From 877d6d76f506b27f0ffc5d509910b1003708d20c Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Wed, 7 Feb 2024 14:50:18 +0100 Subject: [PATCH] [stable-8] proxmox_kvm - new param to support unsafe updates (#7843) (#7954) proxmox_kvm - new param to support unsafe updates (#7843) * proxmox_kvm - new param to support unsafe updates * changelog fragments * Apply suggestions from code review Co-authored-by: Felix Fontein * improved docs * updated `version_added` --------- Co-authored-by: Felix Fontein (cherry picked from commit c7a2e28daa262bebe45b76173ceca85b86043046) Co-authored-by: nxet --- .../7843-proxmox_kvm-update_unsafe.yml | 2 + plugins/modules/proxmox_kvm.py | 59 +++++++++++++------ 2 files changed, 44 insertions(+), 17 deletions(-) create mode 100644 changelogs/fragments/7843-proxmox_kvm-update_unsafe.yml diff --git a/changelogs/fragments/7843-proxmox_kvm-update_unsafe.yml b/changelogs/fragments/7843-proxmox_kvm-update_unsafe.yml new file mode 100644 index 0000000000..dcb1ebb218 --- /dev/null +++ b/changelogs/fragments/7843-proxmox_kvm-update_unsafe.yml @@ -0,0 +1,2 @@ +minor_changes: + - proxmox_kvm - add parameter ``update_unsafe`` to avoid limitations when updating dangerous values (https://github.com/ansible-collections/community.general/pull/7843). diff --git a/plugins/modules/proxmox_kvm.py b/plugins/modules/proxmox_kvm.py index c0133ed870..d180180cb4 100644 --- a/plugins/modules/proxmox_kvm.py +++ b/plugins/modules/proxmox_kvm.py @@ -522,9 +522,17 @@ options: - If V(true), the VM will be updated with new value. - Because of the operations of the API and security reasons, I have disabled the update of the following parameters O(net), O(virtio), O(ide), O(sata), O(scsi). Per example updating O(net) update the MAC address and C(virtio) create always new disk... + This security feature can be disabled by setting the O(update_unsafe) to V(true). - Update of O(pool) is disabled. It needs an additional API endpoint not covered by this module. type: bool default: false + update_unsafe: + description: + - If V(true), do not enforce limitations on parameters O(net), O(virtio), O(ide), O(sata), O(scsi), O(efidisk0), and O(tpmstate0). + Use this option with caution because an improper configuration might result in a permanent loss of data (e.g. disk recreated). + type: bool + default: false + version_added: 8.4.0 vcpus: description: - Sets number of hotplugged vcpus. @@ -846,6 +854,20 @@ EXAMPLES = ''' memory: 16384 update: true +- name: Update VM configuration (incl. unsafe options) + community.general.proxmox_kvm: + api_user: root@pam + api_password: secret + api_host: helldorado + name: spynal + node: sabrewulf + cores: 8 + memory: 16384 + net: + net0: virtio,bridge=vmbr1 + update: true + update_unsafe: true + - name: Delete QEMU parameters community.general.proxmox_kvm: api_user: root@pam @@ -981,7 +1003,7 @@ class ProxmoxKvmAnsible(ProxmoxAnsible): time.sleep(1) return False - def create_vm(self, vmid, newid, node, name, memory, cpu, cores, sockets, update, **kwargs): + def create_vm(self, vmid, newid, node, name, memory, cpu, cores, sockets, update, update_unsafe, **kwargs): # Available only in PVE 4 only_v4 = ['force', 'protection', 'skiplock'] only_v6 = ['ciuser', 'cipassword', 'sshkeys', 'ipconfig', 'tags'] @@ -1018,23 +1040,24 @@ class ProxmoxKvmAnsible(ProxmoxAnsible): urlencoded_ssh_keys = quote(kwargs['sshkeys'], safe='') kwargs['sshkeys'] = str(urlencoded_ssh_keys) - # If update, don't update disk (virtio, efidisk0, tpmstate0, ide, sata, scsi) and network interface + # If update, don't update disk (virtio, efidisk0, tpmstate0, ide, sata, scsi) and network interface, unless update_unsafe=True # pool parameter not supported by qemu//config endpoint on "update" (PVE 6.2) - only with "create" if update: - if 'virtio' in kwargs: - del kwargs['virtio'] - if 'sata' in kwargs: - del kwargs['sata'] - if 'scsi' in kwargs: - del kwargs['scsi'] - if 'ide' in kwargs: - del kwargs['ide'] - if 'efidisk0' in kwargs: - del kwargs['efidisk0'] - if 'tpmstate0' in kwargs: - del kwargs['tpmstate0'] - if 'net' in kwargs: - del kwargs['net'] + if update_unsafe is False: + if 'virtio' in kwargs: + del kwargs['virtio'] + if 'sata' in kwargs: + del kwargs['sata'] + if 'scsi' in kwargs: + del kwargs['scsi'] + if 'ide' in kwargs: + del kwargs['ide'] + if 'efidisk0' in kwargs: + del kwargs['efidisk0'] + if 'tpmstate0' in kwargs: + del kwargs['tpmstate0'] + if 'net' in kwargs: + del kwargs['net'] if 'force' in kwargs: del kwargs['force'] if 'pool' in kwargs: @@ -1286,6 +1309,7 @@ def main(): version=dict(type='str', choices=['2.0', '1.2'], default='2.0') )), update=dict(type='bool', default=False), + update_unsafe=dict(type='bool', default=False), vcpus=dict(type='int'), vga=dict(choices=['std', 'cirrus', 'vmware', 'qxl', 'serial0', 'serial1', 'serial2', 'serial3', 'qxl2', 'qxl3', 'qxl4']), virtio=dict(type='dict'), @@ -1320,6 +1344,7 @@ def main(): sockets = module.params['sockets'] state = module.params['state'] update = bool(module.params['update']) + update_unsafe = bool(module.params['update_unsafe']) vmid = module.params['vmid'] validate_certs = module.params['validate_certs'] @@ -1429,7 +1454,7 @@ def main(): module.fail_json(msg="node '%s' does not exist in cluster" % node) try: - proxmox.create_vm(vmid, newid, node, name, memory, cpu, cores, sockets, update, + proxmox.create_vm(vmid, newid, node, name, memory, cpu, cores, sockets, update, update_unsafe, archive=module.params['archive'], acpi=module.params['acpi'], agent=module.params['agent'],