[pve-network.git] / PVE / Network / SDN / Zones / Plugin.pm

package PVE::Network::SDN::Zones::Plugin;

use strict;
use warnings;

use PVE::Tools qw(run_command);
use PVE::JSONSchema;
use PVE::Cluster;
use PVE::Network;

use PVE::JSONSchema qw(get_standard_option);
use base qw(PVE::SectionConfig);

PVE::Cluster::cfs_register_file(
    'sdn/zones.cfg',
    sub { __PACKAGE__->parse_config(@_); },
    sub { __PACKAGE__->write_config(@_); },
);

PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
    description => "The SDN zone object identifier.",
    type => 'string', format => 'pve-sdn-zone-id',
});

PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
sub parse_sdn_zone_id {
    my ($id, $noerr) = @_;

    if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	return undef if $noerr;
	die "zone ID '$id' contains illegal characters\n";
    }
    die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8;
    return $id;
}

my $defaultData = {

    propertyList => {
	type => {
	    description => "Plugin type.",
	    type => 'string', format => 'pve-configid',
	    type => 'string',
	},
	nodes => get_standard_option('pve-node-list', { optional => 1 }),
	zone => get_standard_option('pve-sdn-zone-id', {
	    completion => \&PVE::Network::SDN::Zones::complete_sdn_zone,
	}),
	ipam => {
	    type => 'string',
	    description => "use a specific ipam",
	    optional => 1,
	},
    },
};

sub private {
    return $defaultData;
}

sub parse_section_header {
    my ($class, $line) = @_;

    if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
        my ($type, $id) = (lc($1), $2);
	my $errmsg = undef; # set if you want to skip whole section
	eval { PVE::JSONSchema::pve_verify_configid($type); };
	$errmsg = $@ if $@;
	my $config = {}; # to return additional attributes
	return ($type, $id, $errmsg, $config);
    }
    return undef;
}

sub decode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes' || $key eq 'exitnodes') {
	my $res = {};

	foreach my $node (PVE::Tools::split_list($value)) {
	    if (PVE::JSONSchema::pve_verify_node_name($node)) {
		$res->{$node} = 1;
	    }
	}

	return $res;
    }

    return $value;
}

sub encode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes' || $key eq 'exitnodes') {
	return join(',', keys(%$value));
    }

    return $value;
}

sub generate_sdn_config {
    my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_config {
    my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_vnet_config {
    my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;

}

sub write_controller_config {
    my ($class, $plugin_config, $config) = @_;

    die "please implement inside plugin";
}

sub controller_reload {
    my ($class) = @_;

    die "please implement inside plugin";
}

sub on_delete_hook {
    my ($class, $zoneid, $vnet_cfg) = @_;

    # verify that no vnet are associated to this zone
    foreach my $id (keys %{$vnet_cfg->{ids}}) {
	my $vnet = $vnet_cfg->{ids}->{$id};
	die "zone $zoneid is used by vnet $id"
	    if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
    }
}

sub on_update_hook {
    my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;

    # do nothing by default
}

sub vnet_update_hook {
    my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_;

    # do nothing by default
}

#helpers
sub parse_tag_number_or_range {
    my ($str, $max, $tag) = @_;

    my @elements = split(/,/, $str);
    my $count = 0;
    my $allowed = undef;

    die "extraneous commas in list\n" if $str ne join(',', @elements);
    foreach my $item (@elements) {
	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	    $count += 2;
	    my ($port1, $port2) = ($1, $2);
	    die "invalid port '$port1'\n" if $port1 > $max;
	    die "invalid port '$port2'\n" if $port2 > $max;
	    die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;

	    if ($tag && $tag >= $port1 && $tag <= $port2){
		$allowed = 1;
		last;
	    }

	} elsif ($item =~ m/^([0-9]+)$/) {
	    $count += 1;
	    my $port = $1;
	    die "invalid port '$port'\n" if $port > $max;

	    if ($tag && $tag == $port){
		$allowed = 1;
		last;
	    }
	}
    }
    die "tag $tag is not allowed" if $tag && !$allowed;

    return (scalar(@elements) > 1);
}

sub status {
    my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_;

    my $err_msg = [];

    # ifaces to check
    my $ifaces = [ $vnetid ];

    foreach my $iface (@{$ifaces}) {
        if (!$status->{$iface}->{status}) {
	    push @$err_msg, "missing $iface";
        } elsif ($status->{$iface}->{status} ne 'pass') {
	    push @$err_msg, "error $iface";
        }
    }
    return $err_msg;
}


sub tap_create {
    my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;

    PVE::Network::tap_create($iface, $vnetid);
}

sub veth_create {
    my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;

    PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
}

sub tap_plug {
    my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;

    my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
    die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks);

    my $opts = {};
    $opts->{learning} = 0 if $plugin_config->{'bridge-disable-mac-learning'};
    PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate, $opts);
}

#helper

sub get_uplink_iface {
    my ($interfaces_config, $uplink) = @_;

    my $iface = undef;
    foreach my $id (keys %{$interfaces_config->{ifaces}}) {
        my $interface = $interfaces_config->{ifaces}->{$id};
        if (my $iface_uplink = $interface->{'uplink-id'}) {
	    next if $iface_uplink ne $uplink;
            if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
                warn "uplink $uplink is not a physical or bond interface";
                next;
            }
	    $iface = $id;
        }
    }

    #create a dummy uplink interface if no uplink found
    if(!$iface) {
        warn "can't find uplink $uplink in physical interface";
        $iface = "uplink${uplink}";
    }

    return $iface;
}

sub get_local_route_ip {
    my ($targetip) = @_;

    my $ip = undef;
    my $interface = undef;

    run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
        if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
            $ip = $1;
        }
        if ($_[0] =~ m/dev (\S+)/) {
            $interface = $1;
        }

    });
    return ($ip, $interface);
}


sub find_local_ip_interface_peers {
    my ($peers, $iface) = @_;

    my $network_config = PVE::INotify::read_file('interfaces');
    my $ifaces = $network_config->{ifaces};
    
    #if iface is defined, return ip if exist (if not,try to find it on other ifaces)
    if ($iface) {
	my $ip = $ifaces->{$iface}->{address};
	return ($ip,$iface) if $ip;
    }

    #is a local ip member of peers list ?
    foreach my $address (@{$peers}) {
	while (my $interface = each %$ifaces) {
	    my $ip = $ifaces->{$interface}->{address};
	    if ($ip && $ip eq $address) {
		return ($ip, $interface);
	    }
	}
    }

    #if peer is remote, find source with ip route
    foreach my $address (@{$peers}) {
	my ($ip, $interface) = get_local_route_ip($address);
	return ($ip, $interface);
    }
}

sub find_bridge {
    my ($bridge) = @_;

    die "can't find bridge $bridge" if !-d "/sys/class/net/$bridge";
}

sub is_vlanaware {
    my ($bridge) = @_;

    return PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering");
}

sub is_ovs {
    my ($bridge) = @_;

    my $is_ovs = !-d "/sys/class/net/$bridge/brif";
    return $is_ovs;    
}

sub get_bridge_ifaces {
    my ($bridge) = @_;

    my @bridge_ifaces = ();
    my $dir = "/sys/class/net/$bridge/brif";
    PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub {
	push @bridge_ifaces, $_[0];
    });

    return @bridge_ifaces;
}
1;
Commit	Line	Data
f5eabba0	1	package PVE::Network::SDN::Zones::Plugin;
6939693f AD	2
	3	use strict;
	4	use warnings;
	5
1f543c5f	6	use PVE::Tools qw(run_command);
6939693f AD	7	use PVE::JSONSchema;
6939693f AD	8	use PVE::Cluster;
eb1549e7	9	use PVE::Network;
6939693f	10
eec580bf	11	use PVE::JSONSchema qw(get_standard_option);
6939693f AD	12	use base qw(PVE::SectionConfig);
6939693f AD	13
65cb893e TL	14	PVE::Cluster::cfs_register_file(
	15	'sdn/zones.cfg',
	16	sub { __PACKAGE__->parse_config(@_); },
	17	sub { __PACKAGE__->write_config(@_); },
	18	);
6939693f	19
f5eabba0 AD	20	PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
	21	description => "The SDN zone object identifier.",
	22	type => 'string', format => 'pve-sdn-zone-id',
fe61b14c AD	23	});
fe61b14c AD	24
f5eabba0 AD	25	PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
	26	sub parse_sdn_zone_id {
	27	my ($id, $noerr) = @_;
fe61b14c	28
7c5b0f6d AD	29	if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	30	return undef if $noerr;
	31	die "zone ID '$id' contains illegal characters\n";
fe61b14c	32	}
4d7d91da	33	die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8;
f5eabba0	34	return $id;
fe61b14c AD	35	}
fe61b14c AD	36
6939693f AD	37	my $defaultData = {
	38
	39	propertyList => {
7d35eaf5	40	type => {
6939693f AD	41	description => "Plugin type.",
	42	type => 'string', format => 'pve-configid',
	43	type => 'string',
	44	},
65cb893e TL	45	nodes => get_standard_option('pve-node-list', { optional => 1 }),
	46	zone => get_standard_option('pve-sdn-zone-id', {
	47	completion => \&PVE::Network::SDN::Zones::complete_sdn_zone,
	48	}),
	49	ipam => {
	50	type => 'string',
	51	description => "use a specific ipam",
57a335c4	52	optional => 1,
65cb893e	53	},
6939693f AD	54	},
	55	};
	56
	57	sub private {
	58	return $defaultData;
	59	}
	60
	61	sub parse_section_header {
	62	my ($class, $line) = @_;
	63
	64	if ($line =~ m/^(\S+):\s(\S+)\s$/) {
f5eabba0	65	my ($type, $id) = (lc($1), $2);
6939693f AD	66	my $errmsg = undef; # set if you want to skip whole section
	67	eval { PVE::JSONSchema::pve_verify_configid($type); };
	68	$errmsg = $@ if $@;
	69	my $config = {}; # to return additional attributes
f5eabba0	70	return ($type, $id, $errmsg, $config);
6939693f AD	71	}
	72	return undef;
	73	}
	74
4de2337a AD	75	sub decode_value {
	76	my ($class, $type, $key, $value) = @_;
	77
	78	if ($key eq 'nodes' \|\| $key eq 'exitnodes') {
	79	my $res = {};
	80
	81	foreach my $node (PVE::Tools::split_list($value)) {
	82	if (PVE::JSONSchema::pve_verify_node_name($node)) {
	83	$res->{$node} = 1;
	84	}
	85	}
	86
	87	return $res;
	88	}
	89
	90	return $value;
	91	}
	92
	93	sub encode_value {
	94	my ($class, $type, $key, $value) = @_;
	95
	96	if ($key eq 'nodes' \|\| $key eq 'exitnodes') {
	97	return join(',', keys(%$value));
	98	}
	99
	100	return $value;
	101	}
	102
6bffe819	103	sub generate_sdn_config {
efffa0ff	104	my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_;
6939693f AD	105
	106	die "please implement inside plugin";
	107	}
	108
8fb1ee7f	109	sub generate_controller_config {
56cdcac9	110	my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;
32602a38 AD	111
	112	die "please implement inside plugin";
	113	}
	114
ad03c543	115	sub generate_controller_vnet_config {
56cdcac9	116	my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;
ad03c543 AD	117
	118	}
	119
8fb1ee7f AD	120	sub write_controller_config {
	121	my ($class, $plugin_config, $config) = @_;
	122
	123	die "please implement inside plugin";
	124	}
	125
fa609bdd AD	126	sub controller_reload {
	127	my ($class) = @_;
	128
	129	die "please implement inside plugin";
	130	}
	131
fe0c6b9e	132	sub on_delete_hook {
56cdcac9	133	my ($class, $zoneid, $vnet_cfg) = @_;
e8d5906e	134
56cdcac9 AD	135	# verify that no vnet are associated to this zone
	136	foreach my $id (keys %{$vnet_cfg->{ids}}) {
	137	my $vnet = $vnet_cfg->{ids}->{$id};
	138	die "zone $zoneid is used by vnet $id"
	139	if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
	140	}
e8d5906e AD	141	}
	142
	143	sub on_update_hook {
a2b32a94	144	my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;
fe0c6b9e AD	145
	146	# do nothing by default
	147	}
	148
5ca07ed9	149	sub vnet_update_hook {
88d9562b	150	my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_;
5ca07ed9	151
1d44ce70 AD	152	# do nothing by default
	153	}
	154
6939693f AD	155	#helpers
	156	sub parse_tag_number_or_range {
	157	my ($str, $max, $tag) = @_;
	158
	159	my @elements = split(/,/, $str);
	160	my $count = 0;
	161	my $allowed = undef;
	162
	163	die "extraneous commas in list\n" if $str ne join(',', @elements);
	164	foreach my $item (@elements) {
	165	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	166	$count += 2;
	167	my ($port1, $port2) = ($1, $2);
	168	die "invalid port '$port1'\n" if $port1 > $max;
	169	die "invalid port '$port2'\n" if $port2 > $max;
	170	die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;
	171
	172	if ($tag && $tag >= $port1 && $tag <= $port2){
	173	$allowed = 1;
	174	last;
	175	}
	176
	177	} elsif ($item =~ m/^([0-9]+)$/) {
	178	$count += 1;
	179	my $port = $1;
	180	die "invalid port '$port'\n" if $port > $max;
	181
	182	if ($tag && $tag == $port){
	183	$allowed = 1;
	184	last;
	185	}
	186	}
	187	}
	188	die "tag $tag is not allowed" if $tag && !$allowed;
	189
	190	return (scalar(@elements) > 1);
	191	}
	192
627b1694	193	sub status {
4d7cc94f AD	194	my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_;
	195
	196	my $err_msg = [];
627b1694	197
4d7cc94f AD	198	# ifaces to check
	199	my $ifaces = [ $vnetid ];
	200
	201	foreach my $iface (@{$ifaces}) {
	202	if (!$status->{$iface}->{status}) {
	203	push @$err_msg, "missing $iface";
	204	} elsif ($status->{$iface}->{status} ne 'pass') {
	205	push @$err_msg, "error $iface";
	206	}
627b1694	207	}
4d7cc94f	208	return $err_msg;
627b1694 AD	209	}
627b1694 AD	210
2ba9613b	211
eb1549e7 AD	212	sub tap_create {
	213	my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;
	214
912fb443	215	PVE::Network::tap_create($iface, $vnetid);
eb1549e7 AD	216	}
	217
	218	sub veth_create {
	219	my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;
	220
912fb443	221	PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
eb1549e7 AD	222	}
	223
	224	sub tap_plug {
912fb443	225	my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;
eb1549e7	226
912fb443 AD	227	my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
912fb443 AD	228	die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag \|\| $trunks);
eb1549e7	229
55e68b4b AD	230	my $opts = {};
	231	$opts->{learning} = 0 if $plugin_config->{'bridge-disable-mac-learning'};
	232	PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate, $opts);
eb1549e7 AD	233	}
eb1549e7 AD	234
3794e429 AD	235	#helper
	236
	237	sub get_uplink_iface {
	238	my ($interfaces_config, $uplink) = @_;
	239
	240	my $iface = undef;
	241	foreach my $id (keys %{$interfaces_config->{ifaces}}) {
	242	my $interface = $interfaces_config->{ifaces}->{$id};
	243	if (my $iface_uplink = $interface->{'uplink-id'}) {
	244	next if $iface_uplink ne $uplink;
	245	if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
	246	warn "uplink $uplink is not a physical or bond interface";
	247	next;
	248	}
	249	$iface = $id;
	250	}
	251	}
	252
	253	#create a dummy uplink interface if no uplink found
	254	if(!$iface) {
	255	warn "can't find uplink $uplink in physical interface";
	256	$iface = "uplink${uplink}";
	257	}
	258
	259	return $iface;
	260	}
1f543c5f AD	261
	262	sub get_local_route_ip {
	263	my ($targetip) = @_;
	264
	265	my $ip = undef;
	266	my $interface = undef;
	267
	268	run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
	269	if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
	270	$ip = $1;
	271	}
	272	if ($_[0] =~ m/dev (\S+)/) {
	273	$interface = $1;
	274	}
	275
	276	});
	277	return ($ip, $interface);
	278	}
	279
	280
	281	sub find_local_ip_interface_peers {
f23633dc	282	my ($peers, $iface) = @_;
1f543c5f AD	283
	284	my $network_config = PVE::INotify::read_file('interfaces');
	285	my $ifaces = $network_config->{ifaces};
f23633dc AD	286
	287	#if iface is defined, return ip if exist (if not,try to find it on other ifaces)
	288	if ($iface) {
	289	my $ip = $ifaces->{$iface}->{address};
	290	return ($ip,$iface) if $ip;
	291	}
	292
1f543c5f AD	293	#is a local ip member of peers list ?
	294	foreach my $address (@{$peers}) {
	295	while (my $interface = each %$ifaces) {
	296	my $ip = $ifaces->{$interface}->{address};
	297	if ($ip && $ip eq $address) {
	298	return ($ip, $interface);
	299	}
	300	}
	301	}
	302
	303	#if peer is remote, find source with ip route
	304	foreach my $address (@{$peers}) {
	305	my ($ip, $interface) = get_local_route_ip($address);
	306	return ($ip, $interface);
	307	}
	308	}
	309
fdf22d5f AD	310	sub find_bridge {
	311	my ($bridge) = @_;
	312
	313	die "can't find bridge $bridge" if !-d "/sys/class/net/$bridge";
	314	}
	315
	316	sub is_vlanaware {
	317	my ($bridge) = @_;
	318
	319	return PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering");
	320	}
	321
	322	sub is_ovs {
	323	my ($bridge) = @_;
	324
	325	my $is_ovs = !-d "/sys/class/net/$bridge/brif";
	326	return $is_ovs;
	327	}
	328
	329	sub get_bridge_ifaces {
	330	my ($bridge) = @_;
	331
	332	my @bridge_ifaces = ();
	333	my $dir = "/sys/class/net/$bridge/brif";
	334	PVE::Tools::dir_glob_foreach($dir, '(((eth\|bond)\d+\|en[^.]+)(\.\d+)?)', sub {
	335	push @bridge_ifaces, $_[0];
	336	});
	337
	338	return @bridge_ifaces;
	339	}
6939693f	340	1;