]>
Commit | Line | Data |
---|---|---|
1 | package PVE::Network::SDN; | |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use Data::Dumper; | |
7 | use JSON; | |
8 | ||
9 | use PVE::Network::SDN::Vnets; | |
10 | use PVE::Network::SDN::Zones; | |
11 | use PVE::Network::SDN::Controllers; | |
12 | use PVE::Network::SDN::Subnets; | |
13 | ||
14 | use PVE::Tools qw(extract_param dir_glob_regex run_command); | |
15 | use PVE::Cluster qw(cfs_read_file cfs_write_file cfs_lock_file); | |
16 | ||
17 | ||
18 | my $running_cfg = "sdn/.running-config"; | |
19 | ||
20 | my $parse_running_cfg = sub { | |
21 | my ($filename, $raw) = @_; | |
22 | ||
23 | my $cfg = {}; | |
24 | ||
25 | return $cfg if !defined($raw) || $raw eq ''; | |
26 | ||
27 | eval { | |
28 | $cfg = from_json($raw); | |
29 | }; | |
30 | return {} if $@; | |
31 | ||
32 | return $cfg; | |
33 | }; | |
34 | ||
35 | my $write_running_cfg = sub { | |
36 | my ($filename, $cfg) = @_; | |
37 | ||
38 | my $json = to_json($cfg); | |
39 | ||
40 | return $json; | |
41 | }; | |
42 | ||
43 | PVE::Cluster::cfs_register_file($running_cfg, $parse_running_cfg, $write_running_cfg); | |
44 | ||
45 | ||
46 | # improve me : move status code inside plugins ? | |
47 | ||
48 | sub ifquery_check { | |
49 | ||
50 | my $cmd = ['ifquery', '-a', '-c', '-o','json']; | |
51 | ||
52 | my $result = ''; | |
53 | my $reader = sub { $result .= shift }; | |
54 | ||
55 | eval { | |
56 | run_command($cmd, outfunc => $reader); | |
57 | }; | |
58 | ||
59 | my $resultjson = decode_json($result); | |
60 | my $interfaces = {}; | |
61 | ||
62 | foreach my $interface (@$resultjson) { | |
63 | my $name = $interface->{name}; | |
64 | $interfaces->{$name} = { | |
65 | status => $interface->{status}, | |
66 | config => $interface->{config}, | |
67 | config_status => $interface->{config_status}, | |
68 | }; | |
69 | } | |
70 | ||
71 | return $interfaces; | |
72 | } | |
73 | ||
74 | sub status { | |
75 | ||
76 | my ($zone_status, $vnet_status) = PVE::Network::SDN::Zones::status(); | |
77 | return($zone_status, $vnet_status); | |
78 | } | |
79 | ||
80 | sub config { | |
81 | return cfs_read_file($running_cfg); | |
82 | } | |
83 | ||
84 | sub pending_config { | |
85 | my ($running_cfg, $cfg, $type) = @_; | |
86 | ||
87 | my $pending = {}; | |
88 | ||
89 | my $running_objects = $running_cfg->{$type}->{ids}; | |
90 | my $config_objects = $cfg->{ids}; | |
91 | ||
92 | foreach my $id (sort keys %{$running_objects}) { | |
93 | my $running_object = $running_objects->{$id}; | |
94 | my $config_object = $config_objects->{$id}; | |
95 | foreach my $key (sort keys %{$running_object}) { | |
96 | $pending->{$id}->{$key} = $running_object->{$key}; | |
97 | if(!keys %{$config_object}) { | |
98 | $pending->{$id}->{state} = "deleted"; | |
99 | } elsif (!defined($config_object->{$key})) { | |
100 | $pending->{$id}->{"pending"}->{$key} = 'deleted'; | |
101 | $pending->{$id}->{state} = "changed"; | |
102 | } elsif (PVE::Network::SDN::encode_value(undef, $key, $running_object->{$key}) | |
103 | ne PVE::Network::SDN::encode_value(undef, $key, $config_object->{$key})) { | |
104 | $pending->{$id}->{state} = "changed"; | |
105 | } | |
106 | } | |
107 | $pending->{$id}->{"pending"} = {} if $pending->{$id}->{state} && !defined($pending->{$id}->{"pending"}); | |
108 | } | |
109 | ||
110 | foreach my $id (sort keys %{$config_objects}) { | |
111 | my $running_object = $running_objects->{$id}; | |
112 | my $config_object = $config_objects->{$id}; | |
113 | ||
114 | foreach my $key (sort keys %{$config_object}) { | |
115 | my $config_value = PVE::Network::SDN::encode_value(undef, $key, $config_object->{$key}) if $config_object->{$key}; | |
116 | my $running_value = PVE::Network::SDN::encode_value(undef, $key, $running_object->{$key}) if $running_object->{$key}; | |
117 | if($key eq 'type' || $key eq 'vnet') { | |
118 | $pending->{$id}->{$key} = $config_value; | |
119 | } else { | |
120 | $pending->{$id}->{"pending"}->{$key} = $config_value if !defined($running_value) || ($config_value ne $running_value); | |
121 | } | |
122 | if(!keys %{$running_object}) { | |
123 | $pending->{$id}->{state} = "new"; | |
124 | } elsif (!defined($running_value) && defined($config_value)) { | |
125 | $pending->{$id}->{state} = "changed"; | |
126 | } | |
127 | } | |
128 | $pending->{$id}->{"pending"} = {} if $pending->{$id}->{state} && !defined($pending->{$id}->{"pending"}); | |
129 | } | |
130 | ||
131 | return {ids => $pending}; | |
132 | ||
133 | } | |
134 | ||
135 | sub commit_config { | |
136 | ||
137 | my $cfg = cfs_read_file($running_cfg); | |
138 | my $version = $cfg->{version}; | |
139 | ||
140 | if ($version) { | |
141 | $version++; | |
142 | } else { | |
143 | $version = 1; | |
144 | } | |
145 | ||
146 | my $vnets_cfg = PVE::Network::SDN::Vnets::config(); | |
147 | my $zones_cfg = PVE::Network::SDN::Zones::config(); | |
148 | my $controllers_cfg = PVE::Network::SDN::Controllers::config(); | |
149 | my $subnets_cfg = PVE::Network::SDN::Subnets::config(); | |
150 | ||
151 | my $vnets = { ids => $vnets_cfg->{ids} }; | |
152 | my $zones = { ids => $zones_cfg->{ids} }; | |
153 | my $controllers = { ids => $controllers_cfg->{ids} }; | |
154 | my $subnets = { ids => $subnets_cfg->{ids} }; | |
155 | ||
156 | $cfg = { version => $version, vnets => $vnets, zones => $zones, controllers => $controllers, subnets => $subnets }; | |
157 | ||
158 | cfs_write_file($running_cfg, $cfg); | |
159 | } | |
160 | ||
161 | sub lock_sdn_config { | |
162 | my ($code, $errmsg) = @_; | |
163 | ||
164 | cfs_lock_file($running_cfg, undef, $code); | |
165 | ||
166 | if (my $err = $@) { | |
167 | $errmsg ? die "$errmsg: $err" : die $err; | |
168 | } | |
169 | } | |
170 | ||
171 | sub get_local_vnets { | |
172 | ||
173 | my $rpcenv = PVE::RPCEnvironment::get(); | |
174 | ||
175 | my $authuser = $rpcenv->get_user(); | |
176 | ||
177 | my $nodename = PVE::INotify::nodename(); | |
178 | ||
179 | my $cfg = PVE::Network::SDN::config(); | |
180 | my $vnets_cfg = $cfg->{vnets}; | |
181 | my $zones_cfg = $cfg->{zones}; | |
182 | ||
183 | my @vnetids = PVE::Network::SDN::Vnets::sdn_vnets_ids($vnets_cfg); | |
184 | ||
185 | my $vnets = {}; | |
186 | ||
187 | foreach my $vnetid (@vnetids) { | |
188 | ||
189 | my $vnet = PVE::Network::SDN::Vnets::sdn_vnets_config($vnets_cfg, $vnetid); | |
190 | my $zoneid = $vnet->{zone}; | |
191 | my $comments = $vnet->{alias}; | |
192 | ||
193 | my $privs = [ 'SDN.Audit', 'SDN.Allocate' ]; | |
194 | ||
195 | next if !$zoneid; | |
196 | next if !$rpcenv->check_any($authuser, "/sdn/zones/$zoneid", $privs, 1); | |
197 | ||
198 | my $zone_config = PVE::Network::SDN::Zones::sdn_zones_config($zones_cfg, $zoneid); | |
199 | ||
200 | next if defined($zone_config->{nodes}) && !$zone_config->{nodes}->{$nodename}; | |
201 | $vnets->{$vnetid} = { type => 'vnet', active => '1', comments => $comments }; | |
202 | } | |
203 | ||
204 | return $vnets; | |
205 | } | |
206 | ||
207 | sub generate_zone_config { | |
208 | my $raw_config = PVE::Network::SDN::Zones::generate_etc_network_config(); | |
209 | PVE::Network::SDN::Zones::write_etc_network_config($raw_config); | |
210 | } | |
211 | ||
212 | sub generate_controller_config { | |
213 | my ($reload) = @_; | |
214 | ||
215 | my $raw_config = PVE::Network::SDN::Controllers::generate_controller_config(); | |
216 | PVE::Network::SDN::Controllers::write_controller_config($raw_config); | |
217 | ||
218 | PVE::Network::SDN::Controllers::reload_controller() if $reload; | |
219 | } | |
220 | ||
221 | sub encode_value { | |
222 | my ($type, $key, $value) = @_; | |
223 | ||
224 | if ($key eq 'nodes' || $key eq 'exitnodes') { | |
225 | if(ref($value) eq 'HASH') { | |
226 | return join(',', sort keys(%$value)); | |
227 | } else { | |
228 | return $value; | |
229 | } | |
230 | } | |
231 | ||
232 | return $value; | |
233 | } | |
234 | ||
235 | ||
236 | #helpers | |
237 | sub api_request { | |
238 | my ($method, $url, $headers, $data) = @_; | |
239 | ||
240 | my $encoded_data = to_json($data) if $data; | |
241 | ||
242 | my $req = HTTP::Request->new($method,$url, $headers, $encoded_data); | |
243 | ||
244 | my $ua = LWP::UserAgent->new(protocols_allowed => ['http', 'https'], timeout => 30); | |
245 | my $proxy = undef; | |
246 | ||
247 | if ($proxy) { | |
248 | $ua->proxy(['http', 'https'], $proxy); | |
249 | } else { | |
250 | $ua->env_proxy; | |
251 | } | |
252 | ||
253 | $ua->ssl_opts(verify_hostname => 0, SSL_verify_mode => 0x00); | |
254 | ||
255 | my $response = $ua->request($req); | |
256 | my $code = $response->code; | |
257 | ||
258 | if ($code !~ /^2(\d+)$/) { | |
259 | my $msg = $response->message || 'unknown'; | |
260 | die "Invalid response from server: $code $msg\n"; | |
261 | } | |
262 | ||
263 | my $raw = ''; | |
264 | if (defined($response->decoded_content)) { | |
265 | $raw = $response->decoded_content; | |
266 | } else { | |
267 | $raw = $response->content; | |
268 | } | |
269 | ||
270 | return if $raw eq ''; | |
271 | ||
272 | my $json = ''; | |
273 | eval { | |
274 | $json = from_json($raw); | |
275 | }; | |
276 | die "api response is not a json" if $@; | |
277 | ||
278 | return $json; | |
279 | } | |
280 | ||
281 | 1; |