| Age | Commit message (Collapse) | Author |
|---|
|
With the upgrade to PVE 9, those files should have been successfully
migrated on all nodes, so we do not need to fallback on the old files
anymore.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Link: https://lore.proxmox.com/20250801121029.201766-4-s.hanreich@proxmox.com
|
|
using the new top-level `make tidy` target, which calls perltidy via
our wrapper to enforce the desired style as closely as possible.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
Signed-off-by: lou lecrivain <lou.lecrivain@wdz.de>
Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com>
Tested-by: Hannes Duerr <h.duerr@proxmox.com>
Link: https://lore.proxmox.com/mailman.187.1734119229.332.pve-devel@lists.proxmox.com
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
Because of how the Netbox IPAM plugin works (utilizing IP ranges to
represent DHCP ranges), we need a hook in the IPAM plugin that runs on
updates to the subnet because DHCP ranges can be edited. The update
hook in Netbox checks which DHCP ranges got added and which got
deleted and then performs the respective changes in the Netbox IPAM.
This operates under the assumption that DHCP ranges do not overlap
(which is not supported by Netbox anyway).
Only Netbox needs to do work on update, so we can leave this as noop
in phpIPAM and the PVE IPAM, because they have no notion of IP ranges
or similar entities. phpIPAM doesn't support DHCP ranges at all and
PVE IPAM simply uses DHCP ranges as a constraint when allocating an
IP.
I decided on this approach over just creating IP ranges on demand when
assigning IPs, because this keeps Netbox clean and in sync with the
PVE state. It doesn't leave remnants of IP ranges in the Netbox
database, which can lead to errors when trying to create IP ranges
that overlap with IP ranges that already existed in an SDN subnet.
This method tries to check for any possible errors before editing the
entities. There is still a small window where external changes can
occur that lead to errors. We are touching multiple entities here, so
in case of errors users have to fix their Netbox instance manually.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Tested-by: Hannes Duerr <h.duerr@proxmox.com>
Link: https://lore.proxmox.com/20250310085103.30549-8-s.hanreich@proxmox.com
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
forgot to squash this into the original patch..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
This does not contain data that needs to be protected to avoid
hijacking (external) systems, like our credentials for certain storage
types or encryption keys, so placing it in the strictly root-only
'priv/' folder was always a bit overkill.
Now we want to make the firewall more SDN aware and thus need also to
parse the SDN config there. This means having to also read the IPAM
statefile here, and as of now we would need to move over quite a few
API endpoints to be proxied to the privileged pvedaemon running as
root, as otherwise they would fail to read the full SDN config & state
required.
That is not a big problem, but it's also not really nice, we got the
privilege separation for a reason after all. Thus, move the backing
file for the PVE IPAM plugin state over to the general /etc/pve/sdn
path, where www-data (and thus pveproxy) can read it, but still not
write it. Fallback to the old location for backward compatibility.
This way the file will be automatically written to the new place on
the first change. This is not fool-proof, but there's only so much we
can do here to support a sane upgrade path, so fall back to a base
requirement of all cluster nodes using the same package versions.
FWIW, Stefan Hanreich tested a very similar diff I sent to him
off-list, but it was not close enough to add a T-b now.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
we want same result than add_next_free_range
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
|
|
If the gateway IP is last remaining IP in the subnet (in IPAM), allow
deleting the subnet.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
|
|
Adds a new file priv/macs.db for caching the queries to IPAM.
Additionally adds and imeplements methods to the IPAM plugins that
are required for the DHCP functionality.
Co-Authored-By: Alexandre Derumier <aderumier@odiso.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
|
|
like almost all of our repos do nowadays, modern git can detect such
things on rebase so in development stuff should be hopefully not too
much affected by this.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
