[stable-8] proxmox_kvm - new param to support unsafe updates (#7843) (#7954)

proxmox_kvm - new param to support unsafe updates (#7843) * proxmox_kvm - new param to support unsafe updates * changelog fragments * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> * improved docs * updated `version_added` --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit c7a2e28daa) Co-authored-by: nxet <nxet821@protonmail.com>
2024-09-14 20:13:21 +02:00 · 2024-02-07 14:50:18 +01:00 · 2024-02-07 14:50:18 +01:00 · 877d6d76f5
commit 877d6d76f5
parent f4d52cf235
2 changed files with 44 additions and 17 deletions
--- a/changelogs/fragments/7843-proxmox_kvm-update_unsafe.yml
+++ b/changelogs/fragments/7843-proxmox_kvm-update_unsafe.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - proxmox_kvm - add parameter ``update_unsafe`` to avoid limitations when updating dangerous values (https://github.com/ansible-collections/community.general/pull/7843).
--- a/plugins/modules/proxmox_kvm.py
+++ b/plugins/modules/proxmox_kvm.py
@ -522,9 +522,17 @@ options:
      - If V(true), the VM will be updated with new value.
      - Because of the operations of the API and security reasons, I have disabled the update of the following parameters
        O(net), O(virtio), O(ide), O(sata), O(scsi). Per example updating O(net) update the MAC address and C(virtio) create always new disk...
+        This security feature can be disabled by setting the O(update_unsafe) to V(true).
      - Update of O(pool) is disabled. It needs an additional API endpoint not covered by this module.
    type: bool
    default: false
+  update_unsafe:
+    description:
+      - If V(true), do not enforce limitations on parameters O(net), O(virtio), O(ide), O(sata), O(scsi), O(efidisk0), and O(tpmstate0).
+        Use this option with caution because an improper configuration might result in a permanent loss of data (e.g. disk recreated).
+    type: bool
+    default: false
+    version_added: 8.4.0
  vcpus:
    description:
      - Sets number of hotplugged vcpus.
@ -846,6 +854,20 @@ EXAMPLES = '''
    memory: 16384
    update: true

+- name: Update VM configuration (incl. unsafe options)
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: secret
+    api_host: helldorado
+    name: spynal
+    node: sabrewulf
+    cores: 8
+    memory: 16384
+    net:
+        net0: virtio,bridge=vmbr1
+    update: true
+    update_unsafe: true
+
 - name: Delete QEMU parameters
  community.general.proxmox_kvm:
    api_user: root@pam
@ -981,7 +1003,7 @@ class ProxmoxKvmAnsible(ProxmoxAnsible):
            time.sleep(1)
        return False

-    def create_vm(self, vmid, newid, node, name, memory, cpu, cores, sockets, update, **kwargs):
+    def create_vm(self, vmid, newid, node, name, memory, cpu, cores, sockets, update, update_unsafe, **kwargs):
        # Available only in PVE 4
        only_v4 = ['force', 'protection', 'skiplock']
        only_v6 = ['ciuser', 'cipassword', 'sshkeys', 'ipconfig', 'tags']
@ -1018,9 +1040,10 @@ class ProxmoxKvmAnsible(ProxmoxAnsible):
            urlencoded_ssh_keys = quote(kwargs['sshkeys'], safe='')
            kwargs['sshkeys'] = str(urlencoded_ssh_keys)

-        # If update, don't update disk (virtio, efidisk0, tpmstate0, ide, sata, scsi) and network interface
+        # If update, don't update disk (virtio, efidisk0, tpmstate0, ide, sata, scsi) and network interface, unless update_unsafe=True
        # pool parameter not supported by qemu/<vmid>/config endpoint on "update" (PVE 6.2) - only with "create"
        if update:
+            if update_unsafe is False:
                if 'virtio' in kwargs:
                    del kwargs['virtio']
                if 'sata' in kwargs:
@ -1286,6 +1309,7 @@ def main():
                           version=dict(type='str', choices=['2.0', '1.2'], default='2.0')
                       )),
        update=dict(type='bool', default=False),
+        update_unsafe=dict(type='bool', default=False),
        vcpus=dict(type='int'),
        vga=dict(choices=['std', 'cirrus', 'vmware', 'qxl', 'serial0', 'serial1', 'serial2', 'serial3', 'qxl2', 'qxl3', 'qxl4']),
        virtio=dict(type='dict'),
@ -1320,6 +1344,7 @@ def main():
    sockets = module.params['sockets']
    state = module.params['state']
    update = bool(module.params['update'])
+    update_unsafe = bool(module.params['update_unsafe'])
    vmid = module.params['vmid']
    validate_certs = module.params['validate_certs']

@ -1429,7 +1454,7 @@ def main():
            module.fail_json(msg="node '%s' does not exist in cluster" % node)

        try:
-            proxmox.create_vm(vmid, newid, node, name, memory, cpu, cores, sockets, update,
+            proxmox.create_vm(vmid, newid, node, name, memory, cpu, cores, sockets, update, update_unsafe,
                              archive=module.params['archive'],
                              acpi=module.params['acpi'],
                              agent=module.params['agent'],