]> git.proxmox.com Git - pmg-api.git/blob - PMG/API2/Network.pm
projects / pmg-api.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
delete/deliver_quarantined_mail: use receiver instead of pmail
[pmg-api.git] / PMG / API2 / Network.pm
1 package PMG::API2::Network;
2
3 use strict;
4 use warnings;
5
6 use Net::IP qw(:PROC);
7 use PVE::Tools qw(extract_param);
8 use PVE::SafeSyslog;
9 use PVE::INotify;
10 use PVE::Exception qw(raise_param_exc);
11 use PVE::RESTHandler;
12 use PMG::RESTEnvironment;
13 use PVE::JSONSchema qw(get_standard_option);
14
15 use base qw(PVE::RESTHandler);
16
17 my $iflockfn = "/etc/network/.pve-interfaces.lock";
18
19 my $bond_mode_enum = [
20 'balance-rr',
21 'active-backup', # OVS and Linux
22 'balance-xor',
23 'broadcast',
24 '802.3ad',
25 'balance-tlb',
26 'balance-alb',
27 'balance-slb', # OVS
28 'lacp-balance-slb', # OVS
29 'lacp-balance-tcp', # OVS
30 ];
31
32 my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
33 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
34
35 my $confdesc = {
36 type => {
37 description => "Network interface type",
38 type => 'string',
39 enum => [@$network_type_enum, 'unknown'],
40 },
41 comments => {
42 description => "Comments",
43 type => 'string',
44 optional => 1,
45 },
46 comments6 => {
47 description => "Comments",
48 type => 'string',
49 optional => 1,
50 },
51 autostart => {
52 description => "Automatically start interface on boot.",
53 type => 'boolean',
54 optional => 1,
55 },
56 bridge_vlan_aware => {
57 description => "Enable bridge vlan support.",
58 type => 'boolean',
59 optional => 1,
60 },
61 bridge_ports => {
62 description => "Specify the iterfaces you want to add to your bridge.",
63 optional => 1,
64 type => 'string', format => 'pve-iface-list',
65 },
66 ovs_ports => {
67 description => "Specify the iterfaces you want to add to your bridge.",
68 optional => 1,
69 type => 'string', format => 'pve-iface-list',
70 },
71 ovs_tag => {
72 description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
73 optional => 1,
74 type => 'integer',
75 minimum => 1,
76 maximum => 4094,
77 },
78 ovs_options => {
79 description => "OVS interface options.",
80 optional => 1,
81 type => 'string',
82 maxLength => 1024,
83 },
84 ovs_bridge => {
85 description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
86 optional => 1,
87 type => 'string', format => 'pve-iface',
88 },
89 slaves => {
90 description => "Specify the interfaces used by the bonding device.",
91 optional => 1,
92 type => 'string', format => 'pve-iface-list',
93 },
94 ovs_bonds => {
95 description => "Specify the interfaces used by the bonding device.",
96 optional => 1,
97 type => 'string', format => 'pve-iface-list',
98 },
99 bond_mode => {
100 description => "Bonding mode.",
101 optional => 1,
102 type => 'string', enum => $bond_mode_enum,
103 },
104 bond_xmit_hash_policy => {
105 description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
106 optional => 1,
107 type => 'string',
108 enum => ['layer2', 'layer2+3', 'layer3+4' ],
109 },
110 gateway => {
111 description => 'Default gateway address.',
112 type => 'string', format => 'ipv4',
113 optional => 1,
114 },
115 netmask => {
116 description => 'Network mask.',
117 type => 'string', format => 'ipv4mask',
118 optional => 1,
119 requires => 'address',
120 },
121 address => {
122 description => 'IP address.',
123 type => 'string', format => 'ipv4',
124 optional => 1,
125 requires => 'netmask',
126 },
127 gateway6 => {
128 description => 'Default ipv6 gateway address.',
129 type => 'string', format => 'ipv6',
130 optional => 1,
131 },
132 netmask6 => {
133 description => 'Network mask.',
134 type => 'integer', minimum => 0, maximum => 128,
135 optional => 1,
136 requires => 'address6',
137 },
138 address6 => {
139 description => 'IP address.',
140 type => 'string', format => 'ipv6',
141 optional => 1,
142 requires => 'netmask6',
143 }
144 };
145
146 sub json_config_properties {
147 my $prop = shift;
148
149 foreach my $opt (keys %$confdesc) {
150 $prop->{$opt} = $confdesc->{$opt};
151 }
152
153 return $prop;
154 }
155
156 __PACKAGE__->register_method({
157 name => 'index',
158 path => '',
159 method => 'GET',
160 description => "List available networks",
161 proxyto => 'node',
162 permissions => { check => [ 'admin', 'audit' ] },
163 parameters => {
164 additionalProperties => 0,
165 properties => {
166 node => get_standard_option('pve-node'),
167 type => {
168 description => "Only list specific interface types.",
169 type => 'string',
170 enum => [ @$network_type_enum, 'any_bridge' ],
171 optional => 1,
172 },
173 },
174 },
175 returns => {
176 type => "array",
177 items => {
178 type => "object",
179 properties => {},
180 },
181 links => [ { rel => 'child', href => "{iface}" } ],
182 },
183 code => sub {
184 my ($param) = @_;
185
186 my $restenv = PMG::RESTEnvironment->get();
187
188 my $tmp = PVE::INotify::read_file('interfaces', 1);
189 my $config = $tmp->{data};
190 my $changes = $tmp->{changes};
191
192 $restenv->set_result_attrib('changes', $changes) if $changes;
193
194 my $ifaces = $config->{ifaces};
195
196 delete $ifaces->{lo}; # do not list the loopback device
197
198 if ($param->{type}) {
199 foreach my $k (keys %$ifaces) {
200 my $type = $ifaces->{$k}->{type};
201 my $match = ($param->{type} eq $type) || (
202 ($param->{type} eq 'any_bridge') &&
203 ($type eq 'bridge' || $type eq 'OVSBridge'));
204 delete $ifaces->{$k} if !$match;
205 }
206 }
207
208 return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
209 }});
210
211 __PACKAGE__->register_method({
212 name => 'revert_network_changes',
213 path => '',
214 method => 'DELETE',
215 protected => 1,
216 description => "Revert network configuration changes.",
217 proxyto => 'node',
218 parameters => {
219 additionalProperties => 0,
220 properties => {
221 node => get_standard_option('pve-node'),
222 },
223 },
224 returns => { type => "null" },
225 code => sub {
226 my ($param) = @_;
227
228 unlink "/etc/network/interfaces.new";
229
230 return undef;
231 }});
232
233 my $check_duplicate = sub {
234 my ($config, $newiface, $key, $name) = @_;
235
236 foreach my $iface (keys %$config) {
237 raise_param_exc({ $key => "$name already exists on interface '$iface'." })
238 if ($newiface ne $iface) && $config->{$iface}->{$key};
239 }
240 };
241
242 my $check_duplicate_gateway = sub {
243 my ($config, $newiface) = @_;
244 return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
245 };
246
247 my $check_duplicate_gateway6 = sub {
248 my ($config, $newiface) = @_;
249 return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
250 };
251
252 sub ipv6_tobin {
253 return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
254 }
255
256 my $check_ipv6_settings = sub {
257 my ($address, $netmask) = @_;
258
259 raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
260 if $netmask < 0 || $netmask > 128;
261
262 raise_param_exc({ address => "$address is not a valid host ip address." })
263 if !Net::IP::ip_is_ipv6($address);
264
265 my $binip = ipv6_tobin($address);
266 my $binmask = Net::IP::ip_get_mask($netmask, 6);
267
268 my $type = Net::IP::ip_iptypev6($binip);
269
270 raise_param_exc({ address => "$address is not a valid host ip address." })
271 if ($binip eq $binmask) ||
272 (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/);
273 };
274
275 __PACKAGE__->register_method({
276 name => 'create_network',
277 path => '',
278 method => 'POST',
279 description => "Create network device configuration",
280 protected => 1,
281 proxyto => 'node',
282 parameters => {
283 additionalProperties => 0,
284 properties => json_config_properties({
285 node => get_standard_option('pve-node'),
286 iface => get_standard_option('pve-iface')}),
287 },
288 returns => { type => 'null' },
289 code => sub {
290 my ($param) = @_;
291
292 my $node = extract_param($param, 'node');
293 my $iface = extract_param($param, 'iface');
294
295 my $code = sub {
296 my $config = PVE::INotify::read_file('interfaces');
297 my $ifaces = $config->{ifaces};
298
299 raise_param_exc({ iface => "interface already exists" })
300 if $ifaces->{$iface};
301
302 &$check_duplicate_gateway($ifaces, $iface)
303 if $param->{gateway};
304 &$check_duplicate_gateway6($ifaces, $iface)
305 if $param->{gateway6};
306
307 &$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
308 if $param->{address6};
309
310 my $families = $param->{families} = [];
311 push @$families, 'inet'
312 if $param->{address} && !grep(/^inet$/, @$families);
313 push @$families, 'inet6'
314 if $param->{address6} && !grep(/^inet6$/, @$families);
315 @$families = ('inet') if !scalar(@$families);
316
317 $param->{method} = $param->{address} ? 'static' : 'manual';
318 $param->{method6} = $param->{address6} ? 'static' : 'manual';
319
320 if ($param->{type} =~ m/^OVS/) {
321 -x '/usr/bin/ovs-vsctl' ||
322 die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
323 }
324
325 if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') {
326 my $brname = $param->{ovs_bridge};
327 raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
328 my $br = $ifaces->{$brname};
329 raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
330 raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" })
331 if $br->{type} ne 'OVSBridge';
332
333 my @ports = split (/\s+/, $br->{ovs_ports} || '');
334 $br->{ovs_ports} = join(' ', @ports, $iface)
335 if ! grep { $_ eq $iface } @ports;
336 }
337
338 $ifaces->{$iface} = $param;
339
340 PVE::INotify::write_file('interfaces', $config);
341 };
342
343 PVE::Tools::lock_file($iflockfn, 10, $code);
344 die $@ if $@;
345
346 return undef;
347 }});
348
349 __PACKAGE__->register_method({
350 name => 'update_network',
351 path => '{iface}',
352 method => 'PUT',
353 description => "Update network device configuration",
354 protected => 1,
355 proxyto => 'node',
356 parameters => {
357 additionalProperties => 0,
358 properties => json_config_properties({
359 node => get_standard_option('pve-node'),
360 iface => get_standard_option('pve-iface'),
361 delete => {
362 type => 'string', format => 'pve-configid-list',
363 description => "A list of settings you want to delete.",
364 optional => 1,
365 }}),
366 },
367 returns => { type => 'null' },
368 code => sub {
369 my ($param) = @_;
370
371 my $node = extract_param($param, 'node');
372 my $iface = extract_param($param, 'iface');
373 my $delete = extract_param($param, 'delete');
374
375 my $code = sub {
376 my $config = PVE::INotify::read_file('interfaces');
377 my $ifaces = $config->{ifaces};
378
379 raise_param_exc({ iface => "interface does not exist" })
380 if !$ifaces->{$iface};
381
382 my $families = ($param->{families} ||= []);
383 foreach my $k (PVE::Tools::split_list($delete)) {
384 delete $ifaces->{$iface}->{$k};
385 @$families = grep(!/^inet$/, @$families) if $k eq 'address';
386 @$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
387 }
388
389 &$check_duplicate_gateway($ifaces, $iface)
390 if $param->{gateway};
391 &$check_duplicate_gateway6($ifaces, $iface)
392 if $param->{gateway6};
393
394 if ($param->{address}) {
395 push @$families, 'inet' if !grep(/^inet$/, @$families);
396 } else {
397 @$families = grep(!/^inet$/, @$families);
398 }
399 if ($param->{address6}) {
400 &$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
401 push @$families, 'inet6' if !grep(/^inet6$/, @$families);
402 } else {
403 @$families = grep(!/^inet6$/, @$families);
404 }
405 @$families = ('inet') if !scalar(@$families);
406
407 $param->{method} = $param->{address} ? 'static' : 'manual';
408 $param->{method6} = $param->{address6} ? 'static' : 'manual';
409
410 foreach my $k (keys %$param) {
411 $ifaces->{$iface}->{$k} = $param->{$k};
412 }
413
414 PVE::INotify::write_file('interfaces', $config);
415 };
416
417 PVE::Tools::lock_file($iflockfn, 10, $code);
418 die $@ if $@;
419
420 return undef;
421 }});
422
423 __PACKAGE__->register_method({
424 name => 'network_config',
425 path => '{iface}',
426 method => 'GET',
427 description => "Read network device configuration",
428 proxyto => 'node',
429 permissions => { check => [ 'admin', 'audit' ] },
430 parameters => {
431 additionalProperties => 0,
432 properties => {
433 node => get_standard_option('pve-node'),
434 iface => get_standard_option('pve-iface'),
435 },
436 },
437 returns => {
438 type => "object",
439 properties => {
440 type => {
441 type => 'string',
442 },
443 method => {
444 type => 'string',
445 },
446 },
447 },
448 code => sub {
449 my ($param) = @_;
450
451 my $config = PVE::INotify::read_file('interfaces');
452 my $ifaces = $config->{ifaces};
453
454 raise_param_exc({ iface => "interface does not exist" })
455 if !$ifaces->{$param->{iface}};
456
457 return $ifaces->{$param->{iface}};
458 }});
459
460 __PACKAGE__->register_method({
461 name => 'delete_network',
462 path => '{iface}',
463 method => 'DELETE',
464 description => "Delete network device configuration",
465 protected => 1,
466 proxyto => 'node',
467 parameters => {
468 additionalProperties => 0,
469 properties => {
470 node => get_standard_option('pve-node'),
471 iface => get_standard_option('pve-iface'),
472 },
473 },
474 returns => { type => 'null' },
475 code => sub {
476 my ($param) = @_;
477
478 my $code = sub {
479 my $config = PVE::INotify::read_file('interfaces');
480 my $ifaces = $config->{ifaces};
481
482 raise_param_exc({ iface => "interface does not exist" })
483 if !$ifaces->{$param->{iface}};
484
485 my $d = $ifaces->{$param->{iface}};
486 if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') {
487 if (my $brname = $d->{ovs_bridge}) {
488 if (my $br = $ifaces->{$brname}) {
489 if ($br->{ovs_ports}) {
490 my @ports = split (/\s+/, $br->{ovs_ports});
491 my @new = grep { $_ ne $param->{iface} } @ports;
492 $br->{ovs_ports} = join(' ', @new);
493 }
494 }
495 }
496 }
497
498 delete $ifaces->{$param->{iface}};
499
500 PVE::INotify::write_file('interfaces', $config);
501 };
502
503 PVE::Tools::lock_file($iflockfn, 10, $code);
504 die $@ if $@;
505
506 return undef;
507 }});
508
509 1;
PMG API