From: Stefan Hanreich <s.hanreich@proxmox.com>
To: Gabriel Goller <g.goller@proxmox.com>, pve-devel@lists.proxmox.com
Subject: Re: [PATCH pve-network v3 9/9] api: add dry-run endpoint for sdn apply to preview changes
Date: Fri, 6 Mar 2026 10:24:22 +0100 [thread overview]
Message-ID: <ca1bfd38-2893-4e52-88bc-20d1884d64f6@proxmox.com> (raw)
In-Reply-To: <20260305100331.80741-19-g.goller@proxmox.com>
On 3/5/26 11:04 AM, Gabriel Goller wrote:
> Allows users to see the diff of frr and interfaces configuration files
> before applying SDN changes. Previously this was not possible and the
> user had to apply and then see what changed. For the ifupdown2 dry-run
> to work, pull out the running_config generation to the parent functions.
>
> Also add an option to the compile_running_cfg function so that we can
> skip the /etc/network/interfaces.d/sdn file version bump. This means
> when nothing has been changed and dry-run is pressed, nothing will be
> shown.
>
> Rename a few constants so that they don't clash with local variables.
>
> Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
> ---
> src/PVE/API2/Network/SDN.pm | 88 ++++++++++++++++++++++++++++++++
> src/PVE/Network/SDN.pm | 36 ++++++++-----
> src/PVE/Network/SDN/Fabrics.pm | 10 +++-
> src/PVE/Network/SDN/Zones.pm | 3 +-
> src/test/debug/generateconfig.pl | 3 +-
> src/test/run_test_zones.pl | 2 +-
> 6 files changed, 124 insertions(+), 18 deletions(-)
>
> diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm
> index b35a588d391d..31159c27a3ac 100644
> --- a/src/PVE/API2/Network/SDN.pm
> +++ b/src/PVE/API2/Network/SDN.pm
> @@ -3,6 +3,9 @@ package PVE::API2::Network::SDN;
> use strict;
> use warnings;
>
> +use Encode qw(decode);
> +use JSON qw(from_json);
> +
> use PVE::Cluster qw(cfs_lock_file cfs_read_file cfs_write_file);
> use PVE::Exception qw(raise_param_exc);
> use PVE::JSONSchema qw(get_standard_option);
> @@ -11,6 +14,7 @@ use PVE::RPCEnvironment;
> use PVE::SafeSyslog;
> use PVE::Tools qw(run_command extract_param);
> use PVE::Network::SDN;
> +use PVE::File;
>
> use PVE::API2::Network::SDN::Controllers;
> use PVE::API2::Network::SDN::Vnets;
> @@ -325,4 +329,88 @@ __PACKAGE__->register_method({
> },
> });
>
> +sub get_diff {
> + my ($filename_one, $filename_two) = @_;
> +
> + my $diff = '';
> +
> + my $cmd = ['/usr/bin/diff', '-b', '-N', '-u', $filename_one, $filename_two];
> + PVE::Tools::run_command(
> + $cmd,
> + noerr => 1,
> + outfunc => sub {
> + my ($line) = @_;
> + $diff .= decode('UTF-8', $line) . "\n";
> + },
> + );
> +
> + $diff = undef if !$diff;
> +
> + return $diff;
> +}
> +
> +__PACKAGE__->register_method({
> + name => 'dry-run',
> + path => 'dry-run',
> + method => 'PUT',
Should this really be a PUT method? GET would imo be better suited,
since it doesn't have any side-effects. The node param could just be
part of the path instead of sending it in the body.
> + permissions => {
> + check => ['perm', '/nodes/{node}', ['Sys.Modify']],
> + },
> + description =>
> + "Dry-run the SDN apply action and return the difference between the current configuration and the pending configuration",
> + protected => 1,
> + proxyto => 'node',
> + parameters => {
> + additionalProperties => 0,
> + properties => {
> + node => get_standard_option('pve-node'),
> + },
> + },
> +
> + returns => {
> + type => 'object',
> + properties => {
> + "frr-diff" => {
> + type => 'string',
> + description =>
> + 'The difference between the current and pending FRR configuration.',
> + },
> + "interfaces-diff" => {
> + type => 'string',
> + description =>
> + 'The difference between the current and pending /etc/network/interfaces.d/sdn configuration.',
> + },
> + },
> + },
> + code => sub {
> + my ($param) = @_;
> +
> + my $cfg = PVE::Network::SDN::compile_running_cfg();
> +
> + my $fabric_cfg = PVE::Network::SDN::Fabrics::config(0);
> + my $frr_cfg = PVE::Network::SDN::generate_frr_raw_config($cfg, $fabric_cfg);
> + my $new_cfg_frr = PVE::Network::SDN::Frr::raw_config_to_string($frr_cfg);
> +
> + # compile running config and skip version bump
> + my $running_cfg = PVE::Network::SDN::compile_running_cfg(1);
> +
> + my $new_interfaces_cfg =
> + PVE::Network::SDN::generate_raw_etc_network_config($running_cfg);
> +
> + my ($frr_tmp_filename, $frr_tmp_fh) = PVE::File::tempfile_contents($new_cfg_frr, 700);
> +
> + my ($interfaces_tmp_filename, $interfaces_tmp_fh) =
> + PVE::File::tempfile_contents($new_interfaces_cfg, 700);
> +
> + my $return_value = {};
> + $return_value->{"frr-diff"} = get_diff('/etc/frr/frr.conf', $frr_tmp_filename);
> + $return_value->{"interfaces-diff"} =
> + get_diff('/etc/network/interfaces.d/sdn', $interfaces_tmp_filename);
> +
> + close($frr_tmp_fh);
> + close($interfaces_tmp_fh);
> + return $return_value;
> + },
> +});
> +
> 1;
> diff --git a/src/PVE/Network/SDN.pm b/src/PVE/Network/SDN.pm
> index 037182bc5ae9..0bb36bf2d07d 100644
> --- a/src/PVE/Network/SDN.pm
> +++ b/src/PVE/Network/SDN.pm
> @@ -26,7 +26,7 @@ use PVE::Network::SDN::Dhcp;
> use PVE::Network::SDN::Frr;
> use PVE::Network::SDN::Fabrics;
>
> -my $running_cfg = "sdn/.running-config";
> +my $RUNNING_CFG_FILENAME = "sdn/.running-config";
>
> my $parse_running_cfg = sub {
> my ($filename, $raw) = @_;
> @@ -49,7 +49,7 @@ my $write_running_cfg = sub {
> return $json;
> };
>
> -PVE::Cluster::cfs_register_file($running_cfg, $parse_running_cfg, $write_running_cfg);
> +PVE::Cluster::cfs_register_file($RUNNING_CFG_FILENAME, $parse_running_cfg, $write_running_cfg);
>
> my $LOCK_TOKEN_FILE = "/etc/pve/sdn/.lock";
>
> @@ -105,7 +105,7 @@ sub status {
> }
>
> sub running_config {
> - return cfs_read_file($running_cfg);
> + return cfs_read_file($RUNNING_CFG_FILENAME);
> }
>
> =head3 running_config_has_frr(\%running_config)
> @@ -187,13 +187,17 @@ sub pending_config {
>
> }
>
> -sub commit_config {
> +sub compile_running_cfg {
> + my ($skip_version_bump) = @_;
> + $skip_version_bump = $skip_version_bump // 0;
>
> - my $cfg = cfs_read_file($running_cfg);
> + my $cfg = cfs_read_file($RUNNING_CFG_FILENAME);
> my $version = $cfg->{version};
>
> if ($version) {
> - $version++;
> + if (!$skip_version_bump) {
> + $version++;
> + }
> } else {
> $version = 1;
> }
> @@ -219,7 +223,13 @@ sub commit_config {
> fabrics => $fabrics,
> };
>
> - cfs_write_file($running_cfg, $cfg);
> + return $cfg;
> +}
> +
> +sub commit_config {
> + my $cfg = compile_running_cfg();
> +
> + cfs_write_file($RUNNING_CFG_FILENAME, $cfg);
> }
>
> sub has_pending_changes {
> @@ -342,20 +352,21 @@ sub get_local_vnets {
> return $vnets;
> }
>
> -=head3 generate_raw_etc_network_config()
> +=head3 generate_raw_etc_network_config(\%running_cfg)
>
> Generate the /etc/network/interfaces.d/sdn config file from the Zones
> -and Fabrics configuration and return it as a String.
> +and Fabrics running configuration passed and return it as a String.
>
> =cut
>
> sub generate_raw_etc_network_config {
> + my ($running_cfg) = @_;
> my $raw_config = "";
>
> - my $zone_config = PVE::Network::SDN::Zones::generate_etc_network_config();
> + my $zone_config = PVE::Network::SDN::Zones::generate_etc_network_config($running_cfg);
> $raw_config .= $zone_config if $zone_config;
>
> - my $fabric_config = PVE::Network::SDN::Fabrics::generate_etc_network_config();
> + my $fabric_config = PVE::Network::SDN::Fabrics::generate_etc_network_config($running_cfg);
> $raw_config .= $fabric_config if $fabric_config;
>
> return $raw_config;
> @@ -396,7 +407,8 @@ interfaces files (/etc/network/interfaces.d/sdn).
> =cut
>
> sub generate_etc_network_config {
> - my $raw_config = PVE::Network::SDN::generate_raw_etc_network_config();
> + my $running_cfg = PVE::Network::SDN::running_config();
> + my $raw_config = PVE::Network::SDN::generate_raw_etc_network_config($running_cfg);
> PVE::Network::SDN::write_raw_etc_network_config($raw_config);
> }
>
> diff --git a/src/PVE/Network/SDN/Fabrics.pm b/src/PVE/Network/SDN/Fabrics.pm
> index 3ca362a02660..9be7f0215bef 100644
> --- a/src/PVE/Network/SDN/Fabrics.pm
> +++ b/src/PVE/Network/SDN/Fabrics.pm
> @@ -102,10 +102,16 @@ sub get_frr_daemon_status {
> }
>
> sub generate_etc_network_config {
> + my ($running_cfg) = @_;
> +
> my $nodename = PVE::INotify::nodename();
> - my $fabric_config = PVE::Network::SDN::Fabrics::config(1);
> + # if the config hasn't yet been applied after the introduction of
> + # fabrics then the key does not exist in the running config so we
> + # default to an empty hash
> + my $fabrics_config = $running_cfg->{fabrics}->{ids} // {};
> + my $fabric_object = PVE::RS::SDN::Fabrics->running_config($fabrics_config);
>
> - return $fabric_config->get_interfaces_etc_network_config($nodename);
> + return $fabric_object->get_interfaces_etc_network_config($nodename);
> }
>
> sub node_properties {
> diff --git a/src/PVE/Network/SDN/Zones.pm b/src/PVE/Network/SDN/Zones.pm
> index 4da94580e07d..4c1468cf8ef8 100644
> --- a/src/PVE/Network/SDN/Zones.pm
> +++ b/src/PVE/Network/SDN/Zones.pm
> @@ -107,8 +107,7 @@ sub get_vnets {
> }
>
> sub generate_etc_network_config {
> -
> - my $cfg = PVE::Network::SDN::running_config();
> + my ($cfg) = @_;
>
> my $version = $cfg->{version};
> my $vnet_cfg = $cfg->{vnets};
> diff --git a/src/test/debug/generateconfig.pl b/src/test/debug/generateconfig.pl
> index 250db4368186..99a5d59cba72 100644
> --- a/src/test/debug/generateconfig.pl
> +++ b/src/test/debug/generateconfig.pl
> @@ -9,7 +9,8 @@ use PVE::Network::SDN::Controllers;
> use Data::Dumper;
>
> PVE::Network::SDN::commit_config();
> -my $network_config = PVE::Network::SDN::Zones::generate_etc_network_config();
> +my $running_cfg = PVE::Network::SDN::running_config();
> +my $network_config = PVE::Network::SDN::Zones::generate_etc_network_config($running_cfg);
>
> PVE::Network::SDN::Zones::write_etc_network_config($network_config);
> print "/etc/network/interfaces.d/sdn\n";
> diff --git a/src/test/run_test_zones.pl b/src/test/run_test_zones.pl
> index 806225735e6b..8986c5c52c9f 100755
> --- a/src/test/run_test_zones.pl
> +++ b/src/test/run_test_zones.pl
> @@ -145,7 +145,7 @@ foreach my $test (@tests) {
> my $name = $test;
> my $expected = read_file("./$test/expected_sdn_interfaces");
>
> - my $result = eval { PVE::Network::SDN::generate_raw_etc_network_config() };
> + my $result = eval { PVE::Network::SDN::generate_raw_etc_network_config($sdn_config) };
>
> if (my $err = $@) {
> diag("got unexpected error - $err");
next prev parent reply other threads:[~2026-03-06 9:23 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 10:03 [PATCH manager/network/proxmox{-ve-rs,-perl-rs} v3 00/19] Generate frr config using jinja templates and rust types Gabriel Goller
2026-03-05 10:03 ` [PATCH proxmox-ve-rs v3 1/8] ve-config: firewall: cargo fmt Gabriel Goller
2026-03-05 10:03 ` [PATCH proxmox-ve-rs v3 2/8] frr: add proxmox-frr-templates package that contains templates Gabriel Goller
2026-03-05 10:03 ` [PATCH proxmox-ve-rs v3 3/8] ve-config: remove FrrConfigBuilder struct Gabriel Goller
2026-03-05 10:03 ` [PATCH proxmox-ve-rs v3 4/8] sdn-types: support variable-length NET identifier Gabriel Goller
2026-03-05 10:03 ` [PATCH proxmox-ve-rs v3 5/8] frr: add template serializer and serialize fabrics using templates Gabriel Goller
2026-03-05 10:03 ` [PATCH proxmox-ve-rs v3 6/8] frr: add isis configuration and templates Gabriel Goller
2026-03-05 10:03 ` [PATCH proxmox-ve-rs v3 7/8] frr: support custom frr configuration lines Gabriel Goller
2026-03-05 10:03 ` [PATCH proxmox-ve-rs v3 8/8] frr: add bgp support with templates and serialization Gabriel Goller
2026-03-05 10:03 ` [PATCH proxmox-perl-rs v3 1/1] sdn: add function to generate the frr config for all daemons Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-network v3 1/9] tests: use Test::Differences to make test assertions Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-network v3 2/9] test: add test for frr.conf.local merging Gabriel Goller
2026-03-06 9:27 ` Stefan Hanreich
2026-03-06 10:51 ` Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-network v3 3/9] test: bgp: add some various integration tests Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-network v3 4/9] sdn: write structured frr config that can be rendered using templates Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-network v3 5/9] sdn: remove duplicate comment line '!' in frr config Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-network v3 6/9] tests: rearrange some statements in the " Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-network v3 7/9] sdn: adjust frr.conf.local merging to rust template types Gabriel Goller
2026-03-06 10:35 ` Stefan Hanreich
2026-03-06 10:54 ` Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-network v3 8/9] test: adjust frr_local_merge test for new template generation Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-network v3 9/9] api: add dry-run endpoint for sdn apply to preview changes Gabriel Goller
2026-03-06 9:24 ` Stefan Hanreich [this message]
2026-03-06 12:08 ` Gabriel Goller
2026-03-05 10:03 ` [PATCH pve-manager v3 1/1] sdn: add dry-run diff view for sdn apply Gabriel Goller
2026-03-06 9:24 ` Stefan Hanreich
2026-03-06 12:37 ` Gabriel Goller
2026-03-06 12:58 ` [PATCH manager/network/proxmox{-ve-rs,-perl-rs} v3 00/19] Generate frr config using jinja templates and rust types Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ca1bfd38-2893-4e52-88bc-20d1884d64f6@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=g.goller@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox