From: Gabriel Goller <g.goller@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH docs/manager/network/proxmox{-ve-rs,-perl-rs} 00/23] Generate frr config using jinja templates and rust types
Date: Tue, 3 Feb 2026 17:01:07 +0100 [thread overview]
Message-ID: <20260203160246.353351-1-g.goller@proxmox.com> (raw)
Previously we generated the frr config using one big perl hash, where every
controller-plugin and zone-plugin would push their stuff. This is not pretty
and also tricky to unite with our new rust-based fabrics. Furthermore the only
way to edit or override the frr config is currently the frr.conf.local file,
which is merged with the perl-hash in a very janky manner, which has sprouted
numerous forum threads. The main problem with the frr.conf.local is the limited
control which the user has as to where the override or additional config gets
placed. There are also a few config overrides or additions to frr.conf.local
that are currently impossible or generate invalid frr config.
To improve this we now ship templates, which we use to generate the frr config.
This is the way it is done in e.g. sonic and vyos. These jinja2 templates are
then populated using rust-structs. We changed the perl code to generate
bgp/evpn and isis config that can be deserialized by the rust types and then
rendered into a frr configuration using the templates.
# Versioning
The templates are in the proxmox-frr-templates debian package which, when
installed, copies the template into `/usr/share/proxmox-frr/templates`, where
they are read from using `include_str!`. This means the proxmox-frr-templates
package is only used for development and to version the templates. The user
only gets them in the binary of proxmox-frr (which, by extension, is in the
perl-rs shared library).
# User Override
In order to extract these templates from the binary we introduce a new cli
tool: pvesdn. Using pvesdn the user can show the currently packaged template
file, automatically create an override file `/etc/proxmox-frr/templates/`, show
the difference between the override file and the packaged file and reset the
override files.
libpve-network (pve-network) also has an additional debian/postinst script,
which registers the override files with `ucf` and makes a three-way-merge with
the override-file, the old packaged file and the updated packaged file. This
way, when the templates are updated the user can choose "edit", "maintainer's
version" or "my version".
# frr.conf.local
The frr.conf.local merging code has been adjusted so that the frr.conf.local
still works as before.
Also thanks to Stefan Hanreich as always :)
proxmox-ve-rs:
Gabriel Goller (9):
ve-config: firewall: cargo fmt
frr: add proxmox-frr-templates package that contains templates
ve-config: remove FrrConfigBuilder struct
sdn-types: support variable-length NET identifier
frr: add template serializer and serialize fabrics using templates
frr: add isis configuration and templates
frr: support custom frr configuration lines
frr: add bgp support with templates and serialization
frr: store frr template content as a const map
Makefile | 8 +
proxmox-frr-templates/.gitignore | 1 +
proxmox-frr-templates/Makefile | 50 +++
proxmox-frr-templates/debian/changelog | 5 +
proxmox-frr-templates/debian/control | 17 +
proxmox-frr-templates/debian/copyright | 18 ++
.../debian/proxmox-frr-templates.install | 1 +
proxmox-frr-templates/debian/rules | 5 +
.../templates/access_list.jinja | 6 +
.../templates/access_lists.jinja | 6 +
.../templates/bgp_router.jinja | 118 +++++++
proxmox-frr-templates/templates/bgpd.jinja | 35 ++
proxmox-frr-templates/templates/fabricd.jinja | 29 ++
.../templates/frr.conf.jinja | 12 +
.../templates/interface.jinja | 9 +
.../templates/ip_routes.jinja | 8 +
proxmox-frr-templates/templates/isisd.jinja | 32 ++
proxmox-frr-templates/templates/ospfd.jinja | 18 ++
.../templates/prefix_lists.jinja | 6 +
.../templates/protocol_routemaps.jinja | 10 +
.../templates/route_maps.jinja | 20 ++
proxmox-frr/Cargo.toml | 4 +
proxmox-frr/debian/control | 14 +
proxmox-frr/src/ser/bgp.rs | 184 +++++++++++
proxmox-frr/src/ser/isis.rs | 49 +++
proxmox-frr/src/ser/mod.rs | 294 ++++++++---------
proxmox-frr/src/ser/openfabric.rs | 26 +-
proxmox-frr/src/ser/ospf.rs | 56 +---
proxmox-frr/src/ser/route_map.rs | 175 ++++------
proxmox-frr/src/ser/serializer.rs | 242 +++-----------
proxmox-sdn-types/src/net.rs | 140 +++++++-
proxmox-ve-config/src/common/valid.rs | 4 +-
proxmox-ve-config/src/firewall/cluster.rs | 3 +-
proxmox-ve-config/src/firewall/types/ipset.rs | 2 +-
proxmox-ve-config/src/sdn/fabric/frr.rs | 302 ++++++++++--------
proxmox-ve-config/src/sdn/frr.rs | 42 ---
proxmox-ve-config/src/sdn/mod.rs | 2 -
proxmox-ve-config/tests/fabric/main.rs | 101 +++---
.../fabric__openfabric_default_pve.snap | 2 +-
.../fabric__openfabric_default_pve1.snap | 2 +-
.../fabric__openfabric_dualstack_pve.snap | 13 +-
.../fabric__openfabric_ipv6_only_pve.snap | 4 +-
.../fabric__openfabric_multi_fabric_pve1.snap | 2 +-
.../snapshots/fabric__ospf_default_pve.snap | 2 +-
.../snapshots/fabric__ospf_default_pve1.snap | 2 +-
.../fabric__ospf_multi_fabric_pve1.snap | 2 +-
46 files changed, 1339 insertions(+), 744 deletions(-)
create mode 100644 proxmox-frr-templates/.gitignore
create mode 100644 proxmox-frr-templates/Makefile
create mode 100644 proxmox-frr-templates/debian/changelog
create mode 100644 proxmox-frr-templates/debian/control
create mode 100644 proxmox-frr-templates/debian/copyright
create mode 100644 proxmox-frr-templates/debian/proxmox-frr-templates.install
create mode 100755 proxmox-frr-templates/debian/rules
create mode 100644 proxmox-frr-templates/templates/access_list.jinja
create mode 100644 proxmox-frr-templates/templates/access_lists.jinja
create mode 100644 proxmox-frr-templates/templates/bgp_router.jinja
create mode 100644 proxmox-frr-templates/templates/bgpd.jinja
create mode 100644 proxmox-frr-templates/templates/fabricd.jinja
create mode 100644 proxmox-frr-templates/templates/frr.conf.jinja
create mode 100644 proxmox-frr-templates/templates/interface.jinja
create mode 100644 proxmox-frr-templates/templates/ip_routes.jinja
create mode 100644 proxmox-frr-templates/templates/isisd.jinja
create mode 100644 proxmox-frr-templates/templates/ospfd.jinja
create mode 100644 proxmox-frr-templates/templates/prefix_lists.jinja
create mode 100644 proxmox-frr-templates/templates/protocol_routemaps.jinja
create mode 100644 proxmox-frr-templates/templates/route_maps.jinja
create mode 100644 proxmox-frr/src/ser/bgp.rs
create mode 100644 proxmox-frr/src/ser/isis.rs
delete mode 100644 proxmox-ve-config/src/sdn/frr.rs
proxmox-perl-rs:
Gabriel Goller (2):
sdn: add function to generate the frr config for all daemons
sdn: add method to get a frr template
pve-rs/Makefile | 1 +
pve-rs/src/bindings/sdn/fabrics.rs | 25 +++------------------
pve-rs/src/bindings/sdn/mod.rs | 35 ++++++++++++++++++++++++++++++
3 files changed, 39 insertions(+), 22 deletions(-)
pve-network:
Gabriel Goller (10):
sdn: remove duplicate comment line '!' in frr config
sdn: tests: add missing comment '!' in frr config
tests: use Test::Differences to make test assertions
sdn: write structured frr config that can be rendered using templates
tests: rearrange some statements in the frr config
sdn: adjust frr.conf.local merging to rust template types
cli: add pvesdn cli tool for managing frr template overrides
debian: handle user modifications to FRR templates via ucf
api: add dry-run endpoint for sdn apply to preview changes
test: add test for frr.conf.local merging
debian/control | 2 +
debian/libpve-network-api-perl.install | 1 +
debian/libpve-network-perl.install | 4 +
debian/libpve-network-perl.postinst | 34 +-
debian/libpve-network-perl.postrm | 33 ++
src/Makefile | 2 +-
src/PVE/API2/Network/SDN.pm | 67 ++++
src/PVE/CLI/Makefile | 7 +
src/PVE/CLI/pvesdn.pm | 252 ++++++++++++
src/PVE/Makefile | 1 +
src/PVE/Network/SDN.pm | 20 +-
src/PVE/Network/SDN/Controllers/BgpPlugin.pm | 104 ++---
src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 372 +++++++++---------
src/PVE/Network/SDN/Controllers/IsisPlugin.pm | 28 +-
src/PVE/Network/SDN/Fabrics.pm | 14 +-
src/PVE/Network/SDN/Frr.pm | 366 +++++++++--------
src/bin/Makefile | 69 ++++
src/bin/pvesdn | 8 +
src/test/run_test_dns.pl | 15 +-
src/test/run_test_ipams.pl | 13 +-
src/test/run_test_subnets.pl | 31 +-
src/test/run_test_vnets_blackbox.pl | 23 +-
src/test/run_test_zones.pl | 21 +-
.../expected_controller_config | 1 -
.../expected_controller_config | 1 -
.../evpn/ebgp/expected_controller_config | 1 -
.../ebgp_loopback/expected_controller_config | 3 +-
.../evpn/exitnode/expected_controller_config | 1 -
.../expected_controller_config | 1 -
.../expected_controller_config | 1 -
.../exitnode_snat/expected_controller_config | 1 -
.../expected_controller_config | 1 -
.../expected_controller_config | 61 +++
.../frr_local_merge/expected_sdn_interfaces | 42 ++
.../zones/evpn/frr_local_merge/frr.conf.local | 30 ++
.../zones/evpn/frr_local_merge/interfaces | 7 +
.../zones/evpn/frr_local_merge/sdn_config | 24 ++
.../evpn/ipv4/expected_controller_config | 1 -
.../evpn/ipv4ipv6/expected_controller_config | 1 -
.../expected_controller_config | 1 -
.../evpn/ipv6/expected_controller_config | 1 -
.../ipv6underlay/expected_controller_config | 1 -
.../evpn/isis/expected_controller_config | 15 +-
.../isis_loopback/expected_controller_config | 15 +-
.../expected_controller_config | 13 +-
.../expected_controller_config | 3 +-
.../multiplezones/expected_controller_config | 1 -
.../expected_controller_config | 13 +-
.../ospf_fabric/expected_controller_config | 13 +-
.../evpn/rt_import/expected_controller_config | 1 -
.../evpn/vxlanport/expected_controller_config | 1 -
51 files changed, 1192 insertions(+), 550 deletions(-)
create mode 100644 debian/libpve-network-perl.postrm
create mode 100644 src/PVE/CLI/Makefile
create mode 100644 src/PVE/CLI/pvesdn.pm
create mode 100644 src/bin/Makefile
create mode 100755 src/bin/pvesdn
create mode 100644 src/test/zones/evpn/frr_local_merge/expected_controller_config
create mode 100644 src/test/zones/evpn/frr_local_merge/expected_sdn_interfaces
create mode 100644 src/test/zones/evpn/frr_local_merge/frr.conf.local
create mode 100644 src/test/zones/evpn/frr_local_merge/interfaces
create mode 100644 src/test/zones/evpn/frr_local_merge/sdn_config
pve-manager:
Gabriel Goller (1):
sdn: add dry-run view for sdn apply
www/manager6/Makefile | 1 +
www/manager6/sdn/SdnDiffView.js | 123 ++++++++++++++++++++++++++++++++
www/manager6/sdn/StatusView.js | 8 +++
3 files changed, 132 insertions(+)
create mode 100644 www/manager6/sdn/SdnDiffView.js
pve-docs:
Gabriel Goller (1):
docs: add man page for the `pvesdn` cli
pvesdn.1-synopsis.adoc | 39 +++++++++++++++++++++++++++++++++++++++
pvesdn.adoc | 24 +++++++++++++++++++++++-
2 files changed, 62 insertions(+), 1 deletion(-)
create mode 100644 pvesdn.1-synopsis.adoc
Summary over all repositories:
105 files changed, 2764 insertions(+), 1317 deletions(-)
--
Generated by git-murpp 0.8.0
next reply other threads:[~2026-02-03 16:04 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-03 16:01 Gabriel Goller [this message]
2026-02-03 16:01 ` [PATCH proxmox-ve-rs 1/9] ve-config: firewall: cargo fmt Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-ve-rs 2/9] frr: add proxmox-frr-templates package that contains templates Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-ve-rs 3/9] ve-config: remove FrrConfigBuilder struct Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-ve-rs 4/9] sdn-types: support variable-length NET identifier Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-ve-rs 5/9] frr: add template serializer and serialize fabrics using templates Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-ve-rs 6/9] frr: add isis configuration and templates Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-ve-rs 7/9] frr: support custom frr configuration lines Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-ve-rs 8/9] frr: add bgp support with templates and serialization Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-ve-rs 9/9] frr: store frr template content as a const map Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-perl-rs 1/2] sdn: add function to generate the frr config for all daemons Gabriel Goller
2026-02-03 16:01 ` [PATCH proxmox-perl-rs 2/2] sdn: add method to get a frr template Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 01/10] sdn: remove duplicate comment line '!' in frr config Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 02/10] sdn: tests: add missing comment " Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 03/10] tests: use Test::Differences to make test assertions Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 04/10] sdn: write structured frr config that can be rendered using templates Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 05/10] tests: rearrange some statements in the frr config Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 06/10] sdn: adjust frr.conf.local merging to rust template types Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 07/10] cli: add pvesdn cli tool for managing frr template overrides Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 08/10] debian: handle user modifications to FRR templates via ucf Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 09/10] api: add dry-run endpoint for sdn apply to preview changes Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-network 10/10] test: add test for frr.conf.local merging Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-manager 1/1] sdn: add dry-run view for sdn apply Gabriel Goller
2026-02-03 16:01 ` [PATCH pve-docs 1/1] docs: add man page for the `pvesdn` cli Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260203160246.353351-1-g.goller@proxmox.com \
--to=g.goller@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox