agentworks-cli 0.2.1__py3-none-any.whl

agentworks/vms/provisioners/proxmox_api.py

@@ -0,0 +1,261 @@
+"""Thin REST client for the Proxmox VE API.
+
+Uses stdlib urllib.request -- no external dependencies. Authentication
+is via PVEAPIToken (token ID + secret), not session cookies.
+"""
+
+from __future__ import annotations
+
+import json
+import ssl
+import time
+import urllib.error
+import urllib.parse
+import urllib.request
+from typing import Any
+
+
+class ProxmoxAPIError(RuntimeError):
+    """A Proxmox API call failed."""
+
+
+class ProxmoxAPI:
+    """Minimal Proxmox VE REST client."""
+
+    def __init__(
+        self,
+        api_url: str,
+        token_id: str,
+        token_secret: str,
+        verify_ssl: bool = True,
+    ) -> None:
+        # Strip trailing slash for consistent URL building
+        self._base = api_url.rstrip("/") + "/api2/json"
+        self._auth = f"PVEAPIToken={token_id}={token_secret}"
+        self._ssl_ctx: ssl.SSLContext | None = None
+        if not verify_ssl:
+            self._ssl_ctx = ssl.create_default_context()
+            self._ssl_ctx.check_hostname = False
+            self._ssl_ctx.verify_mode = ssl.CERT_NONE
+
+    # -- Low-level request -----------------------------------------------------
+
+    def _request(
+        self,
+        method: str,
+        path: str,
+        data: dict[str, Any] | None = None,
+        *,
+        json_body: bool = False,
+    ) -> Any:
+        """Send an API request and return the parsed JSON ``data`` field.
+
+        Args:
+            json_body: If True, send data as JSON (required for guest agent
+                       endpoints). Otherwise use form-urlencoded.
+        """
+        url = f"{self._base}{path}"
+
+        body: bytes | None = None
+        content_type = "application/x-www-form-urlencoded"
+        if data is not None:
+            if json_body:
+                body = json.dumps(data).encode()
+                content_type = "application/json"
+            else:
+                body = urllib.parse.urlencode(data).encode()
+
+        req = urllib.request.Request(url, data=body, method=method)
+        req.add_header("Authorization", self._auth)
+        if body is not None:
+            req.add_header("Content-Type", content_type)
+
+        try:
+            with urllib.request.urlopen(req, context=self._ssl_ctx) as resp:
+                resp_body = resp.read().decode()
+        except urllib.error.HTTPError as e:
+            err_body = e.read().decode() if e.fp else ""
+            raise ProxmoxAPIError(
+                f"Proxmox API {method} {path} failed ({e.code}): {err_body}"
+            ) from e
+
+        if not resp_body:
+            return None
+        parsed = json.loads(resp_body)
+        return parsed.get("data")
+
+    # -- Cluster ---------------------------------------------------------------
+
+    def next_id(self) -> int:
+        """Get the next available VMID."""
+        result = self._request("GET", "/cluster/nextid")
+        return int(result)
+
+    # -- VM operations ---------------------------------------------------------
+
+    def clone_vm(
+        self,
+        node: str,
+        template_vmid: int,
+        newid: int,
+        name: str,
+        *,
+        storage: str | None = None,
+        pool: str | None = None,
+        full: bool = True,
+    ) -> str:
+        """Clone a VM template. Returns the task UPID."""
+        params: dict[str, Any] = {
+            "newid": newid,
+            "name": name,
+            "full": int(full),
+        }
+        if storage:
+            params["storage"] = storage
+        if pool:
+            params["pool"] = pool
+        result = self._request(
+            "POST", f"/nodes/{node}/qemu/{template_vmid}/clone", params
+        )
+        return str(result)
+
+    def configure_vm(self, node: str, vmid: int, **params: Any) -> None:
+        """Update VM configuration."""
+        self._request("PUT", f"/nodes/{node}/qemu/{vmid}/config", params)
+
+    def resize_disk(
+        self, node: str, vmid: int, disk: str, size: str
+    ) -> None:
+        """Resize a VM disk (e.g. disk='scsi0', size='+20G')."""
+        self._request(
+            "PUT",
+            f"/nodes/{node}/qemu/{vmid}/resize",
+            {"disk": disk, "size": size},
+        )
+
+    def start_vm(self, node: str, vmid: int) -> str:
+        """Start a VM. Returns the task UPID."""
