]>
Commit | Line | Data |
---|---|---|
aff192e6 DM |
1 | package PVE::API2::Network; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
d09f6f7d | 6 | use Net::IP qw(:PROC); |
cacd7547 | 7 | use PVE::Tools qw(extract_param dir_glob_regex); |
aff192e6 DM |
8 | use PVE::SafeSyslog; |
9 | use PVE::INotify; | |
10 | use PVE::Exception qw(raise_param_exc); | |
11 | use PVE::RESTHandler; | |
12 | use PVE::RPCEnvironment; | |
13 | use PVE::JSONSchema qw(get_standard_option); | |
14 | use PVE::AccessControl; | |
15 | use IO::File; | |
16 | ||
17 | use base qw(PVE::RESTHandler); | |
18 | ||
2bca9b77 AD |
19 | my $have_sdn; |
20 | eval { | |
20dc8bbe AD |
21 | require PVE::Network::SDN::Zones; |
22 | require PVE::Network::SDN::Controllers; | |
2bca9b77 AD |
23 | $have_sdn = 1; |
24 | }; | |
25 | ||
aff192e6 DM |
26 | my $iflockfn = "/etc/network/.pve-interfaces.lock"; |
27 | ||
28 | my $bond_mode_enum = [ | |
29 | 'balance-rr', | |
10a9563e | 30 | 'active-backup', # OVS and Linux |
aff192e6 DM |
31 | 'balance-xor', |
32 | 'broadcast', | |
33 | '802.3ad', | |
34 | 'balance-tlb', | |
d11733f8 | 35 | 'balance-alb', |
10a9563e DM |
36 | 'balance-slb', # OVS |
37 | 'lacp-balance-slb', # OVS | |
38 | 'lacp-balance-tcp', # OVS | |
aff192e6 DM |
39 | ]; |
40 | ||
3f0d1a4b | 41 | my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan', |
d11733f8 DM |
42 | 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort']; |
43 | ||
aff192e6 | 44 | my $confdesc = { |
d11733f8 DM |
45 | type => { |
46 | description => "Network interface type", | |
47 | type => 'string', | |
48 | enum => [@$network_type_enum, 'unknown'], | |
49 | }, | |
44d353a7 DM |
50 | comments => { |
51 | description => "Comments", | |
52 | type => 'string', | |
b5eda023 | 53 | optional => 1, |
44d353a7 | 54 | }, |
3ed15e6c WB |
55 | comments6 => { |
56 | description => "Comments", | |
57 | type => 'string', | |
58 | optional => 1, | |
59 | }, | |
aff192e6 DM |
60 | autostart => { |
61 | description => "Automatically start interface on boot.", | |
62 | type => 'boolean', | |
63 | optional => 1, | |
64 | }, | |
a1604d70 AD |
65 | bridge_vlan_aware => { |
66 | description => "Enable bridge vlan support.", | |
67 | type => 'boolean', | |
68 | optional => 1, | |
69 | }, | |
aff192e6 | 70 | bridge_ports => { |
76189130 | 71 | description => "Specify the interfaces you want to add to your bridge.", |
aff192e6 DM |
72 | optional => 1, |
73 | type => 'string', format => 'pve-iface-list', | |
74 | }, | |
d11733f8 | 75 | ovs_ports => { |
76189130 | 76 | description => "Specify the interfaces you want to add to your bridge.", |
d11733f8 DM |
77 | optional => 1, |
78 | type => 'string', format => 'pve-iface-list', | |
79 | }, | |
4c917e97 DM |
80 | ovs_tag => { |
81 | description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)", | |
82 | optional => 1, | |
83 | type => 'integer', | |
84 | minimum => 1, | |
85 | maximum => 4094, | |
86 | }, | |
d11733f8 DM |
87 | ovs_options => { |
88 | description => "OVS interface options.", | |
89 | optional => 1, | |
90 | type => 'string', | |
91 | maxLength => 1024, | |
92 | }, | |
93 | ovs_bridge => { | |
94 | description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.", | |
95 | optional => 1, | |
96 | type => 'string', format => 'pve-iface', | |
97 | }, | |
aff192e6 DM |
98 | slaves => { |
99 | description => "Specify the interfaces used by the bonding device.", | |
100 | optional => 1, | |
101 | type => 'string', format => 'pve-iface-list', | |
102 | }, | |
d11733f8 DM |
103 | ovs_bonds => { |
104 | description => "Specify the interfaces used by the bonding device.", | |
105 | optional => 1, | |
106 | type => 'string', format => 'pve-iface-list', | |
107 | }, | |
aff192e6 DM |
108 | bond_mode => { |
109 | description => "Bonding mode.", | |
110 | optional => 1, | |
111 | type => 'string', enum => $bond_mode_enum, | |
112 | }, | |
ffffb625 DM |
113 | bond_xmit_hash_policy => { |
114 | description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.", | |
115 | optional => 1, | |
116 | type => 'string', | |
117 | enum => ['layer2', 'layer2+3', 'layer3+4' ], | |
118 | }, | |
aff192e6 DM |
119 | gateway => { |
120 | description => 'Default gateway address.', | |
121 | type => 'string', format => 'ipv4', | |
122 | optional => 1, | |
123 | }, | |
124 | netmask => { | |
125 | description => 'Network mask.', | |
126 | type => 'string', format => 'ipv4mask', | |
127 | optional => 1, | |
1904114e | 128 | requires => 'address', |
aff192e6 DM |
129 | }, |
130 | address => { | |
131 | description => 'IP address.', | |
132 | type => 'string', format => 'ipv4', | |
133 | optional => 1, | |
134 | requires => 'netmask', | |
3ed15e6c | 135 | }, |
69106e5c DC |
136 | cidr => { |
137 | description => 'IPv4 CIDR.', | |
138 | type => 'string', format => 'CIDRv4', | |
139 | optional => 1, | |
140 | }, | |
3ed15e6c WB |
141 | gateway6 => { |
142 | description => 'Default ipv6 gateway address.', | |
143 | type => 'string', format => 'ipv6', | |
144 | optional => 1, | |
145 | }, | |
146 | netmask6 => { | |
147 | description => 'Network mask.', | |
148 | type => 'integer', minimum => 0, maximum => 128, | |
149 | optional => 1, | |
150 | requires => 'address6', | |
151 | }, | |
152 | address6 => { | |
153 | description => 'IP address.', | |
154 | type => 'string', format => 'ipv6', | |
155 | optional => 1, | |
156 | requires => 'netmask6', | |
69106e5c DC |
157 | }, |
158 | cidr6 => { | |
159 | description => 'IPv6 CIDR.', | |
160 | type => 'string', format => 'CIDRv6', | |
161 | optional => 1, | |
162 | }, | |
aff192e6 DM |
163 | }; |
164 | ||
165 | sub json_config_properties { | |
166 | my $prop = shift; | |
167 | ||
168 | foreach my $opt (keys %$confdesc) { | |
169 | $prop->{$opt} = $confdesc->{$opt}; | |
170 | } | |
171 | ||
172 | return $prop; | |
173 | } | |
174 | ||
175 | __PACKAGE__->register_method({ | |
176 | name => 'index', | |
177 | path => '', | |
178 | method => 'GET', | |
179 | permissions => { user => 'all' }, | |
180 | description => "List available networks", | |
181 | proxyto => 'node', | |
182 | parameters => { | |
183 | additionalProperties => 0, | |
184 | properties => { | |
185 | node => get_standard_option('pve-node'), | |
186 | type => { | |
187 | description => "Only list specific interface types.", | |
188 | type => 'string', | |
4c917e97 | 189 | enum => [ @$network_type_enum, 'any_bridge' ], |
aff192e6 DM |
190 | optional => 1, |
191 | }, | |
192 | }, | |
193 | }, | |
194 | returns => { | |
195 | type => "array", | |
196 | items => { | |
197 | type => "object", | |
198 | properties => {}, | |
199 | }, | |
200 | links => [ { rel => 'child', href => "{iface}" } ], | |
201 | }, | |
202 | code => sub { | |
203 | my ($param) = @_; | |
204 | ||
e4d5bf72 DM |
205 | my $rpcenv = PVE::RPCEnvironment::get(); |
206 | ||
207 | my $tmp = PVE::INotify::read_file('interfaces', 1); | |
208 | my $config = $tmp->{data}; | |
209 | my $changes = $tmp->{changes}; | |
210 | ||
211 | $rpcenv->set_result_attrib('changes', $changes) if $changes; | |
aff192e6 | 212 | |
3ed15e6c WB |
213 | my $ifaces = $config->{ifaces}; |
214 | ||
215 | delete $ifaces->{lo}; # do not list the loopback device | |
aff192e6 DM |
216 | |
217 | if ($param->{type}) { | |
3ed15e6c WB |
218 | foreach my $k (keys %$ifaces) { |
219 | my $type = $ifaces->{$k}->{type}; | |
4c917e97 DM |
220 | my $match = ($param->{type} eq $type) || ( |
221 | ($param->{type} eq 'any_bridge') && | |
222 | ($type eq 'bridge' || $type eq 'OVSBridge')); | |
3ed15e6c | 223 | delete $ifaces->{$k} if !$match; |
aff192e6 DM |
224 | } |
225 | } | |
226 | ||
3ed15e6c | 227 | return PVE::RESTHandler::hash_to_array($ifaces, 'iface'); |
aff192e6 DM |
228 | }}); |
229 | ||
e4d5bf72 DM |
230 | __PACKAGE__->register_method({ |
231 | name => 'revert_network_changes', | |
232 | path => '', | |
233 | method => 'DELETE', | |
234 | permissions => { | |
235 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
236 | }, | |
237 | protected => 1, | |
238 | description => "Revert network configuration changes.", | |
239 | proxyto => 'node', | |
240 | parameters => { | |
241 | additionalProperties => 0, | |
242 | properties => { | |
243 | node => get_standard_option('pve-node'), | |
244 | }, | |
245 | }, | |
246 | returns => { type => "null" }, | |
247 | code => sub { | |
248 | my ($param) = @_; | |
249 | ||
250 | unlink "/etc/network/interfaces.new"; | |
251 | ||
252 | return undef; | |
253 | }}); | |
aff192e6 | 254 | |
3ed15e6c WB |
255 | my $check_duplicate = sub { |
256 | my ($config, $newiface, $key, $name) = @_; | |
aff192e6 DM |
257 | |
258 | foreach my $iface (keys %$config) { | |
3ed15e6c WB |
259 | raise_param_exc({ $key => "$name already exists on interface '$iface'." }) |
260 | if ($newiface ne $iface) && $config->{$iface}->{$key}; | |
aff192e6 DM |
261 | } |
262 | }; | |
263 | ||
3ed15e6c WB |
264 | my $check_duplicate_gateway = sub { |
265 | my ($config, $newiface) = @_; | |
266 | return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway'); | |
267 | }; | |
268 | ||
269 | my $check_duplicate_gateway6 = sub { | |
270 | my ($config, $newiface) = @_; | |
271 | return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway'); | |
272 | }; | |
273 | ||
3ed15e6c WB |
274 | sub ipv6_tobin { |
275 | return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6); | |
276 | } | |
277 | ||
278 | my $check_ipv6_settings = sub { | |
279 | my ($address, $netmask) = @_; | |
280 | ||
281 | raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" }) | |
282 | if $netmask < 0 || $netmask > 128; | |
283 | ||
0f6e6f6b | 284 | raise_param_exc({ address => "$address is not a valid host IPv6 address." }) |
3ed15e6c WB |
285 | if !Net::IP::ip_is_ipv6($address); |
286 | ||
287 | my $binip = ipv6_tobin($address); | |
288 | my $binmask = Net::IP::ip_get_mask($netmask, 6); | |
289 | ||
0f6e6f6b | 290 | my $type = ($binip eq $binmask) ? 'ANYCAST' : Net::IP::ip_iptypev6($binip); |
3ed15e6c | 291 | |
0f6e6f6b | 292 | if (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/) { |
