]>
Commit | Line | Data |
---|---|---|
f5eabba0 | 1 | package PVE::Network::SDN::Zones::Plugin; |
6939693f AD |
2 | |
3 | use strict; | |
4 | use warnings; | |
5 | ||
1f543c5f | 6 | use PVE::Tools qw(run_command); |
6939693f AD |
7 | use PVE::JSONSchema; |
8 | use PVE::Cluster; | |
eb1549e7 | 9 | use PVE::Network; |
6939693f AD |
10 | |
11 | use Data::Dumper; | |
eec580bf | 12 | use PVE::JSONSchema qw(get_standard_option); |
6939693f AD |
13 | use base qw(PVE::SectionConfig); |
14 | ||
f5eabba0 | 15 | PVE::Cluster::cfs_register_file('sdn/zones.cfg', |
6939693f AD |
16 | sub { __PACKAGE__->parse_config(@_); }, |
17 | sub { __PACKAGE__->write_config(@_); }); | |
18 | ||
f5eabba0 AD |
19 | PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', { |
20 | description => "The SDN zone object identifier.", | |
21 | type => 'string', format => 'pve-sdn-zone-id', | |
fe61b14c AD |
22 | }); |
23 | ||
f5eabba0 AD |
24 | PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id); |
25 | sub parse_sdn_zone_id { | |
26 | my ($id, $noerr) = @_; | |
fe61b14c | 27 | |
7c5b0f6d AD |
28 | if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) { |
29 | return undef if $noerr; | |
30 | die "zone ID '$id' contains illegal characters\n"; | |
fe61b14c | 31 | } |
4d7d91da | 32 | die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8; |
f5eabba0 | 33 | return $id; |
fe61b14c AD |
34 | } |
35 | ||
6939693f AD |
36 | my $defaultData = { |
37 | ||
38 | propertyList => { | |
7d35eaf5 | 39 | type => { |
6939693f AD |
40 | description => "Plugin type.", |
41 | type => 'string', format => 'pve-configid', | |
42 | type => 'string', | |
43 | }, | |
c2b9c173 | 44 | nodes => get_standard_option('pve-node-list', { optional => 1 }), |
f5eabba0 AD |
45 | zone => get_standard_option('pve-sdn-zone-id', |
46 | { completion => \&PVE::Network::SDN::Zones::complete_sdn_zone }), | |
331e2330 AD |
47 | ipam => { |
48 | type => 'string', | |
49 | description => "use a specific ipam", | |
50 | }, | |
6939693f AD |
51 | }, |
52 | }; | |
53 | ||
54 | sub private { | |
55 | return $defaultData; | |
56 | } | |
57 | ||
58 | sub parse_section_header { | |
59 | my ($class, $line) = @_; | |
60 | ||
61 | if ($line =~ m/^(\S+):\s*(\S+)\s*$/) { | |
f5eabba0 | 62 | my ($type, $id) = (lc($1), $2); |
6939693f AD |
63 | my $errmsg = undef; # set if you want to skip whole section |
64 | eval { PVE::JSONSchema::pve_verify_configid($type); }; | |
65 | $errmsg = $@ if $@; | |
66 | my $config = {}; # to return additional attributes | |
f5eabba0 | 67 | return ($type, $id, $errmsg, $config); |
6939693f AD |
68 | } |
69 | return undef; | |
70 | } | |
71 | ||
4de2337a AD |
72 | sub decode_value { |
73 | my ($class, $type, $key, $value) = @_; | |
74 | ||
75 | if ($key eq 'nodes' || $key eq 'exitnodes') { | |
76 | my $res = {}; | |
77 | ||
78 | foreach my $node (PVE::Tools::split_list($value)) { | |
79 | if (PVE::JSONSchema::pve_verify_node_name($node)) { | |
80 | $res->{$node} = 1; | |
81 | } | |
82 | } | |
83 | ||
84 | return $res; | |
85 | } | |
86 | ||
87 | return $value; | |
88 | } | |
89 | ||
90 | sub encode_value { | |
91 | my ($class, $type, $key, $value) = @_; | |
92 | ||
93 | if ($key eq 'nodes' || $key eq 'exitnodes') { | |
94 | return join(',', keys(%$value)); | |
95 | } | |
96 | ||
97 | return $value; | |
98 | } | |
99 | ||
6bffe819 | 100 | sub generate_sdn_config { |
efffa0ff | 101 | my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_; |
6939693f AD |
102 | |
103 | die "please implement inside plugin"; | |
104 | } | |
105 | ||
8fb1ee7f | 106 | sub generate_controller_config { |
56cdcac9 | 107 | my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; |
32602a38 AD |
108 | |
109 | die "please implement inside plugin"; | |
110 | } | |
111 | ||
ad03c543 | 112 | sub generate_controller_vnet_config { |
56cdcac9 | 113 | my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_; |
ad03c543 AD |
114 | |
115 | } | |
116 | ||
8fb1ee7f AD |
117 | sub write_controller_config { |
118 | my ($class, $plugin_config, $config) = @_; | |
119 | ||
120 | die "please implement inside plugin"; | |
121 | } | |
122 | ||
fa609bdd AD |
123 | sub controller_reload { |
124 | my ($class) = @_; | |
125 | ||
126 | die "please implement inside plugin"; | |
127 | } | |
128 | ||
fe0c6b9e | 129 | sub on_delete_hook { |
56cdcac9 | 130 | my ($class, $zoneid, $vnet_cfg) = @_; |
e8d5906e | 131 | |
56cdcac9 AD |
132 | # verify that no vnet are associated to this zone |
133 | foreach my $id (keys %{$vnet_cfg->{ids}}) { | |
134 | my $vnet = $vnet_cfg->{ids}->{$id}; | |
135 | die "zone $zoneid is used by vnet $id" | |
136 | if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid); | |
137 | } | |
e8d5906e AD |
138 | } |
139 | ||
140 | sub on_update_hook { | |
a2b32a94 | 141 | my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_; |
fe0c6b9e AD |
142 | |
143 | # do nothing by default | |
144 | } | |
145 | ||
5ca07ed9 | 146 | sub vnet_update_hook { |
88d9562b | 147 | my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; |
5ca07ed9 | 148 | |
1d44ce70 AD |
149 | # do nothing by default |
150 | } | |
151 | ||
6939693f AD |
152 | #helpers |
153 | sub parse_tag_number_or_range { | |
154 | my ($str, $max, $tag) = @_; | |
155 | ||
156 | my @elements = split(/,/, $str); | |
157 | my $count = 0; | |
158 | my $allowed = undef; | |
159 | ||
160 | die "extraneous commas in list\n" if $str ne join(',', @elements); | |
161 | foreach my $item (@elements) { | |
162 | if ($item =~ m/^([0-9]+)-([0-9]+)$/) { | |
163 | $count += 2; | |
164 | my ($port1, $port2) = ($1, $2); | |
165 | die "invalid port '$port1'\n" if $port1 > $max; | |
166 | die "invalid port '$port2'\n" if $port2 > $max; | |
167 | die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2; | |
168 | ||
169 | if ($tag && $tag >= $port1 && $tag <= $port2){ | |
170 | $allowed = 1; | |
171 | last; | |
172 | } | |
173 | ||
174 | } elsif ($item =~ m/^([0-9]+)$/) { | |
175 | $count += 1; | |
176 | my $port = $1; | |
177 | die "invalid port '$port'\n" if $port > $max; | |
178 | ||
179 | if ($tag && $tag == $port){ | |
180 | $allowed = 1; | |
181 | last; | |
182 | } | |
183 | } | |
184 | } | |
185 | die "tag $tag is not allowed" if $tag && !$allowed; | |
186 | ||
187 | return (scalar(@elements) > 1); | |
188 | } | |
189 | ||
627b1694 | 190 | sub status { |
4d7cc94f AD |
191 | my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_; |
192 | ||
193 | my $err_msg = []; | |
627b1694 | 194 | |
4d7cc94f AD |
195 | # ifaces to check |
196 | my $ifaces = [ $vnetid ]; | |
197 | ||
198 | foreach my $iface (@{$ifaces}) { | |
199 | if (!$status->{$iface}->{status}) { | |
200 | push @$err_msg, "missing $iface"; | |
201 | } elsif ($status->{$iface}->{status} ne 'pass') { | |
202 | push @$err_msg, "error $iface"; | |
203 | } | |
627b1694 | 204 | } |
4d7cc94f | 205 | return $err_msg; |
627b1694 AD |
206 | } |
207 | ||
2ba9613b | 208 | |
eb1549e7 AD |
209 | sub tap_create { |
210 | my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_; | |
211 | ||
912fb443 | 212 | PVE::Network::tap_create($iface, $vnetid); |
eb1549e7 AD |
213 | } |
214 | ||
215 | sub veth_create { | |
216 | my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_; | |
217 | ||
912fb443 | 218 | PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr); |
eb1549e7 AD |
219 | } |
220 | ||
221 | sub tap_plug { | |
912fb443 | 222 | my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_; |
eb1549e7 | 223 | |
912fb443 AD |
224 | my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering"); |
225 | die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks); | |
eb1549e7 AD |
226 | |
227 | PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate); | |
228 | } | |
229 | ||
3794e429 AD |
230 | #helper |
231 | ||
232 | sub get_uplink_iface { | |
233 | my ($interfaces_config, $uplink) = @_; | |
234 | ||
235 | my $iface = undef; | |
236 | foreach my $id (keys %{$interfaces_config->{ifaces}}) { | |
237 | my $interface = $interfaces_config->{ifaces}->{$id}; | |
238 | if (my $iface_uplink = $interface->{'uplink-id'}) { | |
239 | next if $iface_uplink ne $uplink; | |
240 | if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') { | |
241 | warn "uplink $uplink is not a physical or bond interface"; | |
242 | next; | |
243 | } | |
244 | $iface = $id; | |
245 | } | |
246 | } | |
247 | ||
248 | #create a dummy uplink interface if no uplink found | |
249 | if(!$iface) { | |
250 | warn "can't find uplink $uplink in physical interface"; | |
251 | $iface = "uplink${uplink}"; | |
252 | } | |
253 | ||
254 | return $iface; | |
255 | } | |
1f543c5f AD |
256 | |
257 | sub get_local_route_ip { | |
258 | my ($targetip) = @_; | |
259 | ||
260 | my $ip = undef; | |
261 | my $interface = undef; | |
262 | ||
263 | run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub { | |
264 | if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) { | |
265 | $ip = $1; | |
266 | } | |
267 | if ($_[0] =~ m/dev (\S+)/) { | |
268 | $interface = $1; | |
269 | } | |
270 | ||
271 | }); | |
272 | return ($ip, $interface); | |
273 | } | |
274 | ||
275 | ||
276 | sub find_local_ip_interface_peers { | |
f23633dc | 277 | my ($peers, $iface) = @_; |
1f543c5f AD |
278 | |
279 | my $network_config = PVE::INotify::read_file('interfaces'); | |
280 | my $ifaces = $network_config->{ifaces}; | |
f23633dc AD |
281 | |
282 | #if iface is defined, return ip if exist (if not,try to find it on other ifaces) | |
283 | if ($iface) { | |
284 | my $ip = $ifaces->{$iface}->{address}; | |
285 | return ($ip,$iface) if $ip; | |
286 | } | |
287 | ||
1f543c5f AD |
288 | #is a local ip member of peers list ? |
289 | foreach my $address (@{$peers}) { | |
290 | while (my $interface = each %$ifaces) { | |
291 | my $ip = $ifaces->{$interface}->{address}; | |
292 | if ($ip && $ip eq $address) { | |
293 | return ($ip, $interface); | |
294 | } | |
295 | } | |
296 | } | |
297 | ||
298 | #if peer is remote, find source with ip route | |
299 | foreach my $address (@{$peers}) { | |
300 | my ($ip, $interface) = get_local_route_ip($address); | |
301 | return ($ip, $interface); | |
302 | } | |
303 | } | |
304 | ||
fdf22d5f AD |
305 | sub find_bridge { |
306 | my ($bridge) = @_; | |
307 | ||
308 | die "can't find bridge $bridge" if !-d "/sys/class/net/$bridge"; | |
309 | } | |
310 | ||
311 | sub is_vlanaware { | |
312 | my ($bridge) = @_; | |
313 | ||
314 | return PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); | |
315 | } | |
316 | ||
317 | sub is_ovs { | |
318 | my ($bridge) = @_; | |
319 | ||
320 | my $is_ovs = !-d "/sys/class/net/$bridge/brif"; | |
321 | return $is_ovs; | |
322 | } | |
323 | ||
324 | sub get_bridge_ifaces { | |
325 | my ($bridge) = @_; | |
326 | ||
327 | my @bridge_ifaces = (); | |
328 | my $dir = "/sys/class/net/$bridge/brif"; | |
329 | PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub { | |
330 | push @bridge_ifaces, $_[0]; | |
331 | }); | |
332 | ||
333 | return @bridge_ifaces; | |
334 | } | |
6939693f | 335 | 1; |