]>
Commit | Line | Data |
---|---|---|
1 | package PVE::Network::SDN::Zones; | |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use JSON; | |
7 | ||
8 | use PVE::Tools qw(extract_param dir_glob_regex run_command); | |
9 | use PVE::Cluster qw(cfs_read_file cfs_write_file cfs_lock_file); | |
10 | use PVE::Network; | |
11 | ||
12 | use PVE::Network::SDN::Vnets; | |
13 | use PVE::Network::SDN::Zones::VlanPlugin; | |
14 | use PVE::Network::SDN::Zones::QinQPlugin; | |
15 | use PVE::Network::SDN::Zones::VxlanPlugin; | |
16 | use PVE::Network::SDN::Zones::EvpnPlugin; | |
17 | use PVE::Network::SDN::Zones::FaucetPlugin; | |
18 | use PVE::Network::SDN::Zones::SimplePlugin; | |
19 | use PVE::Network::SDN::Zones::Plugin; | |
20 | ||
21 | PVE::Network::SDN::Zones::VlanPlugin->register(); | |
22 | PVE::Network::SDN::Zones::QinQPlugin->register(); | |
23 | PVE::Network::SDN::Zones::VxlanPlugin->register(); | |
24 | PVE::Network::SDN::Zones::EvpnPlugin->register(); | |
25 | PVE::Network::SDN::Zones::FaucetPlugin->register(); | |
26 | PVE::Network::SDN::Zones::SimplePlugin->register(); | |
27 | PVE::Network::SDN::Zones::Plugin->init(); | |
28 | ||
29 | my $local_network_sdn_file = "/etc/network/interfaces.d/sdn"; | |
30 | ||
31 | sub sdn_zones_config { | |
32 | my ($cfg, $id, $noerr) = @_; | |
33 | ||
34 | die "no sdn zone ID specified\n" if !$id; | |
35 | ||
36 | my $scfg = $cfg->{ids}->{$id}; | |
37 | die "sdn '$id' does not exist\n" if (!$noerr && !$scfg); | |
38 | ||
39 | return $scfg; | |
40 | } | |
41 | ||
42 | sub config { | |
43 | my $config = cfs_read_file("sdn/zones.cfg"); | |
44 | return $config; | |
45 | } | |
46 | ||
47 | sub get_plugin_config { | |
48 | my ($vnet) = @_; | |
49 | my $zoneid = $vnet->{zone}; | |
50 | my $zone_cfg = PVE::Network::SDN::Zones::config(); | |
51 | return $zone_cfg->{ids}->{$zoneid}; | |
52 | } | |
53 | ||
54 | sub write_config { | |
55 | my ($cfg) = @_; | |
56 | ||
57 | cfs_write_file("sdn/zones.cfg", $cfg); | |
58 | } | |
59 | ||
60 | sub sdn_zones_ids { | |
61 | my ($cfg) = @_; | |
62 | ||
63 | return sort keys %{$cfg->{ids}}; | |
64 | } | |
65 | ||
66 | sub complete_sdn_zone { | |
67 | my ($cmdname, $pname, $cvalue) = @_; | |
68 | ||
69 | my $cfg = PVE::Network::SDN::running_config(); | |
70 | ||
71 | return $cmdname eq 'add' ? [] : [ PVE::Network::SDN::sdn_zones_ids($cfg) ]; | |
72 | } | |
73 | ||
74 | sub get_zone { | |
75 | my ($zoneid, $running) = @_; | |
76 | ||
77 | my $cfg = {}; | |
78 | if($running) { | |
79 | my $cfg = PVE::Network::SDN::running_config(); | |
80 | $cfg = $cfg->{vnets}; | |
81 | } else { | |
82 | $cfg = PVE::Network::SDN::Zones::config(); | |
83 | } | |
84 | ||
85 | my $zone = PVE::Network::SDN::Zones::sdn_zones_config($cfg, $zoneid, 1); | |
86 | ||
87 | return $zone; | |
88 | } | |
89 | ||
90 | ||
91 | sub generate_etc_network_config { | |
92 | ||
93 | my $cfg = PVE::Network::SDN::running_config(); | |
94 | ||
95 | my $version = $cfg->{version}; | |
96 | my $vnet_cfg = $cfg->{vnets}; | |
97 | my $zone_cfg = $cfg->{zones}; | |
98 | my $subnet_cfg = $cfg->{subnets}; | |
99 | my $controller_cfg = $cfg->{controllers}; | |
100 | return if !$vnet_cfg && !$zone_cfg; | |
101 | ||
102 | my $interfaces_config = PVE::INotify::read_file('interfaces'); | |
103 | ||
104 | #generate configuration | |
105 | my $config = {}; | |
106 | my $nodename = PVE::INotify::nodename(); | |
107 | ||
108 | for my $id (sort keys %{$vnet_cfg->{ids}}) { | |
109 | my $vnet = $vnet_cfg->{ids}->{$id}; | |
110 | my $zone = $vnet->{zone}; | |
111 | ||
112 | if (!$zone) { | |
113 | warn "can't generate vnet '$id': no zone assigned!\n"; | |
114 | next; | |
115 | } | |
116 | ||
117 | my $plugin_config = $zone_cfg->{ids}->{$zone}; | |
118 | ||
119 | if (!defined($plugin_config)) { | |
120 | warn "can't generate vnet '$id': zone $zone don't exist\n"; | |
121 | next; | |
122 | } | |
123 | ||
124 | next if defined($plugin_config->{nodes}) && !$plugin_config->{nodes}->{$nodename}; | |
125 | ||
126 | my $controller; | |
127 | if (my $controllerid = $plugin_config->{controller}) { | |
128 | $controller = $controller_cfg->{ids}->{$controllerid}; | |
129 | } | |
130 | ||
131 | my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); | |
132 | eval { | |
133 | $plugin->generate_sdn_config($plugin_config, $zone, $id, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config); | |
134 | }; | |
135 | if (my $err = $@) { | |
136 | warn "zone $zone : vnet $id : $err\n"; | |
137 | next; | |
138 | } | |
139 | } | |
140 | ||
141 | my $raw_network_config = "\#version:$version\n"; | |
142 | foreach my $iface (sort keys %$config) { | |
143 | $raw_network_config .= "\n"; | |
144 | $raw_network_config .= "auto $iface\n"; | |
145 | $raw_network_config .= "iface $iface\n"; | |
146 | foreach my $option (@{$config->{$iface}}) { | |
147 | $raw_network_config .= "\t$option\n"; | |
148 | } | |
149 | } | |
150 | ||
151 | return $raw_network_config; | |
152 | } | |
153 | ||
154 | sub write_etc_network_config { | |
155 | my ($rawconfig) = @_; | |
156 | ||
157 | return if !$rawconfig; | |
158 | ||
159 | my $writefh = IO::File->new($local_network_sdn_file,">"); | |
160 | print $writefh $rawconfig; | |
161 | $writefh->close(); | |
162 | } | |
163 | ||
164 | sub read_etc_network_config_version { | |
165 | my $versionstr = PVE::Tools::file_read_firstline($local_network_sdn_file); | |
166 | ||
167 | return if !defined($versionstr); | |
168 | ||
169 | if ($versionstr =~ m/^\#version:(\d+)$/) { | |
170 | return $1; | |
171 | } | |
172 | } | |
173 | ||
174 | sub ifquery_check { | |
175 | ||
176 | my $cmd = ['ifquery', '-a', '-c', '-o','json']; | |
177 | ||
178 | my $result = ''; | |
179 | my $reader = sub { $result .= shift }; | |
180 | ||
181 | eval { | |
182 | run_command($cmd, outfunc => $reader); | |
183 | }; | |
184 | ||
185 | my $resultjson = decode_json($result); | |
186 | my $interfaces = {}; | |
187 | ||
188 | foreach my $interface (@$resultjson) { | |
189 | my $name = $interface->{name}; | |
190 | $interfaces->{$name} = { | |
191 | status => $interface->{status}, | |
192 | config => $interface->{config}, | |
193 | config_status => $interface->{config_status}, | |
194 | }; | |
195 | } | |
196 | ||
197 | return $interfaces; | |
198 | } | |
199 | ||
200 | my $warned_about_reload; | |
201 | ||
202 | sub status { | |
203 | ||
204 | my $err_config = undef; | |
205 | ||
206 | my $local_version = PVE::Network::SDN::Zones::read_etc_network_config_version(); | |
207 | my $cfg = PVE::Network::SDN::running_config(); | |
208 | my $sdn_version = $cfg->{version}; | |
209 | ||
210 | return if !$sdn_version; | |
211 | ||
212 | if (!$local_version) { | |
213 | $err_config = "local sdn network configuration is not yet generated, please reload"; | |
214 | if (!$warned_about_reload) { | |
215 | $warned_about_reload = 1; | |
216 | warn "$err_config\n"; | |
217 | } | |
218 | } elsif ($local_version < $sdn_version) { | |
219 | $err_config = "local sdn network configuration is too old, please reload"; | |
220 | if (!$warned_about_reload) { | |
221 | $warned_about_reload = 1; | |
222 | warn "$err_config\n"; | |
223 | } | |
224 | } else { | |
225 | $warned_about_reload = 0; | |
226 | } | |
227 | ||
228 | my $status = ifquery_check(); | |
229 | ||
230 | my $vnet_cfg = $cfg->{vnets}; | |
231 | my $zone_cfg = $cfg->{zones}; | |
232 | my $nodename = PVE::INotify::nodename(); | |
233 | ||
234 | my $vnet_status = {}; | |
235 | my $zone_status = {}; | |
236 | ||
237 | for my $id (sort keys %{$zone_cfg->{ids}}) { | |
238 | next if defined($zone_cfg->{ids}->{$id}->{nodes}) && !$zone_cfg->{ids}->{$id}->{nodes}->{$nodename}; | |
239 | $zone_status->{$id}->{status} = $err_config ? 'pending' : 'available'; | |
240 | } | |
241 | ||
242 | foreach my $id (sort keys %{$vnet_cfg->{ids}}) { | |
243 | my $vnet = $vnet_cfg->{ids}->{$id}; | |
244 | my $zone = $vnet->{zone}; | |
245 | next if !defined($zone); | |
246 | ||
247 | my $plugin_config = $zone_cfg->{ids}->{$zone}; | |
248 | ||
249 | if (!defined($plugin_config)) { | |
250 | $vnet_status->{$id}->{status} = 'error'; | |
251 | $vnet_status->{$id}->{statusmsg} = "unknown zone '$zone' configured"; | |
252 | next; | |
253 | } | |
254 | ||
255 | next if defined($plugin_config->{nodes}) && !$plugin_config->{nodes}->{$nodename}; | |
256 | ||
257 | $vnet_status->{$id}->{zone} = $zone; | |
258 | $vnet_status->{$id}->{status} = 'available'; | |
259 | ||
260 | if ($err_config) { | |
261 | $vnet_status->{$id}->{status} = 'pending'; | |
262 | $vnet_status->{$id}->{statusmsg} = $err_config; | |
263 | next; | |
264 | } | |
265 | ||
266 | my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); | |
267 | my $err_msg = $plugin->status($plugin_config, $zone, $id, $vnet, $status); | |
268 | if (@{$err_msg} > 0) { | |
269 | $vnet_status->{$id}->{status} = 'error'; | |
270 | $vnet_status->{$id}->{statusmsg} = join(',', @{$err_msg}); | |
271 | $zone_status->{$id}->{status} = 'error'; | |
272 | } | |
273 | } | |
274 | ||
275 | return ($zone_status, $vnet_status); | |
276 | } | |
277 | ||
278 | sub tap_create { | |
279 | my ($iface, $bridge) = @_; | |
280 | ||
281 | my $vnet = PVE::Network::SDN::Vnets::get_vnet($bridge, 1); | |
282 | if (!$vnet) { # fallback for classic bridge | |
283 | PVE::Network::tap_create($iface, $bridge); | |
284 | return; | |
285 | } | |
286 | ||
287 | my $plugin_config = get_plugin_config($vnet); | |
288 | my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); | |
289 | $plugin->tap_create($plugin_config, $vnet, $iface, $bridge); | |
290 | } | |
291 | ||
292 | sub veth_create { | |
293 | my ($veth, $vethpeer, $bridge, $hwaddr) = @_; | |
294 | ||
295 | my $vnet = PVE::Network::SDN::Vnets::get_vnet($bridge, 1); | |
296 | if (!$vnet) { # fallback for classic bridge | |
297 | PVE::Network::veth_create($veth, $vethpeer, $bridge, $hwaddr); | |
298 | return; | |
299 | } | |
300 | ||
301 | my $plugin_config = get_plugin_config($vnet); | |
302 | my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); | |
303 | $plugin->veth_create($plugin_config, $vnet, $veth, $vethpeer, $bridge, $hwaddr); | |
304 | } | |
305 | ||
306 | sub tap_plug { | |
307 | my ($iface, $bridge, $tag, $firewall, $trunks, $rate) = @_; | |
308 | ||
309 | my $vnet = PVE::Network::SDN::Vnets::get_vnet($bridge, 1); | |
310 | if (!$vnet) { # fallback for classic bridge | |
311 | my $interfaces_config = PVE::INotify::read_file('interfaces'); | |
312 | my $opts = {}; | |
313 | $opts->{learning} = 0 if $interfaces_config->{ifaces}->{$bridge} && $interfaces_config->{ifaces}->{$bridge}->{'bridge-disable-mac-learning'}; | |
314 | PVE::Network::tap_plug($iface, $bridge, $tag, $firewall, $trunks, $rate, $opts); | |
315 | return; | |
316 | } | |
317 | ||
318 | my $plugin_config = get_plugin_config($vnet); | |
319 | my $nodename = PVE::INotify::nodename(); | |
320 | ||
321 | die "vnet $bridge is not allowed on this node\n" | |
322 | if $plugin_config->{nodes} && !defined($plugin_config->{nodes}->{$nodename}); | |
323 | ||
324 | my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); | |
325 | $plugin->tap_plug($plugin_config, $vnet, $tag, $iface, $bridge, $firewall, $trunks, $rate); | |
326 | } | |
327 | ||
328 | sub add_bridge_fdb { | |
329 | my ($iface, $macaddr, $bridge, $firewall) = @_; | |
330 | ||
331 | my $vnet = PVE::Network::SDN::Vnets::get_vnet($bridge, 1); | |
332 | if (!$vnet) { # fallback for classic bridge | |
333 | PVE::Network::add_bridge_fdb($iface, $macaddr, $firewall); | |
334 | return; | |
335 | } | |
336 | ||
337 | my $plugin_config = get_plugin_config($vnet); | |
338 | my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); | |
339 | PVE::Network::add_bridge_fdb($iface, $macaddr, $firewall) if $plugin_config->{'bridge-disable-mac-learning'}; | |
340 | } | |
341 | ||
342 | sub del_bridge_fdb { | |
343 | my ($iface, $macaddr, $bridge, $firewall) = @_; | |
344 | ||
345 | my $vnet = PVE::Network::SDN::Vnets::get_vnet($bridge, 1); | |
346 | if (!$vnet) { # fallback for classic bridge | |
347 | PVE::Network::del_bridge_fdb($iface, $macaddr, $firewall); | |
348 | return; | |
349 | } | |
350 | ||
351 | my $plugin_config = get_plugin_config($vnet); | |
352 | my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); | |
353 | PVE::Network::del_bridge_fdb($iface, $macaddr, $firewall) if $plugin_config->{'bridge-disable-mac-learning'}; | |
354 | } | |
355 | ||
356 | 1; | |
357 |