[pve-network.git] / PVE / Network / SDN / Zones / Plugin.pm

package PVE::Network::SDN::Zones::Plugin;

use strict;
use warnings;

use PVE::Tools qw(run_command);
use PVE::JSONSchema;
use PVE::Cluster;
use PVE::Network;

use Data::Dumper;
use PVE::JSONSchema qw(get_standard_option);
use base qw(PVE::SectionConfig);

PVE::Cluster::cfs_register_file('sdn/zones.cfg',
				 sub { __PACKAGE__->parse_config(@_); },
				 sub { __PACKAGE__->write_config(@_); });

PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
    description => "The SDN zone object identifier.",
    type => 'string', format => 'pve-sdn-zone-id',
});

PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
sub parse_sdn_zone_id {
    my ($id, $noerr) = @_;

    if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	return undef if $noerr;
	die "zone ID '$id' contains illegal characters\n";
    }
    die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8;
    return $id;
}

my $defaultData = {

    propertyList => {
	type => {
	    description => "Plugin type.",
	    type => 'string', format => 'pve-configid',
	    type => 'string',
	},
        nodes => get_standard_option('pve-node-list', { optional => 1 }),
        zone => get_standard_option('pve-sdn-zone-id',
            { completion => \&PVE::Network::SDN::Zones::complete_sdn_zone }),
    },
};

sub private {
    return $defaultData;
}

sub decode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes') {
        my $res = {};

        foreach my $node (PVE::Tools::split_list($value)) {
            if (PVE::JSONSchema::pve_verify_node_name($node)) {
                $res->{$node} = 1;
            }
        }

        return $res;
    } 

   return $value;
}

sub encode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes') {
        return join(',', keys(%$value));
    }

    return $value;
}

sub parse_section_header {
    my ($class, $line) = @_;

    if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
        my ($type, $id) = (lc($1), $2);
	my $errmsg = undef; # set if you want to skip whole section
	eval { PVE::JSONSchema::pve_verify_configid($type); };
	$errmsg = $@ if $@;
	my $config = {}; # to return additional attributes
	return ($type, $id, $errmsg, $config);
    }
    return undef;
}

sub generate_sdn_config {
    my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_config {
    my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_vnet_config {
    my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;

}

sub write_controller_config {
    my ($class, $plugin_config, $config) = @_;

    die "please implement inside plugin";
}

sub controller_reload {
    my ($class) = @_;

    die "please implement inside plugin";
}

sub on_delete_hook {
    my ($class, $zoneid, $vnet_cfg) = @_;

    # verify that no vnet are associated to this zone
    foreach my $id (keys %{$vnet_cfg->{ids}}) {
	my $vnet = $vnet_cfg->{ids}->{$id};
	die "zone $zoneid is used by vnet $id"
	    if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
    }
}

sub on_update_hook {
    my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;

    # do nothing by default
}

#helpers
sub parse_tag_number_or_range {
    my ($str, $max, $tag) = @_;

    my @elements = split(/,/, $str);
    my $count = 0;
    my $allowed = undef;

    die "extraneous commas in list\n" if $str ne join(',', @elements);
    foreach my $item (@elements) {
	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	    $count += 2;
	    my ($port1, $port2) = ($1, $2);
	    die "invalid port '$port1'\n" if $port1 > $max;
	    die "invalid port '$port2'\n" if $port2 > $max;
	    die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;

	    if ($tag && $tag >= $port1 && $tag <= $port2){
		$allowed = 1;
		last;
	    }

	} elsif ($item =~ m/^([0-9]+)$/) {
	    $count += 1;
	    my $port = $1;
	    die "invalid port '$port'\n" if $port > $max;

	    if ($tag && $tag == $port){
		$allowed = 1;
		last;
	    }
	}
    }
    die "tag $tag is not allowed" if $tag && !$allowed;

    return (scalar(@elements) > 1);
}

sub status {
    my ($class, $plugin_config, $zone, $id, $vnet, $err_config, $status, $vnet_status, $zone_status) = @_;

    $vnet_status->{$id}->{zone} = $zone;
    $zone_status->{$zone}->{status} = 'available' if !defined($zone_status->{$zone}->{status});

    if($err_config) {
	$vnet_status->{$id}->{status} = 'pending';
	$vnet_status->{$id}->{statusmsg} = $err_config;
	$zone_status->{$zone}->{status} = 'pending';
    } elsif ($status->{$id}->{status} && $status->{$id}->{status} eq 'pass') {
	$vnet_status->{$id}->{status} = 'available';
	my $bridgeport = $status->{$id}->{config}->{'bridge-ports'};

	if ($bridgeport && $status->{$bridgeport}->{status} && $status->{$bridgeport}->{status} ne 'pass') {
	    $vnet_status->{$id}->{status} = 'error';
	    $vnet_status->{$id}->{statusmsg} = 'configuration not fully applied';
	    $zone_status->{$zone}->{status} = 'error';
	}

    } else {
	$vnet_status->{$id}->{status} = 'error';
	$vnet_status->{$id}->{statusmsg} = 'missing';
	$zone_status->{$zone}->{status} = 'error';
    }
}


sub tap_create {
    my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;

    PVE::Network::tap_create($iface, $vnetid);
}

sub veth_create {
    my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;

    PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
}

sub tap_plug {
    my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;

    my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
    die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks);

    PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
}

#helper

sub get_uplink_iface {
    my ($interfaces_config, $uplink) = @_;

    my $iface = undef;
    foreach my $id (keys %{$interfaces_config->{ifaces}}) {
        my $interface = $interfaces_config->{ifaces}->{$id};
        if (my $iface_uplink = $interface->{'uplink-id'}) {
	    next if $iface_uplink ne $uplink;
            if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
                warn "uplink $uplink is not a physical or bond interface";
                next;
            }
	    $iface = $id;
        }
    }

    #create a dummy uplink interface if no uplink found
    if(!$iface) {
        warn "can't find uplink $uplink in physical interface";
        $iface = "uplink${uplink}";
    }

    return $iface;
}

sub get_local_route_ip {
    my ($targetip) = @_;

    my $ip = undef;
    my $interface = undef;

    run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
        if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
            $ip = $1;
        }
        if ($_[0] =~ m/dev (\S+)/) {
            $interface = $1;
        }

    });
    return ($ip, $interface);
}


sub find_local_ip_interface_peers {
    my ($peers) = @_;

    my $network_config = PVE::INotify::read_file('interfaces');
    my $ifaces = $network_config->{ifaces};
    #is a local ip member of peers list ?
    foreach my $address (@{$peers}) {
	while (my $interface = each %$ifaces) {
	    my $ip = $ifaces->{$interface}->{address};
	    if ($ip && $ip eq $address) {
		return ($ip, $interface);
	    }
	}
    }

    #if peer is remote, find source with ip route
    foreach my $address (@{$peers}) {
	my ($ip, $interface) = get_local_route_ip($address);
	return ($ip, $interface);
    }
}

1;
Commit	Line	Data
f5eabba0	1	package PVE::Network::SDN::Zones::Plugin;
6939693f AD	2
	3	use strict;
	4	use warnings;
	5
1f543c5f	6	use PVE::Tools qw(run_command);
6939693f AD	7	use PVE::JSONSchema;
6939693f AD	8	use PVE::Cluster;
eb1549e7	9	use PVE::Network;
6939693f AD	10
6939693f AD	11	use Data::Dumper;
eec580bf	12	use PVE::JSONSchema qw(get_standard_option);
6939693f AD	13	use base qw(PVE::SectionConfig);
6939693f AD	14
f5eabba0	15	PVE::Cluster::cfs_register_file('sdn/zones.cfg',
6939693f AD	16	sub { __PACKAGE__->parse_config(@_); },
	17	sub { __PACKAGE__->write_config(@_); });
	18
f5eabba0 AD	19	PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
	20	description => "The SDN zone object identifier.",
	21	type => 'string', format => 'pve-sdn-zone-id',
fe61b14c AD	22	});
fe61b14c AD	23
f5eabba0 AD	24	PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
	25	sub parse_sdn_zone_id {
	26	my ($id, $noerr) = @_;
fe61b14c	27
7c5b0f6d AD	28	if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	29	return undef if $noerr;
	30	die "zone ID '$id' contains illegal characters\n";
fe61b14c	31	}
4d7d91da	32	die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8;
f5eabba0	33	return $id;
fe61b14c AD	34	}
fe61b14c AD	35
6939693f AD	36	my $defaultData = {
	37
	38	propertyList => {
7d35eaf5	39	type => {
6939693f AD	40	description => "Plugin type.",
	41	type => 'string', format => 'pve-configid',
	42	type => 'string',
	43	},
c2b9c173	44	nodes => get_standard_option('pve-node-list', { optional => 1 }),
f5eabba0 AD	45	zone => get_standard_option('pve-sdn-zone-id',
f5eabba0 AD	46	{ completion => \&PVE::Network::SDN::Zones::complete_sdn_zone }),
6939693f AD	47	},
	48	};
	49
	50	sub private {
	51	return $defaultData;
	52	}
	53
c2b9c173 AD	54	sub decode_value {
	55	my ($class, $type, $key, $value) = @_;
	56
	57	if ($key eq 'nodes') {
	58	my $res = {};
	59
	60	foreach my $node (PVE::Tools::split_list($value)) {
	61	if (PVE::JSONSchema::pve_verify_node_name($node)) {
	62	$res->{$node} = 1;
	63	}
	64	}
	65
	66	return $res;
	67	}
	68
	69	return $value;
	70	}
	71
	72	sub encode_value {
	73	my ($class, $type, $key, $value) = @_;
	74
	75	if ($key eq 'nodes') {
	76	return join(',', keys(%$value));
	77	}
	78
	79	return $value;
	80	}
	81
6939693f AD	82	sub parse_section_header {
	83	my ($class, $line) = @_;
	84
	85	if ($line =~ m/^(\S+):\s(\S+)\s$/) {
f5eabba0	86	my ($type, $id) = (lc($1), $2);
6939693f AD	87	my $errmsg = undef; # set if you want to skip whole section
	88	eval { PVE::JSONSchema::pve_verify_configid($type); };
	89	$errmsg = $@ if $@;
	90	my $config = {}; # to return additional attributes
f5eabba0	91	return ($type, $id, $errmsg, $config);
6939693f AD	92	}
	93	return undef;
	94	}
	95
6bffe819	96	sub generate_sdn_config {
ba7ac021	97	my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_;
6939693f AD	98
	99	die "please implement inside plugin";
	100	}
	101
8fb1ee7f	102	sub generate_controller_config {
56cdcac9	103	my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;
32602a38 AD	104
	105	die "please implement inside plugin";
	106	}
	107
ad03c543	108	sub generate_controller_vnet_config {
56cdcac9	109	my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;
ad03c543 AD	110
	111	}
	112
8fb1ee7f AD	113	sub write_controller_config {
	114	my ($class, $plugin_config, $config) = @_;
	115
	116	die "please implement inside plugin";
	117	}
	118
fa609bdd AD	119	sub controller_reload {
	120	my ($class) = @_;
	121
	122	die "please implement inside plugin";
	123	}
	124
fe0c6b9e	125	sub on_delete_hook {
56cdcac9	126	my ($class, $zoneid, $vnet_cfg) = @_;
e8d5906e	127
56cdcac9 AD	128	# verify that no vnet are associated to this zone
	129	foreach my $id (keys %{$vnet_cfg->{ids}}) {
	130	my $vnet = $vnet_cfg->{ids}->{$id};
	131	die "zone $zoneid is used by vnet $id"
	132	if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
	133	}
e8d5906e AD	134	}
	135
	136	sub on_update_hook {
a2b32a94	137	my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;
fe0c6b9e AD	138
	139	# do nothing by default
	140	}
	141
6939693f AD	142	#helpers
	143	sub parse_tag_number_or_range {
	144	my ($str, $max, $tag) = @_;
	145
	146	my @elements = split(/,/, $str);
	147	my $count = 0;
	148	my $allowed = undef;
	149
	150	die "extraneous commas in list\n" if $str ne join(',', @elements);
	151	foreach my $item (@elements) {
	152	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	153	$count += 2;
	154	my ($port1, $port2) = ($1, $2);
	155	die "invalid port '$port1'\n" if $port1 > $max;
	156	die "invalid port '$port2'\n" if $port2 > $max;
	157	die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;
	158
	159	if ($tag && $tag >= $port1 && $tag <= $port2){
	160	$allowed = 1;
	161	last;
	162	}
	163
	164	} elsif ($item =~ m/^([0-9]+)$/) {
	165	$count += 1;
	166	my $port = $1;
	167	die "invalid port '$port'\n" if $port > $max;
	168
	169	if ($tag && $tag == $port){
	170	$allowed = 1;
	171	last;
	172	}
	173	}
	174	}
	175	die "tag $tag is not allowed" if $tag && !$allowed;
	176
	177	return (scalar(@elements) > 1);
	178	}
	179
627b1694 AD	180	sub status {
	181	my ($class, $plugin_config, $zone, $id, $vnet, $err_config, $status, $vnet_status, $zone_status) = @_;
	182
	183	$vnet_status->{$id}->{zone} = $zone;
	184	$zone_status->{$zone}->{status} = 'available' if !defined($zone_status->{$zone}->{status});
	185
	186	if($err_config) {
	187	$vnet_status->{$id}->{status} = 'pending';
	188	$vnet_status->{$id}->{statusmsg} = $err_config;
	189	$zone_status->{$zone}->{status} = 'pending';
	190	} elsif ($status->{$id}->{status} && $status->{$id}->{status} eq 'pass') {
	191	$vnet_status->{$id}->{status} = 'available';
	192	my $bridgeport = $status->{$id}->{config}->{'bridge-ports'};
	193
	194	if ($bridgeport && $status->{$bridgeport}->{status} && $status->{$bridgeport}->{status} ne 'pass') {
	195	$vnet_status->{$id}->{status} = 'error';
	196	$vnet_status->{$id}->{statusmsg} = 'configuration not fully applied';
	197	$zone_status->{$zone}->{status} = 'error';
	198	}
	199
	200	} else {
	201	$vnet_status->{$id}->{status} = 'error';
	202	$vnet_status->{$id}->{statusmsg} = 'missing';
	203	$zone_status->{$zone}->{status} = 'error';
	204	}
	205	}
	206
2ba9613b	207
eb1549e7 AD	208	sub tap_create {
	209	my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;
	210
912fb443	211	PVE::Network::tap_create($iface, $vnetid);
eb1549e7 AD	212	}
	213
	214	sub veth_create {
	215	my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;
	216
912fb443	217	PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
eb1549e7 AD	218	}
	219
	220	sub tap_plug {
912fb443	221	my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;
eb1549e7	222
912fb443 AD	223	my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
912fb443 AD	224	die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag \|\| $trunks);
eb1549e7 AD	225
	226	PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
	227	}
	228
3794e429 AD	229	#helper
	230
	231	sub get_uplink_iface {
	232	my ($interfaces_config, $uplink) = @_;
	233
	234	my $iface = undef;
	235	foreach my $id (keys %{$interfaces_config->{ifaces}}) {
	236	my $interface = $interfaces_config->{ifaces}->{$id};
	237	if (my $iface_uplink = $interface->{'uplink-id'}) {
	238	next if $iface_uplink ne $uplink;
	239	if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
	240	warn "uplink $uplink is not a physical or bond interface";
	241	next;
	242	}
	243	$iface = $id;
	244	}
	245	}
	246
	247	#create a dummy uplink interface if no uplink found
	248	if(!$iface) {
	249	warn "can't find uplink $uplink in physical interface";
	250	$iface = "uplink${uplink}";
	251	}
	252
	253	return $iface;
	254	}
1f543c5f AD	255
	256	sub get_local_route_ip {
	257	my ($targetip) = @_;
	258
	259	my $ip = undef;
	260	my $interface = undef;
	261
	262	run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
	263	if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
	264	$ip = $1;
	265	}
	266	if ($_[0] =~ m/dev (\S+)/) {
	267	$interface = $1;
	268	}
	269
	270	});
	271	return ($ip, $interface);
	272	}
	273
	274
	275	sub find_local_ip_interface_peers {
	276	my ($peers) = @_;
	277
	278	my $network_config = PVE::INotify::read_file('interfaces');
	279	my $ifaces = $network_config->{ifaces};
	280	#is a local ip member of peers list ?
	281	foreach my $address (@{$peers}) {
	282	while (my $interface = each %$ifaces) {
	283	my $ip = $ifaces->{$interface}->{address};
	284	if ($ip && $ip eq $address) {
	285	return ($ip, $interface);
	286	}
	287	}
	288	}
	289
	290	#if peer is remote, find source with ip route
	291	foreach my $address (@{$peers}) {
	292	my ($ip, $interface) = get_local_route_ip($address);
	293	return ($ip, $interface);
	294	}
	295	}
	296
6939693f	297	1;