]>
Commit | Line | Data |
---|---|---|
2551682a DM |
1 | package PMG::API2::Network; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use Net::IP qw(:PROC); | |
7 | use PVE::Tools qw(extract_param); | |
8 | use PVE::SafeSyslog; | |
9 | use PVE::INotify; | |
10 | use PVE::Exception qw(raise_param_exc); | |
11 | use PVE::RESTHandler; | |
9d82c6bc | 12 | use PMG::RESTEnvironment; |
2551682a DM |
13 | use PVE::JSONSchema qw(get_standard_option); |
14 | ||
15 | use base qw(PVE::RESTHandler); | |
16 | ||
17 | my $iflockfn = "/etc/network/.pve-interfaces.lock"; | |
18 | ||
19 | my $bond_mode_enum = [ | |
20 | 'balance-rr', | |
21 | 'active-backup', # OVS and Linux | |
22 | 'balance-xor', | |
23 | 'broadcast', | |
24 | '802.3ad', | |
25 | 'balance-tlb', | |
26 | 'balance-alb', | |
27 | 'balance-slb', # OVS | |
28 | 'lacp-balance-slb', # OVS | |
29 | 'lacp-balance-tcp', # OVS | |
30 | ]; | |
31 | ||
32 | my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan', | |
33 | 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort']; | |
34 | ||
35 | my $confdesc = { | |
36 | type => { | |
37 | description => "Network interface type", | |
38 | type => 'string', | |
39 | enum => [@$network_type_enum, 'unknown'], | |
40 | }, | |
41 | comments => { | |
42 | description => "Comments", | |
43 | type => 'string', | |
44 | optional => 1, | |
45 | }, | |
46 | comments6 => { | |
47 | description => "Comments", | |
48 | type => 'string', | |
49 | optional => 1, | |
50 | }, | |
51 | autostart => { | |
52 | description => "Automatically start interface on boot.", | |
53 | type => 'boolean', | |
54 | optional => 1, | |
55 | }, | |
56 | bridge_vlan_aware => { | |
57 | description => "Enable bridge vlan support.", | |
58 | type => 'boolean', | |
59 | optional => 1, | |
60 | }, | |
61 | bridge_ports => { | |
62 | description => "Specify the iterfaces you want to add to your bridge.", | |
63 | optional => 1, | |
64 | type => 'string', format => 'pve-iface-list', | |
65 | }, | |
66 | ovs_ports => { | |
67 | description => "Specify the iterfaces you want to add to your bridge.", | |
68 | optional => 1, | |
69 | type => 'string', format => 'pve-iface-list', | |
70 | }, | |
71 | ovs_tag => { | |
72 | description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)", | |
73 | optional => 1, | |
74 | type => 'integer', | |
75 | minimum => 1, | |
76 | maximum => 4094, | |
77 | }, | |
78 | ovs_options => { | |
79 | description => "OVS interface options.", | |
80 | optional => 1, | |
81 | type => 'string', | |
82 | maxLength => 1024, | |
83 | }, | |
84 | ovs_bridge => { | |
85 | description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.", | |
86 | optional => 1, | |
87 | type => 'string', format => 'pve-iface', | |
88 | }, | |
89 | slaves => { | |
90 | description => "Specify the interfaces used by the bonding device.", | |
91 | optional => 1, | |
92 | type => 'string', format => 'pve-iface-list', | |
93 | }, | |
94 | ovs_bonds => { | |
95 | description => "Specify the interfaces used by the bonding device.", | |
96 | optional => 1, | |
97 | type => 'string', format => 'pve-iface-list', | |
98 | }, | |
99 | bond_mode => { | |
100 | description => "Bonding mode.", | |
101 | optional => 1, | |
102 | type => 'string', enum => $bond_mode_enum, | |
103 | }, | |
104 | bond_xmit_hash_policy => { | |
105 | description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.", | |
106 | optional => 1, | |
107 | type => 'string', | |
108 | enum => ['layer2', 'layer2+3', 'layer3+4' ], | |
109 | }, | |
110 | gateway => { | |
111 | description => 'Default gateway address.', | |
112 | type => 'string', format => 'ipv4', | |
113 | optional => 1, | |
114 | }, | |
115 | netmask => { | |
116 | description => 'Network mask.', | |
117 | type => 'string', format => 'ipv4mask', | |
118 | optional => 1, | |
119 | requires => 'address', | |
120 | }, | |
121 | address => { | |
122 | description => 'IP address.', | |
123 | type => 'string', format => 'ipv4', | |
124 | optional => 1, | |
125 | requires => 'netmask', | |
126 | }, | |
1e94d062 DC |
127 | cidr => { |
128 | description => 'IPv4 CIDR.', | |
129 | type => 'string', format => 'CIDRv4', | |
130 | optional => 1, | |
131 | }, | |
2551682a DM |
132 | gateway6 => { |
133 | description => 'Default ipv6 gateway address.', | |
134 | type => 'string', format => 'ipv6', | |
135 | optional => 1, | |
136 | }, | |
137 | netmask6 => { | |
138 | description => 'Network mask.', | |
139 | type => 'integer', minimum => 0, maximum => 128, | |
140 | optional => 1, | |
141 | requires => 'address6', | |
142 | }, | |
143 | address6 => { | |
144 | description => 'IP address.', | |
145 | type => 'string', format => 'ipv6', | |
146 | optional => 1, | |
147 | requires => 'netmask6', | |
1e94d062 DC |
148 | }, |
149 | cidr6 => { | |
150 | description => 'IPv6 CIDR.', | |
151 | type => 'string', format => 'CIDRv6', | |
152 | optional => 1, | |
153 | }, | |
2551682a DM |
154 | }; |
155 | ||
156 | sub json_config_properties { | |
157 | my $prop = shift; | |
158 | ||
159 | foreach my $opt (keys %$confdesc) { | |
160 | $prop->{$opt} = $confdesc->{$opt}; | |
161 | } | |
162 | ||
163 | return $prop; | |
164 | } | |
165 | ||
166 | __PACKAGE__->register_method({ | |
167 | name => 'index', | |
168 | path => '', | |
169 | method => 'GET', | |
170 | description => "List available networks", | |
171 | proxyto => 'node', | |
aea3488a | 172 | permissions => { check => [ 'admin', 'audit' ] }, |
2551682a DM |
173 | parameters => { |
174 | additionalProperties => 0, | |
175 | properties => { | |
176 | node => get_standard_option('pve-node'), | |
177 | type => { | |
178 | description => "Only list specific interface types.", | |
179 | type => 'string', | |
180 | enum => [ @$network_type_enum, 'any_bridge' ], | |
181 | optional => 1, | |
182 | }, | |
183 | }, | |
184 | }, | |
185 | returns => { | |
186 | type => "array", | |
187 | items => { | |
188 | type => "object", | |
189 | properties => {}, | |
190 | }, | |
191 | links => [ { rel => 'child', href => "{iface}" } ], | |
192 | }, | |
193 | code => sub { | |
194 | my ($param) = @_; | |
195 | ||
f1c29260 | 196 | my $restenv = PMG::RESTEnvironment->get(); |
2551682a DM |
197 | |
198 | my $tmp = PVE::INotify::read_file('interfaces', 1); | |
199 | my $config = $tmp->{data}; | |
200 | my $changes = $tmp->{changes}; | |
201 | ||
202 | $restenv->set_result_attrib('changes', $changes) if $changes; | |
203 | ||
204 | my $ifaces = $config->{ifaces}; | |
205 | ||
206 | delete $ifaces->{lo}; # do not list the loopback device | |
207 | ||
208 | if ($param->{type}) { | |
209 | foreach my $k (keys %$ifaces) { | |
210 | my $type = $ifaces->{$k}->{type}; | |
211 | my $match = ($param->{type} eq $type) || ( | |
212 | ($param->{type} eq 'any_bridge') && | |
213 | ($type eq 'bridge' || $type eq 'OVSBridge')); | |
214 | delete $ifaces->{$k} if !$match; | |
215 | } | |
216 | } | |
217 | ||
218 | return PVE::RESTHandler::hash_to_array($ifaces, 'iface'); | |
219 | }}); | |
220 | ||
221 | __PACKAGE__->register_method({ | |
222 | name => 'revert_network_changes', | |
223 | path => '', | |
224 | method => 'DELETE', | |
225 | protected => 1, | |
226 | description => "Revert network configuration changes.", | |
227 | proxyto => 'node', | |
228 | parameters => { | |
229 | additionalProperties => 0, | |
230 | properties => { | |
231 | node => get_standard_option('pve-node'), | |
