[pve-network.git] / PVE / Network / SDN / Zones / Plugin.pm

package PVE::Network::SDN::Zones::Plugin;

use strict;
use warnings;

use PVE::Tools qw(run_command);
use PVE::JSONSchema;
use PVE::Cluster;
use PVE::Network;

use Data::Dumper;
use PVE::JSONSchema qw(get_standard_option);
use base qw(PVE::SectionConfig);

PVE::Cluster::cfs_register_file('sdn/zones.cfg',
				 sub { __PACKAGE__->parse_config(@_); },
				 sub { __PACKAGE__->write_config(@_); });

PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
    description => "The SDN zone object identifier.",
    type => 'string', format => 'pve-sdn-zone-id',
});

PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
sub parse_sdn_zone_id {
    my ($id, $noerr) = @_;

    if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	return undef if $noerr;
	die "zone ID '$id' contains illegal characters\n";
    }
    die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8;
    return $id;
}

my $defaultData = {

    propertyList => {
	type => {
	    description => "Plugin type.",
	    type => 'string', format => 'pve-configid',
	    type => 'string',
	},
        nodes => get_standard_option('pve-node-list', { optional => 1 }),
        zone => get_standard_option('pve-sdn-zone-id',
            { completion => \&PVE::Network::SDN::Zones::complete_sdn_zone }),
    },
};

sub private {
    return $defaultData;
}

sub decode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes') {
        my $res = {};

        foreach my $node (PVE::Tools::split_list($value)) {
            if (PVE::JSONSchema::pve_verify_node_name($node)) {
                $res->{$node} = 1;
            }
        }

        return $res;
    }

   return $value;
}

sub encode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes') {
        return join(',', keys(%$value));
    }

    return $value;
}

sub parse_section_header {
    my ($class, $line) = @_;

    if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
        my ($type, $id) = (lc($1), $2);
	my $errmsg = undef; # set if you want to skip whole section
	eval { PVE::JSONSchema::pve_verify_configid($type); };
	$errmsg = $@ if $@;
	my $config = {}; # to return additional attributes
	return ($type, $id, $errmsg, $config);
    }
    return undef;
}

sub generate_sdn_config {
    my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_config {
    my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_vnet_config {
    my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;

}

sub write_controller_config {
    my ($class, $plugin_config, $config) = @_;

    die "please implement inside plugin";
}

sub controller_reload {
    my ($class) = @_;

    die "please implement inside plugin";
}

sub on_delete_hook {
    my ($class, $zoneid, $vnet_cfg) = @_;

    # verify that no vnet are associated to this zone
    foreach my $id (keys %{$vnet_cfg->{ids}}) {
	my $vnet = $vnet_cfg->{ids}->{$id};
	die "zone $zoneid is used by vnet $id"
	    if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
    }
}

sub on_update_hook {
    my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;

    # do nothing by default
}

#helpers
sub parse_tag_number_or_range {
    my ($str, $max, $tag) = @_;

    my @elements = split(/,/, $str);
    my $count = 0;
    my $allowed = undef;

    die "extraneous commas in list\n" if $str ne join(',', @elements);
    foreach my $item (@elements) {
	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	    $count += 2;
	    my ($port1, $port2) = ($1, $2);
	    die "invalid port '$port1'\n" if $port1 > $max;
	    die "invalid port '$port2'\n" if $port2 > $max;
	    die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;

	    if ($tag && $tag >= $port1 && $tag <= $port2){
		$allowed = 1;
		last;
	    }

	} elsif ($item =~ m/^([0-9]+)$/) {
	    $count += 1;
	    my $port = $1;
	    die "invalid port '$port'\n" if $port > $max;

	    if ($tag && $tag == $port){
		$allowed = 1;
		last;
	    }
	}
    }
    die "tag $tag is not allowed" if $tag && !$allowed;

    return (scalar(@elements) > 1);
}

sub status {
    my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_;

    my $err_msg = [];

    # ifaces to check
    my $ifaces = [ $vnetid ];

    foreach my $iface (@{$ifaces}) {
        if (!$status->{$iface}->{status}) {
	    push @$err_msg, "missing $iface";
        } elsif ($status->{$iface}->{status} ne 'pass') {
	    push @$err_msg, "error $iface";
        }
    }
    return $err_msg;
}


sub tap_create {
    my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;

    PVE::Network::tap_create($iface, $vnetid);
}

sub veth_create {
    my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;

    PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
}

sub tap_plug {
    my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;

    my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
    die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks);

    PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
}

#helper

sub get_uplink_iface {
    my ($interfaces_config, $uplink) = @_;

    my $iface = undef;
    foreach my $id (keys %{$interfaces_config->{ifaces}}) {
        my $interface = $interfaces_config->{ifaces}->{$id};
        if (my $iface_uplink = $interface->{'uplink-id'}) {
	    next if $iface_uplink ne $uplink;
            if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
                warn "uplink $uplink is not a physical or bond interface";
                next;
            }
	    $iface = $id;
        }
    }

    #create a dummy uplink interface if no uplink found
    if(!$iface) {
        warn "can't find uplink $uplink in physical interface";
        $iface = "uplink${uplink}";
    }

    return $iface;
}

sub get_local_route_ip {
    my ($targetip) = @_;

    my $ip = undef;
    my $interface = undef;

    run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
        if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
            $ip = $1;
        }
        if ($_[0] =~ m/dev (\S+)/) {
            $interface = $1;
        }

    });
    return ($ip, $interface);
}


sub find_local_ip_interface_peers {
    my ($peers) = @_;

    my $network_config = PVE::INotify::read_file('interfaces');
    my $ifaces = $network_config->{ifaces};
    #is a local ip member of peers list ?
    foreach my $address (@{$peers}) {
	while (my $interface = each %$ifaces) {
	    my $ip = $ifaces->{$interface}->{address};
	    if ($ip && $ip eq $address) {
		return ($ip, $interface);
	    }
	}
    }

    #if peer is remote, find source with ip route
    foreach my $address (@{$peers}) {
	my ($ip, $interface) = get_local_route_ip($address);
	return ($ip, $interface);
    }
}

1;
Commit	Line	Data
f5eabba0	1	package PVE::Network::SDN::Zones::Plugin;
6939693f AD	2
	3	use strict;
	4	use warnings;
	5
1f543c5f	6	use PVE::Tools qw(run_command);
6939693f AD	7	use PVE::JSONSchema;
6939693f AD	8	use PVE::Cluster;
eb1549e7	9	use PVE::Network;
6939693f AD	10
6939693f AD	11	use Data::Dumper;
eec580bf	12	use PVE::JSONSchema qw(get_standard_option);
6939693f AD	13	use base qw(PVE::SectionConfig);
6939693f AD	14
f5eabba0	15	PVE::Cluster::cfs_register_file('sdn/zones.cfg',
6939693f AD	16	sub { __PACKAGE__->parse_config(@_); },
	17	sub { __PACKAGE__->write_config(@_); });
	18
f5eabba0 AD	19	PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
	20	description => "The SDN zone object identifier.",
	21	type => 'string', format => 'pve-sdn-zone-id',
fe61b14c AD	22	});
fe61b14c AD	23
f5eabba0 AD	24	PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
	25	sub parse_sdn_zone_id {
	26	my ($id, $noerr) = @_;
fe61b14c	27
7c5b0f6d AD	28	if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	29	return undef if $noerr;
	30	die "zone ID '$id' contains illegal characters\n";
fe61b14c	31	}
4d7d91da	32	die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8;
f5eabba0	33	return $id;
fe61b14c AD	34	}
fe61b14c AD	35
6939693f AD	36	my $defaultData = {
	37
	38	propertyList => {
7d35eaf5	39	type => {
6939693f AD	40	description => "Plugin type.",
	41	type => 'string', format => 'pve-configid',
	42	type => 'string',
	43	},
c2b9c173	44	nodes => get_standard_option('pve-node-list', { optional => 1 }),
f5eabba0 AD	45	zone => get_standard_option('pve-sdn-zone-id',
f5eabba0 AD	46	{ completion => \&PVE::Network::SDN::Zones::complete_sdn_zone }),
6939693f AD	47	},
	48	};
	49
	50	sub private {
	51	return $defaultData;
	52	}
	53
c2b9c173 AD	54	sub decode_value {
	55	my ($class, $type, $key, $value) = @_;
	56
	57	if ($key eq 'nodes') {
	58	my $res = {};
	59
	60	foreach my $node (PVE::Tools::split_list($value)) {
	61	if (PVE::JSONSchema::pve_verify_node_name($node)) {
	62	$res->{$node} = 1;
	63	}
	64	}
	65
	66	return $res;
0f700635	67	}
c2b9c173 AD	68
	69	return $value;
	70	}
	71
	72	sub encode_value {
	73	my ($class, $type, $key, $value) = @_;
	74
	75	if ($key eq 'nodes') {
	76	return join(',', keys(%$value));
	77	}
	78
	79	return $value;
	80	}
	81
6939693f AD	82	sub parse_section_header {
	83	my ($class, $line) = @_;
	84
	85	if ($line =~ m/^(\S+):\s(\S+)\s$/) {
f5eabba0	86	my ($type, $id) = (lc($1), $2);
6939693f AD	87	my $errmsg = undef; # set if you want to skip whole section
	88	eval { PVE::JSONSchema::pve_verify_configid($type); };
	89	$errmsg = $@ if $@;
	90	my $config = {}; # to return additional attributes
f5eabba0	91	return ($type, $id, $errmsg, $config);
6939693f AD	92	}
	93	return undef;
	94	}
	95
6bffe819	96	sub generate_sdn_config {
ba7ac021	97	my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_;
6939693f AD	98
	99	die "please implement inside plugin";
	100	}
	101
8fb1ee7f	102	sub generate_controller_config {
56cdcac9	103	my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;
32602a38 AD	104
	105	die "please implement inside plugin";
	106	}
	107
ad03c543	108	sub generate_controller_vnet_config {
56cdcac9	109	my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;
ad03c543 AD	110
	111	}
	112
8fb1ee7f AD	113	sub write_controller_config {
	114	my ($class, $plugin_config, $config) = @_;
	115
	116	die "please implement inside plugin";
	117	}
	118
fa609bdd AD	119	sub controller_reload {
	120	my ($class) = @_;
	121
	122	die "please implement inside plugin";
	123	}
	124
fe0c6b9e	125	sub on_delete_hook {
56cdcac9	126	my ($class, $zoneid, $vnet_cfg) = @_;
e8d5906e	127
56cdcac9 AD	128	# verify that no vnet are associated to this zone
	129	foreach my $id (keys %{$vnet_cfg->{ids}}) {
	130	my $vnet = $vnet_cfg->{ids}->{$id};
	131	die "zone $zoneid is used by vnet $id"
	132	if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
	133	}
e8d5906e AD	134	}
	135
	136	sub on_update_hook {
a2b32a94	137	my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;
fe0c6b9e AD	138
	139	# do nothing by default
	140	}
	141
6939693f AD	142	#helpers
	143	sub parse_tag_number_or_range {
	144	my ($str, $max, $tag) = @_;
	145
	146	my @elements = split(/,/, $str);
	147	my $count = 0;
	148	my $allowed = undef;
	149
	150	die "extraneous commas in list\n" if $str ne join(',', @elements);
	151	foreach my $item (@elements) {
	152	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	153	$count += 2;
	154	my ($port1, $port2) = ($1, $2);
	155	die "invalid port '$port1'\n" if $port1 > $max;
	156	die "invalid port '$port2'\n" if $port2 > $max;
	157	die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;
	158
	159	if ($tag && $tag >= $port1 && $tag <= $port2){
	160	$allowed = 1;
	161	last;
	162	}
	163
	164	} elsif ($item =~ m/^([0-9]+)$/) {
	165	$count += 1;
	166	my $port = $1;
	167	die "invalid port '$port'\n" if $port > $max;
	168
	169	if ($tag && $tag == $port){
	170	$allowed = 1;
	171	last;
	172	}
	173	}
	174	}
	175	die "tag $tag is not allowed" if $tag && !$allowed;
	176
	177	return (scalar(@elements) > 1);
	178	}
	179
627b1694	180	sub status {
4d7cc94f AD	181	my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_;
	182
	183	my $err_msg = [];
627b1694	184
4d7cc94f AD	185	# ifaces to check
	186	my $ifaces = [ $vnetid ];
	187
	188	foreach my $iface (@{$ifaces}) {
	189	if (!$status->{$iface}->{status}) {
	190	push @$err_msg, "missing $iface";
	191	} elsif ($status->{$iface}->{status} ne 'pass') {
	192	push @$err_msg, "error $iface";
	193	}
627b1694	194	}
4d7cc94f	195	return $err_msg;
627b1694 AD	196	}
627b1694 AD	197
2ba9613b	198
eb1549e7 AD	199	sub tap_create {
	200	my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;
	201
912fb443	202	PVE::Network::tap_create($iface, $vnetid);
eb1549e7 AD	203	}
	204
	205	sub veth_create {
	206	my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;
	207
912fb443	208	PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
eb1549e7 AD	209	}
	210
	211	sub tap_plug {
912fb443	212	my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;
eb1549e7	213
912fb443 AD	214	my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
912fb443 AD	215	die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag \|\| $trunks);
eb1549e7 AD	216
	217	PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
	218	}
	219
3794e429 AD	220	#helper
	221
	222	sub get_uplink_iface {
	223	my ($interfaces_config, $uplink) = @_;
	224
	225	my $iface = undef;
	226	foreach my $id (keys %{$interfaces_config->{ifaces}}) {
	227	my $interface = $interfaces_config->{ifaces}->{$id};
	228	if (my $iface_uplink = $interface->{'uplink-id'}) {
	229	next if $iface_uplink ne $uplink;
	230	if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
	231	warn "uplink $uplink is not a physical or bond interface";
	232	next;
	233	}
	234	$iface = $id;
	235	}
	236	}
	237
	238	#create a dummy uplink interface if no uplink found
	239	if(!$iface) {
	240	warn "can't find uplink $uplink in physical interface";
	241	$iface = "uplink${uplink}";
	242	}
	243
	244	return $iface;
	245	}
1f543c5f AD	246
	247	sub get_local_route_ip {
	248	my ($targetip) = @_;
	249
	250	my $ip = undef;
	251	my $interface = undef;
	252
	253	run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
	254	if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
	255	$ip = $1;
	256	}
	257	if ($_[0] =~ m/dev (\S+)/) {
	258	$interface = $1;
	259	}
	260
	261	});
	262	return ($ip, $interface);
	263	}
	264
	265
	266	sub find_local_ip_interface_peers {
	267	my ($peers) = @_;
	268
	269	my $network_config = PVE::INotify::read_file('interfaces');
	270	my $ifaces = $network_config->{ifaces};
	271	#is a local ip member of peers list ?
	272	foreach my $address (@{$peers}) {
	273	while (my $interface = each %$ifaces) {
	274	my $ip = $ifaces->{$interface}->{address};
	275	if ($ip && $ip eq $address) {
	276	return ($ip, $interface);
	277	}
	278	}
	279	}
	280
	281	#if peer is remote, find source with ip route
	282	foreach my $address (@{$peers}) {
	283	my ($ip, $interface) = get_local_route_ip($address);
	284	return ($ip, $interface);
	285	}
	286	}
	287
6939693f	288	1;