From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E49A49B344 for ; Tue, 17 Oct 2023 15:55:42 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C66063439F for ; Tue, 17 Oct 2023 15:55:12 +0200 (CEST) Received: from lana.proxmox.com (unknown [94.136.29.99]) by firstgate.proxmox.com (Proxmox) with ESMTP for ; Tue, 17 Oct 2023 15:55:10 +0200 (CEST) Received: by lana.proxmox.com (Postfix, from userid 10043) id CD6892C1C55; Tue, 17 Oct 2023 15:55:09 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Tue, 17 Oct 2023 15:54:57 +0200 Message-Id: <20231017135507.2220948-1-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.635 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [pveplugin.pm, vnets.pm, cluster.pm, plugin.pm, qemuserver.pm, lxc.pm, dhcp.pm, subnets.pm, sdn.pm, network.pm, dnsmasq.pm, subnetplugin.pm] Subject: [pve-devel] [WIP v2 cluster/network/manager/qemu-server/container 00/10] Add support for DHCP servers to SDN X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2023 13:55:43 -0000 This is a WIP patch series, since I will be gone for 3 weeks and wanted to share my current progress with the DHCP support for SDN. This patch series adds support for automatically deploying dnsmasq as a DHCP server to a simple SDN Zone. While certainly not 100% polished on some ends (looking at restarting systemd services in particular), the general idea behind the mechanism shows. I wanted to gather some feedback on how I approached designing the plugins and the config regeneration process before comitting to this design by creating an API and UI around it. You need to install dnsmasq (and disable it afterwards): apt install dnsmasq && systemctl disable --now dnsmasq You can use the following example configuration for deploying a DHCP server in a SDN subnet: /etc/pve/sdn/dhcp.cfg: dnsmasq: nat /etc/pve/sdn/zones.cfg: simple: DHCPNAT ipam pve /etc/pve/sdn/vnets.cfg: vnet: dhcpnat zone DHCPNAT /etc/pve/sdn/subnets.cfg: subnet: DHCPNAT-10.1.0.0-16 vnet dhcpnat dhcp-dns-server 10.1.0.1 dhcp-range server=nat,start-address=10.1.0.100,end-address=10.1.0.200 gateway 10.1.0.1 snat 1 Then apply the SDN configuration: pvesh set /cluster/sdn You need to apply the SDN configuration once after adding the dhcp-range lines to the configuration, since the running configuration is used for managing DHCP. It will not work otherwise! For testing it can be helpful to monitor the following files (e.g. with watch) to find out what is happening * /etc/dnsmasq.d//ethers (on each node) * /etc/pve/priv/ipam.db Changes from v1 -> v2: * added hooks for handling DHCP when starting / stopping / .. VMs and CTs * Get an IP from IPAM and register that IP in the DHCP server (pve only for now) * remove lease-time, since it is now infinite and managed by the VM lifecycle * add hooks for setting & deleting DHCP mappings to DHCP plugins * modified interface of the abstract class to reflect new requirements * added helpers in existing SDN classes * simplified DHCP configuration settings pve-cluster: Stefan Hanreich (1): cluster files: add dhcp.cfg src/PVE/Cluster.pm | 1 + src/pmxcfs/status.c | 1 + 2 files changed, 2 insertions(+) pve-network: Stefan Hanreich (6): subnets: vnets: preparations for DHCP plugins dhcp: add abstract class for DHCP plugins dhcp: subnet: add DHCP options to subnet configuration dhcp: add DHCP plugin for dnsmasq ipam: Add helper methods for DHCP to PVE IPAM dhcp: regenerate config for DHCP servers on reload debian/control | 1 + src/PVE/Network/SDN.pm | 11 +- src/PVE/Network/SDN/Dhcp.pm | 192 +++++++++++++++++++++++++ src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 186 ++++++++++++++++++++++++ src/PVE/Network/SDN/Dhcp/Makefile | 8 ++ src/PVE/Network/SDN/Dhcp/Plugin.pm | 83 +++++++++++ src/PVE/Network/SDN/Ipams/PVEPlugin.pm | 64 +++++++++ src/PVE/Network/SDN/Makefile | 3 +- src/PVE/Network/SDN/SubnetPlugin.pm | 32 +++++ src/PVE/Network/SDN/Subnets.pm | 43 ++++-- src/PVE/Network/SDN/Vnets.pm | 27 ++-- 11 files changed, 622 insertions(+), 28 deletions(-) create mode 100644 src/PVE/Network/SDN/Dhcp.pm create mode 100644 src/PVE/Network/SDN/Dhcp/Dnsmasq.pm create mode 100644 src/PVE/Network/SDN/Dhcp/Makefile create mode 100644 src/PVE/Network/SDN/Dhcp/Plugin.pm pve-manager: Stefan Hanreich (1): sdn: regenerate DHCP config on reload PVE/API2/Network.pm | 1 + 1 file changed, 1 insertion(+) qemu-server: Stefan Hanreich (1): sdn: dhcp: add DHCP setup to vm-network-scripts PVE/QemuServer.pm | 14 ++++++++++++++ vm-network-scripts/pve-bridge | 3 +++ vm-network-scripts/pve-bridgedown | 19 +++++++++++++++++++ 3 files changed, 36 insertions(+) pve-container: Stefan Hanreich (1): sdn: dhcp: setup DHCP mappings in LXC hooks src/PVE/LXC.pm | 10 ++++++++++ src/lxc-pve-poststop-hook | 1 + src/lxc-pve-prestart-hook | 9 +++++++++ 3 files changed, 20 insertions(+) Summary over all repositories: 20 files changed, 681 insertions(+), 28 deletions(-) -- murpp v0.4.0