]>
Commit | Line | Data |
---|---|---|
f5eabba0 | 1 | package PVE::Network::SDN::Zones::Plugin; |
6939693f AD |
2 | |
3 | use strict; | |
4 | use warnings; | |
5 | ||
1f543c5f | 6 | use PVE::Tools qw(run_command); |
6939693f AD |
7 | use PVE::JSONSchema; |
8 | use PVE::Cluster; | |
eb1549e7 | 9 | use PVE::Network; |
6939693f | 10 | |
eec580bf | 11 | use PVE::JSONSchema qw(get_standard_option); |
6939693f AD |
12 | use base qw(PVE::SectionConfig); |
13 | ||
65cb893e TL |
14 | PVE::Cluster::cfs_register_file( |
15 | 'sdn/zones.cfg', | |
16 | sub { __PACKAGE__->parse_config(@_); }, | |
17 | sub { __PACKAGE__->write_config(@_); }, | |
18 | ); | |
6939693f | 19 | |
f5eabba0 AD |
20 | PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', { |
21 | description => "The SDN zone object identifier.", | |
22 | type => 'string', format => 'pve-sdn-zone-id', | |
fe61b14c AD |
23 | }); |
24 | ||
f5eabba0 AD |
25 | PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id); |
26 | sub parse_sdn_zone_id { | |
27 | my ($id, $noerr) = @_; | |
fe61b14c | 28 | |
7c5b0f6d AD |
29 | if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) { |
30 | return undef if $noerr; | |
31 | die "zone ID '$id' contains illegal characters\n"; | |
fe61b14c | 32 | } |
4d7d91da | 33 | die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8; |
f5eabba0 | 34 | return $id; |
fe61b14c AD |
35 | } |
36 | ||
6939693f AD |
37 | my $defaultData = { |
38 | ||
39 | propertyList => { | |
7d35eaf5 | 40 | type => { |
6939693f AD |
41 | description => "Plugin type.", |
42 | type => 'string', format => 'pve-configid', | |
43 | type => 'string', | |
44 | }, | |
65cb893e TL |
45 | nodes => get_standard_option('pve-node-list', { optional => 1 }), |
46 | zone => get_standard_option('pve-sdn-zone-id', { | |
47 | completion => \&PVE::Network::SDN::Zones::complete_sdn_zone, | |
48 | }), | |
49 | ipam => { | |
50 | type => 'string', | |
51 | description => "use a specific ipam", | |
57a335c4 | 52 | optional => 1, |
65cb893e | 53 | }, |
6939693f AD |
54 | }, |
55 | }; | |
56 | ||
57 | sub private { | |
58 | return $defaultData; | |
59 | } | |
60 | ||
61 | sub parse_section_header { | |
62 | my ($class, $line) = @_; | |
63 | ||
64 | if ($line =~ m/^(\S+):\s*(\S+)\s*$/) { | |
f5eabba0 | 65 | my ($type, $id) = (lc($1), $2); |
6939693f AD |
66 | my $errmsg = undef; # set if you want to skip whole section |
67 | eval { PVE::JSONSchema::pve_verify_configid($type); }; | |
68 | $errmsg = $@ if $@; | |
69 | my $config = {}; # to return additional attributes | |
f5eabba0 | 70 | return ($type, $id, $errmsg, $config); |
6939693f AD |
71 | } |
72 | return undef; | |
73 | } | |
74 | ||
4de2337a AD |
75 | sub decode_value { |
76 | my ($class, $type, $key, $value) = @_; | |
77 | ||
78 | if ($key eq 'nodes' || $key eq 'exitnodes') { | |
79 | my $res = {}; | |
80 | ||
81 | foreach my $node (PVE::Tools::split_list($value)) { | |
82 | if (PVE::JSONSchema::pve_verify_node_name($node)) { | |
83 | $res->{$node} = 1; | |
84 | } | |
85 | } | |
86 | ||
87 | return $res; | |
88 | } | |
89 | ||
90 | return $value; | |
91 | } | |
92 | ||
93 | sub encode_value { | |
94 | my ($class, $type, $key, $value) = @_; | |
95 | ||
96 | if ($key eq 'nodes' || $key eq 'exitnodes') { | |
97 | return join(',', keys(%$value)); | |
98 | } | |
99 | ||
100 | return $value; | |
101 | } | |
102 | ||
6bffe819 | 103 | sub generate_sdn_config { |
efffa0ff | 104 | my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_; |
6939693f AD |
105 | |
106 | die "please implement inside plugin"; | |
107 | } | |
108 | ||
8fb1ee7f | 109 | sub generate_controller_config { |
56cdcac9 | 110 | my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; |
32602a38 AD |
111 | |
112 | die "please implement inside plugin"; | |
113 | } | |
114 | ||
ad03c543 | 115 | sub generate_controller_vnet_config { |
56cdcac9 | 116 | my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_; |
ad03c543 AD |
117 | |
118 | } | |
119 | ||
8fb1ee7f AD |
120 | sub write_controller_config { |
121 | my ($class, $plugin_config, $config) = @_; | |
122 | ||
123 | die "please implement inside plugin"; | |
124 | } | |
125 | ||
fa609bdd AD |
126 | sub controller_reload { |
127 | my ($class) = @_; | |
128 | ||
129 | die "please implement inside plugin"; | |
130 | } | |
131 | ||
fe0c6b9e | 132 | sub on_delete_hook { |
56cdcac9 | 133 | my ($class, $zoneid, $vnet_cfg) = @_; |
e8d5906e | 134 | |
56cdcac9 AD |
135 | # verify that no vnet are associated to this zone |
136 | foreach my $id (keys %{$vnet_cfg->{ids}}) { | |
137 | my $vnet = $vnet_cfg->{ids}->{$id}; | |
138 | die "zone $zoneid is used by vnet $id" | |
139 | if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid); | |
140 | } | |
e8d5906e AD |
141 | } |
142 | ||
143 | sub on_update_hook { | |
a2b32a94 | 144 | my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_; |
fe0c6b9e AD |
145 | |
146 | # do nothing by default | |
147 | } | |
148 | ||
5ca07ed9 | 149 | sub vnet_update_hook { |
88d9562b | 150 | my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; |
5ca07ed9 | 151 | |
1d44ce70 AD |
152 | # do nothing by default |
153 | } | |
154 | ||
6939693f AD |
155 | #helpers |
156 | sub parse_tag_number_or_range { | |
157 | my ($str, $max, $tag) = @_; | |
158 | ||
159 | my @elements = split(/,/, $str); | |
160 | my $count = 0; | |
161 | my $allowed = undef; | |
162 | ||
163 | die "extraneous commas in list\n" if $str ne join(',', @elements); | |
164 | foreach my $item (@elements) { | |
165 | if ($item =~ m/^([0-9]+)-([0-9]+)$/) { | |
166 | $count += 2; | |
167 | my ($port1, $port2) = ($1, $2); | |
168 | die "invalid port '$port1'\n" if $port1 > $max; | |
169 | die "invalid port '$port2'\n" if $port2 > $max; | |
170 | die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2; | |
171 | ||
172 | if ($tag && $tag >= $port1 && $tag <= $port2){ | |
173 | $allowed = 1; | |
174 | last; | |
175 | } | |
176 | ||
177 | } elsif ($item =~ m/^([0-9]+)$/) { | |
178 | $count += 1; | |
179 | my $port = $1; | |
180 | die "invalid port '$port'\n" if $port > $max; | |
181 | ||
182 | if ($tag && $tag == $port){ | |
183 | $allowed = 1; | |
184 | last; | |
185 | } | |
186 | } | |
187 | } | |
188 | die "tag $tag is not allowed" if $tag && !$allowed; | |
189 | ||
190 | return (scalar(@elements) > 1); | |
191 | } | |
192 | ||
627b1694 | 193 | sub status { |
4d7cc94f AD |
194 | my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_; |
195 | ||
196 | my $err_msg = []; | |
627b1694 | 197 | |
4d7cc94f AD |
198 | # ifaces to check |
199 | my $ifaces = [ $vnetid ]; | |
200 | ||
201 | foreach my $iface (@{$ifaces}) { | |
202 | if (!$status->{$iface}->{status}) { | |
203 | push @$err_msg, "missing $iface"; | |
204 | } elsif ($status->{$iface}->{status} ne 'pass') { | |
205 | push @$err_msg, "error $iface"; | |
206 | } | |
627b1694 | 207 | } |
4d7cc94f | 208 | return $err_msg; |
627b1694 AD |
209 | } |
210 | ||
2ba9613b | 211 | |
eb1549e7 AD |
212 | sub tap_create { |
213 | my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_; | |
214 | ||
912fb443 | 215 | PVE::Network::tap_create($iface, $vnetid); |
eb1549e7 AD |
216 | } |
217 | ||
218 | sub veth_create { | |
219 | my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_; | |
220 | ||
912fb443 | 221 | PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr); |
eb1549e7 AD |
222 | } |
223 | ||
224 | sub tap_plug { | |
912fb443 | 225 | my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_; |
eb1549e7 | 226 | |
912fb443 AD |
227 | my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering"); |
228 | die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks); | |
eb1549e7 | 229 | |
56a9e2b3 | 230 | PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate, $plugin_config->{'bridge-disable-mac-learning'}); |
eb1549e7 AD |
231 | } |
232 | ||
3794e429 AD |
233 | #helper |
234 | ||
235 | sub get_uplink_iface { | |
236 | my ($interfaces_config, $uplink) = @_; | |
237 | ||
238 | my $iface = undef; | |
239 | foreach my $id (keys %{$interfaces_config->{ifaces}}) { | |
240 | my $interface = $interfaces_config->{ifaces}->{$id}; | |
241 | if (my $iface_uplink = $interface->{'uplink-id'}) { | |
242 | next if $iface_uplink ne $uplink; | |
243 | if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') { | |
244 | warn "uplink $uplink is not a physical or bond interface"; | |
245 | next; | |
246 | } | |
247 | $iface = $id; | |
248 | } | |
249 | } | |
250 | ||
251 | #create a dummy uplink interface if no uplink found | |
252 | if(!$iface) { | |
253 | warn "can't find uplink $uplink in physical interface"; | |
254 | $iface = "uplink${uplink}"; | |
255 | } | |
256 | ||
257 | return $iface; | |
258 | } | |
1f543c5f AD |
259 | |
260 | sub get_local_route_ip { | |
261 | my ($targetip) = @_; | |
262 | ||
263 | my $ip = undef; | |
264 | my $interface = undef; | |
265 | ||
266 | run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub { | |
267 | if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) { | |
268 | $ip = $1; | |
269 | } | |
270 | if ($_[0] =~ m/dev (\S+)/) { | |
271 | $interface = $1; | |
272 | } | |
273 | ||
274 | }); | |
275 | return ($ip, $interface); | |
276 | } | |
277 | ||
278 | ||
279 | sub find_local_ip_interface_peers { | |
f23633dc | 280 | my ($peers, $iface) = @_; |
1f543c5f AD |
281 | |
282 | my $network_config = PVE::INotify::read_file('interfaces'); | |
283 | my $ifaces = $network_config->{ifaces}; | |
f23633dc AD |
284 | |
285 | #if iface is defined, return ip if exist (if not,try to find it on other ifaces) | |
286 | if ($iface) { | |
287 | my $ip = $ifaces->{$iface}->{address}; | |
288 | return ($ip,$iface) if $ip; | |
289 | } | |
290 | ||
1f543c5f AD |
291 | #is a local ip member of peers list ? |
292 | foreach my $address (@{$peers}) { | |
293 | while (my $interface = each %$ifaces) { | |
294 | my $ip = $ifaces->{$interface}->{address}; | |
295 | if ($ip && $ip eq $address) { | |
296 | return ($ip, $interface); | |
297 | } | |
298 | } | |
299 | } | |
300 | ||
301 | #if peer is remote, find source with ip route | |
302 | foreach my $address (@{$peers}) { | |
303 | my ($ip, $interface) = get_local_route_ip($address); | |
304 | return ($ip, $interface); | |
305 | } | |
306 | } | |
307 | ||
fdf22d5f AD |
308 | sub find_bridge { |
309 | my ($bridge) = @_; | |
310 | ||
311 | die "can't find bridge $bridge" if !-d "/sys/class/net/$bridge"; | |
312 | } | |
313 | ||
314 | sub is_vlanaware { | |
315 | my ($bridge) = @_; | |
316 | ||
317 | return PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); | |
318 | } | |
319 | ||
320 | sub is_ovs { | |
321 | my ($bridge) = @_; | |
322 | ||
323 | my $is_ovs = !-d "/sys/class/net/$bridge/brif"; | |
324 | return $is_ovs; | |
325 | } | |
326 | ||
327 | sub get_bridge_ifaces { | |
328 | my ($bridge) = @_; | |
329 | ||
330 | my @bridge_ifaces = (); | |
331 | my $dir = "/sys/class/net/$bridge/brif"; | |
332 | PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub { | |
333 | push @bridge_ifaces, $_[0]; | |
334 | }); | |
335 | ||
336 | return @bridge_ifaces; | |
337 | } | |
6939693f | 338 | 1; |