[pve-network.git] / PVE / Network / SDN / Zones / SimplePlugin.pm

package PVE::Network::SDN::Zones::SimplePlugin;

use strict;
use warnings;
use PVE::Network::SDN::Zones::Plugin;
use PVE::Exception qw(raise raise_param_exc);
use PVE::Cluster;
use PVE::Tools;

use base('PVE::Network::SDN::Zones::Plugin');

sub type {
    return 'simple';
}

sub properties {
    return {
	dns => {
	    type => 'string',
	    description => "dns api server",
	},
	reversedns => {
	    type => 'string',
	    description => "reverse dns api server",
	},
	dnszone => {
	    type => 'string', format => 'dns-name',
	    description => "dns domain zone  ex: mydomain.com",
	}
    };
}

sub options {
    return {
	nodes => { optional => 1},
	mtu => { optional => 1 },
	dns => { optional => 1 },
	reversedns => { optional => 1 },
	dnszone => { optional => 1 },
	ipam => { optional => 1 },
    };
}

# Plugin implementation
sub generate_sdn_config {
    my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_;

    return $config if$config->{$vnetid}; # nothing to do

    my $mac = $vnet->{mac};
    my $alias = $vnet->{alias};
    my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu};

    # vnet bridge
    my @iface_config = ();

    my $address = {};
    my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);

    my $ipv4 = undef;
    my $ipv6 = undef;

    foreach my $subnetid (sort keys %{$subnets}) {
	my $subnet = $subnets->{$subnetid};
	my $cidr = $subnet->{cidr};
	my $mask = $subnet->{mask};

	my $gateway = $subnet->{gateway};
	if ($gateway) {
	    push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
	    $address->{$gateway} = 1;
	}

	my $iptables = undef;
	my $checkrouteip = undef;
	my $ipversion = Net::IP::ip_is_ipv6($gateway) ? 6 : 4;

	if ( $ipversion == 6) {
	    $ipv6 = 1;
	    $iptables = "ip6tables";
	    $checkrouteip = '2001:4860:4860::8888';
	} else {
	    $ipv4 = 1;
	    $iptables = "iptables";
	    $checkrouteip = '8.8.8.8';
	}

	#add route for /32 pointtopoint
	push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4;
	if ($subnet->{snat}) {
	    #find outgoing interface
	    my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
	    if ($outip && $outiface) {
		#use snat, faster than masquerade
		push @iface_config, "post-up $iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
		push @iface_config, "post-down $iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
		#add conntrack zone once on outgoing interface
		push @iface_config, "post-up $iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
		push @iface_config, "post-down $iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
	    }
	}
    }

    push @iface_config, "hwaddress $mac" if $mac;
    push @iface_config, "bridge_ports none";
    push @iface_config, "bridge_stp off";
    push @iface_config, "bridge_fd 0";
    if ($vnet->{vlanaware}) {
        push @iface_config, "bridge-vlan-aware yes";
        push @iface_config, "bridge-vids 2-4094";
    }
    push @iface_config, "mtu $mtu" if $mtu;
    push @iface_config, "alias $alias" if $alias;
    push @iface_config, "ip-forward on" if $ipv4;
    push @iface_config, "ip6-forward on" if $ipv6;

    push @{$config->{$vnetid}}, @iface_config;

    return $config;
}

sub status {
    my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_;

    # ifaces to check
    my $ifaces = [ $vnetid ];
    my $err_msg = [];
    foreach my $iface (@{$ifaces}) {
	if (!$status->{$iface}->{status}) {
	    push @$err_msg, "missing $iface";
	} elsif ($status->{$iface}->{status} ne 'pass') {
	    push @$err_msg, "error iface $iface";
	}
    }
    return $err_msg;
}


sub vnet_update_hook {
    my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_;

    my $vnet = $vnet_cfg->{ids}->{$vnetid};
    my $tag = $vnet->{tag};

    raise_param_exc({ tag => "vlan tag is not allowed on simple zone"}) if defined($tag);

    if (!defined($vnet->{mac})) {
        my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
        $vnet->{mac} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
    }
}

1;
Commit	Line	Data
880ae857 AD	1	package PVE::Network::SDN::Zones::SimplePlugin;
	2
	3	use strict;
	4	use warnings;
	5	use PVE::Network::SDN::Zones::Plugin;
1d44ce70	6	use PVE::Exception qw(raise raise_param_exc);
5ca07ed9 AD	7	use PVE::Cluster;
5ca07ed9 AD	8	use PVE::Tools;
880ae857 AD	9
	10	use base('PVE::Network::SDN::Zones::Plugin');
	11
	12	sub type {
	13	return 'simple';
	14	}
	15
4ad78442 AD	16	sub properties {
	17	return {
	18	dns => {
	19	type => 'string',
	20	description => "dns api server",
	21	},
	22	reversedns => {
	23	type => 'string',
	24	description => "reverse dns api server",
	25	},
	26	dnszone => {
	27	type => 'string', format => 'dns-name',
	28	description => "dns domain zone ex: mydomain.com",
331e2330	29	}
4ad78442 AD	30	};
	31	}
	32
880ae857	33	sub options {
880ae857	34	return {
efe1459b	35	nodes => { optional => 1},
4ad78442 AD	36	mtu => { optional => 1 },
	37	dns => { optional => 1 },
	38	reversedns => { optional => 1 },
	39	dnszone => { optional => 1 },
57a335c4	40	ipam => { optional => 1 },
880ae857 AD	41	};
	42	}
	43
	44	# Plugin implementation
	45	sub generate_sdn_config {
efffa0ff	46	my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_;
880ae857	47
efe1459b TL	48	return $config if$config->{$vnetid}; # nothing to do
efe1459b TL	49
880ae857 AD	50	my $mac = $vnet->{mac};
	51	my $alias = $vnet->{alias};
	52	my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu};
	53
efe1459b	54	# vnet bridge
880ae857	55	my @iface_config = ();
7024ec2b	56
e612faf6	57	my $address = {};
5d3e0248	58	my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
fdf22d5f	59
1ba4901e AD	60	my $ipv4 = undef;
	61	my $ipv6 = undef;
	62
e612faf6 AD	63	foreach my $subnetid (sort keys %{$subnets}) {
e612faf6 AD	64	my $subnet = $subnets->{$subnetid};
e8736dac AD	65	my $cidr = $subnet->{cidr};
	66	my $mask = $subnet->{mask};
	67
e612faf6 AD	68	my $gateway = $subnet->{gateway};
e612faf6 AD	69	if ($gateway) {
9f4f6c2e	70	push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
e612faf6 AD	71	$address->{$gateway} = 1;
e612faf6 AD	72	}
1ba4901e AD	73
	74	my $iptables = undef;
	75	my $checkrouteip = undef;
	76	my $ipversion = Net::IP::ip_is_ipv6($gateway) ? 6 : 4;
	77
	78	if ( $ipversion == 6) {
	79	$ipv6 = 1;
	80	$iptables = "ip6tables";
	81	$checkrouteip = '2001:4860:4860::8888';
	82	} else {
	83	$ipv4 = 1;
	84	$iptables = "iptables";
	85	$checkrouteip = '8.8.8.8';
	86	}
	87
e612faf6	88	#add route for /32 pointtopoint
1ba4901e	89	push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4;
53b2cc90 AD	90	if ($subnet->{snat}) {
53b2cc90 AD	91	#find outgoing interface
1ba4901e	92	my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
53b2cc90 AD	93	if ($outip && $outiface) {
53b2cc90 AD	94	#use snat, faster than masquerade
1ba4901e AD	95	push @iface_config, "post-up $iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
1ba4901e AD	96	push @iface_config, "post-down $iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
53b2cc90	97	#add conntrack zone once on outgoing interface
1ba4901e AD	98	push @iface_config, "post-up $iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
1ba4901e AD	99	push @iface_config, "post-down $iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
53b2cc90 AD	100	}
53b2cc90 AD	101	}
7024ec2b AD	102	}
7024ec2b AD	103
880ae857 AD	104	push @iface_config, "hwaddress $mac" if $mac;
	105	push @iface_config, "bridge_ports none";
	106	push @iface_config, "bridge_stp off";
	107	push @iface_config, "bridge_fd 0";
efe1459b	108	if ($vnet->{vlanaware}) {
880ae857 AD	109	push @iface_config, "bridge-vlan-aware yes";
	110	push @iface_config, "bridge-vids 2-4094";
	111	}
	112	push @iface_config, "mtu $mtu" if $mtu;
	113	push @iface_config, "alias $alias" if $alias;
1ba4901e AD	114	push @iface_config, "ip-forward on" if $ipv4;
1ba4901e AD	115	push @iface_config, "ip6-forward on" if $ipv6;
efe1459b TL	116
efe1459b TL	117	push @{$config->{$vnetid}}, @iface_config;
880ae857 AD	118
	119	return $config;
	120	}
	121
	122	sub status {
	123	my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_;
	124
880ae857	125	# ifaces to check
efe1459b TL	126	my $ifaces = [ $vnetid ];
efe1459b TL	127	my $err_msg = [];
880ae857 AD	128	foreach my $iface (@{$ifaces}) {
	129	if (!$status->{$iface}->{status}) {
	130	push @$err_msg, "missing $iface";
efe1459b	131	} elsif ($status->{$iface}->{status} ne 'pass') {
880ae857 AD	132	push @$err_msg, "error iface $iface";
	133	}
	134	}
	135	return $err_msg;
	136	}
	137
1d44ce70	138
5ca07ed9	139	sub vnet_update_hook {
88d9562b	140	my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_;
5ca07ed9	141
88d9562b AD	142	my $vnet = $vnet_cfg->{ids}->{$vnetid};
	143	my $tag = $vnet->{tag};
	144
	145	raise_param_exc({ tag => "vlan tag is not allowed on simple zone"}) if defined($tag);
5ca07ed9 AD	146
	147	if (!defined($vnet->{mac})) {
	148	my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
	149	$vnet->{mac} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
	150	}
1d44ce70 AD	151	}
1d44ce70 AD	152
880ae857 AD	153	1;
	154
	155