From abbc2ce780dfb6b6c3d6fefd047c852ad79799b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Chris=20Schl=C3=A4pfer?= Date: Fri, 29 Sep 2023 12:07:46 +0200 Subject: [PATCH] - Replaced pve2-api-php with fork that uses symfony & httpclient. - Reworked some of the server preparation functionality - Added "Debug mode" to proxmox Settings --- Api/Admin.php | 34 +- ProxmoxAuthentication.php | 174 ++-- ProxmoxServer.php | 73 +- ProxmoxVM.php | 13 +- Service.php | 3 +- composer.json | 24 + html_admin/mod_serviceproxmox_index.html.twig | 68 +- .../mod_serviceproxmox_settings.html.twig | 16 + pve2_api.class.php | 848 ++++++------------ 9 files changed, 590 insertions(+), 663 deletions(-) create mode 100644 composer.json diff --git a/Api/Admin.php b/Api/Admin.php index 2622305..27ef88f 100644 --- a/Api/Admin.php +++ b/Api/Admin.php @@ -402,12 +402,17 @@ public function server_create($data) 'ipv4' => 'Server ipv4 is missing', 'hostname' => 'Server hostname is missing', 'port' => 'Server port is missing', - 'root_user' => 'Root user is missing', - 'root_password' => 'Root password is missing', + 'auth_type' => 'Authentication type is missing', 'realm' => 'Proxmox user realm is missing', ); $this->di['validator']->checkRequiredParamsForArray($required, $data); + // check if server already exists based on name, ipv4 or hostname + $server = $this->di['db']->findOne('service_proxmox_server', 'name=:name OR ipv4=:ipv4 OR hostname=:hostname', array(':name' => $data['name'], ':ipv4' => $data['ipv4'], ':hostname' => $data['hostname'])); + if ($server) { + throw new \Box_Exception('Server already exists'); + } + $server = $this->di['db']->dispense('service_proxmox_server'); $server->name = $data['name']; $server->group = $data['group']; @@ -416,17 +421,34 @@ public function server_create($data) $server->hostname = $data['hostname']; $server->port = $data['port']; $server->realm = $data['realm']; - $server->root_user = $data['root_user']; - $server->root_password = $data['root_password']; $server->active = $data['active']; $server->created_at = date('Y-m-d H:i:s'); $server->updated_at = date('Y-m-d H:i:s'); $this->di['db']->store($server); - $this->di['logger']->info('Created Proxmox server %s', $server->id); + + // check if auth_type is username or token + if ($data['auth_type'] == 'username') { + $server->root_user = $data['root_user']; + $server->root_password = $data['root_password']; + $server->tokenname = ''; + $server->tokenvalue = ''; + $this->di['db']->store($server); + $this->getService()->test_connection($server); + } else { + $server->root_user = ''; + $server->root_password = ''; + $server->tokenname = $data['tokenname']; + $server->tokenvalue = $data['tokenvalue']; + $this->di['db']->store($server); + + } + + // Validate server by testing connection - $this->getService()->test_connection; + + return true; } diff --git a/ProxmoxAuthentication.php b/ProxmoxAuthentication.php index 375d75c..44bae86 100644 --- a/ProxmoxAuthentication.php +++ b/ProxmoxAuthentication.php @@ -32,11 +32,12 @@ trait ProxmoxAuthentication */ public function prepare_pve_setup($server) { + $config = $this->di['mod_config']('Serviceproxmox'); // Retrieve the server access information $serveraccess = $this->find_access($server); // Create a new instance of the PVE2_API class with the server access details - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue, debug: $config['pmx_debug_logging']); // Attempt to log in to the server using the API if (!$proxmox->login()) { @@ -82,85 +83,101 @@ public function prepare_pve_setup($server) default: throw new \Box_Exception("More than one group found"); break; - } - } - + } - // Validate if there already is a user and token for fossbilling - $users = $proxmox->get("/access/users"); - $found = 0; - // Iterate through the users and check for a user beginning with 'fb' - foreach ($users as $user) { - if (strpos($user['userid'], 'fb') === 0) { - $found += 1; - $userid = $user['userid']; - } - // Handle the cases where there are no users, one user, or multiple users - switch ($found) { - case 0: - // Create a new user - $userid = 'fb_' . rand(1000, 9999) . '@pve'; // TODO: Make realm configurable in the module settings - $newuser = $proxmox->post("/access/users", array('userid' => $userid, 'password' => $this->di['tools'], 'enable' => 1, 'comment' => 'fossbilling user', 'groups' => $groupid)); - - // Create a token for the new user - $token = $proxmox->post("/access/users/" . $userid . "/token/fb_access", array()); - - // Check if the token was created successfully - if ($token) { - $server->tokenname = $token['full-tokenid']; - $server->tokenvalue = $token['value']; - } else { - throw new \Box_Exception("Failed to create token for fossbilling user"); + // Validate if there already is a user and token for fossbilling + $users = $proxmox->get("/access/users"); + $found = 0; + // Iterate through the users and check for a user beginning with 'fb' + foreach ($users as $user) { + if (strpos($user['userid'], 'fb') === 0) { + $found += 1; + $userid = $user['userid']; + } + // Handle the cases where there are no users, one user, or multiple users + switch ($found) { + case 0: + // Create a new user + $userid = 'fb_' . rand(1000, 9999) . '@pve'; // TODO: Make realm configurable in the module settings + $newuser = $proxmox->post("/access/users", array('userid' => $userid, 'password' => $this->di['tools'], 'enable' => 1, 'comment' => 'fossbilling user', 'groups' => $groupid)); + + // Create a token for the new user + $token = $proxmox->post("/access/users/" . $userid . "/token/fb_access", array()); + + // Check if the token was created successfully + if ($token) { + $server->tokenname = $token['full-tokenid']; + $server->tokenvalue = $token['value']; + } else { + throw new \Box_Exception("Failed to create token for fossbilling user"); + break; + } break; - } - break; - case 1: - // Create a token for the existing user - $token = $proxmox->post("/access/users/" . $userid . "/token/fb_access", array()); - if ($token) { - $server->tokenname = $token['full-tokenid']; - $server->tokenvalue = $token['value']; - } else { - throw new \Box_Exception("Failed to create token for fossbilling user"); + case 1: + // Create a token for the existing user + $token = $proxmox->post("/access/users/" . $userid . "/token/fb_access", array()); + if ($token) { + $server->tokenname = $token['full-tokenid']; + $server->tokenvalue = $token['value']; + } else { + throw new \Box_Exception("Failed to create token for fossbilling user"); + break; + } + break; + default: + throw new \Box_Exception("There are more than one fossbilling users on the server. Please delete all but one."); break; + } + // Create permissions for the newly created token + // Set up permissions for the token (Admin user) to manage users, groups, and other administrative tasks + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEUserAdmin', 'propagate' => 1, 'users' => $userid)); + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEAuditor', 'propagate' => 1, 'users' => $userid)); + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVESysAdmin', 'propagate' => 1, 'users' => $userid)); + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEPoolAdmin', 'propagate' => 1, 'users' => $userid)); + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEDatastoreAdmin', 'propagate' => 1, 'users' => $userid)); + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEUserAdmin', 'propagate' => 1, 'tokens' => $server->tokenname)); + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEAuditor', 'propagate' => 1, 'tokens' => $server->tokenname)); + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVESysAdmin', 'propagate' => 1, 'tokens' => $server->tokenname)); + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEPoolAdmin', 'propagate' => 1, 'tokens' => $server->tokenname)); + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEDatastoreAdmin', 'propagate' => 1, 'tokens' => $server->tokenname)); + + // Sleep for 5 seconds + sleep(5); + + // Check if the permissions were created correctly by logging in and creating another user + /* + echo ""; + echo ""; + echo ""; + echo ""; + echo "

"; + */ + + // Delete the root password and unset the PVE2_API instance + $server->root_password = null; + unset($proxmox); + + // Return the test_access result for the server + return $this->test_access($server); + } + } else { + // Validate Permissions for the token + $permissions = $proxmox->get("/access/acl/"); + // Check for 'PVEUserAdmin', 'PVEAuditor', 'PVESysAdmin', 'PVEPoolAdmin', and 'PVEDatastoreAdmin' permissions, and if they don't exist, try to create them. + $required_permissions = array('PVEUserAdmin', 'PVEAuditor', 'PVESysAdmin', 'PVEPoolAdmin', 'PVEDatastoreAdmin'); + foreach ($required_permissions as $permission) { + $found_permission = 0; + foreach ($permissions as $acl) { + if ($acl['roleid'] == $permission) { + $found_permission += 1; } - break; - default: - throw new \Box_Exception("There are more than one fossbilling users on the server. Please delete all but one."); - break; + } + if (!$found_permission) { + $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => $permission, 'propagate' => 1, 'tokens' => $server->tokenname)); + } } - // Create permissions for the newly created token - // Set up permissions for the token (Admin user) to manage users, groups, and other administrative tasks - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEUserAdmin', 'propagate' => 1, 'users' => $userid)); - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEAuditor', 'propagate' => 1, 'users' => $userid)); - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVESysAdmin', 'propagate' => 1, 'users' => $userid)); - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEPoolAdmin', 'propagate' => 1, 'users' => $userid)); - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEDatastoreAdmin', 'propagate' => 1, 'users' => $userid)); - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEUserAdmin', 'propagate' => 1, 'tokens' => $server->tokenname)); - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEAuditor', 'propagate' => 1, 'tokens' => $server->tokenname)); - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVESysAdmin', 'propagate' => 1, 'tokens' => $server->tokenname)); - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEPoolAdmin', 'propagate' => 1, 'tokens' => $server->tokenname)); - $permissions = $proxmox->put("/access/acl/", array('path' => '/', 'roles' => 'PVEDatastoreAdmin', 'propagate' => 1, 'tokens' => $server->tokenname)); - - // Sleep for 5 seconds - sleep(5); - - // Check if the permissions were created correctly by logging in and creating another user - /* - echo ""; - echo ""; - echo ""; - echo ""; - echo "

"; - */ - - // Delete the root password and unset the PVE2_API instance - $server->root_password = null; - unset($proxmox); - - // Return the test_access result for the server - return $this->test_access($server); + } } @@ -176,9 +193,9 @@ public function test_access($server) { // Retrieve the server access information $serveraccess = $this->find_access($server); - + $config = $this->di['mod_config']('Serviceproxmox'); // Create a new instance of the PVE2_API class with the server access details - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue, debug: $config['pmx_debug_logging']); // Attempt to log in to the server using the API if (!$proxmox->login()) { @@ -189,7 +206,7 @@ public function test_access($server) $userid = 'tfb_' . rand(1000, 9999) . '@pve'; // TODO: Make realm configurable in the module settings // Create a new user for testing purposes - $newuser = $proxmox->post("/access/users", array('userid' => $userid, 'password' => $this->di['tools']->generatePassword(16, 4), 'enable' => '1', 'comment' => 'fossbilling user 2')); + $proxmox->post("/access/users", array('userid' => $userid, 'password' => $this->di['tools']->generatePassword(16, 4), 'enable' => '1', 'comment' => 'FOSSBilling test user ' . $userid)); // Retrieve the newly created user $newuser = $proxmox->get("/access/users/" . $userid); @@ -227,7 +244,8 @@ public function create_client_user($server, $client) $clientuser->client_id = $client->id; $this->di['db']->store($clientuser); $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue, debug: $config['pmx_debug_logging']); if (!$proxmox->login()) { throw new \Box_Exception("Failed to connect to the server. create_client_user"); } diff --git a/ProxmoxServer.php b/ProxmoxServer.php index 7dd5ca3..840fb72 100644 --- a/ProxmoxServer.php +++ b/ProxmoxServer.php @@ -35,12 +35,14 @@ public function test_connection($server) { // Test if login $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue,debug: $config['pmx_debug_logging']); // check if tokenname and tokenvalue contain values by checking their content if (empty($server->tokenname) || empty($server->tokenvalue)) { if (!empty($server->root_user) && !empty($server->root_password)) { if ($proxmox->login()) { + error_log("Serviceproxmox: Login with username and password successful"); return true; } else { throw new \Box_Exception("Login to Proxmox Host failed"); @@ -48,7 +50,60 @@ public function test_connection($server) } else { throw new \Box_Exception("No login information provided"); } + } else if ($proxmox->getVersion()) { + error_log("Serviceproxmox: Login with token successful!"); + return true; + } else { + throw new \Box_Exception("Failed to connect to the server."); + } + } + + /* + Validate token access and setup + */ + public function test_token_connection($server) + { + // Test if login + $serveraccess = $this->find_access($server); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue,debug: $config['pmx_debug_logging']); + // check if tokenname and tokenvalue contain values by checking their content + if (empty($server->tokenname) || empty($server->tokenvalue)) { + throw new \Box_Exception("Token Access Failed: No tokenname or tokenvalue provided"); } else if ($proxmox->get_version()) { + error_log("Serviceproxmox: Login with token successful!"); + $permissions = $proxmox->get("/access/permissions"); + $found_permission = 0; + // Iterate through the permissions and check for 'Realm.AllocateUser' permission + foreach ($permissions as $permission) { + if ($permission['Realm.AllocateUser'] == 1) { + $found_permission += 1; + } + } + // Throw an exception if the 'Realm.AllocateUser' permission is not found + if (!$found_permission) { + throw new \Box_Exception("Token does not have 'Realm.AllocateUser' permission"); + } + + // Validate if there already is a group for fossbilling + $groups = $proxmox->get("/access/groups"); + $foundgroups = 0; + // Iterate through the groups and check for a group beginning with 'fossbilling' + foreach ($groups as $group) { + if (strpos($group['groupid'], 'fossbilling') === 0) { + $foundgroups += 1; + $groupid = $group['groupid']; + } + // check if groupid is the same as the id of the token (fb_1234@pve!fb_access) + $fb_token_instanceid = explode('@', $server->tokenname)[1]; + + + if ($group['groupid'] == $server->tokenname) { + $foundgroups += 1; + $groupid = $group['groupid']; + } + + } return true; } else { throw new \Box_Exception("Failed to connect to the server."); @@ -56,6 +111,7 @@ public function test_connection($server) } + /* Find best Server */ public function find_empty($product) @@ -131,7 +187,8 @@ public function getHardwareData($server) { // Retrieve associated server $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { error_log("ProxmoxServer.php: getHardwareData: Login successful"); @@ -146,7 +203,8 @@ public function getStorageData($server) { // Retrieve associated server $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { $storage = $proxmox->get("/nodes/" . $server->name . "/storage"); return $storage; @@ -160,7 +218,8 @@ public function getAssignedResources($server) { // Retrieve associated server $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { $assigned_resources = $proxmox->get("/nodes/" . $server->name . "/qemu"); return $assigned_resources; @@ -175,7 +234,8 @@ public function getAvailableAppliances() $server = $this->di['db']->getExistingModelById('service_proxmox_server', 1, 'Server not found'); $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { $appliances = $proxmox->get("/nodes/" . $server->name . "/aplinfo"); return $appliances; @@ -188,7 +248,8 @@ public function getAvailableAppliances() public function getQemuTemplates($server) { $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { $templates = $proxmox->get("/nodes/" . $server->name . "/qemu"); return $templates; diff --git a/ProxmoxVM.php b/ProxmoxVM.php index 898bb30..8b416e8 100644 --- a/ProxmoxVM.php +++ b/ProxmoxVM.php @@ -95,7 +95,8 @@ public function delete($order, $model) // Connect to YNH API $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $server->tokenname, tokensecret: $server->tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { $proxmox->post("/nodes/" . $model->node . "/" . $product_config['virt'] . "/" . $model->vmid . "/status/shutdown", array()); @@ -140,7 +141,7 @@ public function vm_info($order, $service) // Test if login $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->get_version()) { $status = $proxmox->get("/nodes/" . $server->name . "/" . $product_config['virt'] . "/" . $service->vmid . "/status/current"); // VM monitoring? @@ -169,7 +170,7 @@ public function vm_reboot($order, $service) // Test if login $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { $proxmox->post("/nodes/" . $server->name . "/" . $product_config['virt'] . "/" . $service->vmid . "/status/shutdown", array()); $status = $proxmox->get("/nodes/" . $server->name . "/" . $product_config['virt'] . "/" . $service->vmid . "/status/current"); @@ -216,7 +217,7 @@ public function vm_start($order, $service) // Test if login $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { $proxmox->post("/nodes/" . $server->name . "/" . $product_config['virt'] . "/" . $service->vmid . "/status/start", array()); return true; @@ -241,7 +242,7 @@ public function vm_shutdown($order, $service) $clientuser = $this->di['db']->findOne('service_proxmox_users', 'server_id = ? and client_id = ?', array($server->id, $client->id)); //echo "D: ".var_dump($order); $serveraccess = $this->find_access($server); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { $settings = array( 'forceStop' => true @@ -279,7 +280,7 @@ public function vm_cli($order, $service) //$password = 'test'; //$proxmox = new PVE2_API($serveraccess, $client->id, $server->name, $password); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->view_tokenname, tokensecret: $clientuser->view_tokenvalue); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->view_tokenname, tokensecret: $clientuser->view_tokenvalue,debug: $config['pmx_debug_logging']); if ($proxmox->login()) { // Get VNC Web proxy ticket by calling /nodes/{node}/{type}/{vmid}/vncproxy diff --git a/Service.php b/Service.php index b41417e..ac52ab8 100644 --- a/Service.php +++ b/Service.php @@ -688,7 +688,8 @@ public function activate($order, $model) $serveraccess = $this->find_access($server); // find client permissions for server $clientuser = $this->di['db']->findOne('service_proxmox_users', 'server_id = ? and client_id = ?', array($server->id, $client->id)); - $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue); + $config = $this->di['mod_config']('Serviceproxmox'); + $proxmox = new PVE2_API($serveraccess, $server->root_user, $server->realm, $server->root_password, port: $server->port, tokenid: $clientuser->admin_tokenname, tokensecret: $clientuser->admin_tokenvalue,debug: $config['pmx_debug_logging']); // Create Proxmox VM if ($proxmox->login()) { diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..ca87598 --- /dev/null +++ b/composer.json @@ -0,0 +1,24 @@ +{ + "name": "vendor/pve2-api-client", + "description": "A Proxmox VE API v2 client for Symfony", + "type": "library", + "require": { + "php": "^8.1|^8.2", + "symfony/http-client": "^5.3", + "symfony/http-foundation": "^5.3", + "symfony/validator": "^5.3" + }, + "autoload": { + "psr-4": { + "Symfony\\Component\\PVE2API\\": "src/" + } + }, + "license": "MIT", + "authors": [ + { + "name": "Christoph Schläpfer", + "email": "chris+github@cleverly.ch" + } + ] + } + \ No newline at end of file diff --git a/html_admin/mod_serviceproxmox_index.html.twig b/html_admin/mod_serviceproxmox_index.html.twig index 151f4a7..7f8d043 100644 --- a/html_admin/mod_serviceproxmox_index.html.twig +++ b/html_admin/mod_serviceproxmox_index.html.twig @@ -258,25 +258,62 @@ + +
+ +
+
+ + +
+
+ + +
+
+
+ + +
- +
-
+
- +
This password will only be used to create the access tokens on the pve server.
- +
+
+ +
+ +
+
+
+ +
+ +
+ This token will be used to authenticate with the pve server. +
+
+
+ + +
+
+ + +
+
+ + +
+
+
diff --git a/pve2_api.class.php b/pve2_api.class.php index 71fafaa..d229da5 100755 --- a/pve2_api.class.php +++ b/pve2_api.class.php @@ -24,640 +24,364 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + namespace Box\Mod\Serviceproxmox; -class PVE2_Exception extends \RuntimeException {} - -class PVE2_API { - protected $hostname; - protected $username; - protected $realm; - protected $password; - protected $port; - protected $verify_ssl; - protected $login_ticket = null; - protected $login_ticket_timestamp = null; - protected $cluster_node_list = null; - - public function __construct ($hostname, $username, $realm, $password, $port = 8006, $verify_ssl = false, $tokenid = null, $tokensecret = null, ) { - if ((empty($hostname) || empty($realm)) || (empty($username) && empty($password) && empty($tokenid) && empty($tokensecret)) || empty($port)) { - throw new PVE2_Exception("Hostname/Realm and either Username/Password or TokenId/TokenSecret are required for PVE2_API object constructor.", 1); +use Symfony\Component\HttpClient\HttpClient; +use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface; +use Symfony\Component\HttpFoundation\Exception\BadRequestException; +use Symfony\Component\Validator\Constraints as Assert; +use Symfony\Component\Validator\Validation; +use Symfony\Component\HttpFoundation\Exception\JsonException; + +class PVE2_Exception extends \RuntimeException +{ +} + +/** + * PVE2_API class represents a client for the Proxmox VE API. + * + * This class provides methods for interacting with the Proxmox VE API, allowing users to manage virtual machines, containers, and other resources. + * + * @category Proxmox VE + * @package PVE2_API_Client + */ +class PVE2_API +{ + protected string $hostname; + protected ?string $username = null; + protected string $realm; + protected ?string $password = null; + protected int $port; + protected bool $verify_ssl; + protected ?string $tokenid = null; + protected ?string $tokensecret = null; + protected bool $api_token_access = false; + protected ?array $login_ticket = null; + protected ?int $login_ticket_timestamp = null; + protected ?array $clusterNodeList = null; + protected bool $debug = false; + + public function __construct( + string $hostname, + ?string $username = null, + string $realm, + ?string $password = null, + int $port = 8006, + bool $verify_ssl = false, + ?string $tokenid = null, + ?string $tokensecret = null, + bool $debug = false + ) { + $validator = Validation::createValidator(); + + $constraints = new Assert\Collection([ + 'hostname' => new Assert\NotBlank(), + 'realm' => new Assert\NotBlank(), + 'port' => new Assert\Range(['min' => 1, 'max' => 65535]), + 'verify_ssl' => new Assert\Type('bool'), + ]); + + $input = [ + 'hostname' => $hostname, + 'realm' => $realm, + 'port' => $port, + 'verify_ssl' => $verify_ssl, + ]; + + $violations = $validator->validate($input, $constraints); + + $violationsList = []; + foreach ($violations as $violation) { + $violationsList[] = $violation->getPropertyPath() . ': ' . $violation->getMessage(); } - // Check hostname resolves. - if (gethostbyname($hostname) == $hostname && !filter_var($hostname, FILTER_VALIDATE_IP)) { - throw new PVE2_Exception("Cannot resolve {$hostname}.", 2); + + if (!empty($violationsList)) { + throw new BadRequestException('Invalid input parameters: ' . implode(', ', $violationsList)); } - // Check port is between 1 and 65535. - if (!filter_var($port, FILTER_VALIDATE_INT, ['options' => ['min_range' => 1, 'max_range' => 65535]])) { - throw new PVE2_Exception("Port must be an integer between 1 and 65535.", 6); + + if ((empty($username) || empty($password)) && (empty($tokenid) || empty($tokensecret))) { + throw new BadRequestException('Either username and password OR tokenid and tokensecret must be provided.'); } - // Check that verify_ssl is boolean. - if (!is_bool($verify_ssl)) { - throw new PVE2_Exception("verify_ssl must be boolean.", 7); + + if (empty($username) && empty($password) && empty($tokenid) && empty($tokensecret)) { + throw new BadRequestException('Both username/password and tokenid/tokensecret cannot be empty. At least one pair must be provided.'); } - $this->hostname = $hostname; - $this->username = $username; - $this->realm = $realm; - $this->tokenid = $tokenid; - $this->tokensecret = $tokensecret; - $this->password = $password; - $this->port = $port; - $this->verify_ssl = $verify_ssl; - // Check if we have a tokenid and tokensecret, if so, we can use API token access. - if (!empty($tokenid) && !empty($tokensecret)) { - $this->api_token_access = true; - }else { - $this->api_token_access = false; + + if (gethostbyname($hostname) == $hostname && !filter_var($hostname, FILTER_VALIDATE_IP)) { + throw new BadRequestException("Cannot resolve {$hostname}."); } + + $this->hostname = $hostname; + $this->username = $username; + $this->realm = $realm; + $this->password = $password; + $this->port = $port; + $this->verify_ssl = $verify_ssl; + $this->tokenid = $tokenid; + $this->tokensecret = $tokensecret; + $this->debug = $debug; + + $this->api_token_access = !empty($tokenid) && !empty($tokensecret); } - /* - * bool login () - * Performs login to PVE Server using JSON API, and obtains Access Ticket. - */ - public function login () { - // Prepare login variables. - $login_postfields = array(); - - // Prepare cURL handle. - $prox_ch = curl_init(); - - // Base URL for later use. - $api_url_base = "https://{$this->hostname}:{$this->port}/api2/json"; - - // If we can use API token access, do so. + + public function login(): bool + { + $apiUrlBase = "https://{$this->hostname}:{$this->port}/api2/json"; + $client = HttpClient::create(['verify_peer' => $this->verify_ssl, 'verify_host' => $this->verify_ssl]); + if ($this->api_token_access) { + $response = $client->request('GET', "$apiUrlBase/version", [ + 'headers' => ["Authorization" => "PVEAPIToken={$this->tokenid}={$this->tokensecret}"], + ]); - $put_post_http_headers[] = "Authorization: PVEAPIToken={$this->tokenid}={$this->tokensecret}"; - curl_setopt($prox_ch, CURLOPT_URL, $api_url_base."/version"); - curl_setopt($prox_ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($prox_ch, CURLOPT_HTTPHEADER, $put_post_http_headers); - curl_setopt($prox_ch, CURLOPT_SSL_VERIFYPEER, $this->verify_ssl); - curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, $this->verify_ssl); - $version_information = curl_exec($prox_ch); - $version_information_info = curl_getinfo($prox_ch); - $version_information_data = json_decode($version_information, true); - curl_close($prox_ch); - unset($prox_ch); - - if (!$version_information) { - // SSL negotiation failed or connection timed out + if (200 !== $response->getStatusCode()) { + // Handle error appropriately return false; } - if ($version_information_data == null || $version_information_data['data'] == null) { - // Login failed. - if ($version_information_info['ssl_verify_result'] == 1) { - throw new PVE2_Exception("Invalid SSL cert on {$this->hostname} - check that the hostname is correct, and that it appears in the server certificate's SAN list. Alternatively set the verify_ssl flag to false if you are using internal self-signed certs (ensure you are aware of the security risks before doing so).", 4); - } - return false; - } else { - // Login success. - $this->reload_node_list(); + try { + $data = $response->toArray(); + $this->reloadNodeList(); return true; + } catch (JsonException $e) { + // Handle JSON error + return false; } - } else { - - - $login_postfields['username'] = $this->username; - $login_postfields['password'] = $this->password; - $login_postfields['realm'] = $this->realm; - - $login_postfields_string = http_build_query($login_postfields); - unset($login_postfields); - - // Perform login request. - - curl_setopt($prox_ch, CURLOPT_URL, $api_url_base."/access/ticket"); - curl_setopt($prox_ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($prox_ch, CURLOPT_POSTFIELDS, $login_postfields_string); - curl_setopt($prox_ch, CURLOPT_SSL_VERIFYPEER, $this->verify_ssl); - curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, $this->verify_ssl); + } - $login_ticket_request = curl_exec($prox_ch); - $login_request_info = curl_getinfo($prox_ch); + $response = $client->request('POST', "$apiUrlBase/access/ticket", [ + 'body' => [ + 'username' => $this->username, + 'password' => $this->password, + 'realm' => $this->realm, + ] + ]); - curl_close($prox_ch); - unset($prox_ch); - unset($login_postfields_string); + if (200 !== $response->getStatusCode()) { + // Handle error appropriately + return false; + } - if (!$login_ticket_request) { - throw new PVE2_Exception("SSL negotiation failed or connection timed out.", 7); - // SSL negotiation failed or connection timed out - $this->login_ticket_timestamp = null; - return false; - } - - $login_ticket_data = json_decode($login_ticket_request, true); - if ($login_ticket_data == null || $login_ticket_data['data'] == null) { - // Login failed. - // Just to be safe, set this to null again. - $this->login_ticket_timestamp = null; - if ($login_request_info['ssl_verify_result'] == 1) { - throw new PVE2_Exception("Invalid SSL cert on {$this->hostname} - check that the hostname is correct, and that it appears in the server certificate's SAN list. Alternatively set the verify_ssl flag to false if you are using internal self-signed certs (ensure you are aware of the security risks before doing so).", 4); - } - return false; - } else { - // Login success. - $this->login_ticket = $login_ticket_data['data']; - // We store a UNIX timestamp of when the ticket was generated here, - // so we can identify when we need a new one expiration-wise later - // on... - $this->login_ticket_timestamp = time(); - $this->reload_node_list(); - return true; - } - } + try { + $data = $response->toArray(); + $this->login_ticket = $data['data']; + $this->login_ticket_timestamp = time(); + $this->reloadNodeList(); + return true; + } catch (JsonException $e) { + // Handle JSON error + return false; } + } - # Sets the PVEAuthCookie - # Attetion, after using this the user is logged into the web interface aswell! - # Use with care, and DO NOT use with root, it may harm your system - public function setCookie() { - // exit successfully if api_token_access is true + protected function checkLoginTicket(): bool + { if ($this->api_token_access) { return true; } - if (!$this->check_login_ticket()) { - throw new PVE2_Exception("Not logged into Proxmox host. No Login access ticket found or ticket expired.", 3); - } - setrawcookie("PVEAuthCookie", $this->login_ticket['ticket'], 0, "/"); - } + if ($this->login_ticket === null || $this->login_ticket_timestamp === null) { + $this->resetLoginTicket(); + return false; + } - /* - * bool check_login_ticket () - * Checks if the login ticket is valid still, returns false if not. - * Method of checking is purely by age of ticket right now... - */ - protected function check_login_ticket () { - // if api_token_access is true, return true - if ($this->api_token_access) { - return true; - } - if ( $this->login_ticket == null) { - // Just to be safe, set this to null again. - $this->login_ticket_timestamp = null; - return false; - } + // If the current timestamp is greater than the timestamp of the login ticket plus 7200 seconds (2 hours), it is expired. + if (time() >= $this->login_ticket_timestamp + 7200) { + $this->resetLoginTicket(); + return false; + } - if ($this->login_ticket_timestamp >= (time() + 7200)) { - // Reset login ticket object values. - $this->login_ticket = null; - $this->login_ticket_timestamp = null; - return false; - } else { - return true; - } + return true; } - /* - * object action (string action_path, string http_method[, array put_post_parameters]) - * This method is responsible for the general cURL requests to the JSON API, - * and sits behind the abstraction layer methods get/put/post/delete etc. - */ - private function action ($action_path, $http_method, $put_post_parameters = null) { - // Check if we have a prefixed / on the path, if not add one. - if (substr($action_path, 0, 1) != "/") { - $action_path = "/".