]>
Commit | Line | Data |
---|---|---|
86d22462 | 1 | package PVE::Network::SDN; |
92b6f291 AD |
2 | |
3 | use strict; | |
4 | use warnings; | |
434125ce | 5 | |
92b6f291 | 6 | use Data::Dumper; |
c665cefc | 7 | use JSON; |
434125ce | 8 | |
0eda9b9a FG |
9 | use PVE::INotify; |
10 | ||
7129a3ca | 11 | use PVE::Network::SDN::Vnets; |
f5eabba0 | 12 | use PVE::Network::SDN::Zones; |
5d3e0248 AD |
13 | use PVE::Network::SDN::Controllers; |
14 | use PVE::Network::SDN::Subnets; | |
f5eabba0 | 15 | |
434125ce | 16 | use PVE::Tools qw(extract_param dir_glob_regex run_command); |
92b6f291 | 17 | use PVE::Cluster qw(cfs_read_file cfs_write_file cfs_lock_file); |
0eda9b9a | 18 | use PVE::RESTEnvironment qw(log_warn); |
f9bc9640 | 19 | |
5d3e0248 | 20 | my $running_cfg = "sdn/.running-config"; |
f9bc9640 | 21 | |
5d3e0248 | 22 | my $parse_running_cfg = sub { |
f9bc9640 AD |
23 | my ($filename, $raw) = @_; |
24 | ||
5d3e0248 | 25 | my $cfg = {}; |
28664c9b | 26 | |
5d3e0248 | 27 | return $cfg if !defined($raw) || $raw eq ''; |
f9bc9640 | 28 | |
5d3e0248 AD |
29 | eval { |
30 | $cfg = from_json($raw); | |
31 | }; | |
32 | return {} if $@; | |
33 | ||
34 | return $cfg; | |
f9bc9640 AD |
35 | }; |
36 | ||
5d3e0248 AD |
37 | my $write_running_cfg = sub { |
38 | my ($filename, $cfg) = @_; | |
f9bc9640 | 39 | |
5d3e0248 | 40 | my $json = to_json($cfg); |
f9bc9640 | 41 | |
5d3e0248 | 42 | return $json; |
f9bc9640 AD |
43 | }; |
44 | ||
5d3e0248 | 45 | PVE::Cluster::cfs_register_file($running_cfg, $parse_running_cfg, $write_running_cfg); |
f9bc9640 AD |
46 | |
47 | ||
f5eabba0 | 48 | # improve me : move status code inside plugins ? |
92b6f291 | 49 | |
e424c7ac | 50 | sub ifquery_check { |
c665cefc AD |
51 | |
52 | my $cmd = ['ifquery', '-a', '-c', '-o','json']; | |
c665cefc | 53 | |
0c5021ad TL |
54 | my $result = ''; |
55 | my $reader = sub { $result .= shift }; | |
c665cefc AD |
56 | |
57 | eval { | |
6e9fff39 | 58 | run_command($cmd, outfunc => $reader); |
c665cefc AD |
59 | }; |
60 | ||
6e9fff39 | 61 | my $resultjson = decode_json($result); |
c665cefc AD |
62 | my $interfaces = {}; |
63 | ||
64 | foreach my $interface (@$resultjson) { | |
6e9fff39 AD |
65 | my $name = $interface->{name}; |
66 | $interfaces->{$name} = { | |
67 | status => $interface->{status}, | |
68 | config => $interface->{config}, | |
69 | config_status => $interface->{config_status}, | |
70 | }; | |
c665cefc AD |
71 | } |
72 | ||
73 | return $interfaces; | |
74 | } | |
75 | ||
e424c7ac AD |
76 | sub status { |
77 | ||
56cdcac9 AD |
78 | my ($zone_status, $vnet_status) = PVE::Network::SDN::Zones::status(); |
79 | return($zone_status, $vnet_status); | |
e424c7ac AD |
80 | } |
81 | ||
d73c7c36 | 82 | sub running_config { |
5d3e0248 AD |
83 | return cfs_read_file($running_cfg); |
84 | } | |
85 | ||
6f5f42e4 AD |
86 | sub pending_config { |
87 | my ($running_cfg, $cfg, $type) = @_; | |
88 | ||
89 | my $pending = {}; | |
90 | ||
91 | my $running_objects = $running_cfg->{$type}->{ids}; | |
92 | my $config_objects = $cfg->{ids}; | |
93 | ||
94 | foreach my $id (sort keys %{$running_objects}) { | |
95 | my $running_object = $running_objects->{$id}; | |
96 | my $config_object = $config_objects->{$id}; | |
97 | foreach my $key (sort keys %{$running_object}) { | |
98 | $pending->{$id}->{$key} = $running_object->{$key}; | |
99 | if(!keys %{$config_object}) { | |
100 | $pending->{$id}->{state} = "deleted"; | |
e382bf71 AD |
101 | } elsif (!defined($config_object->{$key})) { |
102 | $pending->{$id}->{"pending"}->{$key} = 'deleted'; | |
103 | $pending->{$id}->{state} = "changed"; | |