68f371d4 | 293 | raise_param_exc({ address => "$address with type '$type', cannot be used as host IPv6 address." }); |
0f6e6f6b | 294 | } |
3ed15e6c WB |
295 | }; |
296 | ||
69106e5c DC |
297 | my $map_cidr_to_address_netmask = sub { |
298 | my ($param) = @_; | |
299 | ||
300 | if ($param->{cidr}) { | |
301 | raise_param_exc({ address => "address conflicts with cidr" }) | |
302 | if $param->{address}; | |
303 | raise_param_exc({ netmask => "netmask conflicts with cidr" }) | |
304 | if $param->{netmask}; | |
305 | ||
306 | my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!; | |
307 | $param->{address} = $address; | |
308 | $param->{netmask} = $netmask; | |
309 | delete $param->{cidr}; | |
310 | } | |
311 | ||
312 | if ($param->{cidr6}) { | |
313 | raise_param_exc({ address6 => "address6 conflicts with cidr6" }) | |
314 | if $param->{address6}; | |
315 | raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" }) | |
316 | if $param->{netmask6}; | |
317 | ||
318 | my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!; | |
319 | $param->{address6} = $address; | |
320 | $param->{netmask6} = $netmask; | |
321 | delete $param->{cidr6}; | |
322 | } | |
323 | }; | |
324 | ||
aff192e6 DM |
325 | __PACKAGE__->register_method({ |
326 | name => 'create_network', | |
327 | path => '', | |
328 | method => 'POST', | |
329 | permissions => { | |
7d020b42 | 330 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
331 | }, |
332 | description => "Create network device configuration", | |
333 | protected => 1, | |
334 | proxyto => 'node', | |
335 | parameters => { | |
336 | additionalProperties => 0, | |
337 | properties => json_config_properties({ | |
338 | node => get_standard_option('pve-node'), | |
339 | iface => get_standard_option('pve-iface')}), | |
340 | }, | |
341 | returns => { type => 'null' }, | |
342 | code => sub { | |
343 | my ($param) = @_; | |
344 | ||
345 | my $node = extract_param($param, 'node'); | |
346 | my $iface = extract_param($param, 'iface'); | |
347 | ||
348 | my $code = sub { | |
349 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 350 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
351 | |
352 | raise_param_exc({ iface => "interface already exists" }) | |
3ed15e6c | 353 | if $ifaces->{$iface}; |
aff192e6 | 354 | |
3ed15e6c | 355 | &$check_duplicate_gateway($ifaces, $iface) |
aff192e6 | 356 | if $param->{gateway}; |
3ed15e6c WB |
357 | &$check_duplicate_gateway6($ifaces, $iface) |
358 | if $param->{gateway6}; | |
aff192e6 | 359 | |
69106e5c DC |
360 | $map_cidr_to_address_netmask->($param); |
361 | ||
3ed15e6c WB |
362 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})) |
363 | if $param->{address6}; | |
364 | ||
365 | my $families = $param->{families} = []; | |
366 | push @$families, 'inet' | |
367 | if $param->{address} && !grep(/^inet$/, @$families); | |
368 | push @$families, 'inet6' | |
369 | if $param->{address6} && !grep(/^inet6$/, @$families); | |
370 | @$families = ('inet') if !scalar(@$families); | |
e16a27be | 371 | |
aff192e6 | 372 | $param->{method} = $param->{address} ? 'static' : 'manual'; |
3ed15e6c | 373 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; |
aff192e6 | 374 | |
bdfa2498 DM |
375 | if ($param->{type} =~ m/^OVS/) { |
376 | -x '/usr/bin/ovs-vsctl' || | |
377 | die "Open VSwitch is not installed (need package 'openvswitch-switch')\n"; | |
378 | } | |
379 | ||
d11733f8 DM |
380 | if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') { |
381 | my $brname = $param->{ovs_bridge}; | |
382 | raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname; | |
3ed15e6c | 383 | my $br = $ifaces->{$brname}; |
d11733f8 DM |
384 | raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br; |
385 | raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" }) | |
386 | if $br->{type} ne 'OVSBridge'; | |
387 | ||
388 | my @ports = split (/\s+/, $br->{ovs_ports} || ''); | |
389 | $br->{ovs_ports} = join(' ', @ports, $iface) | |
390 | if ! grep { $_ eq $iface } @ports; | |
391 | } | |
392 | ||
3ed15e6c | 393 | $ifaces->{$iface} = $param; |
aff192e6 DM |
394 | |
395 | PVE::INotify::write_file('interfaces', $config); | |
396 | }; | |
397 | ||
398 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
399 | die $@ if $@; | |
400 | ||
401 | return undef; | |
402 | }}); | |
403 | ||
404 | __PACKAGE__->register_method({ | |
405 | name => 'update_network', | |
406 | path => '{iface}', | |
407 | method => 'PUT', | |
408 | permissions => { | |
7d020b42 | 409 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
410 | }, |
411 | description => "Update network device configuration", | |
412 | protected => 1, | |
413 | proxyto => 'node', | |
414 | parameters => { | |
415 | additionalProperties => 0, | |
416 | properties => json_config_properties({ | |
417 | node => get_standard_option('pve-node'), | |
418 | iface => get_standard_option('pve-iface'), | |
419 | delete => { | |
420 | type => 'string', format => 'pve-configid-list', | |
421 | description => "A list of settings you want to delete.", | |
422 | optional => 1, | |
423 | }}), | |
424 | }, | |
425 | returns => { type => 'null' }, | |
426 | code => sub { | |
427 | my ($param) = @_; | |
428 | ||
429 | my $node = extract_param($param, 'node'); | |
430 | my $iface = extract_param($param, 'iface'); | |
431 | my $delete = extract_param($param, 'delete'); | |
432 | ||
433 | my $code = sub { | |
434 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 435 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
436 | |
437 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 438 | if !$ifaces->{$iface}; |
aff192e6 | 439 | |
3ed15e6c | 440 | my $families = ($param->{families} ||= []); |
aff192e6 | 441 | foreach my $k (PVE::Tools::split_list($delete)) { |
3ed15e6c WB |
442 | delete $ifaces->{$iface}->{$k}; |
443 | @$families = grep(!/^inet$/, @$families) if $k eq 'address'; | |
444 | @$families = grep(!/^inet6$/, @$families) if $k eq 'address6'; | |
47d13c02 DC |
445 | if ($k eq 'cidr') { |
446 | delete $ifaces->{$iface}->{netmask}; | |
447 | delete $ifaces->{$iface}->{address}; | |
448 | } elsif ($k eq 'cidr6') { | |
449 | delete $ifaces->{$iface}->{netmask6}; | |
450 | delete $ifaces->{$iface}->{address6}; | |
451 | } | |
aff192e6 DM |
452 | } |
453 | ||
69106e5c DC |
454 | $map_cidr_to_address_netmask->($param); |
455 | ||
3ed15e6c | 456 | &$check_duplicate_gateway($ifaces, $iface) |
aff192e6 | 457 | if $param->{gateway}; |
3ed15e6c WB |
458 | &$check_duplicate_gateway6($ifaces, $iface) |
459 | if $param->{gateway6}; | |
460 | ||
461 | if ($param->{address}) { | |
3ed15e6c WB |
462 | push @$families, 'inet' if !grep(/^inet$/, @$families); |
463 | } else { | |
464 | @$families = grep(!/^inet$/, @$families); | |
465 | } | |
466 | if ($param->{address6}) { | |
467 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})); | |
468 | push @$families, 'inet6' if !grep(/^inet6$/, @$families); | |
469 | } else { | |
470 | @$families = grep(!/^inet6$/, @$families); | |
471 | } | |
472 | @$families = ('inet') if !scalar(@$families); | |
e16a27be | 473 | |
aff192e6 | 474 | $param->{method} = $param->{address} ? 'static' : 'manual'; |
3ed15e6c | 475 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; |
aff192e6 DM |
476 | |
477 | foreach my $k (keys %$param) { | |
3ed15e6c | 478 | $ifaces->{$iface}->{$k} = $param->{$k}; |
aff192e6 DM |
479 | } |
480 | ||
481 | PVE::INotify::write_file('interfaces', $config); | |
482 | }; | |
483 | ||
484 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
485 | die $@ if $@; | |
486 | ||
487 | return undef; | |
488 | }}); | |
489 | ||
490 | __PACKAGE__->register_method({ | |
491 | name => 'network_config', | |
492 | path => '{iface}', | |
493 | method => 'GET', | |
494 | permissions => { | |
7d020b42 | 495 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
496 | }, |
497 | description => "Read network device configuration", | |
498 | proxyto => 'node', | |
499 | parameters => { | |
500 | additionalProperties => 0, | |
501 | properties => { | |
502 | node => get_standard_option('pve-node'), | |
503 | iface => get_standard_option('pve-iface'), | |
504 | }, | |
505 | }, | |
506 | returns => { | |
507 | type => "object", | |
508 | properties => { | |
509 | type => { | |
510 | type => 'string', | |
511 | }, | |
512 | method => { | |
513 | type => 'string', | |
514 | }, | |
515 | }, | |
516 | }, | |
517 | code => sub { | |
518 | my ($param) = @_; | |
519 | ||
520 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 521 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
522 | |
523 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 524 | if !$ifaces->{$param->{iface}}; |
aff192e6 | 525 | |
3ed15e6c | 526 | return $ifaces->{$param->{iface}}; |
aff192e6 DM |
527 | }}); |
528 | ||
cacd7547 AD |
529 | __PACKAGE__->register_method({ |
530 | name => 'reload_network_config', | |
531 | path => '', | |
532 | method => 'PUT', | |
533 | permissions => { | |
534 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
535 | }, | |
536 | description => "Reload network configuration", | |
537 | protected => 1, | |
538 | proxyto => 'node', | |
539 | parameters => { | |
540 | additionalProperties => 0, | |
541 | properties => { | |
542 | node => get_standard_option('pve-node'), | |
543 | }, | |
544 | }, | |
545 | returns => { type => 'string' }, | |
546 | code => sub { | |
547 | ||
548 | my ($param) = @_; | |
549 | ||
550 | my $rpcenv = PVE::RPCEnvironment::get(); | |
551 | ||
552 | my $authuser = $rpcenv->get_user(); | |
553 | ||
554 | my $current_config_file = "/etc/network/interfaces"; | |
555 | my $new_config_file = "/etc/network/interfaces.new"; | |
556 | ||
930d2678 | 557 | die "you need ifupdown2 to reload networking\n" if !-e '/usr/share/ifupdown2'; |
6159470e TL |
558 | |
559 | if (-x '/usr/bin/ovs-vsctl') { | |
560 | my $ovs_configured = sub { | |
561 | my $ifaces = shift; | |
562 | my @ovstypes = grep { $_->{type} =~ /^ovs\S+/i } values %$ifaces; | |
563 | return scalar(@ovstypes) > 0; | |
564 | }; | |
565 | my $tmp = PVE::INotify::read_file('interfaces', 1); | |
566 | my $ifaces = $tmp->{data}->{ifaces}; | |
567 | my $changes = $tmp->{changes}; | |
568 | ||
