diff --git a/pbs-api-types/src/lib.rs b/pbs-api-types/src/lib.rs index 055907cb..62ded91d 100644 --- a/pbs-api-types/src/lib.rs +++ b/pbs-api-types/src/lib.rs @@ -40,6 +40,9 @@ pub use jobs::*; mod key_derivation; pub use key_derivation::{Kdf, KeyInfo}; +mod network; +pub use network::*; + #[macro_use] mod userid; pub use userid::Authid; diff --git a/pbs-api-types/src/network.rs b/pbs-api-types/src/network.rs new file mode 100644 index 00000000..d3a8e43c --- /dev/null +++ b/pbs-api-types/src/network.rs @@ -0,0 +1,308 @@ +use serde::{Deserialize, Serialize}; + +use proxmox::api::{api, schema::*}; + +use crate::{ + PROXMOX_SAFE_ID_REGEX, + IP_V4_FORMAT, IP_V6_FORMAT, IP_FORMAT, + CIDR_V4_FORMAT, CIDR_V6_FORMAT, CIDR_FORMAT, +}; + +pub const NETWORK_INTERFACE_FORMAT: ApiStringFormat = + ApiStringFormat::Pattern(&PROXMOX_SAFE_ID_REGEX); + +pub const IP_V4_SCHEMA: Schema = + StringSchema::new("IPv4 address.") + .format(&IP_V4_FORMAT) + .max_length(15) + .schema(); + +pub const IP_V6_SCHEMA: Schema = + StringSchema::new("IPv6 address.") + .format(&IP_V6_FORMAT) + .max_length(39) + .schema(); + +pub const IP_SCHEMA: Schema = + StringSchema::new("IP (IPv4 or IPv6) address.") + .format(&IP_FORMAT) + .max_length(39) + .schema(); + +pub const CIDR_V4_SCHEMA: Schema = + StringSchema::new("IPv4 address with netmask (CIDR notation).") + .format(&CIDR_V4_FORMAT) + .max_length(18) + .schema(); + +pub const CIDR_V6_SCHEMA: Schema = + StringSchema::new("IPv6 address with netmask (CIDR notation).") + .format(&CIDR_V6_FORMAT) + .max_length(43) + .schema(); + +pub const CIDR_SCHEMA: Schema = + StringSchema::new("IP address (IPv4 or IPv6) with netmask (CIDR notation).") + .format(&CIDR_FORMAT) + .max_length(43) + .schema(); + +#[api()] +#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)] +#[serde(rename_all = "lowercase")] +/// Interface configuration method +pub enum NetworkConfigMethod { + /// Configuration is done manually using other tools + Manual, + /// Define interfaces with statically allocated addresses. + Static, + /// Obtain an address via DHCP + DHCP, + /// Define the loopback interface. + Loopback, +} + +#[api()] +#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)] +#[serde(rename_all = "kebab-case")] +#[allow(non_camel_case_types)] +#[repr(u8)] +/// Linux Bond Mode +pub enum LinuxBondMode { + /// Round-robin policy + balance_rr = 0, + /// Active-backup policy + active_backup = 1, + /// XOR policy + balance_xor = 2, + /// Broadcast policy + broadcast = 3, + /// IEEE 802.3ad Dynamic link aggregation + #[serde(rename = "802.3ad")] + ieee802_3ad = 4, + /// Adaptive transmit load balancing + balance_tlb = 5, + /// Adaptive load balancing + balance_alb = 6, +} + +#[api()] +#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)] +#[serde(rename_all = "kebab-case")] +#[allow(non_camel_case_types)] +#[repr(u8)] +/// Bond Transmit Hash Policy for LACP (802.3ad) +pub enum BondXmitHashPolicy { + /// Layer 2 + layer2 = 0, + /// Layer 2+3 + #[serde(rename = "layer2+3")] + layer2_3 = 1, + /// Layer 3+4 + #[serde(rename = "layer3+4")] + layer3_4 = 2, +} + +#[api()] +#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)] +#[serde(rename_all = "lowercase")] +/// Network interface type +pub enum NetworkInterfaceType { + /// Loopback + Loopback, + /// Physical Ethernet device + Eth, + /// Linux Bridge + Bridge, + /// Linux Bond + Bond, + /// Linux VLAN (eth.10) + Vlan, + /// Interface Alias (eth:1) + Alias, + /// Unknown interface type + Unknown, +} + +pub const NETWORK_INTERFACE_NAME_SCHEMA: Schema = StringSchema::new("Network interface name.") + .format(&NETWORK_INTERFACE_FORMAT) + .min_length(1) + .max_length(libc::IFNAMSIZ-1) + .schema(); + +pub const NETWORK_INTERFACE_ARRAY_SCHEMA: Schema = ArraySchema::new( + "Network interface list.", &NETWORK_INTERFACE_NAME_SCHEMA) + .schema(); + +pub const NETWORK_INTERFACE_LIST_SCHEMA: Schema = StringSchema::new( + "A list of network devices, comma separated.") + .format(&ApiStringFormat::PropertyString(&NETWORK_INTERFACE_ARRAY_SCHEMA)) + .schema(); + +#[api( + properties: { + name: { + schema: NETWORK_INTERFACE_NAME_SCHEMA, + }, + "type": { + type: NetworkInterfaceType, + }, + method: { + type: NetworkConfigMethod, + optional: true, + }, + method6: { + type: NetworkConfigMethod, + optional: true, + }, + cidr: { + schema: CIDR_V4_SCHEMA, + optional: true, + }, + cidr6: { + schema: CIDR_V6_SCHEMA, + optional: true, + }, + gateway: { + schema: IP_V4_SCHEMA, + optional: true, + }, + gateway6: { + schema: IP_V6_SCHEMA, + optional: true, + }, + options: { + description: "Option list (inet)", + type: Array, + items: { + description: "Optional attribute line.", + type: String, + }, + }, + options6: { + description: "Option list (inet6)", + type: Array, + items: { + description: "Optional attribute line.", + type: String, + }, + }, + comments: { + description: "Comments (inet, may span multiple lines)", + type: String, + optional: true, + }, + comments6: { + description: "Comments (inet6, may span multiple lines)", + type: String, + optional: true, + }, + bridge_ports: { + schema: NETWORK_INTERFACE_ARRAY_SCHEMA, + optional: true, + }, + slaves: { + schema: NETWORK_INTERFACE_ARRAY_SCHEMA, + optional: true, + }, + bond_mode: { + type: LinuxBondMode, + optional: true, + }, + "bond-primary": { + schema: NETWORK_INTERFACE_NAME_SCHEMA, + optional: true, + }, + bond_xmit_hash_policy: { + type: BondXmitHashPolicy, + optional: true, + }, + } +)] +#[derive(Debug, Serialize, Deserialize)] +/// Network Interface configuration +pub struct Interface { + /// Autostart interface + #[serde(rename = "autostart")] + pub autostart: bool, + /// Interface is active (UP) + pub active: bool, + /// Interface name + pub name: String, + /// Interface type + #[serde(rename = "type")] + pub interface_type: NetworkInterfaceType, + #[serde(skip_serializing_if="Option::is_none")] + pub method: Option, + #[serde(skip_serializing_if="Option::is_none")] + pub method6: Option, + #[serde(skip_serializing_if="Option::is_none")] + /// IPv4 address with netmask + pub cidr: Option, + #[serde(skip_serializing_if="Option::is_none")] + /// IPv4 gateway + pub gateway: Option, + #[serde(skip_serializing_if="Option::is_none")] + /// IPv6 address with netmask + pub cidr6: Option, + #[serde(skip_serializing_if="Option::is_none")] + /// IPv6 gateway + pub gateway6: Option, + + #[serde(skip_serializing_if="Vec::is_empty")] + pub options: Vec, + #[serde(skip_serializing_if="Vec::is_empty")] + pub options6: Vec, + + #[serde(skip_serializing_if="Option::is_none")] + pub comments: Option, + #[serde(skip_serializing_if="Option::is_none")] + pub comments6: Option, + + #[serde(skip_serializing_if="Option::is_none")] + /// Maximum Transmission Unit + pub mtu: Option, + + #[serde(skip_serializing_if="Option::is_none")] + pub bridge_ports: Option>, + /// Enable bridge vlan support. + #[serde(skip_serializing_if="Option::is_none")] + pub bridge_vlan_aware: Option, + + #[serde(skip_serializing_if="Option::is_none")] + pub slaves: Option>, + #[serde(skip_serializing_if="Option::is_none")] + pub bond_mode: Option, + #[serde(skip_serializing_if="Option::is_none")] + #[serde(rename = "bond-primary")] + pub bond_primary: Option, + pub bond_xmit_hash_policy: Option, +} + +impl Interface { + pub fn new(name: String) -> Self { + Self { + name, + interface_type: NetworkInterfaceType::Unknown, + autostart: false, + active: false, + method: None, + method6: None, + cidr: None, + gateway: None, + cidr6: None, + gateway6: None, + options: Vec::new(), + options6: Vec::new(), + comments: None, + comments6: None, + mtu: None, + bridge_ports: None, + bridge_vlan_aware: None, + slaves: None, + bond_mode: None, + bond_primary: None, + bond_xmit_hash_policy: None, + } + } +} diff --git a/pbs-config/Cargo.toml b/pbs-config/Cargo.toml index cd65914d..ed71a88c 100644 --- a/pbs-config/Cargo.toml +++ b/pbs-config/Cargo.toml @@ -6,12 +6,14 @@ edition = "2018" description = "Configuration file management for PBS" [dependencies] +libc = "0.2" anyhow = "1.0" lazy_static = "1.4" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" openssl = "0.10" nix = "0.19.1" +regex = "1.2" proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] } diff --git a/pbs-config/src/lib.rs b/pbs-config/src/lib.rs index 827b2820..76b10146 100644 --- a/pbs-config/src/lib.rs +++ b/pbs-config/src/lib.rs @@ -2,6 +2,7 @@ pub mod domains; pub mod drive; pub mod key_config; pub mod media_pool; +pub mod network; pub mod remote; pub mod sync; pub mod tape_encryption_keys; diff --git a/src/config/network/helper.rs b/pbs-config/src/network/helper.rs similarity index 100% rename from src/config/network/helper.rs rename to pbs-config/src/network/helper.rs diff --git a/src/config/network/lexer.rs b/pbs-config/src/network/lexer.rs similarity index 100% rename from src/config/network/lexer.rs rename to pbs-config/src/network/lexer.rs diff --git a/src/config/network/mod.rs b/pbs-config/src/network/mod.rs similarity index 66% rename from src/config/network/mod.rs rename to pbs-config/src/network/mod.rs index 99ea0d08..fe2f4700 100644 --- a/src/config/network/mod.rs +++ b/pbs-config/src/network/mod.rs @@ -17,7 +17,9 @@ pub use lexer::*; mod parser; pub use parser::*; -use crate::api2::types::{Interface, NetworkConfigMethod, NetworkInterfaceType, LinuxBondMode, BondXmitHashPolicy}; +use pbs_api_types::{Interface, NetworkConfigMethod, NetworkInterfaceType, LinuxBondMode, BondXmitHashPolicy}; + +use crate::{open_backup_lockfile, BackupLockGuard}; lazy_static!{ static ref PHYSICAL_NIC_REGEX: Regex = Regex::new(r"^(?:eth\d+|en[^:.]+|ib\d+)$").unwrap(); @@ -57,258 +59,150 @@ pub fn bond_xmit_hash_policy_to_str(policy: &BondXmitHashPolicy) -> &'static str } } -impl Interface { +// Write attributes not depending on address family +fn write_iface_attributes(iface: &Interface, w: &mut dyn Write) -> Result<(), Error> { - pub fn new(name: String) -> Self { - Self { - name, - interface_type: NetworkInterfaceType::Unknown, - autostart: false, - active: false, - method: None, - method6: None, - cidr: None, - gateway: None, - cidr6: None, - gateway6: None, - options: Vec::new(), - options6: Vec::new(), - comments: None, - comments6: None, - mtu: None, - bridge_ports: None, - bridge_vlan_aware: None, - slaves: None, - bond_mode: None, - bond_primary: None, - bond_xmit_hash_policy: None, + static EMPTY_LIST: Vec = Vec::new(); + + match iface.interface_type { + NetworkInterfaceType::Bridge => { + if let Some(true) = iface.bridge_vlan_aware { + writeln!(w, "\tbridge-vlan-aware yes")?; + } + let ports = iface.bridge_ports.as_ref().unwrap_or(&EMPTY_LIST); + if ports.is_empty() { + writeln!(w, "\tbridge-ports none")?; + } else { + writeln!(w, "\tbridge-ports {}", ports.join(" "))?; + } } - } - - fn set_method_v4(&mut self, method: NetworkConfigMethod) -> Result<(), Error> { - if self.method.is_none() { - self.method = Some(method); - } else { - bail!("inet configuration method already set."); - } - Ok(()) - } - - fn set_method_v6(&mut self, method: NetworkConfigMethod) -> Result<(), Error> { - if self.method6.is_none() { - self.method6 = Some(method); - } else { - bail!("inet6 configuration method already set."); - } - Ok(()) - } - - fn set_cidr_v4(&mut self, address: String) -> Result<(), Error> { - if self.cidr.is_none() { - self.cidr = Some(address); - } else { - bail!("duplicate IPv4 address."); - } - Ok(()) - } - - fn set_gateway_v4(&mut self, gateway: String) -> Result<(), Error> { - if self.gateway.is_none() { - self.gateway = Some(gateway); - } else { - bail!("duplicate IPv4 gateway."); - } - Ok(()) - } - - fn set_cidr_v6(&mut self, address: String) -> Result<(), Error> { - if self.cidr6.is_none() { - self.cidr6 = Some(address); - } else { - bail!("duplicate IPv6 address."); - } - Ok(()) - } - - fn set_gateway_v6(&mut self, gateway: String) -> Result<(), Error> { - if self.gateway6.is_none() { - self.gateway6 = Some(gateway); - } else { - bail!("duplicate IPv4 gateway."); - } - Ok(()) - } - - fn set_interface_type(&mut self, interface_type: NetworkInterfaceType) -> Result<(), Error> { - if self.interface_type == NetworkInterfaceType::Unknown { - self.interface_type = interface_type; - } else if self.interface_type != interface_type { - bail!("interface type already defined - cannot change from {:?} to {:?}", self.interface_type, interface_type); - } - Ok(()) - } - - pub(crate) fn set_bridge_ports(&mut self, ports: Vec) -> Result<(), Error> { - if self.interface_type != NetworkInterfaceType::Bridge { - bail!("interface '{}' is no bridge (type is {:?})", self.name, self.interface_type); - } - self.bridge_ports = Some(ports); - Ok(()) - } - - pub(crate) fn set_bond_slaves(&mut self, slaves: Vec) -> Result<(), Error> { - if self.interface_type != NetworkInterfaceType::Bond { - bail!("interface '{}' is no bond (type is {:?})", self.name, self.interface_type); - } - self.slaves = Some(slaves); - Ok(()) - } - - /// Write attributes not depending on address family - fn write_iface_attributes(&self, w: &mut dyn Write) -> Result<(), Error> { - - static EMPTY_LIST: Vec = Vec::new(); - - match self.interface_type { - NetworkInterfaceType::Bridge => { - if let Some(true) = self.bridge_vlan_aware { - writeln!(w, "\tbridge-vlan-aware yes")?; - } - let ports = self.bridge_ports.as_ref().unwrap_or(&EMPTY_LIST); - if ports.is_empty() { - writeln!(w, "\tbridge-ports none")?; - } else { - writeln!(w, "\tbridge-ports {}", ports.join(" "))?; + NetworkInterfaceType::Bond => { + let mode = iface.bond_mode.unwrap_or(LinuxBondMode::balance_rr); + writeln!(w, "\tbond-mode {}", bond_mode_to_str(mode))?; + if let Some(primary) = &iface.bond_primary { + if mode == LinuxBondMode::active_backup { + writeln!(w, "\tbond-primary {}", primary)?; } } - NetworkInterfaceType::Bond => { - let mode = self.bond_mode.unwrap_or(LinuxBondMode::balance_rr); - writeln!(w, "\tbond-mode {}", bond_mode_to_str(mode))?; - if let Some(primary) = &self.bond_primary { - if mode == LinuxBondMode::active_backup { - writeln!(w, "\tbond-primary {}", primary)?; - } - } - if let Some(xmit_policy) = &self.bond_xmit_hash_policy { - if mode == LinuxBondMode::ieee802_3ad || - mode == LinuxBondMode::balance_xor - { - writeln!(w, "\tbond_xmit_hash_policy {}", bond_xmit_hash_policy_to_str(xmit_policy))?; - } - } - - let slaves = self.slaves.as_ref().unwrap_or(&EMPTY_LIST); - if slaves.is_empty() { - writeln!(w, "\tbond-slaves none")?; - } else { - writeln!(w, "\tbond-slaves {}", slaves.join(" "))?; + if let Some(xmit_policy) = &iface.bond_xmit_hash_policy { + if mode == LinuxBondMode::ieee802_3ad || + mode == LinuxBondMode::balance_xor + { + writeln!(w, "\tbond_xmit_hash_policy {}", bond_xmit_hash_policy_to_str(xmit_policy))?; } } - _ => {} - } - if let Some(mtu) = self.mtu { - writeln!(w, "\tmtu {}", mtu)?; + let slaves = iface.slaves.as_ref().unwrap_or(&EMPTY_LIST); + if slaves.is_empty() { + writeln!(w, "\tbond-slaves none")?; + } else { + writeln!(w, "\tbond-slaves {}", slaves.join(" "))?; + } } - - Ok(()) + _ => {} } - /// Write attributes depending on address family inet (IPv4) - fn write_iface_attributes_v4(&self, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> { - if method == NetworkConfigMethod::Static { - if let Some(address) = &self.cidr { - writeln!(w, "\taddress {}", address)?; - } - if let Some(gateway) = &self.gateway { - writeln!(w, "\tgateway {}", gateway)?; - } - } - - for option in &self.options { - writeln!(w, "\t{}", option)?; - } - - if let Some(ref comments) = self.comments { - for comment in comments.lines() { - writeln!(w, "#{}", comment)?; - } - } - - Ok(()) + if let Some(mtu) = iface.mtu { + writeln!(w, "\tmtu {}", mtu)?; } - /// Write attributes depending on address family inet6 (IPv6) - fn write_iface_attributes_v6(&self, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> { - if method == NetworkConfigMethod::Static { - if let Some(address) = &self.cidr6 { - writeln!(w, "\taddress {}", address)?; - } - if let Some(gateway) = &self.gateway6 { - writeln!(w, "\tgateway {}", gateway)?; - } - } + Ok(()) +} - for option in &self.options6 { - writeln!(w, "\t{}", option)?; +// Write attributes depending on address family inet (IPv4) +fn write_iface_attributes_v4(iface: &Interface, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> { + if method == NetworkConfigMethod::Static { + if let Some(address) = &iface.cidr { + writeln!(w, "\taddress {}", address)?; } - - if let Some(ref comments) = self.comments6 { - for comment in comments.lines() { - writeln!(w, "#{}", comment)?; - } + if let Some(gateway) = &iface.gateway { + writeln!(w, "\tgateway {}", gateway)?; } - - Ok(()) } - fn write_iface(&self, w: &mut dyn Write) -> Result<(), Error> { + for option in &iface.options { + writeln!(w, "\t{}", option)?; + } - fn method_to_str(method: NetworkConfigMethod) -> &'static str { - match method { - NetworkConfigMethod::Static => "static", - NetworkConfigMethod::Loopback => "loopback", - NetworkConfigMethod::Manual => "manual", - NetworkConfigMethod::DHCP => "dhcp", + if let Some(ref comments) = iface.comments { + for comment in comments.lines() { + writeln!(w, "#{}", comment)?; + } + } + + Ok(()) +} + +/// Write attributes depending on address family inet6 (IPv6) +fn write_iface_attributes_v6(iface: &Interface, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> { + if method == NetworkConfigMethod::Static { + if let Some(address) = &iface.cidr6 { + writeln!(w, "\taddress {}", address)?; + } + if let Some(gateway) = &iface.gateway6 { + writeln!(w, "\tgateway {}", gateway)?; + } + } + + for option in &iface.options6 { + writeln!(w, "\t{}", option)?; + } + + if let Some(ref comments) = iface.comments6 { + for comment in comments.lines() { + writeln!(w, "#{}", comment)?; + } + } + + Ok(()) +} + +fn write_iface(iface: &Interface, w: &mut dyn Write) -> Result<(), Error> { + + fn method_to_str(method: NetworkConfigMethod) -> &'static str { + match method { + NetworkConfigMethod::Static => "static", + NetworkConfigMethod::Loopback => "loopback", + NetworkConfigMethod::Manual => "manual", + NetworkConfigMethod::DHCP => "dhcp", + } + } + + if iface.method.is_none() && iface.method6.is_none() { return Ok(()); } + + if iface.autostart { + writeln!(w, "auto {}", iface.name)?; + } + + if let Some(method) = iface.method { + writeln!(w, "iface {} inet {}", iface.name, method_to_str(method))?; + write_iface_attributes_v4(iface, w, method)?; + write_iface_attributes(iface, w)?; + writeln!(w)?; + } + + if let Some(method6) = iface.method6 { + let mut skip_v6 = false; // avoid empty inet6 manual entry + if iface.method.is_some() + && method6 == NetworkConfigMethod::Manual + && iface.comments6.is_none() + && iface.options6.is_empty() + { + skip_v6 = true; + } + + if !skip_v6 { + writeln!(w, "iface {} inet6 {}", iface.name, method_to_str(method6))?; + write_iface_attributes_v6(iface, w, method6)?; + if iface.method.is_none() { // only write common attributes once + write_iface_attributes(iface, w)?; } - } - - if self.method.is_none() && self.method6.is_none() { return Ok(()); } - - if self.autostart { - writeln!(w, "auto {}", self.name)?; - } - - if let Some(method) = self.method { - writeln!(w, "iface {} inet {}", self.name, method_to_str(method))?; - self.write_iface_attributes_v4(w, method)?; - self.write_iface_attributes(w)?; writeln!(w)?; } - - if let Some(method6) = self.method6 { - let mut skip_v6 = false; // avoid empty inet6 manual entry - if self.method.is_some() - && method6 == NetworkConfigMethod::Manual - && self.comments6.is_none() - && self.options6.is_empty() - { - skip_v6 = true; - } - - if !skip_v6 { - writeln!(w, "iface {} inet6 {}", self.name, method_to_str(method6))?; - self.write_iface_attributes_v6(w, method6)?; - if self.method.is_none() { // only write common attributes once - self.write_iface_attributes(w)?; - } - writeln!(w)?; - } - } - - Ok(()) } + + Ok(()) } #[derive(Debug)] @@ -492,14 +386,14 @@ impl NetworkConfig { if done.contains(name) { continue; } done.insert(name); - interface.write_iface(w)?; + write_iface(interface, w)?; } } } for (name, interface) in &self.interfaces { if done.contains(name) { continue; } - interface.write_iface(w)?; + write_iface(interface, w)?; } Ok(()) } @@ -509,6 +403,10 @@ pub const NETWORK_INTERFACES_FILENAME: &str = "/etc/network/interfaces"; pub const NETWORK_INTERFACES_NEW_FILENAME: &str = "/etc/network/interfaces.new"; pub const NETWORK_LOCKFILE: &str = "/var/lock/pve-network.lck"; +pub fn lock_config() -> Result { + open_backup_lockfile(NETWORK_LOCKFILE, None, true) +} + pub fn config() -> Result<(NetworkConfig, [u8;32]), Error> { let content = match proxmox::tools::fs::file_get_optional_contents(NETWORK_INTERFACES_NEW_FILENAME)? { diff --git a/src/config/network/parser.rs b/pbs-config/src/network/parser.rs similarity index 86% rename from src/config/network/parser.rs rename to pbs-config/src/network/parser.rs index ff36a314..7cb081ae 100644 --- a/src/config/network/parser.rs +++ b/pbs-config/src/network/parser.rs @@ -11,6 +11,69 @@ use super::lexer::*; use super::{NetworkConfig, NetworkOrderEntry, Interface, NetworkConfigMethod, NetworkInterfaceType, bond_mode_from_str, bond_xmit_hash_policy_from_str}; +fn set_method_v4(iface: &mut Interface, method: NetworkConfigMethod) -> Result<(), Error> { + if iface.method.is_none() { + iface.method = Some(method); + } else { + bail!("inet configuration method already set."); + } + Ok(()) +} + +fn set_method_v6(iface: &mut Interface, method: NetworkConfigMethod) -> Result<(), Error> { + if iface.method6.is_none() { + iface.method6 = Some(method); + } else { + bail!("inet6 configuration method already set."); + } + Ok(()) +} + +fn set_cidr_v4(iface: &mut Interface, address: String) -> Result<(), Error> { + if iface.cidr.is_none() { + iface.cidr = Some(address); + } else { + bail!("duplicate IPv4 address."); + } + Ok(()) +} + +fn set_gateway_v4(iface: &mut Interface, gateway: String) -> Result<(), Error> { + if iface.gateway.is_none() { + iface.gateway = Some(gateway); + } else { + bail!("duplicate IPv4 gateway."); + } + Ok(()) +} + +fn set_cidr_v6(iface: &mut Interface, address: String) -> Result<(), Error> { + if iface.cidr6.is_none() { + iface.cidr6 = Some(address); + } else { + bail!("duplicate IPv6 address."); + } + Ok(()) +} + +fn set_gateway_v6(iface: &mut Interface, gateway: String) -> Result<(), Error> { + if iface.gateway6.is_none() { + iface.gateway6 = Some(gateway); + } else { + bail!("duplicate IPv4 gateway."); + } + Ok(()) +} + +fn set_interface_type(iface: &mut Interface, interface_type: NetworkInterfaceType) -> Result<(), Error> { + if iface.interface_type == NetworkInterfaceType::Unknown { + iface.interface_type = interface_type; + } else if iface.interface_type != interface_type { + bail!("interface type already defined - cannot change from {:?} to {:?}", iface.interface_type, interface_type); + } + Ok(()) +} + pub struct NetworkParser { input: Peekable>, line_nr: usize, @@ -123,9 +186,9 @@ impl NetworkParser { if proxmox::tools::common_regex::IP_REGEX.is_match(&gateway) { if gateway.contains(':') { - interface.set_gateway_v6(gateway)?; + set_gateway_v6(interface, gateway)?; } else { - interface.set_gateway_v4(gateway)?; + set_gateway_v4(interface, gateway)?; } } else { bail!("unable to parse gateway address"); @@ -254,13 +317,13 @@ impl NetworkParser { self.eat(Token::BridgePorts)?; let ports = self.parse_iface_list()?; interface.bridge_ports = Some(ports); - interface.set_interface_type(NetworkInterfaceType::Bridge)?; + set_interface_type(interface, NetworkInterfaceType::Bridge)?; } Token::BondSlaves => { self.eat(Token::BondSlaves)?; let slaves = self.parse_iface_list()?; interface.slaves = Some(slaves); - interface.set_interface_type(NetworkInterfaceType::Bond)?; + set_interface_type(interface, NetworkInterfaceType::Bond)?; } Token::BondMode => { self.eat(Token::BondMode)?; @@ -306,9 +369,9 @@ impl NetworkParser { cidr.push_str(&format!("/{}", netmask)); } if is_v6 { - interface.set_cidr_v6(cidr)?; + set_cidr_v6(interface, cidr)?; } else { - interface.set_cidr_v4(cidr)?; + set_cidr_v4(interface, cidr)?; } } else { // no address - simply ignore useless netmask @@ -319,9 +382,9 @@ impl NetworkParser { bail!("missing netmask in '{}'", cidr); } if is_v6 { - interface.set_cidr_v6(cidr)?; + set_cidr_v6(interface, cidr)?; } else { - interface.set_cidr_v4(cidr)?; + set_cidr_v4(interface, cidr)?; } } } @@ -360,20 +423,20 @@ impl NetworkParser { if let Some(mut interface) = config.interfaces.get_mut(&iface) { if address_family_v4 { - interface.set_method_v4(config_method)?; + set_method_v4(interface, config_method)?; } if address_family_v6 { - interface.set_method_v6(config_method)?; + set_method_v6(interface, config_method)?; } self.parse_iface_attributes(&mut interface, address_family_v4, address_family_v6)?; } else { let mut interface = Interface::new(iface.clone()); if address_family_v4 { - interface.set_method_v4(config_method)?; + set_method_v4(&mut interface, config_method)?; } if address_family_v6 { - interface.set_method_v6(config_method)?; + set_method_v6(&mut interface, config_method)?; } self.parse_iface_attributes(&mut interface, address_family_v4, address_family_v6)?; @@ -445,7 +508,7 @@ impl NetworkParser { } } else if super::is_physical_nic(iface) { // also add all physical NICs let mut interface = Interface::new(iface.clone()); - interface.set_method_v4(NetworkConfigMethod::Manual)?; + set_method_v4(&mut interface, NetworkConfigMethod::Manual)?; interface.interface_type = NetworkInterfaceType::Eth; interface.active = *active; config.interfaces.insert(interface.name.clone(), interface); @@ -476,7 +539,7 @@ impl NetworkParser { if config.interfaces.get("lo").is_none() { let mut interface = Interface::new(String::from("lo")); - interface.set_method_v4(NetworkConfigMethod::Loopback)?; + set_method_v4(&mut interface, NetworkConfigMethod::Loopback)?; interface.interface_type = NetworkInterfaceType::Loopback; interface.autostart = true; config.interfaces.insert(interface.name.clone(), interface); diff --git a/src/api2/node/network.rs b/src/api2/node/network.rs index fd581170..33f8d40c 100644 --- a/src/api2/node/network.rs +++ b/src/api2/node/network.rs @@ -5,11 +5,16 @@ use ::serde::{Deserialize, Serialize}; use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission}; use proxmox::api::schema::parse_property_string; -use crate::config::network::{self, NetworkConfig}; +use pbs_api_types::{ + Authid, Interface, NetworkInterfaceType, LinuxBondMode, NetworkConfigMethod, BondXmitHashPolicy, + NETWORK_INTERFACE_ARRAY_SCHEMA, NETWORK_INTERFACE_LIST_SCHEMA, NETWORK_INTERFACE_NAME_SCHEMA, + CIDR_V4_SCHEMA, CIDR_V6_SCHEMA, IP_V4_SCHEMA, IP_V6_SCHEMA, PROXMOX_CONFIG_DIGEST_SCHEMA, +}; +use pbs_config::network::{self, NetworkConfig}; + use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY}; -use crate::api2::types::*; use crate::server::{WorkerTask}; -use pbs_config::open_backup_lockfile; +use crate::api2::types::NODE_SCHEMA; fn split_interface_list(list: &str) -> Result, Error> { let value = parse_property_string(&list, &NETWORK_INTERFACE_ARRAY_SCHEMA)?; @@ -44,6 +49,23 @@ fn check_duplicate_gateway_v6(config: &NetworkConfig, iface: &str) -> Result<(), Ok(()) } + +fn set_bridge_ports(iface: &mut Interface, ports: Vec) -> Result<(), Error> { + if iface.interface_type != NetworkInterfaceType::Bridge { + bail!("interface '{}' is no bridge (type is {:?})", iface.name, iface.interface_type); + } + iface.bridge_ports = Some(ports); + Ok(()) +} + +fn set_bond_slaves(iface: &mut Interface, slaves: Vec) -> Result<(), Error> { + if iface.interface_type != NetworkInterfaceType::Bond { + bail!("interface '{}' is no bond (type is {:?})", iface.name, iface.interface_type); + } + iface.slaves = Some(slaves); + Ok(()) +} + #[api( input: { properties: { @@ -238,7 +260,7 @@ pub fn create_interface( let interface_type = pbs_tools::json::required_string_param(¶m, "type")?; let interface_type: NetworkInterfaceType = serde_json::from_value(interface_type.into())?; - let _lock = open_backup_lockfile(network::NETWORK_LOCKFILE, None, true)?; + let _lock = network::lock_config()?; let (mut config, _digest) = network::config()?; @@ -286,7 +308,7 @@ pub fn create_interface( NetworkInterfaceType::Bridge => { if let Some(ports) = bridge_ports { let ports = split_interface_list(&ports)?; - interface.set_bridge_ports(ports)?; + set_bridge_ports(&mut interface, ports)?; } if bridge_vlan_aware.is_some() { interface.bridge_vlan_aware = bridge_vlan_aware; } } @@ -310,7 +332,7 @@ pub fn create_interface( } if let Some(slaves) = slaves { let slaves = split_interface_list(&slaves)?; - interface.set_bond_slaves(slaves)?; + set_bond_slaves(&mut interface, slaves)?; } } _ => bail!("creating network interface type '{:?}' is not supported", interface_type), @@ -502,7 +524,7 @@ pub fn update_interface( param: Value, ) -> Result<(), Error> { - let _lock = open_backup_lockfile(network::NETWORK_LOCKFILE, None, true)?; + let _lock = network::lock_config()?; let (mut config, expected_digest) = network::config()?; @@ -536,9 +558,9 @@ pub fn update_interface( DeletableProperty::comments6 => { interface.comments6 = None; }, DeletableProperty::mtu => { interface.mtu = None; }, DeletableProperty::autostart => { interface.autostart = false; }, - DeletableProperty::bridge_ports => { interface.set_bridge_ports(Vec::new())?; } + DeletableProperty::bridge_ports => { set_bridge_ports(interface, Vec::new())?; } DeletableProperty::bridge_vlan_aware => { interface.bridge_vlan_aware = None; } - DeletableProperty::slaves => { interface.set_bond_slaves(Vec::new())?; } + DeletableProperty::slaves => { set_bond_slaves(interface, Vec::new())?; } DeletableProperty::bond_primary => { interface.bond_primary = None; } DeletableProperty::bond_xmit_hash_policy => { interface.bond_xmit_hash_policy = None } } @@ -551,12 +573,12 @@ pub fn update_interface( if mtu.is_some() { interface.mtu = mtu; } if let Some(ports) = bridge_ports { let ports = split_interface_list(&ports)?; - interface.set_bridge_ports(ports)?; + set_bridge_ports(interface, ports)?; } if bridge_vlan_aware.is_some() { interface.bridge_vlan_aware = bridge_vlan_aware; } if let Some(slaves) = slaves { let slaves = split_interface_list(&slaves)?; - interface.set_bond_slaves(slaves)?; + set_bond_slaves(interface, slaves)?; } if let Some(mode) = bond_mode { interface.bond_mode = bond_mode; @@ -642,7 +664,7 @@ pub fn update_interface( )] /// Remove network interface configuration. pub fn delete_interface(iface: String, digest: Option) -> Result<(), Error> { - let _lock = open_backup_lockfile(network::NETWORK_LOCKFILE, None, true)?; + let _lock = network::lock_config()?; let (mut config, expected_digest) = network::config()?; diff --git a/src/api2/types/mod.rs b/src/api2/types/mod.rs index 0b97f167..bd40cd7e 100644 --- a/src/api2/types/mod.rs +++ b/src/api2/types/mod.rs @@ -49,8 +49,6 @@ pub const DNS_ALIAS_FORMAT: ApiStringFormat = pub const ACL_PATH_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&ACL_PATH_REGEX); -pub const NETWORK_INTERFACE_FORMAT: ApiStringFormat = - ApiStringFormat::Pattern(&PROXMOX_SAFE_ID_REGEX); pub const SUBSCRIPTION_KEY_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&SUBSCRIPTION_KEY_REGEX); @@ -105,41 +103,6 @@ pub const THIRD_DNS_SERVER_SCHEMA: Schema = .format(&IP_FORMAT) .schema(); -pub const IP_V4_SCHEMA: Schema = - StringSchema::new("IPv4 address.") - .format(&IP_V4_FORMAT) - .max_length(15) - .schema(); - -pub const IP_V6_SCHEMA: Schema = - StringSchema::new("IPv6 address.") - .format(&IP_V6_FORMAT) - .max_length(39) - .schema(); - -pub const IP_SCHEMA: Schema = - StringSchema::new("IP (IPv4 or IPv6) address.") - .format(&IP_FORMAT) - .max_length(39) - .schema(); - -pub const CIDR_V4_SCHEMA: Schema = - StringSchema::new("IPv4 address with netmask (CIDR notation).") - .format(&CIDR_V4_FORMAT) - .max_length(18) - .schema(); - -pub const CIDR_V6_SCHEMA: Schema = - StringSchema::new("IPv6 address with netmask (CIDR notation).") - .format(&CIDR_V6_FORMAT) - .max_length(43) - .schema(); - -pub const CIDR_SCHEMA: Schema = - StringSchema::new("IP address (IPv4 or IPv6) with netmask (CIDR notation).") - .format(&CIDR_FORMAT) - .max_length(43) - .schema(); pub const TIME_ZONE_SCHEMA: Schema = StringSchema::new( "Time zone. The file '/usr/share/zoneinfo/zone.tab' contains the list of valid names.") @@ -290,238 +253,6 @@ pub enum NodePowerCommand { Shutdown, } -#[api()] -#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)] -#[serde(rename_all = "lowercase")] -/// Interface configuration method -pub enum NetworkConfigMethod { - /// Configuration is done manually using other tools - Manual, - /// Define interfaces with statically allocated addresses. - Static, - /// Obtain an address via DHCP - DHCP, - /// Define the loopback interface. - Loopback, -} - -#[api()] -#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)] -#[serde(rename_all = "kebab-case")] -#[allow(non_camel_case_types)] -#[repr(u8)] -/// Linux Bond Mode -pub enum LinuxBondMode { - /// Round-robin policy - balance_rr = 0, - /// Active-backup policy - active_backup = 1, - /// XOR policy - balance_xor = 2, - /// Broadcast policy - broadcast = 3, - /// IEEE 802.3ad Dynamic link aggregation - #[serde(rename = "802.3ad")] - ieee802_3ad = 4, - /// Adaptive transmit load balancing - balance_tlb = 5, - /// Adaptive load balancing - balance_alb = 6, -} - -#[api()] -#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)] -#[serde(rename_all = "kebab-case")] -#[allow(non_camel_case_types)] -#[repr(u8)] -/// Bond Transmit Hash Policy for LACP (802.3ad) -pub enum BondXmitHashPolicy { - /// Layer 2 - layer2 = 0, - /// Layer 2+3 - #[serde(rename = "layer2+3")] - layer2_3 = 1, - /// Layer 3+4 - #[serde(rename = "layer3+4")] - layer3_4 = 2, -} - -#[api()] -#[derive(Debug, Copy, Clone, PartialEq, Serialize, Deserialize)] -#[serde(rename_all = "lowercase")] -/// Network interface type -pub enum NetworkInterfaceType { - /// Loopback - Loopback, - /// Physical Ethernet device - Eth, - /// Linux Bridge - Bridge, - /// Linux Bond - Bond, - /// Linux VLAN (eth.10) - Vlan, - /// Interface Alias (eth:1) - Alias, - /// Unknown interface type - Unknown, -} - -pub const NETWORK_INTERFACE_NAME_SCHEMA: Schema = StringSchema::new("Network interface name.") - .format(&NETWORK_INTERFACE_FORMAT) - .min_length(1) - .max_length(libc::IFNAMSIZ-1) - .schema(); - -pub const NETWORK_INTERFACE_ARRAY_SCHEMA: Schema = ArraySchema::new( - "Network interface list.", &NETWORK_INTERFACE_NAME_SCHEMA) - .schema(); - -pub const NETWORK_INTERFACE_LIST_SCHEMA: Schema = StringSchema::new( - "A list of network devices, comma separated.") - .format(&ApiStringFormat::PropertyString(&NETWORK_INTERFACE_ARRAY_SCHEMA)) - .schema(); - -#[api( - properties: { - name: { - schema: NETWORK_INTERFACE_NAME_SCHEMA, - }, - "type": { - type: NetworkInterfaceType, - }, - method: { - type: NetworkConfigMethod, - optional: true, - }, - method6: { - type: NetworkConfigMethod, - optional: true, - }, - cidr: { - schema: CIDR_V4_SCHEMA, - optional: true, - }, - cidr6: { - schema: CIDR_V6_SCHEMA, - optional: true, - }, - gateway: { - schema: IP_V4_SCHEMA, - optional: true, - }, - gateway6: { - schema: IP_V6_SCHEMA, - optional: true, - }, - options: { - description: "Option list (inet)", - type: Array, - items: { - description: "Optional attribute line.", - type: String, - }, - }, - options6: { - description: "Option list (inet6)", - type: Array, - items: { - description: "Optional attribute line.", - type: String, - }, - }, - comments: { - description: "Comments (inet, may span multiple lines)", - type: String, - optional: true, - }, - comments6: { - description: "Comments (inet6, may span multiple lines)", - type: String, - optional: true, - }, - bridge_ports: { - schema: NETWORK_INTERFACE_ARRAY_SCHEMA, - optional: true, - }, - slaves: { - schema: NETWORK_INTERFACE_ARRAY_SCHEMA, - optional: true, - }, - bond_mode: { - type: LinuxBondMode, - optional: true, - }, - "bond-primary": { - schema: NETWORK_INTERFACE_NAME_SCHEMA, - optional: true, - }, - bond_xmit_hash_policy: { - type: BondXmitHashPolicy, - optional: true, - }, - } -)] -#[derive(Debug, Serialize, Deserialize)] -/// Network Interface configuration -pub struct Interface { - /// Autostart interface - #[serde(rename = "autostart")] - pub autostart: bool, - /// Interface is active (UP) - pub active: bool, - /// Interface name - pub name: String, - /// Interface type - #[serde(rename = "type")] - pub interface_type: NetworkInterfaceType, - #[serde(skip_serializing_if="Option::is_none")] - pub method: Option, - #[serde(skip_serializing_if="Option::is_none")] - pub method6: Option, - #[serde(skip_serializing_if="Option::is_none")] - /// IPv4 address with netmask - pub cidr: Option, - #[serde(skip_serializing_if="Option::is_none")] - /// IPv4 gateway - pub gateway: Option, - #[serde(skip_serializing_if="Option::is_none")] - /// IPv6 address with netmask - pub cidr6: Option, - #[serde(skip_serializing_if="Option::is_none")] - /// IPv6 gateway - pub gateway6: Option, - - #[serde(skip_serializing_if="Vec::is_empty")] - pub options: Vec, - #[serde(skip_serializing_if="Vec::is_empty")] - pub options6: Vec, - - #[serde(skip_serializing_if="Option::is_none")] - pub comments: Option, - #[serde(skip_serializing_if="Option::is_none")] - pub comments6: Option, - - #[serde(skip_serializing_if="Option::is_none")] - /// Maximum Transmission Unit - pub mtu: Option, - - #[serde(skip_serializing_if="Option::is_none")] - pub bridge_ports: Option>, - /// Enable bridge vlan support. - #[serde(skip_serializing_if="Option::is_none")] - pub bridge_vlan_aware: Option, - - #[serde(skip_serializing_if="Option::is_none")] - pub slaves: Option>, - #[serde(skip_serializing_if="Option::is_none")] - pub bond_mode: Option, - #[serde(skip_serializing_if="Option::is_none")] - #[serde(rename = "bond-primary")] - pub bond_primary: Option, - pub bond_xmit_hash_policy: Option, -} - // Regression tests #[test] diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs index 6d393a73..bc0f5d3b 100644 --- a/src/bin/proxmox-backup-proxy.rs +++ b/src/bin/proxmox-backup-proxy.rs @@ -794,7 +794,7 @@ async fn generate_host_stats(save: bool) { match read_proc_net_dev() { Ok(netdev) => { - use proxmox_backup::config::network::is_physical_nic; + use pbs_config::network::is_physical_nic; let mut netin = 0; let mut netout = 0; for item in netdev { diff --git a/src/bin/proxmox_backup_manager/network.rs b/src/bin/proxmox_backup_manager/network.rs index c9489f7d..001c905d 100644 --- a/src/bin/proxmox_backup_manager/network.rs +++ b/src/bin/proxmox_backup_manager/network.rs @@ -3,7 +3,6 @@ use serde_json::Value; use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler}; -use proxmox_backup::config; use proxmox_backup::api2; #[api( @@ -127,25 +126,25 @@ pub fn network_commands() -> CommandLineInterface { CliCommand::new(&api2::node::network::API_METHOD_CREATE_INTERFACE) .fixed_param("node", String::from("localhost")) .arg_param(&["iface"]) - .completion_cb("iface", config::network::complete_interface_name) - .completion_cb("bridge_ports", config::network::complete_port_list) - .completion_cb("slaves", config::network::complete_port_list) + .completion_cb("iface", pbs_config::network::complete_interface_name) + .completion_cb("bridge_ports", pbs_config::network::complete_port_list) + .completion_cb("slaves", pbs_config::network::complete_port_list) ) .insert( "update", CliCommand::new(&api2::node::network::API_METHOD_UPDATE_INTERFACE) .fixed_param("node", String::from("localhost")) .arg_param(&["iface"]) - .completion_cb("iface", config::network::complete_interface_name) - .completion_cb("bridge_ports", config::network::complete_port_list) - .completion_cb("slaves", config::network::complete_port_list) + .completion_cb("iface", pbs_config::network::complete_interface_name) + .completion_cb("bridge_ports", pbs_config::network::complete_port_list) + .completion_cb("slaves", pbs_config::network::complete_port_list) ) .insert( "remove", CliCommand::new(&api2::node::network::API_METHOD_DELETE_INTERFACE) .fixed_param("node", String::from("localhost")) .arg_param(&["iface"]) - .completion_cb("iface", config::network::complete_interface_name) + .completion_cb("iface", pbs_config::network::complete_interface_name) ) .insert( "revert", diff --git a/src/config/mod.rs b/src/config/mod.rs index b7c8e762..c2cbe6f3 100644 --- a/src/config/mod.rs +++ b/src/config/mod.rs @@ -18,7 +18,6 @@ pub mod acl; pub mod acme; pub mod cached_user_info; pub mod datastore; -pub mod network; pub mod node; pub mod tfa; pub mod token_shadow;