Stefan Lendl [Fri, 5 Apr 2024 13:18:03 +0000 (15:18 +0200)]
debian: blackbox tests depend on libpve-access-control at build
For mocking RPCEnvironment in sbuild.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com> Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Fri, 5 Apr 2024 13:18:02 +0000 (15:18 +0200)]
sdn: api: extract function that creates the sdn directory.
create_etc_interfaces_sdn_dir creates the /etc/pve/sdn directory.
This allows mocking in tests to prevent system fs access in tests
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Max Carrara <m.carrara@proxmox.com> Tested-by: Max Carrara <m.carrara@proxmox.com> Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com> Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Fri, 5 Apr 2024 13:18:01 +0000 (15:18 +0200)]
sdn: dnsmasq: extract function that updates dnsmasq lease via dbus
Extract the dbus based interactions with dnsmasq so that it can be
mocked in tests.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Max Carrara <m.carrara@proxmox.com> Tested-by: Max Carrara <m.carrara@proxmox.com> Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com> Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Fri, 5 Apr 2024 13:18:00 +0000 (15:18 +0200)]
sdn: dnsmasq: extract function that generates the ethers file path
Extracted to a function so it can be mocked in tests.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Max Carrara <m.carrara@proxmox.com> Tested-by: Max Carrara <m.carrara@proxmox.com> Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com> Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Fri, 5 Apr 2024 13:17:59 +0000 (15:17 +0200)]
dns: dnsmasq: extract function to systemctl command.
systemctl_service() is a wrapper around PVE::Tools::run_command to allow
mocking the systemctl interactions in tests.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Max Carrara <m.carrara@proxmox.com> Tested-by: Max Carrara <m.carrara@proxmox.com> Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com> Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Fri, 5 Apr 2024 13:17:58 +0000 (15:17 +0200)]
sdn: zones: extract function that reads datacenter config
The datacenter_config() functions in SDN::Zones::Plugin is a simple
wrapper that reads datacenter.cfg via cfs.
This allows mocking datacenter.cfg in tests.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Max Carrara <m.carrara@proxmox.com> Tested-by: Max Carrara <m.carrara@proxmox.com> Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com> Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Hanreich [Fri, 5 Apr 2024 13:17:57 +0000 (15:17 +0200)]
sdn: dhcp: rollback allocated ips on failure
If DHCP is configured for IPv4 and IPv6, failing to obtain an IPv6 IP
does not roll back the allocation made for IPv4. This patch rolls back
any changes made in case of failure, so that IP allocation is actually
atomic.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com> Reviewed-by: Stefan Lendl <s.lendl@proxmox.com> Tested-by: Stefan Lendl <s.lendl@proxmox.com> Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Stefan Hanreich [Fri, 5 Apr 2024 13:17:56 +0000 (15:17 +0200)]
sdn: dhcp: only consider subnets that have dhcp-range configured
If DHCP is enabled on a zone with subnets, but no subnet has a
dhcp-range configured, then starting a VM will fail because no IP can
be allocated. This patch fixes this by only considering subnets that
have a dhcp-range configured and only failing if there is at least one
subnet with a dhcp-range configured.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com> Reviewed-by: Stefan Lendl <s.lendl@proxmox.com> Tested-by: Stefan Lendl <s.lendl@proxmox.com> Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Stefan Lendl [Fri, 5 Apr 2024 13:17:55 +0000 (15:17 +0200)]
sdn: dhcp: request both IPv4 and IPv6 addresses on VM start
If previously an IP was allocated in the IPAM, but a new subnet added
for the other IP version, we need to allocate an IP in the new subnet.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com> Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Fri, 5 Apr 2024 13:17:54 +0000 (15:17 +0200)]
sdn: dhcp: get next free ip for a specific IP version
Specify the IP version (4|6) for which an IP shall be requested from the IPAM.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com> Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Tue, 2 Apr 2024 11:07:41 +0000 (13:07 +0200)]
tests: run tests in sbuild
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Max Carrara <m.carrara@proxmox.com> Tested-by: Max Carrara <m.carrara@proxmox.com> Tested-By: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Tue, 2 Apr 2024 11:07:40 +0000 (13:07 +0200)]
tests: mocking more functions to avoid system access
previously extracted functions are now mocked in the zone tests
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Max Carrara <m.carrara@proxmox.com> Tested-by: Max Carrara <m.carrara@proxmox.com> Tested-By: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Tue, 2 Apr 2024 11:07:39 +0000 (13:07 +0200)]
evpn: extract read_local_frr_config
to allow mocking local fs access
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Max Carrara <m.carrara@proxmox.com> Tested-by: Max Carrara <m.carrara@proxmox.com> Tested-By: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Tue, 2 Apr 2024 11:07:38 +0000 (13:07 +0200)]
controllers: extract read_etc_network_interfaces
to allow mocking local fs access
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com> Reviewed-by: Max Carrara <m.carrara@proxmox.com> Tested-by: Max Carrara <m.carrara@proxmox.com> Tested-By: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Hanreich [Mon, 4 Mar 2024 14:11:28 +0000 (15:11 +0100)]
fix #5275: remove priority field from powerdns
Since v3.4.2 the priority field has been removed and since v4.9 they
are actively rejected by PowerDNS. Stop sending this field in order to
make the PowerDNS plugin work with versions >= 4.9 again. [1]
sdn: prefer proxy from datacenter.cfg for api calls
We only setup proxies from the environment previously, but also check
the one configured in the cluster-wide datacenter.cfg and prefer that
over anything else.
controllers: evpn: bugfix: use prefix-list in route-map instead evpn match
"match evpn" in route-map is broken since 8.5.0
https://github.com/FRRouting/frr/issues/14419
the patch
https://github.com/FRRouting/frr/commit/272c6d5db128ff7450fe9fcd16c046160594deb3
is converting type-2 && type-5 evpn routes to prefix-prefix.
(fixing prefix-list not working previously, but breaking "match evpn")
So, simply use prefix-list now, as "match epvn" was a workaround anyway.
reported on the forum, where user have routing loop between the 2 exit-nodes:
https://forum.proxmox.com/threads/sdn-with-evpn-controller-routing-loop-when-using-multiple-exit-nodes.137362/
Thomas Lamprecht [Mon, 22 Jan 2024 10:51:42 +0000 (11:51 +0100)]
buildsys: add explicit default target
Currently the dinstall was the default target due to being the first
one listed, that's rather unusual compared to all of our other repos,
so align this one to our unwritten norm of using the `deb` one as
default target.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 29 Nov 2023 10:37:05 +0000 (11:37 +0100)]
controllers: fix interfacing with read_etc_network_interfaces
While not used currently in the parser, passing 1 as file name still
makes no sense, and we might want to rework that in general, as why
does this have to use the non-inotify read path and manually open the
file.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Hanreich [Tue, 28 Nov 2023 08:58:57 +0000 (09:58 +0100)]
dhcp: dnsmasq: untaint when deleting configuration files
The current invocation is quite unsafe and triggers the taint mode of
Perl that is enabled for our API daemons, but not pvesh used on
cluster-wide apply.
Replacing it with dir_glob_foreach solves those issues.
Reported-By: Friedrich Weber <f.weber@proxmox.com> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
To
- start after networking.service (in order to make sure ifupdown has
created all the interfaces before dnsmasq tries to find them via the
'interfaces=' lines.
- drop the 'Requires=network.target' since it is not a *provider* of
that target
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Stefan Hanreich [Wed, 22 Nov 2023 12:29:50 +0000 (13:29 +0100)]
ipam: improve update / delete behavior
Currently when updating or deleting a mapping in the IPAM we would
delete all existing entries in the IPAM with that mac address. Now we
only delete the specific entry we are updating / deleting.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
- don't listen to ip address, but use interface= instead
- generate 1 config file by vnet instead 1 by subnet
- enable-ra is global to server, enable it in default conf
api: take partial configs for PUT /cluster/sdn/zones/<id>
Zones previously expected a complete config, but the API schema
also contains a 'delete' parameter via the SectionConfig's
updateSchema() helper. This was not handled, and instead failed to
validate as part of the config.
The same is true for vnets and subnets, while ipams, dns and
controller entries followed our usual update procedures (but also
ignored the 'delete' parameter).
Since all of our SectionConfig based API endpoints are supposed to
take changes, rather than complete configs, this changes these
endpoints to not replace the full configuration anymore.
This is a major break for automation tools (the web UI already passed
the full config each time).
Cc: Alexandre Derumier <aderumier@odiso.com> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Tue, 21 Nov 2023 07:26:56 +0000 (08:26 +0100)]
d/control: downgrade frr-pythontools from recommends to suggests
avoid pulling FRR in on upgrade if we'd hard-depend on
libpve-network-perl for all those systems that kept the default
install-recommends enabled as FRR is a bit involved and might announce
stuff and break some network environments if not correctly configured.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Hanreich [Mon, 20 Nov 2023 16:28:32 +0000 (17:28 +0100)]
api: refactor URL structure for Ipam
The initial URL structure was less than optimal due to Ipam as well as
Ipams being endpoints in the API, which are too similar and might be
confusing to users.
Move the listing of PVE IPAM to /ipams/pve/status
Move the create / update / delete endpoints to /vnets/{vnetid}/ips
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Hanreich [Fri, 17 Nov 2023 11:39:46 +0000 (12:39 +0100)]
sdn: dhcp: add dnsmasq plugin
The plugin creates a dnsmasq@<zone> service that spawns a dnsmasq
instance that handles dhcp for that zone.
The configuration files for a dnsmasq instance lie within
/etc/dnsmasq.d/<zone>
The plugin generates the following configuration files:
* 00-default.conf
Contains the default global configuration for dnsmasq. Disables DNS,
enables some specific options for Windows, does some
security-related configuration and makes dnsmasq bind only to the
interfaces it is responsible for
* 10-<subnet>.conf
Contains the default settings for a subnet. Sets dhcp options for
DNS and gateway.
* 10-<subnet>.ranges.conf
Contains the configuration of DHCP ranges for a subnet.
* ethers
Contains the MAC address to IP mappings for a zone.
Every subnet gets assigned a tag in the dnsmasq configuration that is
equal to the subnet_id. This can be used to override / set additional
configuration options on a per-subnet basis.
Additionally it creates the file /etc/default/dnsmasq.<zone> that
provides default options for the dnsmasq service.
Leases are stored in /var/lib/misc/dnsmasq.<zone>.
Co-Authored-By: Alexandre Derumier <aderumier@odiso.com> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Hanreich [Fri, 17 Nov 2023 11:39:45 +0000 (12:39 +0100)]
dhcp: add abstract class for DHCP plugins
This abstract class provides several hooks that should be called
during the config generation process, they expose the functionality
for the different configuration tasks required from the DHCP plugins.
add_ip_mapping
Adds a mapping from MAC address to an IP for a given DHCP server. The
DHCP server will then always assign the given IP address to the MAC.
del_ip_mapping
Deletes all mappings for a given MAC address for a given DHCP server.
before_regenerate
Should be called before the plugin does any configuration tasks. The
main usage for this hook is tearing down old instances.
after_regenerate
Should be called after the plugin has finished generating any
configuration. The main usage for this hook is to perform cleanup and
restart / reload services.
before_configure
Should be called before creating the configuration for a specific DHCP
instance, as defined in the dhcp.cfg. This can be used for performing
instance-specific setup.
after_configure
Should be called after the configuration for a specific DHCP instance,
as defined in the dhcp.cfg. This will mainly be used for enabling and
restarting / reloading a specific instance of a DHCP server.
configure_subnet
This function configures the settings for a specific subnet (that can
contain multiple DHCP ranges). This sets global settings for a
specific subnet such as DNS server or gateway.
configure_range
This configures a DHCP range that is available for a given Subnet.
Co-Authored-By: Alexandre Derumier <aderumier@odiso.com> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
projects / mirror / pve-network.git / log