From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 3B4CA1FF16B
	for <inbox@lore.proxmox.com>; Tue, 29 Jul 2025 11:29:07 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 51C1BC2F3;
	Tue, 29 Jul 2025 11:30:15 +0200 (CEST)
From: Gabriel Goller <g.goller@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Tue, 29 Jul 2025 11:29:33 +0200
Message-Id: <20250729092933.90118-6-g.goller@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250729092933.90118-1-g.goller@proxmox.com>
References: <20250729092933.90118-1-g.goller@proxmox.com>
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1753781369110
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.158 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 POISEN_SPAM_PILL          0.1 Meta: its spam
 POISEN_SPAM_PILL_1        0.1 random spam to be learned in bayes
 POISEN_SPAM_PILL_3        0.1 random spam to be learned in bayes
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH network v3 5/5] api: add rollback endpoint
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

From: Stefan Hanreich <s.hanreich@proxmox.com>

This adds the functionality of rolling back the pending configuration
to the currently running configuration, resetting all changes made
since last applying the SDN configuration. This is mainly thought as
an escape hatch for failed PDM transactions.

You can invoke the endpoint via CLI:

  pvesh create /cluster/sdn/rollback [--lock-token X [--release-lock]]

If a lock is currently held on the configuration and you want to
forcibly rollback, you need to release the lock first via the
lock_release API endpoint.

Co-authored-by: Gabriel Goller <g.goller@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 src/PVE/API2/Network/SDN.pm | 57 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm
index 9e59d0860dfc..7c919025933b 100644
--- a/src/PVE/API2/Network/SDN.pm
+++ b/src/PVE/API2/Network/SDN.pm
@@ -197,7 +197,62 @@ __PACKAGE__->register_method({
     },
 });
 
-__PACKAGE__->register_method ({
+__PACKAGE__->register_method({
+    name => 'rollback',
+    protected => 1,
+    path => 'rollback',
+    method => 'POST',
+    description => "Rollback pending changes to SDN configuration",
+    permissions => {
+        check => ['perm', '/sdn', ['SDN.Allocate']],
+    },
+    parameters => {
+        additionalProperties => 0,
+        properties => {
+            'lock-token' => get_standard_option('pve-sdn-lock-token'),
+            'release-lock' => {
+                type => 'boolean',
+                optional => 1,
+                default => 1,
+                description =>
+                    'When lock-token has been provided and configuration successfully rollbacked, release the lock automatically afterwards',
+            },
+        },
+    },
+    returns => {
+        type => 'null',
+    },
+    code => sub {
+        my ($param) = @_;
+
+        my $lock_token = extract_param($param, 'lock-token');
+        my $release_lock = extract_param($param, 'release-lock');
+
+        my $rollback = sub {
+            my $running_config = PVE::Network::SDN::running_config();
+
+            PVE::Network::SDN::Zones::write_config($running_config->{zones});
+            PVE::Network::SDN::Vnets::write_config($running_config->{vnets});
+            PVE::Network::SDN::Subnets::write_config($running_config->{subnets});
+            PVE::Network::SDN::Controllers::write_config($running_config->{controllers});
+
+            # if the config hasn't yet been applied after the introduction of
+            # fabrics then the key does not exist in the running config so we
+            # default to an empty hash
+            my $fabrics_config = $running_config->{fabrics}->{ids} // {};
+            my $parsed_fabrics_config = PVE::RS::SDN::Fabrics->running_config($fabrics_config);
+            PVE::Network::SDN::Fabrics::write_config($parsed_fabrics_config);
+
+            PVE::Network::SDN::delete_global_lock() if $lock_token && $release_lock;
+        };
+
+        PVE::Network::SDN::lock_sdn_config(
+            $rollback, "could not rollback SDN configuration", $lock_token,
+        );
+    },
+});
+
+__PACKAGE__->register_method({
     name => 'reload',
     protected => 1,
     path => '',
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel