Hi, Since I'm quite interested in networking I would like to support you with this topic (and learn new things).
Am still reading up on the theory and our current code (will try to setup a test-environment soon in order to get some hands-on experience). Two ideas that came up in my head (not sure if they are good or sensibly implementable): * The networking config has the common property with the corosync configuration (the chicken and egg problem - if it's wrong the cluster cannot push the corrected config to a broken node) so why don't we use the same/a similar mechanism for pushing out changes to the live-config and getting changes from the live-config into the pmxcfs (if we keep the live-data in pmxcfs we know when a write to it happens and can copy it over to /etc/network/interfaces(.d) (and run some ifquery and other tests) before)? Also this would save us from having yet another daemon running in the background and consuming resources. * from a very quick run with ifquery - it has the ability to read an parse the complete config (including 'source' statements) - so we could use this to get support for '/etc/network/interfaces.d/*' snippets to the API and GUI (IIRC there have been a few requests from users for such a functionality) Does this make any sense? What do you think? Looking forward to this topic! stoiko On Tue, 2 Apr 2019 06:35:57 +0200 (CEST) Alexandre DERUMIER <aderum...@odiso.com> wrote: > Hi, > > I have rethinked about it, I have (again ;) a new idea for > implementation. > > The main problem is how to test a change at datacenter level, as we > need to test the local configuration of each node. > > and it's not currently in /etc/pve , but in /etc/network/interfaces > of each node. > > > I think, something easy, is that we could have a copy of > each /etc/network/interfaces of each node > in /etc/pve/nodes/<nodename>/interfaces. (could be done we a change > is done in gui local netowrk, or local network daemon copy it at > regular interval in case of manual change for example). > > > Like this, it's very easy, when a network change is one at datacenter > level, we can directly test it on all network interfaces of all nodes > ( /etc/pve/nodes/*/interfaces). (in the api endpoint), and then write > directly the conf. (no need vnet.new tmp file). > > Then the local daemon simply reload the network configuration. > > What do you think about this ? > > > ----- Mail original ----- > De: "aderumier" <aderum...@odiso.com> > À: "pve-devel" <pve-devel@pve.proxmox.com> > Envoyé: Lundi 1 Avril 2019 15:18:51 > Objet: Re: [pve-devel] rfc : pve-network : idea to generate and > reload config accross the nodes > > as alternative, > we could simply > > manage multiple change in /etc/pve/network/vnet.cfg.new > > apply button -> replace /etc/pve/network/vnet.cfg > > The the local daemon, > do test (dry-run,....) and report error in his status file. (and it's > displayed at network level in datacenter) if ok, > it's apply change, and report error in his status file. > if ok, update status to ok. > > > So, user can wait some seconds, and check the status of nodes at > datacenter level. > > Seem to be simplier. What do you think about this ? > > > > ----- Mail original ----- > De: "Alexandre Derumier" <aderum...@odiso.com> > À: "dietmar" <diet...@proxmox.com> > Cc: "pve-devel" <pve-devel@pve.proxmox.com> > Envoyé: Lundi 1 Avril 2019 15:05:07 > Objet: Re: [pve-devel] rfc : pve-network : idea to generate and > reload config accross the nodes > > >>I don't really get why you want to do that? There are so many ways > >>to damage a network, and I doubt that we can reliable verify > >>that.... > > ifupdown2 have a dry-run too, it's working not too bad (but not 100% > complete) > > But I would avoid some basic mistakes, > like a vlan interface already defined and enslaved in another bridge > for example, or look to not enslave an interface with ipmanagement in > a bridge (try to not break cluster connectivity) > > > But I don't want to manage rollback across all nodes. > (config correctly applied on 1 node, another node fail, I don't want > to rollback the first node) It's more best effort, if 1 node have > failed, it's simply report the error in his status file. > > > > > > >>Also, what if some nodes are offline ... > We could make an exception, if a node is offline (down, network > daemon down,...), Then don't wait for validation, and apply config. > > Then the local deamon will try to apply config when node is up again. > In case of error, It'll report it through his status file. > > ----- Mail original ----- > De: "dietmar" <diet...@proxmox.com> > À: "Alexandre Derumier" <aderum...@odiso.com>, "pve-devel" > <pve-devel@pve.proxmox.com> Envoyé: Lundi 1 Avril 2019 12:00:13 > Objet: Re: [pve-devel] rfc : pve-network : idea to generate and > reload config accross the nodes > > > maybe better: > > > > in gui, at network,datacenter level > > > > at each change, make a > > /etc/pve/networks/vnet.cfg.<randomversion> > > > > > > on local node, the daemon detect the new version,make verification, > > and update /etc/pve/nodes/<node>/.networkconfigstatus > > > > version:<randomversion> verify:ok > > I don't really get why you want to do that? There are so many ways to > damage a network, and I doubt that we can reliable verify that.... > > Also, what if some nodes are offline ... > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel