Because of how the Netbox IPAM plugin works (utilizing IP ranges to
represent DHCP ranges), we need a hook in the IPAM plugin that runs on
updates to the subnet because DHCP ranges can be edited. The update
hook in Netbox checks which DHCP ranges got added and which got
deleted and then performs the respective changes in the Netbox IPAM.
This operates under the assumption that DHCP ranges do not overlap
(which is not supported by Netbox anyway).
Only Netbox needs to do work on update, so we can leave this as noop
in phpIPAM and the PVE IPAM, because they have no notion of IP ranges
or similar entities. phpIPAM doesn't support DHCP ranges at all and
PVE IPAM simply uses DHCP ranges as a constraint when allocating an
IP.
I decided on this approach over just creating IP ranges on demand when
assigning IPs, because this keeps Netbox clean and in sync with the
PVE state. It doesn't leave remnants of IP ranges in the Netbox
database, which can lead to errors when trying to create IP ranges
that overlap with IP ranges that already existed in an SDN subnet.
This method tries to check for any possible errors before editing the
entities. There is still a small window where external changes can
occur that lead to errors. We are touching multiple entities here, so
in case of errors users have to fix their Netbox instance manually.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Tested-by: Hannes Duerr <h.duerr@proxmox.com>
Link: https://lore.proxmox.com/20250310085103.30549-8-s.hanreich@proxmox.com
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
}
}
+sub update_subnet {
+ my ($class, $plugin_config, $subnetid, $subnet, $old_subnet, $noerr) = @_;
+
+ # old subnet in SubnetPlugin hook has already parsed dhcp-ranges
+ # new subnet doesn't
+ my $old_dhcp_ranges = $old_subnet->{'dhcp-range'};
+ my $new_dhcp_ranges = PVE::Network::SDN::Subnets::get_dhcp_ranges($subnet);
+
+ my $hash_range = sub {
+ my ($dhcp_range) = @_;
+ "$dhcp_range->{'start-address'} - $dhcp_range->{'end-address'}"
+ };
+
+ my $old_lookup = {};
+ for my $dhcp_range (@$old_dhcp_ranges) {
+ my $hash = $hash_range->($dhcp_range);
+ $old_lookup->{$hash} = undef;
+ }
+
+ my $new_lookup = {};
+ for my $dhcp_range (@$new_dhcp_ranges) {
+ my $hash = $hash_range->($dhcp_range);
+ $new_lookup->{$hash} = undef;
+ }
+
+ my $to_delete_ids = ();
+
+ # delete first so we don't get errors with overlapping ranges
+ for my $dhcp_range (@$old_dhcp_ranges) {
+ my $hash = $hash_range->($dhcp_range);
+
+ if (exists($new_lookup->{$hash})) {
+ next;
+ }
+
+ my $internalid = get_iprange_id($plugin_config, $dhcp_range, $noerr);
+
+ # definedness check, because ID could be 0
+ if (!defined($internalid)) {
+ warn "could not find id for ip range $dhcp_range->{'start-address'}:$dhcp_range->{'end-address'}";
+ next;
+ }
+
+ del_dhcp_range($plugin_config, $internalid, $noerr);
+ }
+
+ for my $dhcp_range (@$new_dhcp_ranges) {
+ my $hash = $hash_range->($dhcp_range);
+
+ add_dhcp_range($plugin_config, $dhcp_range, $noerr)
+ if !exists($old_lookup->{$hash});
+ }
+}
+
sub del_subnet {
my ($class, $plugin_config, $subnetid, $subnet, $noerr) = @_;
die "$@" if $@;
}
+sub update_subnet {
+ my ($class, $plugin_config, $subnetid, $subnet, $old_subnet, $noerr) = @_;
+ # we don't need to do anything on update
+}
+
sub only_gateway_remains {
my ($ips) = @_;
}
}
+sub update_subnet {
+ my ($class, $plugin_config, $subnetid, $subnet, $old_subnet, $noerr) = @_;
+ # we don't need to do anything on update
+}
+
sub del_subnet {
my ($class, $plugin_config, $subnetid, $subnet, $noerr) = @_;
die "please implement inside plugin";
}
+sub update_subnet {
+ my ($class, $plugin_config, $subnetid, $subnet, $old_subnet, $noerr) = @_;
+
+ die "please implement inside plugin";
+}
+
sub del_subnet {
my ($class, $plugin_config, $subnetid, $subnet, $noerr) = @_;
validate_dhcp_ranges($subnet);
if ($ipam) {
- PVE::Network::SDN::Subnets::add_subnet($zone, $subnetid, $subnet);
+ if ($old_subnet) {
+ PVE::Network::SDN::Subnets::update_subnet($zone, $subnetid, $subnet, $old_subnet);
+ } else {
+ PVE::Network::SDN::Subnets::add_subnet($zone, $subnetid, $subnet);
+ }
#don't register gateway for pointopoint
return if $pointopoint;
$plugin->add_subnet($plugin_config, $subnetid, $subnet);
}
+sub update_subnet {
+ my ($zone, $subnetid, $subnet, $old_subnet) = @_;
+
+ my $ipam = $zone->{ipam};
+ return if !$ipam;
+
+ my $ipam_cfg = PVE::Network::SDN::Ipams::config();
+ my $plugin_config = $ipam_cfg->{ids}->{$ipam};
+ my $plugin = PVE::Network::SDN::Ipams::Plugin->lookup($plugin_config->{type});
+ $plugin->update_subnet($plugin_config, $subnetid, $subnet, $old_subnet);
+}
+
sub del_subnet {
my ($zone, $subnetid, $subnet) = @_;
projects / matthieu / pve-network.git / commitdiff