Add the newly introduced properties for fabrics / nodes to the existing schema definition. The existing fabric / node endpoints will then work with the new WireGuard entities, without any additional changes. To properly detect changes in the peers property, which is an array, it needs to be added to the encode_value function as well, which is used for comparing the pending configuration to the running configuration.
Originally-by: Christoph Heiss <[email protected]> Signed-off-by: Stefan Hanreich <[email protected]> --- src/PVE/API2/Network/SDN.pm | 2 +- src/PVE/Network/SDN.pm | 9 +- src/PVE/Network/SDN/Fabrics.pm | 257 ++++++++++++++++++++++++++++++++- 3 files changed, 260 insertions(+), 8 deletions(-) diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm index b35a588..aa8d359 100644 --- a/src/PVE/API2/Network/SDN.pm +++ b/src/PVE/API2/Network/SDN.pm @@ -107,7 +107,7 @@ my $create_reload_network_worker = sub { } }, ); - #my $upid = PVE::API2::Network->reload_network_config(node => $nodename}); + #my $upid = PVE::API2::Network->reload_network_config({ node => $nodename }); my $res = PVE::Tools::upid_decode($upid); return $res->{pid}; diff --git a/src/PVE/Network/SDN.pm b/src/PVE/Network/SDN.pm index c7c390e..78b15d5 100644 --- a/src/PVE/Network/SDN.pm +++ b/src/PVE/Network/SDN.pm @@ -472,7 +472,14 @@ sub generate_dhcp_config { sub encode_value { my ($type, $key, $value) = @_; - if ($key eq 'nodes' || $key eq 'exitnodes' || $key eq 'dhcp-range' || $key eq 'interfaces') { + if ( + $key eq 'nodes' + || $key eq 'exitnodes' + || $key eq 'dhcp-range' + || $key eq 'interfaces' + || $key eq 'peers' + || $key eq 'allowed_ips' + ) { if (ref($value) eq 'HASH') { return join(',', sort keys(%$value)); } elsif (ref($value) eq 'ARRAY') { diff --git a/src/PVE/Network/SDN/Fabrics.pm b/src/PVE/Network/SDN/Fabrics.pm index d90992a..a81b62e 100644 --- a/src/PVE/Network/SDN/Fabrics.pm +++ b/src/PVE/Network/SDN/Fabrics.pm @@ -45,7 +45,44 @@ PVE::JSONSchema::register_standard_option( { description => "Type of configuration entry in an SDN Fabric section config", type => 'string', - enum => ['openfabric', 'ospf'], + enum => ['openfabric', 'ospf', 'wireguard'], + }, +); + +PVE::JSONSchema::register_format( + 'pve-sdn-fabric-wireguard-interface', + { + name => { + type => 'string', + format => 'pve-iface', + description => 'Name of the network interface', + }, + public_key => { + type => 'string', + description => 'The public key of this interface', + optional => 1, + }, + ip => { + type => 'string', + format => 'CIDRv4', + description => 'IPv4 address for this node', + optional => 1, + }, + ip6 => { + type => 'string', + format => 'CIDRv6', + description => 'IPv6 address for this node', + optional => 1, + }, + listen_port => { + type => 'number', + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'Port to listen on for WireGuard traffic.', + optional => 1, + minimum => 1, + maximum => 65535, + }, }, ); @@ -203,18 +240,202 @@ sub node_properties { description => 'OSPF network interface', optional => 1, }, + { + type => 'array', + 'instance-types' => ['wireguard'], + items => { + description => + "Type of configuration entry in an SDN Fabric section config", + type => 'string', + format => 'pve-sdn-fabric-wireguard-interface', + }, + description => 'WireGuard network interface', + optional => 1, + }, ], }, - }; - - if ($update) { - $properties->{delete} = { + public_key => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'The role of this node in the WireGuard fabric.', + type => 'string', + optional => 1, + }, + role => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'The role of this node in the WireGuard fabric.', + type => 'string', + enum => ['internal', 'external'], + optional => 1, + }, + endpoint => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'The endpoint used for connecting to this node.', + optional => 1, + type => 'string', + }, + allowed_ips => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], type => 'array', + optional => 1, + description => + 'A list of IPs that are routable via this node in the WireGuard fabric.', items => { type => 'string', - enum => ['interfaces', 'ip', 'ip6'], + format => 'CIDR', }, + }, + peers => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], optional => 1, + type => 'array', + items => { + type => 'string', + format => { + type => { + type => 'string', + enum => ['internal', 'external'], + }, + node => { + description => + 'The name of the peer (if external) or the name of the node and interface (if internal).', + type => 'string', + }, + node_iface => { + description => + 'The interface of this node that uses this peer definition.', + optional => 1, + type => 'string', + }, + iface => { + description => + 'The interface of this node that uses this peer definition.', + optional => 1, + type => 'string', + }, + endpoint => { + description => + 'Override for the endpoint settings in the node section.', + optional => 1, + type => 'string', + }, + allowed_ips => { + type => 'array', + optional => 1, + description => 'Additional allowed IPs for this peer.', + items => { + type => 'string', + format => 'CIDR', + }, + }, + }, + }, + }, + role => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'The role of this node in the WireGuard fabric.', + type => 'string', + enum => ['internal', 'external'], + optional => 1, + }, + endpoint => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'The endpoint used for connecting to this node.', + optional => 1, + type => 'string', + }, + allowed_ips => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + type => 'array', + optional => 1, + description => + 'A list of IPs that are routable via this node in the WireGuard fabric.', + items => { + type => 'string', + format => 'CIDR', + }, + }, + peers => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + optional => 1, + type => 'array', + items => { + type => 'string', + format => { + type => { + type => 'string', + enum => ['internal', 'external'], + }, + node => { + description => + 'The name of the peer (if external) or the name of the node and interface (if internal).', + type => 'string', + }, + node_iface => { + description => + 'The interface of this node that uses this peer definition.', + optional => 1, + type => 'string', + }, + iface => { + description => + 'The interface of this node that uses this peer definition.', + optional => 1, + type => 'string', + }, + endpoint => { + description => + 'Override for the endpoint settings in the node section.', + optional => 1, + type => 'string', + }, + allowed_ips => { + type => 'array', + optional => 1, + description => 'Additional allowed IPs for this peer.', + items => { + type => 'string', + format => 'CIDR', + }, + }, + }, + }, + }, + }; + + if ($update) { + $properties->{delete} = { + # coerce this value into an array before parsing (oneOf workaround) + type => 'array', + 'type-property' => 'protocol', + oneOf => [ + { + type => 'array', + 'instance-types' => ['openfabric', 'ospf'], + items => { + type => 'string', + enum => ['interfaces', 'ip', 'ip6'], + }, + optional => 1, + }, + { + type => 'array', + 'instance-types' => ['wireguard'], + items => { + type => 'string', + enum => ['allowed_ips', 'endpoint', 'interfaces', 'ip', 'ip6', 'peers'], + }, + optional => 1, + }, + ], }; } @@ -267,6 +488,21 @@ sub fabric_properties { 'OSPF area. Either a IPv4 address or a 32-bit number. Gets validated in rust.', optional => 1, }, + persistent_keepalive => { + type => 'number', + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'A seconds interval, between 1 and 65535 inclusive, of how often to' + . ' send an authenticated empty packet to the peer for the purpose of keeping a' + . ' stateful firewall or NAT mapping valid persistently. For example, if the' + . ' interface very rarely sends traffic, but it might at anytime receive traffic' + . ' from another node, and it is behind NAT, the interface might benefit from' + . ' having a persistent keepalive interval of 25 seconds. If unset or set to 0, it' + . ' is turned off', + optional => 1, + minimum => 0, + maximum => 65535, + }, }; if ($update) { @@ -293,6 +529,15 @@ sub fabric_properties { }, optional => 1, }, + { + type => 'array', + 'instance-types' => ['wireguard'], + items => { + type => 'string', + enum => ['persistent_keepalive'], + }, + optional => 1, + }, ], }; } -- 2.47.3
