I'm trying to write one script to shutdown started virtual machines as other user than root. When I launch this command get
"can't open '/etc/pve/priv/authkey.key' - permission denied
(only root and www-data can read this file)
Which is the problem?
I thought that having a connection as root through the API would not be necessary.
SCRIPT:
#!/usr/bin/perl -w
# Copyright (C) 2015 Mark Schouten <mark@tuxis.nl>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2 dated June,
# 1991.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# See http://www.gnu.org/licenses/gpl.txt for the full license
use constant {
TIMEZONE => 'Europe/Madrid'
};
use strict;
use warnings;
use 5.010;
use PVE::APIClient::LWP;
use PVE::AccessControl;
use PVE::INotify;
use Data:
umper;
use Log::Log4perl;
use Sys::Syslog qwstandard :macros setlogsock); # standard functions & macros
my $program = "tesperlapi";
openlog($program, 'cons,pid', 'user');
# syslog('mail|warning', 'this is a better test: %d', time);
my $hostname = PVE::INotify::read_file("hostname");
my $ticket = PVE::AccessControl::assemble_ticket('root@pam');
my $csrftoken = PVE::AccessControl::assemble_csrf_prevention_token('root@pam');
my $conn = PVE::APIClient::LWP->new(
username => 'root@pam',
password => '***',
ticket => $ticket,
csrftoken => $csrftoken,
host => $hostname,
cached_fingerprints => {
'E7:***:6B' => 1
},
manual_verification => 1,
);
my $clustername;
foreach my $child (@{$conn->get("/api2/json/cluster/status")}) {
if ($child->{'type'} eq "cluster") {
$clustername = $child->{'name'};
}
}
if (!defined($clustername)) {
$clustername = $hostname;
}
syslog('info', '<<<NUT & proxmox>>>');
syslog('info', '<<<NUT NOTIFYCMD script on ' . $clustername .'>>');
foreach my $vm (@{$conn->get("/api2/json/cluster/resources")}) {
if ($vm->{'type'} eq "qemu") {
my $vmid = $vm->{'vmid'};
my $status = $vm->{'status'};
my $node = $vm->{'node'};
syslog('info', "$node->$vmid->$status");
if ($status eq "running") {
my $args = {};
$args->{'forceStop'} = 1;
$args->{'timeout'} = 180;
syslog('info', "Stopping $vmid because is $status");
my $res = $conn->post("/api2/json/nodes/$node/qemu/$vmid/status/shutdown", $args);
syslog('info', "$vmid is $status");
}
}
}
syslog('info', '<<<END NUT & proxmox>>>');
closelog();
Any ideas?
"can't open '/etc/pve/priv/authkey.key' - permission denied
(only root and www-data can read this file)
Which is the problem?
I thought that having a connection as root through the API would not be necessary.
SCRIPT:
#!/usr/bin/perl -w
# Copyright (C) 2015 Mark Schouten <mark@tuxis.nl>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2 dated June,
# 1991.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# See http://www.gnu.org/licenses/gpl.txt for the full license
use constant {
TIMEZONE => 'Europe/Madrid'
};
use strict;
use warnings;
use 5.010;
use PVE::APIClient::LWP;
use PVE::AccessControl;
use PVE::INotify;
use Data:
umper;use Log::Log4perl;
use Sys::Syslog qw
standard :macros setlogsock); # standard functions & macrosmy $program = "tesperlapi";
openlog($program, 'cons,pid', 'user');
# syslog('mail|warning', 'this is a better test: %d', time);
my $hostname = PVE::INotify::read_file("hostname");
my $ticket = PVE::AccessControl::assemble_ticket('root@pam');
my $csrftoken = PVE::AccessControl::assemble_csrf_prevention_token('root@pam');
my $conn = PVE::APIClient::LWP->new(
username => 'root@pam',
password => '***',
ticket => $ticket,
csrftoken => $csrftoken,
host => $hostname,
cached_fingerprints => {
'E7:***:6B' => 1
},
manual_verification => 1,
);
my $clustername;
foreach my $child (@{$conn->get("/api2/json/cluster/status")}) {
if ($child->{'type'} eq "cluster") {
$clustername = $child->{'name'};
}
}
if (!defined($clustername)) {
$clustername = $hostname;
}
syslog('info', '<<<NUT & proxmox>>>');
syslog('info', '<<<NUT NOTIFYCMD script on ' . $clustername .'>>');
foreach my $vm (@{$conn->get("/api2/json/cluster/resources")}) {
if ($vm->{'type'} eq "qemu") {
my $vmid = $vm->{'vmid'};
my $status = $vm->{'status'};
my $node = $vm->{'node'};
syslog('info', "$node->$vmid->$status");
if ($status eq "running") {
my $args = {};
$args->{'forceStop'} = 1;
$args->{'timeout'} = 180;
syslog('info', "Stopping $vmid because is $status");
my $res = $conn->post("/api2/json/nodes/$node/qemu/$vmid/status/shutdown", $args);
syslog('info', "$vmid is $status");
}
}
}
syslog('info', '<<<END NUT & proxmox>>>');
closelog();
Any ideas?
Last edited:
