]>
Commit | Line | Data |
---|---|---|
aff192e6 DM |
1 | package PVE::API2::Network; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
d09f6f7d | 6 | use Net::IP qw(:PROC); |
cacd7547 | 7 | use PVE::Tools qw(extract_param dir_glob_regex); |
aff192e6 DM |
8 | use PVE::SafeSyslog; |
9 | use PVE::INotify; | |
10 | use PVE::Exception qw(raise_param_exc); | |
11 | use PVE::RESTHandler; | |
12 | use PVE::RPCEnvironment; | |
13 | use PVE::JSONSchema qw(get_standard_option); | |
14 | use PVE::AccessControl; | |
15 | use IO::File; | |
16 | ||
17 | use base qw(PVE::RESTHandler); | |
18 | ||
2bca9b77 AD |
19 | my $have_sdn; |
20 | eval { | |
30f5d476 | 21 | require PVE::Network::SDN; |
2bca9b77 AD |
22 | $have_sdn = 1; |
23 | }; | |
24 | ||
aff192e6 DM |
25 | my $iflockfn = "/etc/network/.pve-interfaces.lock"; |
26 | ||
27 | my $bond_mode_enum = [ | |
28 | 'balance-rr', | |
10a9563e | 29 | 'active-backup', # OVS and Linux |
aff192e6 DM |
30 | 'balance-xor', |
31 | 'broadcast', | |
32 | '802.3ad', | |
33 | 'balance-tlb', | |
d11733f8 | 34 | 'balance-alb', |
10a9563e DM |
35 | 'balance-slb', # OVS |
36 | 'lacp-balance-slb', # OVS | |
37 | 'lacp-balance-tcp', # OVS | |
aff192e6 DM |
38 | ]; |
39 | ||
3f0d1a4b | 40 | my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan', |
d11733f8 DM |
41 | 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort']; |
42 | ||
aff192e6 | 43 | my $confdesc = { |
d11733f8 DM |
44 | type => { |
45 | description => "Network interface type", | |
46 | type => 'string', | |
47 | enum => [@$network_type_enum, 'unknown'], | |
48 | }, | |
44d353a7 DM |
49 | comments => { |
50 | description => "Comments", | |
51 | type => 'string', | |
b5eda023 | 52 | optional => 1, |
44d353a7 | 53 | }, |
3ed15e6c WB |
54 | comments6 => { |
55 | description => "Comments", | |
56 | type => 'string', | |
57 | optional => 1, | |
58 | }, | |
aff192e6 DM |
59 | autostart => { |
60 | description => "Automatically start interface on boot.", | |
61 | type => 'boolean', | |
62 | optional => 1, | |
63 | }, | |
a1604d70 AD |
64 | bridge_vlan_aware => { |
65 | description => "Enable bridge vlan support.", | |
66 | type => 'boolean', | |
67 | optional => 1, | |
68 | }, | |
aff192e6 | 69 | bridge_ports => { |
76189130 | 70 | description => "Specify the interfaces you want to add to your bridge.", |
aff192e6 DM |
71 | optional => 1, |
72 | type => 'string', format => 'pve-iface-list', | |
73 | }, | |
d11733f8 | 74 | ovs_ports => { |
76189130 | 75 | description => "Specify the interfaces you want to add to your bridge.", |
d11733f8 DM |
76 | optional => 1, |
77 | type => 'string', format => 'pve-iface-list', | |
78 | }, | |
4c917e97 DM |
79 | ovs_tag => { |
80 | description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)", | |
81 | optional => 1, | |
82 | type => 'integer', | |
83 | minimum => 1, | |
84 | maximum => 4094, | |
85 | }, | |
d11733f8 DM |
86 | ovs_options => { |
87 | description => "OVS interface options.", | |
88 | optional => 1, | |
89 | type => 'string', | |
90 | maxLength => 1024, | |
91 | }, | |
92 | ovs_bridge => { | |
93 | description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.", | |
94 | optional => 1, | |
95 | type => 'string', format => 'pve-iface', | |
96 | }, | |
aff192e6 DM |
97 | slaves => { |
98 | description => "Specify the interfaces used by the bonding device.", | |
99 | optional => 1, | |
100 | type => 'string', format => 'pve-iface-list', | |
101 | }, | |
d11733f8 DM |
102 | ovs_bonds => { |
103 | description => "Specify the interfaces used by the bonding device.", | |
104 | optional => 1, | |
105 | type => 'string', format => 'pve-iface-list', | |
106 | }, | |
aff192e6 DM |
107 | bond_mode => { |
108 | description => "Bonding mode.", | |
109 | optional => 1, | |
110 | type => 'string', enum => $bond_mode_enum, | |
111 | }, | |
7942a7bb AD |
112 | 'bond-primary' => { |
113 | description => "Specify the primary interface for active-backup bond.", | |
114 | optional => 1, | |
115 | type => 'string', format => 'pve-iface', | |
116 | }, | |
ffffb625 DM |
117 | bond_xmit_hash_policy => { |
118 | description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.", | |
119 | optional => 1, | |
120 | type => 'string', | |
121 | enum => ['layer2', 'layer2+3', 'layer3+4' ], | |
122 | }, | |
9d2e1c8b AD |
123 | 'vlan-raw-device' => { |
124 | description => "Specify the raw interface for the vlan interface.", | |
125 | optional => 1, | |
126 | type => 'string', format => 'pve-iface', | |
127 | }, | |
128 | 'vlan-id' => { | |
129 | description => "vlan-id for a custom named vlan interface (ifupdown2 only).", | |
130 | optional => 1, | |
131 | type => 'integer', | |
132 | minimum => 1, | |
133 | maximum => 4094, | |
134 | }, | |
aff192e6 DM |
135 | gateway => { |
136 | description => 'Default gateway address.', | |
137 | type => 'string', format => 'ipv4', | |
138 | optional => 1, | |
139 | }, | |
140 | netmask => { | |
141 | description => 'Network mask.', | |
142 | type => 'string', format => 'ipv4mask', | |
143 | optional => 1, | |
1904114e | 144 | requires => 'address', |
aff192e6 DM |
145 | }, |
146 | address => { | |
147 | description => 'IP address.', | |
148 | type => 'string', format => 'ipv4', | |
149 | optional => 1, | |
150 | requires => 'netmask', | |
3ed15e6c | 151 | }, |
69106e5c DC |
152 | cidr => { |
153 | description => 'IPv4 CIDR.', | |
e9af22b0 | 154 | type => 'string', format => 'CIDRv4', |
69106e5c DC |
155 | optional => 1, |
156 | }, | |
94011309 AD |
157 | mtu => { |
158 | description => 'MTU.', | |
159 | optional => 1, | |
160 | type => 'integer', | |
161 | minimum => 1280, | |
162 | maximum => 65520, | |
163 | }, | |
3ed15e6c WB |
164 | gateway6 => { |
165 | description => 'Default ipv6 gateway address.', | |
166 | type => 'string', format => 'ipv6', | |
167 | optional => 1, | |
168 | }, | |
169 | netmask6 => { | |
170 | description => 'Network mask.', | |
171 | type => 'integer', minimum => 0, maximum => 128, | |
172 | optional => 1, | |
173 | requires => 'address6', | |
174 | }, | |
175 | address6 => { | |
176 | description => 'IP address.', | |
177 | type => 'string', format => 'ipv6', | |
178 | optional => 1, | |
179 | requires => 'netmask6', | |
69106e5c DC |
180 | }, |
181 | cidr6 => { | |
182 | description => 'IPv6 CIDR.', | |
e9af22b0 | 183 | type => 'string', format => 'CIDRv6', |
69106e5c DC |
184 | optional => 1, |
185 | }, | |
aff192e6 DM |
186 | }; |
187 | ||
188 | sub json_config_properties { | |
189 | my $prop = shift; | |
190 | ||
191 | foreach my $opt (keys %$confdesc) { | |
192 | $prop->{$opt} = $confdesc->{$opt}; | |
193 | } | |
194 | ||
195 | return $prop; | |
196 | } | |
197 | ||
198 | __PACKAGE__->register_method({ | |
199 | name => 'index', | |
200 | path => '', | |
201 | method => 'GET', | |
202 | permissions => { user => 'all' }, | |
203 | description => "List available networks", | |
204 | proxyto => 'node', | |
205 | parameters => { | |
206 | additionalProperties => 0, | |
207 | properties => { | |
208 | node => get_standard_option('pve-node'), | |
209 | type => { | |
210 | description => "Only list specific interface types.", | |
211 | type => 'string', | |
d2894179 | 212 | enum => [ @$network_type_enum, 'any_bridge', 'any_local_bridge' ], |
aff192e6 DM |
213 | optional => 1, |
214 | }, | |
215 | }, | |
216 | }, | |
217 | returns => { | |
218 | type => "array", | |
219 | items => { | |
220 | type => "object", | |
221 | properties => {}, | |
222 | }, | |
223 | links => [ { rel => 'child', href => "{iface}" } ], | |
224 | }, | |
225 | code => sub { | |
226 | my ($param) = @_; | |
227 | ||
e4d5bf72 | 228 | my $rpcenv = PVE::RPCEnvironment::get(); |
89d146f2 | 229 | my $authuser = $rpcenv->get_user(); |
e4d5bf72 DM |
230 | |
231 | my $tmp = PVE::INotify::read_file('interfaces', 1); | |
232 | my $config = $tmp->{data}; | |
233 | my $changes = $tmp->{changes}; | |
234 | ||
235 | $rpcenv->set_result_attrib('changes', $changes) if $changes; | |
aff192e6 | 236 | |
3ed15e6c WB |
237 | my $ifaces = $config->{ifaces}; |
238 | ||
239 | delete $ifaces->{lo}; # do not list the loopback device | |
aff192e6 | 240 | |
78510681 TL |
241 | if (my $tfilter = $param->{type}) { |
242 | my $vnets; | |
89d146f2 | 243 | |
9df839be | 244 | if ($have_sdn && $tfilter eq 'any_bridge') { |
78510681 | 245 | $vnets = PVE::Network::SDN::get_local_vnets(); # returns already access-filtered |
89d146f2 AD |
246 | } |
247 | ||
78510681 | 248 | for my $k (sort keys $ifaces->%*) { |
3ed15e6c | 249 | my $type = $ifaces->{$k}->{type}; |
8961f9f7 FG |
250 | my $is_bridge = $type eq 'bridge' || $type eq 'OVSBridge'; |
251 | my $bridge_match = $is_bridge && $tfilter =~ /^any(_local)?_bridge$/; | |
252 | my $match = $tfilter eq $type || $bridge_match; | |
d2894179 | 253 | delete $ifaces->{$k} if !$match; |
aff192e6 | 254 | } |
30f5d476 | 255 | |
78510681 TL |
256 | if (defined($vnets)) { |
257 | $ifaces->{$_} = $vnets->{$_} for keys $vnets->%* | |
258 | } | |
aff192e6 DM |
259 | } |
260 | ||
d2894179 AD |
261 | #always check bridge access |
262 | my $can_access_vnet = sub { | |
263 | return 1 if $authuser eq 'root@pam'; | |
264 | return 1 if $rpcenv->check_sdn_bridge($authuser, "localnetwork", $_[0], ['SDN.Audit', 'SDN.Use'], 1); | |
265 | }; | |
266 | for my $k (sort keys $ifaces->%*) { | |
267 | my $type = $ifaces->{$k}->{type}; | |
268 | delete $ifaces->{$k} if ($type eq 'bridge' || $type eq 'OVSBridge') && !$can_access_vnet->($k); | |
269 | } | |
270 | ||
3ed15e6c | 271 | return PVE::RESTHandler::hash_to_array($ifaces, 'iface'); |
aff192e6 DM |
272 | }}); |
273 | ||
e4d5bf72 DM |
274 | __PACKAGE__->register_method({ |
275 | name => 'revert_network_changes', | |
276 | path => '', | |
277 | method => 'DELETE', | |
278 | permissions => { | |
279 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
280 | }, | |
281 | protected => 1, | |
282 | description => "Revert network configuration changes.", | |
283 | proxyto => 'node', | |
284 | parameters => { | |
285 | additionalProperties => 0, | |
286 | properties => { | |
287 | node => get_standard_option('pve-node'), | |
288 | }, | |
289 | }, | |
290 | returns => { type => "null" }, | |
291 | code => sub { | |
292 | my ($param) = @_; | |
293 | ||
294 | unlink "/etc/network/interfaces.new"; | |
295 | ||
296 | return undef; | |
297 | }}); | |
aff192e6 | 298 | |
3ed15e6c WB |
299 | my $check_duplicate = sub { |
300 | my ($config, $newiface, $key, $name) = @_; | |
aff192e6 DM |
301 | |
302 | foreach my $iface (keys %$config) { | |
3ed15e6c WB |
303 | raise_param_exc({ $key => "$name already exists on interface '$iface'." }) |
304 | if ($newiface ne $iface) && $config->{$iface}->{$key}; | |
aff192e6 DM |
305 | } |
306 | }; | |
307 | ||
3ed15e6c WB |
308 | my $check_duplicate_gateway = sub { |
309 | my ($config, $newiface) = @_; | |
310 | return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway'); | |
311 | }; | |
312 | ||
313 | my $check_duplicate_gateway6 = sub { | |
314 | my ($config, $newiface) = @_; | |
315 | return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway'); | |
316 | }; | |
317 | ||
6cd854d8 SI |
318 | my $check_duplicate_ports = sub { |
319 | my ($config, $newiface, $newparam) = @_; | |
320 | ||
321 | my $param_name; | |
322 | my $get_portlist = sub { | |
323 | my ($param) = @_; | |
324 | my $ports = ''; | |
325 | for my $k (qw(bridge_ports ovs_ports slaves ovs_bonds)) { | |
326 | if ($param->{$k}) { | |
327 | $ports .= " $param->{$k}"; | |
328 | $param_name //= $k; | |
329 | } | |
330 | } | |
331 | return PVE::Tools::split_list($ports); | |
332 | }; | |
333 | ||
334 | my $new_ports = {}; | |
335 | for my $p ($get_portlist->($newparam)) { | |
336 | $new_ports->{$p} = 1; | |
337 | } | |
338 | return if !(keys %$new_ports); | |
339 | ||
340 | for my $iface (keys %$config) { | |
341 | next if $iface eq $newiface; | |
342 | ||
343 | my $d = $config->{$iface}; | |
344 | for my $p ($get_portlist->($d)) { | |
345 | raise_param_exc({ $param_name => "$p is already used on interface '$iface'." }) | |
346 | if $new_ports->{$p}; | |
347 | } | |
348 | } | |
349 | }; | |
350 | ||
3ed15e6c WB |
351 | sub ipv6_tobin { |
352 | return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6); | |
353 | } | |
354 | ||
355 | my $check_ipv6_settings = sub { | |
356 | my ($address, $netmask) = @_; | |
357 | ||
358 | raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" }) | |
359 | if $netmask < 0 || $netmask > 128; | |
360 | ||
0f6e6f6b | 361 | raise_param_exc({ address => "$address is not a valid host IPv6 address." }) |
3ed15e6c WB |
362 | if !Net::IP::ip_is_ipv6($address); |
363 | ||
364 | my $binip = ipv6_tobin($address); | |
365 | my $binmask = Net::IP::ip_get_mask($netmask, 6); | |
366 | ||
0f6e6f6b | 367 | my $type = ($binip eq $binmask) ? 'ANYCAST' : Net::IP::ip_iptypev6($binip); |
3ed15e6c | 368 | |
0f6e6f6b | 369 | if (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/) { |
68f371d4 | 370 | raise_param_exc({ address => "$address with type '$type', cannot be used as host IPv6 address." }); |
0f6e6f6b | 371 | } |
3ed15e6c WB |
372 | }; |
373 | ||
69106e5c DC |
374 | my $map_cidr_to_address_netmask = sub { |
375 | my ($param) = @_; | |
376 | ||
377 | if ($param->{cidr}) { | |
378 | raise_param_exc({ address => "address conflicts with cidr" }) | |
379 | if $param->{address}; | |
380 | raise_param_exc({ netmask => "netmask conflicts with cidr" }) | |
381 | if $param->{netmask}; | |
382 | ||
e9af22b0 TL |
383 | my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!; |
384 | $param->{address} = $address; | |
385 | $param->{netmask} = $netmask; | |
69106e5c DC |
386 | delete $param->{cidr}; |
387 | } | |
388 | ||
389 | if ($param->{cidr6}) { | |
390 | raise_param_exc({ address6 => "address6 conflicts with cidr6" }) | |
391 | if $param->{address6}; | |
392 | raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" }) | |
393 | if $param->{netmask6}; | |
394 | ||
e9af22b0 TL |
395 | my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!; |
396 | $param->{address6} = $address; | |
397 | $param->{netmask6} = $netmask; | |
69106e5c DC |
398 | delete $param->{cidr6}; |
399 | } | |
400 | }; | |
401 | ||
aff192e6 DM |
402 | __PACKAGE__->register_method({ |
403 | name => 'create_network', | |
404 | path => '', | |
405 | method => 'POST', | |
406 | permissions => { | |
7d020b42 | 407 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
408 | }, |
409 | description => "Create network device configuration", | |
410 | protected => 1, | |
411 | proxyto => 'node', | |
412 | parameters => { | |
413 | additionalProperties => 0, | |
414 | properties => json_config_properties({ | |
415 | node => get_standard_option('pve-node'), | |
416 | iface => get_standard_option('pve-iface')}), | |
417 | }, | |
418 | returns => { type => 'null' }, | |
419 | code => sub { | |
420 | my ($param) = @_; | |
421 | ||
422 | my $node = extract_param($param, 'node'); | |
423 | my $iface = extract_param($param, 'iface'); | |
424 | ||
425 | my $code = sub { | |
426 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 427 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
428 | |
429 | raise_param_exc({ iface => "interface already exists" }) | |
3ed15e6c | 430 | if $ifaces->{$iface}; |
aff192e6 | 431 | |
3ed15e6c | 432 | &$check_duplicate_gateway($ifaces, $iface) |
aff192e6 | 433 | if $param->{gateway}; |
3ed15e6c WB |
434 | &$check_duplicate_gateway6($ifaces, $iface) |
435 | if $param->{gateway6}; | |
aff192e6 | 436 | |
6cd854d8 SI |
437 | $check_duplicate_ports->($ifaces, $iface, $param); |
438 | ||
69106e5c DC |
439 | $map_cidr_to_address_netmask->($param); |
440 | ||
3ed15e6c WB |
441 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})) |
442 | if $param->{address6}; | |
443 | ||
444 | my $families = $param->{families} = []; | |
445 | push @$families, 'inet' | |
446 | if $param->{address} && !grep(/^inet$/, @$families); | |
447 | push @$families, 'inet6' | |
448 | if $param->{address6} && !grep(/^inet6$/, @$families); | |
449 | @$families = ('inet') if !scalar(@$families); | |
e16a27be | 450 | |
aff192e6 | 451 | $param->{method} = $param->{address} ? 'static' : 'manual'; |
3ed15e6c | 452 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; |
aff192e6 | 453 | |
bdfa2498 DM |
454 | if ($param->{type} =~ m/^OVS/) { |
455 | -x '/usr/bin/ovs-vsctl' || | |
456 | die "Open VSwitch is not installed (need package 'openvswitch-switch')\n"; | |
457 | } | |
458 | ||
d11733f8 DM |
459 | if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') { |
460 | my $brname = $param->{ovs_bridge}; | |
461 | raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname; | |
3ed15e6c | 462 | my $br = $ifaces->{$brname}; |
d11733f8 DM |
463 | raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br; |
464 | raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" }) | |
465 | if $br->{type} ne 'OVSBridge'; | |
466 | ||
467 | my @ports = split (/\s+/, $br->{ovs_ports} || ''); | |
468 | $br->{ovs_ports} = join(' ', @ports, $iface) | |
469 | if ! grep { $_ eq $iface } @ports; | |
470 | } | |
471 | ||
3ed15e6c | 472 | $ifaces->{$iface} = $param; |
aff192e6 DM |
473 | |
474 | PVE::INotify::write_file('interfaces', $config); | |
475 | }; | |
476 | ||
477 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
478 | die $@ if $@; | |
479 | ||
480 | return undef; | |
481 | }}); | |
482 | ||
483 | __PACKAGE__->register_method({ | |
484 | name => 'update_network', | |
485 | path => '{iface}', | |
486 | method => 'PUT', | |
487 | permissions => { | |
7d020b42 | 488 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
489 | }, |
490 | description => "Update network device configuration", | |
491 | protected => 1, | |
492 | proxyto => 'node', | |
493 | parameters => { | |
494 | additionalProperties => 0, | |
495 | properties => json_config_properties({ | |
496 | node => get_standard_option('pve-node'), | |
497 | iface => get_standard_option('pve-iface'), | |
498 | delete => { | |
499 | type => 'string', format => 'pve-configid-list', | |
500 | description => "A list of settings you want to delete.", | |
501 | optional => 1, | |
502 | }}), | |
503 | }, | |
504 | returns => { type => 'null' }, | |
505 | code => sub { | |
506 | my ($param) = @_; | |
507 | ||
508 | my $node = extract_param($param, 'node'); | |
509 | my $iface = extract_param($param, 'iface'); | |
510 | my $delete = extract_param($param, 'delete'); | |
511 | ||
512 | my $code = sub { | |
513 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 514 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
515 | |
516 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 517 | if !$ifaces->{$iface}; |
aff192e6 | 518 | |
3ed15e6c | 519 | my $families = ($param->{families} ||= []); |
aff192e6 | 520 | foreach my $k (PVE::Tools::split_list($delete)) { |
3ed15e6c WB |
521 | delete $ifaces->{$iface}->{$k}; |
522 | @$families = grep(!/^inet$/, @$families) if $k eq 'address'; | |
523 | @$families = grep(!/^inet6$/, @$families) if $k eq 'address6'; | |
47d13c02 DC |
524 | if ($k eq 'cidr') { |
525 | delete $ifaces->{$iface}->{netmask}; | |
526 | delete $ifaces->{$iface}->{address}; | |
527 | } elsif ($k eq 'cidr6') { | |
528 | delete $ifaces->{$iface}->{netmask6}; | |
529 | delete $ifaces->{$iface}->{address6}; | |
530 | } | |
aff192e6 DM |
531 | } |
532 | ||
69106e5c DC |
533 | $map_cidr_to_address_netmask->($param); |
534 | ||
3ed15e6c | 535 | &$check_duplicate_gateway($ifaces, $iface) |
aff192e6 | 536 | if $param->{gateway}; |
3ed15e6c WB |
537 | &$check_duplicate_gateway6($ifaces, $iface) |
538 | if $param->{gateway6}; | |
539 | ||
6cd854d8 SI |
540 | $check_duplicate_ports->($ifaces, $iface, $param); |
541 | ||
3ed15e6c | 542 | if ($param->{address}) { |
3ed15e6c WB |
543 | push @$families, 'inet' if !grep(/^inet$/, @$families); |
544 | } else { | |
545 | @$families = grep(!/^inet$/, @$families); | |
546 | } | |
547 | if ($param->{address6}) { | |
548 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})); | |
549 | push @$families, 'inet6' if !grep(/^inet6$/, @$families); | |
550 | } else { | |
551 | @$families = grep(!/^inet6$/, @$families); | |
552 | } | |
553 | @$families = ('inet') if !scalar(@$families); | |
e16a27be | 554 | |
aff192e6 | 555 | $param->{method} = $param->{address} ? 'static' : 'manual'; |
3ed15e6c | 556 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; |
aff192e6 DM |
557 | |
558 | foreach my $k (keys %$param) { | |
3ed15e6c | 559 | $ifaces->{$iface}->{$k} = $param->{$k}; |
aff192e6 DM |
560 | } |
561 | ||
562 | PVE::INotify::write_file('interfaces', $config); | |
563 | }; | |
564 | ||
565 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
566 | die $@ if $@; | |
567 | ||
568 | return undef; | |
569 | }}); | |
570 | ||
571 | __PACKAGE__->register_method({ | |
572 | name => 'network_config', | |
573 | path => '{iface}', | |
574 | method => 'GET', | |
575 | permissions => { | |
7d020b42 | 576 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
577 | }, |
578 | description => "Read network device configuration", | |
579 | proxyto => 'node', | |
580 | parameters => { | |
581 | additionalProperties => 0, | |
582 | properties => { | |
583 | node => get_standard_option('pve-node'), | |
584 | iface => get_standard_option('pve-iface'), | |
585 | }, | |
586 | }, | |
587 | returns => { | |
588 | type => "object", | |
589 | properties => { | |
590 | type => { | |
591 | type => 'string', | |
592 | }, | |
593 | method => { | |
594 | type => 'string', | |
595 | }, | |
596 | }, | |
597 | }, | |
598 | code => sub { | |
599 | my ($param) = @_; | |
600 | ||
601 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 602 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
603 | |
604 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 605 | if !$ifaces->{$param->{iface}}; |
aff192e6 | 606 | |
3ed15e6c | 607 | return $ifaces->{$param->{iface}}; |
aff192e6 DM |
608 | }}); |
609 | ||
a6ed0aa6 TL |
610 | sub ifupdown2_version { |
611 | my $v; | |
612 | PVE::Tools::run_command(['ifreload', '-V'], outfunc => sub { $v //= shift }); | |
613 | return if !defined($v) || $v !~ /^\s*ifupdown2:(\S+)\s*$/; | |
614 | $v = $1; | |
615 | my ($major, $minor, $extra, $pve) = split(/\.|-/, $v); | |
560bdfd8 | 616 | my $is_pve = defined($pve) && $pve =~ /(pve|pmx|proxmox)/; |
a6ed0aa6 TL |
617 | |
618 | return ($major * 100000 + $minor * 1000 + $extra * 10, $is_pve, $v); | |
619 | } | |
620 | sub assert_ifupdown2_installed { | |
621 | die "you need ifupdown2 to reload network configuration\n" if ! -e '/usr/share/ifupdown2'; | |
622 | my ($v, $pve, $v_str) = ifupdown2_version(); | |
623 | die "incompatible 'ifupdown2' package version '$v_str'! Did you installed from Proxmox repositories?\n" | |
624 | if $v < (1*100000 + 2*1000 + 8*10) || !$pve; | |
625 | } | |
626 | ||
cacd7547 AD |
627 | __PACKAGE__->register_method({ |
628 | name => 'reload_network_config', | |
629 | path => '', | |
630 | method => 'PUT', | |
631 | permissions => { | |
632 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
633 | }, | |
634 | description => "Reload network configuration", | |
635 | protected => 1, | |
636 | proxyto => 'node', | |
637 | parameters => { | |
638 | additionalProperties => 0, | |
639 | properties => { | |
640 | node => get_standard_option('pve-node'), | |
641 | }, | |
642 | }, | |
643 | returns => { type => 'string' }, | |
644 | code => sub { | |
645 | ||
646 | my ($param) = @_; | |
647 | ||
648 | my $rpcenv = PVE::RPCEnvironment::get(); | |
649 | ||
650 | my $authuser = $rpcenv->get_user(); | |
651 | ||
652 | my $current_config_file = "/etc/network/interfaces"; | |
653 | my $new_config_file = "/etc/network/interfaces.new"; | |
654 | ||
a6ed0aa6 | 655 | assert_ifupdown2_installed(); |
6159470e | 656 | |
cacd7547 AD |
657 | my $worker = sub { |
658 | ||
e46bf624 | 659 | rename($new_config_file, $current_config_file) if -e $new_config_file; |
cacd7547 | 660 | |
2bca9b77 | 661 | if ($have_sdn) { |
9ad4656d | 662 | PVE::Network::SDN::generate_zone_config(); |
2bca9b77 AD |
663 | } |
664 | ||
cacd7547 AD |
665 | my $err = sub { |
666 | my $line = shift; | |
667 | if ($line =~ /(warning|error): (\S+):/) { | |
e46bf624 | 668 | print "$2 : $line \n"; |
cacd7547 AD |
669 | } |
670 | }; | |
084e6030 | 671 | PVE::Tools::run_command(['ifreload', '-a'], errfunc => $err); |
cacd7547 | 672 | |
20dc8bbe | 673 | if ($have_sdn) { |
9ad4656d | 674 | PVE::Network::SDN::generate_controller_config(1); |
084e6030 | 675 | } |
cacd7547 AD |
676 | }; |
677 | return $rpcenv->fork_worker('srvreload', 'networking', $authuser, $worker); | |
678 | }}); | |
679 | ||
aff192e6 DM |
680 | __PACKAGE__->register_method({ |
681 | name => 'delete_network', | |
682 | path => '{iface}', | |
683 | method => 'DELETE', | |
684 | permissions => { | |
7d020b42 | 685 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
686 | }, |
687 | description => "Delete network device configuration", | |
688 | protected => 1, | |
689 | proxyto => 'node', | |
690 | parameters => { | |
691 | additionalProperties => 0, | |
692 | properties => { | |
693 | node => get_standard_option('pve-node'), | |
694 | iface => get_standard_option('pve-iface'), | |
695 | }, | |
696 | }, | |
697 | returns => { type => 'null' }, | |
698 | code => sub { | |
699 | my ($param) = @_; | |
700 | ||
701 | my $code = sub { | |
702 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 703 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
704 | |
705 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 706 | if !$ifaces->{$param->{iface}}; |
aff192e6 | 707 | |
3ed15e6c | 708 | my $d = $ifaces->{$param->{iface}}; |
d11733f8 DM |
709 | if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') { |
710 | if (my $brname = $d->{ovs_bridge}) { | |
3ed15e6c | 711 | if (my $br = $ifaces->{$brname}) { |
d11733f8 DM |
712 | if ($br->{ovs_ports}) { |
713 | my @ports = split (/\s+/, $br->{ovs_ports}); | |
714 | my @new = grep { $_ ne $param->{iface} } @ports; | |
715 | $br->{ovs_ports} = join(' ', @new); | |
716 | } | |
717 | } | |
718 | } | |
719 | } | |
720 | ||
3ed15e6c | 721 | delete $ifaces->{$param->{iface}}; |
aff192e6 DM |
722 | |
723 | PVE::INotify::write_file('interfaces', $config); | |
724 | }; | |
725 | ||
726 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
727 | die $@ if $@; | |
728 | ||
729 | return undef; | |
730 | }}); |