]>
git.proxmox.com Git - pve-manager.git/blob - PVE/API2/Network.pm
02172f6d10ef157e3600ab83a906a2c368a13cb7
1 package PVE
::API2
::Network
;
7 use PVE
::Tools
qw(extract_param);
10 use PVE
::Exception
qw(raise_param_exc);
12 use PVE
::RPCEnvironment
;
13 use PVE
::JSONSchema
qw(get_standard_option);
14 use PVE
::AccessControl
;
17 use base
qw(PVE::RESTHandler);
19 my $iflockfn = "/etc/network/.pve-interfaces.lock";
21 my $bond_mode_enum = [
23 'active-backup', # OVS and Linux
30 'lacp-balance-slb', # OVS
31 'lacp-balance-tcp', # OVS
34 my $network_type_enum = ['bridge', 'bond', 'eth', 'alias',
35 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
39 description
=> "Network interface type",
41 enum
=> [@$network_type_enum, 'unknown'],
44 description
=> "Comments",
49 description
=> "Comments",
54 description
=> "Automatically start interface on boot.",
58 bridge_vlan_aware
=> {
59 description
=> "Enable bridge vlan support.",
64 description
=> "Specify the iterfaces you want to add to your bridge.",
66 type
=> 'string', format
=> 'pve-iface-list',
69 description
=> "Specify the iterfaces you want to add to your bridge.",
71 type
=> 'string', format
=> 'pve-iface-list',
74 description
=> "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
81 description
=> "OVS interface options.",
87 description
=> "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
89 type
=> 'string', format
=> 'pve-iface',
92 description
=> "Specify the interfaces used by the bonding device.",
94 type
=> 'string', format
=> 'pve-iface-list',
97 description
=> "Specify the interfaces used by the bonding device.",
99 type
=> 'string', format
=> 'pve-iface-list',
102 description
=> "Bonding mode.",
104 type
=> 'string', enum
=> $bond_mode_enum,
106 bond_xmit_hash_policy
=> {
107 description
=> "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
110 enum
=> ['layer2', 'layer2+3', 'layer3+4' ],
113 description
=> 'Default gateway address.',
114 type
=> 'string', format
=> 'ipv4',
118 description
=> 'Network mask.',
119 type
=> 'string', format
=> 'ipv4mask',
121 requires
=> 'address',
124 description
=> 'IP address.',
125 type
=> 'string', format
=> 'ipv4',
127 requires
=> 'netmask',
130 description
=> 'Default ipv6 gateway address.',
131 type
=> 'string', format
=> 'ipv6',
135 description
=> 'Network mask.',
136 type
=> 'integer', minimum
=> 0, maximum
=> 128,
138 requires
=> 'address6',
141 description
=> 'IP address.',
142 type
=> 'string', format
=> 'ipv6',
144 requires
=> 'netmask6',
148 sub json_config_properties
{
151 foreach my $opt (keys %$confdesc) {
152 $prop->{$opt} = $confdesc->{$opt};
158 __PACKAGE__-
>register_method({
162 permissions
=> { user
=> 'all' },
163 description
=> "List available networks",
166 additionalProperties
=> 0,
168 node
=> get_standard_option
('pve-node'),
170 description
=> "Only list specific interface types.",
172 enum
=> [ @$network_type_enum, 'any_bridge' ],
183 links
=> [ { rel
=> 'child', href
=> "{iface}" } ],
188 my $rpcenv = PVE
::RPCEnvironment
::get
();
190 my $tmp = PVE
::INotify
::read_file
('interfaces', 1);
191 my $config = $tmp->{data
};
192 my $changes = $tmp->{changes
};
194 $rpcenv->set_result_attrib('changes', $changes) if $changes;
196 my $ifaces = $config->{ifaces
};
198 delete $ifaces->{lo
}; # do not list the loopback device
200 if ($param->{type
}) {
201 foreach my $k (keys %$ifaces) {
202 my $type = $ifaces->{$k}->{type
};
203 my $match = ($param->{type
} eq $type) || (
204 ($param->{type
} eq 'any_bridge') &&
205 ($type eq 'bridge' || $type eq 'OVSBridge'));
206 delete $ifaces->{$k} if !$match;
210 return PVE
::RESTHandler
::hash_to_array
($ifaces, 'iface');
213 __PACKAGE__-
>register_method({
214 name
=> 'revert_network_changes',
218 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
221 description
=> "Revert network configuration changes.",
224 additionalProperties
=> 0,
226 node
=> get_standard_option
('pve-node'),
229 returns
=> { type
=> "null" },
233 unlink "/etc/network/interfaces.new";
238 my $check_duplicate = sub {
239 my ($config, $newiface, $key, $name) = @_;
241 foreach my $iface (keys %$config) {
242 raise_param_exc
({ $key => "$name already exists on interface '$iface'." })
243 if ($newiface ne $iface) && $config->{$iface}->{$key};
247 my $check_duplicate_gateway = sub {
248 my ($config, $newiface) = @_;
249 return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
252 my $check_duplicate_gateway6 = sub {
253 my ($config, $newiface) = @_;
254 return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
257 my $check_ipv4_settings = sub {
258 my ($address, $netmask) = @_;
260 my $binip = Net
::IP
::ip_iptobin
($address, 4);
261 my $binmask = Net
::IP
::ip_iptobin
($netmask, 4);
262 my $broadcast = Net
::IP
::ip_iptobin
('255.255.255.255', 4);
263 my $binhost = $binip | $binmask;
265 raise_param_exc
({ address
=> "$address is not a valid host ip address." })
266 if ($binhost eq $binmask) || ($binhost eq $broadcast);
270 return Net
::IP
::ip_iptobin
(Net
::IP
::ip_expand_address
(shift, 6), 6);
273 my $check_ipv6_settings = sub {
274 my ($address, $netmask) = @_;
276 raise_param_exc
({ netmask
=> "$netmask is not a valid subnet length for ipv6" })
277 if $netmask < 0 || $netmask > 128;
279 raise_param_exc
({ address
=> "$address is not a valid host ip address." })
280 if !Net
::IP
::ip_is_ipv6
($address);
282 my $binip = ipv6_tobin
($address);
283 my $binmask = Net
::IP
::ip_get_mask
($netmask, 6);
285 my $type = Net
::IP
::ip_iptypev6
($binip);
287 raise_param_exc
({ address
=> "$address is not a valid host ip address." })
288 if ($binip eq $binmask) ||
289 (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/);
292 __PACKAGE__-
>register_method({
293 name
=> 'create_network',
297 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
299 description
=> "Create network device configuration",
303 additionalProperties
=> 0,
304 properties
=> json_config_properties
({
305 node
=> get_standard_option
('pve-node'),
306 iface
=> get_standard_option
('pve-iface')}),
308 returns
=> { type
=> 'null' },
312 my $node = extract_param
($param, 'node');
313 my $iface = extract_param
($param, 'iface');
316 my $config = PVE
::INotify
::read_file
('interfaces');
317 my $ifaces = $config->{ifaces
};
319 raise_param_exc
({ iface
=> "interface already exists" })
320 if $ifaces->{$iface};
322 &$check_duplicate_gateway($ifaces, $iface)
323 if $param->{gateway
};
324 &$check_duplicate_gateway6($ifaces, $iface)
325 if $param->{gateway6
};
327 &$check_ipv4_settings($param->{address
}, $param->{netmask
})
328 if $param->{address
};
329 &$check_ipv6_settings($param->{address6
}, int($param->{netmask6
}))
330 if $param->{address6
};
332 my $families = $param->{families
} = [];
333 push @$families, 'inet'
334 if $param->{address
} && !grep(/^inet$/, @$families);
335 push @$families, 'inet6'
336 if $param->{address6
} && !grep(/^inet6$/, @$families);
337 @$families = ('inet') if !scalar(@$families);
339 $param->{method} = $param->{address
} ?
'static' : 'manual';
340 $param->{method6
} = $param->{address6
} ?
'static' : 'manual';
342 if ($param->{type
} =~ m/^OVS/) {
343 -x
'/usr/bin/ovs-vsctl' ||
344 die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
347 if ($param->{type
} eq 'OVSIntPort' || $param->{type
} eq 'OVSBond') {
348 my $brname = $param->{ovs_bridge
};
349 raise_param_exc
({ ovs_bridge
=> "parameter is required" }) if !$brname;
350 my $br = $ifaces->{$brname};
351 raise_param_exc
({ ovs_bridge
=> "bridge '$brname' does not exist" }) if !$br;
352 raise_param_exc
({ ovs_bridge
=> "interface '$brname' is no OVS bridge" })
353 if $br->{type
} ne 'OVSBridge';
355 my @ports = split (/\s+/, $br->{ovs_ports
} || '');
356 $br->{ovs_ports
} = join(' ', @ports, $iface)
357 if ! grep { $_ eq $iface } @ports;
360 $ifaces->{$iface} = $param;
362 PVE
::INotify
::write_file
('interfaces', $config);
365 PVE
::Tools
::lock_file
($iflockfn, 10, $code);
371 __PACKAGE__-
>register_method({
372 name
=> 'update_network',
376 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
378 description
=> "Update network device configuration",
382 additionalProperties
=> 0,
383 properties
=> json_config_properties
({
384 node
=> get_standard_option
('pve-node'),
385 iface
=> get_standard_option
('pve-iface'),
387 type
=> 'string', format
=> 'pve-configid-list',
388 description
=> "A list of settings you want to delete.",
392 returns
=> { type
=> 'null' },
396 my $node = extract_param
($param, 'node');
397 my $iface = extract_param
($param, 'iface');
398 my $delete = extract_param
($param, 'delete');
401 my $config = PVE
::INotify
::read_file
('interfaces');
402 my $ifaces = $config->{ifaces
};
404 raise_param_exc
({ iface
=> "interface does not exist" })
405 if !$ifaces->{$iface};
407 my $families = ($param->{families
} ||= []);
408 foreach my $k (PVE
::Tools
::split_list
($delete)) {
409 delete $ifaces->{$iface}->{$k};
410 @$families = grep(!/^inet$/, @$families) if $k eq 'address';
411 @$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
414 &$check_duplicate_gateway($ifaces, $iface)
415 if $param->{gateway
};
416 &$check_duplicate_gateway6($ifaces, $iface)
417 if $param->{gateway6
};
419 if ($param->{address
}) {
420 &$check_ipv4_settings($param->{address
}, $param->{netmask
});
421 push @$families, 'inet' if !grep(/^inet$/, @$families);
423 @$families = grep(!/^inet$/, @$families);
425 if ($param->{address6
}) {
426 &$check_ipv6_settings($param->{address6
}, int($param->{netmask6
}));
427 push @$families, 'inet6' if !grep(/^inet6$/, @$families);
429 @$families = grep(!/^inet6$/, @$families);
431 @$families = ('inet') if !scalar(@$families);
433 $param->{method} = $param->{address
} ?
'static' : 'manual';
434 $param->{method6
} = $param->{address6
} ?
'static' : 'manual';
436 foreach my $k (keys %$param) {
437 $ifaces->{$iface}->{$k} = $param->{$k};
440 PVE
::INotify
::write_file
('interfaces', $config);
443 PVE
::Tools
::lock_file
($iflockfn, 10, $code);
449 __PACKAGE__-
>register_method({
450 name
=> 'network_config',
454 check
=> ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
456 description
=> "Read network device configuration",
459 additionalProperties
=> 0,
461 node
=> get_standard_option
('pve-node'),
462 iface
=> get_standard_option
('pve-iface'),
479 my $config = PVE
::INotify
::read_file
('interfaces');
480 my $ifaces = $config->{ifaces
};
482 raise_param_exc
({ iface
=> "interface does not exist" })
483 if !$ifaces->{$param->{iface
}};
485 return $ifaces->{$param->{iface
}};
488 __PACKAGE__-
>register_method({
489 name
=> 'delete_network',
493 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
495 description
=> "Delete network device configuration",
499 additionalProperties
=> 0,
501 node
=> get_standard_option
('pve-node'),
502 iface
=> get_standard_option
('pve-iface'),
505 returns
=> { type
=> 'null' },
510 my $config = PVE
::INotify
::read_file
('interfaces');
511 my $ifaces = $config->{ifaces
};
513 raise_param_exc
({ iface
=> "interface does not exist" })
514 if !$ifaces->{$param->{iface
}};
516 my $d = $ifaces->{$param->{iface
}};
517 if ($d->{type
} eq 'OVSIntPort' || $d->{type
} eq 'OVSBond') {
518 if (my $brname = $d->{ovs_bridge
}) {
519 if (my $br = $ifaces->{$brname}) {
520 if ($br->{ovs_ports
}) {
521 my @ports = split (/\s+/, $br->{ovs_ports
});
522 my @new = grep { $_ ne $param->{iface
} } @ports;
523 $br->{ovs_ports
} = join(' ', @new);
529 delete $ifaces->{$param->{iface
}};
531 PVE
::INotify
::write_file
('interfaces', $config);
534 PVE
::Tools
::lock_file
($iflockfn, 10, $code);