[pmg-api.git] / src / PMG / API2 / Network.pm

package PMG::API2::Network;

use strict;
use warnings;

use Net::IP qw(:PROC);
use PVE::Tools qw(extract_param);
use PVE::SafeSyslog;
use PVE::INotify;
use PVE::Exception qw(raise_param_exc);
use PVE::RESTHandler;
use PMG::RESTEnvironment;
use PVE::JSONSchema qw(get_standard_option);

use base qw(PVE::RESTHandler);

my $iflockfn = "/etc/network/.pve-interfaces.lock";

my $bond_mode_enum = [
    'balance-rr',
    'active-backup', # OVS and Linux
    'balance-xor',
    'broadcast',
    '802.3ad',
    'balance-tlb',
    'balance-alb',
    'balance-slb', # OVS
    'lacp-balance-slb', # OVS
    'lacp-balance-tcp', # OVS
    ];

my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
			 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];

my $confdesc = {
    type => {
	description => "Network interface type",
	type => 'string',
	enum => [@$network_type_enum, 'unknown'],
    },
    comments => {
	description => "Comments",
	type => 'string',
	optional => 1,
    },
    comments6 => {
	description => "Comments",
	type => 'string',
	optional => 1,
    },
    autostart => {
	description => "Automatically start interface on boot.",
	type => 'boolean',
	optional => 1,
    },
    bridge_vlan_aware => {
	description => "Enable bridge vlan support.",
	type => 'boolean',
	optional => 1,
    },
    bridge_ports => {
	description => "Specify the interfaces you want to add to your bridge.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_ports => {
	description => "Specify the interfaces you want to add to your bridge.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_tag => {
	description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
	optional => 1,
	type => 'integer',
	minimum => 1,
	maximum => 4094,
    },
    ovs_options => {
	description => "OVS interface options.",
	optional => 1,
	type => 'string',
	maxLength => 1024,
    },
    ovs_bridge => {
	description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
	optional => 1,
	type => 'string', format => 'pve-iface',
    },
    slaves => {
	description => "Specify the interfaces used by the bonding device.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_bonds => {
	description => "Specify the interfaces used by the bonding device.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    bond_mode => {
	description => "Bonding mode.",
	optional => 1,
	type => 'string', enum => $bond_mode_enum,
    },
    'bond-primary' => {
	description => "Specify the primary interface for active-backup bond.",
	optional => 1,
	type => 'string', format => 'pve-iface',
    },
    bond_xmit_hash_policy => {
	description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
	optional => 1,
	type => 'string',
	enum => ['layer2', 'layer2+3', 'layer3+4' ],
    },
    'vlan-raw-device' => {
	description => "Specify the raw interface for the vlan interface.",
	optional => 1,
	type => 'string', format => 'pve-iface',
    },
    'vlan-id' => {
	description => "vlan-id for a custom named vlan interface (ifupdown2 only).",
	optional => 1,
	type => 'integer',
	minimum => 1,
	maximum => 4094,
    },
    gateway => {
	description => 'Default gateway address.',
	type => 'string', format => 'ipv4',
	optional => 1,
    },
    netmask => {
	description => 'Network mask.',
	type => 'string', format => 'ipv4mask',
	optional => 1,
	requires => 'address',
    },
    address => {
	description => 'IP address.',
	type => 'string', format => 'ipv4',
	optional => 1,
	requires => 'netmask',
    },
    cidr => {
	description => 'IPv4 CIDR.',
	type => 'string', format => 'CIDRv4',
	optional => 1,
    },
    mtu => {
	description => 'MTU.',
	optional => 1,
	type => 'integer',
	minimum => 1280,
	maximum => 65520,
    },
    gateway6 => {
	description => 'Default ipv6 gateway address.',
	type => 'string', format => 'ipv6',
	optional => 1,
    },
    netmask6 => {
	description => 'Network mask.',
	type => 'integer', minimum => 0, maximum => 128,
	optional => 1,
	requires => 'address6',
    },
    address6 => {
	description => 'IP address.',
	type => 'string', format => 'ipv6',
	optional => 1,
	requires => 'netmask6',
    },
    cidr6 => {
	description => 'IPv6 CIDR.',
	type => 'string', format => 'CIDRv6',
	optional => 1,
    },
};

sub json_config_properties {
    my $prop = shift;

    foreach my $opt (keys %$confdesc) {
	$prop->{$opt} = $confdesc->{$opt};
    }

    return $prop;
}

__PACKAGE__->register_method({
    name => 'index',
    path => '',
    method => 'GET',
    description => "List available networks",
    proxyto => 'node',
    permissions => { check => [ 'admin', 'audit' ] },
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    type => {
		description => "Only list specific interface types.",
		type => 'string',
		enum => [ @$network_type_enum, 'any_bridge' ],
		optional => 1,
	    },
	},
    },
    returns => {
	type => "array",
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{iface}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $restenv = PMG::RESTEnvironment->get();

	my $tmp = PVE::INotify::read_file('interfaces', 1);
	my $config = $tmp->{data};
	my $changes = $tmp->{changes};

	$restenv->set_result_attrib('changes', $changes) if $changes;

	my $ifaces = $config->{ifaces};

	delete $ifaces->{lo}; # do not list the loopback device

	if ($param->{type}) {
	    foreach my $k (keys %$ifaces) {
		my $type = $ifaces->{$k}->{type};
		my $match =  ($param->{type} eq $type) || (
		    ($param->{type} eq 'any_bridge') &&
		    ($type eq 'bridge' || $type eq 'OVSBridge'));
		delete $ifaces->{$k} if !$match;
	    }
	}

	return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
   }});

__PACKAGE__->register_method({
    name => 'revert_network_changes',
    path => '',
    method => 'DELETE',
    protected => 1,
    description => "Revert network configuration changes.",
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	unlink "/etc/network/interfaces.new";

	return undef;
    }});

my $check_duplicate = sub {
    my ($config, $newiface, $key, $name) = @_;

    foreach my $iface (keys %$config) {
	raise_param_exc({ $key => "$name already exists on interface '$iface'." })
	    if ($newiface ne $iface) && $config->{$iface}->{$key};
    }
};

my $check_duplicate_gateway = sub {
    my ($config, $newiface) = @_;
    return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
};

my $check_duplicate_gateway6 = sub {
    my ($config, $newiface) = @_;
    return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
};

sub ipv6_tobin {
    return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
}

my $check_ipv6_settings = sub {
    my ($address, $netmask) = @_;

    raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
	if $netmask < 0 || $netmask > 128;

    raise_param_exc({ address => "$address is not a valid host ip address." })
	if !Net::IP::ip_is_ipv6($address);

    my $binip = ipv6_tobin($address);
    my $binmask = Net::IP::ip_get_mask($netmask, 6);

    my $type = Net::IP::ip_iptypev6($binip);

    raise_param_exc({ address => "$address is not a valid host ip address." })
	if ($binip eq $binmask) ||
	   (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/);
};

my $map_cidr_to_address_netmask = sub {
    my ($param) = @_;

    if ($param->{cidr}) {
	raise_param_exc({ address => "address conflicts with cidr" })
	    if $param->{address};
	raise_param_exc({ netmask => "netmask conflicts with cidr" })
	    if $param->{netmask};

	my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!;
	$param->{address} = $address;
	$param->{netmask} = $netmask;
	delete $param->{cidr};
    }

    if ($param->{cidr6}) {
	raise_param_exc({ address6 => "address6 conflicts with cidr6" })
	    if $param->{address6};
	raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" })
	    if $param->{netmask6};

	my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!;
	$param->{address6} = $address;
	$param->{netmask6} = $netmask;
	delete $param->{cidr6};
    }
};

__PACKAGE__->register_method({
    name => 'create_network',
    path => '',
    method => 'POST',
    description => "Create network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => json_config_properties({
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface')}),
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $iface = extract_param($param, 'iface');

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface already exists" })
		if $ifaces->{$iface};

	    &$check_duplicate_gateway($ifaces, $iface)
		if $param->{gateway};
	    &$check_duplicate_gateway6($ifaces, $iface)
		if $param->{gateway6};

	    $map_cidr_to_address_netmask->($param);

	    &$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
		if $param->{address6};

	    my $families = $param->{families} = [];
	    push @$families, 'inet'
		if $param->{address} && !grep(/^inet$/, @$families);
	    push @$families, 'inet6'
		if $param->{address6} && !grep(/^inet6$/, @$families);
	    @$families = ('inet') if !scalar(@$families);

	    $param->{method} = $param->{address} ? 'static' : 'manual';
	    $param->{method6} = $param->{address6} ? 'static' : 'manual';

	    if ($param->{type} =~ m/^OVS/) {
		-x '/usr/bin/ovs-vsctl' ||
		    die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
	    }

	    if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') {
		my $brname = $param->{ovs_bridge};
		raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
		my $br = $ifaces->{$brname};
		raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
		raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" })
		    if $br->{type} ne 'OVSBridge';

		my @ports = split (/\s+/, $br->{ovs_ports} || '');
		$br->{ovs_ports} = join(' ', @ports, $iface)
		    if ! grep { $_ eq $iface } @ports;
	    }

	    $ifaces->{$iface} = $param;

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

sub ifupdown2_version {
    my $v;
    PVE::Tools::run_command(['ifreload', '-V'], outfunc => sub { $v //= shift });
    return if !defined($v) || $v !~ /^\s*ifupdown2:(\S+)\s*$/;
    $v = $1;
    my ($major, $minor, $extra, $pve) = split(/\.|-/, $v);
    my $is_pve = defined($pve) && $pve =~ /(pve|pmx|proxmox)/;

    return ($major * 100000 + $minor * 1000 + $extra * 10, $is_pve, $v);
}
sub assert_ifupdown2_installed {
    die "you need ifupdown2 to reload network configuration\n" if ! -e '/usr/share/ifupdown2';
    my ($v, $pve, $v_str) = ifupdown2_version();
    die "incompatible 'ifupdown2' package version '$v_str'! Did you installed from Proxmox repositories?\n"
        if $v < (1*100000 + 2*1000 + 8*10) || !$pve;
}

__PACKAGE__->register_method({
    name => 'reload_network_config',
    path => '',
    method => 'PUT',
    description => "Reload network configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => { type => 'string' },
    code => sub {

	my ($param) = @_;

	my $rpcenv = PMG::RESTEnvironment->get();
	my $authuser = $rpcenv->get_user();

	assert_ifupdown2_installed();

	my $current_config = "/etc/network/interfaces";
	my $new_config = "$current_config.new";

	my $worker = sub {
	    if (-e $new_config) {
		print "found changes, renaming '$new_config' -> '$current_config'\n";
		rename($new_config, $current_config) or die "could not rename new config file - $!";
	    }

	    PVE::Tools::run_command(['ifreload', '-a'], errfunc => sub {
		my $line = shift;
		if ($line =~ /(warning|error): (\S+):/) {
		    print "$2 : $line \n";
		}
	    });
	};
	return $rpcenv->fork_worker('srvreload', 'networking', $authuser, $worker);
   }});

__PACKAGE__->register_method({
    name => 'update_network',
    path => '{iface}',
    method => 'PUT',
    description => "Update network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => json_config_properties({
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	    delete => {
		type => 'string', format => 'pve-configid-list',
		description => "A list of settings you want to delete.",
		optional => 1,
	    }}),
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $iface = extract_param($param, 'iface');
	my $delete = extract_param($param, 'delete');

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface does not exist" })
		if !$ifaces->{$iface};

	    my $families = ($param->{families} ||= []);
	    foreach my $k (PVE::Tools::split_list($delete)) {
		delete $ifaces->{$iface}->{$k};
		@$families = grep(!/^inet$/, @$families) if $k eq 'address';
		@$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
	    }

	    $map_cidr_to_address_netmask->($param);

	    &$check_duplicate_gateway($ifaces, $iface)
		if $param->{gateway};
	    &$check_duplicate_gateway6($ifaces, $iface)
		if $param->{gateway6};

	    if ($param->{address}) {
		push @$families, 'inet' if !grep(/^inet$/, @$families);
	    } else {
		@$families = grep(!/^inet$/, @$families);
	    }
	    if ($param->{address6}) {
		&$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
		push @$families, 'inet6' if !grep(/^inet6$/, @$families);
	    } else {
		@$families = grep(!/^inet6$/, @$families);
	    }
	    @$families = ('inet') if !scalar(@$families);

	    $param->{method} = $param->{address} ? 'static' : 'manual';
	    $param->{method6} = $param->{address6} ? 'static' : 'manual';

	    foreach my $k (keys %$param) {
		$ifaces->{$iface}->{$k} = $param->{$k};
	    }

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'network_config',
    path => '{iface}',
    method => 'GET',
    description => "Read network device configuration",
    proxyto => 'node',
    permissions => { check => [ 'admin', 'audit' ] },
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	},
    },
    returns => {
	type => "object",
	properties => {
	    type => {
		type => 'string',
	    },
	    method => {
		type => 'string',
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	my $config = PVE::INotify::read_file('interfaces');
	my $ifaces = $config->{ifaces};

	raise_param_exc({ iface => "interface does not exist" })
	    if !$ifaces->{$param->{iface}};

	return $ifaces->{$param->{iface}};
   }});

__PACKAGE__->register_method({
    name => 'delete_network',
    path => '{iface}',
    method => 'DELETE',
    description => "Delete network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface does not exist" })
		if !$ifaces->{$param->{iface}};

	    my $d = $ifaces->{$param->{iface}};
	    if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') {
		if (my $brname = $d->{ovs_bridge}) {
		    if (my $br = $ifaces->{$brname}) {
			if ($br->{ovs_ports}) {
			    my @ports = split (/\s+/, $br->{ovs_ports});
			    my @new = grep { $_ ne $param->{iface} } @ports;
			    $br->{ovs_ports} = join(' ', @new);
			}
		    }
		}
	    }

	    delete $ifaces->{$param->{iface}};

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

1;
Commit	Line	Data
2551682a DM	1	package PMG::API2::Network;
	2
	3	use strict;
	4	use warnings;
	5
	6	use Net::IP qw(:PROC);
	7	use PVE::Tools qw(extract_param);
	8	use PVE::SafeSyslog;
	9	use PVE::INotify;
	10	use PVE::Exception qw(raise_param_exc);
	11	use PVE::RESTHandler;
9d82c6bc	12	use PMG::RESTEnvironment;
2551682a DM	13	use PVE::JSONSchema qw(get_standard_option);
	14
	15	use base qw(PVE::RESTHandler);
	16
	17	my $iflockfn = "/etc/network/.pve-interfaces.lock";
	18
	19	my $bond_mode_enum = [
	20	'balance-rr',
	21	'active-backup', # OVS and Linux
	22	'balance-xor',
	23	'broadcast',
	24	'802.3ad',
	25	'balance-tlb',
	26	'balance-alb',
	27	'balance-slb', # OVS
	28	'lacp-balance-slb', # OVS
	29	'lacp-balance-tcp', # OVS
	30	];
	31
	32	my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
	33	'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
	34
	35	my $confdesc = {
	36	type => {
	37	description => "Network interface type",
	38	type => 'string',
	39	enum => [@$network_type_enum, 'unknown'],
	40	},
	41	comments => {
	42	description => "Comments",
	43	type => 'string',
	44	optional => 1,
	45	},
	46	comments6 => {
	47	description => "Comments",
	48	type => 'string',
	49	optional => 1,
	50	},
	51	autostart => {
	52	description => "Automatically start interface on boot.",
	53	type => 'boolean',
	54	optional => 1,
	55	},
	56	bridge_vlan_aware => {
	57	description => "Enable bridge vlan support.",
	58	type => 'boolean',
	59	optional => 1,
	60	},
	61	bridge_ports => {
1359baef	62	description => "Specify the interfaces you want to add to your bridge.",
2551682a DM	63	optional => 1,
	64	type => 'string', format => 'pve-iface-list',
	65	},
	66	ovs_ports => {
1359baef	67	description => "Specify the interfaces you want to add to your bridge.",
2551682a DM	68	optional => 1,
	69	type => 'string', format => 'pve-iface-list',
	70	},
	71	ovs_tag => {
	72	description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
	73	optional => 1,
	74	type => 'integer',
	75	minimum => 1,
	76	maximum => 4094,
	77	},
	78	ovs_options => {
	79	description => "OVS interface options.",
	80	optional => 1,
	81	type => 'string',
	82	maxLength => 1024,
	83	},
	84	ovs_bridge => {
	85	description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
	86	optional => 1,
	87	type => 'string', format => 'pve-iface',
	88	},
	89	slaves => {
	90	description => "Specify the interfaces used by the bonding device.",
	91	optional => 1,
	92	type => 'string', format => 'pve-iface-list',
	93	},
	94	ovs_bonds => {
	95	description => "Specify the interfaces used by the bonding device.",
	96	optional => 1,
	97	type => 'string', format => 'pve-iface-list',
	98	},
	99	bond_mode => {
	100	description => "Bonding mode.",
	101	optional => 1,
	102	type => 'string', enum => $bond_mode_enum,
	103	},
f438eff3 AD	104	'bond-primary' => {
	105	description => "Specify the primary interface for active-backup bond.",
	106	optional => 1,
	107	type => 'string', format => 'pve-iface',
	108	},
2551682a DM	109	bond_xmit_hash_policy => {
	110	description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
	111	optional => 1,
	112	type => 'string',
	113	enum => ['layer2', 'layer2+3', 'layer3+4' ],
	114	},
507b4a9b AD	115	'vlan-raw-device' => {
	116	description => "Specify the raw interface for the vlan interface.",
	117	optional => 1,
	118	type => 'string', format => 'pve-iface',
	119	},
	120	'vlan-id' => {
	121	description => "vlan-id for a custom named vlan interface (ifupdown2 only).",
	122	optional => 1,
	123	type => 'integer',
	124	minimum => 1,
	125	maximum => 4094,
	126	},
2551682a DM	127	gateway => {
	128	description => 'Default gateway address.',
	129	type => 'string', format => 'ipv4',
	130	optional => 1,
	131	},
	132	netmask => {
	133	description => 'Network mask.',
	134	type => 'string', format => 'ipv4mask',
	135	optional => 1,
	136	requires => 'address',
	137	},
	138	address => {
	139	description => 'IP address.',
	140	type => 'string', format => 'ipv4',
	141	optional => 1,
	142	requires => 'netmask',
	143	},
1e94d062 DC	144	cidr => {
	145	description => 'IPv4 CIDR.',
	146	type => 'string', format => 'CIDRv4',
	147	optional => 1,
	148	},
d9a86cfe AD	149	mtu => {
	150	description => 'MTU.',
	151	optional => 1,
	152	type => 'integer',
	153	minimum => 1280,
	154	maximum => 65520,
	155	},
2551682a DM	156	gateway6 => {
	157	description => 'Default ipv6 gateway address.',
	158	type => 'string', format => 'ipv6',
	159	optional => 1,
	160	},
	161	netmask6 => {
	162	description => 'Network mask.',
	163	type => 'integer', minimum => 0, maximum => 128,
	164	optional => 1,
	165	requires => 'address6',
	166	},
	167	address6 => {
	168	description => 'IP address.',
	169	type => 'string', format => 'ipv6',
	170	optional => 1,
	171	requires => 'netmask6',
1e94d062 DC	172	},
	173	cidr6 => {
	174	description => 'IPv6 CIDR.',
	175	type => 'string', format => 'CIDRv6',
	176	optional => 1,
	177	},
2551682a DM	178	};
	179
	180	sub json_config_properties {
	181	my $prop = shift;
	182
	183	foreach my $opt (keys %$confdesc) {
	184	$prop->{$opt} = $confdesc->{$opt};
	185	}
	186
	187	return $prop;
	188	}
	189
	190	__PACKAGE__->register_method({
	191	name => 'index',
	192	path => '',
	193	method => 'GET',
	194	description => "List available networks",
	195	proxyto => 'node',
aea3488a	196	permissions => { check => [ 'admin', 'audit' ] },
2551682a DM	197	parameters => {
	198	additionalProperties => 0,
	199	properties => {
	200	node => get_standard_option('pve-node'),
	201	type => {
	202	description => "Only list specific interface types.",
	203	type => 'string',
	204	enum => [ @$network_type_enum, 'any_bridge' ],
	205	optional => 1,
	206	},
	207	},
	208	},
	209	returns => {
	210	type => "array",
	211	items => {
	212	type => "object",
	213	properties => {},
	214	},
	215	links => [ { rel => 'child', href => "{iface}" } ],
	216	},
	217	code => sub {
	218	my ($param) = @_;
	219
f1c29260	220	my $restenv = PMG::RESTEnvironment->get();
2551682a DM	221
	222	my $tmp = PVE::INotify::read_file('interfaces', 1);
	223	my $config = $tmp->{data};
	224	my $changes = $tmp->{changes};
	225
	226	$restenv->set_result_attrib('changes', $changes) if $changes;
	227
	228	my $ifaces = $config->{ifaces};
	229
	230	delete $ifaces->{lo}; # do not list the loopback device
	231
	232	if ($param->{type}) {
	233	foreach my $k (keys %$ifaces) {
	234	my $type = $ifaces->{$k}->{type};
	235	my $match = ($param->{type} eq $type) \|\| (
	236	($param->{type} eq 'any_bridge') &&
	237	($type eq 'bridge' \|\| $type eq 'OVSBridge'));
	238	delete $ifaces->{$k} if !$match;
	239	}
	240	}
	241
	242	return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
	243	}});
	244
	245	__PACKAGE__->register_method({
	246	name => 'revert_network_changes',
	247	path => '',
	248	method => 'DELETE',
	249	protected => 1,
	250	description => "Revert network configuration changes.",
	251	proxyto => 'node',
	252	parameters => {
	253	additionalProperties => 0,
	254	properties => {
	255	node => get_standard_option('pve-node'),
	256	},
	257	},
	258	returns => { type => "null" },
	259	code => sub {
	260	my ($param) = @_;
	261
	262	unlink "/etc/network/interfaces.new";
	263
	264	return undef;
	265	}});
	266
	267	my $check_duplicate = sub {
	268	my ($config, $newiface, $key, $name) = @_;
	269
	270	foreach my $iface (keys %$config) {
	271	raise_param_exc({ $key => "$name already exists on interface '$iface'." })
	272	if ($newiface ne $iface) && $config->{$iface}->{$key};
	273	}
	274	};
	275
	276	my $check_duplicate_gateway = sub {
	277	my ($config, $newiface) = @_;
	278	return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
	279	};
	280
	281	my $check_duplicate_gateway6 = sub {
	282	my ($config, $newiface) = @_;
	283	return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
	284	};
285
286	sub ipv6_tobin {
287	return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
288	}
289
290	my $check_ipv6_settings = sub {
291	my ($address, $netmask) = @_;
292
293	raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
294	if $netmask < 0 \|\| $netmask > 128;
295
296	raise_param_exc({ address => "$address is not a valid host ip address." })
297	if !Net::IP::ip_is_ipv6($address);
298
299	my $binip = ipv6_tobin($address);
300	my $binmask = Net::IP::ip_get_mask($netmask, 6);
301
302	my $type = Net::IP::ip_iptypev6($binip);
303
304	raise_param_exc({ address => "$address is not a valid host ip address." })
305	if ($binip eq $binmask) \|\|
306	(defined($type) && $type !~ /^(?:(?:GLOBAL\|(?:UNIQUE\|LINK)-LOCAL)-UNICAST)$/);
307	};
308
1e94d062 DC	309	my $map_cidr_to_address_netmask = sub {
	310	my ($param) = @_;
	311
	312	if ($param->{cidr}) {
	313	raise_param_exc({ address => "address conflicts with cidr" })
	314	if $param->{address};
	315	raise_param_exc({ netmask => "netmask conflicts with cidr" })
	316	if $param->{netmask};
	317
	318	my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!;
	319	$param->{address} = $address;
	320	$param->{netmask} = $netmask;
	321	delete $param->{cidr};
	322	}
	323
	324	if ($param->{cidr6}) {
	325	raise_param_exc({ address6 => "address6 conflicts with cidr6" })
	326	if $param->{address6};
	327	raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" })
	328	if $param->{netmask6};
	329
	330	my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!;
	331	$param->{address6} = $address;
	332	$param->{netmask6} = $netmask;
	333	delete $param->{cidr6};
	334	}
	335	};
	336
2551682a DM	337	__PACKAGE__->register_method({
	338	name => 'create_network',
	339	path => '',
	340	method => 'POST',
	341	description => "Create network device configuration",
	342	protected => 1,
	343	proxyto => 'node',
	344	parameters => {
	345	additionalProperties => 0,
	346	properties => json_config_properties({
	347	node => get_standard_option('pve-node'),
	348	iface => get_standard_option('pve-iface')}),
	349	},
	350	returns => { type => 'null' },
	351	code => sub {
	352	my ($param) = @_;
	353
	354	my $node = extract_param($param, 'node');
	355	my $iface = extract_param($param, 'iface');
	356
	357	my $code = sub {
	358	my $config = PVE::INotify::read_file('interfaces');
	359	my $ifaces = $config->{ifaces};
	360
	361	raise_param_exc({ iface => "interface already exists" })
	362	if $ifaces->{$iface};
	363
	364	&$check_duplicate_gateway($ifaces, $iface)
	365	if $param->{gateway};
	366	&$check_duplicate_gateway6($ifaces, $iface)
	367	if $param->{gateway6};
	368
1e94d062 DC	369	$map_cidr_to_address_netmask->($param);
1e94d062 DC	370
2551682a DM	371	&$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
	372	if $param->{address6};
	373
	374	my $families = $param->{families} = [];
	375	push @$families, 'inet'
	376	if $param->{address} && !grep(/^inet$/, @$families);
	377	push @$families, 'inet6'
	378	if $param->{address6} && !grep(/^inet6$/, @$families);
	379	@$families = ('inet') if !scalar(@$families);
	380
	381	$param->{method} = $param->{address} ? 'static' : 'manual';
	382	$param->{method6} = $param->{address6} ? 'static' : 'manual';
	383
	384	if ($param->{type} =~ m/^OVS/) {
	385	-x '/usr/bin/ovs-vsctl' \|\|
	386	die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
	387	}
	388
	389	if ($param->{type} eq 'OVSIntPort' \|\| $param->{type} eq 'OVSBond') {
	390	my $brname = $param->{ovs_bridge};
	391	raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
	392	my $br = $ifaces->{$brname};
	393	raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
	394	raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" })
	395	if $br->{type} ne 'OVSBridge';
	396
	397	my @ports = split (/\s+/, $br->{ovs_ports} \|\| '');
	398	$br->{ovs_ports} = join(' ', @ports, $iface)
	399	if ! grep { $_ eq $iface } @ports;
	400	}
	401
	402	$ifaces->{$iface} = $param;
	403
	404	PVE::INotify::write_file('interfaces', $config);
	405	};
	406
	407	PVE::Tools::lock_file($iflockfn, 10, $code);
	408	die $@ if $@;
	409
	410	return undef;
	411	}});
	412
d513a8df TL	413	sub ifupdown2_version {
	414	my $v;
	415	PVE::Tools::run_command(['ifreload', '-V'], outfunc => sub { $v //= shift });
	416	return if !defined($v) \|\| $v !~ /^\sifupdown2:(\S+)\s$/;
	417	$v = $1;
	418	my ($major, $minor, $extra, $pve) = split(/\.\|-/, $v);
	419	my $is_pve = defined($pve) && $pve =~ /(pve\|pmx\|proxmox)/;
	420
	421	return ($major * 100000 + $minor * 1000 + $extra * 10, $is_pve, $v);
	422	}
	423	sub assert_ifupdown2_installed {
	424	die "you need ifupdown2 to reload network configuration\n" if ! -e '/usr/share/ifupdown2';
	425	my ($v, $pve, $v_str) = ifupdown2_version();
	426	die "incompatible 'ifupdown2' package version '$v_str'! Did you installed from Proxmox repositories?\n"
	427	if $v < (1100000 + 21000 + 8*10) \|\| !$pve;
	428	}
	429
	430	__PACKAGE__->register_method({
	431	name => 'reload_network_config',
	432	path => '',
	433	method => 'PUT',
	434	description => "Reload network configuration",
	435	protected => 1,
	436	proxyto => 'node',
	437	parameters => {
	438	additionalProperties => 0,
	439	properties => {
	440	node => get_standard_option('pve-node'),
	441	},
	442	},
	443	returns => { type => 'string' },
	444	code => sub {
	445
	446	my ($param) = @_;
	447
	448	my $rpcenv = PMG::RESTEnvironment->get();
	449	my $authuser = $rpcenv->get_user();
	450
	451	assert_ifupdown2_installed();
	452
	453	my $current_config = "/etc/network/interfaces";
	454	my $new_config = "$current_config.new";
	455
	456	my $worker = sub {
	457	if (-e $new_config) {
	458	print "found changes, renaming '$new_config' -> '$current_config'\n";
	459	rename($new_config, $current_config) or die "could not rename new config file - $!";
	460	}
	461
	462	PVE::Tools::run_command(['ifreload', '-a'], errfunc => sub {
	463	my $line = shift;
	464	if ($line =~ /(warning\|error): (\S+):/) {
	465	print "$2 : $line \n";
	466	}
	467	});
	468	};
	469	return $rpcenv->fork_worker('srvreload', 'networking', $authuser, $worker);
	470	}});
	471
2551682a DM	472	__PACKAGE__->register_method({
	473	name => 'update_network',
	474	path => '{iface}',
	475	method => 'PUT',
	476	description => "Update network device configuration",
	477	protected => 1,
	478	proxyto => 'node',
	479	parameters => {
	480	additionalProperties => 0,
	481	properties => json_config_properties({
	482	node => get_standard_option('pve-node'),
	483	iface => get_standard_option('pve-iface'),
	484	delete => {
	485	type => 'string', format => 'pve-configid-list',
	486	description => "A list of settings you want to delete.",
	487	optional => 1,
	488	}}),
	489	},
	490	returns => { type => 'null' },
	491	code => sub {
	492	my ($param) = @_;
	493
	494	my $node = extract_param($param, 'node');
	495	my $iface = extract_param($param, 'iface');
	496	my $delete = extract_param($param, 'delete');
	497
	498	my $code = sub {
	499	my $config = PVE::INotify::read_file('interfaces');
	500	my $ifaces = $config->{ifaces};
	501
	502	raise_param_exc({ iface => "interface does not exist" })
	503	if !$ifaces->{$iface};
	504
	505	my $families = ($param->{families} \|\|= []);
	506	foreach my $k (PVE::Tools::split_list($delete)) {
	507	delete $ifaces->{$iface}->{$k};
	508	@$families = grep(!/^inet$/, @$families) if $k eq 'address';
	509	@$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
	510	}
	511
1e94d062 DC	512	$map_cidr_to_address_netmask->($param);
1e94d062 DC	513
2551682a DM	514	&$check_duplicate_gateway($ifaces, $iface)
	515	if $param->{gateway};
	516	&$check_duplicate_gateway6($ifaces, $iface)
	517	if $param->{gateway6};
	518
	519	if ($param->{address}) {
	520	push @$families, 'inet' if !grep(/^inet$/, @$families);
	521	} else {
	522	@$families = grep(!/^inet$/, @$families);
	523	}
	524	if ($param->{address6}) {
	525	&$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
	526	push @$families, 'inet6' if !grep(/^inet6$/, @$families);
	527	} else {
	528	@$families = grep(!/^inet6$/, @$families);
	529	}
	530	@$families = ('inet') if !scalar(@$families);
	531
	532	$param->{method} = $param->{address} ? 'static' : 'manual';
	533	$param->{method6} = $param->{address6} ? 'static' : 'manual';
	534
	535	foreach my $k (keys %$param) {
	536	$ifaces->{$iface}->{$k} = $param->{$k};
	537	}
	538
	539	PVE::INotify::write_file('interfaces', $config);
	540	};
	541
	542	PVE::Tools::lock_file($iflockfn, 10, $code);
	543	die $@ if $@;
	544
	545	return undef;
	546	}});
	547
	548	__PACKAGE__->register_method({
	549	name => 'network_config',
	550	path => '{iface}',
	551	method => 'GET',
	552	description => "Read network device configuration",
	553	proxyto => 'node',
aea3488a	554	permissions => { check => [ 'admin', 'audit' ] },
2551682a DM	555	parameters => {
	556	additionalProperties => 0,
	557	properties => {
	558	node => get_standard_option('pve-node'),
	559	iface => get_standard_option('pve-iface'),
	560	},
	561	},
	562	returns => {
	563	type => "object",
	564	properties => {
	565	type => {
	566	type => 'string',
	567	},
	568	method => {
	569	type => 'string',
	570	},
	571	},
	572	},
	573	code => sub {
	574	my ($param) = @_;
	575
	576	my $config = PVE::INotify::read_file('interfaces');
	577	my $ifaces = $config->{ifaces};
	578
	579	raise_param_exc({ iface => "interface does not exist" })
	580	if !$ifaces->{$param->{iface}};
	581
	582	return $ifaces->{$param->{iface}};
	583	}});
	584
	585	__PACKAGE__->register_method({
	586	name => 'delete_network',
	587	path => '{iface}',
	588	method => 'DELETE',
	589	description => "Delete network device configuration",
	590	protected => 1,
	591	proxyto => 'node',
	592	parameters => {
	593	additionalProperties => 0,
	594	properties => {
	595	node => get_standard_option('pve-node'),
	596	iface => get_standard_option('pve-iface'),
	597	},
	598	},
	599	returns => { type => 'null' },
	600	code => sub {
	601	my ($param) = @_;
	602
	603	my $code = sub {
	604	my $config = PVE::INotify::read_file('interfaces');
	605	my $ifaces = $config->{ifaces};
	606
	607	raise_param_exc({ iface => "interface does not exist" })
	608	if !$ifaces->{$param->{iface}};
	609
	610	my $d = $ifaces->{$param->{iface}};
	611	if ($d->{type} eq 'OVSIntPort' \|\| $d->{type} eq 'OVSBond') {
	612	if (my $brname = $d->{ovs_bridge}) {
	613	if (my $br = $ifaces->{$brname}) {
	614	if ($br->{ovs_ports}) {
	615	my @ports = split (/\s+/, $br->{ovs_ports});
	616	my @new = grep { $_ ne $param->{iface} } @ports;
	617	$br->{ovs_ports} = join(' ', @new);
	618	}
619	}
620	}
621	}
622
623	delete $ifaces->{$param->{iface}};
624
625	PVE::INotify::write_file('interfaces', $config);
626	};
627
628	PVE::Tools::lock_file($iflockfn, 10, $code);
629	die $@ if $@;
630
631	return undef;
632	}});
633
634	1;