From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network 2/3] fabrics: wireguard: add schema definitions for wireguard
Date: Thu, 19 Feb 2026 15:56:32 +0100 [thread overview]
Message-ID: <20260219145649.441418-16-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20260219145649.441418-1-s.hanreich@proxmox.com>
Add the newly introduced properties for fabrics / nodes to the
existing schema definition. The existing fabric / node endpoints will
then work with the new WireGuard entities, without any additional
changes. To properly detect changes in the peers property, which is an
array, it needs to be added to the encode_value function as well,
which is used for comparing the pending configuration to the running
configuration.
Originally-by: Christoph Heiss <c.heiss@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/API2/Network/SDN.pm | 2 +-
src/PVE/Network/SDN.pm | 9 +-
src/PVE/Network/SDN/Fabrics.pm | 257 ++++++++++++++++++++++++++++++++-
3 files changed, 260 insertions(+), 8 deletions(-)
diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm
index b35a588..aa8d359 100644
--- a/src/PVE/API2/Network/SDN.pm
+++ b/src/PVE/API2/Network/SDN.pm
@@ -107,7 +107,7 @@ my $create_reload_network_worker = sub {
}
},
);
- #my $upid = PVE::API2::Network->reload_network_config(node => $nodename});
+ #my $upid = PVE::API2::Network->reload_network_config({ node => $nodename });
my $res = PVE::Tools::upid_decode($upid);
return $res->{pid};
diff --git a/src/PVE/Network/SDN.pm b/src/PVE/Network/SDN.pm
index c7c390e..78b15d5 100644
--- a/src/PVE/Network/SDN.pm
+++ b/src/PVE/Network/SDN.pm
@@ -472,7 +472,14 @@ sub generate_dhcp_config {
sub encode_value {
my ($type, $key, $value) = @_;
- if ($key eq 'nodes' || $key eq 'exitnodes' || $key eq 'dhcp-range' || $key eq 'interfaces') {
+ if (
+ $key eq 'nodes'
+ || $key eq 'exitnodes'
+ || $key eq 'dhcp-range'
+ || $key eq 'interfaces'
+ || $key eq 'peers'
+ || $key eq 'allowed_ips'
+ ) {
if (ref($value) eq 'HASH') {
return join(',', sort keys(%$value));
} elsif (ref($value) eq 'ARRAY') {
diff --git a/src/PVE/Network/SDN/Fabrics.pm b/src/PVE/Network/SDN/Fabrics.pm
index d90992a..a81b62e 100644
--- a/src/PVE/Network/SDN/Fabrics.pm
+++ b/src/PVE/Network/SDN/Fabrics.pm
@@ -45,7 +45,44 @@ PVE::JSONSchema::register_standard_option(
{
description => "Type of configuration entry in an SDN Fabric section config",
type => 'string',
- enum => ['openfabric', 'ospf'],
+ enum => ['openfabric', 'ospf', 'wireguard'],
+ },
+);
+
+PVE::JSONSchema::register_format(
+ 'pve-sdn-fabric-wireguard-interface',
+ {
+ name => {
+ type => 'string',
+ format => 'pve-iface',
+ description => 'Name of the network interface',
+ },
+ public_key => {
+ type => 'string',
+ description => 'The public key of this interface',
+ optional => 1,
+ },
+ ip => {
+ type => 'string',
+ format => 'CIDRv4',
+ description => 'IPv4 address for this node',
+ optional => 1,
+ },
+ ip6 => {
+ type => 'string',
+ format => 'CIDRv6',
+ description => 'IPv6 address for this node',
+ optional => 1,
+ },
+ listen_port => {
+ type => 'number',
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
+ description => 'Port to listen on for WireGuard traffic.',
+ optional => 1,
+ minimum => 1,
+ maximum => 65535,
+ },
},
);
@@ -203,18 +240,202 @@ sub node_properties {
description => 'OSPF network interface',
optional => 1,
},
+ {
+ type => 'array',
+ 'instance-types' => ['wireguard'],
+ items => {
+ description =>
+ "Type of configuration entry in an SDN Fabric section config",
+ type => 'string',
+ format => 'pve-sdn-fabric-wireguard-interface',
+ },
+ description => 'WireGuard network interface',
+ optional => 1,
+ },
],
},
- };
-
- if ($update) {
- $properties->{delete} = {
+ public_key => {
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
+ description => 'The role of this node in the WireGuard fabric.',
+ type => 'string',
+ optional => 1,
+ },
+ role => {
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
+ description => 'The role of this node in the WireGuard fabric.',
+ type => 'string',
+ enum => ['internal', 'external'],
+ optional => 1,
+ },
+ endpoint => {
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
+ description => 'The endpoint used for connecting to this node.',
+ optional => 1,
+ type => 'string',
+ },
+ allowed_ips => {
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
type => 'array',
+ optional => 1,
+ description =>
+ 'A list of IPs that are routable via this node in the WireGuard fabric.',
items => {
type => 'string',
- enum => ['interfaces', 'ip', 'ip6'],
+ format => 'CIDR',
},
+ },
+ peers => {
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
optional => 1,
+ type => 'array',
+ items => {
+ type => 'string',
+ format => {
+ type => {
+ type => 'string',
+ enum => ['internal', 'external'],
+ },
+ node => {
+ description =>
+ 'The name of the peer (if external) or the name of the node and interface (if internal).',
+ type => 'string',
+ },
+ node_iface => {
+ description =>
+ 'The interface of this node that uses this peer definition.',
+ optional => 1,
+ type => 'string',
+ },
+ iface => {
+ description =>
+ 'The interface of this node that uses this peer definition.',
+ optional => 1,
+ type => 'string',
+ },
+ endpoint => {
+ description =>
+ 'Override for the endpoint settings in the node section.',
+ optional => 1,
+ type => 'string',
+ },
+ allowed_ips => {
+ type => 'array',
+ optional => 1,
+ description => 'Additional allowed IPs for this peer.',
+ items => {
+ type => 'string',
+ format => 'CIDR',
+ },
+ },
+ },
+ },
+ },
+ role => {
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
+ description => 'The role of this node in the WireGuard fabric.',
+ type => 'string',
+ enum => ['internal', 'external'],
+ optional => 1,
+ },
+ endpoint => {
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
+ description => 'The endpoint used for connecting to this node.',
+ optional => 1,
+ type => 'string',
+ },
+ allowed_ips => {
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
+ type => 'array',
+ optional => 1,
+ description =>
+ 'A list of IPs that are routable via this node in the WireGuard fabric.',
+ items => {
+ type => 'string',
+ format => 'CIDR',
+ },
+ },
+ peers => {
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
+ optional => 1,
+ type => 'array',
+ items => {
+ type => 'string',
+ format => {
+ type => {
+ type => 'string',
+ enum => ['internal', 'external'],
+ },
+ node => {
+ description =>
+ 'The name of the peer (if external) or the name of the node and interface (if internal).',
+ type => 'string',
+ },
+ node_iface => {
+ description =>
+ 'The interface of this node that uses this peer definition.',
+ optional => 1,
+ type => 'string',
+ },
+ iface => {
+ description =>
+ 'The interface of this node that uses this peer definition.',
+ optional => 1,
+ type => 'string',
+ },
+ endpoint => {
+ description =>
+ 'Override for the endpoint settings in the node section.',
+ optional => 1,
+ type => 'string',
+ },
+ allowed_ips => {
+ type => 'array',
+ optional => 1,
+ description => 'Additional allowed IPs for this peer.',
+ items => {
+ type => 'string',
+ format => 'CIDR',
+ },
+ },
+ },
+ },
+ },
+ };
+
+ if ($update) {
+ $properties->{delete} = {
+ # coerce this value into an array before parsing (oneOf workaround)
+ type => 'array',
+ 'type-property' => 'protocol',
+ oneOf => [
+ {
+ type => 'array',
+ 'instance-types' => ['openfabric', 'ospf'],
+ items => {
+ type => 'string',
+ enum => ['interfaces', 'ip', 'ip6'],
+ },
+ optional => 1,
+ },
+ {
+ type => 'array',
+ 'instance-types' => ['wireguard'],
+ items => {
+ type => 'string',
+ enum => ['allowed_ips', 'endpoint', 'interfaces', 'ip', 'ip6', 'peers'],
+ },
+ optional => 1,
+ },
+ ],
};
}
@@ -267,6 +488,21 @@ sub fabric_properties {
'OSPF area. Either a IPv4 address or a 32-bit number. Gets validated in rust.',
optional => 1,
},
+ persistent_keepalive => {
+ type => 'number',
+ 'type-property' => 'protocol',
+ 'instance-types' => ['wireguard'],
+ description => 'A seconds interval, between 1 and 65535 inclusive, of how often to'
+ . ' send an authenticated empty packet to the peer for the purpose of keeping a'