232 | }, | |
233 | }, | |
234 | returns => { type => "null" }, | |
235 | code => sub { | |
236 | my ($param) = @_; | |
237 | ||
238 | unlink "/etc/network/interfaces.new"; | |
239 | ||
240 | return undef; | |
241 | }}); | |
242 | ||
243 | my $check_duplicate = sub { | |
244 | my ($config, $newiface, $key, $name) = @_; | |
245 | ||
246 | foreach my $iface (keys %$config) { | |
247 | raise_param_exc({ $key => "$name already exists on interface '$iface'." }) | |
248 | if ($newiface ne $iface) && $config->{$iface}->{$key}; | |
249 | } | |
250 | }; | |
251 | ||
252 | my $check_duplicate_gateway = sub { | |
253 | my ($config, $newiface) = @_; | |
254 | return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway'); | |
255 | }; | |
256 | ||
257 | my $check_duplicate_gateway6 = sub { | |
258 | my ($config, $newiface) = @_; | |
259 | return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway'); | |
260 | }; | |
261 | ||
262 | sub ipv6_tobin { | |
263 | return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6); | |
264 | } | |
265 | ||
266 | my $check_ipv6_settings = sub { | |
267 | my ($address, $netmask) = @_; | |
268 | ||
269 | raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" }) | |
270 | if $netmask < 0 || $netmask > 128; | |
271 | ||
272 | raise_param_exc({ address => "$address is not a valid host ip address." }) | |
273 | if !Net::IP::ip_is_ipv6($address); | |
274 | ||
275 | my $binip = ipv6_tobin($address); | |
276 | my $binmask = Net::IP::ip_get_mask($netmask, 6); | |
277 | ||
278 | my $type = Net::IP::ip_iptypev6($binip); | |
279 | ||
280 | raise_param_exc({ address => "$address is not a valid host ip address." }) | |
281 | if ($binip eq $binmask) || | |
282 | (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/); | |
283 | }; | |
284 | ||
1e94d062 DC |
285 | my $map_cidr_to_address_netmask = sub { |
286 | my ($param) = @_; | |
287 | ||
288 | if ($param->{cidr}) { | |
289 | raise_param_exc({ address => "address conflicts with cidr" }) | |
290 | if $param->{address}; | |
291 | raise_param_exc({ netmask => "netmask conflicts with cidr" }) | |
292 | if $param->{netmask}; | |
293 | ||
294 | my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!; | |
295 | $param->{address} = $address; | |
296 | $param->{netmask} = $netmask; | |
297 | delete $param->{cidr}; | |
298 | } | |
299 | ||
300 | if ($param->{cidr6}) { | |
301 | raise_param_exc({ address6 => "address6 conflicts with cidr6" }) | |
302 | if $param->{address6}; | |
303 | raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" }) | |
304 | if $param->{netmask6}; | |
305 | ||
306 | my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!; | |
307 | $param->{address6} = $address; | |
308 | $param->{netmask6} = $netmask; | |
309 | delete $param->{cidr6}; | |
310 | } | |
311 | }; | |
312 | ||
2551682a DM |
313 | __PACKAGE__->register_method({ |
314 | name => 'create_network', | |
315 | path => '', | |
316 | method => 'POST', | |
317 | description => "Create network device configuration", | |
318 | protected => 1, | |
319 | proxyto => 'node', | |
320 | parameters => { | |
321 | additionalProperties => 0, | |
322 | properties => json_config_properties({ | |
323 | node => get_standard_option('pve-node'), | |
324 | iface => get_standard_option('pve-iface')}), | |
325 | }, | |
326 | returns => { type => 'null' }, | |
327 | code => sub { | |
328 | my ($param) = @_; | |
329 | ||
330 | my $node = extract_param($param, 'node'); | |
331 | my $iface = extract_param($param, 'iface'); | |
332 | ||
333 | my $code = sub { | |
334 | my $config = PVE::INotify::read_file('interfaces'); | |
335 | my $ifaces = $config->{ifaces}; | |
336 | ||
337 | raise_param_exc({ iface => "interface already exists" }) | |
338 | if $ifaces->{$iface}; | |
339 | ||
340 | &$check_duplicate_gateway($ifaces, $iface) | |
341 | if $param->{gateway}; | |
342 | &$check_duplicate_gateway6($ifaces, $iface) | |
343 | if $param->{gateway6}; | |
344 | ||
1e94d062 DC |
345 | $map_cidr_to_address_netmask->($param); |
346 | ||
2551682a DM |
347 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})) |
348 | if $param->{address6}; | |
349 | ||
350 | my $families = $param->{families} = []; | |
351 | push @$families, 'inet' | |
352 | if $param->{address} && !grep(/^inet$/, @$families); | |
353 | push @$families, 'inet6' | |
354 | if $param->{address6} && !grep(/^inet6$/, @$families); | |
355 | @$families = ('inet') if !scalar(@$families); | |
356 | ||
357 | $param->{method} = $param->{address} ? 'static' : 'manual'; | |
358 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; | |
359 | ||
360 | if ($param->{type} =~ m/^OVS/) { | |
361 | -x '/usr/bin/ovs-vsctl' || | |
362 | die "Open VSwitch is not installed (need package 'openvswitch-switch')\n"; | |
363 | } | |
364 | ||
365 | if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') { | |
366 | my $brname = $param->{ovs_bridge}; | |
367 | raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname; | |
368 | my $br = $ifaces->{$brname}; | |
369 | raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br; | |
370 | raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" }) | |
371 | if $br->{type} ne 'OVSBridge'; | |
372 | ||
373 | my @ports = split (/\s+/, $br->{ovs_ports} || ''); | |
374 | $br->{ovs_ports} = join(' ', @ports, $iface) | |
375 | if ! grep { $_ eq $iface } @ports; | |
376 | } | |
377 | ||
378 | $ifaces->{$iface} = $param; | |
379 | ||
380 | PVE::INotify::write_file('interfaces', $config); | |
381 | }; | |
382 | ||
383 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
384 | die $@ if $@; | |
385 | ||
386 | return undef; | |
387 | }}); | |
388 | ||
389 | __PACKAGE__->register_method({ | |
390 | name => 'update_network', | |
391 | path => '{iface}', | |
392 | method => 'PUT', | |
393 | description => "Update network device configuration", | |
394 | protected => 1, | |
395 | proxyto => 'node', | |
396 | parameters => { | |
397 | additionalProperties => 0, | |
398 | properties => json_config_properties({ | |
399 | node => get_standard_option('pve-node'), | |
400 | iface => get_standard_option('pve-iface'), | |
401 | delete => { | |
402 | type => 'string', format => 'pve-configid-list', | |
403 | description => "A list of settings you want to delete.", | |
404 | optional => 1, | |
405 | }}), | |
406 | }, | |
407 | returns => { type => 'null' }, | |
408 | code => sub { | |
409 | my ($param) = @_; | |
410 | ||
411 | my $node = extract_param($param, 'node'); | |
412 | my $iface = extract_param($param, 'iface'); | |
413 | my $delete = extract_param($param, 'delete'); | |
414 | ||
415 | my $code = sub { | |
416 | my $config = PVE::INotify::read_file('interfaces'); | |
417 | my $ifaces = $config->{ifaces}; | |
418 | ||
419 | raise_param_exc({ iface => "interface does not exist" }) | |
420 | if !$ifaces->{$iface}; | |
421 | ||
422 | my $families = ($param->{families} ||= []); | |
423 | foreach my $k (PVE::Tools::split_list($delete)) { | |
424 | delete $ifaces->{$iface}->{$k}; | |
425 | @$families = grep(!/^inet$/, @$families) if $k eq 'address'; | |
426 | @$families = grep(!/^inet6$/, @$families) if $k eq 'address6'; | |
427 | } | |
428 | ||
1e94d062 DC |
429 | $map_cidr_to_address_netmask->($param); |
430 | ||
2551682a DM |
431 | &$check_duplicate_gateway($ifaces, $iface) |
432 | if $param->{gateway}; | |
433 | &$check_duplicate_gateway6($ifaces, $iface) | |
434 | if $param->{gateway6}; | |
435 | ||
436 | if ($param->{address}) { | |
437 | push @$families, 'inet' if !grep(/^inet$/, @$families); | |
438 | } else { | |
439 | @$families = grep(!/^inet$/, @$families); | |
440 | } | |
441 | if ($param->{address6}) { | |
442 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})); | |
443 | push @$families, 'inet6' if !grep(/^inet6$/, @$families); | |
444 | } else { | |
445 | @$families = grep(!/^inet6$/, @$families); | |
446 | } | |
447 | @$families = ('inet') if !scalar(@$families); | |
448 | ||
449 | $param->{method} = $param->{address} ? 'static' : 'manual'; | |
450 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; | |
451 | ||
452 | foreach my $k (keys %$param) { | |
453 | $ifaces->{$iface}->{$k} = $param->{$k}; | |
454 | } | |
455 | ||
456 | PVE::INotify::write_file('interfaces', $config); | |
457 | }; | |
458 | ||
459 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
460 | die $@ if $@; | |
461 | ||
462 | return undef; | |
463 | }}); | |
464 | ||
465 | __PACKAGE__->register_method({ | |
466 | name => 'network_config', | |
467 | path => '{iface}', | |
468 | method => 'GET', | |
469 | description => "Read network device configuration", | |
470 | proxyto => 'node', | |
aea3488a | 471 | permissions => { check => [ 'admin', 'audit' ] }, |
2551682a DM |
472 | parameters => { |
473 | additionalProperties => 0, | |
474 | properties => { | |
475 | node => get_standard_option('pve-node'), | |
476 | iface => get_standard_option('pve-iface'), | |
477 | }, | |
478 | }, | |
479 | returns => { | |
480 | type => "object", | |
481 | properties => { | |
482 | type => { | |
483 | type => 'string', | |
484 | }, | |
485 | method => { | |
486 | type => 'string', | |
487 | }, | |
488 | }, | |
489 | }, | |
490 | code => sub { | |
491 | my ($param) = @_; | |
492 | ||
493 | my $config = PVE::INotify::read_file('interfaces'); | |
494 | my $ifaces = $config->{ifaces}; | |
495 | ||
496 | raise_param_exc({ iface => "interface does not exist" }) | |
497 | if !$ifaces->{$param->{iface}}; | |
498 | ||
499 | return $ifaces->{$param->{iface}}; | |
500 | }}); | |
501 | ||
502 | __PACKAGE__->register_method({ | |
503 | name => 'delete_network', | |
504 | path => '{iface}', | |
505 | method => 'DELETE', | |
506 | description => "Delete network device configuration", | |
507 | protected => 1, | |
508 | proxyto => 'node', | |
509 | parameters => { | |
510 | additionalProperties => 0, | |
511 | properties => { | |
512 | node => get_standard_option('pve-node'), | |
513 | iface => get_standard_option('pve-iface'), | |
514 | }, | |
515 | }, | |
516 | returns => { type => 'null' }, | |
517 | code => sub { | |
518 | my ($param) = @_; | |
519 | ||
520 | my $code = sub { | |
521 | my $config = PVE::INotify::read_file('interfaces'); | |
522 | my $ifaces = $config->{ifaces}; | |
523 | ||
524 | raise_param_exc({ iface => "interface does not exist" }) | |
525 | if !$ifaces->{$param->{iface}}; | |
526 | ||
527 | my $d = $ifaces->{$param->{iface}}; | |
528 | if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') { | |
529 | if (my $brname = $d->{ovs_bridge}) { | |
530 | if (my $br = $ifaces->{$brname}) { | |
531 | if ($br->{ovs_ports}) { | |
532 | my @ports = split (/\s+/, $br->{ovs_ports}); | |
533 | my @new = grep { $_ ne $param->{iface} } @ports; | |
534 | $br->{ovs_ports} = join(' ', @new); | |
535 | } | |
536 | } | |
537 | } | |
538 | } | |
539 | ||
540 | delete $ifaces->{$param->{iface}}; | |
541 | ||
542 | PVE::INotify::write_file('interfaces', $config); | |
543 | }; | |
544 | ||
545 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
546 | die $@ if $@; | |
547 | ||
548 | return undef; | |
549 | }}); | |
550 | ||
551 | 1; |