[pve-network.git] / PVE / Network / SDN / Zones / Plugin.pm

package PVE::Network::SDN::Zones::Plugin;

use strict;
use warnings;

use PVE::Tools qw(run_command);
use PVE::JSONSchema;
use PVE::Cluster;
use PVE::Network;

use Data::Dumper;
use PVE::JSONSchema qw(get_standard_option);
use base qw(PVE::SectionConfig);

PVE::Cluster::cfs_register_file('sdn/zones.cfg',
				 sub { __PACKAGE__->parse_config(@_); });

PVE::Cluster::cfs_register_file('sdn/zones.cfg.new',
				 sub { __PACKAGE__->parse_config(@_); },
				 sub { __PACKAGE__->write_config(@_); });

PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
    description => "The SDN zone object identifier.",
    type => 'string', format => 'pve-sdn-zone-id',
});

PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
sub parse_sdn_zone_id {
    my ($id, $noerr) = @_;

    if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	return undef if $noerr;
	die "zone ID '$id' contains illegal characters\n";
    }
    die "zone ID '$id' can't be more length than 10 characters\n" if length($id) > 10;
    return $id;
}

my $defaultData = {

    propertyList => {
	type => {
	    description => "Plugin type.",
	    type => 'string', format => 'pve-configid',
	    type => 'string',
	},
        nodes => get_standard_option('pve-node-list', { optional => 1 }),
        zone => get_standard_option('pve-sdn-zone-id',
            { completion => \&PVE::Network::SDN::Zones::complete_sdn_zone }),
    },
};

sub private {
    return $defaultData;
}

sub decode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes') {
        my $res = {};

        foreach my $node (PVE::Tools::split_list($value)) {
            if (PVE::JSONSchema::pve_verify_node_name($node)) {
                $res->{$node} = 1;
            }
        }

        return $res;
    } 

   return $value;
}

sub encode_value {
    my ($class, $type, $key, $value) = @_;

    if ($key eq 'nodes') {
        return join(',', keys(%$value));
    }

    return $value;
}

sub parse_section_header {
    my ($class, $line) = @_;

    if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
        my ($type, $id) = (lc($1), $2);
	my $errmsg = undef; # set if you want to skip whole section
	eval { PVE::JSONSchema::pve_verify_configid($type); };
	$errmsg = $@ if $@;
	my $config = {}; # to return additional attributes
	return ($type, $id, $errmsg, $config);
    }
    return undef;
}

sub generate_sdn_config {
    my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_config {
    my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;

    die "please implement inside plugin";
}

sub generate_controller_vnet_config {
    my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;

}

sub write_controller_config {
    my ($class, $plugin_config, $config) = @_;

    die "please implement inside plugin";
}

sub controller_reload {
    my ($class) = @_;

    die "please implement inside plugin";
}

sub on_delete_hook {
    my ($class, $zoneid, $vnet_cfg) = @_;

    # verify that no vnet are associated to this zone
    foreach my $id (keys %{$vnet_cfg->{ids}}) {
	my $vnet = $vnet_cfg->{ids}->{$id};
	die "zone $zoneid is used by vnet $id"
	    if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
    }
}

sub on_update_hook {
    my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;

    # do nothing by default
}

#helpers
sub parse_tag_number_or_range {
    my ($str, $max, $tag) = @_;

    my @elements = split(/,/, $str);
    my $count = 0;
    my $allowed = undef;

    die "extraneous commas in list\n" if $str ne join(',', @elements);
    foreach my $item (@elements) {
	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	    $count += 2;
	    my ($port1, $port2) = ($1, $2);
	    die "invalid port '$port1'\n" if $port1 > $max;
	    die "invalid port '$port2'\n" if $port2 > $max;
	    die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;

	    if ($tag && $tag >= $port1 && $tag <= $port2){
		$allowed = 1;
		last;
	    }

	} elsif ($item =~ m/^([0-9]+)$/) {
	    $count += 1;
	    my $port = $1;
	    die "invalid port '$port'\n" if $port > $max;

	    if ($tag && $tag == $port){
		$allowed = 1;
		last;
	    }
	}
    }
    die "tag $tag is not allowed" if $tag && !$allowed;

    return (scalar(@elements) > 1);
}

sub status {
    my ($class, $plugin_config, $zone, $id, $vnet, $err_config, $status, $vnet_status, $zone_status) = @_;

    $vnet_status->{$id}->{zone} = $zone;
    $zone_status->{$zone}->{status} = 'available' if !defined($zone_status->{$zone}->{status});

    if($err_config) {
	$vnet_status->{$id}->{status} = 'pending';
	$vnet_status->{$id}->{statusmsg} = $err_config;
	$zone_status->{$zone}->{status} = 'pending';
    } elsif ($status->{$id}->{status} && $status->{$id}->{status} eq 'pass') {
	$vnet_status->{$id}->{status} = 'available';
	my $bridgeport = $status->{$id}->{config}->{'bridge-ports'};

	if ($bridgeport && $status->{$bridgeport}->{status} && $status->{$bridgeport}->{status} ne 'pass') {
	    $vnet_status->{$id}->{status} = 'error';
	    $vnet_status->{$id}->{statusmsg} = 'configuration not fully applied';
	    $zone_status->{$zone}->{status} = 'error';
	}

    } else {
	$vnet_status->{$id}->{status} = 'error';
	$vnet_status->{$id}->{statusmsg} = 'missing';
	$zone_status->{$zone}->{status} = 'error';
    }
}


sub get_bridge_vlan {
    my ($class, $plugin_config, $vnetid, $tag) = @_;

    my $bridge = $vnetid;
    $tag = undef;

    die "bridge $bridge is missing" if !-d "/sys/class/net/$bridge/";

    return ($bridge, $tag);
}

sub tap_create {
    my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;

    my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid);
    die "unable to get bridge setting\n" if !$bridge;

    PVE::Network::tap_create($iface, $bridge);
}

sub veth_create {
    my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;

    my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid);
    die "unable to get bridge setting\n" if !$bridge;

    PVE::Network::veth_create($veth, $vethpeer, $bridge, $hwaddr);
}

sub tap_plug {
    my ($class, $plugin_config, $vnet, $iface, $vnetid, $firewall, $rate) = @_;

    my $tag = $vnet->{tag};

    ($vnetid, $tag) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
    my $trunks = undef;

    PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
}

#helper

sub get_uplink_iface {
    my ($interfaces_config, $uplink) = @_;

    my $iface = undef;
    foreach my $id (keys %{$interfaces_config->{ifaces}}) {
        my $interface = $interfaces_config->{ifaces}->{$id};
        if (my $iface_uplink = $interface->{'uplink-id'}) {
	    next if $iface_uplink ne $uplink;
            if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
                warn "uplink $uplink is not a physical or bond interface";
                next;
            }
	    $iface = $id;
        }
    }

    #create a dummy uplink interface if no uplink found
    if(!$iface) {
        warn "can't find uplink $uplink in physical interface";
        $iface = "uplink${uplink}";
    }

    return $iface;
}

sub get_local_route_ip {
    my ($targetip) = @_;

    my $ip = undef;
    my $interface = undef;

    run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
        if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
            $ip = $1;
        }
        if ($_[0] =~ m/dev (\S+)/) {
            $interface = $1;
        }

    });
    return ($ip, $interface);
}


sub find_local_ip_interface_peers {
    my ($peers) = @_;

    my $network_config = PVE::INotify::read_file('interfaces');
    my $ifaces = $network_config->{ifaces};
    #is a local ip member of peers list ?
    foreach my $address (@{$peers}) {
	while (my $interface = each %$ifaces) {
	    my $ip = $ifaces->{$interface}->{address};
	    if ($ip && $ip eq $address) {
		return ($ip, $interface);
	    }
	}
    }

    #if peer is remote, find source with ip route
    foreach my $address (@{$peers}) {
	my ($ip, $interface) = get_local_route_ip($address);
	return ($ip, $interface);
    }
}

1;
Commit	Line	Data
f5eabba0	1	package PVE::Network::SDN::Zones::Plugin;
6939693f AD	2
	3	use strict;
	4	use warnings;
	5
1f543c5f	6	use PVE::Tools qw(run_command);
6939693f AD	7	use PVE::JSONSchema;
6939693f AD	8	use PVE::Cluster;
eb1549e7	9	use PVE::Network;
6939693f AD	10
6939693f AD	11	use Data::Dumper;
eec580bf	12	use PVE::JSONSchema qw(get_standard_option);
6939693f AD	13	use base qw(PVE::SectionConfig);
6939693f AD	14
f5eabba0	15	PVE::Cluster::cfs_register_file('sdn/zones.cfg',
39d04c82 AD	16	sub { __PACKAGE__->parse_config(@_); });
39d04c82 AD	17
f5eabba0	18	PVE::Cluster::cfs_register_file('sdn/zones.cfg.new',
6939693f AD	19	sub { __PACKAGE__->parse_config(@_); },
	20	sub { __PACKAGE__->write_config(@_); });
	21
f5eabba0 AD	22	PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
	23	description => "The SDN zone object identifier.",
	24	type => 'string', format => 'pve-sdn-zone-id',
fe61b14c AD	25	});
fe61b14c AD	26
f5eabba0 AD	27	PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
	28	sub parse_sdn_zone_id {
	29	my ($id, $noerr) = @_;
fe61b14c	30
7c5b0f6d AD	31	if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
	32	return undef if $noerr;
	33	die "zone ID '$id' contains illegal characters\n";
fe61b14c	34	}
7c5b0f6d	35	die "zone ID '$id' can't be more length than 10 characters\n" if length($id) > 10;
f5eabba0	36	return $id;
fe61b14c AD	37	}
fe61b14c AD	38
6939693f AD	39	my $defaultData = {
	40
	41	propertyList => {
7d35eaf5	42	type => {
6939693f AD	43	description => "Plugin type.",
	44	type => 'string', format => 'pve-configid',
	45	type => 'string',
	46	},
c2b9c173	47	nodes => get_standard_option('pve-node-list', { optional => 1 }),
f5eabba0 AD	48	zone => get_standard_option('pve-sdn-zone-id',
f5eabba0 AD	49	{ completion => \&PVE::Network::SDN::Zones::complete_sdn_zone }),
6939693f AD	50	},
	51	};
	52
	53	sub private {
	54	return $defaultData;
	55	}
	56
c2b9c173 AD	57	sub decode_value {
	58	my ($class, $type, $key, $value) = @_;
	59
	60	if ($key eq 'nodes') {
	61	my $res = {};
	62
	63	foreach my $node (PVE::Tools::split_list($value)) {
	64	if (PVE::JSONSchema::pve_verify_node_name($node)) {
	65	$res->{$node} = 1;
	66	}
	67	}
	68
	69	return $res;
	70	}
	71
	72	return $value;
	73	}
	74
	75	sub encode_value {
	76	my ($class, $type, $key, $value) = @_;
	77
	78	if ($key eq 'nodes') {
	79	return join(',', keys(%$value));
	80	}
	81
	82	return $value;
	83	}
	84
6939693f AD	85	sub parse_section_header {
	86	my ($class, $line) = @_;
	87
	88	if ($line =~ m/^(\S+):\s(\S+)\s$/) {
f5eabba0	89	my ($type, $id) = (lc($1), $2);
6939693f AD	90	my $errmsg = undef; # set if you want to skip whole section
	91	eval { PVE::JSONSchema::pve_verify_configid($type); };
	92	$errmsg = $@ if $@;
	93	my $config = {}; # to return additional attributes
f5eabba0	94	return ($type, $id, $errmsg, $config);
6939693f AD	95	}
	96	return undef;
	97	}
	98
6bffe819	99	sub generate_sdn_config {
ba7ac021	100	my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_;
6939693f AD	101
	102	die "please implement inside plugin";
	103	}
	104
8fb1ee7f	105	sub generate_controller_config {
56cdcac9	106	my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;
32602a38 AD	107
	108	die "please implement inside plugin";
	109	}
	110
ad03c543	111	sub generate_controller_vnet_config {
56cdcac9	112	my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;
ad03c543 AD	113
	114	}
	115
8fb1ee7f AD	116	sub write_controller_config {
	117	my ($class, $plugin_config, $config) = @_;
	118
	119	die "please implement inside plugin";
	120	}
	121
fa609bdd AD	122	sub controller_reload {
	123	my ($class) = @_;
	124
	125	die "please implement inside plugin";
	126	}
	127
fe0c6b9e	128	sub on_delete_hook {
56cdcac9	129	my ($class, $zoneid, $vnet_cfg) = @_;
e8d5906e	130
56cdcac9 AD	131	# verify that no vnet are associated to this zone
	132	foreach my $id (keys %{$vnet_cfg->{ids}}) {
	133	my $vnet = $vnet_cfg->{ids}->{$id};
	134	die "zone $zoneid is used by vnet $id"
	135	if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
	136	}
e8d5906e AD	137	}
	138
	139	sub on_update_hook {
a2b32a94	140	my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;
fe0c6b9e AD	141
	142	# do nothing by default
	143	}
	144
6939693f AD	145	#helpers
	146	sub parse_tag_number_or_range {
	147	my ($str, $max, $tag) = @_;
	148
	149	my @elements = split(/,/, $str);
	150	my $count = 0;
	151	my $allowed = undef;
	152
	153	die "extraneous commas in list\n" if $str ne join(',', @elements);
	154	foreach my $item (@elements) {
	155	if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
	156	$count += 2;
	157	my ($port1, $port2) = ($1, $2);
	158	die "invalid port '$port1'\n" if $port1 > $max;
	159	die "invalid port '$port2'\n" if $port2 > $max;
	160	die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;
	161
	162	if ($tag && $tag >= $port1 && $tag <= $port2){
	163	$allowed = 1;
	164	last;
	165	}
	166
	167	} elsif ($item =~ m/^([0-9]+)$/) {
	168	$count += 1;
	169	my $port = $1;
	170	die "invalid port '$port'\n" if $port > $max;
	171
	172	if ($tag && $tag == $port){
	173	$allowed = 1;
	174	last;
	175	}
	176	}
	177	}
	178	die "tag $tag is not allowed" if $tag && !$allowed;
	179
	180	return (scalar(@elements) > 1);
	181	}
	182
627b1694 AD	183	sub status {
	184	my ($class, $plugin_config, $zone, $id, $vnet, $err_config, $status, $vnet_status, $zone_status) = @_;
	185
	186	$vnet_status->{$id}->{zone} = $zone;
	187	$zone_status->{$zone}->{status} = 'available' if !defined($zone_status->{$zone}->{status});
	188
	189	if($err_config) {
	190	$vnet_status->{$id}->{status} = 'pending';
	191	$vnet_status->{$id}->{statusmsg} = $err_config;
	192	$zone_status->{$zone}->{status} = 'pending';
	193	} elsif ($status->{$id}->{status} && $status->{$id}->{status} eq 'pass') {
	194	$vnet_status->{$id}->{status} = 'available';
	195	my $bridgeport = $status->{$id}->{config}->{'bridge-ports'};
	196
	197	if ($bridgeport && $status->{$bridgeport}->{status} && $status->{$bridgeport}->{status} ne 'pass') {
	198	$vnet_status->{$id}->{status} = 'error';
	199	$vnet_status->{$id}->{statusmsg} = 'configuration not fully applied';
	200	$zone_status->{$zone}->{status} = 'error';
	201	}
	202
	203	} else {
	204	$vnet_status->{$id}->{status} = 'error';
	205	$vnet_status->{$id}->{statusmsg} = 'missing';
	206	$zone_status->{$zone}->{status} = 'error';
	207	}
	208	}
	209
2ba9613b AD	210
2ba9613b AD	211	sub get_bridge_vlan {
eb1549e7	212	my ($class, $plugin_config, $vnetid, $tag) = @_;
2ba9613b	213
eb1549e7	214	my $bridge = $vnetid;
2ba9613b AD	215	$tag = undef;
2ba9613b AD	216
eb1549e7 AD	217	die "bridge $bridge is missing" if !-d "/sys/class/net/$bridge/";
eb1549e7 AD	218
2ba9613b AD	219	return ($bridge, $tag);
	220	}
	221
eb1549e7 AD	222	sub tap_create {
	223	my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;
	224
	225	my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid);
	226	die "unable to get bridge setting\n" if !$bridge;
	227
	228	PVE::Network::tap_create($iface, $bridge);
	229	}
	230
	231	sub veth_create {
	232	my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;
	233
	234	my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid);
	235	die "unable to get bridge setting\n" if !$bridge;
	236
	237	PVE::Network::veth_create($veth, $vethpeer, $bridge, $hwaddr);
	238	}
	239
	240	sub tap_plug {
	241	my ($class, $plugin_config, $vnet, $iface, $vnetid, $firewall, $rate) = @_;
	242
	243	my $tag = $vnet->{tag};
	244
	245	($vnetid, $tag) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
	246	my $trunks = undef;
	247
	248	PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
	249	}
	250
3794e429 AD	251	#helper
	252
	253	sub get_uplink_iface {
	254	my ($interfaces_config, $uplink) = @_;
	255
	256	my $iface = undef;
	257	foreach my $id (keys %{$interfaces_config->{ifaces}}) {
	258	my $interface = $interfaces_config->{ifaces}->{$id};
	259	if (my $iface_uplink = $interface->{'uplink-id'}) {
	260	next if $iface_uplink ne $uplink;
	261	if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
	262	warn "uplink $uplink is not a physical or bond interface";
	263	next;
	264	}
	265	$iface = $id;
	266	}
	267	}
	268
	269	#create a dummy uplink interface if no uplink found
	270	if(!$iface) {
	271	warn "can't find uplink $uplink in physical interface";
	272	$iface = "uplink${uplink}";
	273	}
	274
	275	return $iface;
	276	}
1f543c5f AD	277
	278	sub get_local_route_ip {
	279	my ($targetip) = @_;
	280
	281	my $ip = undef;
	282	my $interface = undef;
	283
	284	run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
	285	if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
	286	$ip = $1;
	287	}
	288	if ($_[0] =~ m/dev (\S+)/) {
	289	$interface = $1;
	290	}
	291
	292	});
	293	return ($ip, $interface);
	294	}
	295
	296
	297	sub find_local_ip_interface_peers {
	298	my ($peers) = @_;
	299
	300	my $network_config = PVE::INotify::read_file('interfaces');
	301	my $ifaces = $network_config->{ifaces};
	302	#is a local ip member of peers list ?
	303	foreach my $address (@{$peers}) {
	304	while (my $interface = each %$ifaces) {
	305	my $ip = $ifaces->{$interface}->{address};
	306	if ($ip && $ip eq $address) {
	307	return ($ip, $interface);
	308	}
	309	}
	310	}
	311
	312	#if peer is remote, find source with ip route
	313	foreach my $address (@{$peers}) {
	314	my ($ip, $interface) = get_local_route_ip($address);
	315	return ($ip, $interface);
	316	}
	317	}
	318
6939693f	319	1;