From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 086B91FF170
	for <inbox@lore.proxmox.com>; Thu, 24 Jul 2025 16:17:01 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 56D313B872;
	Thu, 24 Jul 2025 16:18:14 +0200 (CEST)
From: Gabriel Goller <g.goller@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 24 Jul 2025 16:17:30 +0200
Message-Id: <20250724141730.468243-6-g.goller@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250724141730.468243-1-g.goller@proxmox.com>
References: <20250724141730.468243-1-g.goller@proxmox.com>
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1753366655577
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.159 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 POISEN_SPAM_PILL          0.1 Meta: its spam
 POISEN_SPAM_PILL_1        0.1 random spam to be learned in bayes
 POISEN_SPAM_PILL_3        0.1 random spam to be learned in bayes
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH network v2 5/5] api: add rollback endpoint
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

From: Stefan Hanreich <s.hanreich@proxmox.com>

This adds the functionality of rolling back the pending configuration
to the currently running configuration, resetting all changes made
since last applying the SDN configuration. This is mainly thought as
an escape hatch for failed PDM transactions.

You can invoke the endpoint via CLI:

  pvesh create /cluster/sdn/rollback [--lock-secret X [--release-lock]]

If a lock is currently held on the configuration and you want to
forcibly rollback, you need to release the lock first via the
lock_release API endpoint.

Co-authored-by: Gabriel Goller <g.goller@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 src/PVE/API2/Network/SDN.pm | 57 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm
index 692dec8718f7..16f92a4ee758 100644
--- a/src/PVE/API2/Network/SDN.pm
+++ b/src/PVE/API2/Network/SDN.pm
@@ -197,7 +197,62 @@ __PACKAGE__->register_method({
     },
 });
 
-__PACKAGE__->register_method ({
+__PACKAGE__->register_method({
+    name => 'rollback',
+    protected => 1,
+    path => 'rollback',
+    method => 'POST',
+    description => "Rollback pending changes to SDN configuration",
+    permissions => {
+        check => ['perm', '/sdn', ['SDN.Allocate']],
+    },
+    parameters => {
+        additionalProperties => 0,
+        properties => {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+            'release-lock' => {
+                type => 'boolean',
+                optional => 1,
+                default => 1,
+                description =>
+                    'When lock-secret has been provided and configuration successfully rollbacked, release the lock automatically afterwards',
+            },
+        },
+    },
+    returns => {
+        type => 'null',
+    },
+    code => sub {
+        my ($param) = @_;
+
+        my $lock_secret = extract_param($param, 'lock-secret');
+        my $release_lock = extract_param($param, 'release-lock');
+
+        my $rollback = sub {
+            my $running_config = PVE::Network::SDN::running_config();
+
+            PVE::Network::SDN::Zones::write_config($running_config->{zones});
+            PVE::Network::SDN::Vnets::write_config($running_config->{vnets});
+            PVE::Network::SDN::Subnets::write_config($running_config->{subnets});
+            PVE::Network::SDN::Controllers::write_config($running_config->{controllers});
+
+            # if the config hasn't yet been applied after the introduction of
+            # fabrics then the key does not exist in the running config so we
+            # default to an empty hash
+            my $fabrics_config = $running_config->{fabrics}->{ids} // {};
+            my $parsed_fabrics_config = PVE::RS::SDN::Fabrics->running_config($fabrics_config);
+            PVE::Network::SDN::Fabrics::write_config($parsed_fabrics_config);
+
+            PVE::Network::SDN::delete_global_lock() if $lock_secret && $release_lock;
+        };
+
+        PVE::Network::SDN::lock_sdn_config(
+            $rollback, "could not rollback SDN configuration", $lock_secret,
+        );
+    },
+});
+
+__PACKAGE__->register_method({
     name => 'reload',
     protected => 1,
     path => '',
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel