]> git.proxmox.com Git - pmg-api.git/blob - src/PMG/API2/Network.pm
projects / pmg-api.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
api2: network: add bond-primary option
[pmg-api.git] / src / PMG / API2 / Network.pm
1 package PMG::API2::Network;
2
3 use strict;
4 use warnings;
5
6 use Net::IP qw(:PROC);
7 use PVE::Tools qw(extract_param);
8 use PVE::SafeSyslog;
9 use PVE::INotify;
10 use PVE::Exception qw(raise_param_exc);
11 use PVE::RESTHandler;
12 use PMG::RESTEnvironment;
13 use PVE::JSONSchema qw(get_standard_option);
14
15 use base qw(PVE::RESTHandler);
16
17 my $iflockfn = "/etc/network/.pve-interfaces.lock";
18
19 my $bond_mode_enum = [
20 'balance-rr',
21 'active-backup', # OVS and Linux
22 'balance-xor',
23 'broadcast',
24 '802.3ad',
25 'balance-tlb',
26 'balance-alb',
27 'balance-slb', # OVS
28 'lacp-balance-slb', # OVS
29 'lacp-balance-tcp', # OVS
30 ];
31
32 my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
33 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
34
35 my $confdesc = {
36 type => {
37 description => "Network interface type",
38 type => 'string',
39 enum => [@$network_type_enum, 'unknown'],
40 },
41 comments => {
42 description => "Comments",
43 type => 'string',
44 optional => 1,
45 },
46 comments6 => {
47 description => "Comments",
48 type => 'string',
49 optional => 1,
50 },
51 autostart => {
52 description => "Automatically start interface on boot.",
53 type => 'boolean',
54 optional => 1,
55 },
56 bridge_vlan_aware => {
57 description => "Enable bridge vlan support.",
58 type => 'boolean',
59 optional => 1,
60 },
61 bridge_ports => {
62 description => "Specify the iterfaces you want to add to your bridge.",
63 optional => 1,
64 type => 'string', format => 'pve-iface-list',
65 },
66 ovs_ports => {
67 description => "Specify the iterfaces you want to add to your bridge.",
68 optional => 1,
69 type => 'string', format => 'pve-iface-list',
70 },
71 ovs_tag => {
72 description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
73 optional => 1,
74 type => 'integer',
75 minimum => 1,
76 maximum => 4094,
77 },
78 ovs_options => {
79 description => "OVS interface options.",
80 optional => 1,
81 type => 'string',
82 maxLength => 1024,
83 },
84 ovs_bridge => {
85 description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
86 optional => 1,
87 type => 'string', format => 'pve-iface',
88 },
89 slaves => {
90 description => "Specify the interfaces used by the bonding device.",
91 optional => 1,
92 type => 'string', format => 'pve-iface-list',
93 },
94 ovs_bonds => {
95 description => "Specify the interfaces used by the bonding device.",
96 optional => 1,
97 type => 'string', format => 'pve-iface-list',
98 },
99 bond_mode => {
100 description => "Bonding mode.",
101 optional => 1,
102 type => 'string', enum => $bond_mode_enum,
103 },
104 'bond-primary' => {
105 description => "Specify the primary interface for active-backup bond.",
106 optional => 1,
107 type => 'string', format => 'pve-iface',
108 },
109 bond_xmit_hash_policy => {
110 description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
111 optional => 1,
112 type => 'string',
113 enum => ['layer2', 'layer2+3', 'layer3+4' ],
114 },
115 gateway => {
116 description => 'Default gateway address.',
117 type => 'string', format => 'ipv4',
118 optional => 1,
119 },
120 netmask => {
121 description => 'Network mask.',
122 type => 'string', format => 'ipv4mask',
123 optional => 1,
124 requires => 'address',
125 },
126 address => {
127 description => 'IP address.',
128 type => 'string', format => 'ipv4',
129 optional => 1,
130 requires => 'netmask',
131 },
132 cidr => {
133 description => 'IPv4 CIDR.',
134 type => 'string', format => 'CIDRv4',
135 optional => 1,
136 },
137 gateway6 => {
138 description => 'Default ipv6 gateway address.',
139 type => 'string', format => 'ipv6',
140 optional => 1,
141 },
142 netmask6 => {
143 description => 'Network mask.',
144 type => 'integer', minimum => 0, maximum => 128,
145 optional => 1,
146 requires => 'address6',
147 },
148 address6 => {
149 description => 'IP address.',
150 type => 'string', format => 'ipv6',
151 optional => 1,
152 requires => 'netmask6',
153 },
154 cidr6 => {
155 description => 'IPv6 CIDR.',
156 type => 'string', format => 'CIDRv6',
157 optional => 1,
158 },
159 };
160
161 sub json_config_properties {
162 my $prop = shift;
163
164 foreach my $opt (keys %$confdesc) {
165 $prop->{$opt} = $confdesc->{$opt};
166 }
167
168 return $prop;
169 }
170
171 __PACKAGE__->register_method({
172 name => 'index',
173 path => '',
174 method => 'GET',
175 description => "List available networks",
176 proxyto => 'node',
177 permissions => { check => [ 'admin', 'audit' ] },
178 parameters => {
179 additionalProperties => 0,
180 properties => {
181 node => get_standard_option('pve-node'),
182 type => {
183 description => "Only list specific interface types.",
184 type => 'string',
185 enum => [ @$network_type_enum, 'any_bridge' ],
186 optional => 1,
187 },
188 },
189 },
190 returns => {
191 type => "array",
192 items => {
193 type => "object",
194 properties => {},
195 },
196 links => [ { rel => 'child', href => "{iface}" } ],
197 },
198 code => sub {
199 my ($param) = @_;
200
201 my $restenv = PMG::RESTEnvironment->get();
202
203 my $tmp = PVE::INotify::read_file('interfaces', 1);
204 my $config = $tmp->{data};
205 my $changes = $tmp->{changes};
206
207 $restenv->set_result_attrib('changes', $changes) if $changes;
208
209 my $ifaces = $config->{ifaces};
210
211 delete $ifaces->{lo}; # do not list the loopback device
212
213 if ($param->{type}) {
214 foreach my $k (keys %$ifaces) {
215 my $type = $ifaces->{$k}->{type};
216 my $match = ($param->{type} eq $type) || (
217 ($param->{type} eq 'any_bridge') &&
218 ($type eq 'bridge' || $type eq 'OVSBridge'));
219 delete $ifaces->{$k} if !$match;
220 }
221 }
222
223 return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
224 }});
225
226 __PACKAGE__->register_method({
227 name => 'revert_network_changes',
228 path => '',
229 method => 'DELETE',
230 protected => 1,
231 description => "Revert network configuration changes.",
232 proxyto => 'node',
233 parameters => {
234 additionalProperties => 0,
235 properties => {
236 node => get_standard_option('pve-node'),
237 },
238 },
239 returns => { type => "null" },
240 code => sub {
241 my ($param) = @_;
242
243 unlink "/etc/network/interfaces.new";
244
245 return undef;
246 }});
247
248 my $check_duplicate = sub {
249 my ($config, $newiface, $key, $name) = @_;
250
251 foreach my $iface (keys %$config) {
252 raise_param_exc({ $key => "$name already exists on interface '$iface'." })
253 if ($newiface ne $iface) && $config->{$iface}->{$key};
254 }
255 };
256
257 my $check_duplicate_gateway = sub {
258 my ($config, $newiface) = @_;
259 return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
260 };
261
262 my $check_duplicate_gateway6 = sub {
263 my ($config, $newiface) = @_;
264 return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
265 };
266
267 sub ipv6_tobin {
268 return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
269 }
270
271 my $check_ipv6_settings = sub {
272 my ($address, $netmask) = @_;
273
274 raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
275 if $netmask < 0 || $netmask > 128;
276
277 raise_param_exc({ address => "$address is not a valid host ip address." })
278 if !Net::IP::ip_is_ipv6($address);
279
280 my $binip = ipv6_tobin($address);
281 my $binmask = Net::IP::ip_get_mask($netmask, 6);
282
283 my $type = Net::IP::ip_iptypev6($binip);
284
285 raise_param_exc({ address => "$address is not a valid host ip address." })
286 if ($binip eq $binmask) ||
287 (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/);
288 };
289
290 my $map_cidr_to_address_netmask = sub {
291 my ($param) = @_;
292
293 if ($param->{cidr}) {
294 raise_param_exc({ address => "address conflicts with cidr" })
295 if $param->{address};
296 raise_param_exc({ netmask => "netmask conflicts with cidr" })
297 if $param->{netmask};
298
299 my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!;
300 $param->{address} = $address;
301 $param->{netmask} = $netmask;
302 delete $param->{cidr};
303 }
304
305 if ($param->{cidr6}) {
306 raise_param_exc({ address6 => "address6 conflicts with cidr6" })
307 if $param->{address6};
308 raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" })
309 if $param->{netmask6};
310
311 my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!;
312 $param->{address6} = $address;
313 $param->{netmask6} = $netmask;
314 delete $param->{cidr6};
315 }
316 };
317
318 __PACKAGE__->register_method({
319 name => 'create_network',
320 path => '',
321 method => 'POST',
322 description => "Create network device configuration",
323 protected => 1,
324 proxyto => 'node',
325 parameters => {
326 additionalProperties => 0,
327 properties => json_config_properties({
328 node => get_standard_option('pve-node'),
329 iface => get_standard_option('pve-iface')}),
330 },
331 returns => { type => 'null' },
332 code => sub {
333 my ($param) = @_;
334
335 my $node = extract_param($param, 'node');
336 my $iface = extract_param($param, 'iface');
337
338 my $code = sub {
339 my $config = PVE::INotify::read_file('interfaces');
340 my $ifaces = $config->{ifaces};
341
342 raise_param_exc({ iface => "interface already exists" })
343 if $ifaces->{$iface};
344
345 &$check_duplicate_gateway($ifaces, $iface)
346 if $param->{gateway};
347 &$check_duplicate_gateway6($ifaces, $iface)
348 if $param->{gateway6};
349
350 $map_cidr_to_address_netmask->($param);
351
352 &$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
353 if $param->{address6};
354
355 my $families = $param->{families} = [];
356 push @$families, 'inet'
357 if $param->{address} && !grep(/^inet$/, @$families);
358 push @$families, 'inet6'
359 if $param->{address6} && !grep(/^inet6$/, @$families);
360 @$families = ('inet') if !scalar(@$families);
361
362 $param->{method} = $param->{address} ? 'static' : 'manual';
363 $param->{method6} = $param->{address6} ? 'static' : 'manual';
364
365 if ($param->{type} =~ m/^OVS/) {
366 -x '/usr/bin/ovs-vsctl' ||
367 die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
368 }
369
370 if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') {
371 my $brname = $param->{ovs_bridge};
372 raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
373 my $br = $ifaces->{$brname};
374 raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
375 raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" })
376 if $br->{type} ne 'OVSBridge';
377
378 my @ports = split (/\s+/, $br->{ovs_ports} || '');
379 $br->{ovs_ports} = join(' ', @ports, $iface)
380 if ! grep { $_ eq $iface } @ports;
381 }
382
383 $ifaces->{$iface} = $param;
384
385 PVE::INotify::write_file('interfaces', $config);
386 };
387
388 PVE::Tools::lock_file($iflockfn, 10, $code);
389 die $@ if $@;
390
391 return undef;
392 }});
393
394 __PACKAGE__->register_method({
395 name => 'update_network',
396 path => '{iface}',
397 method => 'PUT',
398 description => "Update network device configuration",
399 protected => 1,
400 proxyto => 'node',
401 parameters => {
402 additionalProperties => 0,
403 properties => json_config_properties({
404 node => get_standard_option('pve-node'),
405 iface => get_standard_option('pve-iface'),
406 delete => {
407 type => 'string', format => 'pve-configid-list',
408 description => "A list of settings you want to delete.",
409 optional => 1,
410 }}),
411 },
412 returns => { type => 'null' },
413 code => sub {
414 my ($param) = @_;
415
416 my $node = extract_param($param, 'node');
417 my $iface = extract_param($param, 'iface');
418 my $delete = extract_param($param, 'delete');
419
420 my $code = sub {
421 my $config = PVE::INotify::read_file('interfaces');
422 my $ifaces = $config->{ifaces};
423
424 raise_param_exc({ iface => "interface does not exist" })
425 if !$ifaces->{$iface};
426
427 my $families = ($param->{families} ||= []);
428 foreach my $k (PVE::Tools::split_list($delete)) {
429 delete $ifaces->{$iface}->{$k};
430 @$families = grep(!/^inet$/, @$families) if $k eq 'address';
431 @$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
432 }
433
434 $map_cidr_to_address_netmask->($param);
435
436 &$check_duplicate_gateway($ifaces, $iface)
437 if $param->{gateway};
438 &$check_duplicate_gateway6($ifaces, $iface)
439 if $param->{gateway6};
440
441 if ($param->{address}) {
442 push @$families, 'inet' if !grep(/^inet$/, @$families);
443 } else {
444 @$families = grep(!/^inet$/, @$families);
445 }
446 if ($param->{address6}) {
447 &$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
448 push @$families, 'inet6' if !grep(/^inet6$/, @$families);
449 } else {
450 @$families = grep(!/^inet6$/, @$families);
451 }
452 @$families = ('inet') if !scalar(@$families);
453
454 $param->{method} = $param->{address} ? 'static' : 'manual';
455 $param->{method6} = $param->{address6} ? 'static' : 'manual';
456
457 foreach my $k (keys %$param) {
458 $ifaces->{$iface}->{$k} = $param->{$k};
459 }
460
461 PVE::INotify::write_file('interfaces', $config);
462 };
463
464 PVE::Tools::lock_file($iflockfn, 10, $code);
465 die $@ if $@;
466
467 return undef;
468 }});
469
470 __PACKAGE__->register_method({
471 name => 'network_config',
472 path => '{iface}',
473 method => 'GET',
474 description => "Read network device configuration",
475 proxyto => 'node',
476 permissions => { check => [ 'admin', 'audit' ] },
477 parameters => {
478 additionalProperties => 0,
479 properties => {
480 node => get_standard_option('pve-node'),
481 iface => get_standard_option('pve-iface'),
482 },
483 },
484 returns => {
485 type => "object",
486 properties => {
487 type => {
488 type => 'string',
489 },
490 method => {
491 type => 'string',
492 },
493 },
494 },
495 code => sub {
496 my ($param) = @_;
497
498 my $config = PVE::INotify::read_file('interfaces');
499 my $ifaces = $config->{ifaces};
500
501 raise_param_exc({ iface => "interface does not exist" })
502 if !$ifaces->{$param->{iface}};
503
504 return $ifaces->{$param->{iface}};
505 }});
506
507 __PACKAGE__->register_method({
508 name => 'delete_network',
509 path => '{iface}',
510 method => 'DELETE',
511 description => "Delete network device configuration",
512 protected => 1,
513 proxyto => 'node',
514 parameters => {
515 additionalProperties => 0,
516 properties => {
517 node => get_standard_option('pve-node'),
518 iface => get_standard_option('pve-iface'),
519 },
520 },
521 returns => { type => 'null' },
522 code => sub {
523 my ($param) = @_;
524
525 my $code = sub {
526 my $config = PVE::INotify::read_file('interfaces');
527 my $ifaces = $config->{ifaces};
528
529 raise_param_exc({ iface => "interface does not exist" })
530 if !$ifaces->{$param->{iface}};
531
532 my $d = $ifaces->{$param->{iface}};
533 if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') {
534 if (my $brname = $d->{ovs_bridge}) {
535 if (my $br = $ifaces->{$brname}) {
536 if ($br->{ovs_ports}) {
537 my @ports = split (/\s+/, $br->{ovs_ports});
538 my @new = grep { $_ ne $param->{iface} } @ports;
539 $br->{ovs_ports} = join(' ', @new);
540 }
541 }
542 }
543 }
544
545 delete $ifaces->{$param->{iface}};
546
547 PVE::INotify::write_file('interfaces', $config);
548 };
549
550 PVE::Tools::lock_file($iflockfn, 10, $code);
551 die $@ if $@;
552
553 return undef;
554 }});
555
556 1;
PMG API