From: Stefan Lendl <s.lendl@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH pve-firewall 1/2] Manually construct guest config path
Date: Fri, 10 Nov 2023 14:26:14 +0100 [thread overview]
Message-ID: <87v8a9hh8p.fsf@gmail.com> (raw)
In-Reply-To: <d015426a-83b7-40fa-a36d-a46e680efa2b@proxmox.com>
The issue arises because firewall depends on qemu-server but qemu-server
depends on SDN. So if I try to include firewall from SDN, it will not work.
I have looked at Firewall for quite some time now. Some functions in
Firewall.pm depend on QemuServer mainly for the parse_net function. I
tried to extract the functions that depend on QemuServer to another
package but I couldn't get the tests to pass.
Firewall.pm is using several global variables and I couldn't identify
what I missed.
Another option would be to split the SDN module to allow QemuServer to
depend only on a certain part of SDN to notify SDN about nic added to a
VM and VM start. I have not analyzed if it's possible to can split the
dependency cycle.
I don't see a clear path to implement this at this point and I will
focus on supporting Stefan Hanreich next week to finalize other aspects
of SDN for a successful release.
Thomas Lamprecht <t.lamprecht@proxmox.com> writes:
> Am 08/11/2023 um 12:35 schrieb Stefan Lendl:
>> Remove require QemuConfig from Firewall.pm
>> We only use it to construct the guest config paths.
>> Fixes circular include when accessing Firewall::Aliases from
>> pve-network.
>>
>
> This won't work as now cfs_read_file only works by luck, if at all, as the
> cfs_read_file needs the cfs_register_file that happens in PVE::QemuServer
> so that the parser is actually available...
>
> I'd much rather see Firewall be split-up than doing broken hacks and
> switching from one of our saner interfaces to manual assembly.
next prev parent reply other threads:[~2023-11-10 13:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-08 11:35 [pve-devel] [PATCH firewall/network 0/2] SDN: Create firewall aliases for SDN subnets Stefan Lendl
2023-11-08 11:35 ` [pve-devel] [PATCH pve-firewall 1/2] Manually construct guest config path Stefan Lendl
2023-11-08 14:31 ` Thomas Lamprecht
2023-11-10 13:26 ` Stefan Lendl [this message]
2023-11-12 17:44 ` Thomas Lamprecht
2023-11-08 11:35 ` [pve-devel] [PATCH pve-network 2/2] Create a cluster-wide firewall for SDN subnets Stefan Lendl
2023-11-08 14:36 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v8a9hh8p.fsf@gmail.com \
--to=s.lendl@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal