* [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam @ 2020-08-24 16:49 Alexandre Derumier 2020-09-07 16:40 ` Thomas Lamprecht 0 siblings, 1 reply; 7+ messages in thread From: Alexandre Derumier @ 2020-08-24 16:49 UTC (permalink / raw) To: pve-devel This is a POC to call ip to retreive ip address from ipam. (it's really just a poc && buggt , it need to be improve for vnet changes, pending config apply/revert,...) --- src/PVE/LXC/Config.pm | 107 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 106 insertions(+), 1 deletion(-) diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm index 5bf12d5..05498e2 100644 --- a/src/PVE/LXC/Config.pm +++ b/src/PVE/LXC/Config.pm @@ -11,6 +11,14 @@ use PVE::INotify; use PVE::JSONSchema qw(get_standard_option); use PVE::Tools; +my $have_sdn; +eval { + require PVE::Network::SDN::Vnets; + require PVE::Network::SDN::Subnets; + $have_sdn = 1; +}; + + use base qw(PVE::AbstractConfig); my $nodename = PVE::INotify::nodename(); @@ -1145,7 +1153,6 @@ sub parse_lxc_network { my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg'); $res->{hwaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix}); } - return $res; } @@ -1225,6 +1232,8 @@ sub vmconfig_hotplug_pending { $cgroup->change_cpu_shares(undef, $confdesc->{cpuunits}->{default}); } elsif ($opt =~ m/^net(\d)$/) { my $netid = $1; + my $net = $class->parse_lxc_network($conf->{$opt}); + delete_net_ip($conf->{hostname}, $net); PVE::Network::veth_delete("veth${vmid}i$netid"); } else { die "skip\n"; # skip non-hotpluggable opts @@ -1251,6 +1260,7 @@ sub vmconfig_hotplug_pending { } elsif ($opt =~ m/^net(\d+)$/) { my $netid = $1; my $net = $class->parse_lxc_network($value); + update_net_ip($conf->{hostname}, $net); $value = $class->print_lxc_network($net); PVE::LXC::update_net($vmid, $conf, $opt, $net, $netid, $rootdir); } elsif ($opt eq 'memory' || $opt eq 'swap') { @@ -1327,6 +1337,8 @@ sub vmconfig_apply_pending { } elsif ($opt =~ m/^net(\d+)$/) { my $netid = $1; my $net = $class->parse_lxc_network($conf->{pending}->{$opt}); + my $oldnet = $class->parse_lxc_network($conf->{$opt}); + update_net_ip($conf->{hostname}, $net, $oldnet); $conf->{pending}->{$opt} = $class->print_lxc_network($net); } }; @@ -1590,4 +1602,97 @@ sub get_backup_volumes { return $return_volumes; } +sub update_net_ip { + my ($hostname, $net, $oldnet) = @_; + + return if !$have_sdn; + + my $oldbridge = $oldnet->{bridge}; + my $bridge = $net->{bridge}; + + my $subnets = PVE::Network::SDN::Vnets::get_subnets($bridge); + + return if !keys %{$subnets}; + + eval { + if (!$net->{ip}) { + $net->{ip} = PVE::Network::SDN::Vnets::get_next_free_ip($bridge, $hostname); + #writeconfig ? + } elsif ($net->{ip} ne 'dhcp' && $net->{ip} ne 'manual') { + PVE::Network::SDN::Vnets::add_ip($bridge, $net->{ip}, $hostname) if $net->{ip} ne $oldnet->{ip}; + #writeconfig ? + } + }; + if ($@) { + #keep old config if error + $net->{ip} = $oldnet->{ip}; + die $@; + } + + #delete old ip after adding new + if ($oldnet->{ip} && $oldnet->{ip} ne 'dhcp' && $oldnet->{ip} ne 'manual') { + my $deletebridge = $oldbridge ne $bridge ? $oldbridge : $bridge; + eval { + PVE::Network::SDN::Vnets::del_ip($deletebridge, $oldnet->{ip}, $hostname) if !$net->{ip} || $net->{ip} ne $oldnet->{ip}; + #writeconfig ? + }; + warn $@ if $@; + } + + + eval { + if (!$net->{ip6}) { + $net->{ip6} = PVE::Network::SDN::Vnets::get_next_free_ip($bridge, $hostname, 6); + #writeconfig ? + } elsif ($net->{ip6} ne 'dhcp' && $net->{ip6} ne 'manual' && $net->{ip6} ne 'auto') { + PVE::Network::SDN::Vnets::add_ip($bridge, $net->{ip6}, $hostname) if $net->{ip6} ne $oldnet->{ip6}; + #writeconfig ? + } + }; + if ($@) { + #keep old config if error + $net->{ip6} = $oldnet->{ip6}; + die $@; + } + + #delete old ip after adding new + if ($oldnet->{ip6} && $oldnet->{ip6} ne 'dhcp' && $oldnet->{ip6} ne 'manual' && $net->{ip6} ne 'auto') { + my $deletebridge = $oldbridge ne $bridge ? $oldbridge : $bridge; + eval { + PVE::Network::SDN::Vnets::del_ip($deletebridge, $oldnet->{ip6}, $hostname) if !$net->{ip6} || $net->{ip6} ne $oldnet->{ip6}; + #writeconfig ? + }; + warn $@ if $@; + } + + if ($net->{ip}) { + my ($ip, undef) = split(/\//, $net->{ip}); + my ($subnetidv4, $subnetv4) = PVE::Network::SDN::Subnets::find_ip_subnet($ip, $subnets); + $net->{gw} = $subnetv4->{gateway}; + } + + if ($net->{ip6}) { + my ($ip6, undef) = split(/\//, $net->{ip6}); + my ($subnetidv6, $subnetv6) = PVE::Network::SDN::Subnets::find_ip_subnet($ip6, $subnets); + $net->{gw6} = $subnetv6->{gateway} if !$net->{gw6}; + } + +} + +sub delete_net_ip { + my ($hostname, $net) = @_; + + return if !$have_sdn; + + my $bridge = $net->{bridge}; + my $subnets = PVE::Network::SDN::Vnets::get_subnets($bridge); + return if !keys %{$subnets}; + + if ($net->{ip6} && ($net->{ip6} eq 'auto' || $net->{ip6} eq 'manual' || $net->{ip6} eq 'dhcp')) { + PVE::Network::SDN::Vnets::del_ip($hostname, $bridge, $net->{ip6}); + } elsif ($net->{ip} && $net->{ip} ne 'dhcp' && $net->{ip} ne 'manual') { + PVE::Network::SDN::Vnets::del_ip($hostname, $bridge, $net->{ip}); + } +} + 1; -- 2.20.1 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam 2020-08-24 16:49 [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam Alexandre Derumier @ 2020-09-07 16:40 ` Thomas Lamprecht 2020-09-08 3:52 ` Alexandre DERUMIER 0 siblings, 1 reply; 7+ messages in thread From: Thomas Lamprecht @ 2020-09-07 16:40 UTC (permalink / raw) To: Proxmox VE development discussion, Alexandre Derumier On 24.08.20 18:49, Alexandre Derumier wrote: > This is a POC to call ip to retreive ip address from ipam. > > (it's really just a poc && buggt , it need to be improve for vnet changes, pending config apply/revert,...) When trying this I got the gateway IP returned for both, as CT IP and gateway IP. Did not checked this patch closer, but I figured that this behavior is caused by the SDN code. Using a simple zone with PVE IPam and snat subnet "10.12.13.0/24" with GW "10.12.13.1" as test. On another node, do you think it makes sense to have vnets, subnets, IPam, DNS completely split and separated from each other? I mean, it is flexible, but a user needs to do a lot of, almost boilerplate-like, work to get this started. Advanced users may profit from this, maybe we just need a "simple wizard" for the easiest beginner case.. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam 2020-09-07 16:40 ` Thomas Lamprecht @ 2020-09-08 3:52 ` Alexandre DERUMIER 2020-09-08 7:44 ` Thomas Lamprecht 0 siblings, 1 reply; 7+ messages in thread From: Alexandre DERUMIER @ 2020-09-08 3:52 UTC (permalink / raw) To: Thomas Lamprecht; +Cc: Proxmox VE development discussion >>When trying this I got the gateway IP returned for both, as CT IP and gateway IP. >>Did not checked this patch closer, but I figured that this behavior is caused by >>the SDN code. mmm, that's strange. When you create or update the subnet, the gateway ip you define on the subnet should be registered in the ipam. (you have enable an ipam right ?) Then, when you create CT, without any ip, it'll try to find first available ip in ipam. (So if the gateway was not registered in ipam (bug maybe), that could explain why you have it both). for internal ipam, i'm writing ipam database in /etc/pve/priv/ipam.db. (BTW,I'm not sure that it's the best path location) >>On another node, do you think it makes sense to have vnets, subnets, IPam, DNS completely >>split and separated from each other? I mean, it is flexible, but a user needs to do a lot >>of, almost boilerplate-like, work to get this started. >>Advanced users may profit from this, maybe we just need a "simple wizard" for the easiest >>beginner case.. Well for subnet, you can assign multiple subnets by vnet, so yes, it's really need to by separated. (Somebody at hertzner for example, buying subnets or /32 failovers ips, and want to add them to a vnet) IPAM/DNS, are more reusable configurations. (like api url,key,....). So I think you'll define 1 or 2 of them max. I think subnet+ipam+dns are ip features. zones,vnets,controller are physical network features But, yes, a gui wizard could be great for fast setup. ----- Mail original ----- De: "Thomas Lamprecht" <t.lamprecht@proxmox.com> À: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>, "aderumier" <aderumier@odiso.com> Envoyé: Lundi 7 Septembre 2020 18:40:39 Objet: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam On 24.08.20 18:49, Alexandre Derumier wrote: > This is a POC to call ip to retreive ip address from ipam. > > (it's really just a poc && buggt , it need to be improve for vnet changes, pending config apply/revert,...) When trying this I got the gateway IP returned for both, as CT IP and gateway IP. Did not checked this patch closer, but I figured that this behavior is caused by the SDN code. Using a simple zone with PVE IPam and snat subnet "10.12.13.0/24" with GW "10.12.13.1" as test. On another node, do you think it makes sense to have vnets, subnets, IPam, DNS completely split and separated from each other? I mean, it is flexible, but a user needs to do a lot of, almost boilerplate-like, work to get this started. Advanced users may profit from this, maybe we just need a "simple wizard" for the easiest beginner case.. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam 2020-09-08 3:52 ` Alexandre DERUMIER @ 2020-09-08 7:44 ` Thomas Lamprecht 2020-09-08 8:58 ` Alexandre DERUMIER 0 siblings, 1 reply; 7+ messages in thread From: Thomas Lamprecht @ 2020-09-08 7:44 UTC (permalink / raw) To: Proxmox VE development discussion, Alexandre DERUMIER On 08.09.20 05:52, Alexandre DERUMIER wrote: >>> When trying this I got the gateway IP returned for both, as CT IP and gateway IP. >>> Did not checked this patch closer, but I figured that this behavior is caused by >>> the SDN code. > > mmm, that's strange. > > When you create or update the subnet, the gateway ip you define on the subnet should be registered in the ipam. > (you have enable an ipam right ?) Yes, the built-in "PVE" one > > > Then, when you create CT, without any ip, it'll try to find first available ip in ipam. I did it on an existing CT, changing from a normal bridge to that vnet. > (So if the gateway was not registered in ipam (bug maybe), that could explain why you have it both). > > for internal ipam, i'm writing ipam database in /etc/pve/priv/ipam.db. (BTW,I'm not sure that it's the best path location) I'd like to have stuff in priv/ folder prefixed with a directory namespace, maybe "sdn" here. Besides that, how big can this get on huge setups? We only can have 512k files for now. > >>> On another node, do you think it makes sense to have vnets, subnets, IPam, DNS completely >>> split and separated from each other? I mean, it is flexible, but a user needs to do a lot >>> of, almost boilerplate-like, work to get this started. >>> Advanced users may profit from this, maybe we just need a "simple wizard" for the easiest >>> beginner case.. > > Well for subnet, you can assign multiple subnets by vnet, so yes, it's really need to by separated. > (Somebody at hertzner for example, buying subnets or /32 failovers ips, and want to add them to a vnet) > IPAM/DNS, are more reusable configurations. (like api url,key,....). So I think you'll define 1 or 2 of them max. > > I think subnet+ipam+dns are ip features. > zones,vnets,controller are physical network features Could it make sense to have subnets and vnets at least in the same section config, with different types? (a bit like storage.cfg) So that we reduce the configuration file amount a bit. Maybe we could also visualize this in the gui a bit "easier". We could merge VNet and SubNet management into one panel, maybe with split view like FW ipsets, you won't have the same subnet in different VNets after all, or? We could also merge DNS and IP management into one panel, maybe with split view like HA or vertical like FW ipsets. But this is not too relevant for now, can always be fine tuned once the API/backend stuff is in. On another note, are there some unit/regressions tests for this stuff? Would give a bit more confidence with this. skimming through the code currently, seems mostly OK for now, need to think a bit about how the general concepts are implemented and if that fits all OK. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam 2020-09-08 7:44 ` Thomas Lamprecht @ 2020-09-08 8:58 ` Alexandre DERUMIER 2020-09-11 2:27 ` Alexandre DERUMIER 0 siblings, 1 reply; 7+ messages in thread From: Alexandre DERUMIER @ 2020-09-08 8:58 UTC (permalink / raw) To: Thomas Lamprecht; +Cc: Proxmox VE development discussion >>I'd like to have stuff in priv/ folder prefixed with a directory >>namespace, maybe "sdn" here. Ok,I'll add the extra /sdn/ (for your problem, maybe look if the gateway ip is present in the ipam.db) >>Besides that, how big can this get on huge setups? We only can have 512k files >>for now. currently, it's just a perl hash converted to json with ip list. (so 32bits by ipv4, and 128bits by ipv6). So I think it could be ok for common cluster ? >>Could it make sense to have subnets and vnets at least in the same section config, >>with different types? (a bit like storage.cfg) So that we reduce the configuration >>file amount a bit. yes, I think it's possible. I'll look to see how to implement that. do you want to have 1 api endpoint for both subnets && vnets ? >>Maybe we could also visualize this in the gui a bit "easier". >>We could merge VNet and SubNet management into one panel, maybe with split view >>like FW ipsets That's a really good idea ! Like it :) I'll look at FW ipset extjs implementation. >>you won't have the same subnet in different VNets after all,or ? Yes, currently I manage only 1subnet-1vnet. I don't think users will used same subnet multiple times, until they used vrf for routed vnet or isolated bridge. >>We could also merge DNS and IP management into one panel, maybe with split view >>like HA or vertical like FW ipsets. >> >>But this is not too relevant for now, can always be fine tuned once the API/backend >>stuff is in. Ok, no problem. >>On another note, are there some unit/regressions tests for this stuff? >>Would give a bit more confidence with this. No sorry. I have done tests manually currently. I don't know too much how to implement the unit tests, but I'll try too see what can be done. >>skimming through the code currently, seems mostly OK for now, need to think a bit >>about how the general concepts are implemented and if that fits all OK. Thanks for the review && comments ! ----- Mail original ----- De: "Thomas Lamprecht" <t.lamprecht@proxmox.com> À: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>, "aderumier" <aderumier@odiso.com> Envoyé: Mardi 8 Septembre 2020 09:44:19 Objet: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam On 08.09.20 05:52, Alexandre DERUMIER wrote: >>> When trying this I got the gateway IP returned for both, as CT IP and gateway IP. >>> Did not checked this patch closer, but I figured that this behavior is caused by >>> the SDN code. > > mmm, that's strange. > > When you create or update the subnet, the gateway ip you define on the subnet should be registered in the ipam. > (you have enable an ipam right ?) Yes, the built-in "PVE" one > > > Then, when you create CT, without any ip, it'll try to find first available ip in ipam. I did it on an existing CT, changing from a normal bridge to that vnet. > (So if the gateway was not registered in ipam (bug maybe), that could explain why you have it both). > > for internal ipam, i'm writing ipam database in /etc/pve/priv/ipam.db. (BTW,I'm not sure that it's the best path location) I'd like to have stuff in priv/ folder prefixed with a directory namespace, maybe "sdn" here. Besides that, how big can this get on huge setups? We only can have 512k files for now. > >>> On another node, do you think it makes sense to have vnets, subnets, IPam, DNS completely >>> split and separated from each other? I mean, it is flexible, but a user needs to do a lot >>> of, almost boilerplate-like, work to get this started. >>> Advanced users may profit from this, maybe we just need a "simple wizard" for the easiest >>> beginner case.. > > Well for subnet, you can assign multiple subnets by vnet, so yes, it's really need to by separated. > (Somebody at hertzner for example, buying subnets or /32 failovers ips, and want to add them to a vnet) > IPAM/DNS, are more reusable configurations. (like api url,key,....). So I think you'll define 1 or 2 of them max. > > I think subnet+ipam+dns are ip features. > zones,vnets,controller are physical network features Could it make sense to have subnets and vnets at least in the same section config, with different types? (a bit like storage.cfg) So that we reduce the configuration file amount a bit. Maybe we could also visualize this in the gui a bit "easier". We could merge VNet and SubNet management into one panel, maybe with split view like FW ipsets, you won't have the same subnet in different VNets after all, or? We could also merge DNS and IP management into one panel, maybe with split view like HA or vertical like FW ipsets. But this is not too relevant for now, can always be fine tuned once the API/backend stuff is in. On another note, are there some unit/regressions tests for this stuff? Would give a bit more confidence with this. skimming through the code currently, seems mostly OK for now, need to think a bit about how the general concepts are implemented and if that fits all OK. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam 2020-09-08 8:58 ` Alexandre DERUMIER @ 2020-09-11 2:27 ` Alexandre DERUMIER 2020-09-24 8:58 ` Alexandre DERUMIER 0 siblings, 1 reply; 7+ messages in thread From: Alexandre DERUMIER @ 2020-09-11 2:27 UTC (permalink / raw) To: Proxmox VE development discussion; +Cc: Thomas Lamprecht Hi Thomas, I have begin to work on new subnet panel (like ipset), it's working fine. I have also changed the api endpoint to /cluster/sdn/vnets/<vnetid>/subnets/<subnetid> I'll try to send patch next week. About your problem with ipam, and the gateway. I have found bug, if you create first the subnet + gateway, then add the ipam option later, the ip of the gateway was not registered. Do you think it could be great to make ipam option mandatory ? (and defaulting to internal pve ipam ?) without the need to declare pve ipam in ipams.cfg. (Like this, ipams.cfg is only for external ipams) I think also than ipam driver should not be changed/removed from subnet creation, or it'll be possible to have conflict/duplicated ips. ----- Mail original ----- De: "aderumier" <aderumier@odiso.com> À: "Thomas Lamprecht" <t.lamprecht@proxmox.com> Cc: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com> Envoyé: Mardi 8 Septembre 2020 10:58:53 Objet: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam >>I'd like to have stuff in priv/ folder prefixed with a directory >>namespace, maybe "sdn" here. Ok,I'll add the extra /sdn/ (for your problem, maybe look if the gateway ip is present in the ipam.db) >>Besides that, how big can this get on huge setups? We only can have 512k files >>for now. currently, it's just a perl hash converted to json with ip list. (so 32bits by ipv4, and 128bits by ipv6). So I think it could be ok for common cluster ? >>Could it make sense to have subnets and vnets at least in the same section config, >>with different types? (a bit like storage.cfg) So that we reduce the configuration >>file amount a bit. yes, I think it's possible. I'll look to see how to implement that. do you want to have 1 api endpoint for both subnets && vnets ? >>Maybe we could also visualize this in the gui a bit "easier". >>We could merge VNet and SubNet management into one panel, maybe with split view >>like FW ipsets That's a really good idea ! Like it :) I'll look at FW ipset extjs implementation. >>you won't have the same subnet in different VNets after all,or ? Yes, currently I manage only 1subnet-1vnet. I don't think users will used same subnet multiple times, until they used vrf for routed vnet or isolated bridge. >>We could also merge DNS and IP management into one panel, maybe with split view >>like HA or vertical like FW ipsets. >> >>But this is not too relevant for now, can always be fine tuned once the API/backend >>stuff is in. Ok, no problem. >>On another note, are there some unit/regressions tests for this stuff? >>Would give a bit more confidence with this. No sorry. I have done tests manually currently. I don't know too much how to implement the unit tests, but I'll try too see what can be done. >>skimming through the code currently, seems mostly OK for now, need to think a bit >>about how the general concepts are implemented and if that fits all OK. Thanks for the review && comments ! ----- Mail original ----- De: "Thomas Lamprecht" <t.lamprecht@proxmox.com> À: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>, "aderumier" <aderumier@odiso.com> Envoyé: Mardi 8 Septembre 2020 09:44:19 Objet: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam On 08.09.20 05:52, Alexandre DERUMIER wrote: >>> When trying this I got the gateway IP returned for both, as CT IP and gateway IP. >>> Did not checked this patch closer, but I figured that this behavior is caused by >>> the SDN code. > > mmm, that's strange. > > When you create or update the subnet, the gateway ip you define on the subnet should be registered in the ipam. > (you have enable an ipam right ?) Yes, the built-in "PVE" one > > > Then, when you create CT, without any ip, it'll try to find first available ip in ipam. I did it on an existing CT, changing from a normal bridge to that vnet. > (So if the gateway was not registered in ipam (bug maybe), that could explain why you have it both). > > for internal ipam, i'm writing ipam database in /etc/pve/priv/ipam.db. (BTW,I'm not sure that it's the best path location) I'd like to have stuff in priv/ folder prefixed with a directory namespace, maybe "sdn" here. Besides that, how big can this get on huge setups? We only can have 512k files for now. > >>> On another node, do you think it makes sense to have vnets, subnets, IPam, DNS completely >>> split and separated from each other? I mean, it is flexible, but a user needs to do a lot >>> of, almost boilerplate-like, work to get this started. >>> Advanced users may profit from this, maybe we just need a "simple wizard" for the easiest >>> beginner case.. > > Well for subnet, you can assign multiple subnets by vnet, so yes, it's really need to by separated. > (Somebody at hertzner for example, buying subnets or /32 failovers ips, and want to add them to a vnet) > IPAM/DNS, are more reusable configurations. (like api url,key,....). So I think you'll define 1 or 2 of them max. > > I think subnet+ipam+dns are ip features. > zones,vnets,controller are physical network features Could it make sense to have subnets and vnets at least in the same section config, with different types? (a bit like storage.cfg) So that we reduce the configuration file amount a bit. Maybe we could also visualize this in the gui a bit "easier". We could merge VNet and SubNet management into one panel, maybe with split view like FW ipsets, you won't have the same subnet in different VNets after all, or? We could also merge DNS and IP management into one panel, maybe with split view like HA or vertical like FW ipsets. But this is not too relevant for now, can always be fine tuned once the API/backend stuff is in. On another note, are there some unit/regressions tests for this stuff? Would give a bit more confidence with this. skimming through the code currently, seems mostly OK for now, need to think a bit about how the general concepts are implemented and if that fits all OK. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam 2020-09-11 2:27 ` Alexandre DERUMIER @ 2020-09-24 8:58 ` Alexandre DERUMIER 0 siblings, 0 replies; 7+ messages in thread From: Alexandre DERUMIER @ 2020-09-24 8:58 UTC (permalink / raw) To: Thomas Lamprecht; +Cc: Proxmox VE development discussion Hi Thomas, I have sent new patches series. I have rework the gui, to have subnets in a vnet split panel (like ipset). (also move ipam/dns to advanced section in subnet form) I have also move controllers, ipams, dns to a new "options" section, in 3 differents box I have also change the subnet api in pve-network and default ipam to pve. I think it should be more easy to setup for user like this. I'm going to make some unit tests soon. (I was a bit busy with corosync debug this last week) About: >>Could it make sense to have subnets and vnets at least in the same section config, >>with different types? (a bit like storage.cfg) So that we reduce the configuration >>file amount a bit. I'm not sure how to handle this correctly (sharing the same cfg, with 2 differents kind of objects, where the code is really different) ----- Mail original ----- De: "aderumier" <aderumier@odiso.com> À: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com> Cc: "Thomas Lamprecht" <t.lamprecht@proxmox.com> Envoyé: Vendredi 11 Septembre 2020 04:27:28 Objet: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam Hi Thomas, I have begin to work on new subnet panel (like ipset), it's working fine. I have also changed the api endpoint to /cluster/sdn/vnets/<vnetid>/subnets/<subnetid> I'll try to send patch next week. About your problem with ipam, and the gateway. I have found bug, if you create first the subnet + gateway, then add the ipam option later, the ip of the gateway was not registered. Do you think it could be great to make ipam option mandatory ? (and defaulting to internal pve ipam ?) without the need to declare pve ipam in ipams.cfg. (Like this, ipams.cfg is only for external ipams) I think also than ipam driver should not be changed/removed from subnet creation, or it'll be possible to have conflict/duplicated ips. ----- Mail original ----- De: "aderumier" <aderumier@odiso.com> À: "Thomas Lamprecht" <t.lamprecht@proxmox.com> Cc: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com> Envoyé: Mardi 8 Septembre 2020 10:58:53 Objet: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam >>I'd like to have stuff in priv/ folder prefixed with a directory >>namespace, maybe "sdn" here. Ok,I'll add the extra /sdn/ (for your problem, maybe look if the gateway ip is present in the ipam.db) >>Besides that, how big can this get on huge setups? We only can have 512k files >>for now. currently, it's just a perl hash converted to json with ip list. (so 32bits by ipv4, and 128bits by ipv6). So I think it could be ok for common cluster ? >>Could it make sense to have subnets and vnets at least in the same section config, >>with different types? (a bit like storage.cfg) So that we reduce the configuration >>file amount a bit. yes, I think it's possible. I'll look to see how to implement that. do you want to have 1 api endpoint for both subnets && vnets ? >>Maybe we could also visualize this in the gui a bit "easier". >>We could merge VNet and SubNet management into one panel, maybe with split view >>like FW ipsets That's a really good idea ! Like it :) I'll look at FW ipset extjs implementation. >>you won't have the same subnet in different VNets after all,or ? Yes, currently I manage only 1subnet-1vnet. I don't think users will used same subnet multiple times, until they used vrf for routed vnet or isolated bridge. >>We could also merge DNS and IP management into one panel, maybe with split view >>like HA or vertical like FW ipsets. >> >>But this is not too relevant for now, can always be fine tuned once the API/backend >>stuff is in. Ok, no problem. >>On another note, are there some unit/regressions tests for this stuff? >>Would give a bit more confidence with this. No sorry. I have done tests manually currently. I don't know too much how to implement the unit tests, but I'll try too see what can be done. >>skimming through the code currently, seems mostly OK for now, need to think a bit >>about how the general concepts are implemented and if that fits all OK. Thanks for the review && comments ! ----- Mail original ----- De: "Thomas Lamprecht" <t.lamprecht@proxmox.com> À: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>, "aderumier" <aderumier@odiso.com> Envoyé: Mardi 8 Septembre 2020 09:44:19 Objet: Re: [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam On 08.09.20 05:52, Alexandre DERUMIER wrote: >>> When trying this I got the gateway IP returned for both, as CT IP and gateway IP. >>> Did not checked this patch closer, but I figured that this behavior is caused by >>> the SDN code. > > mmm, that's strange. > > When you create or update the subnet, the gateway ip you define on the subnet should be registered in the ipam. > (you have enable an ipam right ?) Yes, the built-in "PVE" one > > > Then, when you create CT, without any ip, it'll try to find first available ip in ipam. I did it on an existing CT, changing from a normal bridge to that vnet. > (So if the gateway was not registered in ipam (bug maybe), that could explain why you have it both). > > for internal ipam, i'm writing ipam database in /etc/pve/priv/ipam.db. (BTW,I'm not sure that it's the best path location) I'd like to have stuff in priv/ folder prefixed with a directory namespace, maybe "sdn" here. Besides that, how big can this get on huge setups? We only can have 512k files for now. > >>> On another node, do you think it makes sense to have vnets, subnets, IPam, DNS completely >>> split and separated from each other? I mean, it is flexible, but a user needs to do a lot >>> of, almost boilerplate-like, work to get this started. >>> Advanced users may profit from this, maybe we just need a "simple wizard" for the easiest >>> beginner case.. > > Well for subnet, you can assign multiple subnets by vnet, so yes, it's really need to by separated. > (Somebody at hertzner for example, buying subnets or /32 failovers ips, and want to add them to a vnet) > IPAM/DNS, are more reusable configurations. (like api url,key,....). So I think you'll define 1 or 2 of them max. > > I think subnet+ipam+dns are ip features. > zones,vnets,controller are physical network features Could it make sense to have subnets and vnets at least in the same section config, with different types? (a bit like storage.cfg) So that we reduce the configuration file amount a bit. Maybe we could also visualize this in the gui a bit "easier". We could merge VNet and SubNet management into one panel, maybe with split view like FW ipsets, you won't have the same subnet in different VNets after all, or? We could also merge DNS and IP management into one panel, maybe with split view like HA or vertical like FW ipsets. But this is not too relevant for now, can always be fine tuned once the API/backend stuff is in. On another note, are there some unit/regressions tests for this stuff? Would give a bit more confidence with this. skimming through the code currently, seems mostly OK for now, need to think a bit about how the general concepts are implemented and if that fits all OK. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-09-24 8:58 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-08-24 16:49 [pve-devel] [PATCH v2 pve-container] POC : add/del/update ip from vnet-subnet-ipam Alexandre Derumier 2020-09-07 16:40 ` Thomas Lamprecht 2020-09-08 3:52 ` Alexandre DERUMIER 2020-09-08 7:44 ` Thomas Lamprecht 2020-09-08 8:58 ` Alexandre DERUMIER 2020-09-11 2:27 ` Alexandre DERUMIER 2020-09-24 8:58 ` Alexandre DERUMIER
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.Service provided by Proxmox Server Solutions GmbH | Privacy | Legal