]>
Commit | Line | Data |
---|---|---|
aff192e6 DM |
1 | package PVE::API2::Network; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
d09f6f7d | 6 | use Net::IP qw(:PROC); |
aff192e6 DM |
7 | use PVE::Tools qw(extract_param); |
8 | use PVE::SafeSyslog; | |
9 | use PVE::INotify; | |
10 | use PVE::Exception qw(raise_param_exc); | |
11 | use PVE::RESTHandler; | |
12 | use PVE::RPCEnvironment; | |
13 | use PVE::JSONSchema qw(get_standard_option); | |
14 | use PVE::AccessControl; | |
15 | use IO::File; | |
16 | ||
17 | use base qw(PVE::RESTHandler); | |
18 | ||
19 | my $iflockfn = "/etc/network/.pve-interfaces.lock"; | |
20 | ||
21 | my $bond_mode_enum = [ | |
22 | 'balance-rr', | |
10a9563e | 23 | 'active-backup', # OVS and Linux |
aff192e6 DM |
24 | 'balance-xor', |
25 | 'broadcast', | |
26 | '802.3ad', | |
27 | 'balance-tlb', | |
d11733f8 | 28 | 'balance-alb', |
10a9563e DM |
29 | 'balance-slb', # OVS |
30 | 'lacp-balance-slb', # OVS | |
31 | 'lacp-balance-tcp', # OVS | |
aff192e6 DM |
32 | ]; |
33 | ||
d11733f8 DM |
34 | my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', |
35 | 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort']; | |
36 | ||
aff192e6 | 37 | my $confdesc = { |
d11733f8 DM |
38 | type => { |
39 | description => "Network interface type", | |
40 | type => 'string', | |
41 | enum => [@$network_type_enum, 'unknown'], | |
42 | }, | |
44d353a7 DM |
43 | comments => { |
44 | description => "Comments", | |
45 | type => 'string', | |
b5eda023 | 46 | optional => 1, |
44d353a7 | 47 | }, |
3ed15e6c WB |
48 | comments6 => { |
49 | description => "Comments", | |
50 | type => 'string', | |
51 | optional => 1, | |
52 | }, | |
aff192e6 DM |
53 | autostart => { |
54 | description => "Automatically start interface on boot.", | |
55 | type => 'boolean', | |
56 | optional => 1, | |
57 | }, | |
58 | bridge_ports => { | |
59 | description => "Specify the iterfaces you want to add to your bridge.", | |
60 | optional => 1, | |
61 | type => 'string', format => 'pve-iface-list', | |
62 | }, | |
d11733f8 DM |
63 | ovs_ports => { |
64 | description => "Specify the iterfaces you want to add to your bridge.", | |
65 | optional => 1, | |
66 | type => 'string', format => 'pve-iface-list', | |
67 | }, | |
4c917e97 DM |
68 | ovs_tag => { |
69 | description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)", | |
70 | optional => 1, | |
71 | type => 'integer', | |
72 | minimum => 1, | |
73 | maximum => 4094, | |
74 | }, | |
d11733f8 DM |
75 | ovs_options => { |
76 | description => "OVS interface options.", | |
77 | optional => 1, | |
78 | type => 'string', | |
79 | maxLength => 1024, | |
80 | }, | |
81 | ovs_bridge => { | |
82 | description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.", | |
83 | optional => 1, | |
84 | type => 'string', format => 'pve-iface', | |
85 | }, | |
aff192e6 DM |
86 | slaves => { |
87 | description => "Specify the interfaces used by the bonding device.", | |
88 | optional => 1, | |
89 | type => 'string', format => 'pve-iface-list', | |
90 | }, | |
d11733f8 DM |
91 | ovs_bonds => { |
92 | description => "Specify the interfaces used by the bonding device.", | |
93 | optional => 1, | |
94 | type => 'string', format => 'pve-iface-list', | |
95 | }, | |
aff192e6 DM |
96 | bond_mode => { |
97 | description => "Bonding mode.", | |
98 | optional => 1, | |
99 | type => 'string', enum => $bond_mode_enum, | |
100 | }, | |
ffffb625 DM |
101 | bond_xmit_hash_policy => { |
102 | description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.", | |
103 | optional => 1, | |
104 | type => 'string', | |
105 | enum => ['layer2', 'layer2+3', 'layer3+4' ], | |
106 | }, | |
aff192e6 DM |
107 | gateway => { |
108 | description => 'Default gateway address.', | |
109 | type => 'string', format => 'ipv4', | |
110 | optional => 1, | |
111 | }, | |
112 | netmask => { | |
113 | description => 'Network mask.', | |
114 | type => 'string', format => 'ipv4mask', | |
115 | optional => 1, | |
1904114e | 116 | requires => 'address', |
aff192e6 DM |
117 | }, |
118 | address => { | |
119 | description => 'IP address.', | |
120 | type => 'string', format => 'ipv4', | |
121 | optional => 1, | |
122 | requires => 'netmask', | |
3ed15e6c WB |
123 | }, |
124 | gateway6 => { | |
125 | description => 'Default ipv6 gateway address.', | |
126 | type => 'string', format => 'ipv6', | |
127 | optional => 1, | |
128 | }, | |
129 | netmask6 => { | |
130 | description => 'Network mask.', | |
131 | type => 'integer', minimum => 0, maximum => 128, | |
132 | optional => 1, | |
133 | requires => 'address6', | |
134 | }, | |
135 | address6 => { | |
136 | description => 'IP address.', | |
137 | type => 'string', format => 'ipv6', | |
138 | optional => 1, | |
139 | requires => 'netmask6', | |
aff192e6 DM |
140 | } |
141 | }; | |
142 | ||
143 | sub json_config_properties { | |
144 | my $prop = shift; | |
145 | ||
146 | foreach my $opt (keys %$confdesc) { | |
147 | $prop->{$opt} = $confdesc->{$opt}; | |
148 | } | |
149 | ||
150 | return $prop; | |
151 | } | |
152 | ||
153 | __PACKAGE__->register_method({ | |
154 | name => 'index', | |
155 | path => '', | |
156 | method => 'GET', | |
157 | permissions => { user => 'all' }, | |
158 | description => "List available networks", | |
159 | proxyto => 'node', | |
160 | parameters => { | |
161 | additionalProperties => 0, | |
162 | properties => { | |
163 | node => get_standard_option('pve-node'), | |
164 | type => { | |
165 | description => "Only list specific interface types.", | |
166 | type => 'string', | |
4c917e97 | 167 | enum => [ @$network_type_enum, 'any_bridge' ], |
aff192e6 DM |
168 | optional => 1, |
169 | }, | |
170 | }, | |
171 | }, | |
172 | returns => { | |
173 | type => "array", | |
174 | items => { | |
175 | type => "object", | |
176 | properties => {}, | |
177 | }, | |
178 | links => [ { rel => 'child', href => "{iface}" } ], | |
179 | }, | |
180 | code => sub { | |
181 | my ($param) = @_; | |
182 | ||
e4d5bf72 DM |
183 | my $rpcenv = PVE::RPCEnvironment::get(); |
184 | ||
185 | my $tmp = PVE::INotify::read_file('interfaces', 1); | |
186 | my $config = $tmp->{data}; | |
187 | my $changes = $tmp->{changes}; | |
188 | ||
189 | $rpcenv->set_result_attrib('changes', $changes) if $changes; | |
aff192e6 | 190 | |
3ed15e6c WB |
191 | my $ifaces = $config->{ifaces}; |
192 | ||
193 | delete $ifaces->{lo}; # do not list the loopback device | |
aff192e6 DM |
194 | |
195 | if ($param->{type}) { | |
3ed15e6c WB |
196 | foreach my $k (keys %$ifaces) { |
197 | my $type = $ifaces->{$k}->{type}; | |
4c917e97 DM |
198 | my $match = ($param->{type} eq $type) || ( |
199 | ($param->{type} eq 'any_bridge') && | |
200 | ($type eq 'bridge' || $type eq 'OVSBridge')); | |
3ed15e6c | 201 | delete $ifaces->{$k} if !$match; |
aff192e6 DM |
202 | } |
203 | } | |
204 | ||
3ed15e6c | 205 | return PVE::RESTHandler::hash_to_array($ifaces, 'iface'); |
aff192e6 DM |
206 | }}); |
207 | ||
e4d5bf72 DM |
208 | __PACKAGE__->register_method({ |
209 | name => 'revert_network_changes', | |
210 | path => '', | |
211 | method => 'DELETE', | |
212 | permissions => { | |
213 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
214 | }, | |
215 | protected => 1, | |
216 | description => "Revert network configuration changes.", | |
217 | proxyto => 'node', | |
218 | parameters => { | |
219 | additionalProperties => 0, | |
220 | properties => { | |
221 | node => get_standard_option('pve-node'), | |
222 | }, | |
223 | }, | |
224 | returns => { type => "null" }, | |
225 | code => sub { | |
226 | my ($param) = @_; | |
227 | ||
228 | unlink "/etc/network/interfaces.new"; | |
229 | ||
230 | return undef; | |
231 | }}); | |
aff192e6 | 232 | |
3ed15e6c WB |
233 | my $check_duplicate = sub { |
234 | my ($config, $newiface, $key, $name) = @_; | |
aff192e6 DM |
235 | |
236 | foreach my $iface (keys %$config) { | |
3ed15e6c WB |
237 | raise_param_exc({ $key => "$name already exists on interface '$iface'." }) |
238 | if ($newiface ne $iface) && $config->{$iface}->{$key}; | |
aff192e6 DM |
239 | } |
240 | }; | |
241 | ||
3ed15e6c WB |
242 | my $check_duplicate_gateway = sub { |
243 | my ($config, $newiface) = @_; | |
244 | return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway'); | |
245 | }; | |
246 | ||
247 | my $check_duplicate_gateway6 = sub { | |
248 | my ($config, $newiface) = @_; | |
249 | return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway'); | |
250 | }; | |
251 | ||
e16a27be | 252 | my $check_ipv4_settings = sub { |
1904114e | 253 | my ($address, $netmask) = @_; |
e16a27be | 254 | |
1904114e DM |
255 | my $binip = Net::IP::ip_iptobin($address, 4); |
256 | my $binmask = Net::IP::ip_iptobin($netmask, 4); | |
d09f6f7d | 257 | my $broadcast = Net::IP::ip_iptobin('255.255.255.255', 4); |
e16a27be DP |
258 | my $binhost = $binip | $binmask; |
259 | ||
1904114e | 260 | raise_param_exc({ address => "$address is not a valid host ip address." }) |
e16a27be DP |
261 | if ($binhost eq $binmask) || ($binhost eq $broadcast); |
262 | }; | |
aff192e6 | 263 | |
3ed15e6c WB |
264 | sub ipv6_tobin { |
265 | return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6); | |
266 | } | |
267 | ||
268 | my $check_ipv6_settings = sub { | |
269 | my ($address, $netmask) = @_; | |
270 | ||
271 | raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" }) | |
272 | if $netmask < 0 || $netmask > 128; | |
273 | ||
274 | raise_param_exc({ address => "$address is not a valid host ip address." }) | |
275 | if !Net::IP::ip_is_ipv6($address); | |
276 | ||
277 | my $binip = ipv6_tobin($address); | |
278 | my $binmask = Net::IP::ip_get_mask($netmask, 6); | |
279 | ||
280 | my $type = Net::IP::ip_iptypev6($binip); | |
281 | ||
282 | raise_param_exc({ address => "$address is not a valid host ip address." }) | |
283 | if ($binip eq $binmask) || | |
284 | (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/); | |
285 | }; | |
286 | ||
aff192e6 DM |
287 | __PACKAGE__->register_method({ |
288 | name => 'create_network', | |
289 | path => '', | |
290 | method => 'POST', | |
291 | permissions => { | |
7d020b42 | 292 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
293 | }, |
294 | description => "Create network device configuration", | |
295 | protected => 1, | |
296 | proxyto => 'node', | |
297 | parameters => { | |
298 | additionalProperties => 0, | |
299 | properties => json_config_properties({ | |
300 | node => get_standard_option('pve-node'), | |
301 | iface => get_standard_option('pve-iface')}), | |
302 | }, | |
303 | returns => { type => 'null' }, | |
304 | code => sub { | |
305 | my ($param) = @_; | |
306 | ||
307 | my $node = extract_param($param, 'node'); | |
308 | my $iface = extract_param($param, 'iface'); | |
309 | ||
310 | my $code = sub { | |
311 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 312 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
313 | |
314 | raise_param_exc({ iface => "interface already exists" }) | |
3ed15e6c | 315 | if $ifaces->{$iface}; |
aff192e6 | 316 | |
3ed15e6c | 317 | &$check_duplicate_gateway($ifaces, $iface) |
aff192e6 | 318 | if $param->{gateway}; |
3ed15e6c WB |
319 | &$check_duplicate_gateway6($ifaces, $iface) |
320 | if $param->{gateway6}; | |
aff192e6 | 321 | |
1904114e DM |
322 | &$check_ipv4_settings($param->{address}, $param->{netmask}) |
323 | if $param->{address}; | |
3ed15e6c WB |
324 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})) |
325 | if $param->{address6}; | |
326 | ||
327 | my $families = $param->{families} = []; | |
328 | push @$families, 'inet' | |
329 | if $param->{address} && !grep(/^inet$/, @$families); | |
330 | push @$families, 'inet6' | |
331 | if $param->{address6} && !grep(/^inet6$/, @$families); | |
332 | @$families = ('inet') if !scalar(@$families); | |
e16a27be | 333 | |
aff192e6 | 334 | $param->{method} = $param->{address} ? 'static' : 'manual'; |
3ed15e6c | 335 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; |
aff192e6 | 336 | |
bdfa2498 DM |
337 | if ($param->{type} =~ m/^OVS/) { |
338 | -x '/usr/bin/ovs-vsctl' || | |
339 | die "Open VSwitch is not installed (need package 'openvswitch-switch')\n"; | |
340 | } | |
341 | ||
d11733f8 DM |
342 | if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') { |
343 | my $brname = $param->{ovs_bridge}; | |
344 | raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname; | |
3ed15e6c | 345 | my $br = $ifaces->{$brname}; |
d11733f8 DM |
346 | raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br; |
347 | raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" }) | |
348 | if $br->{type} ne 'OVSBridge'; | |
349 | ||
350 | my @ports = split (/\s+/, $br->{ovs_ports} || ''); | |
351 | $br->{ovs_ports} = join(' ', @ports, $iface) | |
352 | if ! grep { $_ eq $iface } @ports; | |
353 | } | |
354 | ||
3ed15e6c | 355 | $ifaces->{$iface} = $param; |
aff192e6 DM |
356 | |
357 | PVE::INotify::write_file('interfaces', $config); | |
358 | }; | |
359 | ||
360 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
361 | die $@ if $@; | |
362 | ||
363 | return undef; | |
364 | }}); | |
365 | ||
366 | __PACKAGE__->register_method({ | |
367 | name => 'update_network', | |
368 | path => '{iface}', | |
369 | method => 'PUT', | |
370 | permissions => { | |
7d020b42 | 371 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
372 | }, |
373 | description => "Update network device configuration", | |
374 | protected => 1, | |
375 | proxyto => 'node', | |
376 | parameters => { | |
377 | additionalProperties => 0, | |
378 | properties => json_config_properties({ | |
379 | node => get_standard_option('pve-node'), | |
380 | iface => get_standard_option('pve-iface'), | |
381 | delete => { | |
382 | type => 'string', format => 'pve-configid-list', | |
383 | description => "A list of settings you want to delete.", | |
384 | optional => 1, | |
385 | }}), | |
386 | }, | |
387 | returns => { type => 'null' }, | |
388 | code => sub { | |
389 | my ($param) = @_; | |
390 | ||
391 | my $node = extract_param($param, 'node'); | |
392 | my $iface = extract_param($param, 'iface'); | |
393 | my $delete = extract_param($param, 'delete'); | |
394 | ||
395 | my $code = sub { | |
396 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 397 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
398 | |
399 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 400 | if !$ifaces->{$iface}; |
aff192e6 | 401 | |
3ed15e6c | 402 | my $families = ($param->{families} ||= []); |
aff192e6 | 403 | foreach my $k (PVE::Tools::split_list($delete)) { |
3ed15e6c WB |
404 | delete $ifaces->{$iface}->{$k}; |
405 | @$families = grep(!/^inet$/, @$families) if $k eq 'address'; | |
406 | @$families = grep(!/^inet6$/, @$families) if $k eq 'address6'; | |
aff192e6 DM |
407 | } |
408 | ||
3ed15e6c | 409 | &$check_duplicate_gateway($ifaces, $iface) |
aff192e6 | 410 | if $param->{gateway}; |
3ed15e6c WB |
411 | &$check_duplicate_gateway6($ifaces, $iface) |
412 | if $param->{gateway6}; | |
413 | ||
414 | if ($param->{address}) { | |
415 | &$check_ipv4_settings($param->{address}, $param->{netmask}); | |
416 | push @$families, 'inet' if !grep(/^inet$/, @$families); | |
417 | } else { | |
418 | @$families = grep(!/^inet$/, @$families); | |
419 | } | |
420 | if ($param->{address6}) { | |
421 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})); | |
422 | push @$families, 'inet6' if !grep(/^inet6$/, @$families); | |
423 | } else { | |
424 | @$families = grep(!/^inet6$/, @$families); | |
425 | } | |
426 | @$families = ('inet') if !scalar(@$families); | |
e16a27be | 427 | |
aff192e6 | 428 | $param->{method} = $param->{address} ? 'static' : 'manual'; |
3ed15e6c | 429 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; |
aff192e6 DM |
430 | |
431 | foreach my $k (keys %$param) { | |
3ed15e6c | 432 | $ifaces->{$iface}->{$k} = $param->{$k}; |
aff192e6 DM |
433 | } |
434 | ||
435 | PVE::INotify::write_file('interfaces', $config); | |
436 | }; | |
437 | ||
438 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
439 | die $@ if $@; | |
440 | ||
441 | return undef; | |
442 | }}); | |
443 | ||
444 | __PACKAGE__->register_method({ | |
445 | name => 'network_config', | |
446 | path => '{iface}', | |
447 | method => 'GET', | |
448 | permissions => { | |
7d020b42 | 449 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
450 | }, |
451 | description => "Read network device configuration", | |
452 | proxyto => 'node', | |
453 | parameters => { | |
454 | additionalProperties => 0, | |
455 | properties => { | |
456 | node => get_standard_option('pve-node'), | |
457 | iface => get_standard_option('pve-iface'), | |
458 | }, | |
459 | }, | |
460 | returns => { | |
461 | type => "object", | |
462 | properties => { | |
463 | type => { | |
464 | type => 'string', | |
465 | }, | |
466 | method => { | |
467 | type => 'string', | |
468 | }, | |
469 | }, | |
470 | }, | |
471 | code => sub { | |
472 | my ($param) = @_; | |
473 | ||
474 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 475 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
476 | |
477 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 478 | if !$ifaces->{$param->{iface}}; |
aff192e6 | 479 | |
3ed15e6c | 480 | return $ifaces->{$param->{iface}}; |
aff192e6 DM |
481 | }}); |
482 | ||
483 | __PACKAGE__->register_method({ | |
484 | name => 'delete_network', | |
485 | path => '{iface}', | |
486 | method => 'DELETE', | |
487 | permissions => { | |
7d020b42 | 488 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
489 | }, |
490 | description => "Delete network device configuration", | |
491 | protected => 1, | |
492 | proxyto => 'node', | |
493 | parameters => { | |
494 | additionalProperties => 0, | |
495 | properties => { | |
496 | node => get_standard_option('pve-node'), | |
497 | iface => get_standard_option('pve-iface'), | |
498 | }, | |
499 | }, | |
500 | returns => { type => 'null' }, | |
501 | code => sub { | |
502 | my ($param) = @_; | |
503 | ||
504 | my $code = sub { | |
505 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 506 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
507 | |
508 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 509 | if !$ifaces->{$param->{iface}}; |
aff192e6 | 510 | |
3ed15e6c | 511 | my $d = $ifaces->{$param->{iface}}; |
d11733f8 DM |
512 | if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') { |
513 | if (my $brname = $d->{ovs_bridge}) { | |
3ed15e6c | 514 | if (my $br = $ifaces->{$brname}) { |
d11733f8 DM |
515 | if ($br->{ovs_ports}) { |
516 | my @ports = split (/\s+/, $br->{ovs_ports}); | |
517 | my @new = grep { $_ ne $param->{iface} } @ports; | |
518 | $br->{ovs_ports} = join(' ', @new); | |
519 | } | |
520 | } | |
521 | } | |
522 | } | |
523 | ||
3ed15e6c | 524 | delete $ifaces->{$param->{iface}}; |
aff192e6 DM |
525 | |
526 | PVE::INotify::write_file('interfaces', $config); | |
527 | }; | |
528 | ||
529 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
530 | die $@ if $@; | |
531 | ||
532 | return undef; | |
533 | }}); |