move config to node '$target' - rename failed: $!\n"
  3262. if !rename($conffile, $newconffile);
  3263. }
  3264.  
  3265. PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
  3266. };
  3267. if (my $err = $@) {
  3268. eval { PVE::QemuServer::qemu_blockjobs_cancel($vmid, $jobs) };
  3269. sleep 1; # some storage like rbd need to wait before release volume - really?
  3270.  
  3271. foreach my $volid (@$newvollist) {
  3272. eval { PVE::Storage::vdisk_free($storecfg, $volid); };
  3273. warn $@ if $@;
  3274. }
  3275.  
  3276. PVE::Firewall::remove_vmfw_conf($newid);
  3277.  
  3278. unlink $conffile; # avoid races -> last thing before die
  3279.  
  3280. die "clone failed: $err";
  3281. }
  3282.  
  3283. return;
  3284. };
  3285.  
  3286. PVE::Firewall::clone_vmfw_conf($vmid, $newid);
  3287.  
  3288. return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
  3289. };
  3290.  
  3291. # Aquire exclusive lock lock for $newid
  3292. my $lock_target_vm = sub {
  3293. return PVE::QemuConfig->lock_config_full($newid, 1, $clonefn);
  3294. };
  3295.  
  3296. # exclusive lock if VM is running - else shared lock is enough;
  3297. if ($running) {
  3298. return PVE::QemuConfig->lock_config_full($vmid, 1, $lock_target_vm);
  3299. } else {
  3300. return PVE::QemuConfig->lock_config_shared($vmid, 1, $lock_target_vm);
  3301. }
  3302. }});
  3303.  
  3304. __PACKAGE__->register_method({
  3305. name => 'move_vm_disk',
  3306. path => '{vmid}/move_disk',
  3307. method => 'POST',
  3308. protected => 1,
  3309. proxyto => 'node',
  3310. description => "Move volume to different storage or to a different VM.",
  3311. permissions => {
  3312. description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
  3313. "and 'Datastore.AllocateSpace' permissions on the storage. To move ".
  3314. "a disk to another VM, you need the permissions on the target VM as well.",
  3315. check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
  3316. },
  3317. parameters => {
  3318. additionalProperties => 0,
  3319. properties => {
  3320. node => get_standard_option('pve-node'),
  3321. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  3322. 'target-vmid' => get_standard_option('pve-vmid', {
  3323. completion => \&PVE::QemuServer::complete_vmid,
  3324. optional => 1,
  3325. }),
  3326. disk => {
  3327. type => 'string',
  3328. description => "The disk you want to move.",
  3329. enum => [PVE::QemuServer::Drive::valid_drive_names_with_unused()],
  3330. },
  3331. storage => get_standard_option('pve-storage-id', {
  3332. description => "Target storage.",
  3333. completion => \&PVE::QemuServer::complete_storage,
  3334. optional => 1,
  3335. }),
  3336. 'format' => {
  3337. type => 'string',
  3338. description => "Target Format.",
  3339. enum => [ 'raw', 'qcow2', 'vmdk' ],
  3340. optional => 1,
  3341. },
  3342. delete => {
  3343. type => 'boolean',
  3344. description => "Delete the original disk after successful copy. By default the"
  3345. ." original disk is kept as unused disk.",
  3346. optional => 1,
  3347. default => 0,
  3348. },
  3349. digest => {
  3350. type => 'string',
  3351. description => 'Prevent changes if current configuration file has different SHA1"
  3352. ." digest. This can be used to prevent concurrent modifications.',
  3353. maxLength => 40,
  3354. optional => 1,
  3355. },
  3356. bwlimit => {
  3357. description => "Override I/O bandwidth limit (in KiB/s).",
  3358. optional => 1,
  3359. type => 'integer',
  3360. minimum => '0',
  3361. default => 'move limit from datacenter or storage config',
  3362. },
  3363. 'target-disk' => {
  3364. type => 'string',
  3365. description => "The config key the disk will be moved to on the target VM"
  3366. ." (for example, ide0 or scsi1). Default is the source disk key.",
  3367. enum => [PVE::QemuServer::Drive::valid_drive_names_with_unused()],
  3368. optional => 1,
  3369. },
  3370. 'target-digest' => {
  3371. type => 'string',
  3372. description => 'Prevent changes if the current config file of the target VM has a"
  3373. ." different SHA1 digest. This can be used to detect concurrent modifications.',
  3374. maxLength => 40,
  3375. optional => 1,
  3376. },
  3377. },
  3378. },
  3379. returns => {
  3380. type => 'string',
  3381. description => "the task ID.",
  3382. },
  3383. code => sub {
  3384. my ($param) = @_;
  3385.  
  3386. my $rpcenv = PVE::RPCEnvironment::get();
  3387. my $authuser = $rpcenv->get_user();
  3388.  
  3389. my $node = extract_param($param, 'node');
  3390. my $vmid = extract_param($param, 'vmid');
  3391. my $target_vmid = extract_param($param, 'target-vmid');
  3392. my $digest = extract_param($param, 'digest');
  3393. my $target_digest = extract_param($param, 'target-digest');
  3394. my $disk = extract_param($param, 'disk');
  3395. my $target_disk = extract_param($param, 'target-disk') // $disk;
  3396. my $storeid = extract_param($param, 'storage');
  3397. my $format = extract_param($param, 'format');
  3398.  
  3399. my $storecfg = PVE::Storage::config();
  3400.  
  3401. my $move_updatefn = sub {
  3402. my $conf = PVE::QemuConfig->load_config($vmid);
  3403. PVE::QemuConfig->check_lock($conf);
  3404.  
  3405. PVE::Tools::assert_if_modified($digest, $conf->{digest});
  3406.  
  3407. die "disk '$disk' does not exist\n" if !$conf->{$disk};
  3408.  
  3409. my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
  3410.  
  3411. die "disk '$disk' has no associated volume\n" if !$drive->{file};
  3412. die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive, 1);
  3413.  
  3414. my $old_volid = $drive->{file};
  3415. my $oldfmt;
  3416. my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
  3417. if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
  3418. $oldfmt = $1;
  3419. }
  3420.  
  3421. die "you can't move to the same storage with same format\n" if $oldstoreid eq $storeid &&
  3422. (!$format || !$oldfmt || $oldfmt eq $format);
  3423.  
  3424. # this only checks snapshots because $disk is passed!