104 | } elsif (PVE::Network::SDN::encode_value(undef, $key, $running_object->{$key}) | |
105 | ne PVE::Network::SDN::encode_value(undef, $key, $config_object->{$key})) { | |
6f5f42e4 AD |
106 | $pending->{$id}->{state} = "changed"; |
107 | } | |
108 | } | |
36fecf55 | 109 | $pending->{$id}->{"pending"} = {} if $pending->{$id}->{state} && !defined($pending->{$id}->{"pending"}); |
6f5f42e4 AD |
110 | } |
111 | ||
112 | foreach my $id (sort keys %{$config_objects}) { | |
113 | my $running_object = $running_objects->{$id}; | |
114 | my $config_object = $config_objects->{$id}; | |
115 | ||
116 | foreach my $key (sort keys %{$config_object}) { | |
e382bf71 AD |
117 | my $config_value = PVE::Network::SDN::encode_value(undef, $key, $config_object->{$key}) if $config_object->{$key}; |
118 | my $running_value = PVE::Network::SDN::encode_value(undef, $key, $running_object->{$key}) if $running_object->{$key}; | |
6f5f42e4 AD |
119 | if($key eq 'type' || $key eq 'vnet') { |
120 | $pending->{$id}->{$key} = $config_value; | |
121 | } else { | |
122 | $pending->{$id}->{"pending"}->{$key} = $config_value if !defined($running_value) || ($config_value ne $running_value); | |
123 | } | |
124 | if(!keys %{$running_object}) { | |
125 | $pending->{$id}->{state} = "new"; | |
126 | } elsif (!defined($running_value) && defined($config_value)) { | |
127 | $pending->{$id}->{state} = "changed"; | |
128 | } | |
129 | } | |
36fecf55 | 130 | $pending->{$id}->{"pending"} = {} if $pending->{$id}->{state} && !defined($pending->{$id}->{"pending"}); |
6f5f42e4 AD |
131 | } |
132 | ||
133 | return {ids => $pending}; | |
134 | ||
135 | } | |
136 | ||
5d3e0248 | 137 | sub commit_config { |
f9bc9640 | 138 | |
5d3e0248 AD |
139 | my $cfg = cfs_read_file($running_cfg); |
140 | my $version = $cfg->{version}; | |
f9bc9640 | 141 | |
22b24447 | 142 | if ($version) { |
f9bc9640 AD |
143 | $version++; |
144 | } else { | |
145 | $version = 1; | |
146 | } | |
147 | ||
5d3e0248 AD |
148 | my $vnets_cfg = PVE::Network::SDN::Vnets::config(); |
149 | my $zones_cfg = PVE::Network::SDN::Zones::config(); | |
150 | my $controllers_cfg = PVE::Network::SDN::Controllers::config(); | |
151 | my $subnets_cfg = PVE::Network::SDN::Subnets::config(); | |
152 | ||
153 | my $vnets = { ids => $vnets_cfg->{ids} }; | |
154 | my $zones = { ids => $zones_cfg->{ids} }; | |
155 | my $controllers = { ids => $controllers_cfg->{ids} }; | |
156 | my $subnets = { ids => $subnets_cfg->{ids} }; | |
157 | ||
158 | $cfg = { version => $version, vnets => $vnets, zones => $zones, controllers => $controllers, subnets => $subnets }; | |
159 | ||
160 | cfs_write_file($running_cfg, $cfg); | |
f9bc9640 AD |
161 | } |
162 | ||
163 | sub lock_sdn_config { | |
164 | my ($code, $errmsg) = @_; | |
165 | ||
5d3e0248 | 166 | cfs_lock_file($running_cfg, undef, $code); |
f9bc9640 AD |
167 | |
168 | if (my $err = $@) { | |
169 | $errmsg ? die "$errmsg: $err" : die $err; | |
170 | } | |
171 | } | |
172 | ||
7129a3ca AD |
173 | sub get_local_vnets { |
174 | ||
175 | my $rpcenv = PVE::RPCEnvironment::get(); | |
176 | ||
177 | my $authuser = $rpcenv->get_user(); | |
178 | ||
179 | my $nodename = PVE::INotify::nodename(); | |
180 | ||
d73c7c36 | 181 | my $cfg = PVE::Network::SDN::running_config(); |
5d3e0248 AD |
182 | my $vnets_cfg = $cfg->{vnets}; |
183 | my $zones_cfg = $cfg->{zones}; | |
7129a3ca AD |
184 | |
185 | my @vnetids = PVE::Network::SDN::Vnets::sdn_vnets_ids($vnets_cfg); | |
186 | ||
187 | my $vnets = {}; | |
188 | ||
189 | foreach my $vnetid (@vnetids) { | |
190 | ||
191 | my $vnet = PVE::Network::SDN::Vnets::sdn_vnets_config($vnets_cfg, $vnetid); | |
192 | my $zoneid = $vnet->{zone}; | |
c1dff7b2 AD |
193 | my $comments = $vnet->{alias}; |
194 | ||
f048b815 | 195 | my $privs = [ 'SDN.Audit', 'SDN.Use' ]; |
7129a3ca AD |
196 | |
197 | next if !$zoneid; | |
f048b815 | 198 | next if !$rpcenv->check_sdn_bridge($authuser, $zoneid, $vnetid, $privs, 1); |
7129a3ca AD |
199 | |
200 | my $zone_config = PVE::Network::SDN::Zones::sdn_zones_config($zones_cfg, $zoneid); | |
201 | ||
202 | next if defined($zone_config->{nodes}) && !$zone_config->{nodes}->{$nodename}; | |
3d8799db AD |
203 | my $ipam = $zone_config->{ipam} ? 1 : 0; |
204 | my $vlanaware = $vnet->{vlanaware} ? 1 : 0; | |
205 | $vnets->{$vnetid} = { type => 'vnet', active => '1', ipam => $ipam, vlanaware => $vlanaware, comments => $comments }; | |
7129a3ca AD |
206 | } |
207 | ||
208 | return $vnets; | |
209 | } | |
210 | ||
22b24447 TL |
211 | sub generate_zone_config { |
212 | my $raw_config = PVE::Network::SDN::Zones::generate_etc_network_config(); | |
0eda9b9a FG |
213 | if ($raw_config) { |
214 | eval { | |
215 | my $net_cfg = PVE::INotify::read_file('interfaces', 1); | |
216 | my $opts = $net_cfg->{data}->{options}; | |
217 | log_warn("missing 'source /etc/network/interfaces.d/sdn' directive for SDN support!\n") | |
218 | if ! grep { $_->[1] =~ m!^source /etc/network/interfaces.d/(:?sdn|\*)! } @$opts; | |
219 | }; | |
220 | log_warn("Failed to read network interfaces definition - $@") if $@; | |
221 | } | |
22b24447 TL |
222 | PVE::Network::SDN::Zones::write_etc_network_config($raw_config); |
223 | } | |
224 | ||
225 | sub generate_controller_config { | |
226 | my ($reload) = @_; | |
227 | ||
228 | my $raw_config = PVE::Network::SDN::Controllers::generate_controller_config(); | |
229 | PVE::Network::SDN::Controllers::write_controller_config($raw_config); | |
230 | ||
231 | PVE::Network::SDN::Controllers::reload_controller() if $reload; | |
232 | } | |
233 | ||
e382bf71 AD |
234 | sub encode_value { |
235 | my ($type, $key, $value) = @_; | |
236 | ||
237 | if ($key eq 'nodes' || $key eq 'exitnodes') { | |
238 | if(ref($value) eq 'HASH') { | |
239 | return join(',', sort keys(%$value)); | |
240 | } else { | |
241 | return $value; | |
242 | } | |
243 | } | |
244 | ||
245 | return $value; | |
246 | } | |
247 | ||
80348b2d | 248 | |
167dc03f AD |
249 | #helpers |
250 | sub api_request { | |
251 | my ($method, $url, $headers, $data) = @_; | |
252 | ||
253 | my $encoded_data = to_json($data) if $data; | |
254 | ||
255 | my $req = HTTP::Request->new($method,$url, $headers, $encoded_data); | |
256 | ||
257 | my $ua = LWP::UserAgent->new(protocols_allowed => ['http', 'https'], timeout => 30); | |
258 | my $proxy = undef; | |
259 | ||
260 | if ($proxy) { | |
261 | $ua->proxy(['http', 'https'], $proxy); | |
262 | } else { | |
263 | $ua->env_proxy; | |
264 | } | |
265 | ||
266 | $ua->ssl_opts(verify_hostname => 0, SSL_verify_mode => 0x00); | |
267 | ||
268 | my $response = $ua->request($req); | |
269 | my $code = $response->code; | |
270 | ||
271 | if ($code !~ /^2(\d+)$/) { | |
272 | my $msg = $response->message || 'unknown'; | |
273 | die "Invalid response from server: $code $msg\n"; | |
274 | } | |
275 | ||
276 | my $raw = ''; | |
277 | if (defined($response->decoded_content)) { | |
278 | $raw = $response->decoded_content; | |
279 | } else { | |
280 | $raw = $response->content; | |
281 | } | |
282 | ||
283 | return if $raw eq ''; | |
284 | ||
285 | my $json = ''; | |
286 | eval { | |
287 | $json = from_json($raw); | |
288 | }; | |
289 | die "api response is not a json" if $@; | |
290 | ||
291 | return $json; | |
292 | } | |
293 | ||
294 | 1; |