Le mercredi 13 septembre 2023 à 13:21 +0000, DERUMIER, Alexandre a écrit : > yes, use should be able to define his own ip too. (maybe directly in > a > ipam gui on the sdn subnet , or maybe on the vm nic gui (but > registering ip in ipam), I'm really not sure ...)
Hi, I have done some tests with differents external ipam, to compare storing or not storing ip on proxmox side. Finally, It's not so easy without writing ip on proxmox side (in vm config or somewhere else), because to retrieve a reserved ip from external ipam when vm start, we need to lookup maybe from mac address, maybe from hostname of the vm, or maybe some custom attributes, but not all ipams accept same attributes. (at least phpipam && netbox don't support all features, or not easyly. Netbox for example, for macaddress need to register the full vm object && interfaces + mac + mapping to ip, Phpipam is a single ip object with mac as attribute). So I think the best way is still to write the ip into the vm config, this allow to inject already reserved ip in dhcp at vm start/migrate without need to call the ipam (also avoid start problem is ipam server is down). and this allow to use it for firewall ipfilter, I see a usecase for sdn vxlan too or special /32 route injection) I just need some protections for snapshot, but nothing too difficult, but we really need to avoid to try to manage in ipam multiple version/snapshot of ip entry for a vm. I had tried 2years ago, it was really painful to handle this in differents ipam. So maybe the best way is to forbid to change ip address when a snapshot already exist. I think we could implement ipam call like: create vm or add a new nic --> ----------------------------- qm create ... -net0 bridge=vnet,....,ip=(auto|192.168.0.1|dynamic),ip6=(..) auto : search a free ip in ipam. write the ip address in net0: ...,ip= ip field 192.168.0.1: check if ip is free in ipam && register ip in ipam. write the ip in ip field. dynamic: write "ephemeral" in net0: ....,ip=ephemeral (This is a dynamic ip registered at vm start, and release at vm stop) vm start --------- - if ip=ephemeral, find && register a free ip in ipam, write it in vm net0: ...,ip=192.168.0.10[E] . (maybe with a special flag [E] to indicate it's ephemeral) - read ip from vm config && inject in dhcp vm_stop ------- if ip is ephemeral (netX: ip=192.168.0.10[E]), delete ip from ipam, set ip=ephemeral in vm config vm_destroy or nic remove/unplug ------------------------- if netX: ...,ip=192.168.0.10 , remove ip from ipam nic update when vm is running: ------------------------------ if ip is defined : netX: ip=192.168.0.10, we don't allow bridge change or ip change, as vm is not notified about theses changes, and still use old ip. We can allow nic hot-unplug && hotplug. (guest os will remove the ip on nic removal, and will call dhcp again on nic hotplug) nic hotplug with ip=auto: ------------------------- --> add nic in pending state ----> find ip in ipam && write it in pending ---> do the hotplug in qemu. We need to handle the config revert to remove ip from ipam if the nic hotplug is blocked in pending state(I never see this case until os don't have pci_hotplug module loaded, but it's better to be carefull ) The ipam modules (internal pve, phpipam,netbox) are already for this, I think it shouldn't be too difficult. dnsmasq seem to have a reservation file option, where we can dynamically add ip-mac without need to reload it. I'll try it, re-using your current dnsmasq patches. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
