1 package PVE
::API2
::Network
;
7 use PVE
::Tools
qw(extract_param dir_glob_regex);
10 use PVE
::Exception
qw(raise_param_exc);
12 use PVE
::RPCEnvironment
;
13 use PVE
::JSONSchema
qw(get_standard_option);
14 use PVE
::AccessControl
;
17 use base
qw(PVE::RESTHandler);
21 require PVE
::Network
::SDN
::Zones
;
22 require PVE
::Network
::SDN
::Controllers
;
26 my $iflockfn = "/etc/network/.pve-interfaces.lock";
28 my $bond_mode_enum = [
30 'active-backup', # OVS and Linux
37 'lacp-balance-slb', # OVS
38 'lacp-balance-tcp', # OVS
41 my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
42 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
46 description
=> "Network interface type",
48 enum
=> [@$network_type_enum, 'unknown'],
51 description
=> "Comments",
56 description
=> "Comments",
61 description
=> "Automatically start interface on boot.",
65 bridge_vlan_aware
=> {
66 description
=> "Enable bridge vlan support.",
71 description
=> "Specify the interfaces you want to add to your bridge.",
73 type
=> 'string', format
=> 'pve-iface-list',
76 description
=> "Specify the interfaces you want to add to your bridge.",
78 type
=> 'string', format
=> 'pve-iface-list',
81 description
=> "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
88 description
=> "OVS interface options.",
94 description
=> "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
96 type
=> 'string', format
=> 'pve-iface',
99 description
=> "Specify the interfaces used by the bonding device.",
101 type
=> 'string', format
=> 'pve-iface-list',
104 description
=> "Specify the interfaces used by the bonding device.",
106 type
=> 'string', format
=> 'pve-iface-list',
109 description
=> "Bonding mode.",
111 type
=> 'string', enum
=> $bond_mode_enum,
114 description
=> "Specify the primary interface for active-backup bond.",
116 type
=> 'string', format
=> 'pve-iface',
118 bond_xmit_hash_policy
=> {
119 description
=> "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
122 enum
=> ['layer2', 'layer2+3', 'layer3+4' ],
125 description
=> 'Default gateway address.',
126 type
=> 'string', format
=> 'ipv4',
130 description
=> 'Network mask.',
131 type
=> 'string', format
=> 'ipv4mask',
133 requires
=> 'address',
136 description
=> 'IP address.',
137 type
=> 'string', format
=> 'ipv4',
139 requires
=> 'netmask',
142 description
=> 'IPv4 CIDR.',
143 type
=> 'string', format
=> 'CIDRv4',
147 description
=> 'MTU.',
154 description
=> 'Default ipv6 gateway address.',
155 type
=> 'string', format
=> 'ipv6',
159 description
=> 'Network mask.',
160 type
=> 'integer', minimum
=> 0, maximum
=> 128,
162 requires
=> 'address6',
165 description
=> 'IP address.',
166 type
=> 'string', format
=> 'ipv6',
168 requires
=> 'netmask6',
171 description
=> 'IPv6 CIDR.',
172 type
=> 'string', format
=> 'CIDRv6',
177 sub json_config_properties
{
180 foreach my $opt (keys %$confdesc) {
181 $prop->{$opt} = $confdesc->{$opt};
187 __PACKAGE__-
>register_method({
191 permissions
=> { user
=> 'all' },
192 description
=> "List available networks",
195 additionalProperties
=> 0,
197 node
=> get_standard_option
('pve-node'),
199 description
=> "Only list specific interface types.",
201 enum
=> [ @$network_type_enum, 'any_bridge' ],
212 links
=> [ { rel
=> 'child', href
=> "{iface}" } ],
217 my $rpcenv = PVE
::RPCEnvironment
::get
();
219 my $tmp = PVE
::INotify
::read_file
('interfaces', 1);
220 my $config = $tmp->{data
};
221 my $changes = $tmp->{changes
};
223 $rpcenv->set_result_attrib('changes', $changes) if $changes;
225 my $ifaces = $config->{ifaces
};
227 delete $ifaces->{lo
}; # do not list the loopback device
229 if ($param->{type
}) {
230 foreach my $k (keys %$ifaces) {
231 my $type = $ifaces->{$k}->{type
};
232 my $match = ($param->{type
} eq $type) || (
233 ($param->{type
} eq 'any_bridge') &&
234 ($type eq 'bridge' || $type eq 'OVSBridge'));
235 delete $ifaces->{$k} if !$match;
239 return PVE
::RESTHandler
::hash_to_array
($ifaces, 'iface');
242 __PACKAGE__-
>register_method({
243 name
=> 'revert_network_changes',
247 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
250 description
=> "Revert network configuration changes.",
253 additionalProperties
=> 0,
255 node
=> get_standard_option
('pve-node'),
258 returns
=> { type
=> "null" },
262 unlink "/etc/network/interfaces.new";
267 my $check_duplicate = sub {
268 my ($config, $newiface, $key, $name) = @_;
270 foreach my $iface (keys %$config) {
271 raise_param_exc
({ $key => "$name already exists on interface '$iface'." })
272 if ($newiface ne $iface) && $config->{$iface}->{$key};
276 my $check_duplicate_gateway = sub {
277 my ($config, $newiface) = @_;
278 return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
281 my $check_duplicate_gateway6 = sub {
282 my ($config, $newiface) = @_;
283 return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
287 return Net
::IP
::ip_iptobin
(Net
::IP
::ip_expand_address
(shift, 6), 6);
290 my $check_ipv6_settings = sub {
291 my ($address, $netmask) = @_;
293 raise_param_exc
({ netmask
=> "$netmask is not a valid subnet length for ipv6" })
294 if $netmask < 0 || $netmask > 128;
296 raise_param_exc
({ address
=> "$address is not a valid host IPv6 address." })
297 if !Net
::IP
::ip_is_ipv6
($address);
299 my $binip = ipv6_tobin
($address);
300 my $binmask = Net
::IP
::ip_get_mask
($netmask, 6);
302 my $type = ($binip eq $binmask) ?
'ANYCAST' : Net
::IP
::ip_iptypev6
($binip);
304 if (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/) {
305 raise_param_exc
({ address
=> "$address with type '$type', cannot be used as host IPv6 address." });
309 my $map_cidr_to_address_netmask = sub {
312 if ($param->{cidr
}) {
313 raise_param_exc
({ address
=> "address conflicts with cidr" })
314 if $param->{address
};
315 raise_param_exc
({ netmask
=> "netmask conflicts with cidr" })
316 if $param->{netmask
};
318 my ($address, $netmask) = $param->{cidr
} =~ m!^(.*)/(\d+)$!;
319 $param->{address
} = $address;
320 $param->{netmask
} = $netmask;
321 delete $param->{cidr
};
324 if ($param->{cidr6
}) {
325 raise_param_exc
({ address6
=> "address6 conflicts with cidr6" })
326 if $param->{address6
};
327 raise_param_exc
({ netmask6
=> "netmask6 conflicts with cidr6" })
328 if $param->{netmask6
};
330 my ($address, $netmask) = $param->{cidr6
} =~ m!^(.*)/(\d+)$!;
331 $param->{address6
} = $address;
332 $param->{netmask6
} = $netmask;
333 delete $param->{cidr6
};
337 __PACKAGE__-
>register_method({
338 name
=> 'create_network',
342 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
344 description
=> "Create network device configuration",
348 additionalProperties
=> 0,
349 properties
=> json_config_properties
({
350 node
=> get_standard_option
('pve-node'),
351 iface
=> get_standard_option
('pve-iface')}),
353 returns
=> { type
=> 'null' },
357 my $node = extract_param
($param, 'node');
358 my $iface = extract_param
($param, 'iface');
361 my $config = PVE
::INotify
::read_file
('interfaces');
362 my $ifaces = $config->{ifaces
};
364 raise_param_exc
({ iface
=> "interface already exists" })
365 if $ifaces->{$iface};
367 &$check_duplicate_gateway($ifaces, $iface)
368 if $param->{gateway
};
369 &$check_duplicate_gateway6($ifaces, $iface)
370 if $param->{gateway6
};
372 $map_cidr_to_address_netmask->($param);
374 &$check_ipv6_settings($param->{address6
}, int($param->{netmask6
}))
375 if $param->{address6
};
377 my $families = $param->{families
} = [];
378 push @$families, 'inet'
379 if $param->{address
} && !grep(/^inet$/, @$families);
380 push @$families, 'inet6'
381 if $param->{address6
} && !grep(/^inet6$/, @$families);
382 @$families = ('inet') if !scalar(@$families);
384 $param->{method} = $param->{address
} ?
'static' : 'manual';
385 $param->{method6
} = $param->{address6
} ?
'static' : 'manual';
387 if ($param->{type
} =~ m/^OVS/) {
388 -x
'/usr/bin/ovs-vsctl' ||
389 die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
392 if ($param->{type
} eq 'OVSIntPort' || $param->{type
} eq 'OVSBond') {
393 my $brname = $param->{ovs_bridge
};
394 raise_param_exc
({ ovs_bridge
=> "parameter is required" }) if !$brname;
395 my $br = $ifaces->{$brname};
396 raise_param_exc
({ ovs_bridge
=> "bridge '$brname' does not exist" }) if !$br;
397 raise_param_exc
({ ovs_bridge
=> "interface '$brname' is no OVS bridge" })
398 if $br->{type
} ne 'OVSBridge';
400 my @ports = split (/\s+/, $br->{ovs_ports
} || '');
401 $br->{ovs_ports
} = join(' ', @ports, $iface)
402 if ! grep { $_ eq $iface } @ports;
405 $ifaces->{$iface} = $param;
407 PVE
::INotify
::write_file
('interfaces', $config);
410 PVE
::Tools
::lock_file
($iflockfn, 10, $code);
416 __PACKAGE__-
>register_method({
417 name
=> 'update_network',
421 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
423 description
=> "Update network device configuration",
427 additionalProperties
=> 0,
428 properties
=> json_config_properties
({
429 node
=> get_standard_option
('pve-node'),
430 iface
=> get_standard_option
('pve-iface'),
432 type
=> 'string', format
=> 'pve-configid-list',
433 description
=> "A list of settings you want to delete.",
437 returns
=> { type
=> 'null' },
441 my $node = extract_param
($param, 'node');
442 my $iface = extract_param
($param, 'iface');
443 my $delete = extract_param
($param, 'delete');
446 my $config = PVE
::INotify
::read_file
('interfaces');
447 my $ifaces = $config->{ifaces
};
449 raise_param_exc
({ iface
=> "interface does not exist" })
450 if !$ifaces->{$iface};
452 my $families = ($param->{families
} ||= []);
453 foreach my $k (PVE
::Tools
::split_list
($delete)) {
454 delete $ifaces->{$iface}->{$k};
455 @$families = grep(!/^inet$/, @$families) if $k eq 'address';
456 @$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
458 delete $ifaces->{$iface}->{netmask
};
459 delete $ifaces->{$iface}->{address
};
460 } elsif ($k eq 'cidr6') {
461 delete $ifaces->{$iface}->{netmask6
};
462 delete $ifaces->{$iface}->{address6
};
466 $map_cidr_to_address_netmask->($param);
468 &$check_duplicate_gateway($ifaces, $iface)
469 if $param->{gateway
};
470 &$check_duplicate_gateway6($ifaces, $iface)
471 if $param->{gateway6
};
473 if ($param->{address
}) {
474 push @$families, 'inet' if !grep(/^inet$/, @$families);
476 @$families = grep(!/^inet$/, @$families);
478 if ($param->{address6
}) {
479 &$check_ipv6_settings($param->{address6
}, int($param->{netmask6
}));
480 push @$families, 'inet6' if !grep(/^inet6$/, @$families);
482 @$families = grep(!/^inet6$/, @$families);
484 @$families = ('inet') if !scalar(@$families);
486 $param->{method} = $param->{address
} ?
'static' : 'manual';
487 $param->{method6
} = $param->{address6
} ?
'static' : 'manual';
489 foreach my $k (keys %$param) {
490 $ifaces->{$iface}->{$k} = $param->{$k};
493 PVE
::INotify
::write_file
('interfaces', $config);
496 PVE
::Tools
::lock_file
($iflockfn, 10, $code);
502 __PACKAGE__-
>register_method({
503 name
=> 'network_config',
507 check
=> ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
509 description
=> "Read network device configuration",
512 additionalProperties
=> 0,
514 node
=> get_standard_option
('pve-node'),
515 iface
=> get_standard_option
('pve-iface'),
532 my $config = PVE
::INotify
::read_file
('interfaces');
533 my $ifaces = $config->{ifaces
};
535 raise_param_exc
({ iface
=> "interface does not exist" })
536 if !$ifaces->{$param->{iface
}};
538 return $ifaces->{$param->{iface
}};
541 __PACKAGE__-
>register_method({
542 name
=> 'reload_network_config',
546 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
548 description
=> "Reload network configuration",
552 additionalProperties
=> 0,
554 node
=> get_standard_option
('pve-node'),
557 returns
=> { type
=> 'string' },
562 my $rpcenv = PVE
::RPCEnvironment
::get
();
564 my $authuser = $rpcenv->get_user();
566 my $current_config_file = "/etc/network/interfaces";
567 my $new_config_file = "/etc/network/interfaces.new";
569 die "you need ifupdown2 to reload networking\n" if !-e
'/usr/share/ifupdown2';
571 if (-x
'/usr/bin/ovs-vsctl') {
572 my $ovs_configured = sub {
574 my @ovstypes = grep { $_->{type
} =~ /^ovs\S+/i } values %$ifaces;
575 return scalar(@ovstypes) > 0;
577 my $tmp = PVE
::INotify
::read_file
('interfaces', 1);
578 my $ifaces = $tmp->{data
}->{ifaces
};
579 my $changes = $tmp->{changes
};
581 if ($ovs_configured->($ifaces)) {
582 die "There are OpenVSwitch configured interfaces, but ifupdown2 ".
583 " reload is not compatible with openvswitch currently\n";
584 } elsif ($changes && $changes =~ /^\s*(?:[+-])?\s*(ovs_type|allow-ovs)/mi) {
585 die "Changes include OpenVSwitch interfaces, but ifupdown2 ".
586 "reload is not compatible with openvswitch currently\n";
592 rename($new_config_file, $current_config_file) if -e
$new_config_file;
595 my $network_sdn_config = PVE
::Network
::SDN
::Zones
::generate_etc_network_config
();
596 PVE
::Network
::SDN
::Zones
::write_etc_network_config
($network_sdn_config);
601 if ($line =~ /(warning|error): (\S+):/) {
602 print "$2 : $line \n";
605 PVE
::Tools
::run_command
(['ifreload', '-a'], errfunc
=> $err);
608 my $controller_config = PVE
::Network
::SDN
::Controllers
::generate_controller_config
();
609 PVE
::Network
::SDN
::Controllers
::write_controller_config
($controller_config) if ($controller_config);
610 PVE
::Network
::SDN
::Controllers
::reload_controller
();
613 return $rpcenv->fork_worker('srvreload', 'networking', $authuser, $worker);
616 __PACKAGE__-
>register_method({
617 name
=> 'delete_network',
621 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
623 description
=> "Delete network device configuration",
627 additionalProperties
=> 0,
629 node
=> get_standard_option
('pve-node'),
630 iface
=> get_standard_option
('pve-iface'),
633 returns
=> { type
=> 'null' },
638 my $config = PVE
::INotify
::read_file
('interfaces');
639 my $ifaces = $config->{ifaces
};
641 raise_param_exc
({ iface
=> "interface does not exist" })
642 if !$ifaces->{$param->{iface
}};
644 my $d = $ifaces->{$param->{iface
}};
645 if ($d->{type
} eq 'OVSIntPort' || $d->{type
} eq 'OVSBond') {
646 if (my $brname = $d->{ovs_bridge
}) {
647 if (my $br = $ifaces->{$brname}) {
648 if ($br->{ovs_ports
}) {
649 my @ports = split (/\s+/, $br->{ovs_ports
});
650 my @new = grep { $_ ne $param->{iface
} } @ports;
651 $br->{ovs_ports
} = join(' ', @new);
657 delete $ifaces->{$param->{iface
}};
659 PVE
::INotify
::write_file
('interfaces', $config);
662 PVE
::Tools
::lock_file
($iflockfn, 10, $code);