[pve-network.git] / PVE / Network / SDN / Zones / Plugin.pm

package PVE::Network::SDN::Zones::Plugin;

use strict;
use warnings;

use PVE::Tools qw(run_command);
use PVE::JSONSchema;
use PVE::Cluster;
use PVE::Network;

use PVE::JSONSchema qw(get_standard_option);
use base qw(PVE::SectionConfig);

PVE::Cluster::cfs_register_file(
    'sdn/zones.cfg',
    sub { __PACKAGE__->parse_config(@_); },
    sub { __PACKAGE__->write_config(@_); },
);

PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
    description => "The SDN zone object identifier.",
    type => 'string', format => 'pve-sdn-zone-id',
});

PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
sub parse_sdn_zone_id {
    my ($id, $noerr) = @_;

    if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	return undef if $noerr;
	die "zone ID '$id' contains illegal characters\n";
    }
    die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8;
    return $id;
}

my $defaultData = {

    propertyList => {
	type => {
	    description => "Plugin type.",
	    type => 'string', format => 'pve-configid',
	    type => 'string',
	},
	nodes => get_standard_option('pve-node-list', { optional => 1 }),
	zone => get_standard_option('pve-sdn-zone-id', {
	    completion => \&PVE::Network::SDN::Zones::complete_sdn_zone,
	}),
	ipam => {
	    type => 'string',
	    description => "use a specific ipam",
	    optional => 1,
	},
    },
};

sub private {
    return $defaultData;
}

sub parse_section_header {
    my ($class, $line) = @_;

    if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
        my ($type, $id) = (lc($1), $2);
	my $errmsg = undef; # set if you want to skip whole section
	eval { PVE::JSONSchema::pve_verify_configid($type); };
	$errmsg = $@ if $@;
	my $config = {}; # to return additional attributes
	return ($type, $id, $errmsg, $config);
    }
    return undef;
}

sub decode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes' || $key eq 'exitnodes') {
	my $res = {};

	foreach my $node (PVE::Tools::split_list($value)) {
	    if (PVE::JSONSchema::pve_verify_node_name($node)) {
		$res->{$node} = 1;
	    }
	}

	return $res;
    }

    return $value;
}

sub encode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes' || $key eq 'exitnodes') {
	return join(',', keys(%$value));
    }

    return $value;
}

sub generate_sdn_config {
    my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_config {
    my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_vnet_config {
    my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;

}

sub write_controller_config {
    my ($class, $plugin_config, $config) = @_;

    die "please implement inside plugin";
}

sub controller_reload {
    my ($class) = @_;

    die "please implement inside plugin";
}

sub on_delete_hook {
    my ($class, $zoneid, $vnet_cfg) = @_;

    # verify that no vnet are associated to this zone
    foreach my $id (keys %{$vnet_cfg->{ids}}) {
	my $vnet = $vnet_cfg->{ids}->{$id};
	die "zone $zoneid is used by vnet $id"
	    if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
    }
}

sub on_update_hook {
    my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;

    # do nothing by default
}

sub vnet_update_hook {
    my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_;

    # do nothing by default
}

#helpers
sub parse_tag_number_or_range {
    my ($str, $max, $tag) = @_;

    my @elements = split(/,/, $str);
    my $count = 0;
    my $allowed = undef;

    die "extraneous commas in list\n" if $str ne join(',', @elements);
    foreach my $item (@elements) {
	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	    $count += 2;
	    my ($port1, $port2) = ($1, $2);
	    die "invalid port '$port1'\n" if $port1 > $max;
	    die "invalid port '$port2'\n" if $port2 > $max;
	    die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;

	    if ($tag && $tag >= $port1 && $tag <= $port2){
		$allowed = 1;
		last;
	    }

	} elsif ($item =~ m/^([0-9]+)$/) {
	    $count += 1;
	    my $port = $1;
	    die "invalid port '$port'\n" if $port > $max;

	    if ($tag && $tag == $port){
		$allowed = 1;
		last;
	    }
	}
    }
    die "tag $tag is not allowed" if $tag && !$allowed;

    return (scalar(@elements) > 1);
}

sub status {
    my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_;

    my $err_msg = [];

    # ifaces to check
    my $ifaces = [ $vnetid ];

    foreach my $iface (@{$ifaces}) {
        if (!$status->{$iface}->{status}) {
	    push @$err_msg, "missing $iface";
        } elsif ($status->{$iface}->{status} ne 'pass') {
	    push @$err_msg, "error $iface";
        }
    }
    return $err_msg;
}


sub tap_create {
    my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;

    PVE::Network::tap_create($iface, $vnetid);
}

sub veth_create {
    my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;

    PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
}

sub tap_plug {
    my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;

    my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
    die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks);

    PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate, $plugin_config->{'bridge-disable-mac-learning'});
}

#helper

sub get_uplink_iface {
    my ($interfaces_config, $uplink) = @_;

    my $iface = undef;
    foreach my $id (keys %{$interfaces_config->{ifaces}}) {
        my $interface = $interfaces_config->{ifaces}->{$id};
        if (my $iface_uplink = $interface->{'uplink-id'}) {
	    next if $iface_uplink ne $uplink;
            if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
                warn "uplink $uplink is not a physical or bond interface";
                next;
            }
	    $iface = $id;
        }
    }

    #create a dummy uplink interface if no uplink found
    if(!$iface) {
        warn "can't find uplink $uplink in physical interface";
        $iface = "uplink${uplink}";
    }

    return $iface;
}

sub get_local_route_ip {
    my ($targetip) = @_;

    my $ip = undef;
    my $interface = undef;

    run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
        if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
            $ip = $1;
        }
        if ($_[0] =~ m/dev (\S+)/) {
            $interface = $1;
        }

    });
    return ($ip, $interface);
}


sub find_local_ip_interface_peers {
    my ($peers, $iface) = @_;

    my $network_config = PVE::INotify::read_file('interfaces');
    my $ifaces = $network_config->{ifaces};
    
    #if iface is defined, return ip if exist (if not,try to find it on other ifaces)
    if ($iface) {
	my $ip = $ifaces->{$iface}->{address};
	return ($ip,$iface) if $ip;
    }

    #is a local ip member of peers list ?
    foreach my $address (@{$peers}) {
	while (my $interface = each %$ifaces) {
	    my $ip = $ifaces->{$interface}->{address};
	    if ($ip && $ip eq $address) {
		return ($ip, $interface);
	    }
	}
    }

    #if peer is remote, find source with ip route
    foreach my $address (@{$peers}) {
	my ($ip, $interface) = get_local_route_ip($address);
	return ($ip, $interface);
    }
}

sub find_bridge {
    my ($bridge) = @_;

    die "can't find bridge $bridge" if !-d "/sys/class/net/$bridge";
}

sub is_vlanaware {
    my ($bridge) = @_;

    return PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering");
}

sub is_ovs {
    my ($bridge) = @_;

    my $is_ovs = !-d "/sys/class/net/$bridge/brif";
    return $is_ovs;    
}

sub get_bridge_ifaces {
    my ($bridge) = @_;

    my @bridge_ifaces = ();
    my $dir = "/sys/class/net/$bridge/brif";
    PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub {
	push @bridge_ifaces, $_[0];
    });

    return @bridge_ifaces;
}
1;
Commit	Line	Data
f5eabba0	1	package PVE::Network::SDN::Zones::Plugin;
6939693f AD	2
	3	use strict;
	4	use warnings;
	5
1f543c5f	6	use PVE::Tools qw(run_command);
6939693f AD	7	use PVE::JSONSchema;
6939693f AD	8	use PVE::Cluster;
eb1549e7	9	use PVE::Network;
6939693f	10
eec580bf	11	use PVE::JSONSchema qw(get_standard_option);
6939693f AD	12	use base qw(PVE::SectionConfig);
6939693f AD	13
65cb893e TL	14	PVE::Cluster::cfs_register_file(
	15	'sdn/zones.cfg',
	16	sub { __PACKAGE__->parse_config(@_); },
	17	sub { __PACKAGE__->write_config(@_); },
	18	);
6939693f	19
f5eabba0 AD	20	PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
	21	description => "The SDN zone object identifier.",
	22	type => 'string', format => 'pve-sdn-zone-id',
fe61b14c AD	23	});
fe61b14c AD	24
f5eabba0 AD	25	PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
	26	sub parse_sdn_zone_id {
	27	my ($id, $noerr) = @_;
fe61b14c	28
7c5b0f6d AD	29	if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	30	return undef if $noerr;
	31	die "zone ID '$id' contains illegal characters\n";
fe61b14c	32	}
4d7d91da	33	die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8;
f5eabba0	34	return $id;
fe61b14c AD	35	}
fe61b14c AD	36
6939693f AD	37	my $defaultData = {
	38
	39	propertyList => {
7d35eaf5	40	type => {
6939693f AD	41	description => "Plugin type.",
	42	type => 'string', format => 'pve-configid',
	43	type => 'string',
	44	},
65cb893e TL	45	nodes => get_standard_option('pve-node-list', { optional => 1 }),
	46	zone => get_standard_option('pve-sdn-zone-id', {
	47	completion => \&PVE::Network::SDN::Zones::complete_sdn_zone,
	48	}),
	49	ipam => {
	50	type => 'string',
	51	description => "use a specific ipam",
57a335c4	52	optional => 1,
65cb893e	53	},
6939693f AD	54	},
	55	};
	56
	57	sub private {
	58	return $defaultData;
	59	}
	60
	61	sub parse_section_header {
	62	my ($class, $line) = @_;
	63
	64	if ($line =~ m/^(\S+):\s(\S+)\s$/) {
f5eabba0	65	my ($type, $id) = (lc($1), $2);
6939693f AD	66	my $errmsg = undef; # set if you want to skip whole section
	67	eval { PVE::JSONSchema::pve_verify_configid($type); };
	68	$errmsg = $@ if $@;
	69	my $config = {}; # to return additional attributes
f5eabba0	70	return ($type, $id, $errmsg, $config);
6939693f AD	71	}
	72	return undef;
	73	}
	74
4de2337a AD	75	sub decode_value {
	76	my ($class, $type, $key, $value) = @_;
	77
	78	if ($key eq 'nodes' \|\| $key eq 'exitnodes') {
	79	my $res = {};
	80
	81	foreach my $node (PVE::Tools::split_list($value)) {
	82	if (PVE::JSONSchema::pve_verify_node_name($node)) {
	83	$res->{$node} = 1;
	84	}
	85	}
	86
	87	return $res;
	88	}
	89
	90	return $value;
	91	}
	92
	93	sub encode_value {
	94	my ($class, $type, $key, $value) = @_;
	95
	96	if ($key eq 'nodes' \|\| $key eq 'exitnodes') {
	97	return join(',', keys(%$value));
	98	}
	99
	100	return $value;
	101	}
	102
6bffe819	103	sub generate_sdn_config {
efffa0ff	104	my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_;
6939693f AD	105
	106	die "please implement inside plugin";
	107	}
	108
8fb1ee7f	109	sub generate_controller_config {
56cdcac9	110	my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;
32602a38 AD	111
	112	die "please implement inside plugin";
	113	}
	114
ad03c543	115	sub generate_controller_vnet_config {
56cdcac9	116	my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;
ad03c543 AD	117
	118	}
	119
8fb1ee7f AD	120	sub write_controller_config {
	121	my ($class, $plugin_config, $config) = @_;
	122
	123	die "please implement inside plugin";
	124	}
	125
fa609bdd AD	126	sub controller_reload {
	127	my ($class) = @_;
	128
	129	die "please implement inside plugin";
	130	}
	131
fe0c6b9e	132	sub on_delete_hook {
56cdcac9	133	my ($class, $zoneid, $vnet_cfg) = @_;
e8d5906e	134
56cdcac9 AD	135	# verify that no vnet are associated to this zone
	136	foreach my $id (keys %{$vnet_cfg->{ids}}) {
	137	my $vnet = $vnet_cfg->{ids}->{$id};
	138	die "zone $zoneid is used by vnet $id"
	139	if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
	140	}
e8d5906e AD	141	}
	142
	143	sub on_update_hook {
a2b32a94	144	my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;
fe0c6b9e AD	145
	146	# do nothing by default
	147	}
	148
5ca07ed9	149	sub vnet_update_hook {
88d9562b	150	my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_;
5ca07ed9	151
1d44ce70 AD	152	# do nothing by default
	153	}
	154
6939693f AD	155	#helpers
	156	sub parse_tag_number_or_range {
	157	my ($str, $max, $tag) = @_;
	158
	159	my @elements = split(/,/, $str);
	160	my $count = 0;
	161	my $allowed = undef;
	162
	163	die "extraneous commas in list\n" if $str ne join(',', @elements);
	164	foreach my $item (@elements) {
	165	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	166	$count += 2;
	167	my ($port1, $port2) = ($1, $2);
	168	die "invalid port '$port1'\n" if $port1 > $max;
	169	die "invalid port '$port2'\n" if $port2 > $max;
	170	die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;
	171
	172	if ($tag && $tag >= $port1 && $tag <= $port2){
	173	$allowed = 1;
	174	last;
	175	}
	176
	177	} elsif ($item =~ m/^([0-9]+)$/) {
	178	$count += 1;
	179	my $port = $1;
	180	die "invalid port '$port'\n" if $port > $max;
	181
	182	if ($tag && $tag == $port){
	183	$allowed = 1;
	184	last;
	185	}
	186	}
	187	}
	188	die "tag $tag is not allowed" if $tag && !$allowed;
	189
	190	return (scalar(@elements) > 1);
	191	}
	192
627b1694	193	sub status {
4d7cc94f AD	194	my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_;
	195
	196	my $err_msg = [];
627b1694	197
4d7cc94f AD	198	# ifaces to check
	199	my $ifaces = [ $vnetid ];
	200
	201	foreach my $iface (@{$ifaces}) {
	202	if (!$status->{$iface}->{status}) {
	203	push @$err_msg, "missing $iface";
	204	} elsif ($status->{$iface}->{status} ne 'pass') {
	205	push @$err_msg, "error $iface";
	206	}
627b1694	207	}
4d7cc94f	208	return $err_msg;
627b1694 AD	209	}
627b1694 AD	210
2ba9613b	211
eb1549e7 AD	212	sub tap_create {
	213	my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;
	214
912fb443	215	PVE::Network::tap_create($iface, $vnetid);
eb1549e7 AD	216	}
	217
	218	sub veth_create {
	219	my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;
	220
912fb443	221	PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
eb1549e7 AD	222	}
	223
	224	sub tap_plug {
912fb443	225	my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;
eb1549e7	226
912fb443 AD	227	my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
912fb443 AD	228	die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag \|\| $trunks);
eb1549e7	229
56a9e2b3	230	PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate, $plugin_config->{'bridge-disable-mac-learning'});
eb1549e7 AD	231	}
eb1549e7 AD	232
3794e429 AD	233	#helper
	234
	235	sub get_uplink_iface {
	236	my ($interfaces_config, $uplink) = @_;
	237
	238	my $iface = undef;
	239	foreach my $id (keys %{$interfaces_config->{ifaces}}) {
	240	my $interface = $interfaces_config->{ifaces}->{$id};
	241	if (my $iface_uplink = $interface->{'uplink-id'}) {
	242	next if $iface_uplink ne $uplink;
	243	if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
	244	warn "uplink $uplink is not a physical or bond interface";
	245	next;
	246	}
	247	$iface = $id;
	248	}
	249	}
	250
	251	#create a dummy uplink interface if no uplink found
	252	if(!$iface) {
	253	warn "can't find uplink $uplink in physical interface";
	254	$iface = "uplink${uplink}";
	255	}
	256
	257	return $iface;
	258	}
1f543c5f AD	259
	260	sub get_local_route_ip {
	261	my ($targetip) = @_;
	262
	263	my $ip = undef;
	264	my $interface = undef;
	265
	266	run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
	267	if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
	268	$ip = $1;
	269	}
	270	if ($_[0] =~ m/dev (\S+)/) {
	271	$interface = $1;
	272	}
	273
	274	});
	275	return ($ip, $interface);
	276	}
	277
	278
	279	sub find_local_ip_interface_peers {
f23633dc	280	my ($peers, $iface) = @_;
1f543c5f AD	281
	282	my $network_config = PVE::INotify::read_file('interfaces');
	283	my $ifaces = $network_config->{ifaces};
f23633dc AD	284
	285	#if iface is defined, return ip if exist (if not,try to find it on other ifaces)
	286	if ($iface) {
	287	my $ip = $ifaces->{$iface}->{address};
	288	return ($ip,$iface) if $ip;
	289	}
	290
1f543c5f AD	291	#is a local ip member of peers list ?
	292	foreach my $address (@{$peers}) {
	293	while (my $interface = each %$ifaces) {
	294	my $ip = $ifaces->{$interface}->{address};
	295	if ($ip && $ip eq $address) {
	296	return ($ip, $interface);
	297	}
	298	}
	299	}
	300
	301	#if peer is remote, find source with ip route
	302	foreach my $address (@{$peers}) {
	303	my ($ip, $interface) = get_local_route_ip($address);
	304	return ($ip, $interface);
	305	}
	306	}
	307
fdf22d5f AD	308	sub find_bridge {
	309	my ($bridge) = @_;
	310
	311	die "can't find bridge $bridge" if !-d "/sys/class/net/$bridge";
	312	}
	313
	314	sub is_vlanaware {
	315	my ($bridge) = @_;
	316
	317	return PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering");
	318	}
	319
	320	sub is_ovs {
	321	my ($bridge) = @_;
	322
	323	my $is_ovs = !-d "/sys/class/net/$bridge/brif";
	324	return $is_ovs;
	325	}
	326
	327	sub get_bridge_ifaces {
	328	my ($bridge) = @_;
	329
	330	my @bridge_ifaces = ();
	331	my $dir = "/sys/class/net/$bridge/brif";
	332	PVE::Tools::dir_glob_foreach($dir, '(((eth\|bond)\d+\|en[^.]+)(\.\d+)?)', sub {
	333	push @bridge_ifaces, $_[0];
	334	});
	335
	336	return @bridge_ifaces;
	337	}
6939693f	338	1;