sdn: prefer proxy from datacenter.cfg for api calls
We only setup proxies from the environment previously, but also check
the one configured in the cluster-wide datacenter.cfg and prefer that
over anything else.
controllers: evpn: bugfix: use prefix-list in route-map instead evpn match
"match evpn" in route-map is broken since 8.5.0
https://github.com/FRRouting/frr/issues/14419
the patch
https://github.com/FRRouting/frr/commit/272c6d5db128ff7450fe9fcd16c046160594deb3
is converting type-2 && type-5 evpn routes to prefix-prefix.
(fixing prefix-list not working previously, but breaking "match evpn")
So, simply use prefix-list now, as "match epvn" was a workaround anyway.
reported on the forum, where user have routing loop between the 2 exit-nodes:
https://forum.proxmox.com/threads/sdn-with-evpn-controller-routing-loop-when-using-multiple-exit-nodes.137362/
Thomas Lamprecht [Mon, 22 Jan 2024 10:51:42 +0000 (11:51 +0100)]
buildsys: add explicit default target
Currently the dinstall was the default target due to being the first
one listed, that's rather unusual compared to all of our other repos,
so align this one to our unwritten norm of using the `deb` one as
default target.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 29 Nov 2023 10:37:05 +0000 (11:37 +0100)]
controllers: fix interfacing with read_etc_network_interfaces
While not used currently in the parser, passing 1 as file name still
makes no sense, and we might want to rework that in general, as why
does this have to use the non-inotify read path and manually open the
file.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Hanreich [Tue, 28 Nov 2023 08:58:57 +0000 (09:58 +0100)]
dhcp: dnsmasq: untaint when deleting configuration files
The current invocation is quite unsafe and triggers the taint mode of
Perl that is enabled for our API daemons, but not pvesh used on
cluster-wide apply.
Replacing it with dir_glob_foreach solves those issues.
Reported-By: Friedrich Weber <f.weber@proxmox.com> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
To
- start after networking.service (in order to make sure ifupdown has
created all the interfaces before dnsmasq tries to find them via the
'interfaces=' lines.
- drop the 'Requires=network.target' since it is not a *provider* of
that target
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Stefan Hanreich [Wed, 22 Nov 2023 12:29:50 +0000 (13:29 +0100)]
ipam: improve update / delete behavior
Currently when updating or deleting a mapping in the IPAM we would
delete all existing entries in the IPAM with that mac address. Now we
only delete the specific entry we are updating / deleting.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
- don't listen to ip address, but use interface= instead
- generate 1 config file by vnet instead 1 by subnet
- enable-ra is global to server, enable it in default conf
api: take partial configs for PUT /cluster/sdn/zones/<id>
Zones previously expected a complete config, but the API schema
also contains a 'delete' parameter via the SectionConfig's
updateSchema() helper. This was not handled, and instead failed to
validate as part of the config.
The same is true for vnets and subnets, while ipams, dns and
controller entries followed our usual update procedures (but also
ignored the 'delete' parameter).
Since all of our SectionConfig based API endpoints are supposed to
take changes, rather than complete configs, this changes these
endpoints to not replace the full configuration anymore.
This is a major break for automation tools (the web UI already passed
the full config each time).
Cc: Alexandre Derumier <aderumier@odiso.com> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Tue, 21 Nov 2023 07:26:56 +0000 (08:26 +0100)]
d/control: downgrade frr-pythontools from recommends to suggests
avoid pulling FRR in on upgrade if we'd hard-depend on
libpve-network-perl for all those systems that kept the default
install-recommends enabled as FRR is a bit involved and might announce
stuff and break some network environments if not correctly configured.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Hanreich [Mon, 20 Nov 2023 16:28:32 +0000 (17:28 +0100)]
api: refactor URL structure for Ipam
The initial URL structure was less than optimal due to Ipam as well as
Ipams being endpoints in the API, which are too similar and might be
confusing to users.
Move the listing of PVE IPAM to /ipams/pve/status
Move the create / update / delete endpoints to /vnets/{vnetid}/ips
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Hanreich [Fri, 17 Nov 2023 11:39:46 +0000 (12:39 +0100)]
sdn: dhcp: add dnsmasq plugin
The plugin creates a dnsmasq@<zone> service that spawns a dnsmasq
instance that handles dhcp for that zone.
The configuration files for a dnsmasq instance lie within
/etc/dnsmasq.d/<zone>
The plugin generates the following configuration files:
* 00-default.conf
Contains the default global configuration for dnsmasq. Disables DNS,
enables some specific options for Windows, does some
security-related configuration and makes dnsmasq bind only to the
interfaces it is responsible for
* 10-<subnet>.conf
Contains the default settings for a subnet. Sets dhcp options for
DNS and gateway.
* 10-<subnet>.ranges.conf
Contains the configuration of DHCP ranges for a subnet.
* ethers
Contains the MAC address to IP mappings for a zone.
Every subnet gets assigned a tag in the dnsmasq configuration that is
equal to the subnet_id. This can be used to override / set additional
configuration options on a per-subnet basis.
Additionally it creates the file /etc/default/dnsmasq.<zone> that
provides default options for the dnsmasq service.
Leases are stored in /var/lib/misc/dnsmasq.<zone>.
Co-Authored-By: Alexandre Derumier <aderumier@odiso.com> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Hanreich [Fri, 17 Nov 2023 11:39:45 +0000 (12:39 +0100)]
dhcp: add abstract class for DHCP plugins
This abstract class provides several hooks that should be called
during the config generation process, they expose the functionality
for the different configuration tasks required from the DHCP plugins.
add_ip_mapping
Adds a mapping from MAC address to an IP for a given DHCP server. The
DHCP server will then always assign the given IP address to the MAC.
del_ip_mapping
Deletes all mappings for a given MAC address for a given DHCP server.
before_regenerate
Should be called before the plugin does any configuration tasks. The
main usage for this hook is tearing down old instances.
after_regenerate
Should be called after the plugin has finished generating any
configuration. The main usage for this hook is to perform cleanup and
restart / reload services.
before_configure
Should be called before creating the configuration for a specific DHCP
instance, as defined in the dhcp.cfg. This can be used for performing
instance-specific setup.
after_configure
Should be called after the configuration for a specific DHCP instance,
as defined in the dhcp.cfg. This will mainly be used for enabling and
restarting / reloading a specific instance of a DHCP server.
configure_subnet
This function configures the settings for a specific subnet (that can
contain multiple DHCP ranges). This sets global settings for a
specific subnet such as DNS server or gateway.
configure_range
This configures a DHCP range that is available for a given Subnet.
Co-Authored-By: Alexandre Derumier <aderumier@odiso.com> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Hanreich [Fri, 17 Nov 2023 11:39:44 +0000 (12:39 +0100)]
subnet: vnet: refactor IPAM related methods
Those methods are used by the DHCP plugins to attain the next free
IP address for a given DHCP range, as well as delete all entries with
a certain MAC address.
Co-Authored-By: Alexandre Derumier <aderumier@odiso.com> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Hanreich [Fri, 17 Nov 2023 11:39:40 +0000 (12:39 +0100)]
sdn: preparations for DHCP plugin
Add the option to retrieve the running configuration instead of only
the pending configuration via the config methods. Refactor methods
using the running config to utilize the new parameter.
Add helper methods and return additional attributes from the getter
functions that are needed by the dhcp plugins.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Stefan Lendl [Fri, 17 Nov 2023 14:23:07 +0000 (15:23 +0100)]
gitignore: add build artefacts and .vscode to ignore list
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
[ TL: avoid one-word subject & make build-dir glob more specific ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
they access pmxcfs directly and so cannot really work, this needs to
be mocked some day (soon!), but as stop-gap just skip the tests if a
sbuild lock is present
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
When warning or error from ifreload are logged they are received in
1 line in result of pvesh.
So, the UPID might not always start at the beginning, which was
assumed by the old code, failing parsing it, throwing a warning like:
> Use of uninitialized value $upid in pattern match (m//) at /usr/share/perl5/PVE/Tools.pm line 1106.
> Use of uninitialized value $upid in concatenation (.) or string at /usr/share/perl5/PVE/Tools.pm line 1120.
Drop the start anchor of the regex.
Signed-off-by: Alexandre Derumier <aderumier@odiso.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
projects / mirror / pve-network.git / log