$action_path; - } - - if (!$this->check_login_ticket()) { + private function resetLoginTicket(): void + { + $this->login_ticket = null; + $this->login_ticket_timestamp = null; + } + + + private function action(string $actionPath, string $httpMethod, array $parameters = []): mixed + { + $actionPath = $this->normalizeActionPath($actionPath); + + if (!$this->checkLoginTicket()) { throw new PVE2_Exception("No valid connection to Proxmox host. No Login access ticket found, ticket expired or no API Token set up.", 3); } - // Prepare cURL resource. - $prox_ch = curl_init(); - curl_setopt($prox_ch, CURLOPT_URL, "https://{$this->hostname}:{$this->port}/api2/json{$action_path}"); + $url = "https://{$this->hostname}:{$this->port}/api2/json{$actionPath}"; - $put_post_http_headers = array(); - if (!$this->api_token_access) { - $put_post_http_headers[] = "CSRFPreventionToken: {$this->login_ticket['CSRFPreventionToken']}"; - } else { - $put_post_http_headers[] = "Authorization: PVEAPIToken={$this->tokenid}={$this->tokensecret}"; - } - // Lets decide what type of action we are taking... - switch ($http_method) { - case "GET": - // add headers for GET requests if api_token_access is true - if ($this->api_token_access) { - - - // Add required HTTP headers. - curl_setopt($prox_ch, CURLOPT_HTTPHEADER, $put_post_http_headers); - } - - break; - case "PUT": - curl_setopt($prox_ch, CURLOPT_CUSTOMREQUEST, "PUT"); - - // Set "POST" data. - $action_postfields_string = http_build_query($put_post_parameters); - curl_setopt($prox_ch, CURLOPT_POSTFIELDS, $action_postfields_string); - unset($action_postfields_string); - - // Add required HTTP headers. - curl_setopt($prox_ch, CURLOPT_HTTPHEADER, $put_post_http_headers); - break; - case "POST": - curl_setopt($prox_ch, CURLOPT_POST, true); - - // Set POST data. - $action_postfields_string = http_build_query($put_post_parameters); - curl_setopt($prox_ch, CURLOPT_POSTFIELDS, $action_postfields_string); - unset($action_postfields_string); - - // Add required HTTP headers. - curl_setopt($prox_ch, CURLOPT_HTTPHEADER, $put_post_http_headers); - break; - case "DELETE": - curl_setopt($prox_ch, CURLOPT_CUSTOMREQUEST, "DELETE"); - // No "POST" data required, the delete destination is specified in the URL. - - // Add required HTTP headers. - curl_setopt($prox_ch, CURLOPT_HTTPHEADER, $put_post_http_headers); - break; - default: - throw new PVE2_Exception("Error - Invalid HTTP Method specified.", 5); - return false; - } + $client = HttpClient::create([ + 'headers' => $this->buildHeaders(), + 'verify_peer' => $this->verify_ssl, + 'verify_host' => $this->verify_ssl, + ]); - curl_setopt($prox_ch, CURLOPT_HEADER, true); - curl_setopt($prox_ch, CURLOPT_RETURNTRANSFER, true); - - // only set this cookie if api_token_access is false - if (!$this->api_token_access) { - curl_setopt($prox_ch, CURLOPT_COOKIE, "PVEAuthCookie=".$this->login_ticket['ticket']); - } - curl_setopt($prox_ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, false); - - $action_response = curl_exec($prox_ch); - - curl_close($prox_ch); - unset($prox_ch); - - $split_action_response = explode("\r\n\r\n", $action_response, 2); - $header_response = $split_action_response[0]; - $body_response = $split_action_response[1]; - $action_response_array = json_decode($body_response, true); - - $action_response_export = var_export($action_response_array, true); - error_log("----------------------------------------------\n" . - "FULL RESPONSE:\n\n{$action_response}\n\nEND FULL RESPONSE\n\n" . - "Headers:\n\n{$header_response}\n\nEnd Headers\n\n" . - "Data:\n\n{$body_response}\n\nEnd Data\n\n" . - "RESPONSE ARRAY:\n\n{$action_response_export}\n\nEND RESPONSE ARRAY\n" . - "----------------------------------------------"); - - unset($action_response); - unset($action_response_export); - - // Parse response, confirm HTTP response code etc. - $split_headers = explode("\r\n", $header_response); - if (substr($split_headers[0], 0, 9) == "HTTP/1.1 ") { - $split_http_response_line = explode(" ", $split_headers[0]); - if ($split_http_response_line[1] == "200") { - if ($http_method == "PUT") { - return true; - } else { - return $action_response_array['data']; - } + try { + $response = $client->request($httpMethod, $url, ['body' => $parameters]); + $statusCode = $response->getStatusCode(); + $errorMessage = "API Request failed. HTTP Response - {$statusCode}"; + if ($this->debug) { + $errorMessage .= PHP_EOL . "HTTP Method: {$httpMethod}" . PHP_EOL . "URL: {$url}" . PHP_EOL . "Parameters: " . json_encode($parameters) . PHP_EOL . "Response Headers: " . json_encode($response->getHeaders(false)) . PHP_EOL . "Response: " . $response->getContent(false); } else { - error_log("This API Request Failed.\n" . - "HTTP Response - {$split_http_response_line[1]}\n" . - "HTTP Error - {$split_headers[0]}"); - return false; + $errorMessage = $response->toArray()['errors'] ?? $errorMessage; } - } else { - error_log("Error - Invalid HTTP Response.\n" . var_export($split_headers, true)); - return false; - } + if ($statusCode === 200) { + return $response->toArray()['data'] ?? true; + } + + // Handle the 500 status and check ReasonPhrase + if ($statusCode === 500) { + return null; + } + + - if (!empty($action_response_array['data'])) { - return $action_response_array['data']; - } else { - error_log("\$action_response_array['data'] is empty. Returning false.