tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

move network config to pbs_config workspace

Browse Source
This commit is contained in:
Dietmar Maurer
2021-09-08 12:22:48 +02:00
parent 5af3bcf062
commit 6f4228809e
13 changed files with 563 additions and 537 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pbs-api-types/src/lib.rs
View File

@ -40,6 +40,9 @@ pub use jobs::*;
mod key_derivation;
pub use key_derivation::{Kdf, KeyInfo};
mod network;
pub use network::*;
#[macro_use]
mod userid;
pub use userid::Authid;

308
pbs-api-types/src/network.rs Normal file
View File

@ -0,0 +1,308 @@
use serde::{Deserialize, Serialize};
use proxmox::api::{api, schema::*};
use crate::{
PROXMOX_SAFE_ID_REGEX,
IP_V4_FORMAT, IP_V6_FORMAT, IP_FORMAT,
CIDR_V4_FORMAT, CIDR_V6_FORMAT, CIDR_FORMAT,
};
pub const NETWORK_INTERFACE_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&PROXMOX_SAFE_ID_REGEX);
pub const IP_V4_SCHEMA: Schema =
StringSchema::new("IPv4 address.")
.format(&IP_V4_FORMAT)
.max_length(15)
.schema();
pub const IP_V6_SCHEMA: Schema =
StringSchema::new("IPv6 address.")
.format(&IP_V6_FORMAT)
.max_length(39)
.schema();
pub const IP_SCHEMA: Schema =
StringSchema::new("IP (IPv4 or IPv6) address.")
.format(&IP_FORMAT)
.max_length(39)
.schema();
pub const CIDR_V4_SCHEMA: Schema =
StringSchema::new("IPv4 address with netmask (CIDR notation).")
.format(&CIDR_V4_FORMAT)
.max_length(18)
.schema();
pub const CIDR_V6_SCHEMA: Schema =
StringSchema::new("IPv6 address with netmask (CIDR notation).")
.format(&CIDR_V6_FORMAT)
.max_length(43)
.schema();
pub const CIDR_SCHEMA: Schema =
StringSchema::new("IP address (IPv4 or IPv6) with netmask (CIDR notation).")
.format(&CIDR_FORMAT)
.max_length(43)
.schema();
#[api()]
#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
/// Interface configuration method
pub enum NetworkConfigMethod {
/// Configuration is done manually using other tools
Manual,
/// Define interfaces with statically allocated addresses.
Static,
/// Obtain an address via DHCP
DHCP,
/// Define the loopback interface.
Loopback,
}
#[api()]
#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "kebab-case")]
#[allow(non_camel_case_types)]
#[repr(u8)]
/// Linux Bond Mode
pub enum LinuxBondMode {
/// Round-robin policy
balance_rr = 0,
/// Active-backup policy
active_backup = 1,
/// XOR policy
balance_xor = 2,
/// Broadcast policy
broadcast = 3,
/// IEEE 802.3ad Dynamic link aggregation
#[serde(rename = "802.3ad")]
ieee802_3ad = 4,
/// Adaptive transmit load balancing
balance_tlb = 5,
/// Adaptive load balancing
balance_alb = 6,
}
#[api()]
#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "kebab-case")]
#[allow(non_camel_case_types)]
#[repr(u8)]
/// Bond Transmit Hash Policy for LACP (802.3ad)
pub enum BondXmitHashPolicy {
/// Layer 2
layer2 = 0,
/// Layer 2+3
#[serde(rename = "layer2+3")]
layer2_3 = 1,
/// Layer 3+4
#[serde(rename = "layer3+4")]
layer3_4 = 2,
}
#[api()]
#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
/// Network interface type
pub enum NetworkInterfaceType {
/// Loopback
Loopback,
/// Physical Ethernet device
Eth,
/// Linux Bridge
Bridge,
/// Linux Bond
Bond,
/// Linux VLAN (eth.10)
Vlan,
/// Interface Alias (eth:1)
Alias,
/// Unknown interface type
Unknown,
}
pub const NETWORK_INTERFACE_NAME_SCHEMA: Schema = StringSchema::new("Network interface name.")
.format(&NETWORK_INTERFACE_FORMAT)
.min_length(1)
.max_length(libc::IFNAMSIZ-1)
.schema();
pub const NETWORK_INTERFACE_ARRAY_SCHEMA: Schema = ArraySchema::new(
"Network interface list.", &NETWORK_INTERFACE_NAME_SCHEMA)
.schema();
pub const NETWORK_INTERFACE_LIST_SCHEMA: Schema = StringSchema::new(
"A list of network devices, comma separated.")
.format(&ApiStringFormat::PropertyString(&NETWORK_INTERFACE_ARRAY_SCHEMA))
.schema();
#[api(
properties: {
name: {
schema: NETWORK_INTERFACE_NAME_SCHEMA,
},
"type": {
type: NetworkInterfaceType,
},
method: {
type: NetworkConfigMethod,
optional: true,
},
method6: {
type: NetworkConfigMethod,
optional: true,
},
cidr: {
schema: CIDR_V4_SCHEMA,
optional: true,
},
cidr6: {
schema: CIDR_V6_SCHEMA,
optional: true,
},
gateway: {
schema: IP_V4_SCHEMA,
optional: true,
},
gateway6: {
schema: IP_V6_SCHEMA,
optional: true,
},
options: {
description: "Option list (inet)",
type: Array,
items: {
description: "Optional attribute line.",
type: String,
},
},
options6: {
description: "Option list (inet6)",
type: Array,
items: {
description: "Optional attribute line.",
type: String,
},
},
comments: {
description: "Comments (inet, may span multiple lines)",
type: String,
optional: true,
},
comments6: {
description: "Comments (inet6, may span multiple lines)",
type: String,
optional: true,
},
bridge_ports: {
schema: NETWORK_INTERFACE_ARRAY_SCHEMA,
optional: true,
},
slaves: {
schema: NETWORK_INTERFACE_ARRAY_SCHEMA,
optional: true,
},
bond_mode: {
type: LinuxBondMode,
optional: true,
},
"bond-primary": {
schema: NETWORK_INTERFACE_NAME_SCHEMA,
optional: true,
},
bond_xmit_hash_policy: {
type: BondXmitHashPolicy,
optional: true,
},
}
)]
#[derive(Debug, Serialize, Deserialize)]
/// Network Interface configuration
pub struct Interface {
/// Autostart interface
#[serde(rename = "autostart")]
pub autostart: bool,
/// Interface is active (UP)
pub active: bool,
/// Interface name
pub name: String,
/// Interface type
#[serde(rename = "type")]
pub interface_type: NetworkInterfaceType,
#[serde(skip_serializing_if="Option::is_none")]
pub method: Option<NetworkConfigMethod>,
#[serde(skip_serializing_if="Option::is_none")]
pub method6: Option<NetworkConfigMethod>,
#[serde(skip_serializing_if="Option::is_none")]
/// IPv4 address with netmask
pub cidr: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
/// IPv4 gateway
pub gateway: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
/// IPv6 address with netmask
pub cidr6: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
/// IPv6 gateway
pub gateway6: Option<String>,
#[serde(skip_serializing_if="Vec::is_empty")]
pub options: Vec<String>,
#[serde(skip_serializing_if="Vec::is_empty")]
pub options6: Vec<String>,
#[serde(skip_serializing_if="Option::is_none")]
pub comments: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
pub comments6: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
/// Maximum Transmission Unit
pub mtu: Option<u64>,
#[serde(skip_serializing_if="Option::is_none")]
pub bridge_ports: Option<Vec<String>>,
/// Enable bridge vlan support.
#[serde(skip_serializing_if="Option::is_none")]
pub bridge_vlan_aware: Option<bool>,
#[serde(skip_serializing_if="Option::is_none")]
pub slaves: Option<Vec<String>>,
#[serde(skip_serializing_if="Option::is_none")]
pub bond_mode: Option<LinuxBondMode>,
#[serde(skip_serializing_if="Option::is_none")]
#[serde(rename = "bond-primary")]
pub bond_primary: Option<String>,
pub bond_xmit_hash_policy: Option<BondXmitHashPolicy>,
}
impl Interface {
pub fn new(name: String) -> Self {
Self {
name,
interface_type: NetworkInterfaceType::Unknown,
autostart: false,
active: false,
method: None,
method6: None,
cidr: None,
gateway: None,
cidr6: None,
gateway6: None,
options: Vec::new(),
options6: Vec::new(),
comments: None,
comments6: None,
mtu: None,
bridge_ports: None,
bridge_vlan_aware: None,
slaves: None,
bond_mode: None,
bond_primary: None,
bond_xmit_hash_policy: None,
}
}
}

2
pbs-config/Cargo.toml
View File

@ -6,12 +6,14 @@ edition = "2018"
description = "Configuration file management for PBS"
[dependencies]
libc = "0.2"
anyhow = "1.0"
lazy_static = "1.4"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
openssl = "0.10"
nix = "0.19.1"
regex = "1.2"
proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] }

1
pbs-config/src/lib.rs
View File

@ -2,6 +2,7 @@ pub mod domains;
pub mod drive;
pub mod key_config;
pub mod media_pool;
pub mod network;
pub mod remote;
pub mod sync;
pub mod tape_encryption_keys;

0
src/config/network/helper.rs → pbs-config/src/network/helper.rs
View File

0
src/config/network/lexer.rs → pbs-config/src/network/lexer.rs
View File

362
src/config/network/mod.rs → pbs-config/src/network/mod.rs
View File

@ -17,7 +17,9 @@ pub use lexer::*;
mod parser;
pub use parser::*;
use crate::api2::types::{Interface, NetworkConfigMethod, NetworkInterfaceType, LinuxBondMode, BondXmitHashPolicy};
use pbs_api_types::{Interface, NetworkConfigMethod, NetworkInterfaceType, LinuxBondMode, BondXmitHashPolicy};
use crate::{open_backup_lockfile, BackupLockGuard};
lazy_static!{
static ref PHYSICAL_NIC_REGEX: Regex = Regex::new(r"^(?:eth\d+|en[^:.]+|ib\d+)$").unwrap();
@ -57,258 +59,150 @@ pub fn bond_xmit_hash_policy_to_str(policy: &BondXmitHashPolicy) -> &'static str
}
}
impl Interface {
// Write attributes not depending on address family
fn write_iface_attributes(iface: &Interface, w: &mut dyn Write) -> Result<(), Error> {
pub fn new(name: String) -> Self {
Self {
name,
interface_type: NetworkInterfaceType::Unknown,
autostart: false,
active: false,
method: None,
method6: None,
cidr: None,
gateway: None,
cidr6: None,
gateway6: None,
options: Vec::new(),
options6: Vec::new(),
comments: None,
comments6: None,
mtu: None,
bridge_ports: None,
bridge_vlan_aware: None,
slaves: None,
bond_mode: None,
bond_primary: None,
bond_xmit_hash_policy: None,
static EMPTY_LIST: Vec<String> = Vec::new();
match iface.interface_type {
NetworkInterfaceType::Bridge => {
if let Some(true) = iface.bridge_vlan_aware {
writeln!(w, "\tbridge-vlan-aware yes")?;
}
let ports = iface.bridge_ports.as_ref().unwrap_or(&EMPTY_LIST);
if ports.is_empty() {
writeln!(w, "\tbridge-ports none")?;
} else {
writeln!(w, "\tbridge-ports {}", ports.join(" "))?;
}
}
}
fn set_method_v4(&mut self, method: NetworkConfigMethod) -> Result<(), Error> {
if self.method.is_none() {
self.method = Some(method);
} else {
bail!("inet configuration method already set.");
}
Ok(())
}
fn set_method_v6(&mut self, method: NetworkConfigMethod) -> Result<(), Error> {
if self.method6.is_none() {
self.method6 = Some(method);
} else {
bail!("inet6 configuration method already set.");
}
Ok(())
}
fn set_cidr_v4(&mut self, address: String) -> Result<(), Error> {
if self.cidr.is_none() {
self.cidr = Some(address);
} else {
bail!("duplicate IPv4 address.");
}
Ok(())
}
fn set_gateway_v4(&mut self, gateway: String) -> Result<(), Error> {
if self.gateway.is_none() {
self.gateway = Some(gateway);
} else {
bail!("duplicate IPv4 gateway.");
}
Ok(())
}
fn set_cidr_v6(&mut self, address: String) -> Result<(), Error> {
if self.cidr6.is_none() {
self.cidr6 = Some(address);
} else {
bail!("duplicate IPv6 address.");
}
Ok(())
}
fn set_gateway_v6(&mut self, gateway: String) -> Result<(), Error> {
if self.gateway6.is_none() {
self.gateway6 = Some(gateway);
} else {
bail!("duplicate IPv4 gateway.");
}
Ok(())
}
fn set_interface_type(&mut self, interface_type: NetworkInterfaceType) -> Result<(), Error> {
if self.interface_type == NetworkInterfaceType::Unknown {
self.interface_type = interface_type;
} else if self.interface_type != interface_type {
bail!("interface type already defined - cannot change from {:?} to {:?}", self.interface_type, interface_type);
}
Ok(())
}
pub(crate) fn set_bridge_ports(&mut self, ports: Vec<String>) -> Result<(), Error> {
if self.interface_type != NetworkInterfaceType::Bridge {
bail!("interface '{}' is no bridge (type is {:?})", self.name, self.interface_type);
}
self.bridge_ports = Some(ports);
Ok(())
}
pub(crate) fn set_bond_slaves(&mut self, slaves: Vec<String>) -> Result<(), Error> {
if self.interface_type != NetworkInterfaceType::Bond {
bail!("interface '{}' is no bond (type is {:?})", self.name, self.interface_type);
}
self.slaves = Some(slaves);
Ok(())
}
/// Write attributes not depending on address family
fn write_iface_attributes(&self, w: &mut dyn Write) -> Result<(), Error> {
static EMPTY_LIST: Vec<String> = Vec::new();
match self.interface_type {
NetworkInterfaceType::Bridge => {
if let Some(true) = self.bridge_vlan_aware {
writeln!(w, "\tbridge-vlan-aware yes")?;
}
let ports = self.bridge_ports.as_ref().unwrap_or(&EMPTY_LIST);
if ports.is_empty() {
writeln!(w, "\tbridge-ports none")?;
} else {
writeln!(w, "\tbridge-ports {}", ports.join(" "))?;
NetworkInterfaceType::Bond => {
let mode = iface.bond_mode.unwrap_or(LinuxBondMode::balance_rr);
writeln!(w, "\tbond-mode {}", bond_mode_to_str(mode))?;
if let Some(primary) = &iface.bond_primary {
if mode == LinuxBondMode::active_backup {
writeln!(w, "\tbond-primary {}", primary)?;
}
}
NetworkInterfaceType::Bond => {
let mode = self.bond_mode.unwrap_or(LinuxBondMode::balance_rr);
writeln!(w, "\tbond-mode {}", bond_mode_to_str(mode))?;
if let Some(primary) = &self.bond_primary {
if mode == LinuxBondMode::active_backup {
writeln!(w, "\tbond-primary {}", primary)?;
}
}
if let Some(xmit_policy) = &self.bond_xmit_hash_policy {
if mode == LinuxBondMode::ieee802_3ad ||
mode == LinuxBondMode::balance_xor
{
writeln!(w, "\tbond_xmit_hash_policy {}", bond_xmit_hash_policy_to_str(xmit_policy))?;
}
}
let slaves = self.slaves.as_ref().unwrap_or(&EMPTY_LIST);
if slaves.is_empty() {
writeln!(w, "\tbond-slaves none")?;
} else {
writeln!(w, "\tbond-slaves {}", slaves.join(" "))?;
if let Some(xmit_policy) = &iface.bond_xmit_hash_policy {
if mode == LinuxBondMode::ieee802_3ad ||
mode == LinuxBondMode::balance_xor
{
writeln!(w, "\tbond_xmit_hash_policy {}", bond_xmit_hash_policy_to_str(xmit_policy))?;
}
}
_ => {}
}
if let Some(mtu) = self.mtu {
writeln!(w, "\tmtu {}", mtu)?;
let slaves = iface.slaves.as_ref().unwrap_or(&EMPTY_LIST);
if slaves.is_empty() {
writeln!(w, "\tbond-slaves none")?;
} else {
writeln!(w, "\tbond-slaves {}", slaves.join(" "))?;
}
}
Ok(())
_ => {}
}
/// Write attributes depending on address family inet (IPv4)
fn write_iface_attributes_v4(&self, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> {
if method == NetworkConfigMethod::Static {
if let Some(address) = &self.cidr {
writeln!(w, "\taddress {}", address)?;
}
if let Some(gateway) = &self.gateway {
writeln!(w, "\tgateway {}", gateway)?;
}
}
for option in &self.options {
writeln!(w, "\t{}", option)?;
}
if let Some(ref comments) = self.comments {
for comment in comments.lines() {
writeln!(w, "#{}", comment)?;
}
}
Ok(())
if let Some(mtu) = iface.mtu {
writeln!(w, "\tmtu {}", mtu)?;
}
/// Write attributes depending on address family inet6 (IPv6)
fn write_iface_attributes_v6(&self, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> {
if method == NetworkConfigMethod::Static {
if let Some(address) = &self.cidr6 {
writeln!(w, "\taddress {}", address)?;
}
if let Some(gateway) = &self.gateway6 {
writeln!(w, "\tgateway {}", gateway)?;
}
}
Ok(())
}
for option in &self.options6 {
writeln!(w, "\t{}", option)?;
// Write attributes depending on address family inet (IPv4)
fn write_iface_attributes_v4(iface: &Interface, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> {
if method == NetworkConfigMethod::Static {
if let Some(address) = &iface.cidr {
writeln!(w, "\taddress {}", address)?;
}
if let Some(ref comments) = self.comments6 {
for comment in comments.lines() {
writeln!(w, "#{}", comment)?;
}
if let Some(gateway) = &iface.gateway {
writeln!(w, "\tgateway {}", gateway)?;
}
Ok(())
}
fn write_iface(&self, w: &mut dyn Write) -> Result<(), Error> {
for option in &iface.options {
writeln!(w, "\t{}", option)?;
}
fn method_to_str(method: NetworkConfigMethod) -> &'static str {
match method {
NetworkConfigMethod::Static => "static",
NetworkConfigMethod::Loopback => "loopback",
NetworkConfigMethod::Manual => "manual",
NetworkConfigMethod::DHCP => "dhcp",
if let Some(ref comments) = iface.comments {
for comment in comments.lines() {
writeln!(w, "#{}", comment)?;
}
}
Ok(())
}
/// Write attributes depending on address family inet6 (IPv6)
fn write_iface_attributes_v6(iface: &Interface, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> {
if method == NetworkConfigMethod::Static {
if let Some(address) = &iface.cidr6 {
writeln!(w, "\taddress {}", address)?;
}
if let Some(gateway) = &iface.gateway6 {
writeln!(w, "\tgateway {}", gateway)?;
}
}
for option in &iface.options6 {
writeln!(w, "\t{}", option)?;
}
if let Some(ref comments) = iface.comments6 {
for comment in comments.lines() {
writeln!(w, "#{}", comment)?;
}
}
Ok(())
}
fn write_iface(iface: &Interface, w: &mut dyn Write) -> Result<(), Error> {
fn method_to_str(method: NetworkConfigMethod) -> &'static str {
match method {
NetworkConfigMethod::Static => "static",
NetworkConfigMethod::Loopback => "loopback",
NetworkConfigMethod::Manual => "manual",
NetworkConfigMethod::DHCP => "dhcp",
}
}
if iface.method.is_none() && iface.method6.is_none() { return Ok(()); }
if iface.autostart {
writeln!(w, "auto {}", iface.name)?;
}
if let Some(method) = iface.method {
writeln!(w, "iface {} inet {}", iface.name, method_to_str(method))?;
write_iface_attributes_v4(iface, w, method)?;
write_iface_attributes(iface, w)?;
writeln!(w)?;
}
if let Some(method6) = iface.method6 {
let mut skip_v6 = false; // avoid empty inet6 manual entry
if iface.method.is_some()
&& method6 == NetworkConfigMethod::Manual
&& iface.comments6.is_none()
&& iface.options6.is_empty()
{
skip_v6 = true;
}
if !skip_v6 {
writeln!(w, "iface {} inet6 {}", iface.name, method_to_str(method6))?;
write_iface_attributes_v6(iface, w, method6)?;
if iface.method.is_none() { // only write common attributes once
write_iface_attributes(iface, w)?;
}
}
if self.method.is_none() && self.method6.is_none() { return Ok(()); }
if self.autostart {
writeln!(w, "auto {}", self.name)?;
}
if let Some(method) = self.method {
writeln!(w, "iface {} inet {}", self.name, method_to_str(method))?;
self.write_iface_attributes_v4(w, method)?;
self.write_iface_attributes(w)?;
writeln!(w)?;
}
if let Some(method6) = self.method6 {
let mut skip_v6 = false; // avoid empty inet6 manual entry
if self.method.is_some()
&& method6 == NetworkConfigMethod::Manual
&& self.comments6.is_none()
&& self.options6.is_empty()
{
skip_v6 = true;
}
if !skip_v6 {
writeln!(w, "iface {} inet6 {}", self.name, method_to_str(method6))?;
self.write_iface_attributes_v6(w, method6)?;
if self.method.is_none() { // only write common attributes once
self.write_iface_attributes(w)?;
}
writeln!(w)?;
}
}
Ok(())
}
Ok(())
}
#[derive(Debug)]
@ -492,14 +386,14 @@ impl NetworkConfig {
if done.contains(name) { continue; }
done.insert(name);
interface.write_iface(w)?;
write_iface(interface, w)?;
}
}
}
for (name, interface) in &self.interfaces {
if done.contains(name) { continue; }
interface.write_iface(w)?;
write_iface(interface, w)?;
}
Ok(())
}
@ -509,6 +403,10 @@ pub const NETWORK_INTERFACES_FILENAME: &str = "/etc/network/interfaces";
pub const NETWORK_INTERFACES_NEW_FILENAME: &str = "/etc/network/interfaces.new";
pub const NETWORK_LOCKFILE: &str = "/var/lock/pve-network.lck";
pub fn lock_config() -> Result<BackupLockGuard, Error> {
open_backup_lockfile(NETWORK_LOCKFILE, None, true)
}
pub fn config() -> Result<(NetworkConfig, [u8;32]), Error> {
let content = match proxmox::tools::fs::file_get_optional_contents(NETWORK_INTERFACES_NEW_FILENAME)? {

91
src/config/network/parser.rs → pbs-config/src/network/parser.rs
View File

@ -11,6 +11,69 @@ use super::lexer::*;
use super::{NetworkConfig, NetworkOrderEntry, Interface, NetworkConfigMethod, NetworkInterfaceType, bond_mode_from_str, bond_xmit_hash_policy_from_str};
fn set_method_v4(iface: &mut Interface, method: NetworkConfigMethod) -> Result<(), Error> {
if iface.method.is_none() {
iface.method = Some(method);
} else {
bail!("inet configuration method already set.");
}
Ok(())
}
fn set_method_v6(iface: &mut Interface, method: NetworkConfigMethod) -> Result<(), Error> {
if iface.method6.is_none() {
iface.method6 = Some(method);
} else {
bail!("inet6 configuration method already set.");
}
Ok(())
}
fn set_cidr_v4(iface: &mut Interface, address: String) -> Result<(), Error> {
if iface.cidr.is_none() {
iface.cidr = Some(address);
} else {
bail!("duplicate IPv4 address.");
}
Ok(())
}
fn set_gateway_v4(iface: &mut Interface, gateway: String) -> Result<(), Error> {
if iface.gateway.is_none() {
iface.gateway = Some(gateway);
} else {
bail!("duplicate IPv4 gateway.");
}
Ok(())
}
fn set_cidr_v6(iface: &mut Interface, address: String) -> Result<(), Error> {
if iface.cidr6.is_none() {
iface.cidr6 = Some(address);
} else {
bail!("duplicate IPv6 address.");
}
Ok(())
}
fn set_gateway_v6(iface: &mut Interface, gateway: String) -> Result<(), Error> {
if iface.gateway6.is_none() {
iface.gateway6 = Some(gateway);
} else {
bail!("duplicate IPv4 gateway.");
}
Ok(())
}
fn set_interface_type(iface: &mut Interface, interface_type: NetworkInterfaceType) -> Result<(), Error> {
if iface.interface_type == NetworkInterfaceType::Unknown {
iface.interface_type = interface_type;
} else if iface.interface_type != interface_type {
bail!("interface type already defined - cannot change from {:?} to {:?}", iface.interface_type, interface_type);
}
Ok(())
}
pub struct NetworkParser<R: BufRead> {
input: Peekable<Lexer<R>>,
line_nr: usize,
@ -123,9 +186,9 @@ impl <R: BufRead> NetworkParser<R> {
if proxmox::tools::common_regex::IP_REGEX.is_match(&gateway) {
if gateway.contains(':') {
interface.set_gateway_v6(gateway)?;
set_gateway_v6(interface, gateway)?;
} else {
interface.set_gateway_v4(gateway)?;
set_gateway_v4(interface, gateway)?;
}
} else {
bail!("unable to parse gateway address");
@ -254,13 +317,13 @@ impl <R: BufRead> NetworkParser<R> {
self.eat(Token::BridgePorts)?;
let ports = self.parse_iface_list()?;
interface.bridge_ports = Some(ports);
interface.set_interface_type(NetworkInterfaceType::Bridge)?;
set_interface_type(interface, NetworkInterfaceType::Bridge)?;
}
Token::BondSlaves => {
self.eat(Token::BondSlaves)?;
let slaves = self.parse_iface_list()?;
interface.slaves = Some(slaves);
interface.set_interface_type(NetworkInterfaceType::Bond)?;
set_interface_type(interface, NetworkInterfaceType::Bond)?;
}
Token::BondMode => {
self.eat(Token::BondMode)?;
@ -306,9 +369,9 @@ impl <R: BufRead> NetworkParser<R> {
cidr.push_str(&format!("/{}", netmask));
}
if is_v6 {
interface.set_cidr_v6(cidr)?;
set_cidr_v6(interface, cidr)?;
} else {
interface.set_cidr_v4(cidr)?;
set_cidr_v4(interface, cidr)?;
}
} else {
// no address - simply ignore useless netmask
@ -319,9 +382,9 @@ impl <R: BufRead> NetworkParser<R> {
bail!("missing netmask in '{}'", cidr);
}
if is_v6 {
interface.set_cidr_v6(cidr)?;
set_cidr_v6(interface, cidr)?;
} else {
interface.set_cidr_v4(cidr)?;
set_cidr_v4(interface, cidr)?;
}
}
}
@ -360,20 +423,20 @@ impl <R: BufRead> NetworkParser<R> {
if let Some(mut interface) = config.interfaces.get_mut(&iface) {
if address_family_v4 {
interface.set_method_v4(config_method)?;
set_method_v4(interface, config_method)?;
}
if address_family_v6 {
interface.set_method_v6(config_method)?;
set_method_v6(interface, config_method)?;
}
self.parse_iface_attributes(&mut interface, address_family_v4, address_family_v6)?;
} else {
let mut interface = Interface::new(iface.clone());
if address_family_v4 {
interface.set_method_v4(config_method)?;
set_method_v4(&mut interface, config_method)?;
}
if address_family_v6 {
interface.set_method_v6(config_method)?;
set_method_v6(&mut interface, config_method)?;
}
self.parse_iface_attributes(&mut interface, address_family_v4, address_family_v6)?;
@ -445,7 +508,7 @@ impl <R: BufRead> NetworkParser<R> {
}
} else if super::is_physical_nic(iface) { // also add all physical NICs
let mut interface = Interface::new(iface.clone());
interface.set_method_v4(NetworkConfigMethod::Manual)?;
set_method_v4(&mut interface, NetworkConfigMethod::Manual)?;
interface.interface_type = NetworkInterfaceType::Eth;
interface.active = *active;
config.interfaces.insert(interface.name.clone(), interface);
@ -476,7 +539,7 @@ impl <R: BufRead> NetworkParser<R> {
if config.interfaces.get("lo").is_none() {
let mut interface = Interface::new(String::from("lo"));
interface.set_method_v4(NetworkConfigMethod::Loopback)?;
set_method_v4(&mut interface, NetworkConfigMethod::Loopback)?;
interface.interface_type = NetworkInterfaceType::Loopback;
interface.autostart = true;
config.interfaces.insert(interface.name.clone(), interface);

46
src/api2/node/network.rs
View File

@ -5,11 +5,16 @@ use ::serde::{Deserialize, Serialize};
use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
use proxmox::api::schema::parse_property_string;
use crate::config::network::{self, NetworkConfig};
use pbs_api_types::{
Authid, Interface, NetworkInterfaceType, LinuxBondMode, NetworkConfigMethod, BondXmitHashPolicy,
NETWORK_INTERFACE_ARRAY_SCHEMA, NETWORK_INTERFACE_LIST_SCHEMA, NETWORK_INTERFACE_NAME_SCHEMA,
CIDR_V4_SCHEMA, CIDR_V6_SCHEMA, IP_V4_SCHEMA, IP_V6_SCHEMA, PROXMOX_CONFIG_DIGEST_SCHEMA,
};
use pbs_config::network::{self, NetworkConfig};
use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
use crate::api2::types::*;
use crate::server::{WorkerTask};
use pbs_config::open_backup_lockfile;
use crate::api2::types::NODE_SCHEMA;
fn split_interface_list(list: &str) -> Result<Vec<String>, Error> {
let value = parse_property_string(&list, &NETWORK_INTERFACE_ARRAY_SCHEMA)?;
@ -44,6 +49,23 @@ fn check_duplicate_gateway_v6(config: &NetworkConfig, iface: &str) -> Result<(),
Ok(())
}
fn set_bridge_ports(iface: &mut Interface, ports: Vec<String>) -> Result<(), Error> {
if iface.interface_type != NetworkInterfaceType::Bridge {
bail!("interface '{}' is no bridge (type is {:?})", iface.name, iface.interface_type);
}
iface.bridge_ports = Some(ports);
Ok(())
}
fn set_bond_slaves(iface: &mut Interface, slaves: Vec<String>) -> Result<(), Error> {
if iface.interface_type != NetworkInterfaceType::Bond {
bail!("interface '{}' is no bond (type is {:?})", iface.name, iface.interface_type);
}
iface.slaves = Some(slaves);
Ok(())
}
#[api(
input: {
properties: {
@ -238,7 +260,7 @@ pub fn create_interface(
let interface_type = pbs_tools::json::required_string_param(&param, "type")?;
let interface_type: NetworkInterfaceType = serde_json::from_value(interface_type.into())?;
let _lock = open_backup_lockfile(network::NETWORK_LOCKFILE, None, true)?;
let _lock = network::lock_config()?;
let (mut config, _digest) = network::config()?;
@ -286,7 +308,7 @@ pub fn create_interface(
NetworkInterfaceType::Bridge => {
if let Some(ports) = bridge_ports {
let ports = split_interface_list(&ports)?;
interface.set_bridge_ports(ports)?;
set_bridge_ports(&mut interface, ports)?;
}
if bridge_vlan_aware.is_some() { interface.bridge_vlan_aware = bridge_vlan_aware; }
}
@ -310,7 +332,7 @@ pub fn create_interface(
}
if let Some(slaves) = slaves {
let slaves = split_interface_list(&slaves)?;
interface.set_bond_slaves(slaves)?;
set_bond_slaves(&mut interface, slaves)?;
}
}
_ => bail!("creating network interface type '{:?}' is not supported", interface_type),
@ -502,7 +524,7 @@ pub fn update_interface(
param: Value,
) -> Result<(), Error> {
let _lock = open_backup_lockfile(network::NETWORK_LOCKFILE, None, true)?;
let _lock = network::lock_config()?;
let (mut config, expected_digest) = network::config()?;
@ -536,9 +558,9 @@ pub fn update_interface(
DeletableProperty::comments6 => { interface.comments6 = None; },
DeletableProperty::mtu => { interface.mtu = None; },
DeletableProperty::autostart => { interface.autostart = false; },
DeletableProperty::bridge_ports => { interface.set_bridge_ports(Vec::new())?; }
DeletableProperty::bridge_ports => { set_bridge_ports(interface, Vec::new())?; }
DeletableProperty::bridge_vlan_aware => { interface.bridge_vlan_aware = None; }
DeletableProperty::slaves => { interface.set_bond_slaves(Vec::new())?; }
DeletableProperty::slaves => { set_bond_slaves(interface, Vec::new())?; }
DeletableProperty::bond_primary => { interface.bond_primary = None; }
DeletableProperty::bond_xmit_hash_policy => { interface.bond_xmit_hash_policy = None }
}
@ -551,12 +573,12 @@ pub fn update_interface(
if mtu.is_some() { interface.mtu = mtu; }
if let Some(ports) = bridge_ports {
let ports = split_interface_list(&ports)?;
interface.set_bridge_ports(ports)?;
set_bridge_ports(interface, ports)?;
}
if bridge_vlan_aware.is_some() { interface.bridge_vlan_aware = bridge_vlan_aware; }
if let Some(slaves) = slaves {
let slaves = split_interface_list(&slaves)?;
interface.set_bond_slaves(slaves)?;
set_bond_slaves(interface, slaves)?;
}
if let Some(mode) = bond_mode {
interface.bond_mode = bond_mode;
@ -642,7 +664,7 @@ pub fn update_interface(
)]
/// Remove network interface configuration.
pub fn delete_interface(iface: String, digest: Option<String>) -> Result<(), Error> {
let _lock = open_backup_lockfile(network::NETWORK_LOCKFILE, None, true)?;
let _lock = network::lock_config()?;
let (mut config, expected_digest) = network::config()?;

269
src/api2/types/mod.rs
View File

@ -49,8 +49,6 @@ pub const DNS_ALIAS_FORMAT: ApiStringFormat =
pub const ACL_PATH_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&ACL_PATH_REGEX);
pub const NETWORK_INTERFACE_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&PROXMOX_SAFE_ID_REGEX);
pub const SUBSCRIPTION_KEY_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&SUBSCRIPTION_KEY_REGEX);
@ -105,41 +103,6 @@ pub const THIRD_DNS_SERVER_SCHEMA: Schema =
.format(&IP_FORMAT)
.schema();
pub const IP_V4_SCHEMA: Schema =
StringSchema::new("IPv4 address.")
.format(&IP_V4_FORMAT)
.max_length(15)
.schema();
pub const IP_V6_SCHEMA: Schema =
StringSchema::new("IPv6 address.")
.format(&IP_V6_FORMAT)
.max_length(39)
.schema();
pub const IP_SCHEMA: Schema =
StringSchema::new("IP (IPv4 or IPv6) address.")
.format(&IP_FORMAT)
.max_length(39)
.schema();
pub const CIDR_V4_SCHEMA: Schema =
StringSchema::new("IPv4 address with netmask (CIDR notation).")
.format(&CIDR_V4_FORMAT)
.max_length(18)
.schema();
pub const CIDR_V6_SCHEMA: Schema =
StringSchema::new("IPv6 address with netmask (CIDR notation).")
.format(&CIDR_V6_FORMAT)
.max_length(43)
.schema();
pub const CIDR_SCHEMA: Schema =
StringSchema::new("IP address (IPv4 or IPv6) with netmask (CIDR notation).")
.format(&CIDR_FORMAT)
.max_length(43)
.schema();
pub const TIME_ZONE_SCHEMA: Schema = StringSchema::new(
"Time zone. The file '/usr/share/zoneinfo/zone.tab' contains the list of valid names.")
@ -290,238 +253,6 @@ pub enum NodePowerCommand {
Shutdown,
}
#[api()]
#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
/// Interface configuration method
pub enum NetworkConfigMethod {
/// Configuration is done manually using other tools
Manual,
/// Define interfaces with statically allocated addresses.
Static,
/// Obtain an address via DHCP
DHCP,
/// Define the loopback interface.
Loopback,
}
#[api()]
#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "kebab-case")]
#[allow(non_camel_case_types)]
#[repr(u8)]
/// Linux Bond Mode
pub enum LinuxBondMode {
/// Round-robin policy
balance_rr = 0,
/// Active-backup policy
active_backup = 1,
/// XOR policy
balance_xor = 2,
/// Broadcast policy
broadcast = 3,
/// IEEE 802.3ad Dynamic link aggregation
#[serde(rename = "802.3ad")]
ieee802_3ad = 4,
/// Adaptive transmit load balancing
balance_tlb = 5,
/// Adaptive load balancing
balance_alb = 6,
}
#[api()]
#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "kebab-case")]
#[allow(non_camel_case_types)]
#[repr(u8)]
/// Bond Transmit Hash Policy for LACP (802.3ad)
pub enum BondXmitHashPolicy {
/// Layer 2
layer2 = 0,
/// Layer 2+3
#[serde(rename = "layer2+3")]
layer2_3 = 1,
/// Layer 3+4
#[serde(rename = "layer3+4")]
layer3_4 = 2,
}
#[api()]
#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
/// Network interface type
pub enum NetworkInterfaceType {
/// Loopback
Loopback,
/// Physical Ethernet device
Eth,
/// Linux Bridge
Bridge,
/// Linux Bond
Bond,
/// Linux VLAN (eth.10)
Vlan,
/// Interface Alias (eth:1)
Alias,
/// Unknown interface type
Unknown,
}
pub const NETWORK_INTERFACE_NAME_SCHEMA: Schema = StringSchema::new("Network interface name.")
.format(&NETWORK_INTERFACE_FORMAT)
.min_length(1)
.max_length(libc::IFNAMSIZ-1)
.schema();
pub const NETWORK_INTERFACE_ARRAY_SCHEMA: Schema = ArraySchema::new(
"Network interface list.", &NETWORK_INTERFACE_NAME_SCHEMA)
.schema();
pub const NETWORK_INTERFACE_LIST_SCHEMA: Schema = StringSchema::new(
"A list of network devices, comma separated.")
.format(&ApiStringFormat::PropertyString(&NETWORK_INTERFACE_ARRAY_SCHEMA))
.schema();
#[api(
properties: {
name: {
schema: NETWORK_INTERFACE_NAME_SCHEMA,
},
"type": {
type: NetworkInterfaceType,
},
method: {
type: NetworkConfigMethod,
optional: true,
},
method6: {
type: NetworkConfigMethod,
optional: true,
},
cidr: {
schema: CIDR_V4_SCHEMA,
optional: true,
},
cidr6: {
schema: CIDR_V6_SCHEMA,
optional: true,
},
gateway: {
schema: IP_V4_SCHEMA,
optional: true,
},
gateway6: {
schema: IP_V6_SCHEMA,
optional: true,
},
options: {
description: "Option list (inet)",
type: Array,
items: {
description: "Optional attribute line.",
type: String,
},
},
options6: {
description: "Option list (inet6)",
type: Array,
items: {
description: "Optional attribute line.",
type: String,
},
},
comments: {
description: "Comments (inet, may span multiple lines)",
type: String,
optional: true,
},
comments6: {
description: "Comments (inet6, may span multiple lines)",
type: String,
optional: true,
},
bridge_ports: {
schema: NETWORK_INTERFACE_ARRAY_SCHEMA,
optional: true,
},
slaves: {
schema: NETWORK_INTERFACE_ARRAY_SCHEMA,
optional: true,
},
bond_mode: {
type: LinuxBondMode,
optional: true,
},
"bond-primary": {
schema: NETWORK_INTERFACE_NAME_SCHEMA,
optional: true,
},
bond_xmit_hash_policy: {
type: BondXmitHashPolicy,
optional: true,
},
}
)]
#[derive(Debug, Serialize, Deserialize)]
/// Network Interface configuration
pub struct Interface {
/// Autostart interface
#[serde(rename = "autostart")]
pub autostart: bool,
/// Interface is active (UP)
pub active: bool,
/// Interface name
pub name: String,
/// Interface type
#[serde(rename = "type")]
pub interface_type: NetworkInterfaceType,
#[serde(skip_serializing_if="Option::is_none")]
pub method: Option<NetworkConfigMethod>,
#[serde(skip_serializing_if="Option::is_none")]
pub method6: Option<NetworkConfigMethod>,
#[serde(skip_serializing_if="Option::is_none")]
/// IPv4 address with netmask
pub cidr: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
/// IPv4 gateway
pub gateway: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
/// IPv6 address with netmask
pub cidr6: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
/// IPv6 gateway
pub gateway6: Option<String>,
#[serde(skip_serializing_if="Vec::is_empty")]
pub options: Vec<String>,
#[serde(skip_serializing_if="Vec::is_empty")]
pub options6: Vec<String>,
#[serde(skip_serializing_if="Option::is_none")]
pub comments: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
pub comments6: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
/// Maximum Transmission Unit
pub mtu: Option<u64>,
#[serde(skip_serializing_if="Option::is_none")]
pub bridge_ports: Option<Vec<String>>,
/// Enable bridge vlan support.
#[serde(skip_serializing_if="Option::is_none")]
pub bridge_vlan_aware: Option<bool>,
#[serde(skip_serializing_if="Option::is_none")]
pub slaves: Option<Vec<String>>,
#[serde(skip_serializing_if="Option::is_none")]
pub bond_mode: Option<LinuxBondMode>,
#[serde(skip_serializing_if="Option::is_none")]
#[serde(rename = "bond-primary")]
pub bond_primary: Option<String>,
pub bond_xmit_hash_policy: Option<BondXmitHashPolicy>,
}
// Regression tests
#[test]

2
src/bin/proxmox-backup-proxy.rs
View File

@ -794,7 +794,7 @@ async fn generate_host_stats(save: bool) {
match read_proc_net_dev() {
Ok(netdev) => {
use proxmox_backup::config::network::is_physical_nic;
use pbs_config::network::is_physical_nic;
let mut netin = 0;
let mut netout = 0;
for item in netdev {

15
src/bin/proxmox_backup_manager/network.rs
View File

@ -3,7 +3,6 @@ use serde_json::Value;
use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
use proxmox_backup::config;
use proxmox_backup::api2;
#[api(
@ -127,25 +126,25 @@ pub fn network_commands() -> CommandLineInterface {
CliCommand::new(&api2::node::network::API_METHOD_CREATE_INTERFACE)
.fixed_param("node", String::from("localhost"))
.arg_param(&["iface"])
.completion_cb("iface", config::network::complete_interface_name)
.completion_cb("bridge_ports", config::network::complete_port_list)
.completion_cb("slaves", config::network::complete_port_list)
.completion_cb("iface", pbs_config::network::complete_interface_name)
.completion_cb("bridge_ports", pbs_config::network::complete_port_list)
.completion_cb("slaves", pbs_config::network::complete_port_list)
)
.insert(
"update",
CliCommand::new(&api2::node::network::API_METHOD_UPDATE_INTERFACE)
.fixed_param("node", String::from("localhost"))
.arg_param(&["iface"])
.completion_cb("iface", config::network::complete_interface_name)
.completion_cb("bridge_ports", config::network::complete_port_list)
.completion_cb("slaves", config::network::complete_port_list)
.completion_cb("iface", pbs_config::network::complete_interface_name)
.completion_cb("bridge_ports", pbs_config::network::complete_port_list)
.completion_cb("slaves", pbs_config::network::complete_port_list)
)
.insert(
"remove",
CliCommand::new(&api2::node::network::API_METHOD_DELETE_INTERFACE)
.fixed_param("node", String::from("localhost"))
.arg_param(&["iface"])
.completion_cb("iface", config::network::complete_interface_name)
.completion_cb("iface", pbs_config::network::complete_interface_name)
)
.insert(
"revert",

1
src/config/mod.rs
View File

@ -18,7 +18,6 @@ pub mod acl;
pub mod acme;
pub mod cached_user_info;
pub mod datastore;
pub mod network;
pub mod node;
pub mod tfa;
pub mod token_shadow;