+ . ' stateful firewall or NAT mapping valid persistently. For example, if the'
+ . ' interface very rarely sends traffic, but it might at anytime receive traffic'
+ . ' from another node, and it is behind NAT, the interface might benefit from'
+ . ' having a persistent keepalive interval of 25 seconds. If unset or set to 0, it'
+ . ' is turned off',
+ optional => 1,
+ minimum => 0,
+ maximum => 65535,
+ },
};
if ($update) {
@@ -293,6 +529,15 @@ sub fabric_properties {
},
optional => 1,
},
+ {
+ type => 'array',
+ 'instance-types' => ['wireguard'],
+ items => {
+ type => 'string',
+ enum => ['persistent_keepalive'],
+ },
+ optional => 1,
+ },
],
};
}
--
2.47.3
next prev parent reply other threads:[~2026-02-19 14:56 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-19 14:56 [RFC manager/network/proxmox{,-ve-rs,-perl-rs} 00/27] Add WireGuard as protocol to SDN fabrics Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox 1/2] wireguard: skip serializing preshared_key if unset Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox 2/2] wireguard: implement ApiType for endpoints and hostnames Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-ve-rs 1/9] debian: update control file Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-ve-rs 2/9] clippy: fix 'hiding a lifetime that's elided elsewhere is confusing' Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-ve-rs 3/9] sdn-types: add wireguard-specific PersistentKeepalive api type Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-ve-rs 4/9] ve-config: fabrics: split interface name regex into two parts Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-ve-rs 5/9] ve-config: fabric: refactor fabric config entry impl using macro Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-ve-rs 6/9] ve-config: fabrics: add protocol-specific properties for wireguard Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-ve-rs 7/9] ve-config: sdn: fabrics: add wireguard to the fabric config Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-ve-rs 8/9] ve-config: fabrics: wireguard add validation for wireguard config Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-ve-rs 9/9] ve-config: fabrics: implement wireguard config generation Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-perl-rs 1/2] pve-rs: fabrics: wireguard: generate ifupdown2 configuration Stefan Hanreich
2026-02-19 14:56 ` [PATCH proxmox-perl-rs 2/2] pve-rs: fabrics: add helpers for parsing interface property strings Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-network 1/3] sdn: add wireguard helper module Stefan Hanreich
2026-02-19 14:56 ` Stefan Hanreich [this message]
2026-02-19 14:56 ` [PATCH pve-network 3/3] fabrics: wireguard: implement wireguard key auto-generation Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 01/11] network: sdn: generate wireguard configuration on apply Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 02/11] ui: fix parsing of property-strings when values contain = Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 03/11] ui: fabrics: i18n: make node loading string translatable Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 04/11] ui: fabrics: split node selector creation and config Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 05/11] ui: fabrics: edit: make ipv4/6 support generic over fabric panels Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 06/11] ui: fabrics: node: make ipv4/6 support generic over edit panels Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 07/11] ui: fabrics: interface: " Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 08/11] ui: fabrics: wireguard: add interface edit panel Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 09/11] ui: fabrics: wireguard: add node " Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 10/11] ui: fabrics: wireguard: add fabric " Stefan Hanreich
2026-02-19 14:56 ` [PATCH pve-manager 11/11] ui: fabrics: hook up wireguard components Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260219145649.441418-16-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox