From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH manager v6 02/15] api: add resource map api endpoints for PCI and USB
Date: Fri, 16 Jun 2023 09:50:14 +0200 [thread overview]
Message-ID: <1686900251.1zunohpk4l.astroid@yuna.none> (raw)
In-Reply-To: <20230614084622.1446211-9-d.csapak@proxmox.com>
On June 14, 2023 10:46 am, Dominik Csapak wrote:
> this adds the typical section config crud API calls for
> USB and PCI resource mapping to /cluster/resource/{TYPE}
>
> the only special thing that this series does is the list call
> for both has a special 'check-node' parameter that uses the
> 'proxyto_callback' to reroute the api call to the given node
> so that it can check the validity of the mapping for that node
>
> in the future when we e.g. broadcast the lspci output via pmxcfs
> we drop the proxyto_callback and directly use the info from
> pmxcfs (or we drop the parameter and always check all nodes)
>
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
> PVE/API2/Cluster.pm | 8 +
> PVE/API2/Cluster/Makefile | 5 +
> PVE/API2/Cluster/Mapping.pm | 53 ++++++
> PVE/API2/Cluster/Mapping/Makefile | 18 ++
> PVE/API2/Cluster/Mapping/PCI.pm | 300 ++++++++++++++++++++++++++++++
> PVE/API2/Cluster/Mapping/USB.pm | 295 +++++++++++++++++++++++++++++
> PVE/API2/Hardware.pm | 1 -
> PVE/API2/Nodes.pm | 1 +
> 8 files changed, 680 insertions(+), 1 deletion(-)
> create mode 100644 PVE/API2/Cluster/Mapping.pm
> create mode 100644 PVE/API2/Cluster/Mapping/Makefile
> create mode 100644 PVE/API2/Cluster/Mapping/PCI.pm
> create mode 100644 PVE/API2/Cluster/Mapping/USB.pm
[..]
> diff --git a/PVE/API2/Cluster/Mapping/PCI.pm b/PVE/API2/Cluster/Mapping/PCI.pm
> new file mode 100644
> index 00000000..9fe20bea
> --- /dev/null
> +++ b/PVE/API2/Cluster/Mapping/PCI.pm
> @@ -0,0 +1,300 @@
> +package PVE::API2::Cluster::Mapping::PCI;
> +
> +use strict;
> +use warnings;
> +
> +use Storable qw(dclone);
> +
> +use PVE::Cluster qw(cfs_lock_file);
> +use PVE::Mapping::PCI;
> +use PVE::JSONSchema qw(get_standard_option);
> +use PVE::Tools qw(extract_param);
> +
> +use PVE::RESTHandler;
> +
> +use base qw(PVE::RESTHandler);
> +
> +__PACKAGE__->register_method ({
> + name => 'index',
> + path => '',
> + method => 'GET',
> + # only proxy if we give the 'check-node' parameter
> + proxyto_callback => sub {
> + my ($rpcenv, $proxyto, $param) = @_;
> + return $param->{'check-node'} // 'localhost';
> + },
> + description => "List PCI Hardware Mapping",
> + permissions => {
> + description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or".
> + " 'Mapping.Audit' permissions on '/mapping/pci/<name>'.",
nit: the schema/parameters call it 'id', not 'name', repeated a few
times below..
if I create a mapping and then query this API endpoint with pvesh, I get
a wrong result:
$ pvesh ls /cluster/mapping/usb --output-format json
Use of uninitialized value $c in concatenation (.) or string at /usr/share/perl5/PVE/CLI/pvesh.pm line 364.
[{"capabilities":"Dr-c-","name":null}]
not sure whether the issue is with pvesh or here, but could be related
to
> + user => 'all',
> + },
> + parameters => {
> + additionalProperties => 0,
> + properties => {
> + 'check-node' => get_standard_option('pve-node', {
> + description => "If given, checks the configurations on the given node for ".
> + "correctness, and adds relevant errors to the devices.",
> + optional => 1,
> + }),
> + },
> + },
> + returns => {
> + type => 'array',
> + items => {
> + type => "object",
> + properties => {
> + id => {
> + type => 'string',
> + description => "The logical ID of the mapping."
> + },
> + map => {
> + type => 'array',
> + description => "The entries of the mapping.",
> + items => {
> + type => 'string',
> + description => "A mapping for a node.",
> + },
> + },
> + description => {
> + type => 'string',
> + description => "A description of the logical mapping.",
> + },
> + error => {
> + description => "A list of errors when 'check_node' is given.",
> + items => {
> + type => 'object',
> + properties => {
> + severity => {
> + type => "string",
> + description => "The severity of the error",
> + },
> + message => {
> + type => "string",
> + description => "The message of the error",
> + },
> + },
> + }
> + },
> + },
> + },
> + links => [ { rel => 'child', href => "{name}" } ],
this part here, where it tries to link children using 'name', although
the return value only contains 'id' as property..
> + },
> + code => sub {
> + my ($param) = @_;
> +
> + my $rpcenv = PVE::RPCEnvironment::get();
> + my $authuser = $rpcenv->get_user();
> + my $node = $param->{'check-node'};
> +
> + die "Wrong node to check\n"
> + if defined($node) && $node ne 'localhost' && $node ne PVE::INotify::nodename();
> +
> + my $cfg = PVE::Mapping::PCI::config();
> +
> + my $res = [];
> +
> + my $privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit'];
> +
> + for my $id (keys $cfg->{ids}->%*) {
> + next if !$rpcenv->check_full($authuser, "/mapping/pci/$id", $privs, 1, 1);
> + next if !$cfg->{ids}->{$id};
> +
> + my $entry = dclone($cfg->{ids}->{$id});
> + $entry->{id} = $id;
> + $entry->{digest} = $cfg->{digest};
> +
> + if (defined($node)) {
> + $entry->{errors} = [];
> + if (my $mappings = PVE::Mapping::PCI::get_node_mapping($cfg, $id, $node)) {
> + if (!scalar($mappings->@*)) {
> + push $entry->{errors}->@*, {
> + severity => 'warning',
> + message => "No mapping for node $node.",
> + };
> + }
> + for my $mapping ($mappings->@*) {
> + eval {
> + PVE::Mapping::PCI::assert_valid($id, $mapping);
> + };
> + if (my $err = $@) {
> + push $entry->{errors}->@*, {
> + severity => 'error',
> + message => "Invalid configuration: $err",
> + };
> + }
> + }
> + }
> + }
> +
> + push @$res, $entry;
this adds the full entry to the returned value, and the permission check
allows it with Mappings.*
> + }
> +
> + return $res;
> + },
> +});
> +
> +__PACKAGE__->register_method ({
> + name => 'get',
> + protected => 1,
> + path => '{id}',
> + method => 'GET',
> + description => "Get PCI Mapping.",
> + permissions => {
> + check =>['or',
> + ['perm', '/mapping/pci/{name}', ['Mapping.Use']],
> + ['perm', '/mapping/pci/{name}', ['Mapping.Modify']],
but this here doesn't allow Mapping.Audit?
either the index call needs to return a limited view, or this should be
allowed for Audit as well I think?
> + ],
> + },
> + parameters => {
> + additionalProperties => 0,
> + properties => {
> + id => {
> + type => 'string',
> + format => 'pve-configid',
> + },
> + }
> + },
> + returns => { type => 'object' },
> + code => sub {
> + my ($param) = @_;
> +
> + my $cfg = PVE::Mapping::PCI::config();
> + my $id = $param->{id};
> +
> + my $entry = $cfg->{ids}->{$id};
> + die "mapping '$param->{id}' not found\n" if !defined($entry);
> +
> + my $data = dclone($entry);
> +
> + $data->{digest} = $cfg->{digest};
> +
> + return $data;
> + }});
> +
> +__PACKAGE__->register_method ({
> + name => 'create',
> + protected => 1,
> + path => '',
> + method => 'POST',
> + description => "Create a new hardware mapping.",
> + permissions => {
> + check => ['perm', '/mapping/pci/{name}', ['Mapping.Modify']],
we usually use the higher level path for creating (/mapping/pci) -
although the priv here is 'Modify' and not 'Allocate', we are still
creating a new entry ;)
> + },
> + # todo parameters
? ;)
> + parameters => PVE::Mapping::PCI->createSchema(1),
> + returns => {
> + type => 'null',
> + },
> + code => sub {
> + my ($param) = @_;
> +
> + my $id = extract_param($param, 'id');
> +
> + my $plugin = PVE::Mapping::PCI->lookup('pci');
> + my $opts = $plugin->check_config($id, $param, 1, 1);
> +
> + PVE::Mapping::PCI::lock_pci_config(sub {
> + my $cfg = PVE::Mapping::PCI::config();
> +
> + die "pci ID '$id' already defined\n" if defined($cfg->{ids}->{$id});
> +
> + $cfg->{ids}->{$id} = $opts;
> +
> + PVE::Mapping::PCI::write_pci_config($cfg);
> +
> + }, "create hardware mapping failed");
> +
> + return;
> + },
> +});
> +
> +__PACKAGE__->register_method ({
> + name => 'update',
> + protected => 1,
> + path => '{id}',
> + method => 'PUT',
> + description => "Update a hardware mapping.",
> + permissions => {
> + check => ['perm', '/mapping/pci/{id}', ['Mapping.Modify']],
this one is in line with our usual scheme
> + },
> + parameters => PVE::Mapping::PCI->updateSchema(),
> + returns => {
> + type => 'null',
> + },
> + code => sub {
> + my ($param) = @_;
> +
> + my $digest = extract_param($param, 'digest');
> + my $delete = extract_param($param, 'delete');
> + my $id = extract_param($param, 'id');
> +
> + if ($delete) {
> + $delete = [ PVE::Tools::split_list($delete) ];
> + }
> +
> + PVE::Mapping::PCI::lock_pci_config(sub {
> + my $cfg = PVE::Mapping::PCI::config();
> +
> + PVE::Tools::assert_if_modified($cfg->{digest}, $digest) if defined($digest);
> +
> + die "pci ID '$id' does not exist\n" if !defined($cfg->{ids}->{$id});
> +
> + my $plugin = PVE::Mapping::PCI->lookup('pci');
> + my $opts = $plugin->check_config($id, $param, 1, 1);
> +
> + my $data = $cfg->{ids}->{$id};
> +
> + my $options = $plugin->private()->{options}->{pci};
> + PVE::SectionConfig::delete_from_config($data, $options, $opts, $delete);
> +
> + $data->{$_} = $opts->{$_} for keys $opts->%*;
> +
> + PVE::Mapping::PCI::write_pci_config($cfg);
> +
> + }, "update hardware mapping failed");
> +
> + return;
> + },
> +});
> +
> +__PACKAGE__->register_method ({
> + name => 'delete',
> + protected => 1,
> + path => '{id}',
> + method => 'DELETE',
> + description => "Remove Hardware Mapping.",
> + permissions => {
> + check => [ 'perm', '/mapping/pci/{id}', ['Mapping.Modify']],
this one should be changed if the create one is changed - they should
match..
> + },
> + parameters => {
> + additionalProperties => 0,
> + properties => {
> + id => {
> + type => 'string',
> + format => 'pve-configid',
> + },
> + }
> + },
> + returns => { type => 'null' },
> + code => sub {
> + my ($param) = @_;
> +
> + my $id = $param->{id};
> +
> + PVE::Mapping::PCI::lock_pci_config(sub {
> + my $cfg = PVE::Mapping::PCI::config();
> +
> + if ($cfg->{ids}->{$id}) {
> + delete $cfg->{ids}->{$id};
> + }
> +
> + PVE::Mapping::PCI::write_pci_config($cfg);
> +
> + }, "delete pci mapping failed");
> +
> + return;
> + }
> +});
> +
> +1;
> diff --git a/PVE/API2/Cluster/Mapping/USB.pm b/PVE/API2/Cluster/Mapping/USB.pm
and pretty much everything mentioned above applies to this one as well
;)
> [..]
next prev parent reply other threads:[~2023-06-16 7:50 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-14 8:46 [pve-devel] [PATCH qemu-server/manger/docs v6] cluster mapping Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH qemu-server v6 1/6] enable cluster mapped USB devices for guests Dominik Csapak
2023-06-16 7:50 ` Fabian Grünbichler
2023-06-14 8:46 ` [pve-devel] [PATCH qemu-server v6 2/6] enable cluster mapped PCI " Dominik Csapak
2023-06-16 7:49 ` Fabian Grünbichler
2023-06-14 8:46 ` [pve-devel] [PATCH qemu-server v6 3/6] check_local_resources: extend for mapped resources Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH qemu-server v6 4/6] api: migrate preconditions: use new check_local_resources info Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH qemu-server v6 5/6] migration: check for mapped resources Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH qemu-server v6 6/6] add test for mapped pci devices Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 01/15] pvesh: fix parameters for proxyto_callback Dominik Csapak
2023-06-16 9:27 ` [pve-devel] applied: " Wolfgang Bumiller
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 02/15] api: add resource map api endpoints for PCI and USB Dominik Csapak
2023-06-16 7:50 ` Fabian Grünbichler [this message]
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 03/15] ui: parser: add helper for lists of property strings Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 04/15] ui: form/USBSelector: make it more flexible with nodename Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 05/15] ui: form: add PCIMapSelector Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 06/15] ui: form: add USBMapSelector Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 07/15] ui: qemu/PCIEdit: rework panel to add a mapped configuration Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 08/15] ui: qemu/USBEdit: add 'mapped' device case Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 09/15] ui: form: add MultiPCISelector Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 10/15] ui: add edit window for pci mappings Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 11/15] ui: add edit window for usb mappings Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 12/15] ui: add ResourceMapTree Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 13/15] ui: allow configuring pci and usb mapping Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 14/15] ui: window/Migrate: allow mapped devices Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH manager v6 15/15] ui: improve permission handling for hardware Dominik Csapak
2023-06-14 8:46 ` [pve-devel] [PATCH docs v6 1/1] qemu: add documentation about cluster device mapping Dominik Csapak
2023-06-14 12:01 ` [pve-devel] [PATCH qemu-server/manger/docs v6] cluster mapping Markus Frank
2023-06-16 7:51 ` Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1686900251.1zunohpk4l.astroid@yuna.none \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.