  3425. my $snapshotted = PVE::QemuServer::Drive::is_volume_in_use(
  3426. $storecfg,
  3427. $conf,
  3428. $disk,
  3429. $old_volid
  3430. );
  3431. die "you can't move a disk with snapshots and delete the source\n"
  3432. if $snapshotted && $param->{delete};
  3433.  
  3434. PVE::Cluster::log_msg(
  3435. 'info',
  3436. $authuser,
  3437. "move disk VM $vmid: move --disk $disk --storage $storeid"
  3438. );
  3439.  
  3440. my $running = PVE::QemuServer::check_running($vmid);
  3441.  
  3442. PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
  3443.  
  3444. my $realcmd = sub {
  3445. my $newvollist = [];
  3446.  
  3447. eval {
  3448. local $SIG{INT} =
  3449. local $SIG{TERM} =
  3450. local $SIG{QUIT} =
  3451. local $SIG{HUP} = sub { die "interrupted by signal\n"; };
  3452.  
  3453. warn "moving disk with snapshots, snapshots will not be moved!\n"
  3454. if $snapshotted;
  3455.  
  3456. my $bwlimit = extract_param($param, 'bwlimit');
  3457. my $movelimit = PVE::Storage::get_bandwidth_limit(
  3458. 'move',
  3459. [$oldstoreid, $storeid],
  3460. $bwlimit
  3461. );
  3462.  
  3463. my $newdrive = PVE::QemuServer::clone_disk(
  3464. $storecfg,
  3465. $vmid,
  3466. $running,
  3467. $disk,
  3468. $drive,
  3469. undef,
  3470. $vmid,
  3471. $storeid,
  3472. $format,
  3473. 1,
  3474. $newvollist,
  3475. undef,
  3476. undef,
  3477. undef,
  3478. $movelimit,
  3479. $conf,
  3480. );
  3481. $conf->{$disk} = PVE::QemuServer::print_drive($newdrive);
  3482.  
  3483. PVE::QemuConfig->add_unused_volume($conf, $old_volid) if !$param->{delete};
  3484.  
  3485. # convert moved disk to base if part of template
  3486. PVE::QemuServer::template_create($vmid, $conf, $disk)
  3487. if PVE::QemuConfig->is_template($conf);
  3488.  
  3489. PVE::QemuConfig->write_config($vmid, $conf);
  3490.  
  3491. my $do_trim = PVE::QemuServer::get_qga_key($conf, 'fstrim_cloned_disks');
  3492. if ($running && $do_trim && PVE::QemuServer::qga_check_running($vmid)) {
  3493. eval { mon_cmd($vmid, "guest-fstrim") };
  3494. }
  3495.  
  3496. eval {
  3497. # try to deactivate volumes - avoid lvm LVs to be active on several nodes
  3498. PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
  3499. if !$running;
  3500. };
  3501. warn $@ if $@;
  3502. };
  3503. if (my $err = $@) {
  3504. foreach my $volid (@$newvollist) {
  3505. eval { PVE::Storage::vdisk_free($storecfg, $volid) };
  3506. warn $@ if $@;
  3507. }
  3508. die "storage migration failed: $err";
  3509. }
  3510.  
  3511. if ($param->{delete}) {
  3512. eval {
  3513. PVE::Storage::deactivate_volumes($storecfg, [$old_volid]);
  3514. PVE::Storage::vdisk_free($storecfg, $old_volid);
  3515. };
  3516. warn $@ if $@;
  3517. }
  3518. };
  3519.  
  3520. return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
  3521. };
  3522.  
  3523. my $load_and_check_reassign_configs = sub {
  3524. my $vmlist = PVE::Cluster::get_vmlist()->{ids};
  3525.  
  3526. die "could not find VM ${vmid}\n" if !exists($vmlist->{$vmid});
  3527. die "could not find target VM ${target_vmid}\n" if !exists($vmlist->{$target_vmid});
  3528.  
  3529. my $source_node = $vmlist->{$vmid}->{node};
  3530. my $target_node = $vmlist->{$target_vmid}->{node};
  3531.  
  3532. die "Both VMs need to be on the same node ($source_node != $target_node)\n"
  3533. if $source_node ne $target_node;
  3534.  
  3535. my $source_conf = PVE::QemuConfig->load_config($vmid);
  3536. PVE::QemuConfig->check_lock($source_conf);
  3537. my $target_conf = PVE::QemuConfig->load_config($target_vmid);
  3538. PVE::QemuConfig->check_lock($target_conf);
  3539.  
  3540. die "Can't move disks from or to template VMs\n"
  3541. if ($source_conf->{template} || $target_conf->{template});
  3542.  
  3543. if ($digest) {
  3544. eval { PVE::Tools::assert_if_modified($digest, $source_conf->{digest}) };
  3545. die "VM ${vmid}: $@" if $@;
  3546. }
  3547.  
  3548. if ($target_digest) {
  3549. eval { PVE::Tools::assert_if_modified($target_digest, $target_conf->{digest}) };
  3550. die "VM ${target_vmid}: $@" if $@;
  3551. }
  3552.  
  3553. die "Disk '${disk}' for VM '$vmid' does not exist\n" if !defined($source_conf->{$disk});
  3554.  
  3555. die "Target disk key '${target_disk}' is already in use for VM '$target_vmid'\n"
  3556. if $target_conf->{$target_disk};
  3557.  
  3558. my $drive = PVE::QemuServer::parse_drive(
  3559. $disk,
  3560. $source_conf->{$disk},
  3561. );
  3562. die "failed to parse source disk - $@\n" if !$drive;
  3563.  
  3564. my $source_volid = $drive->{file};
  3565.  
  3566. die "disk '${disk}' has no associated volume\n" if !$source_volid;
  3567. die "CD drive contents can't be moved to another VM\n"
  3568. if PVE::QemuServer::drive_is_cdrom($drive, 1);
  3569.  
  3570. my $storeid = PVE::Storage::parse_volume_id($source_volid, 1);
  3571. die "Volume '$source_volid' not managed by PVE\n" if !defined($storeid);
  3572.  
  3573. die "Can't move disk used by a snapshot to another VM\n"
  3574. if PVE::QemuServer::Drive::is_volume_in_use($storecfg, $source_conf, $disk, $source_volid);
  3575. die "Storage does not support moving of this disk to another VM\n"
  3576. if (!PVE::Storage::volume_has_feature($storecfg, 'rename', $source_volid));
  3577. die "Cannot move disk to another VM while the source VM is running - detach first\n"
  3578. if PVE::QemuServer::check_running($vmid) && $disk !~ m/^unused\d+$/;
  3579.  
