]>
Commit | Line | Data |
---|---|---|
1 | package PVE::Network::SDN::Zones::Plugin; | |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::Tools qw(run_command); | |
7 | use PVE::JSONSchema; | |
8 | use PVE::Cluster; | |
9 | use PVE::Network; | |
10 | ||
11 | use Data::Dumper; | |
12 | use PVE::JSONSchema qw(get_standard_option); | |
13 | use base qw(PVE::SectionConfig); | |
14 | ||
15 | PVE::Cluster::cfs_register_file('sdn/zones.cfg', | |
16 | sub { __PACKAGE__->parse_config(@_); }, | |
17 | sub { __PACKAGE__->write_config(@_); }); | |
18 | ||
19 | PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', { | |
20 | description => "The SDN zone object identifier.", | |
21 | type => 'string', format => 'pve-sdn-zone-id', | |
22 | }); | |
23 | ||
24 | PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id); | |
25 | sub parse_sdn_zone_id { | |
26 | my ($id, $noerr) = @_; | |
27 | ||
28 | if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) { | |
29 | return undef if $noerr; | |
30 | die "zone ID '$id' contains illegal characters\n"; | |
31 | } | |
32 | die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8; | |
33 | return $id; | |
34 | } | |
35 | ||
36 | my $defaultData = { | |
37 | ||
38 | propertyList => { | |
39 | type => { | |
40 | description => "Plugin type.", | |
41 | type => 'string', format => 'pve-configid', | |
42 | type => 'string', | |
43 | }, | |
44 | nodes => get_standard_option('pve-node-list', { optional => 1 }), | |
45 | zone => get_standard_option('pve-sdn-zone-id', | |
46 | { completion => \&PVE::Network::SDN::Zones::complete_sdn_zone }), | |
47 | ipam => { | |
48 | type => 'string', | |
49 | description => "use a specific ipam", | |
50 | }, | |
51 | }, | |
52 | }; | |
53 | ||
54 | sub private { | |
55 | return $defaultData; | |
56 | } | |
57 | ||
58 | sub decode_value { | |
59 | my ($class, $type, $key, $value) = @_; | |
60 | ||
61 | if ($key eq 'nodes') { | |
62 | my $res = {}; | |
63 | ||
64 | foreach my $node (PVE::Tools::split_list($value)) { | |
65 | if (PVE::JSONSchema::pve_verify_node_name($node)) { | |
66 | $res->{$node} = 1; | |
67 | } | |
68 | } | |
69 | ||
70 | return $res; | |
71 | } | |
72 | ||
73 | return $value; | |
74 | } | |
75 | ||
76 | sub encode_value { | |
77 | my ($class, $type, $key, $value) = @_; | |
78 | ||
79 | if ($key eq 'nodes') { | |
80 | return join(',', keys(%$value)); | |
81 | } | |
82 | ||
83 | return $value; | |
84 | } | |
85 | ||
86 | sub parse_section_header { | |
87 | my ($class, $line) = @_; | |
88 | ||
89 | if ($line =~ m/^(\S+):\s*(\S+)\s*$/) { | |
90 | my ($type, $id) = (lc($1), $2); | |
91 | my $errmsg = undef; # set if you want to skip whole section | |
92 | eval { PVE::JSONSchema::pve_verify_configid($type); }; | |
93 | $errmsg = $@ if $@; | |
94 | my $config = {}; # to return additional attributes | |
95 | return ($type, $id, $errmsg, $config); | |
96 | } | |
97 | return undef; | |
98 | } | |
99 | ||
100 | sub generate_sdn_config { | |
101 | my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $subnet_cfg, $interfaces_config, $config) = @_; | |
102 | ||
103 | die "please implement inside plugin"; | |
104 | } | |
105 | ||
106 | sub generate_controller_config { | |
107 | my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; | |
108 | ||
109 | die "please implement inside plugin"; | |
110 | } | |
111 | ||
112 | sub generate_controller_vnet_config { | |
113 | my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_; | |
114 | ||
115 | } | |
116 | ||
117 | sub write_controller_config { | |
118 | my ($class, $plugin_config, $config) = @_; | |
119 | ||
120 | die "please implement inside plugin"; | |
121 | } | |
122 | ||
123 | sub controller_reload { | |
124 | my ($class) = @_; | |
125 | ||
126 | die "please implement inside plugin"; | |
127 | } | |
128 | ||
129 | sub on_delete_hook { | |
130 | my ($class, $zoneid, $vnet_cfg) = @_; | |
131 | ||
132 | # verify that no vnet are associated to this zone | |
133 | foreach my $id (keys %{$vnet_cfg->{ids}}) { | |
134 | my $vnet = $vnet_cfg->{ids}->{$id}; | |
135 | die "zone $zoneid is used by vnet $id" | |
136 | if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid); | |
137 | } | |
138 | } | |
139 | ||
140 | sub on_update_hook { | |
141 | my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_; | |
142 | ||
143 | # do nothing by default | |
144 | } | |
145 | ||
146 | sub vnet_update_hook { | |
147 | my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; | |
148 | ||
149 | # do nothing by default | |
150 | } | |
151 | ||
152 | #helpers | |
153 | sub parse_tag_number_or_range { | |
154 | my ($str, $max, $tag) = @_; | |
155 | ||
156 | my @elements = split(/,/, $str); | |
157 | my $count = 0; | |
158 | my $allowed = undef; | |
159 | ||
160 | die "extraneous commas in list\n" if $str ne join(',', @elements); | |
161 | foreach my $item (@elements) { | |
162 | if ($item =~ m/^([0-9]+)-([0-9]+)$/) { | |
163 | $count += 2; | |
164 | my ($port1, $port2) = ($1, $2); | |
165 | die "invalid port '$port1'\n" if $port1 > $max; | |
166 | die "invalid port '$port2'\n" if $port2 > $max; | |
167 | die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2; | |
168 | ||
169 | if ($tag && $tag >= $port1 && $tag <= $port2){ | |
170 | $allowed = 1; | |
171 | last; | |
172 | } | |
173 | ||
174 | } elsif ($item =~ m/^([0-9]+)$/) { | |
175 | $count += 1; | |
176 | my $port = $1; | |
177 | die "invalid port '$port'\n" if $port > $max; | |
178 | ||
179 | if ($tag && $tag == $port){ | |
180 | $allowed = 1; | |
181 | last; | |
182 | } | |
183 | } | |
184 | } | |
185 | die "tag $tag is not allowed" if $tag && !$allowed; | |
186 | ||
187 | return (scalar(@elements) > 1); | |
188 | } | |
189 | ||
190 | sub status { | |
191 | my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_; | |
192 | ||
193 | my $err_msg = []; | |
194 | ||
195 | # ifaces to check | |
196 | my $ifaces = [ $vnetid ]; | |
197 | ||
198 | foreach my $iface (@{$ifaces}) { | |
199 | if (!$status->{$iface}->{status}) { | |
200 | push @$err_msg, "missing $iface"; | |
201 | } elsif ($status->{$iface}->{status} ne 'pass') { | |
202 | push @$err_msg, "error $iface"; | |
203 | } | |
204 | } | |
205 | return $err_msg; | |
206 | } | |
207 | ||
208 | ||
209 | sub tap_create { | |
210 | my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_; | |
211 | ||
212 | PVE::Network::tap_create($iface, $vnetid); | |
213 | } | |
214 | ||
215 | sub veth_create { | |
216 | my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_; | |
217 | ||
218 | PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr); | |
219 | } | |
220 | ||
221 | sub tap_plug { | |
222 | my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_; | |
223 | ||
224 | my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering"); | |
225 | die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks); | |
226 | ||
227 | PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate); | |
228 | } | |
229 | ||
230 | #helper | |
231 | ||
232 | sub get_uplink_iface { | |
233 | my ($interfaces_config, $uplink) = @_; | |
234 | ||
235 | my $iface = undef; | |
236 | foreach my $id (keys %{$interfaces_config->{ifaces}}) { | |
237 | my $interface = $interfaces_config->{ifaces}->{$id}; | |
238 | if (my $iface_uplink = $interface->{'uplink-id'}) { | |
239 | next if $iface_uplink ne $uplink; | |
240 | if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') { | |
241 | warn "uplink $uplink is not a physical or bond interface"; | |
242 | next; | |
243 | } | |
244 | $iface = $id; | |
245 | } | |
246 | } | |
247 | ||
248 | #create a dummy uplink interface if no uplink found | |
249 | if(!$iface) { | |
250 | warn "can't find uplink $uplink in physical interface"; | |
251 | $iface = "uplink${uplink}"; | |
252 | } | |
253 | ||
254 | return $iface; | |
255 | } | |
256 | ||
257 | sub get_local_route_ip { | |
258 | my ($targetip) = @_; | |
259 | ||
260 | my $ip = undef; | |
261 | my $interface = undef; | |
262 | ||
263 | run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub { | |
264 | if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) { | |
265 | $ip = $1; | |
266 | } | |
267 | if ($_[0] =~ m/dev (\S+)/) { | |
268 | $interface = $1; | |
269 | } | |
270 | ||
271 | }); | |
272 | return ($ip, $interface); | |
273 | } | |
274 | ||
275 | ||
276 | sub find_local_ip_interface_peers { | |
277 | my ($peers, $iface) = @_; | |
278 | ||
279 | my $network_config = PVE::INotify::read_file('interfaces'); | |
280 | my $ifaces = $network_config->{ifaces}; | |
281 | ||
282 | #if iface is defined, return ip if exist (if not,try to find it on other ifaces) | |
283 | if ($iface) { | |
284 | my $ip = $ifaces->{$iface}->{address}; | |
285 | return ($ip,$iface) if $ip; | |
286 | } | |
287 | ||
288 | #is a local ip member of peers list ? | |
289 | foreach my $address (@{$peers}) { | |
290 | while (my $interface = each %$ifaces) { | |
291 | my $ip = $ifaces->{$interface}->{address}; | |
292 | if ($ip && $ip eq $address) { | |
293 | return ($ip, $interface); | |
294 | } | |
295 | } | |
296 | } | |
297 | ||
298 | #if peer is remote, find source with ip route | |
299 | foreach my $address (@{$peers}) { | |
300 | my ($ip, $interface) = get_local_route_ip($address); | |
301 | return ($ip, $interface); | |
302 | } | |
303 | } | |
304 | ||
305 | 1; |