[pve-devel] [PATCH manager 0/3] network interface pinning fixes

[pve-devel] [PATCH manager 0/3] network interface pinning fixes

[Stefan Hanreich]

Provides the following fixes:

* check for changes in the SDN configuration and only runs pve-sdn-commit if
  there are changes to the SDN configuration

* pve-{sdn, firewall}-commit now wait for quorum on startup

* adds a missing undef check in the update controllers logic of the pinning tool

pve-manager:

Stefan Hanreich (3):
  network-interface-pinning: avoid comparing undefined string
  {sdn, firewall}-commit: wait for quorum
  sdn-commit: only reload ifupdown if sdn configuration changed

 PVE/CLI/proxmox_network_interface_pinning.pm |  2 +-
 bin/pve-firewall-commit                      | 10 +++
 bin/pve-sdn-commit                           | 75 ++++++++++++++++++++
 services/pve-firewall-commit.service         |  2 +-
 services/pve-sdn-commit.service              |  2 +-
 5 files changed, 88 insertions(+), 3 deletions(-)


Summary over all repositories:
  5 files changed, 88 insertions(+), 3 deletions(-)

-- 
Generated by git-murpp 0.8.0

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH pve-manager 1/3] network-interface-pinning: avoid comparing undefined string

[Stefan Hanreich]

Controllers do not necessarily have a node defined, so check for
definedness before comparing the value to avoid ugly error messages.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 PVE/CLI/proxmox_network_interface_pinning.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/CLI/proxmox_network_interface_pinning.pm b/PVE/CLI/proxmox_network_interface_pinning.pm
index 271ec0430..17b507911 100644
--- a/PVE/CLI/proxmox_network_interface_pinning.pm
+++ b/PVE/CLI/proxmox_network_interface_pinning.pm
@@ -53,7 +53,7 @@ my sub update_sdn_controllers {
 
         for my $controller (values $controllers->{ids}->%*) {
             next
-                if $local_node ne $controller->{node}
+                if ($controller->{node} && $local_node ne $controller->{node})
                 || $controller->{type} ne 'isis';
 
             $controller->{'isis-ifaces'} = $mapping->list($controller->{'isis-ifaces'});
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH pve-manager 2/3] {sdn, firewall}-commit: wait for quorum

[Stefan Hanreich]

Since both one-shot services need to wait for quorum, wait for it at
the beginning of the scripts, before proceeding with the actual logic.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 bin/pve-firewall-commit              | 10 ++++++++++
 bin/pve-sdn-commit                   | 10 ++++++++++
 services/pve-firewall-commit.service |  2 +-
 services/pve-sdn-commit.service      |  2 +-
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/bin/pve-firewall-commit b/bin/pve-firewall-commit
index e0d4eb410..3d208f67b 100644
--- a/bin/pve-firewall-commit
+++ b/bin/pve-firewall-commit
@@ -3,8 +3,18 @@
 use strict;
 use warnings;
 
+use Time::HiRes qw(usleep);
+
+use PVE::Cluster;
 use PVE::INotify;
 
+for (my $i = 0; !PVE::Cluster::check_cfs_quorum(1); $i++) {
+    print "waiting for pmxcfs mount to appear and get quorate...\n"
+        if $i % 50 == 0;
+
+    usleep(100 * 1000);
+}
+
 my $local_node = PVE::INotify::nodename();
 my $current_fw_config_file = "/etc/pve/nodes/$local_node/host.fw";
 my $new_fw_config_file = "/etc/pve/nodes/$local_node/host.fw.new";
diff --git a/bin/pve-sdn-commit b/bin/pve-sdn-commit
index 09e4387c5..7536608d6 100644
--- a/bin/pve-sdn-commit
+++ b/bin/pve-sdn-commit
@@ -3,9 +3,19 @@
 use strict;
 use warnings;
 
+use Time::HiRes qw(usleep);
+
+use PVE::Cluster;
 use PVE::Network::SDN;
 use PVE::Tools;
 
+for (my $i = 0; !PVE::Cluster::check_cfs_quorum(1); $i++) {
+    print "waiting for pmxcfs mount to appear and get quorate...\n"
+        if $i % 50 == 0;
+
+    usleep(100 * 1000);
+}
+
 my $previous_config_has_frr = PVE::Network::SDN::running_config_has_frr();
 PVE::Network::SDN::commit_config();
 
diff --git a/services/pve-firewall-commit.service b/services/pve-firewall-commit.service
index 77ea095d7..454ef6c2e 100644
--- a/services/pve-firewall-commit.service
+++ b/services/pve-firewall-commit.service
@@ -2,7 +2,7 @@
 Description=Commit Proxmox VE Firewall changes
 DefaultDependencies=no
 Wants=pve-cluster.service
-After=pve-cluster.service
+After=corosync.service
 
 [Service]
 ExecStart=/usr/share/pve-manager/helpers/pve-firewall-commit
diff --git a/services/pve-sdn-commit.service b/services/pve-sdn-commit.service
index 927d06c54..ff723725d 100644
--- a/services/pve-sdn-commit.service
+++ b/services/pve-sdn-commit.service
@@ -2,7 +2,7 @@
 Description=Commit Proxmox VE SDN changes
 DefaultDependencies=no
 Wants=pve-cluster.service network.target
-After=frr.service network.target pve-cluster.service
+After=frr.service network.target corosync.service
 
 [Service]
 ExecStart=/usr/share/pve-manager/helpers/pve-sdn-commit
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH pve-manager 3/3] sdn-commit: only reload ifupdown if sdn configuration changed

[Stefan Hanreich]

Check for any changes between the running config and the currently
applied config and guard against executing pve-sdn-commit if the
configuration is unchanged.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 bin/pve-sdn-commit | 65 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/bin/pve-sdn-commit b/bin/pve-sdn-commit
index 7536608d6..d75e14440 100644
--- a/bin/pve-sdn-commit
+++ b/bin/pve-sdn-commit
@@ -7,6 +7,11 @@ use Time::HiRes qw(usleep);
 
 use PVE::Cluster;
 use PVE::Network::SDN;
+use PVE::Network::SDN::Zones;
+use PVE::Network::SDN::Vnets;
+use PVE::Network::SDN::Subnets;
+use PVE::Network::SDN::Controllers;
+use PVE::Network::SDN::Fabrics;
 use PVE::Tools;
 
 for (my $i = 0; !PVE::Cluster::check_cfs_quorum(1); $i++) {
@@ -16,6 +21,66 @@ for (my $i = 0; !PVE::Cluster::check_cfs_quorum(1); $i++) {
     usleep(100 * 1000);
 }
 
+sub has_pending_changes {
+    my ($pending_config) = @_;
+
+    for my $entity (values $pending_config->{ids}->%*) {
+        return 1 if $entity->{state};
+    }
+
+    return 0;
+}
+
+sub fabrics_changed {
+    my $current_config = PVE::Network::SDN::Fabrics::config();
+    my $running_config = PVE::Network::SDN::Fabrics::config(1);
+
+    my ($running_fabrics, $running_nodes) = $running_config->list_all();
+    my ($current_fabrics, $current_nodes) = $current_config->list_all();
+
+    my $pending_fabrics = PVE::Network::SDN::pending_config(
+        { fabrics => { ids => $running_fabrics } },
+        { ids => $current_fabrics },
+        'fabrics',
+    );
+
+    my $pending_nodes = PVE::Network::SDN::pending_config(
+        { nodes => { ids => $running_nodes } },
+        { ids => $current_nodes },
+        'nodes',
+    );
+
+    return has_pending_changes($pending_fabrics) || has_pending_changes($pending_nodes);
+}
+
+sub sdn_changed {
+    my $running_config = PVE::Network::SDN::running_config();
+
+    my $configs = {
+        zones => PVE::Network::SDN::Zones::config(),
+        vnets => PVE::Network::SDN::Vnets::config(),
+        subnets => PVE::Network::SDN::Subnets::config(),
+        controllers => PVE::Network::SDN::Controllers::config(),
+    };
+
+    for my $type (keys $configs->%*) {
+        my $pending_config = PVE::Network::SDN::pending_config(
+            $running_config,
+            $configs->{$type},
+            $type,
+        );
+
+        return 1 if has_pending_changes($pending_config);
+    }
+
+    return fabrics_changed();
+}
+
+if (!sdn_changed()) {
+    print "No changes to SDN configuration detected, skipping reload\n";
+    exit 0;
+}
+
 my $previous_config_has_frr = PVE::Network::SDN::running_config_has_frr();
 PVE::Network::SDN::commit_config();
 
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] applied: [PATCH manager 0/3] network interface pinning fixes

[Thomas Lamprecht]

On Fri, 18 Jul 2025 14:33:10 +0200, Stefan Hanreich wrote:
> Provides the following fixes:
> 
> * check for changes in the SDN configuration and only runs pve-sdn-commit if
>   there are changes to the SDN configuration
> 
> * pve-{sdn, firewall}-commit now wait for quorum on startup
> 
> [...]

Applied, thanks!

[1/3] network-interface-pinning: avoid comparing undefined string
      commit: 6f5871f63db48ea1c3048057a1addd8da110a47d
[2/3] {sdn, firewall}-commit: wait for quorum
      commit: 3aa6c09142179ad98add1eb2a750db9b50d30d04
[3/3] sdn-commit: only reload ifupdown if sdn configuration changed
      commit: 3a5ede8acbc7bdd0e5a410f1e07799a9209a1fa8


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel