[pve-manager.git] / PVE / API2 / Network.pm

package PVE::API2::Network;

use strict;
use warnings;

use Net::IP qw(:PROC);
use PVE::Tools qw(extract_param dir_glob_regex);
use PVE::SafeSyslog;
use PVE::INotify;
use PVE::Exception qw(raise_param_exc);
use PVE::RESTHandler;
use PVE::RPCEnvironment;
use PVE::JSONSchema qw(get_standard_option);
use PVE::AccessControl;
use IO::File;

use base qw(PVE::RESTHandler);

my $have_sdn;
eval {
    require PVE::API2::Network::SDN;
    $have_sdn = 1;
};

my $iflockfn = "/etc/network/.pve-interfaces.lock";

my $bond_mode_enum = [
    'balance-rr',
    'active-backup', # OVS and Linux
    'balance-xor',
    'broadcast',
    '802.3ad',
    'balance-tlb',
    'balance-alb',
    'balance-slb', # OVS 
    'lacp-balance-slb', # OVS
    'lacp-balance-tcp', # OVS
    ];

my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
			 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];

my $confdesc = {
    type => {
	description => "Network interface type",
	type => 'string',
	enum => [@$network_type_enum, 'unknown'],
    },
    comments => {
	description => "Comments",
	type => 'string',
	optional => 1,
    },
    comments6 => {
	description => "Comments",
	type => 'string',
	optional => 1,
    },
    autostart => {
	description => "Automatically start interface on boot.",
	type => 'boolean',
	optional => 1,
    },
    bridge_vlan_aware => {
	description => "Enable bridge vlan support.",
	type => 'boolean',
	optional => 1,
    },
    bridge_ports => {
	description => "Specify the interfaces you want to add to your bridge.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_ports => {
	description => "Specify the interfaces you want to add to your bridge.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_tag => {
	description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
	optional => 1,
	type => 'integer',
	minimum => 1,
	maximum => 4094,
    },
    ovs_options => {
	description => "OVS interface options.",
	optional => 1,
	type => 'string',
	maxLength => 1024,
    },
    ovs_bridge => {
	description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
	optional => 1,
	type => 'string', format => 'pve-iface',
    },
    slaves => {
	description => "Specify the interfaces used by the bonding device.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_bonds => {
	description => "Specify the interfaces used by the bonding device.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    bond_mode => {
	description => "Bonding mode.",
	optional => 1,
	type => 'string', enum => $bond_mode_enum,
    },
    bond_xmit_hash_policy => {
	description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
	optional => 1,
	type => 'string', 
	enum => ['layer2', 'layer2+3', 'layer3+4' ],
    },
    gateway => {
	description => 'Default gateway address.',
	type => 'string', format => 'ipv4',
	optional => 1,
    },
    netmask => {
	description => 'Network mask.',
	type => 'string', format => 'ipv4mask',
	optional => 1,
	requires => 'address',
    },
    address => {
	description => 'IP address.',
	type => 'string', format => 'ipv4',
	optional => 1,
	requires => 'netmask',
    },
    cidr => {
	description => 'IPv4 CIDR.',
	type => 'string', format => 'CIDRv4',
	optional => 1,
    },
    gateway6 => {
	description => 'Default ipv6 gateway address.',
	type => 'string', format => 'ipv6',
	optional => 1,
    },
    netmask6 => {
	description => 'Network mask.',
	type => 'integer', minimum => 0, maximum => 128,
	optional => 1,
	requires => 'address6',
    },
    address6 => {
	description => 'IP address.',
	type => 'string', format => 'ipv6',
	optional => 1,
	requires => 'netmask6',
    },
    cidr6 => {
	description => 'IPv6 CIDR.',
	type => 'string', format => 'CIDRv6',
	optional => 1,
    },
};

sub json_config_properties {
    my $prop = shift;

    foreach my $opt (keys %$confdesc) {
	$prop->{$opt} = $confdesc->{$opt};
    }

    return $prop;
}

__PACKAGE__->register_method({
    name => 'index', 
    path => '', 
    method => 'GET',
    permissions => { user => 'all' },
    description => "List available networks",
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    type => {
		description => "Only list specific interface types.",
		type => 'string',
		enum => [ @$network_type_enum, 'any_bridge' ],
		optional => 1,
	    },
	},
    },
    returns => {
	type => "array",
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{iface}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();

	my $tmp = PVE::INotify::read_file('interfaces', 1);
	my $config = $tmp->{data};
	my $changes = $tmp->{changes};

	$rpcenv->set_result_attrib('changes', $changes) if $changes;

	my $ifaces = $config->{ifaces};

	delete $ifaces->{lo}; # do not list the loopback device

	if ($param->{type}) {
	    foreach my $k (keys %$ifaces) {
		my $type = $ifaces->{$k}->{type};
		my $match =  ($param->{type} eq $type) || (
		    ($param->{type} eq 'any_bridge') && 
		    ($type eq 'bridge' || $type eq 'OVSBridge'));
		delete $ifaces->{$k} if !$match;
	    }
	}

	return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
   }});

__PACKAGE__->register_method({
    name => 'revert_network_changes', 
    path => '', 
    method => 'DELETE',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    protected => 1,
    description => "Revert network configuration changes.",
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	unlink "/etc/network/interfaces.new";

	return undef;
    }});

my $check_duplicate = sub {
    my ($config, $newiface, $key, $name) = @_;

    foreach my $iface (keys %$config) {
	raise_param_exc({ $key => "$name already exists on interface '$iface'." })
	    if ($newiface ne $iface) && $config->{$iface}->{$key};
    }
};

my $check_duplicate_gateway = sub {
    my ($config, $newiface) = @_;
    return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
};

my $check_duplicate_gateway6 = sub {
    my ($config, $newiface) = @_;
    return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
};

sub ipv6_tobin {
    return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
}

my $check_ipv6_settings = sub {
    my ($address, $netmask) = @_;

    raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
	if $netmask < 0 || $netmask > 128;

    raise_param_exc({ address => "$address is not a valid host IPv6 address." })
	if !Net::IP::ip_is_ipv6($address);

    my $binip = ipv6_tobin($address);
    my $binmask = Net::IP::ip_get_mask($netmask, 6);

    my $type = ($binip eq $binmask) ? 'ANYCAST' : Net::IP::ip_iptypev6($binip);

    if (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/) {
	raise_param_exc({ address => "$address with type '$type', cannot be used as host IPv6 address." });
    }
};

my $map_cidr_to_address_netmask = sub {
    my ($param) = @_;

    if ($param->{cidr}) {
	raise_param_exc({ address => "address conflicts with cidr" })
	    if $param->{address};
	raise_param_exc({ netmask => "netmask conflicts with cidr" })
	    if $param->{netmask};

	my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!;
	$param->{address} = $address;
	$param->{netmask} = $netmask;
	delete $param->{cidr};
    }

    if ($param->{cidr6}) {
	raise_param_exc({ address6 => "address6 conflicts with cidr6" })
	    if $param->{address6};
	raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" })
	    if $param->{netmask6};

	my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!;
	$param->{address6} = $address;
	$param->{netmask6} = $netmask;
	delete $param->{cidr6};
    }
};

__PACKAGE__->register_method({
    name => 'create_network', 
    path => '', 
    method => 'POST',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    description => "Create network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => json_config_properties({
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface')}),
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $iface = extract_param($param, 'iface');

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface already exists" })
		if $ifaces->{$iface};

	    &$check_duplicate_gateway($ifaces, $iface)
		if $param->{gateway};
	    &$check_duplicate_gateway6($ifaces, $iface)
		if $param->{gateway6};

	    $map_cidr_to_address_netmask->($param);

	    &$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
		if $param->{address6};

	    my $families = $param->{families} = [];
	    push @$families, 'inet'
		if $param->{address} && !grep(/^inet$/, @$families);
	    push @$families, 'inet6'
		if $param->{address6} && !grep(/^inet6$/, @$families);
	    @$families = ('inet') if !scalar(@$families);

	    $param->{method} = $param->{address} ? 'static' : 'manual'; 
	    $param->{method6} = $param->{address6} ? 'static' : 'manual'; 

	    if ($param->{type} =~ m/^OVS/) {
		-x '/usr/bin/ovs-vsctl' ||
		    die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
	    }

	    if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') {
		my $brname = $param->{ovs_bridge};
		raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
		my $br = $ifaces->{$brname};
		raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
		raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" }) 
		    if $br->{type} ne 'OVSBridge';

		my @ports = split (/\s+/, $br->{ovs_ports} || '');
		$br->{ovs_ports} = join(' ', @ports, $iface)
		    if ! grep { $_ eq $iface } @ports;
	    }

	    $ifaces->{$iface} = $param;

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'update_network', 
    path => '{iface}', 
    method => 'PUT',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    description => "Update network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => json_config_properties({
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	    delete => {
		type => 'string', format => 'pve-configid-list',
		description => "A list of settings you want to delete.",
		optional => 1,
	    }}),
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $iface = extract_param($param, 'iface');
	my $delete = extract_param($param, 'delete');

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface does not exist" })
		if !$ifaces->{$iface};

	    my $families = ($param->{families} ||= []);
	    foreach my $k (PVE::Tools::split_list($delete)) {
		delete $ifaces->{$iface}->{$k};
		@$families = grep(!/^inet$/, @$families) if $k eq 'address';
		@$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
		if ($k eq 'cidr') {
		    delete $ifaces->{$iface}->{netmask};
		    delete $ifaces->{$iface}->{address};
		} elsif ($k eq 'cidr6') {
		    delete $ifaces->{$iface}->{netmask6};
		    delete $ifaces->{$iface}->{address6};
		}
	    }

	    $map_cidr_to_address_netmask->($param);

	    &$check_duplicate_gateway($ifaces, $iface)
		if $param->{gateway};
	    &$check_duplicate_gateway6($ifaces, $iface)
		if $param->{gateway6};

	    if ($param->{address}) {
		push @$families, 'inet' if !grep(/^inet$/, @$families);
	    } else {
		@$families = grep(!/^inet$/, @$families);
	    }
	    if ($param->{address6}) {
		&$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
		push @$families, 'inet6' if !grep(/^inet6$/, @$families);
	    } else {
		@$families = grep(!/^inet6$/, @$families);
	    }
	    @$families = ('inet') if !scalar(@$families);

	    $param->{method} = $param->{address} ? 'static' : 'manual'; 
	    $param->{method6} = $param->{address6} ? 'static' : 'manual'; 

	    foreach my $k (keys %$param) {
		$ifaces->{$iface}->{$k} = $param->{$k};
	    }
	    
	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'network_config', 
    path => '{iface}', 
    method => 'GET',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
    },
    description => "Read network device configuration",
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	},
    },
    returns => {
	type => "object",
	properties => {
	    type => { 
		type => 'string', 
	    },
	    method => {
		type => 'string', 
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	my $config = PVE::INotify::read_file('interfaces');
	my $ifaces = $config->{ifaces};

	raise_param_exc({ iface => "interface does not exist" })
	    if !$ifaces->{$param->{iface}};

	return $ifaces->{$param->{iface}};
   }});

__PACKAGE__->register_method({
    name => 'reload_network_config',
    path => '',
    method => 'PUT',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    description => "Reload network configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => { type => 'string' },
    code => sub {

	my ($param) = @_;

        my $rpcenv = PVE::RPCEnvironment::get();

        my $authuser = $rpcenv->get_user();

	my $current_config_file = "/etc/network/interfaces";
	my $new_config_file = "/etc/network/interfaces.new";

	die "you need ifupdown2 to reload networking\n" if !-e '/usr/share/ifupdown2';
	die "ifupdown2 reload is not compatible if openvswitch currently" if -x '/usr/bin/ovs-vsctl';

	my $worker = sub {

	    rename($new_config_file, $current_config_file) if -e $new_config_file;

	    if ($have_sdn) {
		my $rawconfig = PVE::Network::SDN::generate_etc_network_config();
		PVE::Network::SDN::write_etc_network_config($rawconfig);
	    }

	    my $cmd = ['ifreload', '-a'];

	    my $err = sub {
		my $line = shift;
		if ($line =~ /(warning|error): (\S+):/) {
		    print "$2 : $line \n";
		}
	    };

	    PVE::Tools::run_command($cmd,errfunc => $err);
	};
	return $rpcenv->fork_worker('srvreload', 'networking', $authuser, $worker);
   }});

__PACKAGE__->register_method({
    name => 'delete_network', 
    path => '{iface}', 
    method => 'DELETE',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    description => "Delete network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface does not exist" })
		if !$ifaces->{$param->{iface}};

	    my $d = $ifaces->{$param->{iface}};
	    if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') {
		if (my $brname = $d->{ovs_bridge}) {
		    if (my $br = $ifaces->{$brname}) {
			if ($br->{ovs_ports}) {
			    my @ports = split (/\s+/, $br->{ovs_ports});
			    my @new = grep { $_ ne $param->{iface} } @ports;
			    $br->{ovs_ports} = join(' ', @new);
			}
		    }
		}
	    }

	    delete $ifaces->{$param->{iface}};

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});
Commit	Line	Data
aff192e6 DM	1	package PVE::API2::Network;
	2
	3	use strict;
	4	use warnings;
	5
d09f6f7d	6	use Net::IP qw(:PROC);
cacd7547	7	use PVE::Tools qw(extract_param dir_glob_regex);
aff192e6 DM	8	use PVE::SafeSyslog;
	9	use PVE::INotify;
	10	use PVE::Exception qw(raise_param_exc);
	11	use PVE::RESTHandler;
	12	use PVE::RPCEnvironment;
	13	use PVE::JSONSchema qw(get_standard_option);
	14	use PVE::AccessControl;
	15	use IO::File;
	16
	17	use base qw(PVE::RESTHandler);
	18
2bca9b77 AD	19	my $have_sdn;
	20	eval {
	21	require PVE::API2::Network::SDN;
	22	$have_sdn = 1;
	23	};
	24
aff192e6 DM	25	my $iflockfn = "/etc/network/.pve-interfaces.lock";
	26
	27	my $bond_mode_enum = [
	28	'balance-rr',
10a9563e	29	'active-backup', # OVS and Linux
aff192e6 DM	30	'balance-xor',
	31	'broadcast',
	32	'802.3ad',
	33	'balance-tlb',
d11733f8	34	'balance-alb',
10a9563e DM	35	'balance-slb', # OVS
	36	'lacp-balance-slb', # OVS
	37	'lacp-balance-tcp', # OVS
aff192e6 DM	38	];
aff192e6 DM	39
3f0d1a4b	40	my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
d11733f8 DM	41	'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
d11733f8 DM	42
aff192e6	43	my $confdesc = {
d11733f8 DM	44	type => {
	45	description => "Network interface type",
	46	type => 'string',
	47	enum => [@$network_type_enum, 'unknown'],
	48	},
44d353a7 DM	49	comments => {
	50	description => "Comments",
	51	type => 'string',
b5eda023	52	optional => 1,
44d353a7	53	},
3ed15e6c WB	54	comments6 => {
	55	description => "Comments",
	56	type => 'string',
	57	optional => 1,
	58	},
aff192e6 DM	59	autostart => {
	60	description => "Automatically start interface on boot.",
	61	type => 'boolean',
	62	optional => 1,
	63	},
a1604d70 AD	64	bridge_vlan_aware => {
	65	description => "Enable bridge vlan support.",
	66	type => 'boolean',
	67	optional => 1,
	68	},
aff192e6	69	bridge_ports => {
76189130	70	description => "Specify the interfaces you want to add to your bridge.",
aff192e6 DM	71	optional => 1,
	72	type => 'string', format => 'pve-iface-list',
	73	},
d11733f8	74	ovs_ports => {
76189130	75	description => "Specify the interfaces you want to add to your bridge.",
d11733f8 DM	76	optional => 1,
	77	type => 'string', format => 'pve-iface-list',
	78	},
4c917e97 DM	79	ovs_tag => {
	80	description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
	81	optional => 1,
	82	type => 'integer',
	83	minimum => 1,
	84	maximum => 4094,
	85	},
d11733f8 DM	86	ovs_options => {
	87	description => "OVS interface options.",
	88	optional => 1,
	89	type => 'string',
	90	maxLength => 1024,
	91	},
	92	ovs_bridge => {
	93	description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
	94	optional => 1,
	95	type => 'string', format => 'pve-iface',
	96	},
aff192e6 DM	97	slaves => {
	98	description => "Specify the interfaces used by the bonding device.",
	99	optional => 1,
	100	type => 'string', format => 'pve-iface-list',
	101	},
d11733f8 DM	102	ovs_bonds => {
	103	description => "Specify the interfaces used by the bonding device.",
	104	optional => 1,
	105	type => 'string', format => 'pve-iface-list',
	106	},
aff192e6 DM	107	bond_mode => {
	108	description => "Bonding mode.",
	109	optional => 1,
	110	type => 'string', enum => $bond_mode_enum,
	111	},
ffffb625 DM	112	bond_xmit_hash_policy => {
	113	description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
	114	optional => 1,
	115	type => 'string',
	116	enum => ['layer2', 'layer2+3', 'layer3+4' ],
	117	},
aff192e6 DM	118	gateway => {
	119	description => 'Default gateway address.',
	120	type => 'string', format => 'ipv4',
	121	optional => 1,
	122	},
	123	netmask => {
	124	description => 'Network mask.',
	125	type => 'string', format => 'ipv4mask',
	126	optional => 1,
1904114e	127	requires => 'address',
aff192e6 DM	128	},
	129	address => {
	130	description => 'IP address.',
	131	type => 'string', format => 'ipv4',
	132	optional => 1,
	133	requires => 'netmask',
3ed15e6c	134	},
69106e5c DC	135	cidr => {
	136	description => 'IPv4 CIDR.',
	137	type => 'string', format => 'CIDRv4',
	138	optional => 1,
	139	},
3ed15e6c WB	140	gateway6 => {
	141	description => 'Default ipv6 gateway address.',
	142	type => 'string', format => 'ipv6',
	143	optional => 1,
	144	},
	145	netmask6 => {
	146	description => 'Network mask.',
	147	type => 'integer', minimum => 0, maximum => 128,
	148	optional => 1,
	149	requires => 'address6',
	150	},
	151	address6 => {
	152	description => 'IP address.',
	153	type => 'string', format => 'ipv6',
	154	optional => 1,
	155	requires => 'netmask6',
69106e5c DC	156	},
	157	cidr6 => {
	158	description => 'IPv6 CIDR.',
	159	type => 'string', format => 'CIDRv6',
	160	optional => 1,
	161	},
aff192e6 DM	162	};
	163
	164	sub json_config_properties {
	165	my $prop = shift;
	166
	167	foreach my $opt (keys %$confdesc) {
	168	$prop->{$opt} = $confdesc->{$opt};
	169	}
	170
	171	return $prop;
	172	}
	173
	174	__PACKAGE__->register_method({
	175	name => 'index',
	176	path => '',
	177	method => 'GET',
	178	permissions => { user => 'all' },
	179	description => "List available networks",
	180	proxyto => 'node',
	181	parameters => {
	182	additionalProperties => 0,
	183	properties => {
	184	node => get_standard_option('pve-node'),
	185	type => {
	186	description => "Only list specific interface types.",
	187	type => 'string',
4c917e97	188	enum => [ @$network_type_enum, 'any_bridge' ],
aff192e6 DM	189	optional => 1,
	190	},
	191	},
	192	},
	193	returns => {
	194	type => "array",
	195	items => {
	196	type => "object",
	197	properties => {},
	198	},
	199	links => [ { rel => 'child', href => "{iface}" } ],
	200	},
	201	code => sub {
	202	my ($param) = @_;
	203
e4d5bf72 DM	204	my $rpcenv = PVE::RPCEnvironment::get();
	205
	206	my $tmp = PVE::INotify::read_file('interfaces', 1);
	207	my $config = $tmp->{data};
	208	my $changes = $tmp->{changes};
	209
	210	$rpcenv->set_result_attrib('changes', $changes) if $changes;
aff192e6	211
3ed15e6c WB	212	my $ifaces = $config->{ifaces};
	213
	214	delete $ifaces->{lo}; # do not list the loopback device
aff192e6 DM	215
aff192e6 DM	216	if ($param->{type}) {
3ed15e6c WB	217	foreach my $k (keys %$ifaces) {
3ed15e6c WB	218	my $type = $ifaces->{$k}->{type};
4c917e97 DM	219	my $match = ($param->{type} eq $type) \|\| (
	220	($param->{type} eq 'any_bridge') &&
	221	($type eq 'bridge' \|\| $type eq 'OVSBridge'));
3ed15e6c	222	delete $ifaces->{$k} if !$match;
aff192e6 DM	223	}
	224	}
	225
3ed15e6c	226	return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
aff192e6 DM	227	}});
aff192e6 DM	228
e4d5bf72 DM	229	__PACKAGE__->register_method({
	230	name => 'revert_network_changes',
	231	path => '',
	232	method => 'DELETE',
	233	permissions => {
	234	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
	235	},
	236	protected => 1,
	237	description => "Revert network configuration changes.",
	238	proxyto => 'node',
	239	parameters => {
	240	additionalProperties => 0,
	241	properties => {
	242	node => get_standard_option('pve-node'),
	243	},
	244	},
	245	returns => { type => "null" },
	246	code => sub {
	247	my ($param) = @_;
	248
	249	unlink "/etc/network/interfaces.new";
	250
	251	return undef;
	252	}});
aff192e6	253
3ed15e6c WB	254	my $check_duplicate = sub {
3ed15e6c WB	255	my ($config, $newiface, $key, $name) = @_;
aff192e6 DM	256
aff192e6 DM	257	foreach my $iface (keys %$config) {
3ed15e6c WB	258	raise_param_exc({ $key => "$name already exists on interface '$iface'." })
3ed15e6c WB	259	if ($newiface ne $iface) && $config->{$iface}->{$key};
aff192e6 DM	260	}
	261	};
	262
3ed15e6c WB	263	my $check_duplicate_gateway = sub {
	264	my ($config, $newiface) = @_;
	265	return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
	266	};
	267
	268	my $check_duplicate_gateway6 = sub {
	269	my ($config, $newiface) = @_;
	270	return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
	271	};
	272
3ed15e6c WB	273	sub ipv6_tobin {
	274	return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
	275	}
	276
	277	my $check_ipv6_settings = sub {
	278	my ($address, $netmask) = @_;
	279
	280	raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
	281	if $netmask < 0 \|\| $netmask > 128;
	282
0f6e6f6b	283	raise_param_exc({ address => "$address is not a valid host IPv6 address." })
3ed15e6c WB	284	if !Net::IP::ip_is_ipv6($address);
	285
	286	my $binip = ipv6_tobin($address);
	287	my $binmask = Net::IP::ip_get_mask($netmask, 6);
	288
0f6e6f6b	289	my $type = ($binip eq $binmask) ? 'ANYCAST' : Net::IP::ip_iptypev6($binip);
3ed15e6c	290
0f6e6f6b	291	if (defined($type) && $type !~ /^(?:(?:GLOBAL\|(?:UNIQUE\|LINK)-LOCAL)-UNICAST)$/) {
68f371d4	292	raise_param_exc({ address => "$address with type '$type', cannot be used as host IPv6 address." });
0f6e6f6b	293	}
3ed15e6c WB	294	};
3ed15e6c WB	295
69106e5c DC	296	my $map_cidr_to_address_netmask = sub {
	297	my ($param) = @_;
	298
	299	if ($param->{cidr}) {
	300	raise_param_exc({ address => "address conflicts with cidr" })
	301	if $param->{address};
	302	raise_param_exc({ netmask => "netmask conflicts with cidr" })
	303	if $param->{netmask};
	304
	305	my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!;
	306	$param->{address} = $address;
	307	$param->{netmask} = $netmask;
	308	delete $param->{cidr};
	309	}
	310
	311	if ($param->{cidr6}) {
	312	raise_param_exc({ address6 => "address6 conflicts with cidr6" })
	313	if $param->{address6};
	314	raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" })
	315	if $param->{netmask6};
	316
	317	my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!;
	318	$param->{address6} = $address;
	319	$param->{netmask6} = $netmask;
	320	delete $param->{cidr6};
	321	}
	322	};
	323
aff192e6 DM	324	__PACKAGE__->register_method({
	325	name => 'create_network',
	326	path => '',
	327	method => 'POST',
	328	permissions => {
7d020b42	329	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
aff192e6 DM	330	},
	331	description => "Create network device configuration",
	332	protected => 1,
	333	proxyto => 'node',
	334	parameters => {
	335	additionalProperties => 0,
	336	properties => json_config_properties({
	337	node => get_standard_option('pve-node'),
	338	iface => get_standard_option('pve-iface')}),
	339	},
	340	returns => { type => 'null' },
	341	code => sub {
	342	my ($param) = @_;
	343
	344	my $node = extract_param($param, 'node');
	345	my $iface = extract_param($param, 'iface');
	346
	347	my $code = sub {
	348	my $config = PVE::INotify::read_file('interfaces');
3ed15e6c	349	my $ifaces = $config->{ifaces};
aff192e6 DM	350
aff192e6 DM	351	raise_param_exc({ iface => "interface already exists" })
3ed15e6c	352	if $ifaces->{$iface};
aff192e6	353
3ed15e6c	354	&$check_duplicate_gateway($ifaces, $iface)
aff192e6	355	if $param->{gateway};
3ed15e6c WB	356	&$check_duplicate_gateway6($ifaces, $iface)
3ed15e6c WB	357	if $param->{gateway6};
aff192e6	358
69106e5c DC	359	$map_cidr_to_address_netmask->($param);
69106e5c DC	360
3ed15e6c WB	361	&$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
	362	if $param->{address6};
	363
	364	my $families = $param->{families} = [];
	365	push @$families, 'inet'
	366	if $param->{address} && !grep(/^inet$/, @$families);
	367	push @$families, 'inet6'
	368	if $param->{address6} && !grep(/^inet6$/, @$families);
	369	@$families = ('inet') if !scalar(@$families);
e16a27be	370
aff192e6	371	$param->{method} = $param->{address} ? 'static' : 'manual';
3ed15e6c	372	$param->{method6} = $param->{address6} ? 'static' : 'manual';
aff192e6	373
bdfa2498 DM	374	if ($param->{type} =~ m/^OVS/) {
	375	-x '/usr/bin/ovs-vsctl' \|\|
	376	die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
	377	}
	378
d11733f8 DM	379	if ($param->{type} eq 'OVSIntPort' \|\| $param->{type} eq 'OVSBond') {
	380	my $brname = $param->{ovs_bridge};
	381	raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
3ed15e6c	382	my $br = $ifaces->{$brname};
d11733f8 DM	383	raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
	384	raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" })
	385	if $br->{type} ne 'OVSBridge';
	386
	387	my @ports = split (/\s+/, $br->{ovs_ports} \|\| '');
	388	$br->{ovs_ports} = join(' ', @ports, $iface)
	389	if ! grep { $_ eq $iface } @ports;
	390	}
	391
3ed15e6c	392	$ifaces->{$iface} = $param;
aff192e6 DM	393
	394	PVE::INotify::write_file('interfaces', $config);
	395	};
	396
	397	PVE::Tools::lock_file($iflockfn, 10, $code);
	398	die $@ if $@;
	399
	400	return undef;
	401	}});
	402
	403	__PACKAGE__->register_method({
	404	name => 'update_network',
	405	path => '{iface}',
	406	method => 'PUT',
	407	permissions => {
7d020b42	408	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
aff192e6 DM	409	},
	410	description => "Update network device configuration",
	411	protected => 1,
	412	proxyto => 'node',
	413	parameters => {
	414	additionalProperties => 0,
	415	properties => json_config_properties({
	416	node => get_standard_option('pve-node'),
	417	iface => get_standard_option('pve-iface'),
	418	delete => {
	419	type => 'string', format => 'pve-configid-list',
	420	description => "A list of settings you want to delete.",
	421	optional => 1,
	422	}}),
	423	},
	424	returns => { type => 'null' },
	425	code => sub {
	426	my ($param) = @_;
	427
	428	my $node = extract_param($param, 'node');
	429	my $iface = extract_param($param, 'iface');
	430	my $delete = extract_param($param, 'delete');
	431
	432	my $code = sub {
	433	my $config = PVE::INotify::read_file('interfaces');
3ed15e6c	434	my $ifaces = $config->{ifaces};
aff192e6 DM	435
aff192e6 DM	436	raise_param_exc({ iface => "interface does not exist" })
3ed15e6c	437	if !$ifaces->{$iface};
aff192e6	438
3ed15e6c	439	my $families = ($param->{families} \|\|= []);
aff192e6	440	foreach my $k (PVE::Tools::split_list($delete)) {
3ed15e6c WB	441	delete $ifaces->{$iface}->{$k};
	442	@$families = grep(!/^inet$/, @$families) if $k eq 'address';
	443	@$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
47d13c02 DC	444	if ($k eq 'cidr') {
	445	delete $ifaces->{$iface}->{netmask};
	446	delete $ifaces->{$iface}->{address};
	447	} elsif ($k eq 'cidr6') {
	448	delete $ifaces->{$iface}->{netmask6};
	449	delete $ifaces->{$iface}->{address6};
	450	}
aff192e6 DM	451	}
aff192e6 DM	452
69106e5c DC	453	$map_cidr_to_address_netmask->($param);
69106e5c DC	454
3ed15e6c	455	&$check_duplicate_gateway($ifaces, $iface)
aff192e6	456	if $param->{gateway};
3ed15e6c WB	457	&$check_duplicate_gateway6($ifaces, $iface)
	458	if $param->{gateway6};
	459
	460	if ($param->{address}) {
3ed15e6c WB	461	push @$families, 'inet' if !grep(/^inet$/, @$families);
	462	} else {
	463	@$families = grep(!/^inet$/, @$families);
	464	}
	465	if ($param->{address6}) {
	466	&$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
	467	push @$families, 'inet6' if !grep(/^inet6$/, @$families);
	468	} else {
	469	@$families = grep(!/^inet6$/, @$families);
	470	}
	471	@$families = ('inet') if !scalar(@$families);
e16a27be	472
aff192e6	473	$param->{method} = $param->{address} ? 'static' : 'manual';
3ed15e6c	474	$param->{method6} = $param->{address6} ? 'static' : 'manual';
aff192e6 DM	475
aff192e6 DM	476	foreach my $k (keys %$param) {
3ed15e6c	477	$ifaces->{$iface}->{$k} = $param->{$k};
aff192e6 DM	478	}
	479
	480	PVE::INotify::write_file('interfaces', $config);
	481	};
	482
	483	PVE::Tools::lock_file($iflockfn, 10, $code);
	484	die $@ if $@;
	485
	486	return undef;
	487	}});
	488
	489	__PACKAGE__->register_method({
	490	name => 'network_config',
	491	path => '{iface}',
	492	method => 'GET',
	493	permissions => {
7d020b42	494	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
aff192e6 DM	495	},
	496	description => "Read network device configuration",
	497	proxyto => 'node',
	498	parameters => {
	499	additionalProperties => 0,
	500	properties => {
	501	node => get_standard_option('pve-node'),
	502	iface => get_standard_option('pve-iface'),
	503	},
	504	},
	505	returns => {
	506	type => "object",
	507	properties => {
	508	type => {
	509	type => 'string',
	510	},
	511	method => {
	512	type => 'string',
	513	},
	514	},
	515	},
	516	code => sub {
	517	my ($param) = @_;
	518
	519	my $config = PVE::INotify::read_file('interfaces');
3ed15e6c	520	my $ifaces = $config->{ifaces};
aff192e6 DM	521
aff192e6 DM	522	raise_param_exc({ iface => "interface does not exist" })
3ed15e6c	523	if !$ifaces->{$param->{iface}};
aff192e6	524
3ed15e6c	525	return $ifaces->{$param->{iface}};
aff192e6 DM	526	}});
aff192e6 DM	527
cacd7547 AD	528	__PACKAGE__->register_method({
	529	name => 'reload_network_config',
	530	path => '',
	531	method => 'PUT',
	532	permissions => {
	533	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
	534	},
	535	description => "Reload network configuration",
	536	protected => 1,
	537	proxyto => 'node',
	538	parameters => {
	539	additionalProperties => 0,
	540	properties => {
	541	node => get_standard_option('pve-node'),
	542	},
	543	},
	544	returns => { type => 'string' },
	545	code => sub {
	546
	547	my ($param) = @_;
	548
	549	my $rpcenv = PVE::RPCEnvironment::get();
	550
	551	my $authuser = $rpcenv->get_user();
	552
	553	my $current_config_file = "/etc/network/interfaces";
	554	my $new_config_file = "/etc/network/interfaces.new";
	555
930d2678	556	die "you need ifupdown2 to reload networking\n" if !-e '/usr/share/ifupdown2';
f31cc71c	557	die "ifupdown2 reload is not compatible if openvswitch currently" if -x '/usr/bin/ovs-vsctl';
cacd7547	558
cacd7547 AD	559	my $worker = sub {
cacd7547 AD	560
e46bf624	561	rename($new_config_file, $current_config_file) if -e $new_config_file;
cacd7547	562
2bca9b77 AD	563	if ($have_sdn) {
	564	my $rawconfig = PVE::Network::SDN::generate_etc_network_config();
	565	PVE::Network::SDN::write_etc_network_config($rawconfig);
	566	}
	567
cacd7547	568	my $cmd = ['ifreload', '-a'];
cacd7547 AD	569
	570	my $err = sub {
	571	my $line = shift;
	572	if ($line =~ /(warning\|error): (\S+):/) {
e46bf624	573	print "$2 : $line \n";
cacd7547 AD	574	}
	575	};
	576
	577	PVE::Tools::run_command($cmd,errfunc => $err);
cacd7547 AD	578	};
	579	return $rpcenv->fork_worker('srvreload', 'networking', $authuser, $worker);
	580	}});
	581
aff192e6 DM	582	__PACKAGE__->register_method({
	583	name => 'delete_network',
	584	path => '{iface}',
	585	method => 'DELETE',
	586	permissions => {
7d020b42	587	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
aff192e6 DM	588	},
	589	description => "Delete network device configuration",
	590	protected => 1,
	591	proxyto => 'node',
	592	parameters => {
	593	additionalProperties => 0,
	594	properties => {
	595	node => get_standard_option('pve-node'),
	596	iface => get_standard_option('pve-iface'),
	597	},
	598	},
	599	returns => { type => 'null' },
	600	code => sub {
	601	my ($param) = @_;
	602
	603	my $code = sub {
	604	my $config = PVE::INotify::read_file('interfaces');
3ed15e6c	605	my $ifaces = $config->{ifaces};
aff192e6 DM	606
aff192e6 DM	607	raise_param_exc({ iface => "interface does not exist" })
3ed15e6c	608	if !$ifaces->{$param->{iface}};
aff192e6	609
3ed15e6c	610	my $d = $ifaces->{$param->{iface}};
d11733f8 DM	611	if ($d->{type} eq 'OVSIntPort' \|\| $d->{type} eq 'OVSBond') {
d11733f8 DM	612	if (my $brname = $d->{ovs_bridge}) {
3ed15e6c	613	if (my $br = $ifaces->{$brname}) {
d11733f8 DM	614	if ($br->{ovs_ports}) {
	615	my @ports = split (/\s+/, $br->{ovs_ports});
	616	my @new = grep { $_ ne $param->{iface} } @ports;
	617	$br->{ovs_ports} = join(' ', @new);
	618	}
	619	}
	620	}
	621	}
	622
3ed15e6c	623	delete $ifaces->{$param->{iface}};
aff192e6 DM	624
	625	PVE::INotify::write_file('interfaces', $config);
	626	};
	627
	628	PVE::Tools::lock_file($iflockfn, 10, $code);
	629	die $@ if $@;
	630
	631	return undef;
	632	}});