  3580. # now re-parse using target disk slot format
  3581. if ($target_disk =~ /^unused\d+$/) {
  3582. $drive = PVE::QemuServer::parse_drive(
  3583. $target_disk,
  3584. $source_volid,
  3585. );
  3586. } else {
  3587. $drive = PVE::QemuServer::parse_drive(
  3588. $target_disk,
  3589. $source_conf->{$disk},
  3590. );
  3591. }
  3592. die "failed to parse source disk for target disk format - $@\n" if !$drive;
  3593.  
  3594. my $repl_conf = PVE::ReplicationConfig->new();
  3595. if ($repl_conf->check_for_existing_jobs($target_vmid, 1)) {
  3596. my $format = (PVE::Storage::parse_volname($storecfg, $source_volid))[6];
  3597. die "Cannot move disk to a replicated VM. Storage does not support replication!\n"
  3598. if !PVE::Storage::storage_can_replicate($storecfg, $storeid, $format);
  3599. }
  3600.  
  3601. return ($source_conf, $target_conf, $drive);
  3602. };
  3603.  
  3604. my $logfunc = sub {
  3605. my ($msg) = @_;
  3606. print STDERR "$msg\n";
  3607. };
  3608.  
  3609. my $disk_reassignfn = sub {
  3610. return PVE::QemuConfig->lock_config($vmid, sub {
  3611. return PVE::QemuConfig->lock_config($target_vmid, sub {
  3612. my ($source_conf, $target_conf, $drive) = &$load_and_check_reassign_configs();
  3613.  
  3614. my $source_volid = $drive->{file};
  3615.  
  3616. print "moving disk '$disk' from VM '$vmid' to '$target_vmid'\n";
  3617. my ($storeid, $source_volname) = PVE::Storage::parse_volume_id($source_volid);
  3618.  
  3619. my $fmt = (PVE::Storage::parse_volname($storecfg, $source_volid))[6];
  3620.  
  3621. my $new_volid = PVE::Storage::rename_volume(
  3622. $storecfg,
  3623. $source_volid,
  3624. $target_vmid,
  3625. );
  3626.  
  3627. $drive->{file} = $new_volid;
  3628.  
  3629. delete $source_conf->{$disk};
  3630. print "removing disk '${disk}' from VM '${vmid}' config\n";
  3631. PVE::QemuConfig->write_config($vmid, $source_conf);
  3632.  
  3633. my $drive_string = PVE::QemuServer::print_drive($drive);
  3634.  
  3635. if ($target_disk =~ /^unused\d+$/) {
  3636. $target_conf->{$target_disk} = $drive_string;
  3637. PVE::QemuConfig->write_config($target_vmid, $target_conf);
  3638. } else {
  3639. &$update_vm_api(
  3640. {
  3641. node => $node,
  3642. vmid => $target_vmid,
  3643. digest => $target_digest,
  3644. $target_disk => $drive_string,
  3645. },
  3646. 1,
  3647. );
  3648. }
  3649.  
  3650. # remove possible replication snapshots
  3651. if (PVE::Storage::volume_has_feature(
  3652. $storecfg,
  3653. 'replicate',
  3654. $source_volid),
  3655. ) {
  3656. eval {
  3657. PVE::Replication::prepare(
  3658. $storecfg,
  3659. [$new_volid],
  3660. undef,
  3661. 1,
  3662. undef,
  3663. $logfunc,
  3664. )
  3665. };
  3666. if (my $err = $@) {
  3667. print "Failed to remove replication snapshots on moved disk " .
  3668. "'$target_disk'. Manual cleanup could be necessary.\n";
  3669. }
  3670. }
  3671. });
  3672. });
  3673. };
  3674.  
  3675. if ($target_vmid && $storeid) {
  3676. my $msg = "either set 'storage' or 'target-vmid', but not both";
  3677. raise_param_exc({ 'target-vmid' => $msg, 'storage' => $msg });
  3678. } elsif ($target_vmid) {
  3679. $rpcenv->check_vm_perm($authuser, $target_vmid, undef, ['VM.Config.Disk'])
  3680. if $authuser ne 'root@pam';
  3681.  
  3682. raise_param_exc({ 'target-vmid' => "must be different than source VMID to reassign disk" })
  3683. if $vmid eq $target_vmid;
  3684.  
  3685. my (undef, undef, $drive) = &$load_and_check_reassign_configs();
  3686. my $storage = PVE::Storage::parse_volume_id($drive->{file});
  3687. $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']);
  3688.  
  3689. return $rpcenv->fork_worker(
  3690. 'qmmove',
  3691. "${vmid}-${disk}>${target_vmid}-${target_disk}",
  3692. $authuser,
  3693. $disk_reassignfn
  3694. );
  3695. } elsif ($storeid) {
  3696. $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
  3697.  
  3698. die "cannot move disk '$disk', only configured disks can be moved to another storage\n"
  3699. if $disk =~ m/^unused\d+$/;
  3700. return PVE::QemuConfig->lock_config($vmid, $move_updatefn);
  3701. } else {
  3702. my $msg = "both 'storage' and 'target-vmid' missing, either needs to be set";
  3703. raise_param_exc({ 'target-vmid' => $msg, 'storage' => $msg });
  3704. }
  3705. }});
  3706.  
  3707. my $check_vm_disks_local = sub {
  3708. my ($storecfg, $vmconf, $vmid) = @_;
  3709.  
  3710. my $local_disks = {};
  3711.  
  3712. # add some more information to the disks e.g. cdrom
  3713. PVE::QemuServer::foreach_volid($vmconf, sub {
  3714. my ($volid, $attr) = @_;
  3715.  
  3716. my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
  3717. if ($storeid) {
  3718. my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
  3719. return if $scfg->{shared};
  3720. }
  3721. # The shared attr here is just a special case where the vdisk
  3722. # is marked as shared manually
  3723. return if $attr->{shared};
  3724. return if $attr->{cdrom} and $volid eq "none";
  3725.  
  3726. if (exists $local_disks->{$volid}) {
  3727. @{$local_disks->{$volid}}{keys %$attr} = values %$attr
  3728. } else {
  3729. $local_disks->{$volid} = $attr;
  3730. # ensure volid is present in case it's needed
  3731. $local_disks->{$volid}->{volid} = $volid;
  3732. }
  3733. });
  3734.  
  3735. return $local_disks;
  3736. };
  3737.  
  3738. __PACKAGE__->register_method({
  3739. name => 'migrate_vm_precondition',
  3740. path => '{vmid}/migrate',
  3741. method => 'GET',
  3742. protected => 1,
  3743. proxyto => 'node',
  3744. description => "Get preconditions for migration.",
  3745. permissions => {
  3746. check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
  3747. },
  3748. parameters => {
  3749. additionalProperties => 0,
  3750. properties => {
  3751. node => get_standard_option('pve-node'),
  3752. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  3753. target => get_standard_option('pve-node', {
  3754. description => "Target node.",
  3755. completion => \&PVE::Cluster::complete_migration_target,
  3756. optional => 1,
  3757. }),
  3758. },
  3759. },
  3760. returns => {
  3761. type => "object",
  3762. properties => {
  3763. running => { type => 'boolean' },
  3764. allowed_nodes => {
  3765. type => 'array',
  3766. optional => 1,
  3767. description => "List nodes allowed for offline migration, only passed if VM is offline"
  3768. },
  3769. not_allowed_nodes => {
  3770. type => 'object',
  3771. optional => 1,
  3772. description => "List not allowed nodes with additional informations, only passed if VM is offline"
  3773. },
  3774. local_disks => {
  3775. type => 'array',
  3776. description => "List local disks including CD-Rom, unsused and not referenced disks"
  3777. },
  3778. local_resources => {
  3779. type => 'array',
  3780. description => "List local resources e.g. pci, usb"
  3781. }
  3782. },
  3783. },
  3784. code => sub {
  3785. my ($param) = @_;
  3786.  
  3787. my $rpcenv = PVE::RPCEnvironment::get();
  3788.  
  3789. my $authuser = $rpcenv->get_user();
  3790.  
  3791. PVE::Cluster::check_cfs_quorum();
  3792.  
  3793. my $res = {};
  3794.  
  3795. my $vmid = extract_param($param, 'vmid');
  3796. my $target = extract_param($param, 'target');
  3797. my $localnode = PVE::INotify::nodename();
  3798.  
  3799.  
  3800. # test if VM exists
  3801. my $vmconf = PVE::QemuConfig->load_config($vmid);
  3802. my $storecfg = PVE::Storage::config();
  3803.  
  3804.  
  3805. # try to detect errors early
  3806. PVE::QemuConfig->check_lock($vmconf);
  3807.  
  3808. $res->{running} = PVE::QemuServer::check_running($vmid) ? 1:0;
  3809.  
  3810. # if vm is not running, return target nodes where local storage is available
  3811. # for offline migration
  3812. if (!$res->{running}) {
  3813. $res->{allowed_nodes} = [];
  3814. my $checked_nodes = PVE::QemuServer::check_local_storage_availability($vmconf, $storecfg);
  3815. delete $checked_nodes->{$localnode};
  3816.  
  3817. foreach my $node (keys %$checked_nodes) {
  3818. if (!defined $checked_nodes->{$node}->{unavailable_storages}) {
  3819. push @{$res->{allowed_nodes}}, $node;
  3820. }
  3821.  
  3822. }
  3823. $res->{not_allowed_nodes} = $checked_nodes;
  3824. }
  3825.  
  3826.  
  3827. my $local_disks = &$check_vm_disks_local($storecfg, $vmconf, $vmid);
  3828. $res->{local_disks} = [ values %$local_disks ];;
  3829.  
  3830. my $local_resources = PVE::QemuServer::check_local_resources($vmconf, 1);
  3831.  
  3832. $res->{local_resources} = $local_resources;
  3833.  
  3834. return $res;
  3835.  
  3836.  
  3837. }});
  3838.  
  3839. __PACKAGE__->register_method({
  3840. name => 'migrate_vm',
  3841. path => '{vmid}/migrate',
  3842. method => 'POST',
  3843. protected => 1,
  3844. proxyto => 'node',
  3845. description => "Migrate virtual machine. Creates a new migration task.",
  3846. permissions => {
  3847. check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
  3848. },
  3849. parameters => {
  3850. additionalProperties => 0,
  3851. properties => {
  3852. node => get_standard_option('pve-node'),
  3853. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  3854. target => get_standard_option('pve-node', {
  3855. description => "Target node.",
  3856. completion => \&PVE::Cluster::complete_migration_target,
  3857. }),
  3858. online => {
  3859. type => 'boolean',
  3860. description => "Use online/live migration if VM is running. Ignored if VM is stopped.",
  3861. optional => 1,
  3862. },
  3863. force => {
  3864. type => 'boolean',
  3865. description => "Allow to migrate VMs which use local devices. Only root may use this option.",
  3866. optional => 1,
  3867. },
  3868. migration_type => {
  3869. type => 'string',
  3870. enum => ['secure', 'insecure'],
  3871. description => "Migration traffic is encrypted using an SSH tunnel by default. On secure, completely private networks this can be disabled to increase performance.",
  3872. optional => 1,
  3873. },
  3874. migration_network => {
  3875. type => 'string', format => 'CIDR',
  3876. description => "CIDR of the (sub) network that is used for migration.",
  3877. optional => 1,
  3878. },
  3879. "with-local-disks" => {
  3880. type => 'boolean',
  3881. description => "Enable live storage migration for local disk",
  3882. optional => 1,
  3883. },
  3884. targetstorage => get_standard_option('pve-targetstorage', {
  3885. completion => \&PVE::QemuServer::complete_migration_storage,
  3886. }),
  3887. bwlimit => {
  3888. description => "Override I/O bandwidth limit (in KiB/s).",
  3889. optional => 1,
  3890. type => 'integer',
  3891. minimum => '0',
  3892. default => 'migrate limit from datacenter or storage config',
  3893. },
  3894. },
  3895. },
  3896. returns => {
  3897. type => 'string',
  3898. description => "the task ID.",
  3899. },
  3900. code => sub {
  3901. my ($param) = @_;
  3902.  
  3903. my $rpcenv = PVE::RPCEnvironment::get();
  3904. my $authuser = $rpcenv->get_user();
  3905.  
  3906. my $target = extract_param($param, 'target');
  3907.  
  3908. my $localnode = PVE::INotify::nodename();
  3909. raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
  3910.  
  3911. PVE::Cluster::check_cfs_quorum();
  3912.  
  3913. PVE::Cluster::check_node_exists($target);
  3914.  
  3915. my $targetip = PVE::Cluster::remote_node_ip($target);
  3916.  
  3917. my $vmid = extract_param($param, 'vmid');
  3918.  
  3919. raise_param_exc({ force => "Only root may use this option." })
  3920. if $param->{force} && $authuser ne 'root@pam';
  3921.  
  3922. raise_param_exc({ migration_type => "Only root may use this option." })
  3923. if $param->{migration_type} && $authuser ne 'root@pam';
  3924.  
  3925. # allow root only until better network permissions are available
  3926. raise_param_exc({ migration_network => "Only root may use this option." })
  3927. if $param->{migration_network} && $authuser ne 'root@pam';
  3928.  
  3929. # test if VM exists
  3930. my $conf = PVE::QemuConfig->load_config($vmid);
  3931.  
  3932. # try to detect errors early
  3933.  
  3934. PVE::QemuConfig->check_lock($conf);
  3935.  
  3936. if (PVE::QemuServer::check_running($vmid)) {
  3937. die "can't migrate running VM without --online\n" if !$param->{online};
  3938.  
  3939. my $repl_conf = PVE::ReplicationConfig->new();
  3940. my $is_replicated = $repl_conf->check_for_existing_jobs($vmid, 1);
  3941. my $is_replicated_to_target = defined($repl_conf->find_local_replication_job($vmid, $target));
  3942. if (!$param->{force} && $is_replicated && !$is_replicated_to_target) {
  3943. die "Cannot live-migrate replicated VM to node '$target' - not a replication " .
  3944. "target. Use 'force' to override.\n";
  3945. }
  3946. } else {
  3947. warn "VM isn't running. Doing offline migration instead.\n" if $param->{online};
  3948. $param->{online} = 0;
  3949. }
  3950.  
  3951. my $storecfg = PVE::Storage::config();
  3952. if (my $targetstorage = $param->{targetstorage}) {
  3953. my $storagemap = eval { PVE::JSONSchema::parse_idmap($targetstorage, 'pve-storage-id') };
  3954. raise_param_exc({ targetstorage => "failed to parse storage map: $@" })
  3955. if $@;
  3956.  
  3957. $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk'])
  3958. if !defined($storagemap->{identity});
  3959.  
  3960. foreach my $target_sid (values %{$storagemap->{entries}}) {
  3961. $check_storage_access_migrate->($rpcenv, $authuser, $storecfg, $target_sid, $target);
  3962. }
  3963.  
  3964. $check_storage_access_migrate->($rpcenv, $authuser, $storecfg, $storagemap->{default}, $target)
  3965. if $storagemap->{default};
  3966.  
  3967. PVE::QemuServer::check_storage_availability($storecfg, $conf, $target)
  3968. if $storagemap->{identity};
  3969.  
  3970. $param->{storagemap} = $storagemap;
  3971. } else {
  3972. PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
  3973. }
  3974.  
  3975. if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
  3976.  
  3977. my $hacmd = sub {
  3978. my $upid = shift;
  3979.  
  3980. print "Requesting HA migration for VM $vmid to node $target\n";
  3981.  
  3982. my $cmd = ['ha-manager', 'migrate', "vm:$vmid", $target];
  3983. PVE::Tools::run_command($cmd);
  3984. return;
  3985. };
  3986.  
  3987. return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
  3988.  
  3989. } else {
  3990.  
  3991. my $realcmd = sub {
  3992. PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
  3993. };
  3994.  
  3995. my $worker = sub {
  3996. return PVE::GuestHelpers::guest_migration_lock($vmid, 10, $realcmd);
  3997. };
  3998.  
  3999. return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $worker);
  4000. }
  4001.  
  4002. }});
  4003.  
  4004. __PACKAGE__->register_method({
  4005. name => 'monitor',
  4006. path => '{vmid}/monitor',
  4007. method => 'POST',
  4008. protected => 1,
  4009. proxyto => 'node',
  4010. description => "Execute Qemu monitor commands.",
  4011. permissions => {
  4012. description => "Sys.Modify is required for (sub)commands which are not read-only ('info *' and 'help')",
  4013. check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
  4014. },
  4015. parameters => {
  4016. additionalProperties => 0,
  4017. properties => {
  4018. node => get_standard_option('pve-node'),
  4019. vmid => get_standard_option('pve-vmid'),
  4020. command => {
  4021. type => 'string',
  4022. description => "The monitor command.",
  4023. }
  4024. },
  4025. },
  4026. returns => { type => 'string'},
  4027. code => sub {
  4028. my ($param) = @_;
  4029.  
  4030. my $rpcenv = PVE::RPCEnvironment::get();
  4031. my $authuser = $rpcenv->get_user();
  4032.  
  4033. my $is_ro = sub {
  4034. my $command = shift;
  4035. return $command =~ m/^\s*info(\s+|$)/
  4036. || $command =~ m/^\s*help\s*$/;
  4037. };
  4038.  
  4039. $rpcenv->check_full($authuser, "/", ['Sys.Modify'])
  4040. if !&$is_ro($param->{command});
  4041.  
  4042. my $vmid = $param->{vmid};
  4043.  
  4044. my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
  4045.  
  4046. my $res = '';
  4047. eval {
  4048. $res = PVE::QemuServer::Monitor::hmp_cmd($vmid, $param->{command});
  4049. };
  4050. $res = "ERROR: $@" if $@;
  4051.  
  4052. return $res;
  4053. }});
  4054.  
  4055. __PACKAGE__->register_method({
  4056. name => 'resize_vm',
  4057. path => '{vmid}/resize',
  4058. method => 'PUT',
  4059. protected => 1,
  4060. proxyto => 'node',
  4061. description => "Extend volume size.",
  4062. permissions => {
  4063. check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
  4064. },
  4065. parameters => {
  4066. additionalProperties => 0,
  4067. properties => {
  4068. node => get_standard_option('pve-node'),
  4069. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  4070. skiplock => get_standard_option('skiplock'),
  4071. disk => {
  4072. type => 'string',
  4073. description => "The disk you want to resize.",
  4074. enum => [PVE::QemuServer::Drive::valid_drive_names()],
  4075. },
  4076. size => {
  4077. type => 'string',
  4078. pattern => '\+?\d+(\.\d+)?[KMGT]?',
  4079. description => "The new size. With the `+` sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
  4080. },
  4081. digest => {
  4082. type => 'string',
  4083. description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
  4084. maxLength => 40,
  4085. optional => 1,
  4086. },
  4087. },
  4088. },
  4089. returns => { type => 'null'},
  4090. code => sub {
  4091. my ($param) = @_;
  4092.  
  4093. my $rpcenv = PVE::RPCEnvironment::get();
  4094.  
  4095. my $authuser = $rpcenv->get_user();
  4096.  
  4097. my $node = extract_param($param, 'node');
  4098.  
  4099. my $vmid = extract_param($param, 'vmid');
  4100.  
  4101. my $digest = extract_param($param, 'digest');
  4102.  
  4103. my $disk = extract_param($param, 'disk');
  4104.  
  4105. my $sizestr = extract_param($param, 'size');
  4106.  
  4107. my $skiplock = extract_param($param, 'skiplock');
  4108. raise_param_exc({ skiplock => "Only root may use this option." })
  4109. if $skiplock && $authuser ne 'root@pam';
  4110.  
  4111. my $storecfg = PVE::Storage::config();
  4112.  
  4113. my $updatefn = sub {
  4114.  
  4115. my $conf = PVE::QemuConfig->load_config($vmid);
  4116.  
  4117. die "checksum missmatch (file change by other user?)\n"
  4118. if $digest && $digest ne $conf->{digest};
  4119. PVE::QemuConfig->check_lock($conf) if !$skiplock;
  4120.  
  4121. die "disk '$disk' does not exist\n" if !$conf->{$disk};
  4122.  
  4123. my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
  4124.  
  4125. my (undef, undef, undef, undef, undef, undef, $format) =
  4126. PVE::Storage::parse_volname($storecfg, $drive->{file});
  4127.  
  4128. die "can't resize volume: $disk if snapshot exists\n"
  4129. if %{$conf->{snapshots}} && $format eq 'qcow2';
  4130.  
  4131. my $volid = $drive->{file};
  4132.  
  4133. die "disk '$disk' has no associated volume\n" if !$volid;
  4134.  
  4135. die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
  4136.  
  4137. my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
  4138.  
  4139. $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
  4140.  
  4141. PVE::Storage::activate_volumes($storecfg, [$volid]);
  4142. my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
  4143.  
  4144. die "Could not determine current size of volume '$volid'\n" if !defined($size);
  4145.  
  4146. die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
  4147. my ($ext, $newsize, $unit) = ($1, $2, $4);
  4148. if ($unit) {
  4149. if ($unit eq 'K') {
  4150. $newsize = $newsize * 1024;
  4151. } elsif ($unit eq 'M') {
  4152. $newsize = $newsize * 1024 * 1024;
  4153. } elsif ($unit eq 'G') {
  4154. $newsize = $newsize * 1024 * 1024 * 1024;
  4155. } elsif ($unit eq 'T') {
  4156. $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
  4157. }
  4158. }
  4159. $newsize += $size if $ext;
  4160. $newsize = int($newsize);
  4161.  
  4162. die "shrinking disks is not supported\n" if $newsize < $size;
  4163.  
  4164. return if $size == $newsize;
  4165.  
  4166. PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
  4167.  
  4168. PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
  4169.  
  4170. $drive->{size} = $newsize;
  4171. $conf->{$disk} = PVE::QemuServer::print_drive($drive);
  4172.  
  4173. PVE::QemuConfig->write_config($vmid, $conf);
  4174. };
  4175.  
  4176. PVE::QemuConfig->lock_config($vmid, $updatefn);
  4177. return;
  4178. }});
  4179.  
  4180. __PACKAGE__->register_method({
  4181. name => 'snapshot_list',
  4182. path => '{vmid}/snapshot',
  4183. method => 'GET',
  4184. description => "List all snapshots.",
  4185. permissions => {
  4186. check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
  4187. },
  4188. proxyto => 'node',
  4189. protected => 1, # qemu pid files are only readable by root
  4190. parameters => {
  4191. additionalProperties => 0,
  4192. properties => {
  4193. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  4194. node => get_standard_option('pve-node'),
  4195. },
  4196. },
  4197. returns => {
  4198. type => 'array',
  4199. items => {
  4200. type => "object",
  4201. properties => {
  4202. name => {
  4203. description => "Snapshot identifier. Value 'current' identifies the current VM.",
  4204. type => 'string',
  4205. },
  4206. vmstate => {
  4207. description => "Snapshot includes RAM.",
  4208. type => 'boolean',
  4209. optional => 1,
  4210. },
  4211. description => {
  4212. description => "Snapshot description.",
  4213. type => 'string',
  4214. },
  4215. snaptime => {
  4216. description => "Snapshot creation time",
  4217. type => 'integer',
  4218. renderer => 'timestamp',
  4219. optional => 1,
  4220. },
  4221. parent => {
  4222. description => "Parent snapshot identifier.",
  4223. type => 'string',
  4224. optional => 1,
  4225. },
  4226. },
  4227. },
  4228. links => [ { rel => 'child', href => "{name}" } ],
  4229. },
  4230. code => sub {
  4231. my ($param) = @_;
  4232.  
  4233. my $vmid = $param->{vmid};
  4234.  
  4235. my $conf = PVE::QemuConfig->load_config($vmid);
  4236. my $snaphash = $conf->{snapshots} || {};
  4237.  
  4238. my $res = [];
  4239.  
  4240. foreach my $name (keys %$snaphash) {
  4241. my $d = $snaphash->{$name};
  4242. my $item = {
  4243. name => $name,
  4244. snaptime => $d->{snaptime} || 0,
  4245. vmstate => $d->{vmstate} ? 1 : 0,
  4246. description => $d->{description} || '',
  4247. };
  4248. $item->{parent} = $d->{parent} if $d->{parent};
  4249. $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
  4250. push @$res, $item;
  4251. }
  4252.  
  4253. my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
  4254. my $current = {
  4255. name => 'current',
  4256. digest => $conf->{digest},
  4257. running => $running,
  4258. description => "You are here!",
  4259. };
  4260. $current->{parent} = $conf->{parent} if $conf->{parent};
  4261.  
  4262. push @$res, $current;
  4263.  
  4264. return $res;
  4265. }});
  4266.  
  4267. __PACKAGE__->register_method({
  4268. name => 'snapshot',
  4269. path => '{vmid}/snapshot',
  4270. method => 'POST',
  4271. protected => 1,
  4272. proxyto => 'node',
  4273. description => "Snapshot a VM.",
  4274. permissions => {
  4275. check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
  4276. },
  4277. parameters => {
  4278. additionalProperties => 0,
  4279. properties => {
  4280. node => get_standard_option('pve-node'),
  4281. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  4282. snapname => get_standard_option('pve-snapshot-name'),
  4283. vmstate => {
  4284. optional => 1,
  4285. type => 'boolean',
  4286. description => "Save the vmstate",
  4287. },
  4288. description => {
  4289. optional => 1,
  4290. type => 'string',
  4291. description => "A textual description or comment.",
  4292. },
  4293. },
  4294. },
  4295. returns => {
  4296. type => 'string',
  4297. description => "the task ID.",
  4298. },
  4299. code => sub {
  4300. my ($param) = @_;
  4301.  
  4302. my $rpcenv = PVE::RPCEnvironment::get();
  4303.  
  4304. my $authuser = $rpcenv->get_user();
  4305.  
  4306. my $node = extract_param($param, 'node');
  4307.  
  4308. my $vmid = extract_param($param, 'vmid');
  4309.  
  4310. my $snapname = extract_param($param, 'snapname');
  4311.  
  4312. die "unable to use snapshot name 'current' (reserved name)\n"
  4313. if $snapname eq 'current';
  4314.  
  4315. die "unable to use snapshot name 'pending' (reserved name)\n"
  4316. if lc($snapname) eq 'pending';
  4317.  
  4318. my $realcmd = sub {
  4319. PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
  4320. PVE::QemuConfig->snapshot_create($vmid, $snapname, $param->{vmstate},
  4321. $param->{description});
  4322. };
  4323.  
  4324. return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
  4325. }});
  4326.  
  4327. __PACKAGE__->register_method({
  4328. name => 'snapshot_cmd_idx',
  4329. path => '{vmid}/snapshot/{snapname}',
  4330. description => '',
  4331. method => 'GET',
  4332. permissions => {
  4333. user => 'all',
  4334. },
  4335. parameters => {
  4336. additionalProperties => 0,
  4337. properties => {
  4338. vmid => get_standard_option('pve-vmid'),
  4339. node => get_standard_option('pve-node'),
  4340. snapname => get_standard_option('pve-snapshot-name'),
  4341. },
  4342. },
  4343. returns => {
  4344. type => 'array',
  4345. items => {
  4346. type => "object",
  4347. properties => {},
  4348. },
  4349. links => [ { rel => 'child', href => "{cmd}" } ],
  4350. },
  4351. code => sub {
  4352. my ($param) = @_;
  4353.  
  4354. my $res = [];
  4355.  
  4356. push @$res, { cmd => 'rollback' };
  4357. push @$res, { cmd => 'config' };
  4358.  
  4359. return $res;
  4360. }});
  4361.  
  4362. __PACKAGE__->register_method({
  4363. name => 'update_snapshot_config',
  4364. path => '{vmid}/snapshot/{snapname}/config',
  4365. method => 'PUT',
  4366. protected => 1,
  4367. proxyto => 'node',
  4368. description => "Update snapshot metadata.",
  4369. permissions => {
  4370. check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
  4371. },
  4372. parameters => {
  4373. additionalProperties => 0,
  4374. properties => {
  4375. node => get_standard_option('pve-node'),
  4376. vmid => get_standard_option('pve-vmid'),
  4377. snapname => get_standard_option('pve-snapshot-name'),
  4378. description => {
  4379. optional => 1,
  4380. type => 'string',
  4381. description => "A textual description or comment.",
  4382. },
  4383. },
  4384. },
  4385. returns => { type => 'null' },
  4386. code => sub {
  4387. my ($param) = @_;
  4388.  
  4389. my $rpcenv = PVE::RPCEnvironment::get();
  4390.  
  4391. my $authuser = $rpcenv->get_user();
  4392.  
  4393. my $vmid = extract_param($param, 'vmid');
  4394.  
  4395. my $snapname = extract_param($param, 'snapname');
  4396.  
  4397. return if !defined($param->{description});
  4398.  
  4399. my $updatefn = sub {
  4400.  
  4401. my $conf = PVE::QemuConfig->load_config($vmid);
  4402.  
  4403. PVE::QemuConfig->check_lock($conf);
  4404.  
  4405. my $snap = $conf->{snapshots}->{$snapname};
  4406.  
  4407. die "snapshot '$snapname' does not exist\n" if !defined($snap);
  4408.  
  4409. $snap->{description} = $param->{description} if defined($param->{description});
  4410.  
  4411. PVE::QemuConfig->write_config($vmid, $conf);
  4412. };
  4413.  
  4414. PVE::QemuConfig->lock_config($vmid, $updatefn);
  4415.  
  4416. return;
  4417. }});
  4418.  
  4419. __PACKAGE__->register_method({
  4420. name => 'get_snapshot_config',
  4421. path => '{vmid}/snapshot/{snapname}/config',
  4422. method => 'GET',
  4423. proxyto => 'node',
  4424. description => "Get snapshot configuration",
  4425. permissions => {
  4426. check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 'VM.Snapshot.Rollback', 'VM.Audit' ], any => 1],
  4427. },
  4428. parameters => {
  4429. additionalProperties => 0,
  4430. properties => {
  4431. node => get_standard_option('pve-node'),
  4432. vmid => get_standard_option('pve-vmid'),
  4433. snapname => get_standard_option('pve-snapshot-name'),
  4434. },
  4435. },
  4436. returns => { type => "object" },
  4437. code => sub {
  4438. my ($param) = @_;
  4439.  
  4440. my $rpcenv = PVE::RPCEnvironment::get();
  4441.  
  4442. my $authuser = $rpcenv->get_user();
  4443.  
  4444. my $vmid = extract_param($param, 'vmid');
  4445.  
  4446. my $snapname = extract_param($param, 'snapname');
  4447.  
  4448. my $conf = PVE::QemuConfig->load_config($vmid);
  4449.  
  4450. my $snap = $conf->{snapshots}->{$snapname};
  4451.  
  4452. die "snapshot '$snapname' does not exist\n" if !defined($snap);
  4453.  
  4454. return $snap;
  4455. }});
  4456.  
  4457. __PACKAGE__->register_method({
  4458. name => 'rollback',
  4459. path => '{vmid}/snapshot/{snapname}/rollback',
  4460. method => 'POST',
  4461. protected => 1,
  4462. proxyto => 'node',
  4463. description => "Rollback VM state to specified snapshot.",
  4464. permissions => {
  4465. check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 'VM.Snapshot.Rollback' ], any => 1],
  4466. },
  4467. parameters => {
  4468. additionalProperties => 0,
  4469. properties => {
  4470. node => get_standard_option('pve-node'),
  4471. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  4472. snapname => get_standard_option('pve-snapshot-name'),
  4473. },
  4474. },
  4475. returns => {
  4476. type => 'string',
  4477. description => "the task ID.",
  4478. },
  4479. code => sub {
  4480. my ($param) = @_;
  4481.  
  4482. my $rpcenv = PVE::RPCEnvironment::get();
  4483.  
  4484. my $authuser = $rpcenv->get_user();
  4485.  
  4486. my $node = extract_param($param, 'node');
  4487.  
  4488. my $vmid = extract_param($param, 'vmid');
  4489.  
  4490. my $snapname = extract_param($param, 'snapname');
  4491.  
  4492. my $realcmd = sub {
  4493. PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
  4494. PVE::QemuConfig->snapshot_rollback($vmid, $snapname);
  4495. };
  4496.  
  4497. my $worker = sub {
  4498. # hold migration lock, this makes sure that nobody create replication snapshots
  4499. return PVE::GuestHelpers::guest_migration_lock($vmid, 10, $realcmd);
  4500. };
  4501.  
  4502. return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $worker);
  4503. }});
  4504.  
  4505. __PACKAGE__->register_method({
  4506. name => 'delsnapshot',
  4507. path => '{vmid}/snapshot/{snapname}',
  4508. method => 'DELETE',
  4509. protected => 1,
  4510. proxyto => 'node',
  4511. description => "Delete a VM snapshot.",
  4512. permissions => {
  4513. check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
  4514. },
  4515. parameters => {
  4516. additionalProperties => 0,
  4517. properties => {
  4518. node => get_standard_option('pve-node'),
  4519. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  4520. snapname => get_standard_option('pve-snapshot-name'),
  4521. force => {
  4522. optional => 1,
  4523. type => 'boolean',
  4524. description => "For removal from config file, even if removing disk snapshots fails.",
  4525. },
  4526. },
  4527. },
  4528. returns => {
  4529. type => 'string',
  4530. description => "the task ID.",
  4531. },
  4532. code => sub {
  4533. my ($param) = @_;
  4534.  
  4535. my $rpcenv = PVE::RPCEnvironment::get();
  4536.  
  4537. my $authuser = $rpcenv->get_user();
  4538.  
  4539. my $node = extract_param($param, 'node');
  4540.  
  4541. my $vmid = extract_param($param, 'vmid');
  4542.  
  4543. my $snapname = extract_param($param, 'snapname');
  4544.  
  4545. my $realcmd = sub {
  4546. PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
  4547. PVE::QemuConfig->snapshot_delete($vmid, $snapname, $param->{force});
  4548. };
  4549.  
  4550. return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
  4551. }});
  4552.  
  4553. __PACKAGE__->register_method({
  4554. name => 'template',
  4555. path => '{vmid}/template',
  4556. method => 'POST',
  4557. protected => 1,
  4558. proxyto => 'node',
  4559. description => "Create a Template.",
  4560. permissions => {
  4561. description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
  4562. check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
  4563. },
  4564. parameters => {
  4565. additionalProperties => 0,
  4566. properties => {
  4567. node => get_standard_option('pve-node'),
  4568. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
  4569. disk => {
  4570. optional => 1,
  4571. type => 'string',
  4572. description => "If you want to convert only 1 disk to base image.",
  4573. enum => [PVE::QemuServer::Drive::valid_drive_names()],
  4574. },
  4575.  
  4576. },
  4577. },
  4578. returns => {
  4579. type => 'string',
  4580. description => "the task ID.",
  4581. },
  4582. code => sub {
  4583. my ($param) = @_;
  4584.  
  4585. my $rpcenv = PVE::RPCEnvironment::get();
  4586.  
  4587. my $authuser = $rpcenv->get_user();
  4588.  
  4589. my $node = extract_param($param, 'node');
  4590.  
  4591. my $vmid = extract_param($param, 'vmid');
  4592.  
  4593. my $disk = extract_param($param, 'disk');
  4594.  
  4595. my $load_and_check = sub {
  4596. my $conf = PVE::QemuConfig->load_config($vmid);
  4597.  
  4598. PVE::QemuConfig->check_lock($conf);
  4599.  
  4600. die "unable to create template, because VM contains snapshots\n"
  4601. if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
  4602.  
  4603. die "you can't convert a template to a template\n"
  4604. if PVE::QemuConfig->is_template($conf) && !$disk;
  4605.  
  4606. die "you can't convert a VM to template if VM is running\n"
  4607. if PVE::QemuServer::check_running($vmid);
  4608.  
  4609. return $conf;
  4610. };
  4611.  
  4612. $load_and_check->();
  4613.  
  4614. my $realcmd = sub {
  4615. PVE::QemuConfig->lock_config($vmid, sub {
  4616. my $conf = $load_and_check->();
  4617.  
  4618. $conf->{template} = 1;
  4619. PVE::QemuConfig->write_config($vmid, $conf);
  4620.  
  4621. PVE::QemuServer::template_create($vmid, $conf, $disk);
  4622. });
  4623. };
  4624.  
  4625. return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
  4626. }});
  4627.  
  4628. __PACKAGE__->register_method({
  4629. name => 'cloudinit_generated_config_dump',
  4630. path => '{vmid}/cloudinit/dump',
  4631. method => 'GET',
  4632. proxyto => 'node',
  4633. description => "Get automatically generated cloudinit config.",
  4634. permissions => {
  4635. check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
  4636. },
  4637. parameters => {
  4638. additionalProperties => 0,
  4639. properties => {
  4640. node => get_standard_option('pve-node'),
  4641. vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
  4642. type => {
  4643. description => 'Config type.',
  4644. type => 'string',
  4645. enum => ['user', 'network', 'meta'],
  4646. },
  4647. },
  4648. },
  4649. returns => {
  4650. type => 'string',
  4651. },
  4652. code => sub {
  4653. my ($param) = @_;
  4654.  
  4655. my $conf = PVE::QemuConfig->load_config($param->{vmid});
  4656.  
  4657. return PVE::QemuServer::Cloudinit::dump_cloudinit_config($conf, $param->{vmid}, $param->{type});
  4658. }});
  4659.  
  4660. 1;
Advertisement
RAW Paste Data Copied
Advertisement