569 | if ($ovs_configured->($ifaces)) { | |
570 | die "There are OpenVSwitch configured interfaces, but ifupdown2 ". | |
571 | " reload is not compatible with openvswitch currently\n"; | |
572 | } elsif ($changes && $changes =~ /^\s*(?:[+-])?\s*(ovs_type|allow-ovs)/mi) { | |
573 | die "Changes include OpenVSwitch interfaces, but ifupdown2 ". | |
574 | "reload is not compatible with openvswitch currently\n"; | |
575 | } | |
576 | } | |
cacd7547 | 577 | |
cacd7547 AD |
578 | my $worker = sub { |
579 | ||
e46bf624 | 580 | rename($new_config_file, $current_config_file) if -e $new_config_file; |
cacd7547 | 581 | |
2bca9b77 | 582 | if ($have_sdn) { |
20dc8bbe AD |
583 | my $network_sdn_config = PVE::Network::SDN::Zones::generate_etc_network_config(); |
584 | PVE::Network::SDN::Zones::write_etc_network_config($network_sdn_config); | |
2bca9b77 AD |
585 | } |
586 | ||
cacd7547 AD |
587 | my $err = sub { |
588 | my $line = shift; | |
589 | if ($line =~ /(warning|error): (\S+):/) { | |
e46bf624 | 590 | print "$2 : $line \n"; |
cacd7547 AD |
591 | } |
592 | }; | |
084e6030 | 593 | PVE::Tools::run_command(['ifreload', '-a'], errfunc => $err); |
cacd7547 | 594 | |
20dc8bbe AD |
595 | if ($have_sdn) { |
596 | my $controller_config = PVE::Network::SDN::Controllers::generate_controller_config(); | |
597 | PVE::Network::SDN::Controllers::write_controller_config($controller_config) if ($controller_config); | |
598 | PVE::Network::SDN::Controllers::reload_controller(); | |
084e6030 | 599 | } |
cacd7547 AD |
600 | }; |
601 | return $rpcenv->fork_worker('srvreload', 'networking', $authuser, $worker); | |
602 | }}); | |
603 | ||
aff192e6 DM |
604 | __PACKAGE__->register_method({ |
605 | name => 'delete_network', | |
606 | path => '{iface}', | |
607 | method => 'DELETE', | |
608 | permissions => { | |
7d020b42 | 609 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
610 | }, |
611 | description => "Delete network device configuration", | |
612 | protected => 1, | |
613 | proxyto => 'node', | |
614 | parameters => { | |
615 | additionalProperties => 0, | |
616 | properties => { | |
617 | node => get_standard_option('pve-node'), | |
618 | iface => get_standard_option('pve-iface'), | |
619 | }, | |
620 | }, | |
621 | returns => { type => 'null' }, | |
622 | code => sub { | |
623 | my ($param) = @_; | |
624 | ||
625 | my $code = sub { | |
626 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 627 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
628 | |
629 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 630 | if !$ifaces->{$param->{iface}}; |
aff192e6 | 631 | |
3ed15e6c | 632 | my $d = $ifaces->{$param->{iface}}; |
d11733f8 DM |
633 | if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') { |
634 | if (my $brname = $d->{ovs_bridge}) { | |
3ed15e6c | 635 | if (my $br = $ifaces->{$brname}) { |
d11733f8 DM |
636 | if ($br->{ovs_ports}) { |
637 | my @ports = split (/\s+/, $br->{ovs_ports}); | |
638 | my @new = grep { $_ ne $param->{iface} } @ports; | |
639 | $br->{ovs_ports} = join(' ', @new); | |
640 | } | |
641 | } | |
642 | } | |
643 | } | |
644 | ||
3ed15e6c | 645 | delete $ifaces->{$param->{iface}}; |
aff192e6 DM |
646 | |
647 | PVE::INotify::write_file('interfaces', $config); | |
648 | }; | |
649 | ||
650 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
651 | die $@ if $@; | |
652 | ||
653 | return undef; | |
654 | }}); |