create a fixed size cloudinit disk if it is referenced in config and
does not exist. the size of the disk created when first added to the
config is reduced to 4MiB to match the one created in
commit_cloudinit_disk.
maximum file size per snippet file (network, user, meta) is increased to 1MiB.
preparation for offline migration without the cloudinit disk (that is
always regenerated on start).
also fixes#1807, although a further patch is required to change the
vmid on restore
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
Tested-by: Dominik Csapak <d.csapak@proxmox.com>
this makes it possible to give a storage for state saving, if one
wants to use a different storage than for snapshots or does not
want to save this info into the config
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Adds the 'cicustom' option to specify either or both network and user
options as property strings. Their parameters are files in a snippets
storage (e.g. local:snippets/network.yaml). If one or both are specified
they are used instead of their respective generated configuration.
This allows the use of completely custom configurations and is also a
possible solution for bug #2068 by specifying a custom user file that
contains package_upgrade: false.
Tested with Ubuntu 18.10 and cloud-init 18.4.7
Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
this adds a new config option for it, and executes it on four
points in time:
'pre-start'
'post-start'
'pre-stop'
'post-stop'
on pre-start we abort if the script fails
and pre-stop will not be called if the vm crashes or if
the vm gets powered off from inside the guest
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
The qm CLI command offer the config and showcmd functions. Both of those
outputs may vary with respect to a given snapshot. This adds a switch
that shows the corresponding snapshot's config and command line.
The code needs a newer libpve-guest-common-perl, thus bumping the
dependency.
Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
$newconf->{pending} is a reference to an empty hash, which is not falsy,
thus we always printed the warning
so check if there are actual values there and if yes,
give the names of the properties for which pending changes are found
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Some storage like rbd or lvm can't keep thin-provising after a qemu-mirror.
Call qga guest-fstrim if qga is available and fstrim_cloned_disks is enabled
after move_disk and migrate.
Co-Authored-By: Alexandre Derumier <aderumier@odiso.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
writes the given content to the file
the size is at the moment limited by the max post size of the
pveproxy/daemon, so we set the maxLength to 60k
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this api call reads a file via the guest agent,
(in 1MB chunks) but is limited to 16MiB (for now)
if the file is bigger, the output gets truncated and a
'truncated' flag is set in the return object
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this imitates the qemu-guest-agent interface
with an 'exec' api call which returns a pid
and an 'exec-status' api call which takes a pid
the command for the exec call is given as an 'alist'
which means that when using we have to give the 'command'
parameter multiple times e.g.
pvesh create <...>/exec --command ls --command '-lha' --command '/home/user'
so that we avoid having to deal with shell escaping etc.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this executes the guest agent command 'set-user-password'
with which one can change the password of an existing user in the vm
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Move the locking inside worker, so that the process doing the actual
work (create or restore) holds the lock, and can call functions which
do locking without deadlocking.
This mirrors the behaviour we use for containers, and allows to add
an 'autostart' parameter which starts the VM after successful
creation. vm_start needs the lock and as not the worker but it's
parents held it, it couldn't know that it was actually save to
continue...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
cloning a vm means copying the current state, not the
state of 'some time in the future, when the vm is started again'
we should not copy the pending changes, which also fixes the
issue that we got a wrong pending change on the disks,net,smbios,etc.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
since password is easily decrypted, hide it on the api
if someone needs it, they can get it directly from the
config
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
We don't leave this up to cloud-init as we don't want
un-hashed values at all in our configs.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
move: don't error out with "you can't move a cdrom"
clone: always full-clone cloud-init images
They get completely replaced anyway at the next start, so
there's no point in keeping them.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
*) always replace old cloudinit images
*) apply pending cloudinit changes when generating a new
image
For cloudinit we now always use vdisk_free before
vdisk_alloc in order to always replace old images, this
allows us to hotplug a new drive by setting it to
`none,media=cdrom` first (to eject the disk), then setting
it back to 'storage:cloudinit' to have a new image generated
after applying the currently pending changes.
between qemu 2.9 and 2.11 there were added some new commands,
the guest agent inside the vm has to support these
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
with a 'register_command' sub, which generates an api call
we call it for each command in the list, and one time for
the old general {vmid}/agent endpoint (for compatibility)
permissions/methods are the same as previously, but can
be overriden
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Fixes problems in CLIHandler using the code pattern:
while (my $line = <>) {
...
}
For why this causes only _now_ problems lets first look how <>
behaves:
"The null filehandle <> is special: [...] Input from <> comes either
from standard input, or from each file listed on the command line.
Here's how it works: the first time <> is evaluated, the @ARGV array
is checked, and if it is empty, $ARGV[0] is set to "-" , which when
opened gives you standard input. The @ARGV array is then processed
as a list of filenames." - 'perldoc perlop'
Recent changes in the CLIHandler code changed how we modfiied @ARGV
Earlier we assumed that the first argument must be the command and
thus shifted it out of @ARGV, now we can have multiple levels of
(sub)commands. This change also changed how we handle @ARGV, we do
not unshift anything but go through the arguments until we got to
the final command and copy the rest of @ARGV as we know that this
must be the commandos arguments.
For '<>' this means that ARGV was still fully populated and perl
tried to open element as a file, which naturally failed.
Thus the change in pve-common only exposed this 'dangerous' code
pattern.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
There's no reason to have Ctrl+O terminate these sessions.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
perls 'local' must be either used in front of each $SIG{...}
assignments or they must be put in a list, else it affects only the
first variable and the rest are *not* in local context.
In all cases the global signal handlers we overwrote were in cli programs or
forked workers, not in daemons.
factor out code in a new create_efidisk submethod, as else this code
is hardly readable as the efidisk0 case is a special case. Refer from
putting all this specialised handling directly to the much shorter
code for all other cases.
Also the disk was created with a specific format and then a format
detection on the newly created disk was done, which is pretty
useless, clear that up.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The size of this image is not fixed, it increased to 528k in more
recent build of OVMF and could increase further (not likely, but
possible).
Instead of changing the hardcoded value move to a more generic
approach and read the size from the base image at creation time.
Use the new convert_size method and generalise the assignment of
size and volid between the efidisk and the normal case, as a part of
this change.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
perls 'local' must be either used in front of each $SIG{...}
assignments or they must be put in a list, else it affects only the
first variable and the rest are *not* in local context.
This may cause weird behaviour where daemons seemingly do not get
terminating signals delivered correctly and thus may not shutdown
gracefully anymore.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
to avoid "Socket already in use" errors, when quickly opening/closing
console sessions on the webinterface
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This fixes paths such as
/dev/disk/by-id/some-ID:0.5
being interpreted as a request to create a 0.5G-sized disk
in the storage named '/dev/disk/by-id/some-ID'.
this allows it to use the vncproxy api call to use from pvesh,
because before we waited until the task finished to get the vncticket
which was too late
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This patch will include all necessary properties for the replication.
Also will it enable and disable a replication job
when appointed flags are set or deleted.
if we define a different target storeid for remote node,
and that storage is not available on source node
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
otherwise we get lots uninitialized warnings:
update VM 600: -delete unused7
Use of uninitialized value $data in split at /usr/share/perl5/PVE/JSONSchema.pm line 533.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/PVE/API2/Qemu.pm line 1012.
Use of uninitialized value $volid in pattern match (m//) at /usr/share/perl5/PVE/QemuServer.pm line 1824.
Use of uninitialized value $volid in pattern match (m//) at /usr/share/perl5/PVE/Storage/Plugin.pm line 201.
Use of uninitialized value $volid in concatenation (.) or string at /usr/share/perl5/PVE/Storage/Plugin.pm line 205.
vs:
update VM 600: -delete unused7
cannot delete 'unused7' - not set in current configuration!
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Single quoted text in asciidoc is rendered in man pages
with underlines, which makes the '+' symbol very similar to '+/-'
Backticks are rendered with monospace text in HTML, normal text
in man pages, and still readable in raw format.
this was already possible manually via "qm template", but
doing it automatically when moving a disk of a template
makes more sense.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
As Fabian as required,
add an extra flag "with-local-disks" to enable live storage migration with localdisk.
default target storage is same sid than source, this can be overrided with
"targetstorage" option.
I will try improve this later, with optionnal mapping, disk by disk.
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
if qga is enabled, we try to freeze the fs before cancelling block job.
if not , we pause the vm.
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This allow to migrate disks on local storage to a remote node storage.
When the target node start, a new volumes are created and exposed through qemu embedded nbd server.
qemu drive-mirror is launch on source vm for each disk with nbd server as target.
when drive-mirror reach 100% of 1 disk, we don't complete the block jobs and begin mirror of next disk.
(mirroring are parralel, but we try to mirroring them 1 by 1 to avoid storage && network overload)
Then we live migrate the vm to destination node. (drive-mirror still occur at the same time).
We the vm is livemigrate (source vm paused, target vm pause), we complete the block jobs mirror.
When is done we stop the source vm and resume the target vm
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This will create a new drive for each local drive found,
and start the vm with this new drives.
if targetstorage == 1, we use same sid than original vm disk
a nbd server is started in qemu and expose local volumes to network port
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
because these allow adding arbitrary devices to VMs (and
other potentially dangerous things).
whitelist 'info *' and 'help' as usable with just
VM.Monitor, if more are desired and requested they can be
added later.
Without this patch we use the network were the cluster traffic runs
for sending migration traffic. This is not ideal as it may hinder
cluster traffic. Further some users have a powerful network which
would be perfect for migrations, with this patch they can run the
migration traffic over such a network without having the corosync
traffic on the same network.
The network is configurable through /etc/pve/datacenter.cfg which
got a new property, namely migration. migration has two
subproperties: type (replaces the old migration_unsecure property)
and network.
For the case of a network failure or that a VM has to be moved over
another network for arbitrary other reasons I added the
migration_type and migration_network parameters to qm migrate (and
respectively vm_start as this gets used on migration).
They allow overwriting the datacenter.cfg settings.
Fixes bug #1177
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
before copying the efidisk image to a storage,
we first have to activate the volume
also, add the -n flag to qemu-img convert (prevents
creation of the target volume)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
when we create the efidisk0 over the api,
we discard the size, and create a 128kbyte vdisk
and copy it there with qemu-img convert
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this API call changes the config quite drastically, and as
such should not be possible while an operation that holds a
lock is ongoing (e.g., migration, backup, snapshot).
we needed root@pam rights to remove an unused disk
from a vm (instead of the correct Storage rights)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
moved numa\d+ persmission to VM.Config.CPU
and serial/parallel to root since it accesses the host hardware
also renamed remainingoptions to generaloptions to
reduce confusion, since the real remaining options
(those that we do not specify) require root
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
instead of defaulting to VM.Config.Options for
all options not checked seperately, we
now have lists for the different config permissions
and check them accordingly.
for everything not given, we require root access
this is important especially for usbN and hostpciN
since they can change the host configuration
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
The volume_size_info() call was what actually failed, but
the error reported to the gui came from afterwards trying to
resize the disk to a garabge size.
Otherwise some move operations will fail to delete the old
disk (eg. when moving from ceph to local storage).
Note that in order for the deactivation to succeed we need
to make sure qemu has closed its file descriptors, so we
need to wait for the job to disappear the same way we do in
$cancel_job().
Factored the waiting out into $finish_job().
previously, when shutting down a suspended vm,
we successfully send the shutdown command to it,
but it will not shutdown (because it is suspended)
there we will run into the timeout and either
bail out with an error, or kill the process
when we not kill the process and resume the vm,
it will instantly shutdown, because of the previous
command
this patch checks the status of the vm beforehand,
and either bails out with an error that you cannot
shutdown a suspended vm, or stops the vm with the
correct qmp command (depending of forceStop)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Drop snapshot_create, snapshot_delete and snapshot_rollback
in favour of PVE::AbstractConfig. Qemu-specific parts are
implemented in __snapshot_XX methods in PVE::QemuConfig.
has_feature is made an implementation of the abstract
has_feature, and thus moves to PVE::QemuConfig.
Note: a new hook method needed to be introduced to be called
before creating a volume snapshot, after creating a volume
snapshot, and after unfreezing the guestfs after creating a
volume snapshot. The base method in PVE::AbstractConfig is a
noop, the implemention in PVE::QemuConfig runs the necessary
Qemu monitor commands.
Drop load_config, write_config, lock_config[_xx],
check_lock, check_protection, is_template and config_file
in favour of implementions in PVE::AbstractConfig.
Implement guest_type, __config_max_unused_disks,
config_file_lock and cfs_config_path from
PVE::AbstractConfig in PVE::QemuConfig.
Previously, foreach_drive iterated over all configuration
keys (in a random order) and checked whether the current key
is a valid drive name. Instead, we now iterate over a list
of valid drive names (with deterministic order) and check
whether a drive with such a name exists in the
configuration.
Also rename the two involved methods from valid_drive_name
to is_valid_drive_name (for the check) and from disknames
to valid_drive_names (for the list of valid keys), for
consistency. These two were only used in the qemu-server
code base.
qm list and qm status both show suspended VMs as 'running'
while the GUI's status summary shows them as 'paused'.
This patch makes 'qm status' always request the full status
and adds an optional '-full' parameter for 'qm list' to
use a full status query to include the 'paused' state. (This
is optional as it causes qmp requests to all running VMs.)
We can clone online a running vm, we don't have to deactive source vm volume
if the source vm is running
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Since write_config was always called with skiplock=1 except
once, it makes sense to drop this parameter like in
PVE::LXC::write_config . If needed in the future, the
caller can use check_lock before write_config anyway.
The method update_config wrapped update_config_nolock
using lock_config, but to prevent update races the whole
"read config", "do something", "write config" flow was
always protected by lock_config anyway, and update_config
was never called.
Thus, we can safely drop update_config and rename
update_config_nolock to write_config like in PVE::LXC .
