]>
git.proxmox.com Git - pmg-api.git/blob - src/PMG/API2/Network.pm
1 package PMG
::API2
::Network
;
7 use PVE
::Tools
qw(extract_param);
10 use PVE
::Exception
qw(raise_param_exc);
12 use PMG
::RESTEnvironment
;
13 use PVE
::JSONSchema
qw(get_standard_option);
15 use base
qw(PVE::RESTHandler);
17 my $iflockfn = "/etc/network/.pve-interfaces.lock";
19 my $bond_mode_enum = [
21 'active-backup', # OVS and Linux
28 'lacp-balance-slb', # OVS
29 'lacp-balance-tcp', # OVS
32 my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
33 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
37 description
=> "Network interface type",
39 enum
=> [@$network_type_enum, 'unknown'],
42 description
=> "Comments",
47 description
=> "Comments",
52 description
=> "Automatically start interface on boot.",
56 bridge_vlan_aware
=> {
57 description
=> "Enable bridge vlan support.",
62 description
=> "Specify the iterfaces you want to add to your bridge.",
64 type
=> 'string', format
=> 'pve-iface-list',
67 description
=> "Specify the iterfaces you want to add to your bridge.",
69 type
=> 'string', format
=> 'pve-iface-list',
72 description
=> "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
79 description
=> "OVS interface options.",
85 description
=> "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
87 type
=> 'string', format
=> 'pve-iface',
90 description
=> "Specify the interfaces used by the bonding device.",
92 type
=> 'string', format
=> 'pve-iface-list',
95 description
=> "Specify the interfaces used by the bonding device.",
97 type
=> 'string', format
=> 'pve-iface-list',
100 description
=> "Bonding mode.",
102 type
=> 'string', enum
=> $bond_mode_enum,
105 description
=> "Specify the primary interface for active-backup bond.",
107 type
=> 'string', format
=> 'pve-iface',
109 bond_xmit_hash_policy
=> {
110 description
=> "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
113 enum
=> ['layer2', 'layer2+3', 'layer3+4' ],
115 'vlan-raw-device' => {
116 description
=> "Specify the raw interface for the vlan interface.",
118 type
=> 'string', format
=> 'pve-iface',
121 description
=> "vlan-id for a custom named vlan interface (ifupdown2 only).",
128 description
=> 'Default gateway address.',
129 type
=> 'string', format
=> 'ipv4',
133 description
=> 'Network mask.',
134 type
=> 'string', format
=> 'ipv4mask',
136 requires
=> 'address',
139 description
=> 'IP address.',
140 type
=> 'string', format
=> 'ipv4',
142 requires
=> 'netmask',
145 description
=> 'IPv4 CIDR.',
146 type
=> 'string', format
=> 'CIDRv4',
150 description
=> 'MTU.',
157 description
=> 'Default ipv6 gateway address.',
158 type
=> 'string', format
=> 'ipv6',
162 description
=> 'Network mask.',
163 type
=> 'integer', minimum
=> 0, maximum
=> 128,
165 requires
=> 'address6',
168 description
=> 'IP address.',
169 type
=> 'string', format
=> 'ipv6',
171 requires
=> 'netmask6',
174 description
=> 'IPv6 CIDR.',
175 type
=> 'string', format
=> 'CIDRv6',
180 sub json_config_properties
{
183 foreach my $opt (keys %$confdesc) {
184 $prop->{$opt} = $confdesc->{$opt};
190 __PACKAGE__-
>register_method({
194 description
=> "List available networks",
196 permissions
=> { check
=> [ 'admin', 'audit' ] },
198 additionalProperties
=> 0,
200 node
=> get_standard_option
('pve-node'),
202 description
=> "Only list specific interface types.",
204 enum
=> [ @$network_type_enum, 'any_bridge' ],
215 links
=> [ { rel
=> 'child', href
=> "{iface}" } ],
220 my $restenv = PMG
::RESTEnvironment-
>get();
222 my $tmp = PVE
::INotify
::read_file
('interfaces', 1);
223 my $config = $tmp->{data
};
224 my $changes = $tmp->{changes
};
226 $restenv->set_result_attrib('changes', $changes) if $changes;
228 my $ifaces = $config->{ifaces
};
230 delete $ifaces->{lo
}; # do not list the loopback device
232 if ($param->{type
}) {
233 foreach my $k (keys %$ifaces) {
234 my $type = $ifaces->{$k}->{type
};
235 my $match = ($param->{type
} eq $type) || (
236 ($param->{type
} eq 'any_bridge') &&
237 ($type eq 'bridge' || $type eq 'OVSBridge'));
238 delete $ifaces->{$k} if !$match;
242 return PVE
::RESTHandler
::hash_to_array
($ifaces, 'iface');
245 __PACKAGE__-
>register_method({
246 name
=> 'revert_network_changes',
250 description
=> "Revert network configuration changes.",
253 additionalProperties
=> 0,
255 node
=> get_standard_option
('pve-node'),
258 returns
=> { type
=> "null" },
262 unlink "/etc/network/interfaces.new";
267 my $check_duplicate = sub {
268 my ($config, $newiface, $key, $name) = @_;
270 foreach my $iface (keys %$config) {
271 raise_param_exc
({ $key => "$name already exists on interface '$iface'." })
272 if ($newiface ne $iface) && $config->{$iface}->{$key};
276 my $check_duplicate_gateway = sub {
277 my ($config, $newiface) = @_;
278 return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
281 my $check_duplicate_gateway6 = sub {
282 my ($config, $newiface) = @_;
283 return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
287 return Net
::IP
::ip_iptobin
(Net
::IP
::ip_expand_address
(shift, 6), 6);
290 my $check_ipv6_settings = sub {
291 my ($address, $netmask) = @_;
293 raise_param_exc
({ netmask
=> "$netmask is not a valid subnet length for ipv6" })
294 if $netmask < 0 || $netmask > 128;
296 raise_param_exc
({ address
=> "$address is not a valid host ip address." })
297 if !Net
::IP
::ip_is_ipv6
($address);
299 my $binip = ipv6_tobin
($address);
300 my $binmask = Net
::IP
::ip_get_mask
($netmask, 6);
302 my $type = Net
::IP
::ip_iptypev6
($binip);
304 raise_param_exc
({ address
=> "$address is not a valid host ip address." })
305 if ($binip eq $binmask) ||
306 (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/);
309 my $map_cidr_to_address_netmask = sub {
312 if ($param->{cidr
}) {
313 raise_param_exc
({ address
=> "address conflicts with cidr" })
314 if $param->{address
};
315 raise_param_exc
({ netmask
=> "netmask conflicts with cidr" })
316 if $param->{netmask
};
318 my ($address, $netmask) = $param->{cidr
} =~ m!^(.*)/(\d+)$!;
319 $param->{address
} = $address;
320 $param->{netmask
} = $netmask;
321 delete $param->{cidr
};
324 if ($param->{cidr6
}) {
325 raise_param_exc
({ address6
=> "address6 conflicts with cidr6" })
326 if $param->{address6
};
327 raise_param_exc
({ netmask6
=> "netmask6 conflicts with cidr6" })
328 if $param->{netmask6
};
330 my ($address, $netmask) = $param->{cidr6
} =~ m!^(.*)/(\d+)$!;
331 $param->{address6
} = $address;
332 $param->{netmask6
} = $netmask;
333 delete $param->{cidr6
};
337 __PACKAGE__-
>register_method({
338 name
=> 'create_network',
341 description
=> "Create network device configuration",
345 additionalProperties
=> 0,
346 properties
=> json_config_properties
({
347 node
=> get_standard_option
('pve-node'),
348 iface
=> get_standard_option
('pve-iface')}),
350 returns
=> { type
=> 'null' },
354 my $node = extract_param
($param, 'node');
355 my $iface = extract_param
($param, 'iface');
358 my $config = PVE
::INotify
::read_file
('interfaces');
359 my $ifaces = $config->{ifaces
};
361 raise_param_exc
({ iface
=> "interface already exists" })
362 if $ifaces->{$iface};
364 &$check_duplicate_gateway($ifaces, $iface)
365 if $param->{gateway
};
366 &$check_duplicate_gateway6($ifaces, $iface)
367 if $param->{gateway6
};
369 $map_cidr_to_address_netmask->($param);
371 &$check_ipv6_settings($param->{address6
}, int($param->{netmask6
}))
372 if $param->{address6
};
374 my $families = $param->{families
} = [];
375 push @$families, 'inet'
376 if $param->{address
} && !grep(/^inet$/, @$families);
377 push @$families, 'inet6'
378 if $param->{address6
} && !grep(/^inet6$/, @$families);
379 @$families = ('inet') if !scalar(@$families);
381 $param->{method} = $param->{address
} ?
'static' : 'manual';
382 $param->{method6
} = $param->{address6
} ?
'static' : 'manual';
384 if ($param->{type
} =~ m/^OVS/) {
385 -x
'/usr/bin/ovs-vsctl' ||
386 die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
389 if ($param->{type
} eq 'OVSIntPort' || $param->{type
} eq 'OVSBond') {
390 my $brname = $param->{ovs_bridge
};
391 raise_param_exc
({ ovs_bridge
=> "parameter is required" }) if !$brname;
392 my $br = $ifaces->{$brname};
393 raise_param_exc
({ ovs_bridge
=> "bridge '$brname' does not exist" }) if !$br;
394 raise_param_exc
({ ovs_bridge
=> "interface '$brname' is no OVS bridge" })
395 if $br->{type
} ne 'OVSBridge';
397 my @ports = split (/\s+/, $br->{ovs_ports
} || '');
398 $br->{ovs_ports
} = join(' ', @ports, $iface)
399 if ! grep { $_ eq $iface } @ports;
402 $ifaces->{$iface} = $param;
404 PVE
::INotify
::write_file
('interfaces', $config);
407 PVE
::Tools
::lock_file
($iflockfn, 10, $code);
413 __PACKAGE__-
>register_method({
414 name
=> 'update_network',
417 description
=> "Update network device configuration",
421 additionalProperties
=> 0,
422 properties
=> json_config_properties
({
423 node
=> get_standard_option
('pve-node'),
424 iface
=> get_standard_option
('pve-iface'),
426 type
=> 'string', format
=> 'pve-configid-list',
427 description
=> "A list of settings you want to delete.",
431 returns
=> { type
=> 'null' },
435 my $node = extract_param
($param, 'node');
436 my $iface = extract_param
($param, 'iface');
437 my $delete = extract_param
($param, 'delete');
440 my $config = PVE
::INotify
::read_file
('interfaces');
441 my $ifaces = $config->{ifaces
};
443 raise_param_exc
({ iface
=> "interface does not exist" })
444 if !$ifaces->{$iface};
446 my $families = ($param->{families
} ||= []);
447 foreach my $k (PVE
::Tools
::split_list
($delete)) {
448 delete $ifaces->{$iface}->{$k};
449 @$families = grep(!/^inet$/, @$families) if $k eq 'address';
450 @$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
453 $map_cidr_to_address_netmask->($param);
455 &$check_duplicate_gateway($ifaces, $iface)
456 if $param->{gateway
};
457 &$check_duplicate_gateway6($ifaces, $iface)
458 if $param->{gateway6
};
460 if ($param->{address
}) {
461 push @$families, 'inet' if !grep(/^inet$/, @$families);
463 @$families = grep(!/^inet$/, @$families);
465 if ($param->{address6
}) {
466 &$check_ipv6_settings($param->{address6
}, int($param->{netmask6
}));
467 push @$families, 'inet6' if !grep(/^inet6$/, @$families);
469 @$families = grep(!/^inet6$/, @$families);
471 @$families = ('inet') if !scalar(@$families);
473 $param->{method} = $param->{address
} ?
'static' : 'manual';
474 $param->{method6
} = $param->{address6
} ?
'static' : 'manual';
476 foreach my $k (keys %$param) {
477 $ifaces->{$iface}->{$k} = $param->{$k};
480 PVE
::INotify
::write_file
('interfaces', $config);
483 PVE
::Tools
::lock_file
($iflockfn, 10, $code);
489 __PACKAGE__-
>register_method({
490 name
=> 'network_config',
493 description
=> "Read network device configuration",
495 permissions
=> { check
=> [ 'admin', 'audit' ] },
497 additionalProperties
=> 0,
499 node
=> get_standard_option
('pve-node'),
500 iface
=> get_standard_option
('pve-iface'),
517 my $config = PVE
::INotify
::read_file
('interfaces');
518 my $ifaces = $config->{ifaces
};
520 raise_param_exc
({ iface
=> "interface does not exist" })
521 if !$ifaces->{$param->{iface
}};
523 return $ifaces->{$param->{iface
}};
526 __PACKAGE__-
>register_method({
527 name
=> 'delete_network',
530 description
=> "Delete network device configuration",
534 additionalProperties
=> 0,
536 node
=> get_standard_option
('pve-node'),
537 iface
=> get_standard_option
('pve-iface'),
540 returns
=> { type
=> 'null' },
545 my $config = PVE
::INotify
::read_file
('interfaces');
546 my $ifaces = $config->{ifaces
};
548 raise_param_exc
({ iface
=> "interface does not exist" })
549 if !$ifaces->{$param->{iface
}};
551 my $d = $ifaces->{$param->{iface
}};
552 if ($d->{type
} eq 'OVSIntPort' || $d->{type
} eq 'OVSBond') {
553 if (my $brname = $d->{ovs_bridge
}) {
554 if (my $br = $ifaces->{$brname}) {
555 if ($br->{ovs_ports
}) {
556 my @ports = split (/\s+/, $br->{ovs_ports
});
557 my @new = grep { $_ ne $param->{iface
} } @ports;
558 $br->{ovs_ports
} = join(' ', @new);
564 delete $ifaces->{$param->{iface
}};
566 PVE
::INotify
::write_file
('interfaces', $config);
569 PVE
::Tools
::lock_file
($iflockfn, 10, $code);