]>
Commit | Line | Data |
---|---|---|
880ae857 AD |
1 | package PVE::Network::SDN::Zones::SimplePlugin; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use PVE::Network::SDN::Zones::Plugin; | |
1d44ce70 | 6 | use PVE::Exception qw(raise raise_param_exc); |
5ca07ed9 AD |
7 | use PVE::Cluster; |
8 | use PVE::Tools; | |
880ae857 AD |
9 | |
10 | use base('PVE::Network::SDN::Zones::Plugin'); | |
11 | ||
12 | sub type { | |
13 | return 'simple'; | |
14 | } | |
15 | ||
4ad78442 AD |
16 | sub properties { |
17 | return { | |
18 | dns => { | |
19 | type => 'string', | |
20 | description => "dns api server", | |
21 | }, | |
22 | reversedns => { | |
23 | type => 'string', | |
24 | description => "reverse dns api server", | |
25 | }, | |
26 | dnszone => { | |
27 | type => 'string', format => 'dns-name', | |
28 | description => "dns domain zone ex: mydomain.com", | |
331e2330 | 29 | } |
4ad78442 AD |
30 | }; |
31 | } | |
32 | ||
880ae857 | 33 | sub options { |
880ae857 | 34 | return { |
efe1459b | 35 | nodes => { optional => 1}, |
4ad78442 AD |
36 | mtu => { optional => 1 }, |
37 | dns => { optional => 1 }, | |
38 | reversedns => { optional => 1 }, | |
39 | dnszone => { optional => 1 }, | |
57a335c4 | 40 | ipam => { optional => 1 }, |
880ae857 AD |
41 | }; |
42 | } | |
43 | ||
44 | # Plugin implementation | |
45 | sub generate_sdn_config { | |
efffa0ff | 46 | my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_; |
880ae857 | 47 | |
efe1459b TL |
48 | return $config if$config->{$vnetid}; # nothing to do |
49 | ||
880ae857 AD |
50 | my $mac = $vnet->{mac}; |
51 | my $alias = $vnet->{alias}; | |
52 | my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu}; | |
53 | ||
efe1459b | 54 | # vnet bridge |
880ae857 | 55 | my @iface_config = (); |
7024ec2b | 56 | |
e612faf6 | 57 | my $address = {}; |
5d3e0248 | 58 | my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1); |
fdf22d5f | 59 | |
1ba4901e AD |
60 | my $ipv4 = undef; |
61 | my $ipv6 = undef; | |
62 | ||
e612faf6 AD |
63 | foreach my $subnetid (sort keys %{$subnets}) { |
64 | my $subnet = $subnets->{$subnetid}; | |
e8736dac AD |
65 | my $cidr = $subnet->{cidr}; |
66 | my $mask = $subnet->{mask}; | |
67 | ||
e612faf6 AD |
68 | my $gateway = $subnet->{gateway}; |
69 | if ($gateway) { | |
9f4f6c2e | 70 | push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway}); |
e612faf6 AD |
71 | $address->{$gateway} = 1; |
72 | } | |
1ba4901e AD |
73 | |
74 | my $iptables = undef; | |
75 | my $checkrouteip = undef; | |
76 | my $ipversion = Net::IP::ip_is_ipv6($gateway) ? 6 : 4; | |
77 | ||
78 | if ( $ipversion == 6) { | |
79 | $ipv6 = 1; | |
80 | $iptables = "ip6tables"; | |
81 | $checkrouteip = '2001:4860:4860::8888'; | |
82 | } else { | |
83 | $ipv4 = 1; | |
84 | $iptables = "iptables"; | |
85 | $checkrouteip = '8.8.8.8'; | |
86 | } | |
87 | ||
e612faf6 | 88 | #add route for /32 pointtopoint |
1ba4901e | 89 | push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4; |
53b2cc90 AD |
90 | if ($subnet->{snat}) { |
91 | #find outgoing interface | |
1ba4901e | 92 | my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip); |
53b2cc90 AD |
93 | if ($outip && $outiface) { |
94 | #use snat, faster than masquerade | |
1ba4901e AD |
95 | push @iface_config, "post-up $iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip"; |
96 | push @iface_config, "post-down $iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip"; | |
53b2cc90 | 97 | #add conntrack zone once on outgoing interface |
1ba4901e AD |
98 | push @iface_config, "post-up $iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1"; |
99 | push @iface_config, "post-down $iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1"; | |
53b2cc90 AD |
100 | } |
101 | } | |
7024ec2b AD |
102 | } |
103 | ||
880ae857 AD |
104 | push @iface_config, "hwaddress $mac" if $mac; |
105 | push @iface_config, "bridge_ports none"; | |
106 | push @iface_config, "bridge_stp off"; | |
107 | push @iface_config, "bridge_fd 0"; | |
efe1459b | 108 | if ($vnet->{vlanaware}) { |
880ae857 AD |
109 | push @iface_config, "bridge-vlan-aware yes"; |
110 | push @iface_config, "bridge-vids 2-4094"; | |
111 | } | |
112 | push @iface_config, "mtu $mtu" if $mtu; | |
113 | push @iface_config, "alias $alias" if $alias; | |
1ba4901e AD |
114 | push @iface_config, "ip-forward on" if $ipv4; |
115 | push @iface_config, "ip6-forward on" if $ipv6; | |
efe1459b TL |
116 | |
117 | push @{$config->{$vnetid}}, @iface_config; | |
880ae857 AD |
118 | |
119 | return $config; | |
120 | } | |
121 | ||
122 | sub status { | |
123 | my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_; | |
124 | ||
880ae857 | 125 | # ifaces to check |
efe1459b TL |
126 | my $ifaces = [ $vnetid ]; |
127 | my $err_msg = []; | |
880ae857 AD |
128 | foreach my $iface (@{$ifaces}) { |
129 | if (!$status->{$iface}->{status}) { | |
130 | push @$err_msg, "missing $iface"; | |
efe1459b | 131 | } elsif ($status->{$iface}->{status} ne 'pass') { |
880ae857 AD |
132 | push @$err_msg, "error iface $iface"; |
133 | } | |
134 | } | |
135 | return $err_msg; | |
136 | } | |
137 | ||
1d44ce70 | 138 | |
5ca07ed9 | 139 | sub vnet_update_hook { |
88d9562b | 140 | my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; |
5ca07ed9 | 141 | |
88d9562b AD |
142 | my $vnet = $vnet_cfg->{ids}->{$vnetid}; |
143 | my $tag = $vnet->{tag}; | |
144 | ||
145 | raise_param_exc({ tag => "vlan tag is not allowed on simple zone"}) if defined($tag); | |
5ca07ed9 AD |
146 | |
147 | if (!defined($vnet->{mac})) { | |
148 | my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg'); | |
149 | $vnet->{mac} = PVE::Tools::random_ether_addr($dc->{mac_prefix}); | |
150 | } | |
1d44ce70 AD |
151 | } |
152 | ||
880ae857 AD |
153 | 1; |
154 | ||
155 |