]> git.proxmox.com Git - pmg-api.git/blob - src/PMG/API2/Network.pm
projects / pmg-api.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
api: cluster: add update-fingerprints call
[pmg-api.git] / src / PMG / API2 / Network.pm
1 package PMG::API2::Network;
2
3 use strict;
4 use warnings;
5
6 use Net::IP qw(:PROC);
7 use PVE::Tools qw(extract_param);
8 use PVE::SafeSyslog;
9 use PVE::INotify;
10 use PVE::Exception qw(raise_param_exc);
11 use PVE::RESTHandler;
12 use PMG::RESTEnvironment;
13 use PVE::JSONSchema qw(get_standard_option);
14
15 use base qw(PVE::RESTHandler);
16
17 my $iflockfn = "/etc/network/.pve-interfaces.lock";
18
19 my $bond_mode_enum = [
20 'balance-rr',
21 'active-backup', # OVS and Linux
22 'balance-xor',
23 'broadcast',
24 '802.3ad',
25 'balance-tlb',
26 'balance-alb',
27 'balance-slb', # OVS
28 'lacp-balance-slb', # OVS
29 'lacp-balance-tcp', # OVS
30 ];
31
32 my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
33 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
34
35 my $confdesc = {
36 type => {
37 description => "Network interface type",
38 type => 'string',
39 enum => [@$network_type_enum, 'unknown'],
40 },
41 comments => {
42 description => "Comments",
43 type => 'string',
44 optional => 1,
45 },
46 comments6 => {
47 description => "Comments",
48 type => 'string',
49 optional => 1,
50 },
51 autostart => {
52 description => "Automatically start interface on boot.",
53 type => 'boolean',
54 optional => 1,
55 },
56 bridge_vlan_aware => {
57 description => "Enable bridge vlan support.",
58 type => 'boolean',
59 optional => 1,
60 },
61 bridge_ports => {
62 description => "Specify the iterfaces you want to add to your bridge.",
63 optional => 1,
64 type => 'string', format => 'pve-iface-list',
65 },
66 ovs_ports => {
67 description => "Specify the iterfaces you want to add to your bridge.",
68 optional => 1,
69 type => 'string', format => 'pve-iface-list',
70 },
71 ovs_tag => {
72 description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
73 optional => 1,
74 type => 'integer',
75 minimum => 1,
76 maximum => 4094,
77 },
78 ovs_options => {
79 description => "OVS interface options.",
80 optional => 1,
81 type => 'string',
82 maxLength => 1024,
83 },
84 ovs_bridge => {
85 description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
86 optional => 1,
87 type => 'string', format => 'pve-iface',
88 },
89 slaves => {
90 description => "Specify the interfaces used by the bonding device.",
91 optional => 1,
92 type => 'string', format => 'pve-iface-list',
93 },
94 ovs_bonds => {
95 description => "Specify the interfaces used by the bonding device.",
96 optional => 1,
97 type => 'string', format => 'pve-iface-list',
98 },
99 bond_mode => {
100 description => "Bonding mode.",
101 optional => 1,
102 type => 'string', enum => $bond_mode_enum,
103 },
104 'bond-primary' => {
105 description => "Specify the primary interface for active-backup bond.",
106 optional => 1,
107 type => 'string', format => 'pve-iface',
108 },
109 bond_xmit_hash_policy => {
110 description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
111 optional => 1,
112 type => 'string',
113 enum => ['layer2', 'layer2+3', 'layer3+4' ],
114 },
115 'vlan-raw-device' => {
116 description => "Specify the raw interface for the vlan interface.",
117 optional => 1,
118 type => 'string', format => 'pve-iface',
119 },
120 'vlan-id' => {
121 description => "vlan-id for a custom named vlan interface (ifupdown2 only).",
122 optional => 1,
123 type => 'integer',
124 minimum => 1,
125 maximum => 4094,
126 },
127 gateway => {
128 description => 'Default gateway address.',
129 type => 'string', format => 'ipv4',
130 optional => 1,
131 },
132 netmask => {
133 description => 'Network mask.',
134 type => 'string', format => 'ipv4mask',
135 optional => 1,
136 requires => 'address',
137 },
138 address => {
139 description => 'IP address.',
140 type => 'string', format => 'ipv4',
141 optional => 1,
142 requires => 'netmask',
143 },
144 cidr => {
145 description => 'IPv4 CIDR.',
146 type => 'string', format => 'CIDRv4',
147 optional => 1,
148 },
149 mtu => {
150 description => 'MTU.',
151 optional => 1,
152 type => 'integer',
153 minimum => 1280,
154 maximum => 65520,
155 },
156 gateway6 => {
157 description => 'Default ipv6 gateway address.',
158 type => 'string', format => 'ipv6',
159 optional => 1,
160 },
161 netmask6 => {
162 description => 'Network mask.',
163 type => 'integer', minimum => 0, maximum => 128,
164 optional => 1,
165 requires => 'address6',
166 },
167 address6 => {
168 description => 'IP address.',
169 type => 'string', format => 'ipv6',
170 optional => 1,
171 requires => 'netmask6',
172 },
173 cidr6 => {
174 description => 'IPv6 CIDR.',
175 type => 'string', format => 'CIDRv6',
176 optional => 1,
177 },
178 };
179
180 sub json_config_properties {
181 my $prop = shift;
182
183 foreach my $opt (keys %$confdesc) {
184 $prop->{$opt} = $confdesc->{$opt};
185 }
186
187 return $prop;
188 }
189
190 __PACKAGE__->register_method({
191 name => 'index',
192 path => '',
193 method => 'GET',
194 description => "List available networks",
195 proxyto => 'node',
196 permissions => { check => [ 'admin', 'audit' ] },
197 parameters => {
198 additionalProperties => 0,
199 properties => {
200 node => get_standard_option('pve-node'),
201 type => {
202 description => "Only list specific interface types.",
203 type => 'string',
204 enum => [ @$network_type_enum, 'any_bridge' ],
205 optional => 1,
206 },
207 },
208 },
209 returns => {
210 type => "array",
211 items => {
212 type => "object",
213 properties => {},
214 },
215 links => [ { rel => 'child', href => "{iface}" } ],
216 },
217 code => sub {
218 my ($param) = @_;
219
220 my $restenv = PMG::RESTEnvironment->get();
221
222 my $tmp = PVE::INotify::read_file('interfaces', 1);
223 my $config = $tmp->{data};
224 my $changes = $tmp->{changes};
225
226 $restenv->set_result_attrib('changes', $changes) if $changes;
227
228 my $ifaces = $config->{ifaces};
229
230 delete $ifaces->{lo}; # do not list the loopback device
231
232 if ($param->{type}) {
233 foreach my $k (keys %$ifaces) {
234 my $type = $ifaces->{$k}->{type};
235 my $match = ($param->{type} eq $type) || (
236 ($param->{type} eq 'any_bridge') &&
237 ($type eq 'bridge' || $type eq 'OVSBridge'));
238 delete $ifaces->{$k} if !$match;
239 }
240 }
241
242 return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
243 }});
244
245 __PACKAGE__->register_method({
246 name => 'revert_network_changes',
247 path => '',
248 method => 'DELETE',
249 protected => 1,
250 description => "Revert network configuration changes.",
251 proxyto => 'node',
252 parameters => {
253 additionalProperties => 0,
254 properties => {
255 node => get_standard_option('pve-node'),
256 },
257 },
258 returns => { type => "null" },
259 code => sub {
260 my ($param) = @_;
261
262 unlink "/etc/network/interfaces.new";
263
264 return undef;
265 }});
266
267 my $check_duplicate = sub {
268 my ($config, $newiface, $key, $name) = @_;
269
270 foreach my $iface (keys %$config) {
271 raise_param_exc({ $key => "$name already exists on interface '$iface'." })
272 if ($newiface ne $iface) && $config->{$iface}->{$key};
273 }
274 };
275
276 my $check_duplicate_gateway = sub {
277 my ($config, $newiface) = @_;
278 return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
279 };
280
281 my $check_duplicate_gateway6 = sub {
282 my ($config, $newiface) = @_;
283 return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
284 };
285
286 sub ipv6_tobin {
287 return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
288 }
289
290 my $check_ipv6_settings = sub {
291 my ($address, $netmask) = @_;
292
293 raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
294 if $netmask < 0 || $netmask > 128;
295
296 raise_param_exc({ address => "$address is not a valid host ip address." })
297 if !Net::IP::ip_is_ipv6($address);
298
299 my $binip = ipv6_tobin($address);
300 my $binmask = Net::IP::ip_get_mask($netmask, 6);
301
302 my $type = Net::IP::ip_iptypev6($binip);
303
304 raise_param_exc({ address => "$address is not a valid host ip address." })
305 if ($binip eq $binmask) ||
306 (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/);
307 };
308
309 my $map_cidr_to_address_netmask = sub {
310 my ($param) = @_;
311
312 if ($param->{cidr}) {
313 raise_param_exc({ address => "address conflicts with cidr" })
314 if $param->{address};
315 raise_param_exc({ netmask => "netmask conflicts with cidr" })
316 if $param->{netmask};
317
318 my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!;
319 $param->{address} = $address;
320 $param->{netmask} = $netmask;
321 delete $param->{cidr};
322 }
323
324 if ($param->{cidr6}) {
325 raise_param_exc({ address6 => "address6 conflicts with cidr6" })
326 if $param->{address6};
327 raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" })
328 if $param->{netmask6};
329
330 my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!;
331 $param->{address6} = $address;
332 $param->{netmask6} = $netmask;
333 delete $param->{cidr6};
334 }
335 };
336
337 __PACKAGE__->register_method({
338 name => 'create_network',
339 path => '',
340 method => 'POST',
341 description => "Create network device configuration",
342 protected => 1,
343 proxyto => 'node',
344 parameters => {
345 additionalProperties => 0,
346 properties => json_config_properties({
347 node => get_standard_option('pve-node'),
348 iface => get_standard_option('pve-iface')}),
349 },
350 returns => { type => 'null' },
351 code => sub {
352 my ($param) = @_;
353
354 my $node = extract_param($param, 'node');
355 my $iface = extract_param($param, 'iface');
356
357 my $code = sub {
358 my $config = PVE::INotify::read_file('interfaces');
359 my $ifaces = $config->{ifaces};
360
361 raise_param_exc({ iface => "interface already exists" })
362 if $ifaces->{$iface};
363
364 &$check_duplicate_gateway($ifaces, $iface)
365 if $param->{gateway};
366 &$check_duplicate_gateway6($ifaces, $iface)
367 if $param->{gateway6};
368
369 $map_cidr_to_address_netmask->($param);
370
371 &$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
372 if $param->{address6};
373
374 my $families = $param->{families} = [];
375 push @$families, 'inet'
376 if $param->{address} && !grep(/^inet$/, @$families);
377 push @$families, 'inet6'
378 if $param->{address6} && !grep(/^inet6$/, @$families);
379 @$families = ('inet') if !scalar(@$families);
380
381 $param->{method} = $param->{address} ? 'static' : 'manual';
382 $param->{method6} = $param->{address6} ? 'static' : 'manual';
383
384 if ($param->{type} =~ m/^OVS/) {
385 -x '/usr/bin/ovs-vsctl' ||
386 die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
387 }
388
389 if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') {
390 my $brname = $param->{ovs_bridge};
391 raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
392 my $br = $ifaces->{$brname};
393 raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
394 raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" })
395 if $br->{type} ne 'OVSBridge';
396
397 my @ports = split (/\s+/, $br->{ovs_ports} || '');
398 $br->{ovs_ports} = join(' ', @ports, $iface)
399 if ! grep { $_ eq $iface } @ports;
400 }
401
402 $ifaces->{$iface} = $param;
403
404 PVE::INotify::write_file('interfaces', $config);
405 };
406
407 PVE::Tools::lock_file($iflockfn, 10, $code);
408 die $@ if $@;
409
410 return undef;
411 }});
412
413 __PACKAGE__->register_method({
414 name => 'update_network',
415 path => '{iface}',
416 method => 'PUT',
417 description => "Update network device configuration",
418 protected => 1,
419 proxyto => 'node',
420 parameters => {
421 additionalProperties => 0,
422 properties => json_config_properties({
423 node => get_standard_option('pve-node'),
424 iface => get_standard_option('pve-iface'),
425 delete => {
426 type => 'string', format => 'pve-configid-list',
427 description => "A list of settings you want to delete.",
428 optional => 1,
429 }}),
430 },
431 returns => { type => 'null' },
432 code => sub {
433 my ($param) = @_;
434
435 my $node = extract_param($param, 'node');
436 my $iface = extract_param($param, 'iface');
437 my $delete = extract_param($param, 'delete');
438
439 my $code = sub {
440 my $config = PVE::INotify::read_file('interfaces');
441 my $ifaces = $config->{ifaces};
442
443 raise_param_exc({ iface => "interface does not exist" })
444 if !$ifaces->{$iface};
445
446 my $families = ($param->{families} ||= []);
447 foreach my $k (PVE::Tools::split_list($delete)) {
448 delete $ifaces->{$iface}->{$k};
449 @$families = grep(!/^inet$/, @$families) if $k eq 'address';
450 @$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
451 }
452
453 $map_cidr_to_address_netmask->($param);
454
455 &$check_duplicate_gateway($ifaces, $iface)
456 if $param->{gateway};
457 &$check_duplicate_gateway6($ifaces, $iface)
458 if $param->{gateway6};
459
460 if ($param->{address}) {
461 push @$families, 'inet' if !grep(/^inet$/, @$families);
462 } else {
463 @$families = grep(!/^inet$/, @$families);
464 }
465 if ($param->{address6}) {
466 &$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
467 push @$families, 'inet6' if !grep(/^inet6$/, @$families);
468 } else {
469 @$families = grep(!/^inet6$/, @$families);
470 }
471 @$families = ('inet') if !scalar(@$families);
472
473 $param->{method} = $param->{address} ? 'static' : 'manual';
474 $param->{method6} = $param->{address6} ? 'static' : 'manual';
475
476 foreach my $k (keys %$param) {
477 $ifaces->{$iface}->{$k} = $param->{$k};
478 }
479
480 PVE::INotify::write_file('interfaces', $config);
481 };
482
483 PVE::Tools::lock_file($iflockfn, 10, $code);
484 die $@ if $@;
485
486 return undef;
487 }});
488
489 __PACKAGE__->register_method({
490 name => 'network_config',
491 path => '{iface}',
492 method => 'GET',
493 description => "Read network device configuration",
494 proxyto => 'node',
495 permissions => { check => [ 'admin', 'audit' ] },
496 parameters => {
497 additionalProperties => 0,
498 properties => {
499 node => get_standard_option('pve-node'),
500 iface => get_standard_option('pve-iface'),
501 },
502 },
503 returns => {
504 type => "object",
505 properties => {
506 type => {
507 type => 'string',
508 },
509 method => {
510 type => 'string',
511 },
512 },
513 },
514 code => sub {
515 my ($param) = @_;
516
517 my $config = PVE::INotify::read_file('interfaces');
518 my $ifaces = $config->{ifaces};
519
520 raise_param_exc({ iface => "interface does not exist" })
521 if !$ifaces->{$param->{iface}};
522
523 return $ifaces->{$param->{iface}};
524 }});
525
526 __PACKAGE__->register_method({
527 name => 'delete_network',
528 path => '{iface}',
529 method => 'DELETE',
530 description => "Delete network device configuration",
531 protected => 1,
532 proxyto => 'node',
533 parameters => {
534 additionalProperties => 0,
535 properties => {
536 node => get_standard_option('pve-node'),
537 iface => get_standard_option('pve-iface'),
538 },
539 },
540 returns => { type => 'null' },
541 code => sub {
542 my ($param) = @_;
543
544 my $code = sub {
545 my $config = PVE::INotify::read_file('interfaces');
546 my $ifaces = $config->{ifaces};
547
548 raise_param_exc({ iface => "interface does not exist" })
549 if !$ifaces->{$param->{iface}};
550
551 my $d = $ifaces->{$param->{iface}};
552 if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') {
553 if (my $brname = $d->{ovs_bridge}) {
554 if (my $br = $ifaces->{$brname}) {
555 if ($br->{ovs_ports}) {
556 my @ports = split (/\s+/, $br->{ovs_ports});
557 my @new = grep { $_ ne $param->{iface} } @ports;
558 $br->{ovs_ports} = join(' ', @new);
559 }
560 }
561 }
562 }
563
564 delete $ifaces->{$param->{iface}};
565
566 PVE::INotify::write_file('interfaces', $config);
567 };
568
569 PVE::Tools::lock_file($iflockfn, 10, $code);
570 die $@ if $@;
571
572 return undef;
573 }});
574
575 1;
PMG API