+        result = self._request(
+            "POST", f"/nodes/{node}/qemu/{vmid}/status/start"
+        )
+        return str(result)
+
+    def stop_vm(self, node: str, vmid: int) -> str:
+        """Stop a VM. Returns the task UPID."""
+        result = self._request(
+            "POST", f"/nodes/{node}/qemu/{vmid}/status/stop"
+        )
+        return str(result)
+
+    def delete_vm(self, node: str, vmid: int) -> str:
+        """Delete a VM. Returns the task UPID."""
+        result = self._request(
+            "DELETE", f"/nodes/{node}/qemu/{vmid}"
+        )
+        return str(result)
+
+    def vm_status(self, node: str, vmid: int) -> dict[str, Any]:
+        """Get current VM status."""
+        result = self._request(
+            "GET", f"/nodes/{node}/qemu/{vmid}/status/current"
+        )
+        return result  # type: ignore[no-any-return]
+
+    # -- Tasks -----------------------------------------------------------------
+
+    def wait_for_task(
+        self,
+        node: str,
+        upid: str,
+        *,
+        timeout: int = 300,
+        poll_interval: float = 2.0,
+    ) -> None:
+        """Poll a task until it completes or times out."""
+        encoded_upid = urllib.parse.quote(upid, safe="")
+        deadline = time.monotonic() + timeout
+        while time.monotonic() < deadline:
+            result = self._request(
+                "GET", f"/nodes/{node}/tasks/{encoded_upid}/status"
+            )
+            if result and result.get("status") == "stopped":
+                if result.get("exitstatus") != "OK":
+                    raise ProxmoxAPIError(
+                        f"Task failed: {result.get('exitstatus')}"
+                    )
+                return
+            time.sleep(poll_interval)
+        raise ProxmoxAPIError(f"Task timed out after {timeout}s: {upid}")
+
+    # -- Guest agent -----------------------------------------------------------
+
+    def guest_agent_network(
+        self, node: str, vmid: int
+    ) -> list[dict[str, Any]]:
+        """Get network interfaces from the QEMU guest agent."""
+        result = self._request(
+            "GET", f"/nodes/{node}/qemu/{vmid}/agent/network-get-interfaces"
+        )
+        if result and "result" in result:
+            data = result["result"]
+            if isinstance(data, list):
+                return data
+            raise ProxmoxAPIError(f"unexpected network-get-interfaces shape: {type(data).__name__}")
+        return []
+
+    def guest_agent_exec_wait(
+        self,
+        node: str,
+        vmid: int,
+        command: str,
+        args: list[str] | None = None,
+        *,
+        timeout: int = 60,
+    ) -> dict[str, Any] | None:
+        """Run a command via the guest agent and wait for completion.
+
+        Uses exec then polls exec-status until finished or timeout.
+        Returns the result dict with exitcode, out-data, err-data.
+
+        Proxmox 8 requires the command as a JSON array sent with
+        Content-Type: application/json.
+        """
+        cmd_array = [command] + (args or [])
+
+        result = self._request(
+            "POST",
+            f"/nodes/{node}/qemu/{vmid}/agent/exec",
+            {"command": cmd_array},
+            json_body=True,
+        )
+        pid = result.get("pid") if result else None
+        if pid is None:
+            return None
+
+        # Poll for completion
+        deadline = time.monotonic() + timeout
+        while time.monotonic() < deadline:
+            status = self._request(
+                "GET",
+                f"/nodes/{node}/qemu/{vmid}/agent/exec-status?pid={pid}",
+            )
+            if status and status.get("exited"):
+                return status  # type: ignore[no-any-return]
+            time.sleep(2)
+
+        return None
+
+    def guest_agent_file_write(
+        self, node: str, vmid: int, path: str, content: str
+    ) -> None:
+        """Write a file inside the VM via the guest agent.
+
+        Sends raw content and lets Proxmox handle base64 encoding
+        for the guest agent.
+        """
+        self._request(
+            "POST",
+            f"/nodes/{node}/qemu/{vmid}/agent/file-write",
+            {"file": path, "content": content},
+            json_body=True,
+        )

agentworks/vms/provisioners/wsl2.py

@@ -0,0 +1,340 @@
+"""WSL2 provisioner -- imports Debian distros on Windows."""
+
+from __future__ import annotations
+
+import json
+import platform
+import subprocess
+import urllib.request
+from pathlib import Path
+from typing import TYPE_CHECKING
+
+from agentworks import output
+from agentworks.db import VMStatus
+from agentworks.ssh import ExecTarget, WSL2Target
+from agentworks.vms.base import ProvisionResult, VMProvisioner
+
+if TYPE_CHECKING:
+    from agentworks.config import Config
+    from agentworks.db import VMRow
+
+# Default install path for WSL2 distros
+WSL_BASE_PATH = "%LOCALAPPDATA%\\agentworks\\wsl"
+
+# Docker Hub OCI registry endpoints for the official Debian image
+_DOCKER_AUTH_URL = "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/debian:pull"
+_DOCKER_MANIFESTS_URL = "https://registry-1.docker.io/v2/library/debian/manifests/bookworm"
+_DOCKER_BLOBS_URL = "https://registry-1.docker.io/v2/library/debian/blobs"
+
+# Map Python's platform.machine() to OCI architecture names
+_ARCH_MAP = {"x86_64": "amd64", "amd64": "amd64", "aarch64": "arm64", "arm64": "arm64"}
+
+
+def _oci_arch() -> str:
+    """Return the OCI architecture name for the host machine."""
+    machine = platform.machine().lower()
+    arch = _ARCH_MAP.get(machine)
+    if arch is None:
+        raise RuntimeError(f"Unsupported architecture: {machine}")
+    return arch
+
+
+class _StripAuthRedirectHandler(urllib.request.HTTPRedirectHandler):
+    """Strip Authorization header when following redirects to a different host.
+
+    Docker Hub blob requests return a 302 to a CDN. The CDN rejects the
+    Bearer token with 400 Bad Request, so we must drop it on redirect.
+    """
+
+    def redirect_request(
+        self,
+        req: urllib.request.Request,
+        fp: object,
+        code: int,
+        msg: str,
+        headers: object,
+        newurl: str,
+    ) -> urllib.request.Request | None:
+        new_req = super().redirect_request(req, fp, code, msg, headers, newurl)  # type: ignore[arg-type]
+        if new_req is not None:
+            new_req.remove_header("Authorization")
+        return new_req
+
+
+_blob_opener = urllib.request.build_opener(_StripAuthRedirectHandler)
+
+
+def _wsl(args: list[str], *, check: bool = True, timeout: int = 300) -> str:
+    """Run a wsl.exe command and return stdout."""
+    result = subprocess.run(
+        ["wsl", *args], capture_output=True, text=True, encoding="utf-8", errors="replace", timeout=timeout
+    )
+    if check and result.returncode != 0:
+        raise RuntimeError(f"wsl command failed: {result.stderr.strip()}")
+    return result.stdout
+
+
+def _powershell(script: str, *, check: bool = True, timeout: int = 120) -> str:
+    """Run a PowerShell command and return stdout."""
+    result = subprocess.run(
+        ["powershell", "-NoProfile", "-Command", script],
+        capture_output=True,
+        text=True,
+        encoding="utf-8",
+        errors="replace",
+        timeout=timeout,
+    )
+    if check and result.returncode != 0:
+        raise RuntimeError(f"PowerShell failed: {result.stderr.strip()}")
+    return result.stdout
+
+
+def _download_debian_rootfs(tarball_path: str) -> None:
+    """Download the official Debian rootfs from Docker Hub OCI registry.
+
+    Pulls the rootfs layer from the official debian:bookworm image without
+    requiring Docker to be installed. The layer is a tar.gz that works
+    directly with ``wsl --import``.
+    """
+    # 1. Get anonymous pull token
+    output.detail("Authenticating with Docker Hub...")
+    with urllib.request.urlopen(_DOCKER_AUTH_URL) as resp:
+        token = json.loads(resp.read())["token"]
+
+    # 2. Fetch image manifest to find the rootfs layer digest.
+    #    debian:bookworm is multi-arch, so we first get the manifest list
+    #    and resolve the platform-specific manifest for the host architecture.
+    output.detail("Fetching Debian bookworm image manifest...")
+    auth_header = {"Authorization": f"Bearer {token}"}
+
+    req = urllib.request.Request(
+        _DOCKER_MANIFESTS_URL,
+        headers={
+            **auth_header,
+            "Accept": (
+                "application/vnd.docker.distribution.manifest.list.v2+json, "
+                "application/vnd.docker.distribution.manifest.v2+json"
+            ),
+        },
+    )
+    with urllib.request.urlopen(req) as resp:
+        manifest = json.loads(resp.read())
+
+    # If it's a manifest list, resolve the entry for the host architecture
+    if "manifests" in manifest:
+        arch = _oci_arch()
+        match = next(
+            (
+                m
+                for m in manifest["manifests"]
+                if m.get("platform", {}).get("architecture") == arch and m.get("platform", {}).get("os") == "linux"
+            ),
+            None,
+        )
+        if match is None:
+            raise RuntimeError(f"No {arch}/linux manifest found for debian:bookworm")
+        platform_digest = match["digest"]
+        manifest_url = f"https://registry-1.docker.io/v2/library/debian/manifests/{platform_digest}"
+        req = urllib.request.Request(
+            manifest_url,
+            headers={
+                **auth_header,
+                "Accept": "application/vnd.docker.distribution.manifest.v2+json",
+            },
+        )
+        with urllib.request.urlopen(req) as resp:
+            manifest = json.loads(resp.read())
+
+    digest = manifest["layers"][0]["digest"]
+    total_bytes = manifest["layers"][0].get("size", 0)
+
+    # 3. Download the rootfs layer with progress
+    blob_url = f"{_DOCKER_BLOBS_URL}/{digest}"
+    req = urllib.request.Request(blob_url, headers=auth_header)
+    p = output.progress("Downloading Debian rootfs", total=total_bytes or None)
+
+    dest = Path(tarball_path)
+    with _blob_opener.open(req) as resp, dest.open("wb") as f:
+        downloaded = 0
+        chunk_size = 256 * 1024
+        last_update = 0
+        while True:
+            chunk = resp.read(chunk_size)
+            if not chunk:
+                break
+            f.write(chunk)
+            downloaded += len(chunk)
+            # Update every ~1MB to avoid flooding
+            if downloaded - last_update >= 1024 * 1024:
+                p.update(downloaded)
+                last_update = downloaded
+
+    p.done()
+
+
+class WSL2Provisioner(VMProvisioner):
+    """Provisions WSL2 Debian distributions on Windows."""
+
+    def create(
+        self,
+        vm_name: str,
+        config: Config,
+        *,
+        admin_username: str = "agentworks",
+    ) -> ProvisionResult:
+        output.info(f"Provisioning WSL2 VM '{vm_name}'...")
+
+        install_path = f"{WSL_BASE_PATH}\\{vm_name}"
+        _powershell(f"New-Item -ItemType Directory -Force -Path '{install_path}'")
+
+        # Download Debian rootfs if not cached
+        cache_dir = "%LOCALAPPDATA%\\agentworks\\cache"
+        tarball = f"{cache_dir}\\debian-bookworm-{_oci_arch()}-rootfs.tar.gz"
+        _powershell(f"New-Item -ItemType Directory -Force -Path '{cache_dir}'")
+
+        check = _powershell(f"Test-Path '{tarball}'").strip()
+        if check.lower() != "true":
+            _download_debian_rootfs(tarball)
+        else:
+            output.detail("Using cached Debian rootfs.")
+
+        # Import and configure the distro
+        output.detail("Importing rootfs into WSL2...")
+        _wsl(["--import", vm_name, install_path, tarball])
+
+        # The Docker rootfs is minimal. Install packages to bring it up to
+        # parity with the Lima/Azure cloud images.
+        output.detail("Installing base packages...")
+        _wsl(
+            [
+                "--distribution",
+                vm_name,
+                "--user",
+                "root",
+                "--",
+                "bash",
+                "-c",
+                "DEBIAN_FRONTEND=noninteractive apt-get update -qq"
+                " && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq -o Dpkg::Options::=--force-confnew"
+                " bash bash-completion sudo passwd"
+                " openssh-server curl git ca-certificates"
+                " tmux tmuxinator"
+                " locales procps iproute2 iputils-ping"
+                " less vim-tiny man-db"
+                " > /dev/null",
+            ]
+        )
+
+        # Configure swap file
+        if config.vm.swap > 0:
+            swap_mb = config.vm.swap * 1024
+            output.detail(f"Setting up {config.vm.swap} GiB swap file...")
+            _wsl(
+                [
+                    "--distribution",
+                    vm_name,
+                    "--user",
+                    "root",
+                    "--",
+                    "bash",
+                    "-c",
+                    f"fallocate -l {swap_mb}M /swapfile"
+                    " && chmod 600 /swapfile"
+                    " && mkswap /swapfile"
+                    " && swapon /swapfile"
+                    " && echo '/swapfile none swap sw 0 0' >> /etc/fstab",
+                ]
+            )
+
+        # Create user account
+        output.detail(f"Creating user '{admin_username}'...")
+        _wsl(["--distribution", vm_name, "--user", "root", "--", "useradd", "-m", "-s", "/bin/bash", admin_username])
+        _wsl(["--distribution", vm_name, "--user", "root", "--", "usermod", "-aG", "sudo", admin_username])
+        import shlex
+
+        _wsl(
+            [
+                "--distribution",
+                vm_name,
+                "--user",
+                "root",
+                "--",
+                "bash",
+                "-c",
+                f"echo {shlex.quote(f'{admin_username} ALL=(ALL) NOPASSWD:ALL')}"
+                f" > /etc/sudoers.d/{shlex.quote(admin_username)}",
+            ]
+        )
+
+        # Configure wsl.conf: default user + systemd
+        output.detail("Enabling systemd...")
+        _wsl(
+            [
+                "--distribution",
+                vm_name,
+                "--user",
+                "root",
+                "--",
+                "bash",
+                "-c",
+                f"printf '[user]\\ndefault={shlex.quote(admin_username)}"
+                f"\\n\\n[boot]\\nsystemd=true\\n' > /etc/wsl.conf",
+            ]
+        )
+
+        # Restart the distro so systemd takes effect
+        output.detail("Restarting distro...")
+        _wsl(["--terminate", vm_name])
+        # Run a command to trigger the distro to start with systemd
+        _wsl(["--distribution", vm_name, "--user", "root", "--", "bash", "-c", "echo ok"])
+
+        output.detail(f"WSL2 VM '{vm_name}' provisioned.")
+        return ProvisionResult(
+            admin_exec_target=ExecTarget(wsl2=WSL2Target(distro_name=vm_name, user=admin_username)),
+            wsl_distro_name=vm_name,
+        )
+
+    def start(self, vm: VMRow) -> None:
+        output.info(f"Starting WSL2 distro '{vm.name}'...")
+        _wsl(["--distribution", vm.name, "--", "echo", "started"])
+        output.info(f"WSL2 distro '{vm.name}' started")
+
+    def stop(self, vm: VMRow) -> None:
+        output.info(f"Terminating WSL2 distro '{vm.name}'...")
+        _wsl(["--terminate", vm.name])
+        output.info(f"WSL2 distro '{vm.name}' terminated")
+
+    def delete(self, vm: VMRow) -> None:
+        output.info(f"Unregistering WSL2 distro '{vm.name}'...")
+        _wsl(["--unregister", vm.name], check=False)
+        # Clean up install directory
+        install_path = f"{WSL_BASE_PATH}\\{vm.name}"
+        _powershell(
+            f"Remove-Item -Recurse -Force -Path '{install_path}' -ErrorAction SilentlyContinue",
+            check=False,
+        )
+        output.info(f"WSL2 distro '{vm.name}' deleted")
+
+    def admin_exec_target(self, vm: VMRow, *, config: object | None = None) -> ExecTarget:
+        return ExecTarget(wsl2=WSL2Target(distro_name=vm.name, user=vm.admin_username))
+
+    def status(self, vm: VMRow) -> VMStatus:
+        try:
+            output = _wsl(["--list", "--verbose"], check=False)
+        except RuntimeError:
+            return VMStatus.UNKNOWN
+
+        for line in output.strip().splitlines():
+            parts = line.split()
+            # WSL --list --verbose output: [*] NAME STATE VERSION
+            # Filter to find our distro
+            name_candidates = [p for p in parts if p == vm.name]
+            if not name_candidates:
+                continue
+            state_str = parts[-2].lower() if len(parts) >= 3 else ""
+            if state_str == "running":
+                return VMStatus.RUNNING
+            if state_str == "stopped":
+                return VMStatus.STOPPED
+            return VMStatus.UNKNOWN
+        return VMStatus.UNKNOWN