\n" . - var_export($action_response_array['data'], true)); - return false; + throw new PVE2_Exception($errorMessage, $statusCode); + + } catch (TransportExceptionInterface $e) { + $errorMessage = "Transport Exception: " . $e->getMessage(); + if ($this->debug) { + $errorMessage .= PHP_EOL . "HTTP Method: {$httpMethod}" . PHP_EOL . "URL: {$url}" . PHP_EOL . "Parameters: " . json_encode($parameters) . PHP_EOL . "Response Headers: " . json_encode($response->getHeaders(false)) . PHP_EOL . "Response: " . $response->getContent(false); + } + throw new PVE2_Exception($errorMessage, 0, $e); } } - /* - * array reload_node_list () - * Returns the list of node names as provided by /api2/json/nodes. - * We need this for future get/post/put/delete calls. - * ie. $this->get("nodes/XXX/status"); where XXX is one of the values from this return array. - */ - public function reload_node_list () { - $node_list = $this->get("/nodes"); - if (count($node_list) > 0) { - $nodes_array = array(); - foreach ($node_list as $node) { - $nodes_array[] = $node['node']; - } - $this->cluster_node_list = $nodes_array; - return true; - } else { - error_log(" Empty list of nodes returned in this cluster."); - return false; - } + private function normalizeActionPath(string $actionPath): string + { + return '/' . ltrim($actionPath, '/'); } - /* - * array get_node_list () - * - */ - public function get_node_list () { - // We run this if we haven't queried for cluster nodes as yet, and cache it in the object. - if ($this->cluster_node_list == null) { - if ($this->reload_node_list() === false) { - return false; - } + private function buildHeaders(): array + { + $headers = [ + 'Content-Type' => 'application/x-www-form-urlencoded', + 'Accept' => 'application/json', + ]; + + if ($this->api_token_access) { + $headers['Authorization'] = "PVEAPIToken={$this->tokenid}={$this->tokensecret}"; + } else { + $headers['CSRFPreventionToken'] = $this->login_ticket['CSRFPreventionToken']; + $headers['Cookie'] = "PVEAuthCookie=" . $this->login_ticket['ticket']; } - return $this->cluster_node_list; + return $headers; } - - /* - * bool|int get_next_vmid () - * Get Last VMID from a Cluster or a Node - * returns a VMID, or false if not found. - */ - public function get_next_vmid () { - $vmid = $this->get("/cluster/nextid"); - if ($vmid == null) { - return false; - } else { - return $vmid; + public function __call($name, $arguments) + { + if (in_array(strtoupper($name), ['GET', 'POST', 'PUT', 'DELETE'])) { + $actionPath = $arguments[0] ?? ''; + $parameters = $arguments[1] ?? []; + return $this->action($actionPath, strtoupper($name), $parameters); } + + throw new BadMethodCallException("Method {$name} not exists in " . __CLASS__); } - /* - * array get_vms () - * Get List of all vms - */ - public function get_vms () { - $node_list = $this->get_node_list(); - $result=[]; - if (count($node_list) > 0) { - foreach ($node_list as $node_name) { - $vms_list = $this->get("nodes/" . $node_name . "/qemu/"); - if (count($vms_list) > 0) { - $key_values = array_column($vms_list, 'vmid'); - array_multisort($key_values, SORT_ASC, $vms_list); - foreach($vms_list as &$row) { - $row[node] = $node_name; - } - $result = array_merge($result, $vms_list); - } - if (count($result) > 0) { - $this->$cluster_vms_list = $result; - return $this->$cluster_vms_list; - } else { - error_log(" Empty list of vms returned in this cluster."); - return false; - } - } - } else { - error_log(" Empty list of nodes returned in this cluster."); - return false; + public function reloadNodeList(): bool + { + $nodeList = $this->get("/nodes"); + + if ($nodeList && count($nodeList) > 0) { + $this->clusterNodeList = array_map(static fn ($node) => $node['node'], $nodeList); + return true; } + + // Handle error according to your application’s error handling strategy + error_log("Empty list of nodes returned in this cluster."); + return false; } - - /* - * bool|int start_vm ($node,$vmid) - * Start specific vm - */ - public function start_vm ($node,$vmid) { - if(isset($vmid) && isset($node)){ - $parameters = array( - "vmid" => $vmid, - "node" => $node, - ); - $url = "/nodes/" . $node . "/qemu/" . $vmid . "/status/start"; - $post = $this->post($url,$parameters); - if ($post) { - error_log("Started vm " . $vmid . ""); - return true; - } else { - error_log("Error starting vm " . $vmid . ""); - return false; - } - } else { - error_log("no vm or node valid"); - return false; + + + public function getNodeList(): ?array + { + if ($this->clusterNodeList === null && !$this->reloadNodeList()) { + return null; } + + return $this->clusterNodeList; } - - /* - * bool|int shutdown_vm ($node,$vmid) - * Gracefully shutdown specific vm - */ - public function shutdown_vm ($node,$vmid) { - if(isset($vmid) && isset($node)){ - $parameters = array( - "vmid" => $vmid, - "node" => $node, - "timeout" => 60, - ); - $url = "/nodes/" . $node . "/qemu/" . $vmid . "/status/shutdown"; - $post = $this->post($url,$parameters); - if ($post) { - error_log("Shutdown vm " . $vmid . ""); - return true; - } else { - error_log("Error shutting down vm " . $vmid . ""); - return false; - } - } else { - error_log("no vm or node valid"); - return false; - } + + public function getNextVmid(): ?int + { + return $this->get("/cluster/nextid") ?: null; } - /* - * bool|int stop_vm ($node,$vmid) - * Force stop specific vm - */ - public function stop_vm ($node,$vmid) { - if(isset($vmid) && isset($node)){ - $parameters = array( - "vmid" => $vmid, - "node" => $node, - "timeout" => 60, - ); - $url = "/nodes/" . $node . "/qemu/" . $vmid . "/status/stop"; - $post = $this->post($url,$parameters); - if ($post) { - error_log("Stopped vm " . $vmid . ""); - return true; - } else { - error_log("Error stopping vm " . $vmid . ""); - return false; - } - } else { - error_log("no vm or node valid"); - return false; + public function getVms(): ?array + { + $nodeList = $this->getNodeList(); + if (!$nodeList) { + return null; } - } - - /* - * bool|int resume_vm ($node,$vmid) - * Resume from suspend specific vm - */ - public function resume_vm ($node,$vmid) { - if(isset($vmid) && isset($node)){ - $parameters = array( - "vmid" => $vmid, - "node" => $node, - ); - $url = "/nodes/" . $node . "/qemu/" . $vmid . "/status/resume"; - $post = $this->post($url,$parameters); - if ($post) { - error_log("Resumed vm " . $vmid . ""); - return true; - } else { - error_log("Error resuming vm " . $vmid . ""); - return false; + + $result = []; + foreach ($nodeList as $nodeName) { + $vmsList = $this->get("nodes/$nodeName/qemu/"); + if ($vmsList) { + array_walk($vmsList, static fn (&$row) => $row['node'] = $nodeName); + $result = array_merge($result, $vmsList); } - } else { - error_log("no vm or node valid"); - return false; } + return $result ?: null; } - - /* - * bool|int suspend_vm ($node,$vmid) - * Suspend specific vm - */ - public function suspend_vm ($node,$vmid) { - if(isset($vmid) && isset($node)){ - $parameters = array( - "vmid" => $vmid, - "node" => $node, - ); - $url = "/nodes/" . $node . "/qemu/" . $vmid . "/status/suspend"; - $post = $this->post($url,$parameters); - if ($post) { - error_log("Suspended vm " . $vmid . ""); - return true; - } else { - error_log("Error suspending vm " . $vmid . ""); - return false; - } - } else { - error_log("no vm or node valid"); - return false; - } + + public function manageVm(string $node, int $vmid, string $action, array $parameters): bool + { + $url = "/nodes/$node/qemu/$vmid/status/$action"; + return (bool) $this->post($url, $parameters); } - - /* - * bool|int clone_vm ($node,$vmid) - * Create fullclone of vm - */ - public function clone_vm ($node,$vmid) { - if(isset($vmid) && isset($node)){ - $lastid = $this->get_next_vmid(); - $parameters = array( - "vmid" => $vmid, - "node" => $node, - "newid" => $lastid, - "full" => true, - ); - $url = "/nodes/" . $node . "/qemu/" . $vmid . "/clone"; - $post = $this->post($url,$parameters); - if ($post) { - error_log("Cloned vm " . $vmid . " to " . $lastid . ""); - return true; - } else { - error_log("Error cloning vm " . $vmid . " to " . $lastid . ""); - return false; - } - } else { - error_log("no vm or node valid"); - return false; - } + + public function startVm(string $node, int $vmid): bool + { + return $this->manageVm($node, $vmid, 'start', ['vmid' => $vmid, 'node' => $node]); } - /* - * bool|int snapshot_vm ($node,$vmid,$snapname = NULL) - * Create snapshot of vm - */ - public function snapshot_vm ($node,$vmid,$snapname = NULL) { - if(isset($vmid) && isset($node)){ - $lastid = $this->get_next_vmid(); - if (is_null($snapname)){ - $parameters = array( - "vmid" => $vmid, - "node" => $node, - "vmstate" => true, - ); - } else { - $parameters = array( - "vmid" => $vmid, - "node" => $node, - "vmstate" => true, - "snapname" => $snapname, - ); - } - $url = "/nodes/" . $node . "/qemu/" . $vmid . "/snapshot"; - $post = $this->post($url,$parameters); - if ($post) { - error_log("Cloned vm " . $vmid . " to " . $lastid . ""); - return true; - } else { - error_log("Error cloning vm " . $vmid . " to " . $lastid . ""); - return false; - } - } else { - error_log("no vm or node valid"); - return false; - } + public function shutdownVm(string $node, int $vmid): bool + { + return $this->manageVm($node, $vmid, 'shutdown', ['vmid' => $vmid, 'node' => $node, 'timeout' => 60]); } - - /* - * bool|string get_version () - * Return the version and minor revision of Proxmox Server - */ - public function get_version () { - $version = $this->get("/version"); - if ($version == null) { - return false; - } else { - return $version['version']; - } + + public function stopVm(string $node, int $vmid): bool + { + return $this->manageVm($node, $vmid, 'stop', ['vmid' => $vmid, 'node' => $node, 'timeout' => 60]); } - /* - * object/array? get (string action_path) - */ - public function get ($action_path) { - return $this->action($action_path, "GET"); + public function resumeVm(string $node, int $vmid): bool + { + return $this->manageVm($node, $vmid, 'resume', ['vmid' => $vmid, 'node' => $node, 'timeout' => 60]); } - /* - * bool put (string action_path, array parameters) - */ - public function put ($action_path, $parameters) { - return $this->action($action_path, "PUT", $parameters); + public function suspendVm(string $node, int $vmid): bool + { + return $this->manageVm($node, $vmid, 'suspend', ['vmid' => $vmid, 'node' => $node, 'timeout' => 60]); } - /* - * bool post (string action_path, array parameters) - */ - public function post ($action_path, $parameters) { - return $this->action($action_path, "POST", $parameters); + public function cloneVm(string $node, int $vmid): bool + { + $newid = $this->getNextVmid(); + $url = "/nodes/$node/qemu/$vmid/clone"; + $parameters = ['vmid' => $vmid, 'node' => $node, 'newid' => $newid, 'full' => true]; + + return (bool) $this->post($url, $parameters); } - /* - * bool delete (string action_path) - */ - public function delete ($action_path) { - return $this->action($action_path, "DELETE"); + public function snapshotVm(string $node, int $vmid, ?string $snapname = null): bool + { + $url = "/nodes/$node/qemu/$vmid/snapshot"; + $parameters = ['vmid' => $vmid, 'node' => $node, 'vmstate' => true, 'snapname' => $snapname]; + + return (bool) $this->post($url, $parameters); } - // Logout not required, PVEAuthCookie tokens have a 2 hour lifetime. + public function getVersion(): ?string + { + $version = $this->get("/version"); + return $version['version'] ?? null; + } }