]>
Commit | Line | Data |
---|---|---|
aff192e6 DM |
1 | package PVE::API2::Network; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
d09f6f7d | 6 | use Net::IP qw(:PROC); |
aff192e6 DM |
7 | use PVE::Tools qw(extract_param); |
8 | use PVE::SafeSyslog; | |
9 | use PVE::INotify; | |
10 | use PVE::Exception qw(raise_param_exc); | |
11 | use PVE::RESTHandler; | |
12 | use PVE::RPCEnvironment; | |
13 | use PVE::JSONSchema qw(get_standard_option); | |
14 | use PVE::AccessControl; | |
15 | use IO::File; | |
16 | ||
17 | use base qw(PVE::RESTHandler); | |
18 | ||
19 | my $iflockfn = "/etc/network/.pve-interfaces.lock"; | |
20 | ||
21 | my $bond_mode_enum = [ | |
22 | 'balance-rr', | |
10a9563e | 23 | 'active-backup', # OVS and Linux |
aff192e6 DM |
24 | 'balance-xor', |
25 | 'broadcast', | |
26 | '802.3ad', | |
27 | 'balance-tlb', | |
d11733f8 | 28 | 'balance-alb', |
10a9563e DM |
29 | 'balance-slb', # OVS |
30 | 'lacp-balance-slb', # OVS | |
31 | 'lacp-balance-tcp', # OVS | |
aff192e6 DM |
32 | ]; |
33 | ||
d11733f8 DM |
34 | my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', |
35 | 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort']; | |
36 | ||
aff192e6 | 37 | my $confdesc = { |
d11733f8 DM |
38 | type => { |
39 | description => "Network interface type", | |
40 | type => 'string', | |
41 | enum => [@$network_type_enum, 'unknown'], | |
42 | }, | |
44d353a7 DM |
43 | comments => { |
44 | description => "Comments", | |
45 | type => 'string', | |
b5eda023 | 46 | optional => 1, |
44d353a7 | 47 | }, |
3ed15e6c WB |
48 | comments6 => { |
49 | description => "Comments", | |
50 | type => 'string', | |
51 | optional => 1, | |
52 | }, | |
aff192e6 DM |
53 | autostart => { |
54 | description => "Automatically start interface on boot.", | |
55 | type => 'boolean', | |
56 | optional => 1, | |
57 | }, | |
a1604d70 AD |
58 | bridge_vlan_aware => { |
59 | description => "Enable bridge vlan support.", | |
60 | type => 'boolean', | |
61 | optional => 1, | |
62 | }, | |
aff192e6 DM |
63 | bridge_ports => { |
64 | description => "Specify the iterfaces you want to add to your bridge.", | |
65 | optional => 1, | |
66 | type => 'string', format => 'pve-iface-list', | |
67 | }, | |
d11733f8 DM |
68 | ovs_ports => { |
69 | description => "Specify the iterfaces you want to add to your bridge.", | |
70 | optional => 1, | |
71 | type => 'string', format => 'pve-iface-list', | |
72 | }, | |
4c917e97 DM |
73 | ovs_tag => { |
74 | description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)", | |
75 | optional => 1, | |
76 | type => 'integer', | |
77 | minimum => 1, | |
78 | maximum => 4094, | |
79 | }, | |
d11733f8 DM |
80 | ovs_options => { |
81 | description => "OVS interface options.", | |
82 | optional => 1, | |
83 | type => 'string', | |
84 | maxLength => 1024, | |
85 | }, | |
86 | ovs_bridge => { | |
87 | description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.", | |
88 | optional => 1, | |
89 | type => 'string', format => 'pve-iface', | |
90 | }, | |
aff192e6 DM |
91 | slaves => { |
92 | description => "Specify the interfaces used by the bonding device.", | |
93 | optional => 1, | |
94 | type => 'string', format => 'pve-iface-list', | |
95 | }, | |
d11733f8 DM |
96 | ovs_bonds => { |
97 | description => "Specify the interfaces used by the bonding device.", | |
98 | optional => 1, | |
99 | type => 'string', format => 'pve-iface-list', | |
100 | }, | |
aff192e6 DM |
101 | bond_mode => { |
102 | description => "Bonding mode.", | |
103 | optional => 1, | |
104 | type => 'string', enum => $bond_mode_enum, | |
105 | }, | |
ffffb625 DM |
106 | bond_xmit_hash_policy => { |
107 | description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.", | |
108 | optional => 1, | |
109 | type => 'string', | |
110 | enum => ['layer2', 'layer2+3', 'layer3+4' ], | |
111 | }, | |
aff192e6 DM |
112 | gateway => { |
113 | description => 'Default gateway address.', | |
114 | type => 'string', format => 'ipv4', | |
115 | optional => 1, | |
116 | }, | |
117 | netmask => { | |
118 | description => 'Network mask.', | |
119 | type => 'string', format => 'ipv4mask', | |
120 | optional => 1, | |
1904114e | 121 | requires => 'address', |
aff192e6 DM |
122 | }, |
123 | address => { | |
124 | description => 'IP address.', | |
125 | type => 'string', format => 'ipv4', | |
126 | optional => 1, | |
127 | requires => 'netmask', | |
3ed15e6c WB |
128 | }, |
129 | gateway6 => { | |
130 | description => 'Default ipv6 gateway address.', | |
131 | type => 'string', format => 'ipv6', | |
132 | optional => 1, | |
133 | }, | |
134 | netmask6 => { | |
135 | description => 'Network mask.', | |
136 | type => 'integer', minimum => 0, maximum => 128, | |
137 | optional => 1, | |
138 | requires => 'address6', | |
139 | }, | |
140 | address6 => { | |
141 | description => 'IP address.', | |
142 | type => 'string', format => 'ipv6', | |
143 | optional => 1, | |
144 | requires => 'netmask6', | |
aff192e6 DM |
145 | } |
146 | }; | |
147 | ||
148 | sub json_config_properties { | |
149 | my $prop = shift; | |
150 | ||
151 | foreach my $opt (keys %$confdesc) { | |
152 | $prop->{$opt} = $confdesc->{$opt}; | |
153 | } | |
154 | ||
155 | return $prop; | |
156 | } | |
157 | ||
158 | __PACKAGE__->register_method({ | |
159 | name => 'index', | |
160 | path => '', | |
161 | method => 'GET', | |
162 | permissions => { user => 'all' }, | |
163 | description => "List available networks", | |
164 | proxyto => 'node', | |
165 | parameters => { | |
166 | additionalProperties => 0, | |
167 | properties => { | |
168 | node => get_standard_option('pve-node'), | |
169 | type => { | |
170 | description => "Only list specific interface types.", | |
171 | type => 'string', | |
4c917e97 | 172 | enum => [ @$network_type_enum, 'any_bridge' ], |
aff192e6 DM |
173 | optional => 1, |
174 | }, | |
175 | }, | |
176 | }, | |
177 | returns => { | |
178 | type => "array", | |
179 | items => { | |
180 | type => "object", | |
181 | properties => {}, | |
182 | }, | |
183 | links => [ { rel => 'child', href => "{iface}" } ], | |
184 | }, | |
185 | code => sub { | |
186 | my ($param) = @_; | |
187 | ||
e4d5bf72 DM |
188 | my $rpcenv = PVE::RPCEnvironment::get(); |
189 | ||
190 | my $tmp = PVE::INotify::read_file('interfaces', 1); | |
191 | my $config = $tmp->{data}; | |
192 | my $changes = $tmp->{changes}; | |
193 | ||
194 | $rpcenv->set_result_attrib('changes', $changes) if $changes; | |
aff192e6 | 195 | |
3ed15e6c WB |
196 | my $ifaces = $config->{ifaces}; |
197 | ||
198 | delete $ifaces->{lo}; # do not list the loopback device | |
aff192e6 DM |
199 | |
200 | if ($param->{type}) { | |
3ed15e6c WB |
201 | foreach my $k (keys %$ifaces) { |
202 | my $type = $ifaces->{$k}->{type}; | |
4c917e97 DM |
203 | my $match = ($param->{type} eq $type) || ( |
204 | ($param->{type} eq 'any_bridge') && | |
205 | ($type eq 'bridge' || $type eq 'OVSBridge')); | |
3ed15e6c | 206 | delete $ifaces->{$k} if !$match; |
aff192e6 DM |
207 | } |
208 | } | |
209 | ||
3ed15e6c | 210 | return PVE::RESTHandler::hash_to_array($ifaces, 'iface'); |
aff192e6 DM |
211 | }}); |
212 | ||
e4d5bf72 DM |
213 | __PACKAGE__->register_method({ |
214 | name => 'revert_network_changes', | |
215 | path => '', | |
216 | method => 'DELETE', | |
217 | permissions => { | |
218 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
219 | }, | |
220 | protected => 1, | |
221 | description => "Revert network configuration changes.", | |
222 | proxyto => 'node', | |
223 | parameters => { | |
224 | additionalProperties => 0, | |
225 | properties => { | |
226 | node => get_standard_option('pve-node'), | |
227 | }, | |
228 | }, | |
229 | returns => { type => "null" }, | |
230 | code => sub { | |
231 | my ($param) = @_; | |
232 | ||
233 | unlink "/etc/network/interfaces.new"; | |
234 | ||
235 | return undef; | |
236 | }}); | |
aff192e6 | 237 | |
3ed15e6c WB |
238 | my $check_duplicate = sub { |
239 | my ($config, $newiface, $key, $name) = @_; | |
aff192e6 DM |
240 | |
241 | foreach my $iface (keys %$config) { | |
3ed15e6c WB |
242 | raise_param_exc({ $key => "$name already exists on interface '$iface'." }) |
243 | if ($newiface ne $iface) && $config->{$iface}->{$key}; | |
aff192e6 DM |
244 | } |
245 | }; | |
246 | ||
3ed15e6c WB |
247 | my $check_duplicate_gateway = sub { |
248 | my ($config, $newiface) = @_; | |
249 | return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway'); | |
250 | }; | |
251 | ||
252 | my $check_duplicate_gateway6 = sub { | |
253 | my ($config, $newiface) = @_; | |
254 | return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway'); | |
255 | }; | |
256 | ||
e16a27be | 257 | my $check_ipv4_settings = sub { |
1904114e | 258 | my ($address, $netmask) = @_; |
e16a27be | 259 | |
1904114e DM |
260 | my $binip = Net::IP::ip_iptobin($address, 4); |
261 | my $binmask = Net::IP::ip_iptobin($netmask, 4); | |
d09f6f7d | 262 | my $broadcast = Net::IP::ip_iptobin('255.255.255.255', 4); |
e16a27be DP |
263 | my $binhost = $binip | $binmask; |
264 | ||
1904114e | 265 | raise_param_exc({ address => "$address is not a valid host ip address." }) |
e16a27be DP |
266 | if ($binhost eq $binmask) || ($binhost eq $broadcast); |
267 | }; | |
aff192e6 | 268 | |
3ed15e6c WB |
269 | sub ipv6_tobin { |
270 | return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6); | |
271 | } | |
272 | ||
273 | my $check_ipv6_settings = sub { | |
274 | my ($address, $netmask) = @_; | |
275 | ||
276 | raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" }) | |
277 | if $netmask < 0 || $netmask > 128; | |
278 | ||
279 | raise_param_exc({ address => "$address is not a valid host ip address." }) | |
280 | if !Net::IP::ip_is_ipv6($address); | |
281 | ||
282 | my $binip = ipv6_tobin($address); | |
283 | my $binmask = Net::IP::ip_get_mask($netmask, 6); | |
284 | ||
285 | my $type = Net::IP::ip_iptypev6($binip); | |
286 | ||
287 | raise_param_exc({ address => "$address is not a valid host ip address." }) | |
288 | if ($binip eq $binmask) || | |
289 | (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/); | |
290 | }; | |
291 | ||
aff192e6 DM |
292 | __PACKAGE__->register_method({ |
293 | name => 'create_network', | |
294 | path => '', | |
295 | method => 'POST', | |
296 | permissions => { | |
7d020b42 | 297 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
298 | }, |
299 | description => "Create network device configuration", | |
300 | protected => 1, | |
301 | proxyto => 'node', | |
302 | parameters => { | |
303 | additionalProperties => 0, | |
304 | properties => json_config_properties({ | |
305 | node => get_standard_option('pve-node'), | |
306 | iface => get_standard_option('pve-iface')}), | |
307 | }, | |
308 | returns => { type => 'null' }, | |
309 | code => sub { | |
310 | my ($param) = @_; | |
311 | ||
312 | my $node = extract_param($param, 'node'); | |
313 | my $iface = extract_param($param, 'iface'); | |
314 | ||
315 | my $code = sub { | |
316 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 317 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
318 | |
319 | raise_param_exc({ iface => "interface already exists" }) | |
3ed15e6c | 320 | if $ifaces->{$iface}; |
aff192e6 | 321 | |
3ed15e6c | 322 | &$check_duplicate_gateway($ifaces, $iface) |
aff192e6 | 323 | if $param->{gateway}; |
3ed15e6c WB |
324 | &$check_duplicate_gateway6($ifaces, $iface) |
325 | if $param->{gateway6}; | |
aff192e6 | 326 | |
1904114e DM |
327 | &$check_ipv4_settings($param->{address}, $param->{netmask}) |
328 | if $param->{address}; | |
3ed15e6c WB |
329 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})) |
330 | if $param->{address6}; | |
331 | ||
332 | my $families = $param->{families} = []; | |
333 | push @$families, 'inet' | |
334 | if $param->{address} && !grep(/^inet$/, @$families); | |
335 | push @$families, 'inet6' | |
336 | if $param->{address6} && !grep(/^inet6$/, @$families); | |
337 | @$families = ('inet') if !scalar(@$families); | |
e16a27be | 338 | |
aff192e6 | 339 | $param->{method} = $param->{address} ? 'static' : 'manual'; |
3ed15e6c | 340 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; |
aff192e6 | 341 | |
bdfa2498 DM |
342 | if ($param->{type} =~ m/^OVS/) { |
343 | -x '/usr/bin/ovs-vsctl' || | |
344 | die "Open VSwitch is not installed (need package 'openvswitch-switch')\n"; | |
345 | } | |
346 | ||
d11733f8 DM |
347 | if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') { |
348 | my $brname = $param->{ovs_bridge}; | |
349 | raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname; | |
3ed15e6c | 350 | my $br = $ifaces->{$brname}; |
d11733f8 DM |
351 | raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br; |
352 | raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" }) | |
353 | if $br->{type} ne 'OVSBridge'; | |
354 | ||
355 | my @ports = split (/\s+/, $br->{ovs_ports} || ''); | |
356 | $br->{ovs_ports} = join(' ', @ports, $iface) | |
357 | if ! grep { $_ eq $iface } @ports; | |
358 | } | |
359 | ||
3ed15e6c | 360 | $ifaces->{$iface} = $param; |
aff192e6 DM |
361 | |
362 | PVE::INotify::write_file('interfaces', $config); | |
363 | }; | |
364 | ||
365 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
366 | die $@ if $@; | |
367 | ||
368 | return undef; | |
369 | }}); | |
370 | ||
371 | __PACKAGE__->register_method({ | |
372 | name => 'update_network', | |
373 | path => '{iface}', | |
374 | method => 'PUT', | |
375 | permissions => { | |
7d020b42 | 376 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
377 | }, |
378 | description => "Update network device configuration", | |
379 | protected => 1, | |
380 | proxyto => 'node', | |
381 | parameters => { | |
382 | additionalProperties => 0, | |
383 | properties => json_config_properties({ | |
384 | node => get_standard_option('pve-node'), | |
385 | iface => get_standard_option('pve-iface'), | |
386 | delete => { | |
387 | type => 'string', format => 'pve-configid-list', | |
388 | description => "A list of settings you want to delete.", | |
389 | optional => 1, | |
390 | }}), | |
391 | }, | |
392 | returns => { type => 'null' }, | |
393 | code => sub { | |
394 | my ($param) = @_; | |
395 | ||
396 | my $node = extract_param($param, 'node'); | |
397 | my $iface = extract_param($param, 'iface'); | |
398 | my $delete = extract_param($param, 'delete'); | |
399 | ||
400 | my $code = sub { | |
401 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 402 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
403 | |
404 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 405 | if !$ifaces->{$iface}; |
aff192e6 | 406 | |
3ed15e6c | 407 | my $families = ($param->{families} ||= []); |
aff192e6 | 408 | foreach my $k (PVE::Tools::split_list($delete)) { |
3ed15e6c WB |
409 | delete $ifaces->{$iface}->{$k}; |
410 | @$families = grep(!/^inet$/, @$families) if $k eq 'address'; | |
411 | @$families = grep(!/^inet6$/, @$families) if $k eq 'address6'; | |
aff192e6 DM |
412 | } |
413 | ||
3ed15e6c | 414 | &$check_duplicate_gateway($ifaces, $iface) |
aff192e6 | 415 | if $param->{gateway}; |
3ed15e6c WB |
416 | &$check_duplicate_gateway6($ifaces, $iface) |
417 | if $param->{gateway6}; | |
418 | ||
419 | if ($param->{address}) { | |
420 | &$check_ipv4_settings($param->{address}, $param->{netmask}); | |
421 | push @$families, 'inet' if !grep(/^inet$/, @$families); | |
422 | } else { | |
423 | @$families = grep(!/^inet$/, @$families); | |
424 | } | |
425 | if ($param->{address6}) { | |
426 | &$check_ipv6_settings($param->{address6}, int($param->{netmask6})); | |
427 | push @$families, 'inet6' if !grep(/^inet6$/, @$families); | |
428 | } else { | |
429 | @$families = grep(!/^inet6$/, @$families); | |
430 | } | |
431 | @$families = ('inet') if !scalar(@$families); | |
e16a27be | 432 | |
aff192e6 | 433 | $param->{method} = $param->{address} ? 'static' : 'manual'; |
3ed15e6c | 434 | $param->{method6} = $param->{address6} ? 'static' : 'manual'; |
aff192e6 DM |
435 | |
436 | foreach my $k (keys %$param) { | |
3ed15e6c | 437 | $ifaces->{$iface}->{$k} = $param->{$k}; |
aff192e6 DM |
438 | } |
439 | ||
440 | PVE::INotify::write_file('interfaces', $config); | |
441 | }; | |
442 | ||
443 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
444 | die $@ if $@; | |
445 | ||
446 | return undef; | |
447 | }}); | |
448 | ||
449 | __PACKAGE__->register_method({ | |
450 | name => 'network_config', | |
451 | path => '{iface}', | |
452 | method => 'GET', | |
453 | permissions => { | |
7d020b42 | 454 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
455 | }, |
456 | description => "Read network device configuration", | |
457 | proxyto => 'node', | |
458 | parameters => { | |
459 | additionalProperties => 0, | |
460 | properties => { | |
461 | node => get_standard_option('pve-node'), | |
462 | iface => get_standard_option('pve-iface'), | |
463 | }, | |
464 | }, | |
465 | returns => { | |
466 | type => "object", | |
467 | properties => { | |
468 | type => { | |
469 | type => 'string', | |
470 | }, | |
471 | method => { | |
472 | type => 'string', | |
473 | }, | |
474 | }, | |
475 | }, | |
476 | code => sub { | |
477 | my ($param) = @_; | |
478 | ||
479 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 480 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
481 | |
482 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 483 | if !$ifaces->{$param->{iface}}; |
aff192e6 | 484 | |
3ed15e6c | 485 | return $ifaces->{$param->{iface}}; |
aff192e6 DM |
486 | }}); |
487 | ||
488 | __PACKAGE__->register_method({ | |
489 | name => 'delete_network', | |
490 | path => '{iface}', | |
491 | method => 'DELETE', | |
492 | permissions => { | |
7d020b42 | 493 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], |
aff192e6 DM |
494 | }, |
495 | description => "Delete network device configuration", | |
496 | protected => 1, | |
497 | proxyto => 'node', | |
498 | parameters => { | |
499 | additionalProperties => 0, | |
500 | properties => { | |
501 | node => get_standard_option('pve-node'), | |
502 | iface => get_standard_option('pve-iface'), | |
503 | }, | |
504 | }, | |
505 | returns => { type => 'null' }, | |
506 | code => sub { | |
507 | my ($param) = @_; | |
508 | ||
509 | my $code = sub { | |
510 | my $config = PVE::INotify::read_file('interfaces'); | |
3ed15e6c | 511 | my $ifaces = $config->{ifaces}; |
aff192e6 DM |
512 | |
513 | raise_param_exc({ iface => "interface does not exist" }) | |
3ed15e6c | 514 | if !$ifaces->{$param->{iface}}; |
aff192e6 | 515 | |
3ed15e6c | 516 | my $d = $ifaces->{$param->{iface}}; |
d11733f8 DM |
517 | if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') { |
518 | if (my $brname = $d->{ovs_bridge}) { | |
3ed15e6c | 519 | if (my $br = $ifaces->{$brname}) { |
d11733f8 DM |
520 | if ($br->{ovs_ports}) { |
521 | my @ports = split (/\s+/, $br->{ovs_ports}); | |
522 | my @new = grep { $_ ne $param->{iface} } @ports; | |
523 | $br->{ovs_ports} = join(' ', @new); | |
524 | } | |
525 | } | |
526 | } | |
527 | } | |
528 | ||
3ed15e6c | 529 | delete $ifaces->{$param->{iface}}; |
aff192e6 DM |
530 | |
531 | PVE::INotify::write_file('interfaces', $config); | |
532 | }; | |
533 | ||
534 | PVE::Tools::lock_file($iflockfn, 10, $code); | |
535 | die $@ if $@; | |
536 | ||
537 | return undef; | |
538 | }}); |