PVE/Network/SDN/Zones/Plugin.pm

   1 package PVE::Network::SDN::Zones::Plugin;
   2
   3 use strict;
   4 use warnings;
   5
   6 use PVE::Tools qw(run_command);
   7 use PVE::JSONSchema;
   8 use PVE::Cluster;
   9 use PVE::Network;
  10
  11 use PVE::JSONSchema qw(get_standard_option);
  12 use base qw(PVE::SectionConfig);
  13
  14 PVE::Cluster::cfs_register_file(
  15     'sdn/zones.cfg',
  16     sub { __PACKAGE__->parse_config(@_); },
  17     sub { __PACKAGE__->write_config(@_); },
  18 );
  19
  20 PVE::JSONSchema::register_standard_option('pve-sdn-zone-id', {
  21     description => "The SDN zone object identifier.",
  22     type => 'string', format => 'pve-sdn-zone-id',
  23 });
  24
  25 PVE::JSONSchema::register_format('pve-sdn-zone-id', \&parse_sdn_zone_id);
  26 sub parse_sdn_zone_id {
  27     my ($id, $noerr) = @_;
  28
  29     if ($id !~ m/^[a-z][a-z0-9]*[a-z0-9]$/i) {
  30         return undef if $noerr;
  31         die "zone ID '$id' contains illegal characters\n";
  32     }
  33     die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8;
  34     return $id;
  35 }
  36
  37 my $defaultData = {
  38
  39     propertyList => {
  40         type => {
  41             description => "Plugin type.",
  42             type => 'string', format => 'pve-configid',
  43             type => 'string',
  44         },
  45         nodes => get_standard_option('pve-node-list', { optional => 1 }),
  46         zone => get_standard_option('pve-sdn-zone-id', {
  47             completion => \&PVE::Network::SDN::Zones::complete_sdn_zone,
  48         }),
  49         ipam => {
  50             type => 'string',
  51             description => "use a specific ipam",
  52         },
  53     },
  54 };
  55
  56 sub private {
  57     return $defaultData;
  58 }
  59
  60 sub parse_section_header {
  61     my ($class, $line) = @_;
  62
  63     if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
  64         my ($type, $id) = (lc($1), $2);
  65         my $errmsg = undef; # set if you want to skip whole section
  66         eval { PVE::JSONSchema::pve_verify_configid($type); };
  67         $errmsg = $@ if $@;
  68         my $config = {}; # to return additional attributes
  69         return ($type, $id, $errmsg, $config);
  70     }
  71     return undef;
  72 }
  73
  74 sub decode_value {
  75     my ($class, $type, $key, $value) = @_;
  76
  77     if ($key eq 'nodes' || $key eq 'exitnodes') {
  78         my $res = {};
  79
  80         foreach my $node (PVE::Tools::split_list($value)) {
  81             if (PVE::JSONSchema::pve_verify_node_name($node)) {
  82                 $res->{$node} = 1;
  83             }
  84         }
  85
  86         return $res;
  87     }
  88
  89     return $value;
  90 }
  91
  92 sub encode_value {
  93     my ($class, $type, $key, $value) = @_;
  94
  95     if ($key eq 'nodes' || $key eq 'exitnodes') {
  96         return join(',', keys(%$value));
  97     }
  98
  99     return $value;
 100 }
 101
 102 sub generate_sdn_config {
 103     my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_;
 104
 105     die "please implement inside plugin";
 106 }
 107
 108 sub generate_controller_config {
 109     my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_;
 110
 111     die "please implement inside plugin";
 112 }
 113
 114 sub generate_controller_vnet_config {
 115     my ($class, $plugin_config, $controller, $zoneid, $vnetid, $config) = @_;
 116
 117 }
 118
 119 sub write_controller_config {
 120     my ($class, $plugin_config, $config) = @_;
 121
 122     die "please implement inside plugin";
 123 }
 124
 125 sub controller_reload {
 126     my ($class) = @_;
 127
 128     die "please implement inside plugin";
 129 }
 130
 131 sub on_delete_hook {
 132     my ($class, $zoneid, $vnet_cfg) = @_;
 133
 134     # verify that no vnet are associated to this zone
 135     foreach my $id (keys %{$vnet_cfg->{ids}}) {
 136         my $vnet = $vnet_cfg->{ids}->{$id};
 137         die "zone $zoneid is used by vnet $id"
 138             if ($vnet->{type} eq 'vnet' && defined($vnet->{zone}) && $vnet->{zone} eq $zoneid);
 139     }
 140 }
 141
 142 sub on_update_hook {
 143     my ($class, $zoneid, $zone_cfg, $controller_cfg) = @_;
 144
 145     # do nothing by default
 146 }
 147
 148 sub vnet_update_hook {
 149     my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_;
 150
 151     # do nothing by default
 152 }
 153
 154 #helpers
 155 sub parse_tag_number_or_range {
 156     my ($str, $max, $tag) = @_;
 157
 158     my @elements = split(/,/, $str);
 159     my $count = 0;
 160     my $allowed = undef;
 161
 162     die "extraneous commas in list\n" if $str ne join(',', @elements);
 163     foreach my $item (@elements) {
 164         if ($item =~ m/^([0-9]+)-([0-9]+)$/) {
 165             $count += 2;
 166             my ($port1, $port2) = ($1, $2);
 167             die "invalid port '$port1'\n" if $port1 > $max;
 168             die "invalid port '$port2'\n" if $port2 > $max;
 169             die "backwards range '$port1:$port2' not allowed, did you mean '$port2:$port1'?\n" if $port1 > $port2;
 170
 171             if ($tag && $tag >= $port1 && $tag <= $port2){
 172                 $allowed = 1;
 173                 last;
 174             }
 175
 176         } elsif ($item =~ m/^([0-9]+)$/) {
 177             $count += 1;
 178             my $port = $1;
 179             die "invalid port '$port'\n" if $port > $max;
 180
 181             if ($tag && $tag == $port){
 182                 $allowed = 1;
 183                 last;
 184             }
 185         }
 186     }
 187     die "tag $tag is not allowed" if $tag && !$allowed;
 188
 189     return (scalar(@elements) > 1);
 190 }
 191
 192 sub status {
 193     my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_;
 194
 195     my $err_msg = [];
 196
 197     # ifaces to check
 198     my $ifaces = [ $vnetid ];
 199
 200     foreach my $iface (@{$ifaces}) {
 201         if (!$status->{$iface}->{status}) {
 202             push @$err_msg, "missing $iface";
 203         } elsif ($status->{$iface}->{status} ne 'pass') {
 204             push @$err_msg, "error $iface";
 205         }
 206     }
 207     return $err_msg;
 208 }
 209
 210
 211 sub tap_create {
 212     my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;
 213
 214     PVE::Network::tap_create($iface, $vnetid);
 215 }
 216
 217 sub veth_create {
 218     my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;
 219
 220     PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
 221 }
 222
 223 sub tap_plug {
 224     my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;
 225
 226     my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
 227     die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks);
 228
 229     PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
 230 }
 231
 232 #helper
 233
 234 sub get_uplink_iface {
 235     my ($interfaces_config, $uplink) = @_;
 236
 237     my $iface = undef;
 238     foreach my $id (keys %{$interfaces_config->{ifaces}}) {
 239         my $interface = $interfaces_config->{ifaces}->{$id};
 240         if (my $iface_uplink = $interface->{'uplink-id'}) {
 241             next if $iface_uplink ne $uplink;
 242             if($interface->{type} ne 'eth' && $interface->{type} ne 'bond') {
 243                 warn "uplink $uplink is not a physical or bond interface";
 244                 next;
 245             }
 246             $iface = $id;
 247         }
 248     }
 249
 250     #create a dummy uplink interface if no uplink found
 251     if(!$iface) {
 252         warn "can't find uplink $uplink in physical interface";
 253         $iface = "uplink${uplink}";
 254     }
 255
 256     return $iface;
 257 }
 258
 259 sub get_local_route_ip {
 260     my ($targetip) = @_;
 261
 262     my $ip = undef;
 263     my $interface = undef;
 264
 265     run_command(['/sbin/ip', 'route', 'get', $targetip], outfunc => sub {
 266         if ($_[0] =~ m/src ($PVE::Tools::IPRE)/) {
 267             $ip = $1;
 268         }
 269         if ($_[0] =~ m/dev (\S+)/) {
 270             $interface = $1;
 271         }
 272
 273     });
 274     return ($ip, $interface);
 275 }
 276
 277
 278 sub find_local_ip_interface_peers {
 279     my ($peers, $iface) = @_;
 280
 281     my $network_config = PVE::INotify::read_file('interfaces');
 282     my $ifaces = $network_config->{ifaces};
 283
 284     #if iface is defined, return ip if exist (if not,try to find it on other ifaces)
 285     if ($iface) {
 286         my $ip = $ifaces->{$iface}->{address};
 287         return ($ip,$iface) if $ip;
 288     }
 289
 290     #is a local ip member of peers list ?
 291     foreach my $address (@{$peers}) {
 292         while (my $interface = each %$ifaces) {
 293             my $ip = $ifaces->{$interface}->{address};
 294             if ($ip && $ip eq $address) {
 295                 return ($ip, $interface);
 296             }
 297         }
 298     }
 299
 300     #if peer is remote, find source with ip route
 301     foreach my $address (@{$peers}) {
 302         my ($ip, $interface) = get_local_route_ip($address);
 303         return ($ip, $interface);
 304     }
 305 }
 306
 307 sub find_bridge {
 308     my ($bridge) = @_;
 309
 310     die "can't find bridge $bridge" if !-d "/sys/class/net/$bridge";
 311 }
 312
 313 sub is_vlanaware {
 314     my ($bridge) = @_;
 315
 316     return PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering");
 317 }
 318
 319 sub is_ovs {
 320     my ($bridge) = @_;
 321
 322     my $is_ovs = !-d "/sys/class/net/$bridge/brif";
 323     return $is_ovs;
 324 }
 325
 326 sub get_bridge_ifaces {
 327     my ($bridge) = @_;
 328
 329     my @bridge_ifaces = ();
 330     my $dir = "/sys/class/net/$bridge/brif";
 331     PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub {
 332         push @bridge_ifaces, $_[0];
 333     });
 334
 335     return @bridge_ifaces;
 336 }
 337 1;