[pve-devel] [PATCH pve-manager 1/3] sdn: vnetedit: tag optional && fix max tag value
Signed-off-by: Alexandre Derumier --- www/manager6/sdn/VnetEdit.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/manager6/sdn/VnetEdit.js b/www/manager6/sdn/VnetEdit.js index dfe6cb13..aa40b41f 100644 --- a/www/manager6/sdn/VnetEdit.js +++ b/www/manager6/sdn/VnetEdit.js @@ -51,9 +51,9 @@ Ext.define('PVE.sdn.VnetInputPanel', { xtype: 'proxmoxintegerfield', name: 'tag', minValue: 1, - maxValue: 1600, + maxValue: 16777216, fieldLabel: gettext('Tag'), - allowBlank: false, + allowBlank: true, }, { xtype: 'proxmoxcheckbox', -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 3/3] sdn: add simple zone plugin
Signed-off-by: Alexandre Derumier --- www/manager6/Makefile| 1 + www/manager6/Utils.js| 5 +++ www/manager6/sdn/zones/SimpleEdit.js | 53 3 files changed, 59 insertions(+) create mode 100644 www/manager6/sdn/zones/SimpleEdit.js diff --git a/www/manager6/Makefile b/www/manager6/Makefile index ff452184..46254c04 100644 --- a/www/manager6/Makefile +++ b/www/manager6/Makefile @@ -203,6 +203,7 @@ JSSRC= \ sdn/zones/VxlanEdit.js \ sdn/zones/QinQEdit.js \ sdn/zones/EvpnEdit.js \ + sdn/zones/SimpleEdit.js \ sdn/ControllerView.js \ sdn/controllers/Base.js \ sdn/controllers/EvpnEdit.js \ diff --git a/www/manager6/Utils.js b/www/manager6/Utils.js index 1dae292e..c5a76dcd 100644 --- a/www/manager6/Utils.js +++ b/www/manager6/Utils.js @@ -669,6 +669,11 @@ Ext.define('PVE.Utils', { utilities: { name: 'zone', hideAdd: true }, + simple: { + name: 'Simple', + ipanel: 'SimpleInputPanel', + faIcon: 'th' + }, vlan: { name: 'VLAN', ipanel: 'VlanInputPanel', diff --git a/www/manager6/sdn/zones/SimpleEdit.js b/www/manager6/sdn/zones/SimpleEdit.js new file mode 100644 index ..683d6766 --- /dev/null +++ b/www/manager6/sdn/zones/SimpleEdit.js @@ -0,0 +1,53 @@ +Ext.define('PVE.sdn.zones.SimpleInputPanel', { +extend: 'PVE.panel.SDNZoneBase', + +onlineHelp: 'pvesdn_zone_plugin_simple', + +onGetValues: function(values) { +var me = this; + +if (me.isCreate) { +values.type = me.type; +} else { +delete values.zone; +} + +return values; +}, + +initComponent : function() { + var me = this; + +me.items = [ + { +xtype: me.isCreate ? 'textfield' : 'displayfield', +name: 'zone', +maxLength: 10, +value: me.zone || '', +fieldLabel: 'ID', +allowBlank: false + }, + { +xtype: 'proxmoxintegerfield', +name: 'mtu', +minValue: 100, +maxValue: 65000, +fieldLabel: 'MTU', +skipEmptyText: true, +allowBlank: true, +emptyText: 'auto' + }, + { +xtype: 'pveNodeSelector', +name: 'nodes', +fieldLabel: gettext('Nodes'), +emptyText: gettext('All') + ' (' + gettext('No restrictions') +')', +multiSelect: true, +autoSelect: false + }, + + ]; + + me.callParent(); +} +}); -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network 3/3] cleanup code with wrong copy/paste from Storage
Signed-off-by: Alexandre Derumier --- PVE/API2/Network/SDN/Zones.pm | 2 +- PVE/API2/Network/SDN/Zones/Content.pm | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/PVE/API2/Network/SDN/Zones.pm b/PVE/API2/Network/SDN/Zones.pm index 3e371df..f629f43 100644 --- a/PVE/API2/Network/SDN/Zones.pm +++ b/PVE/API2/Network/SDN/Zones.pm @@ -35,7 +35,7 @@ my $api_sdn_zones_config = sub { $scfg->{digest} = $cfg->{digest}; if ($scfg->{nodes}) { -$scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes}); +$scfg->{nodes} = PVE::Network::SDN::Zones::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes}); } return $scfg; diff --git a/PVE/API2/Network/SDN/Zones/Content.pm b/PVE/API2/Network/SDN/Zones/Content.pm index fb76133..66f49df 100644 --- a/PVE/API2/Network/SDN/Zones/Content.pm +++ b/PVE/API2/Network/SDN/Zones/Content.pm @@ -6,7 +6,6 @@ use Data::Dumper; use PVE::SafeSyslog; use PVE::Cluster; -use PVE::Storage; use PVE::INotify; use PVE::Exception qw(raise_param_exc); use PVE::RPCEnvironment; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-docs] sdn: add simple zone plugin
Signed-off-by: Alexandre Derumier --- pvesdn.adoc | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/pvesdn.adoc b/pvesdn.adoc index c1597b8..ed8652d 100644 --- a/pvesdn.adoc +++ b/pvesdn.adoc @@ -142,12 +142,22 @@ Common options nodes:: Deploy and allow to use a VNets configured for this Zone only on these nodes. +[[pvesdn_zone_plugin_simple]] +Simple Zones + + +This is the simplest plugin, it will create an isolated vnet bridge. +This bridge is not linked to physical interfaces, VM traffic is only +local to the node(s). +It can be used for NAT or routed setup. + + [[pvesdn_zone_plugin_vlan]] VLAN Zones ~~ -This is the simplest plugin, it will reuse an existing local Linux or OVS -bridge, and manage VLANs on it. +This plugin will reuse an existing local Linux or OVS bridge, +and manage VLANs on it. The benefit of using SDN module, is that you can create different zones with specific VNets VLAN tag, and restrict Virtual Machines to separated zones. -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network 0/3] add simple zone plugin
This add a new simple plugin, to create standalone/isolated bridge without any vlan tag. This can be used for routed setup or NAT bridge (I'll look to implemented NAT with subnets) Tag is now optionnal, and tag value is checked in zone plugin now. Alexandre Derumier (3): add simple plugin vnet: make tag optional and verify value in zone plugins cleanup code with wrong copy/paste from Storage PVE/API2/Network/SDN/Vnets.pm | 15 ++ PVE/API2/Network/SDN/Zones.pm | 3 +- PVE/API2/Network/SDN/Zones/Content.pm | 1 - PVE/Network/SDN/VnetPlugin.pm | 5 +- PVE/Network/SDN/Zones.pm | 2 + PVE/Network/SDN/Zones/EvpnPlugin.pm | 7 +++ PVE/Network/SDN/Zones/Makefile| 2 +- PVE/Network/SDN/Zones/Plugin.pm | 5 ++ PVE/Network/SDN/Zones/QinQPlugin.pm | 8 +++ PVE/Network/SDN/Zones/SimplePlugin.pm | 77 +++ PVE/Network/SDN/Zones/VlanPlugin.pm | 8 +++ PVE/Network/SDN/Zones/VxlanPlugin.pm | 8 +++ 12 files changed, 136 insertions(+), 5 deletions(-) create mode 100644 PVE/Network/SDN/Zones/SimplePlugin.pm -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 0/3] add simple zone plugin
Following the pve-network && pve-docs patch series Alexandre Derumier (3): sdn: vnetedit: tag optional && fix max tag value sdn: move mtu from vnetview to zoneview sdn: add simple zone plugin www/manager6/Makefile| 1 + www/manager6/Utils.js| 5 +++ www/manager6/sdn/VnetEdit.js | 4 +-- www/manager6/sdn/VnetView.js | 7 +--- www/manager6/sdn/ZoneView.js | 5 +++ www/manager6/sdn/zones/SimpleEdit.js | 53 6 files changed, 67 insertions(+), 8 deletions(-) create mode 100644 www/manager6/sdn/zones/SimpleEdit.js -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 2/3] sdn: move mtu from vnetview to zoneview
Signed-off-by: Alexandre Derumier --- www/manager6/sdn/VnetView.js | 7 +-- www/manager6/sdn/ZoneView.js | 5 + 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/www/manager6/sdn/VnetView.js b/www/manager6/sdn/VnetView.js index 8afb29cf..e73632d1 100644 --- a/www/manager6/sdn/VnetView.js +++ b/www/manager6/sdn/VnetView.js @@ -111,12 +111,7 @@ Ext.define('PVE.sdn.VnetView', { header: 'MAC', flex: 1, dataIndex: 'mac', - }, - { - header: 'MTU', - flex: 1, - dataIndex: 'mtu', - }, + } ], listeners: { activate: reload, diff --git a/www/manager6/sdn/ZoneView.js b/www/manager6/sdn/ZoneView.js index cea1d86f..7b664537 100644 --- a/www/manager6/sdn/ZoneView.js +++ b/www/manager6/sdn/ZoneView.js @@ -116,6 +116,11 @@ Ext.define('PVE.sdn.ZoneView', { dataIndex: 'type', renderer: PVE.Utils.format_sdnzone_type }, + { + header: 'MTU', + flex: 1, + dataIndex: 'mtu', + }, { header: gettext('Nodes'), flex: 3, -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network 2/3] vnet: make tag optional and verify value in zone plugins
Signed-off-by: Alexandre Derumier --- PVE/API2/Network/SDN/Vnets.pm | 15 +++ PVE/Network/SDN/VnetPlugin.pm | 5 +++-- PVE/Network/SDN/Zones/EvpnPlugin.pm | 7 +++ PVE/Network/SDN/Zones/Plugin.pm | 5 + PVE/Network/SDN/Zones/QinQPlugin.pm | 8 PVE/Network/SDN/Zones/SimplePlugin.pm | 7 +++ PVE/Network/SDN/Zones/VlanPlugin.pm | 8 PVE/Network/SDN/Zones/VxlanPlugin.pm | 8 8 files changed, 61 insertions(+), 2 deletions(-) diff --git a/PVE/API2/Network/SDN/Vnets.pm b/PVE/API2/Network/SDN/Vnets.pm index 8f70bab..5d66908 100644 --- a/PVE/API2/Network/SDN/Vnets.pm +++ b/PVE/API2/Network/SDN/Vnets.pm @@ -7,6 +7,8 @@ use PVE::SafeSyslog; use PVE::Tools qw(extract_param); use PVE::Cluster qw(cfs_read_file cfs_write_file); use PVE::Network::SDN; +use PVE::Network::SDN::Zones; +use PVE::Network::SDN::Zones::Plugin; use PVE::Network::SDN::Vnets; use PVE::Network::SDN::VnetPlugin; @@ -129,6 +131,13 @@ __PACKAGE__->register_method ({ } $cfg->{ids}->{$id} = $opts; + + my $zone_cfg = PVE::Network::SDN::Zones::config(); + my $zoneid = $cfg->{ids}->{$id}->{zone}; + my $plugin_config = $zone_cfg->{ids}->{$zoneid}; + my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); + $plugin->verify_tag($opts->{tag}); + PVE::Network::SDN::VnetPlugin->on_update_hook($id, $cfg); PVE::Network::SDN::Vnets::write_config($cfg); @@ -168,6 +177,12 @@ __PACKAGE__->register_method ({ my $opts = PVE::Network::SDN::VnetPlugin->check_config($id, $param, 0, 1); $cfg->{ids}->{$id} = $opts; + my $zone_cfg = PVE::Network::SDN::Zones::config(); + my $zoneid = $cfg->{ids}->{$id}->{zone}; +my $plugin_config = $zone_cfg->{ids}->{$zoneid}; +my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); + $plugin->verify_tag($opts->{tag}); + PVE::Network::SDN::VnetPlugin->on_update_hook($id, $cfg); PVE::Network::SDN::Vnets::write_config($cfg); diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm index 2433013..384358c 100644 --- a/PVE/Network/SDN/VnetPlugin.pm +++ b/PVE/Network/SDN/VnetPlugin.pm @@ -6,6 +6,7 @@ use warnings; use PVE::Cluster qw(cfs_read_file cfs_write_file cfs_lock_file); use base qw(PVE::SectionConfig); use PVE::JSONSchema qw(get_standard_option); +use PVE::Exception qw(raise raise_param_exc); PVE::Cluster::cfs_register_file('sdn/vnets.cfg', sub { __PACKAGE__->parse_config(@_); }, @@ -88,7 +89,7 @@ sub properties { sub options { return { zone => { optional => 0}, -tag => { optional => 0}, +tag => { optional => 1}, alias => { optional => 1 }, ipv4 => { optional => 1 }, ipv6 => { optional => 1 }, @@ -112,7 +113,7 @@ sub on_update_hook { next if $id eq $vnetid; my $vnet = $vnet_cfg->{ids}->{$id}; if ($vnet->{type} eq 'vnet' && defined($vnet->{tag})) { - die "tag $tag already exist in vnet $id" if $tag eq $vnet->{tag}; + raise_param_exc({ tag => "tag $tag already exist in vnet $id"}) if $tag eq $vnet->{tag}; } } } diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index b2f57ee..a916579 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -140,6 +140,13 @@ sub on_update_hook { } } +sub verify_tag { +my ($class, $tag) = @_; + +raise_param_exc({ tag => "missing vxlan tag"}) if !defined($tag); +raise_param_exc({ tag => "vxlan tag max value is 16777216"}) if $tag > 16777216; +} + 1; diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm index 5e3fdfd..d96e069 100644 --- a/PVE/Network/SDN/Zones/Plugin.pm +++ b/PVE/Network/SDN/Zones/Plugin.pm @@ -139,6 +139,11 @@ sub on_update_hook { # do nothing by default } +sub verify_tag { +my ($class, $tag) = @_; +# do nothing by default +} + #helpers sub parse_tag_number_or_range { my ($str, $max, $tag) = @_; diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm index c0b2402..4853f76 100644 --- a/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -3,6 +3,7 @@ package PVE::Network::SDN::Zones::QinQPlugin; use strict; use warnings; use PVE::Network::SDN::Zones::Plugin; +use PVE::Exception qw(raise raise_param_exc); use base('PVE::Network::SDN::Zones::Plugin'); @@ -210,6 +211,13 @@ sub status { return $err
[pve-devel] [PATCH pve-network 1/3] add simple plugin
allow to create standalone or simple routed vnets Signed-off-by: Alexandre Derumier --- PVE/API2/Network/SDN/Zones.pm | 1 + PVE/Network/SDN/Zones.pm | 2 + PVE/Network/SDN/Zones/Makefile| 2 +- PVE/Network/SDN/Zones/SimplePlugin.pm | 70 +++ 4 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 PVE/Network/SDN/Zones/SimplePlugin.pm diff --git a/PVE/API2/Network/SDN/Zones.pm b/PVE/API2/Network/SDN/Zones.pm index 10ca616..3e371df 100644 --- a/PVE/API2/Network/SDN/Zones.pm +++ b/PVE/API2/Network/SDN/Zones.pm @@ -15,6 +15,7 @@ use PVE::Network::SDN::Zones::QinQPlugin; use PVE::Network::SDN::Zones::VxlanPlugin; use PVE::Network::SDN::Zones::EvpnPlugin; use PVE::Network::SDN::Zones::FaucetPlugin; +use PVE::Network::SDN::Zones::SimplePlugin; use Storable qw(dclone); use PVE::JSONSchema qw(get_standard_option); diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm index 3e03f11..b6c5c34 100644 --- a/PVE/Network/SDN/Zones.pm +++ b/PVE/Network/SDN/Zones.pm @@ -16,6 +16,7 @@ use PVE::Network::SDN::Zones::QinQPlugin; use PVE::Network::SDN::Zones::VxlanPlugin; use PVE::Network::SDN::Zones::EvpnPlugin; use PVE::Network::SDN::Zones::FaucetPlugin; +use PVE::Network::SDN::Zones::SimplePlugin; use PVE::Network::SDN::Zones::Plugin; PVE::Network::SDN::Zones::VlanPlugin->register(); @@ -23,6 +24,7 @@ PVE::Network::SDN::Zones::QinQPlugin->register(); PVE::Network::SDN::Zones::VxlanPlugin->register(); PVE::Network::SDN::Zones::EvpnPlugin->register(); PVE::Network::SDN::Zones::FaucetPlugin->register(); +PVE::Network::SDN::Zones::SimplePlugin->register(); PVE::Network::SDN::Zones::Plugin->init(); my $local_network_sdn_file = "/etc/network/interfaces.d/sdn"; diff --git a/PVE/Network/SDN/Zones/Makefile b/PVE/Network/SDN/Zones/Makefile index ba9a4b5..8454388 100644 --- a/PVE/Network/SDN/Zones/Makefile +++ b/PVE/Network/SDN/Zones/Makefile @@ -1,4 +1,4 @@ -SOURCES=Plugin.pm VlanPlugin.pm VxlanPlugin.pm FaucetPlugin.pm EvpnPlugin.pm QinQPlugin.pm +SOURCES=Plugin.pm VlanPlugin.pm VxlanPlugin.pm FaucetPlugin.pm EvpnPlugin.pm QinQPlugin.pm SimplePlugin.pm PERL5DIR=${DESTDIR}/usr/share/perl5 diff --git a/PVE/Network/SDN/Zones/SimplePlugin.pm b/PVE/Network/SDN/Zones/SimplePlugin.pm new file mode 100644 index 000..60fb7db --- /dev/null +++ b/PVE/Network/SDN/Zones/SimplePlugin.pm @@ -0,0 +1,70 @@ +package PVE::Network::SDN::Zones::SimplePlugin; + +use strict; +use warnings; +use PVE::Network::SDN::Zones::Plugin; + +use base('PVE::Network::SDN::Zones::Plugin'); + +sub type { +return 'simple'; +} + +sub options { + +return { +nodes => { optional => 1}, + mtu => { optional => 1 } +}; +} + +# Plugin implementation +sub generate_sdn_config { +my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_; + +my $ipv4 = $vnet->{ipv4}; +my $ipv6 = $vnet->{ipv6}; +my $mac = $vnet->{mac}; +my $alias = $vnet->{alias}; +my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu}; + +#vnet bridge +my @iface_config = (); +push @iface_config, "address $ipv4" if $ipv4; +push @iface_config, "address $ipv6" if $ipv6; +push @iface_config, "hwaddress $mac" if $mac; +push @iface_config, "bridge_ports none"; +push @iface_config, "bridge_stp off"; +push @iface_config, "bridge_fd 0"; +if($vnet->{vlanaware}) { +push @iface_config, "bridge-vlan-aware yes"; +push @iface_config, "bridge-vids 2-4094"; +} +push @iface_config, "mtu $mtu" if $mtu; +push @iface_config, "alias $alias" if $alias; +push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid}; + +return $config; +} + +sub status { +my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_; + +my $err_msg = []; + +# ifaces to check +my $ifaces = [ $vnetid]; + +foreach my $iface (@{$ifaces}) { + if (!$status->{$iface}->{status}) { + push @$err_msg, "missing $iface"; +} elsif ($status->{$iface}->{status} ne 'pass') { + push @$err_msg, "error iface $iface"; + } +} +return $err_msg; +} + +1; + + -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network] use PVE::Tools::split_list for ip lists
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Controllers/EvpnPlugin.pm | 4 ++-- PVE/Network/SDN/Zones/EvpnPlugin.pm | 2 +- PVE/Network/SDN/Zones/VxlanPlugin.pm | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm index 79ecaeb..9321af1 100644 --- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm +++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm @@ -47,11 +47,11 @@ sub options { sub generate_controller_config { my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; -my @peers = split(',', $plugin_config->{'peers'}) if $plugin_config->{'peers'}; +my @peers = PVE::Tools::split_list($plugin_config->{'peers'}) if $plugin_config->{'peers'}; my $asn = $plugin_config->{asn}; my $gatewaynodes = $plugin_config->{'gateway-nodes'}; -my @gatewaypeers = split(',', $plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'}; +my @gatewaypeers = PVE::Tools::split_list($plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'}; return if !$asn; diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index 95fbb64..b2f57ee 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -52,7 +52,7 @@ sub generate_sdn_config { die "missing vxlan tag" if !$tag; warn "vlan-aware vnet can't be enabled with evpn plugin" if $vnet->{vlanaware}; -my @peers = split(',', $controller->{'peers'}); +my @peers = PVE::Tools::split_list($controller->{'peers'}); my ($ifaceip, $iface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers); my $mtu = 1450; diff --git a/PVE/Network/SDN/Zones/VxlanPlugin.pm b/PVE/Network/SDN/Zones/VxlanPlugin.pm index bc585c6..5f17e15 100644 --- a/PVE/Network/SDN/Zones/VxlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VxlanPlugin.pm @@ -50,7 +50,7 @@ sub generate_sdn_config { my $ipv6 = $vnet->{ipv6}; my $mac = $vnet->{mac}; my $multicastaddress = $plugin_config->{'multicast-address'}; -my @peers = split(',', $plugin_config->{'peers'}) if $plugin_config->{'peers'}; +my @peers = PVE::Tools::split_list($plugin_config->{'peers'}) if $plugin_config->{'peers'}; my $vxlan_iface = "vxlan_$vnetid"; die "missing vxlan tag" if !$tag; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] cloudinit: generate server ssh keys on proxmox side ?
> Maybe could we generate them once at proxmox side ? >>-1 >> >>Copying private keys is bad ... I'll look if I can make sshkey gen occur only once, or simply chattr files it's possible to configure cloudinit modules, to launch only [once,instance,always]. by default, almost all modules run only 1 by instance, but as we recreate an instance each time, they are reapplying again. and the network configuration is not done in a module, so the only way is really a new instance each time. in /etc/cloud/cloud.cfg " cloud_init_modules: - ssh " -> " cloud_init_modules: - [ssh, once ] " Like this, it's creating a .sem file in /var/lib/cloud/sem/ instead /var/lib/cloud/instance/sem/ So, I think it'll not regenerate ssh config again again. BTW, I'm able to apply configuration change live, without need reboot, with a simple udev rule /etc/udev/rules.d/90-cloudinit.rules ACTION=="change", SUBSYSTEM=="block", KERNEL=="sr[0-9]*", ENV{ID_FS_LABEL}=="cidata", RUN+="/usr/local/bin/cloudinit-reload.sh" and /usr/local/bin/cloudinit-reload.sh -- rm /var/lib/cloud/instance systemctl restart cloud-init systemctl reload networking I think I'll write some tuning docs, it could be very helpfull for users. - Mail original - De: "dietmar" À: "pve-devel" Envoyé: Jeudi 25 Juin 2020 11:00:10 Objet: Re: [pve-devel] cloudinit: generate server ssh keys on proxmox side ? > Maybe could we generate them once at proxmox side ? -1 Copying private keys is bad ... ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] cloudinit: generate server ssh keys on proxmox side ?
Hi, I'm currently testing cloudinit, and I have notice that each time we are doing a change, as we generate a new instance each time (because they are no other easy way to get network configuration regenerate), The server ssh private keys are generate again and again. It's possible to put in cloudinit config the sshkeys like https://cloudinit.readthedocs.io/en/latest/topics/examples.html "ssh_keys: rsa_private: | -BEGIN RSA PRIVATE KEY- MIIBxwIBAAJhAKD0YSHy73nUgysO13XsJmd4fHiFyQ+00R7VVu2iV9Qcon2LZS/x 1cydPZ4pQpfjEha6WxZ6o8ci/Ea/w0n+0HGPwaxlEG2Z9inNtj3pgFrYcRztfECb 1j6HCibZbAzYtwIBIwJgO8h72WjcmvcpZ8OvHSvTwAguO2TkR6mPgHsgSaKy6GJo PUJnaZRWuba/HX0KGyhz19nPzLpzG5f0fYahlMJAyc13FV7K6kMBPXTRR6FxgHEg L0MPC7cdqAwOVNcPY6A7AjEA1bNaIjOzFN2sfZX0j7OMhQuc4zP7r80zaGc5oy6W p58hRAncFKEvnEq2CeL3vtuZAjEAwNBHpbNsBYTRPCHM7rZuG/iBtwp8Rxhc9I5w ixvzMgi+HpGLWzUIBS+P/XhekIjPAjA285rVmEP+DR255Ls65QbgYhJmTzIXQ2T9 luLvcmFBC6l35Uc4gTgg4ALsmXLn71MCMGMpSWspEvuGInayTCL+vEjmNBT+FAdO W7D4zCpI43jRS9U06JVOeSc9CDk2lwiA3wIwCTB/6uc8Cq85D9YqpM10FuHjKpnP REPPOyrAspdeOAV+6VKRavstea7+2DZmSUgE -END RSA PRIVATE KEY- " Maybe could we generate them once at proxmox side ? ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH pve-network] allow [ ,;] for ip lists
>>why not use PVE::Tools::split_list ? it's our standard helper for these >>kind of things, and also correctly trims whitespace and has support for >>\0-separated lists ; I have take it from ceph code ;) /usr/share/perl5/PVE/CephConfig.pm:my $monhosts = [ split (/[ ,;]+/, $config->{global}->{mon_host} // "") ]; /usr/share/perl5/PVE/API2/Ceph/MON.pm: $monhost =~ s/(^|[ ,;]*)\[$vectorpart_re(?:,$vectorpart_re)*\](?:[ ,;]+|$)/$1/; /usr/share/perl5/PVE/API2/Ceph/MON.pm: $monhost =~ s/(^|[ ,;]+)\Q$addr\E(?::\d+)?(?:[ ,;]+|$)/$1/; /usr/share/perl5/PVE/API2/Ceph/MON.pm: $monhost =~ s/(^|[ ,;]+)\Q$addr\E(?:[ ,;]+|$)/$1/; /usr/share/perl5/PVE/API2/Ceph/MON.pm: $monhost =~ s/[ ,;]+$//; I'll look to use the PVE::Tools::split_list. - Mail original - De: "Fabian Grünbichler" À: "pve-devel" Envoyé: Mercredi 24 Juin 2020 10:23:14 Objet: Re: [pve-devel] [PATCH pve-network] allow [ ,;] for ip lists why not use PVE::Tools::split_list ? it's our standard helper for these kind of things, and also correctly trims whitespace and has support for \0-separated lists ;) On June 12, 2020 6:14 pm, Alexandre Derumier wrote: > Signed-off-by: Alexandre Derumier > --- > PVE/Network/SDN/Controllers/EvpnPlugin.pm | 4 ++-- > PVE/Network/SDN/Zones/EvpnPlugin.pm | 2 +- > PVE/Network/SDN/Zones/VxlanPlugin.pm | 2 +- > 3 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm > b/PVE/Network/SDN/Controllers/EvpnPlugin.pm > index 79ecaeb..8db2bed 100644 > --- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm > +++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm > @@ -47,11 +47,11 @@ sub options { > sub generate_controller_config { > my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; > > - my @peers = split(',', $plugin_config->{'peers'}) if > $plugin_config->{'peers'}; > + my @peers = split(/[ ,;]+/, $plugin_config->{'peers'}) if > $plugin_config->{'peers'}; > > my $asn = $plugin_config->{asn}; > my $gatewaynodes = $plugin_config->{'gateway-nodes'}; > - my @gatewaypeers = split(',', $plugin_config->{'gateway-external-peers'}) > if $plugin_config->{'gateway-external-peers'}; > + my @gatewaypeers = split(/[ ,;]+/, > $plugin_config->{'gateway-external-peers'}) if > $plugin_config->{'gateway-external-peers'}; > > return if !$asn; > > diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm > b/PVE/Network/SDN/Zones/EvpnPlugin.pm > index 95fbb64..dba3ffc 100644 > --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm > +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm > @@ -52,7 +52,7 @@ sub generate_sdn_config { > die "missing vxlan tag" if !$tag; > warn "vlan-aware vnet can't be enabled with evpn plugin" if > $vnet->{vlanaware}; > > - my @peers = split(',', $controller->{'peers'}); > + my @peers = split(/[ ,;]+/, $controller->{'peers'}); > my ($ifaceip, $iface) = > PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers); > > my $mtu = 1450; > diff --git a/PVE/Network/SDN/Zones/VxlanPlugin.pm > b/PVE/Network/SDN/Zones/VxlanPlugin.pm > index bc585c6..f2c2eec 100644 > --- a/PVE/Network/SDN/Zones/VxlanPlugin.pm > +++ b/PVE/Network/SDN/Zones/VxlanPlugin.pm > @@ -50,7 +50,7 @@ sub generate_sdn_config { > my $ipv6 = $vnet->{ipv6}; > my $mac = $vnet->{mac}; > my $multicastaddress = $plugin_config->{'multicast-address'}; > - my @peers = split(',', $plugin_config->{'peers'}) if > $plugin_config->{'peers'}; > + my @peers = split(/[ ,;]+/, $plugin_config->{'peers'}) if > $plugin_config->{'peers'}; > my $vxlan_iface = "vxlan_$vnetid"; > > die "missing vxlan tag" if !$tag; > -- > 2.20.1 > > ___ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas
>>Do you want to allocate IPs on VM creation time, or VM start time? I think at vm creation time, or nic hotplug/unplug. the ipam api is called, return free ip address, and we write somewhere in vm config the ip address. (for nic hotplug/unplug, we need to handle ipam removal on config revert) Like this, user can generate cloudinit if needed with the ip address, can do custom firewall rules, we could generate dhcp... before starting the vm. - Mail original - De: "dietmar" À: "aderumier" Cc: "pve-devel" Envoyé: Mercredi 24 Juin 2020 07:42:07 Objet: Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas > >>You you also do not store the cidr there, and instead > >>store the some pool ID retured by IPAM? > > cidr should be the key/id of the subnet. Almost all ipam use the cidr as key. Ok, that makes sense now. Do you want to allocate IPs on VM creation time, or VM start time? ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas
>>You you also do not store the cidr there, and instead >>store the some pool ID retured by IPAM? cidr should be the key/id of the subnet. Almost all ipam use the cidr as key. Alexandre Derumier Ingénieur système et stockage Manager Infrastructure Fixe : +33 3 59 82 20 10 125 Avenue de la république 59110 La Madeleine [ https://twitter.com/OdisoHosting ] [ https://twitter.com/mindbaz ] [ https://www.linkedin.com/company/odiso ] [ https://www.viadeo.com/fr/company/odiso ] [ https://www.facebook.com/monsiteestlent ] [ https://www.monsiteestlent.com/ | MonSiteEstLent.com ] - Blog dédié à la webperformance et la gestion de pics de trafic De: "dietmar" À: "aderumier" Cc: "pve-devel" Envoyé: Mardi 23 Juin 2020 13:26:10 Objet: Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas > No,no, I don't want to store ips in subnets.cfg, it's done in ipam. (or it > could be done in a localipam database if no ipam exist). You you also do not store the cidr there, and instead store the some pool ID retured by IPAM? ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas
>>No. I mean you store all subnets and IPs in subnets.cfg, so why do we >>need/want IPAM plugins? oh ok sorry. No,no, I don't want to store ips in subnets.cfg, it's done in ipam. (or it could be done in a localipam database if no ipam exist). the "allocation-pools" option, was for: in this subnet, I'm only allowing this range of ip address. (Maybe cause some ips in this subnets are not registered in ipam, reserved for other thing). It's more a filter. But thinking about this, this can be hard with ipam "find next free ip" api. I have looked in differents ipam drivers, and this kind of filtering is almost never implemented. So you need to retrieve full subnet, and find yourself the next free ip. (good luck with ipv6 /56 ;) I think we can forget this allocation-pools option for now. - Mail original - De: "dietmar" À: "aderumier" Cc: "pve-devel" Envoyé: Mardi 23 Juin 2020 11:37:43 Objet: Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas > >>But you already mange subnets and allocation pools in subnets.cfg, so what > >>it the purpose > >>of those ipam plugins? I am unable to see the point? Keeping those > >>reservations in sync > >>looks hard to me. > > do you mean sync between dhcp && ipam ? No. I mean you store all subnets and IPs in subnets.cfg, so why do we need/want IPAM plugins? ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas
>>But you already mange subnets and allocation pools in subnets.cfg, so what it >>the purpose >>of those ipam plugins? I am unable to see the point? Keeping those >>reservations in sync >>looks hard to me. do you mean sync between dhcp && ipam ? I'm more thinking about static dhcp reservation (mac/ip). user take an ip from ipam, put it on the vm, and the dhcp config with mac/ip is generated. for dynamic dhcp (if we really want it, maybe for nat ?), this should be done without ipam registration. maybe on a dedicated subnet. - Mail original - De: "dietmar" À: "aderumier" Cc: "pve-devel" Envoyé: Mardi 23 Juin 2020 06:45:14 Objet: Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas > I'm just dreaming of something easy like for containers ip management :) > > > > >>Also, I like the idea that IPAM has a plugin architecture. So it is up to > >>the plugin to > >>provide a dhcp service? > > I'm still unsure about this. The ipam softwares really only manage subnets, > and allocated ip. But you already mange subnets and allocation pools in subnets.cfg, so what it the purpose of those ipam plugins? I am unable to see the point? Keeping those reservations in sync looks hard to me. ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas
>> In second step, we could also add dhcp server features, with static ip/mac >> leases. (Kea dhcp seem a good candidate). >> with 1 local dhcp server by node. (only responding to local vms) >> for bgp-evpn it's easy because we already have a anycast gateway ip, so it >> can be use by dhcp server. >> for vlan && layer2 plugin, I wonder if we could also assign some kind of >> anycast ip (same ip on each host/vnet), but with filtering >> (iptables,ebtables,) >> I could also works to implement cloudinit network metadata. > >I would prefer to delegate that part to the VM (cloudinit). yes, I'm really not sure about dhcp to get it working in every setup. (mainly on layer2, but maybe some isolation with namespace is possible) If dhcp is able to running on local host, I think it's really a better way to manage ip, dns, routes, and others network settings. I'm just dreaming of something easy like for containers ip management :) >>Also, I like the idea that IPAM has a plugin architecture. So it is up to the >>plugin to >>provide a dhcp service? I'm still unsure about this. The ipam softwares really only manage subnets, and allocated ip. I think dhcp code should go in the vnet/zone plugin. (maybe some sdn have their own dhcp implementation). We could also enable dhcp without ipam, on a specific subnet/vnet, with full dynamic ip. (and maybe also add nat feature here if needed) Zone plugin -> dhcp implementation subnet option (dhcp: enable/disable, nat: enable/disable) ---> vnet > subnet: subnet1 > cidr 192.168.0.0/24 > allocation-pools 192.168.0.10-17, 192.168.0.70-10, 192.168.0.100 (default is > the full cidr without network/broadcast address) >>I thought IP addresses should be managed by the IPAM plugin? >>Why would we specify them here? I was not sure about permissions handling, it could be great to be able to restrict users to use some ips or range of ip, in a subnet. (I mainly thinking about public ipv4, where you can't segments sub-subnet and loose 2ips for network/broadcast address.) But maybe it's something unrelated to this allocation-pools option. I would like to be able to have: Users buy/reserved X ip address, and can use them (and only them) in his vm. Maybe it can be simply manage with ressources pools, where you reserved ips from ipam, and write them a resource pool. - Mail original - De: "dietmar" À: "pve-devel" , "aderumier" Envoyé: Dimanche 21 Juin 2020 08:59:22 Objet: Re: [pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas comments inline > When user will create a new vm or add a nic to the vm, he could choose ip > address "auto", > and the next available ip addresse will be returned with the ipam driver. Each NIC may have an associated network allocation pool, where "auto" tries to figure out the correct pool autimagically. > User could also choose a specific ip address with verification of > availability. I though this is addition to the network allocation pool. If set, it tries to allocate a specific IP address inside the allocation pool. > In second step, we could also add dhcp server features, with static ip/mac > leases. (Kea dhcp seem a good candidate). > with 1 local dhcp server by node. (only responding to local vms) > for bgp-evpn it's easy because we already have a anycast gateway ip, so it > can be use by dhcp server. > for vlan && layer2 plugin, I wonder if we could also assign some kind of > anycast ip (same ip on each host/vnet), but with filtering > (iptables,ebtables,) > I could also works to implement cloudinit network metadata. I would prefer to delegate that part to the VM (cloudinit). Also, I like the idea that IPAM has a plugin architecture. So it is up to the plugin to provide a dhcp service? > Here some implementations doc in openstack && openebula Thanks for the links! > Somes notes/ideas for the implementation/config: > -- > /etc/pve/sdn/subnets.cfg > - > > subnet: subnet1 > cidr 192.168.0.0/24 > allocation-pools 192.168.0.10-17, 192.168.0.70-10, 192.168.0.100 (default is > the full cidr without network/broadcast address) I thought IP addresses should be managed by the IPAM plugin? Why would we specify them here? ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager] sdn: fix zone icon in tree view
also add status icon: -pending (yellow triangle) -error (red cross) Signed-off-by: Alexandre Derumier --- www/css/ext6-pve.css | 4 www/manager6/tree/ResourceTree.js | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/www/css/ext6-pve.css b/www/css/ext6-pve.css index 8f0407df..a91f1aaf 100644 --- a/www/css/ext6-pve.css +++ b/www/css/ext6-pve.css @@ -207,6 +207,8 @@ } /* yellow ! triangle */ +.x-tree-icon-custom.pending:after, +.x-grid-icon-custom.pending:after, .x-tree-icon-custom.io-error:after, .x-grid-icon-custom.io-error:after, .x-tree-icon-custom.internal-error:after, @@ -218,6 +220,8 @@ } /* the red x */ +.x-tree-icon-custom.error:after, +.x-grid-icon-custom.error:after, .x-tree-icon-custom.offline:after, .x-grid-icon-custom.offline:after, .x-tree-icon-custom.ha-error:after, diff --git a/www/manager6/tree/ResourceTree.js b/www/manager6/tree/ResourceTree.js index a76e385b..96865f16 100644 --- a/www/manager6/tree/ResourceTree.js +++ b/www/manager6/tree/ResourceTree.js @@ -20,8 +20,8 @@ Ext.define('PVE.tree.ResourceTree', { text: gettext('Storage') }, sdn: { - iconCls: 'fa fa-sdn-vnet', - text: gettext('Sdn') + iconCls: 'fa fa-th', + text: gettext('SDN') }, qemu: { iconCls: 'fa fa-desktop', -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network] improve status
check all plumbing interfaces needed for vnets Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones.pm| 29 +--- PVE/Network/SDN/Zones/Plugin.pm | 35 PVE/Network/SDN/Zones/QinQPlugin.pm | 51 + PVE/Network/SDN/Zones/VlanPlugin.pm | 47 ++ 4 files changed, 109 insertions(+), 53 deletions(-) diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm index 4fd4a14..df4c0da 100644 --- a/PVE/Network/SDN/Zones.pm +++ b/PVE/Network/SDN/Zones.pm @@ -178,7 +178,7 @@ sub ifquery_check { } my $warned_about_reload; -# improve me : move status code inside plugins ? + sub status { my $err_config = undef; @@ -210,10 +210,17 @@ sub status { my $zone_cfg = PVE::Cluster::cfs_read_file('sdn/zones.cfg'); my $nodename = PVE::INotify::nodename(); - -my $vnet_status = {}; +my $vnet_status = {}; my $zone_status = {}; +foreach my $id (sort keys %{$zone_cfg->{ids}}) { + $zone_status->{$id}->{status} = 'available'; + if($err_config) { + $zone_status->{$id}->{status} = 'pending'; + next; + } +} + foreach my $id (sort keys %{$vnet_cfg->{ids}}) { my $vnet = $vnet_cfg->{ids}->{$id}; my $zone = $vnet->{zone}; @@ -222,8 +229,22 @@ sub status { my $plugin_config = $zone_cfg->{ids}->{$zone}; next if defined($plugin_config->{nodes}) && !$plugin_config->{nodes}->{$nodename}; + $vnet_status->{$id}->{zone} = $zone; + $vnet_status->{$id}->{status} = 'available'; + + if($err_config) { + $vnet_status->{$id}->{status} = 'pending'; + $vnet_status->{$id}->{statusmsg} = $err_config; + next; + } + my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); - $plugin->status($plugin_config, $zone, $id, $vnet, $err_config, $status, $vnet_status, $zone_status); + my $err_msg = $plugin->status($plugin_config, $zone, $id, $vnet, $status); + if (@{$err_msg} > 0) { + $vnet_status->{$id}->{status} = 'error'; + $vnet_status->{$id}->{statusmsg} = join(',', @{$err_msg}); + $zone_status->{$id}->{status} = 'error'; + } } return($zone_status, $vnet_status); diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm index 0633b78..190a153 100644 --- a/PVE/Network/SDN/Zones/Plugin.pm +++ b/PVE/Network/SDN/Zones/Plugin.pm @@ -178,30 +178,21 @@ sub parse_tag_number_or_range { } sub status { -my ($class, $plugin_config, $zone, $id, $vnet, $err_config, $status, $vnet_status, $zone_status) = @_; - -$vnet_status->{$id}->{zone} = $zone; -$zone_status->{$zone}->{status} = 'available' if !defined($zone_status->{$zone}->{status}); - -if($err_config) { - $vnet_status->{$id}->{status} = 'pending'; - $vnet_status->{$id}->{statusmsg} = $err_config; - $zone_status->{$zone}->{status} = 'pending'; -} elsif ($status->{$id}->{status} && $status->{$id}->{status} eq 'pass') { - $vnet_status->{$id}->{status} = 'available'; - my $bridgeport = $status->{$id}->{config}->{'bridge-ports'}; - - if ($bridgeport && $status->{$bridgeport}->{status} && $status->{$bridgeport}->{status} ne 'pass') { - $vnet_status->{$id}->{status} = 'error'; - $vnet_status->{$id}->{statusmsg} = 'configuration not fully applied'; - $zone_status->{$zone}->{status} = 'error'; - } +my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_; + +my $err_msg = []; -} else { - $vnet_status->{$id}->{status} = 'error'; - $vnet_status->{$id}->{statusmsg} = 'missing'; - $zone_status->{$zone}->{status} = 'error'; +# ifaces to check +my $ifaces = [ $vnetid ]; + +foreach my $iface (@{$ifaces}) { +if (!$status->{$iface}->{status}) { + push @$err_msg, "missing $iface"; +} elsif ($status->{$iface}->{status} ne 'pass') { + push @$err_msg, "error $iface"; +} } +return $err_msg; } diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm index 73c2e84..f1c3222 100644 --- a/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -166,23 +166,48 @@ sub generate_sdn_config { } sub status { -my ($class, $plugin_config, $zone, $id, $vnet, $err_config, $status, $vnet_status, $zone_status) = @_; +my ($class, $plugin_config, $zone, $vnetid, $vnet, $status) = @_; my $bridge = $plugin_config->{bridge}; -$vnet_status->{$id}->{zone} = $zone; -$zone_status->{$zone}->{status
[pve-devel] RFC: sdn: add ip management (IPAM -DHCP) ideas
Hi, the sdn beta seem to works fine currently, I think the model is good enough to handle users need. I'm already thinking about the next step: ip management (ipam) && dhcp. The main idea is to be able to defined subnets with pools of address ip on vnets, and when user create a vm on this vnet, he's only able to use an ip address from available pools. The ip address management can be done internal in the cluster, or use an external source through plugin. (racktables, netbox, phpipam,...). This is really needed for big company like me, where you have multiple proxmox cluster but also physicals servers, kubernetes cluster,... where all ips addresses are registred to a central software. When user will create a new vm or add a nic to the vm, he could choose ip address "auto", and the next available ip addresse will be returned with the ipam driver. User could also choose a specific ip address with verification of availability. In second step, we could also add dhcp server features, with static ip/mac leases. (Kea dhcp seem a good candidate). with 1 local dhcp server by node. (only responding to local vms) for bgp-evpn it's easy because we already have a anycast gateway ip, so it can be use by dhcp server. for vlan && layer2 plugin, I wonder if we could also assign some kind of anycast ip (same ip on each host/vnet), but with filtering (iptables,ebtables,) I could also works to implement cloudinit network metadata. Here some implementations doc in openstack && openebula --- openstack - https://specs.openstack.org/openstack/neutron-specs/specs/liberty/neutron-ipam.html https://www.youtube.com/watch?v=l_JSXSIRr6M https://www.youtube.com/watch?v=smbs0Up87Y4 opennebula -- https://docs.opennebula.io/5.10/integration/infrastructure_integration/devel-ipam.html#devel-ipam https://docs.opennebula.io/5.10/operation/network_management/manage_vnets.html#managing-address-ranges Somes notes/ideas for the implementation/config: -- /etc/pve/sdn/subnets.cfg - subnet: subnet1 cidr 192.168.0.0/24 allocation-pools 192.168.0.10-17, 192.168.0.70-10, 192.168.0.100 (default is the full cidr without network/broadcast address) (I'm not sure, maybe allocation-pools should be differents objects to manage permissions on them) vnet vnet1 ipam internal (default) dhcp 1 -> generate dhcp configuration subnet: subnet2 cidr 192.168.1.0/24 vnet vnet1 ipam netbox subnet: subnet3 vnet vnet2 ipam netbox /etc/pve/sdn/ipam.cfg - netbox: mynetboximap api http://netbox.com/api/ login: ... password: ... firewall : --- - allowing only src/dst subnet on vnet by default ? - add vnets rules option ? - dhcp filtering rules (ebtables, dhcp snooping) add a new intermediate vnet chain : ->PVEFW-FWBR-IN->VNET-VNETID-IN--> TAP ? or add rules in each vm tap chain? vm|ct nic gui: -- - display all available ips in a list ? (maybe too huge with big subnets) or -> choose vnet -> choose available subnet -> field ip address: "auto|next free ip" -> api find_next_ip && record to ipam on submit. -> specify a specific ip address -> add_ip (with verification if still available) ipam driver api --- - add_subnet - add_ip - del_ip - add_next_ip ipam internal database (yml ?): - simply ip array -subnet1 - 192.168.0.1 - 192.168.0.2 - 192.168.0.3 or array of hash with more infos ? -subnet2 - ip: 192.168.1.1 vm: 100 net: 0 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network] allow [ ,;] for ip lists
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Controllers/EvpnPlugin.pm | 4 ++-- PVE/Network/SDN/Zones/EvpnPlugin.pm | 2 +- PVE/Network/SDN/Zones/VxlanPlugin.pm | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm index 79ecaeb..8db2bed 100644 --- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm +++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm @@ -47,11 +47,11 @@ sub options { sub generate_controller_config { my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; -my @peers = split(',', $plugin_config->{'peers'}) if $plugin_config->{'peers'}; +my @peers = split(/[ ,;]+/, $plugin_config->{'peers'}) if $plugin_config->{'peers'}; my $asn = $plugin_config->{asn}; my $gatewaynodes = $plugin_config->{'gateway-nodes'}; -my @gatewaypeers = split(',', $plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'}; +my @gatewaypeers = split(/[ ,;]+/, $plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'}; return if !$asn; diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index 95fbb64..dba3ffc 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -52,7 +52,7 @@ sub generate_sdn_config { die "missing vxlan tag" if !$tag; warn "vlan-aware vnet can't be enabled with evpn plugin" if $vnet->{vlanaware}; -my @peers = split(',', $controller->{'peers'}); +my @peers = split(/[ ,;]+/, $controller->{'peers'}); my ($ifaceip, $iface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers); my $mtu = 1450; diff --git a/PVE/Network/SDN/Zones/VxlanPlugin.pm b/PVE/Network/SDN/Zones/VxlanPlugin.pm index bc585c6..f2c2eec 100644 --- a/PVE/Network/SDN/Zones/VxlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VxlanPlugin.pm @@ -50,7 +50,7 @@ sub generate_sdn_config { my $ipv6 = $vnet->{ipv6}; my $mac = $vnet->{mac}; my $multicastaddress = $plugin_config->{'multicast-address'}; -my @peers = split(',', $plugin_config->{'peers'}) if $plugin_config->{'peers'}; +my @peers = split(/[ ,;]+/, $plugin_config->{'peers'}) if $plugin_config->{'peers'}; my $vxlan_iface = "vxlan_$vnetid"; die "missing vxlan tag" if !$tag; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager] api : cluster resources: add sdn audit permission
Signed-off-by: Alexandre Derumier --- PVE/API2/Cluster.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm index 76560fa4..062ca849 100644 --- a/PVE/API2/Cluster.pm +++ b/PVE/API2/Cluster.pm @@ -411,7 +411,7 @@ __PACKAGE__->register_method({ foreach my $id (keys %{$sdns}) { my $sdn = $sdns->{$id}; - #next if !$rpcenv->check($authuser, "/sdn/$id", [ 'SDN.Audit' ], 1); + next if !$rpcenv->check($authuser, "/sdn/zones/$id", [ 'SDN.Audit' ], 1); my $entry = { id => "sdn/$node/$id", sdn => $id, -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager] sdn: browser: fix Permissions.Modify
Signed-off-by: Alexandre Derumier --- www/manager6/sdn/Browser.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/manager6/sdn/Browser.js b/www/manager6/sdn/Browser.js index 20944bd5..1415f966 100644 --- a/www/manager6/sdn/Browser.js +++ b/www/manager6/sdn/Browser.js @@ -34,7 +34,7 @@ Ext.define('PVE.sdn.Browser', { }); } -// if (caps.sdn['Permissions.Modify']) { + if (caps.sdn['Permissions.Modify']) { me.items.push({ xtype: 'pveACLView', title: gettext('Permissions'), @@ -42,7 +42,7 @@ Ext.define('PVE.sdn.Browser', { itemId: 'permissions', path: '/sdn/zones/' + sdnid }); -// } + } me.callParent(); } -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-access-control] api2: AccessControl: add sdn permissions.modify
Signed-off-by: Alexandre Derumier --- PVE/API2/AccessControl.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm index 8b053dc..fd27786 100644 --- a/PVE/API2/AccessControl.pm +++ b/PVE/API2/AccessControl.pm @@ -176,7 +176,7 @@ my $compute_api_permission = sub { access => qr/(User|Group)\.|Permissions\.Modify/, storage => qr/Datastore\.|Permissions\.Modify/, nodes => qr/Sys\.|Permissions\.Modify/, - sdn => qr/SDN\./, + sdn => qr/SDN\.|Permissions\.Modify/, dc => qr/Sys\.Audit|SDN\./, }; map { $res->{$_} = {} } keys %$priv_re_map; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH proxmox-widget-toolkit] networkedit: display mtu for ovsbond too
>>Change looks OK, but I made the repo pass our new eslint JavaScript linter >>config >>and moved sources into a src/ directory to separate packaging from source >>better, >>so this would need to be rebased. As it's just a small change I replicated >>here >>myself and pushed that out - thanks! >> >>FYI, you can install pve-eslint from our development repository, add following >>source: Ok, thanks ! - Mail original - De: "Thomas Lamprecht" À: "pve-devel" , "aderumier" Envoyé: Lundi 8 Juin 2020 16:48:14 Objet: Re: [pve-devel] [PATCH proxmox-widget-toolkit] networkedit: display mtu for ovsbond too On 6/7/20 1:30 PM, Alexandre Derumier wrote: > --- > node/NetworkEdit.js | 23 --- > 1 file changed, 12 insertions(+), 11 deletions(-) > Change looks OK, but I made the repo pass our new eslint JavaScript linter config and moved sources into a src/ directory to separate packaging from source better, so this would need to be rebased. As it's just a small change I replicated here myself and pushed that out - thanks! FYI, you can install pve-eslint from our development repository, add following source: deb http://download.proxmox.com/debian/devel/ buster main then: # apt install pve-eslint ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-common] Inotify: write_network_interfaces : always autostart bond slaves interfaces
Currently, bond slaves are mostly working without autostart, because bond slaves scripts from ifupdown1 && also ifupdown2 have some kind of hacks to start the slaves. But if users want to do some tuning on the ifaces, they are not applied. Also, with ifupdown2 + ovs, this kind of hack is not implemented (yet), so the slaves of the bond are still down. Debian/Ubuntu official docs always set "auto ethX" for bond slaves, it's really more clean like this. Signed-off-by: Alexandre Derumier --- src/PVE/INotify.pm | 2 ++ test/etc_network_interfaces/t.create_network.pl | 10 ++ test/etc_network_interfaces/t.unknown_order.pl | 6 ++ 3 files changed, 18 insertions(+) diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm index 1eaec21..c507515 100644 --- a/src/PVE/INotify.pm +++ b/src/PVE/INotify.pm @@ -1487,6 +1487,7 @@ sub __write_etc_network_interfaces { if ($d->{type} eq 'OVSBond' && $d->{ovs_bonds}) { foreach my $p (split (/\s+/, $d->{ovs_bonds})) { my $n = $ifaces->{$p}; + $n->{autostart} = 1; die "OVS bond '$iface' - unable to find slave '$p'\n" if !$n; die "OVS bond '$iface' - wrong interface type on slave '$p' " . @@ -1503,6 +1504,7 @@ sub __write_etc_network_interfaces { my $bond_primary_is_slave = undef; foreach my $p (split (/\s+/, $d->{slaves})) { my $n = $ifaces->{$p}; + $n->{autostart} = 1; die "bond '$iface' - unable to find slave '$p'\n" if !$n; diff --git a/test/etc_network_interfaces/t.create_network.pl b/test/etc_network_interfaces/t.create_network.pl index 22e7142..b8da513 100644 --- a/test/etc_network_interfaces/t.create_network.pl +++ b/test/etc_network_interfaces/t.create_network.pl @@ -109,8 +109,10 @@ iface eth0 inet manual $eth1_part +auto eth2 iface eth2 inet manual +auto eth3 iface eth3 inet manual iface eth4 inet manual @@ -167,8 +169,10 @@ iface eth0 inet manual $eth1_part +auto eth2 iface eth2 inet manual +auto eth3 iface eth3 inet manual iface eth4 inet manual @@ -284,8 +288,10 @@ iface eth0 inet manual $eth1_part +auto eth2 iface eth2 inet manual +auto eth3 iface eth3 inet manual iface eth4 inet manual @@ -398,12 +404,16 @@ iface eth0 inet manual $eth1_part +auto eth2 iface eth2 inet manual +auto eth3 iface eth3 inet manual +auto eth4 iface eth4 inet manual +auto eth5 iface eth5 inet manual auto eth1.100 diff --git a/test/etc_network_interfaces/t.unknown_order.pl b/test/etc_network_interfaces/t.unknown_order.pl index cd8f51b..44c0392 100644 --- a/test/etc_network_interfaces/t.unknown_order.pl +++ b/test/etc_network_interfaces/t.unknown_order.pl @@ -2,16 +2,22 @@ my $base = load('loopback'); sub wanted($) { my ($ip) = @_; return $base . <<"IFACES"; +auto eth0 iface eth0 inet manual +auto eth1 iface eth1 inet manual +auto eth2 iface eth2 inet manual +auto eth3 iface eth3 inet manual +auto eth4 iface eth4 inet manual +auto eth5 iface eth5 inet manual iface eth6 inet manual -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH proxmox-widget-toolkit] networkedit: display mtu for ovsbond too
--- node/NetworkEdit.js | 23 --- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/node/NetworkEdit.js b/node/NetworkEdit.js index 72aab6f..b01712c 100644 --- a/node/NetworkEdit.js +++ b/node/NetworkEdit.js @@ -312,19 +312,20 @@ Ext.define('Proxmox.node.NetworkEdit', { name: 'gateway6', }, ); - advancedColumn1.push( - { - xtype: 'proxmoxintegerfield', - minValue: 1280, - maxValue: 65520, - deleteEmpty: !me.isCreate, - emptyText: 1500, - fieldLabel: 'MTU', - name: 'mtu', - }, - ); } + advancedColumn1.push( + { + xtype: 'proxmoxintegerfield', + minValue: 1280, + maxValue: 65520, + deleteEmpty: !me.isCreate, + emptyText: 1500, + fieldLabel: 'MTU', + name: 'mtu', + }, + ); + Ext.applyIf(me, { url: url, method: method, -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH ifupdown2] add patch 0009-address-don-t-process_mtu-if-ovs-mtu-is-defined.patch
https://github.com/CumulusNetworks/ifupdown2/pull/166 Openvswitch already manage mtu if ovs-mtu is defined. (Ovs manage mtu in userland, and sync mtu for some interfaces in kernel). If mtu is changed by address module, before the ovs userland mtu, this give packets drop. Signed-off-by: Alexandre Derumier --- debian/changelog | 6 ...-t-process_mtu-if-ovs-mtu-is-defined.patch | 32 +++ debian/patches/series | 1 + 3 files changed, 39 insertions(+) create mode 100644 debian/patches/pve/0009-address-don-t-process_mtu-if-ovs-mtu-is-defined.patch diff --git a/debian/changelog b/debian/changelog index c5b2f2a..29f0ab8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ifupdown2 (3.0.0-1+pve2) pve; urgency=medium + + * ovs-mtu fix + + -- Proxmox Support Team Thu, 04 Jun 2020 13:00:01 +0200 + ifupdown2 (3.0.0-1+pve1) pve; urgency=medium * update to new 3.0.0 upstream release diff --git a/debian/patches/pve/0009-address-don-t-process_mtu-if-ovs-mtu-is-defined.patch b/debian/patches/pve/0009-address-don-t-process_mtu-if-ovs-mtu-is-defined.patch new file mode 100644 index 000..d12a6ed --- /dev/null +++ b/debian/patches/pve/0009-address-don-t-process_mtu-if-ovs-mtu-is-defined.patch @@ -0,0 +1,32 @@ +From 54dbee161aa2fd281046386c10123222b790ebfc Mon Sep 17 00:00:00 2001 +From: Alexandre Derumier +Date: Wed, 3 Jun 2020 13:06:14 +0200 +Subject: [PATCH] address: don't process_mtu if ovs-mtu is defined + +Openvswitch already manage mtu if ovs-mtu is defined. +(Ovs manage mtu in userland, and sync mtu for some interfaces in kernel). + +Signed-off-by: Alexandre Derumier +--- + ifupdown2/addons/address.py | 5 + + 1 file changed, 5 insertions(+) + +diff --git a/ifupdown2/addons/address.py b/ifupdown2/addons/address.py +index 6578ebb..9a20c9e 100644 +--- a/ifupdown2/addons/address.py b/ifupdown2/addons/address.py +@@ -881,6 +881,11 @@ class address(Addon, moduleBase): + + def process_mtu(self, ifaceobj, ifaceobj_getfunc): + mtu_str = ifaceobj.get_attr_value_first('mtu') ++ ++ovs_mtu = ifaceobj.get_attr_value_first('ovs-mtu') ++if ovs_mtu: ++return ++ + mtu_from_policy = False + + if not mtu_str: +-- +2.20.1 + diff --git a/debian/patches/series b/debian/patches/series index a83e94e..b454408 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,4 +6,5 @@ pve/0005-ifreload-down-up-vxlan-interfaces-when-ifreload_down.patch pve/0006-config-tuning.patch pve/0007-networking.service-fix-dependencies-and-ordering.patch pve/0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch +pve/0009-address-don-t-process_mtu-if-ovs-mtu-is-defined.patch pve/0010-postinst-rm-update-network-config-compatibility.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH qemu-server] add virtio host_mtu feature.
Hi, any comment about this patch ? forum users still need it https://forum.proxmox.com/threads/set-mtu-on-guest.45078/page-2 (and it could help too with vxlan and other tunneling where mtu need to be reduce on guest) - Mail original - De: "aderumier" À: "pve-devel" Cc: "aderumier" Envoyé: Vendredi 17 Avril 2020 07:47:20 Objet: [PATCH qemu-server] add virtio host_mtu feature. This add a new "mtu" param to vm nic, and force the mtu in the guest for virtio nic only. Special value: 1 = set the same value than the bridge --- PVE/QemuServer.pm | 19 +++ 1 file changed, 19 insertions(+) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 6445508..9baa6ff 100644 --- a/PVE/QemuServer.pm +++ b/PVE/QemuServer.pm @@ -884,6 +884,12 @@ my $net_fmt = { description => 'Whether this interface should be disconnected (like pulling the plug).', optional => 1, }, + mtu => { + type => 'integer', + minimum => 1, maximum => 65520, + description => 'Force mtu (virtio only). 1 = bridge mtu value', + optional => 1, + }, }; my $netdesc = { @@ -1593,6 +1599,19 @@ sub print_netdevice_full { } $tmpstr .= ",bootindex=$net->{bootindex}" if $net->{bootindex} ; + if($net->{model} eq 'virtio' && $net->{mtu} && $net->{bridge}) { + + my $mtu = $net->{mtu}; + my $bridge_mtu = PVE::Network::read_bridge_mtu($net->{bridge}); + + if($mtu == 1) { + $mtu = $bridge_mtu; + } else { + die "mtu $mtu is bigger than bridge mtu $bridge_mtu" if $mtu > $bridge_mtu; + } + $tmpstr .= ",host_mtu=$mtu"; + } + if ($use_old_bios_files) { my $romfile; if ($device eq 'virtio-net-pci') { -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] applied-series: Re: [PATCH V2 ifupdown2 00/10] 3.0.0-1 version
applied series, thanks! >>pushed out the 3.0.0-1 tag but then decided to update >>to current master as it allows to drop all extra patches and master had >>just one extra commit besides that Ok,no problem. Thanks ! - Mail original - De: "Thomas Lamprecht" À: "pve-devel" , "aderumier" Envoyé: Mercredi 3 Juin 2020 09:47:35 Objet: applied-series: Re: [pve-devel] [PATCH V2 ifupdown2 00/10] 3.0.0-1 version On 6/2/20 10:31 AM, Alexandre Derumier wrote: > Hi, > > This patch series update ifupdown2 to 3.0.0-1. > > Please bump the proxmox git mirror to 3.0.0-1 tag. > applied series, thanks! pushed out the 3.0.0-1 tag but then decided to update to current master as it allows to drop all extra patches and master had just one extra commit besides that. ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 2/2] sdn: vlan : add mtu field
Signed-off-by: Alexandre Derumier --- www/manager6/sdn/zones/VlanEdit.js | 10 ++ 1 file changed, 10 insertions(+) diff --git a/www/manager6/sdn/zones/VlanEdit.js b/www/manager6/sdn/zones/VlanEdit.js index 9060b4e5..79b6bc39 100644 --- a/www/manager6/sdn/zones/VlanEdit.js +++ b/www/manager6/sdn/zones/VlanEdit.js @@ -33,6 +33,16 @@ Ext.define('PVE.sdn.zones.VlanInputPanel', { fieldLabel: 'Bridge', allowBlank: false, }, + { +xtype: 'proxmoxintegerfield', +name: 'mtu', +minValue: 100, +maxValue: 65000, +fieldLabel: 'MTU', +skipEmptyText: true, +allowBlank: true, +emptyText: 'auto' + }, { xtype: 'pveNodeSelector', name: 'nodes', -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 1/2] sdn: add vlan aware option to vnet
Signed-off-by: Alexandre Derumier --- www/manager6/sdn/VnetEdit.js | 7 +++ www/manager6/sdn/VnetView.js | 5 + 2 files changed, 12 insertions(+) diff --git a/www/manager6/sdn/VnetEdit.js b/www/manager6/sdn/VnetEdit.js index 9ef2b1c0..c5e3859d 100644 --- a/www/manager6/sdn/VnetEdit.js +++ b/www/manager6/sdn/VnetEdit.js @@ -55,6 +55,13 @@ Ext.define('PVE.sdn.VnetInputPanel', { fieldLabel: gettext('Tag'), allowBlank: false, }, + { + xtype: 'proxmoxcheckbox', + name: 'vlanaware', + uncheckedValue: 0, + checked: false, + fieldLabel: gettext('VLAN aware') + }, { xtype: 'textfield', name: 'mac', diff --git a/www/manager6/sdn/VnetView.js b/www/manager6/sdn/VnetView.js index c8b0576a..c670ad70 100644 --- a/www/manager6/sdn/VnetView.js +++ b/www/manager6/sdn/VnetView.js @@ -92,6 +92,11 @@ Ext.define('PVE.sdn.VnetView', { flex: 1, dataIndex: 'tag', }, + { + header: gettext('VLAN aware'), + flex: 1, + dataIndex: 'vlanaware', + }, { header: 'IPv4/CIDR', flex: 1, -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 0/2] sdn: vlanaware + vlan mtu
Patch1 is a resend with fix Patch2 add missing mtu option to vlan plugin Alexandre Derumier (2): sdn: add vlan aware option to vnet sdn: vlan : add mtu field www/manager6/sdn/VnetEdit.js | 7 +++ www/manager6/sdn/VnetView.js | 5 + www/manager6/sdn/zones/VlanEdit.js | 10 ++ 3 files changed, 22 insertions(+) -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 2/7] vlan: ovs: use dot1q-tunnel when vlanaware is enabled
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/VlanPlugin.pm | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index 8364451..987c553 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -61,7 +61,12 @@ sub generate_sdn_config { @iface_config = (); push @iface_config, "ovs_type OVSIntPort"; push @iface_config, "ovs_bridge $bridge"; - push @iface_config, "ovs_options tag=$tag"; + if($vnet->{vlanaware}) { + push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$tag"; + } else { + push @iface_config, "ovs_options tag=$tag"; + } + push(@{$config->{$vnet_uplink}}, @iface_config) if !$config->{$vnet_uplink}; @iface_config = (); -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 1/7] add vnet vlan-aware option
Some users would like to be able to defined vlans at vm level, or allow trunks, on top of already tagged vnet. (including vlan on top of vxlan tunnel) Allow it on all layer2 plugins, and add a warn for evpn layer3 plugin. Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/VnetPlugin.pm| 5 + PVE/Network/SDN/Zones.pm | 14 + PVE/Network/SDN/Zones/EvpnPlugin.pm | 1 + PVE/Network/SDN/Zones/Plugin.pm | 31 +--- PVE/Network/SDN/Zones/QinQPlugin.pm | 4 PVE/Network/SDN/Zones/VlanPlugin.pm | 4 PVE/Network/SDN/Zones/VxlanPlugin.pm | 4 7 files changed, 24 insertions(+), 39 deletions(-) diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm index 179bfa4..2433013 100644 --- a/PVE/Network/SDN/VnetPlugin.pm +++ b/PVE/Network/SDN/VnetPlugin.pm @@ -58,6 +58,10 @@ sub properties { type => 'integer', description => "vlan or vxlan id", }, + vlanaware => { + type => 'boolean', + description => 'Allow vm VLANs to pass through this vnet.', + }, alias => { type => 'string', description => "alias name of the vnet", @@ -89,6 +93,7 @@ sub options { ipv4 => { optional => 1 }, ipv6 => { optional => 1 }, mac => { optional => 1 }, +vlanaware => { optional => 1 }, }; } diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm index 436b103..b8dc54c 100644 --- a/PVE/Network/SDN/Zones.pm +++ b/PVE/Network/SDN/Zones.pm @@ -214,18 +214,6 @@ sub status { return($zone_status, $vnet_status); } -sub get_bridge_vlan { -my ($vnetid) = @_; - -my $vnet = PVE::Network::SDN::Vnets::get_vnet($vnetid); - -return ($vnetid, undef) if !$vnet; # fallback for classic bridge - -my $plugin_config = get_plugin_config($vnet); -my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); -return $plugin->get_bridge_vlan($plugin_config, $vnetid, $vnet->{tag}); -} - sub tap_create { my ($iface, $bridge) = @_; @@ -270,7 +258,7 @@ sub tap_plug { if $plugin_config->{nodes} && !defined($plugin_config->{nodes}->{$nodename}); my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); -$plugin->tap_plug($plugin_config, $vnet, $iface, $bridge, $firewall, $rate); +$plugin->tap_plug($plugin_config, $vnet, $tag, $iface, $bridge, $firewall, $trunks, $rate); } 1; diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index 973e8e0..95fbb64 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -50,6 +50,7 @@ sub generate_sdn_config { my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; die "missing vxlan tag" if !$tag; +warn "vlan-aware vnet can't be enabled with evpn plugin" if $vnet->{vlanaware}; my @peers = split(',', $controller->{'peers'}); my ($ifaceip, $iface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers); diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm index 9ea7a50..0633b78 100644 --- a/PVE/Network/SDN/Zones/Plugin.pm +++ b/PVE/Network/SDN/Zones/Plugin.pm @@ -205,44 +205,23 @@ sub status { } -sub get_bridge_vlan { -my ($class, $plugin_config, $vnetid, $tag) = @_; - -my $bridge = $vnetid; -$tag = undef; - -die "bridge $bridge is missing" if !-d "/sys/class/net/$bridge/"; - -return ($bridge, $tag); -} - sub tap_create { my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_; -my $tag = $vnet->{tag}; -my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag); -die "unable to get bridge setting\n" if !$bridge; - -PVE::Network::tap_create($iface, $bridge); +PVE::Network::tap_create($iface, $vnetid); } sub veth_create { my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_; -my $tag = $vnet->{tag}; -my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag); -die "unable to get bridge setting\n" if !$bridge; - -PVE::Network::veth_create($veth, $vethpeer, $bridge, $hwaddr); +PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr); } sub tap_plug { -my ($class, $plugin_config, $vnet, $iface, $vnetid, $firewall, $rate) = @_; - -my $tag = $vnet->{tag}; +my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_; -($vnetid, $tag) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag); -my $trunks = undef; +my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering"); +die "vm vlans
[pve-devel] [PATCH V2 pve-network 3/7] qinq|vlan: ovs: add ovsint interfaces to ovs-ports list
if not, on reload, interfaces are unplug/replugged with packet loss. Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/QinQPlugin.pm | 4 PVE/Network/SDN/Zones/VlanPlugin.pm | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm index dcec6b4..20c0986 100644 --- a/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -74,6 +74,10 @@ sub generate_sdn_config { push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$stag other_config:qinq-ethtype=$vlanprotocol"; push(@{$config->{$svlan_iface}}, @iface_config) if !$config->{$svlan_iface}; + #redefine main ovs bridge, ifupdown2 will merge ovs_ports + @iface_config = (); + push @iface_config, "ovs_ports $svlan_iface"; + push(@{$config->{$bridge}}, @iface_config); #zone vlan aware bridge @iface_config = (); diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index 987c553..aeff1a4 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -66,9 +66,13 @@ sub generate_sdn_config { } else { push @iface_config, "ovs_options tag=$tag"; } - push(@{$config->{$vnet_uplink}}, @iface_config) if !$config->{$vnet_uplink}; + #redefine main ovs bridge, ifupdown2 will merge ovs_ports + @iface_config = (); + push @iface_config, "ovs_ports $vnet_uplink"; + push(@{$config->{$bridge}}, @iface_config); + @iface_config = (); push @iface_config, "ovs_type OVSBridge"; push @iface_config, "ovs_ports $vnet_uplink"; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 6/7] vlan: ovs: remove twice defined ovsbridge ports
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/VlanPlugin.pm | 5 - 1 file changed, 5 deletions(-) diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index 3bff970..0abe8da 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -76,11 +76,6 @@ sub generate_sdn_config { push @iface_config, "ovs_ports $vnet_uplink"; push(@{$config->{$bridge}}, @iface_config); - @iface_config = (); - push @iface_config, "ovs_type OVSBridge"; - push @iface_config, "ovs_ports $vnet_uplink"; - push(@{$config->{$bridge}}, @iface_config) if !$config->{$bridge}; - } elsif ($vlan_aware) { # eth0vlanaware bridge vmbr0--(vmbr0.X tag)>vnet>vm $vnet_uplink = "$bridge.$tag"; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 7/7] vlan: ovs : vlanaware: use 802.1q for tunnel
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/VlanPlugin.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index 0abe8da..edb132c 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -65,7 +65,7 @@ sub generate_sdn_config { push @iface_config, "ovs_bridge $bridge"; push @iface_config, "ovs_mtu $mtu" if $mtu; if($vnet->{vlanaware}) { - push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$tag"; + push @iface_config, "ovs_options vlan_mode=dot1q-tunnel other_config:qinq-ethtype=802.1q tag=$tag"; } else { push @iface_config, "ovs_options tag=$tag"; } -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 4/7] catch errors on sdn config generation
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones.pm| 8 +++- PVE/Network/SDN/Zones/QinQPlugin.pm | 1 + PVE/Network/SDN/Zones/VlanPlugin.pm | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm index b8dc54c..552b334 100644 --- a/PVE/Network/SDN/Zones.pm +++ b/PVE/Network/SDN/Zones.pm @@ -109,7 +109,13 @@ sub generate_etc_network_config { } my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); - $plugin->generate_sdn_config($plugin_config, $zone, $id, $vnet, $controller, $interfaces_config, $config); + eval { + $plugin->generate_sdn_config($plugin_config, $zone, $id, $vnet, $controller, $interfaces_config, $config); + }; + if($@) { + warn "zone $zone : vnet $id : $@"; + next; + } } my $raw_network_config = "\#version:$version\n"; diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm index 20c0986..2ae2649 100644 --- a/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -52,6 +52,7 @@ sub generate_sdn_config { my $vlanprotocol = $plugin_config->{'vlan-protocol'}; my $ctag = $vnet->{tag}; my $alias = $vnet->{alias}; +die "can't find bridge $bridge" if !-d "/sys/class/net/$bridge"; my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); my $is_ovs = 1 if !-d "/sys/class/net/$bridge/brif"; diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index aeff1a4..d3dc857 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -41,6 +41,8 @@ sub generate_sdn_config { my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_; my $bridge = $plugin_config->{bridge}; +die "can't find bridge $bridge" if !-d "/sys/class/net/$bridge"; + my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); my $is_ovs = 1 if !-d "/sys/class/net/$bridge/brif"; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 0/7] vlanaware vnets
This ass support for vlan-aware vnets. patch1 && 2 were already submit on the mailing patch3 is a small fix to avoid packet lost on reload with ovs + qinq|vlan plugins changelog v2: add more fixes for ovs Alexandre Derumier (7): add vnet vlan-aware option vlan: ovs: use dot1q-tunnel when vlanaware is enabled qinq|vlan: ovs: add ovsint interfaces to ovs-ports list catch errors on sdn config generation vlan|qinq: add mtu to ovsint link port vlan: ovs: remove twice defined ovsbridge ports vlan: ovs : vlanaware: use 802.1q for tunnel PVE/Network/SDN/VnetPlugin.pm| 5 + PVE/Network/SDN/Zones.pm | 22 +++- PVE/Network/SDN/Zones/EvpnPlugin.pm | 1 + PVE/Network/SDN/Zones/Plugin.pm | 31 +--- PVE/Network/SDN/Zones/QinQPlugin.pm | 10 + PVE/Network/SDN/Zones/VlanPlugin.pm | 17 --- PVE/Network/SDN/Zones/VxlanPlugin.pm | 4 7 files changed, 47 insertions(+), 43 deletions(-) -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 5/7] vlan|qinq: add mtu to ovsint link port
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/QinQPlugin.pm | 1 + PVE/Network/SDN/Zones/VlanPlugin.pm | 1 + 2 files changed, 2 insertions(+) diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm index 2ae2649..73c2e84 100644 --- a/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -72,6 +72,7 @@ sub generate_sdn_config { @iface_config = (); push @iface_config, "ovs_type OVSIntPort"; push @iface_config, "ovs_bridge $bridge"; + push @iface_config, "ovs_mtu $mtu" if $mtu; push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$stag other_config:qinq-ethtype=$vlanprotocol"; push(@{$config->{$svlan_iface}}, @iface_config) if !$config->{$svlan_iface}; diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index d3dc857..3bff970 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -63,6 +63,7 @@ sub generate_sdn_config { @iface_config = (); push @iface_config, "ovs_type OVSIntPort"; push @iface_config, "ovs_bridge $bridge"; + push @iface_config, "ovs_mtu $mtu" if $mtu; if($vnet->{vlanaware}) { push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$tag"; } else { -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 ifupdown2 00/10] 3.0.0-1 version
Hi, This patch series update ifupdown2 to 3.0.0-1. Please bump the proxmox git mirror to 3.0.0-1 tag. Main change python2 to python3 conversion. I have tested it since 2 weeks with differents sdn setup, I don't have seen regression. I have added extra patches from master branch, on top of 3.0.0-1 tag. They are some fix for ovs plugin, and some new interfaces like veth pair are supported too. (I need them for sdn). changelog v2: add missing 0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch Alexandre Derumier (10): remove extra patches rebase 0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch rebase 0007-networking.service-fix-dependencies-and-ordering.patch remove 0008-add-openvswitch-addon.patch add extra patch: 0002-nllistener-increase-buffer.patch add extra patch: 0003-ovs-multiple-ovsport.patch add extra patch: 0004-fix-start-networking-permission.patch control: update python3 changelog: bump to 3.0.0-1 add patch 0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch debian/changelog | 6 + debian/control| 13 +- ...g-option-to-common_argparse-to-avoid.patch | 44 -- .../0001-ovs-ovs-ports-condone-regex.patch| 66 ++ .../extra/0002-fix-default-forwarding.patch | 100 --- .../0002-nllistener-increase-buffer.patch | 25 + .../extra/0003-ovs-multiple-ovsport.patch | 53 ++ ...0004-fix-start-networking-permission.patch | 13 + ...-veth-fwpr-interfaces-from-bridge-on.patch | 29 +- ...ervice-fix-dependencies-and-ordering.patch | 17 +- .../pve/0008-add-openvswitch-addon.patch | 595 -- ...ports-condone-regex-exclude-tap-veth.patch | 34 + debian/patches/series | 8 +- 13 files changed, 226 insertions(+), 777 deletions(-) delete mode 100644 debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch create mode 100644 debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch delete mode 100644 debian/patches/extra/0002-fix-default-forwarding.patch create mode 100644 debian/patches/extra/0002-nllistener-increase-buffer.patch create mode 100644 debian/patches/extra/0003-ovs-multiple-ovsport.patch create mode 100644 debian/patches/extra/0004-fix-start-networking-permission.patch delete mode 100644 debian/patches/pve/0008-add-openvswitch-addon.patch create mode 100644 debian/patches/pve/0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 ifupdown2 08/10] control: update python3
Signed-off-by: Alexandre Derumier --- debian/control | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/debian/control b/debian/control index 62358f6..5a95659 100644 --- a/debian/control +++ b/debian/control @@ -5,12 +5,13 @@ Maintainer: Proxmox Support Team Build-Depends: debhelper (>=9), dh-systemd, dh-python, - python-all, - python-setuptools, - python-docutils + python3, + python3-all, + python3-setuptools, + python3-docutils Standards-Version: 3.9.8 Homepage: https://github.com/cumulusnetworks/ifupdown2 -X-Python-Version: >= 2.7 +X-Python-Version: >= 3.7 Package: ifupdown2 Architecture: all @@ -18,8 +19,8 @@ Provides: ifupdown Conflicts: ifupdown Replaces: ifupdown Breaks: libpve-common-perl (<< 6.0-14) -Depends: ${python:Depends}, ${misc:Depends}, iproute2, python-argcomplete, python-ipaddr -Suggests: isc-dhcp-client, bridge-utils, ethtool, python-gvgen, python-mako +Depends: ${python3:Depends}, ${misc:Depends}, iproute2 +Suggests: isc-dhcp-client, bridge-utils, ethtool, python3-gvgen, python3-mako Description: Network Interface Management tool similar to ifupdown ifupdown2 is ifupdown re-written in Python. It replaces ifupdown and provides the same user interface as ifupdown for network interface configuration. -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 ifupdown2 07/10] add extra patch: 0004-fix-start-networking-permission.patch
https://github.com/CumulusNetworks/ifupdown2/commit/5cbe13d17a28e1ce4a411092f0bd659360406572 Signed-off-by: Alexandre Derumier --- .../0004-fix-start-networking-permission.patch | 13 + debian/patches/series | 1 + 2 files changed, 14 insertions(+) create mode 100644 debian/patches/extra/0004-fix-start-networking-permission.patch diff --git a/debian/patches/extra/0004-fix-start-networking-permission.patch b/debian/patches/extra/0004-fix-start-networking-permission.patch new file mode 100644 index 000..5357e31 --- /dev/null +++ b/debian/patches/extra/0004-fix-start-networking-permission.patch @@ -0,0 +1,13 @@ +From 5cbe13d17a28e1ce4a411092f0bd659360406572 Mon Sep 17 00:00:00 2001 +From: bauen1 +Date: Fri, 15 May 2020 17:16:04 +0200 +Subject: [PATCH] allow systemd to execute the helper script + +--- + ifupdown2/sbin/start-networking | 0 + 1 file changed, 0 insertions(+), 0 deletions(-) + mode change 100644 => 100755 ifupdown2/sbin/start-networking + +diff --git a/ifupdown2/sbin/start-networking b/ifupdown2/sbin/start-networking +old mode 100644 +new mode 100755 diff --git a/debian/patches/series b/debian/patches/series index e6a1270..92b4af5 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,6 +1,7 @@ extra/0001-ovs-ovs-ports-condone-regex.patch extra/0002-nllistener-increase-buffer.patch extra/0003-ovs-multiple-ovsport.patch +extra/0004-fix-start-networking-permission.patch pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch pve/0002-add-dummy-mtu-bridgevlanport-modules.patch pve/0003-allow-vlan-subinterface-in-a-vlan-aware-bridge.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 ifupdown2 05/10] add extra patch: 0002-nllistener-increase-buffer.patch
https://github.com/CumulusNetworks/ifupdown2/commit/523b347ad49234efb7787f6f084070034de7e977 Signed-off-by: Alexandre Derumier --- .../0002-nllistener-increase-buffer.patch | 25 +++ debian/patches/series | 1 + 2 files changed, 26 insertions(+) create mode 100644 debian/patches/extra/0002-nllistener-increase-buffer.patch diff --git a/debian/patches/extra/0002-nllistener-increase-buffer.patch b/debian/patches/extra/0002-nllistener-increase-buffer.patch new file mode 100644 index 000..72a4f06 --- /dev/null +++ b/debian/patches/extra/0002-nllistener-increase-buffer.patch @@ -0,0 +1,25 @@ +From 523b347ad49234efb7787f6f084070034de7e977 Mon Sep 17 00:00:00 2001 +From: Alexandre Derumier +Date: Wed, 27 May 2020 15:49:49 +0200 +Subject: [PATCH] nllistener: increase netlink buffer to 64k + +Currently 4k buffer is too small to handle some netlink messages + +(Like bridge vlans for example, with 32k messages detected). +--- + ifupdown2/nlmanager/nllistener.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ifupdown2/nlmanager/nllistener.py b/ifupdown2/nlmanager/nllistener.py +index b40b058..e319dc4 100644 +--- a/ifupdown2/nlmanager/nllistener.py b/ifupdown2/nlmanager/nllistener.py +@@ -44,7 +44,7 @@ class NetlinkListener(Thread): + # As defined in asm/socket.h + _SO_ATTACH_FILTER = 26 + +-RECV_BUFFER = 4096 # 1024 * 1024 ++RECV_BUFFER = 65536 # 1024 * 1024 + + def __init__(self, manager, groups, pid_offset=1, error_notification=False, rcvbuf_sz=1000, bpf_filter=None): + """ diff --git a/debian/patches/series b/debian/patches/series index 8363c15..e57723c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1,5 @@ extra/0001-ovs-ovs-ports-condone-regex.patch +extra/0002-nllistener-increase-buffer.patch pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch pve/0002-add-dummy-mtu-bridgevlanport-modules.patch pve/0003-allow-vlan-subinterface-in-a-vlan-aware-bridge.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 ifupdown2 02/10] rebase 0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch
Signed-off-by: Alexandre Derumier --- ...-veth-fwpr-interfaces-from-bridge-on.patch | 29 +-- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/debian/patches/pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch b/debian/patches/pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch index 869f0f3..36b256e 100644 --- a/debian/patches/pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch +++ b/debian/patches/pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch @@ -1,43 +1,30 @@ -From 874ba884a7ff8f0059e069aac2855c2ffd5cacd2 Mon Sep 17 00:00:00 2001 +From e048d4f3c6516c4b7519112de13f79f70d56d44b Mon Sep 17 00:00:00 2001 From: Alexandre Derumier Date: Wed, 16 May 2018 02:11:45 +0200 -Subject: [PATCH 1/7] don't remove (tap|veth|fwpr) interfaces from bridge on - ifup bridge +Subject: [PATCH] don't remove (tap|veth|fwpr) interfaces from bridge on ifup + bridge as proxmox don't defined them in /etc/network/interfaces Signed-off-by: Thomas Lamprecht Signed-off-by: Alexandre Derumier --- - debian/rules | 2 +- ifupdown2/addons/bridge.py | 4 - 2 files changed, 5 insertions(+), 1 deletion(-) + 1 file changed, 4 insertions(+) -diff --git a/debian/rules b/debian/rules -index 6274b3a..dfd460f 100755 a/debian/rules -+++ b/debian/rules -@@ -1,6 +1,6 @@ - #!/usr/bin/make -f - --#export DH_VERBOSE=1 -+export DH_VERBOSE=1 - export PYBUILD_NAME=ifupdown2 - export PYBUILD_INSTALL_ARGS=--install-lib=/usr/share/ --install-scripts=/usr/share/ - diff --git a/ifupdown2/addons/bridge.py b/ifupdown2/addons/bridge.py -index 00b1eaa..35944ac 100644 +index d990b66..365e87d 100644 --- a/ifupdown2/addons/bridge.py +++ b/ifupdown2/addons/bridge.py -@@ -440,6 +440,7 @@ class bridge(Addon, moduleBase): +@@ -439,6 +439,7 @@ class bridge(Addon, moduleBase): "bridge-ports-condone-regex": { "help": "bridge ports to ignore/condone when reloading config / removing interfaces", "required": False, +"default": "^(tap|veth|fwpr)", "example": ["bridge-ports-condone-regex ^[a-zA-Z0-9]+_v[0-9]{1,4}$"] }, - } -@@ -1006,6 +1007,9 @@ class bridge(Addon, moduleBase): + "bridge-vlan-vni-map": { +@@ -1013,6 +1014,9 @@ class bridge(Addon, moduleBase): # up a compiled regex to be used in a match later. This way we try to avoid # a race condition where an (possibly VM) interface is created after this # function has been called but before the bridgeports are validated. -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 ifupdown2 06/10] add extra patch: 0003-ovs-multiple-ovsport.patch
https://github.com/CumulusNetworks/ifupdown2/pull/164 Signed-off-by: Alexandre Derumier --- .../extra/0003-ovs-multiple-ovsport.patch | 53 +++ debian/patches/series | 1 + 2 files changed, 54 insertions(+) create mode 100644 debian/patches/extra/0003-ovs-multiple-ovsport.patch diff --git a/debian/patches/extra/0003-ovs-multiple-ovsport.patch b/debian/patches/extra/0003-ovs-multiple-ovsport.patch new file mode 100644 index 000..bb18056 --- /dev/null +++ b/debian/patches/extra/0003-ovs-multiple-ovsport.patch @@ -0,0 +1,53 @@ +From 6cdb2b3d220fdf60ea8d0a2982a90c583dec467e Mon Sep 17 00:00:00 2001 +From: Alexandre Derumier +Date: Thu, 28 May 2020 11:21:55 +0200 +Subject: [PATCH] addons: openvswitch: allow multiple ovs-ports + glob/regex + +--- + ifupdown2/addons/openvswitch.py | 18 +++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +diff --git a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +index 468d7df..936c871 100644 +--- a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +@@ -37,6 +37,12 @@ class openvswitch(Addon, moduleBase): + 'help': 'Interfaces to be part of this ovs bridge.', + 'validvals': [''], + 'required': False, ++"multivalue": True, ++"example": [ ++"ovs-ports swp1.100 swp2.100 swp3.100", ++"ovs-ports glob swp1-3.100", ++"ovs-ports regex (swp[1|2|3].100)" ++] + }, + 'ovs-type': { + 'help': 'ovs interface type', +@@ -87,10 +93,15 @@ def _is_ovs_bridge (self, ifaceobj): + return False + + def _get_ovs_ports (self, ifaceobj): +-ovs_ports = ifaceobj.get_attr_value_first('ovs-ports') ++ovs_ports = [] ++ ++for port in ifaceobj.get_attr_value('ovs-ports') or []: ++ovs_ports.extend(port.split()) ++ + if ovs_ports: +-return sorted (ovs_ports.split ()) +-return None ++return self.parse_port_list(ifaceobj.name, ' '.join(ovs_ports)) ++else: ++return None + + def _get_running_ovs_ports (self, iface): + output = utils.exec_command("/usr/bin/ovs-vsctl list-ports %s" %iface) +@@ -152,6 +163,7 @@ def _addbridge (self, ifaceobj): + ovs_ports = self._get_ovs_ports(ifaceobj) + running_ovs_ports = self._get_running_ovs_ports(iface) + ++missingports = [] + if running_ovs_ports is not None and ovs_ports is not None: + missingports = list(set(running_ovs_ports) - set(ovs_ports)) + diff --git a/debian/patches/series b/debian/patches/series index e57723c..e6a1270 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,5 +1,6 @@ extra/0001-ovs-ovs-ports-condone-regex.patch extra/0002-nllistener-increase-buffer.patch +extra/0003-ovs-multiple-ovsport.patch pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch pve/0002-add-dummy-mtu-bridgevlanport-modules.patch pve/0003-allow-vlan-subinterface-in-a-vlan-aware-bridge.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 ifupdown2 09/10] changelog: bump to 3.0.0-1
Signed-off-by: Alexandre Derumier --- debian/changelog | 6 ++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 7ca7226..ff13c56 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ifupdown2 (3.0.0-1+pve1) pve; urgency=medium + + * Bump to 3.0.0-1 + + -- Proxmox Support Team Tue, 28 May 2020 11:10:20 +0200 + ifupdown2 (2.0.1-1+pve10) pve; urgency=medium * avoid bringing network config in sync if pve-common isn't available -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 ifupdown2 01/10] remove extra patches
Signed-off-by: Alexandre Derumier --- ...g-option-to-common_argparse-to-avoid.patch | 44 .../extra/0002-fix-default-forwarding.patch | 100 -- debian/patches/series | 2 - 3 files changed, 146 deletions(-) delete mode 100644 debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch delete mode 100644 debian/patches/extra/0002-fix-default-forwarding.patch diff --git a/debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch b/debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch deleted file mode 100644 index f02574f..000 --- a/debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 8e9960454d58f648547fcb086a8b4352a4aa4faa Mon Sep 17 00:00:00 2001 -From: Julien Fortin -Date: Tue, 31 Dec 2019 20:25:44 +0100 -Subject: [PATCH] argv: move --nldebug option to common_argparse to avoid - exception in ifreload - -Signed-off-by: Julien Fortin -Signed-off-by: Thomas Lamprecht - ifupdown2/ifupdown/argv.py | 14 +++--- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/ifupdown2/ifupdown/argv.py b/ifupdown2/ifupdown/argv.py -index e560b40..a96a390 100644 a/ifupdown2/ifupdown/argv.py -+++ b/ifupdown2/ifupdown/argv.py -@@ -148,13 +148,6 @@ class Parse: -help='type of interface entry (iface or vlan). ' - 'This option can be used in case of ambiguity between ' - 'a vlan interface and an iface interface of the same name') --argparser.add_argument( --"--nldebug", --dest="nldebug", --action="store_true", --default=False, --help="print netlink debug messages" --) - - def update_ifupdown_argparser(self, argparser): - """ common arg parser for ifup and ifdown """ -@@ -248,3 +241,10 @@ class Parse: - ''' general parsing rules ''' - - argparser.add_argument('-V', '--version', action=VersionAction, nargs=0) -+argparser.add_argument( -+"--nldebug", -+dest="nldebug", -+action="store_true", -+default=False, -+help="print netlink debug messages" -+) --- -2.20.1 - diff --git a/debian/patches/extra/0002-fix-default-forwarding.patch b/debian/patches/extra/0002-fix-default-forwarding.patch deleted file mode 100644 index c1a72a3..000 --- a/debian/patches/extra/0002-fix-default-forwarding.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 85a93e870777f774e5901bd4443ddff2e8eaa444 Mon Sep 17 00:00:00 2001 -From: Alexandre Derumier -Date: Mon, 24 Feb 2020 15:18:56 +0100 -Subject: [PATCH] fix default forwarding - -Signed-off-by: Alexandre Derumier - ifupdown2/addons/address.py | 70 + - 1 file changed, 40 insertions(+), 30 deletions(-) - -diff --git a/ifupdown2/addons/address.py b/ifupdown2/addons/address.py -index 83974d7..b9a16ee 100644 a/ifupdown2/addons/address.py -+++ b/ifupdown2/addons/address.py -@@ -821,42 +821,52 @@ class address(Addon, moduleBase): -'bridge port' %ifaceobj.name) - return - setting_default_value = False -+ -+ - if not ipforward: - setting_default_value = True --ipforward = (self.ipforward or -- self.get_mod_subattr('ip-forward', 'default')) --ipforward = int(utils.get_boolean_from_string(ipforward)) --running_ipforward = self.cache.get_netconf_forwarding(socket.AF_INET, ifaceobj.name) --if ipforward != running_ipforward: --try: --self.sysctl_set('net.ipv4.conf.%s.forwarding' --%('/'.join(ifaceobj.name.split("."))), --ipforward) --except Exception as e: --if not setting_default_value: --ifaceobj.status = ifaceStatus.ERROR --self.logger.error('%s: %s' %(ifaceobj.name, str(e))) -+ ipforward = self.ipforward -+ -+if ipforward: -+ -+ipforward = int(utils.get_boolean_from_string(ipforward)) -+running_ipforward = self.cache.get_netconf_forwarding(socket.AF_INET, ifaceobj.name) -+ -+if ipforward != running_ipforward: -+try: -+self.sysctl_set('net.ipv4.conf.%s.forwarding' -+%('/'.join(ifaceobj.name.split("."))), -+ipforward) -+except Exception as e: -+if not setting_default_value: -+ifaceobj.status = ifaceStat
[pve-devel] [PATCH V2 ifupdown2 04/10] remove 0008-add-openvswitch-addon.patch
openvswitch is now upstream add extra-patch for ovs-ports-condone-regex https://github.com/CumulusNetworks/ifupdown2/pull/157 Signed-off-by: Alexandre Derumier --- .../0001-ovs-ovs-ports-condone-regex.patch| 66 ++ .../pve/0008-add-openvswitch-addon.patch | 595 -- debian/patches/series | 2 +- 3 files changed, 67 insertions(+), 596 deletions(-) create mode 100644 debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch delete mode 100644 debian/patches/pve/0008-add-openvswitch-addon.patch diff --git a/debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch b/debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch new file mode 100644 index 000..745c5e0 --- /dev/null +++ b/debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch @@ -0,0 +1,66 @@ +From 5efdf225e1f0e2705d44f36887c3e00207dd69d2 Mon Sep 17 00:00:00 2001 +From: Alexandre Derumier +Date: Sat, 16 May 2020 08:11:22 +0200 +Subject: [PATCH] addon: openvswitch : add ovs-ports-condone-regex option + +Like for bridge, add a option to skip delete a regex list of interfaces. +(can be usefull for hypervisor, when vm interfaces are dynamically plugged) +--- + ifupdown2/addons/openvswitch.py | 18 ++ + 1 file changed, 18 insertions(+) + +diff --git a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +index 767d09a..468d7df 100644 +--- a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +@@ -63,6 +63,11 @@ class openvswitch(Addon, moduleBase): + 'example': ['ovs_extra set bridge ${IFACE} other-config:hwaddr=00:59:cf:9c:84:3a -- br-set-external-id ${IFACE} bridge-id ${IFACE}'] + + }, ++'ovs-ports-condone-regex': { ++"help": "ovs ports to ignore/condone when reloading config / removing interfaces", ++"required": False, ++"example": ["ovs-ports-condone-regex ^[a-zA-Z0-9]+_v[0-9]{1,4}$"] ++}, + } + } + +@@ -94,6 +99,14 @@ def _get_running_ovs_ports (self, iface): + return ovs_ports + return None + ++def _get_ovs_port_condone_regex(self, ifaceobj, get_string = False): ++ovs_port_condone_regex = ifaceobj.get_attr_value_first('ovs-ports-condone-regex') ++if ovs_port_condone_regex: ++if get_string: ++return ovs_port_condone_regex ++return re.compile (r"%s" % ovs_port_condone_regex) ++return None ++ + def _ovs_vsctl(self, ifaceobj, cmdlist): + + if cmdlist: +@@ -122,6 +135,7 @@ def _addbridge (self, ifaceobj): + ovsoptions = ifaceobj.get_attr_value_first ('ovs-options') + ovsextra = ifaceobj.get_attr_value('ovs-extra') + ovsmtu = ifaceobj.get_attr_value_first ('ovs-mtu') ++ovsportscondoneregex = self._get_ovs_port_condone_regex(ifaceobj) + + cmd_list = [] + +@@ -137,11 +151,15 @@ def _addbridge (self, ifaceobj): + # on update, delete active ports not in the new port list + ovs_ports = self._get_ovs_ports(ifaceobj) + running_ovs_ports = self._get_running_ovs_ports(iface) ++ + if running_ovs_ports is not None and ovs_ports is not None: + missingports = list(set(running_ovs_ports) - set(ovs_ports)) + + if missingports is not None: + for port in missingports: ++if ovsportscondoneregex and ovsportscondoneregex.match(port): ++self.logger.info("%s: port %s will stay enslaved as it matches with ovs-ports-condone-regex" % (ifaceobj.name, port)) ++continue + cmd = "--if-exists del-port %s %s"%(iface, port) + cmd_list.append(cmd) + diff --git a/debian/patches/pve/0008-add-openvswitch-addon.patch b/debian/patches/pve/0008-add-openvswitch-addon.patch deleted file mode 100644 index 847c0bf..000 --- a/debian/patches/pve/0008-add-openvswitch-addon.patch +++ /dev/null @@ -1,595 +0,0 @@ -From 4311f4deb9b95e67694c04ced13782a3608a176b Mon Sep 17 00:00:00 2001 -From: Alexandre Derumier -Date: Mon, 17 Feb 2020 13:32:18 +0100 -Subject: [PATCH] add openvswitch addon - -Signed-off-by: Alexandre Derumier - etc/network/ifupdown2/addons.conf| 4 + - ifupdown2/addons/openvswitch.py | 248 - ifupdown2/addons/openvswitch_port.py | 274 +++ - ifupdown2/lib/iproute2.py| 3 + - ifupdown2/nlmanager/nlpacket.py | 1 + - 5 files changed, 530 insertions(+) - create mode 100644 ifupdown2/addons/openvswitch.py - create mode 100644 ifupdown2/addons/openvswitch_port.py - -diff --git a/etc/network/ifupdown2/addons.conf b/etc/network/ifupdown2/addons.conf -index c43d377..8811cc2 100644 a/etc/network/ifupdown2/addons.conf -+++ b/
[pve-devel] [PATCH V2 ifupdown2 03/10] rebase 0007-networking.service-fix-dependencies-and-ordering.patch
Signed-off-by: Alexandre Derumier --- service-fix-dependencies-and-ordering.patch | 17 + 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/debian/patches/pve/0007-networking.service-fix-dependencies-and-ordering.patch b/debian/patches/pve/0007-networking.service-fix-dependencies-and-ordering.patch index 1c49ccd..66d1e18 100644 --- a/debian/patches/pve/0007-networking.service-fix-dependencies-and-ordering.patch +++ b/debian/patches/pve/0007-networking.service-fix-dependencies-and-ordering.patch @@ -1,4 +1,4 @@ -From 0aa90eb35e22ca156f6ab8fafd30071211bc3e50 Mon Sep 17 00:00:00 2001 +From e8ce294b4db6039216b72e353a51d1bac0c5313d Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Thu, 30 Jan 2020 12:48:23 +0100 Subject: [PATCH] networking.service: fix dependencies and ordering @@ -17,14 +17,14 @@ ONCE!! Signed-off-by: Thomas Lamprecht --- debian/ifupdown2-pre.service| 13 + - debian/ifupdown2.networking.service | 7 +-- + debian/ifupdown2.networking.service | 8 ++-- debian/rules| 1 + - 3 files changed, 19 insertions(+), 2 deletions(-) + 3 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 debian/ifupdown2-pre.service diff --git a/debian/ifupdown2-pre.service b/debian/ifupdown2-pre.service new file mode 100644 -index 000..f0fb308 +index 000..b129a62 --- /dev/null +++ b/debian/ifupdown2-pre.service @@ -0,0 +1,13 @@ @@ -42,7 +42,7 @@ index 000..f0fb308 +EnvironmentFile=-/etc/default/networking +ExecStart=/bin/udevadm settle diff --git a/debian/ifupdown2.networking.service b/debian/ifupdown2.networking.service -index b2acd97..8f54dc6 100644 +index 32f21f6..a49d1ba 100644 --- a/debian/ifupdown2.networking.service +++ b/debian/ifupdown2.networking.service @@ -2,8 +2,11 @@ @@ -58,14 +58,15 @@ index b2acd97..8f54dc6 100644 [Service] Type=oneshot -@@ -15,4 +18,4 @@ ExecStop=/sbin/ifdown -a - ExecReload=/sbin/ifreload -a +@@ -16,4 +19,5 @@ ExecStop=/usr/share/ifupdown2/sbin/start-networking stop + ExecReload=/usr/share/ifupdown2/sbin/start-networking reload [Install] -WantedBy=basic.target network.target shutdown.target +WantedBy=multi-user.target network-online.target ++ diff --git a/debian/rules b/debian/rules -index 6274b3a..9168c08 100755 +index ea6f434..fcb304f 100755 --- a/debian/rules +++ b/debian/rules @@ -15,6 +15,7 @@ override_dh_install: -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 ifupdown2 10/10] add patch 0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch
Signed-off-by: Alexandre Derumier --- ...ports-condone-regex-exclude-tap-veth.patch | 34 +++ debian/patches/series | 1 + 2 files changed, 35 insertions(+) create mode 100644 debian/patches/pve/0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch diff --git a/debian/patches/pve/0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch b/debian/patches/pve/0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch new file mode 100644 index 000..4cfdbf6 --- /dev/null +++ b/debian/patches/pve/0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch @@ -0,0 +1,34 @@ +From cfe5feada5532830a53031138c471541ebec813d Mon Sep 17 00:00:00 2001 +From: Alexandre Derumier +Date: Sun, 17 May 2020 15:46:36 +0200 +Subject: [PATCH] openvswitch : ovs-ports-condone-regex : exclude tap|veth|fwln + +Signed-off-by: Alexandre Derumier +--- + ifupdown2/addons/openvswitch.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +index 468d7df..48beef3 100644 +--- a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +@@ -65,6 +65,7 @@ class openvswitch(Addon, moduleBase): + }, + 'ovs-ports-condone-regex': { + "help": "ovs ports to ignore/condone when reloading config / removing interfaces", ++"default": "^(tap|veth|fwln)", + "required": False, + "example": ["ovs-ports-condone-regex ^[a-zA-Z0-9]+_v[0-9]{1,4}$"] + }, +@@ -101,6 +102,8 @@ class openvswitch(Addon, moduleBase): + + def _get_ovs_port_condone_regex(self, ifaceobj, get_string = False): + ovs_port_condone_regex = ifaceobj.get_attr_value_first('ovs-ports-condone-regex') ++if not ovs_port_condone_regex: ++ovs_port_condone_regex = self.get_attr_default_value('ovs-ports-condone-regex') + if ovs_port_condone_regex: + if get_string: + return ovs_port_condone_regex +-- +2.20.1 + diff --git a/debian/patches/series b/debian/patches/series index 92b4af5..af41dfe 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -9,4 +9,5 @@ pve/0004-don-t-remove-bridge-is-tap-veth-are-still-plugged.patch pve/0005-ifreload-down-up-vxlan-interfaces-when-ifreload_down.patch pve/0006-config-tuning.patch pve/0007-networking.service-fix-dependencies-and-ordering.patch +pve/0008-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch pve/0010-postinst-rm-update-network-config-compatibility.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [pve-network 2/3] vlan: ovs: use dot1q-tunnel when vlanaware is enabled
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/VlanPlugin.pm | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index 8364451..987c553 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -61,7 +61,12 @@ sub generate_sdn_config { @iface_config = (); push @iface_config, "ovs_type OVSIntPort"; push @iface_config, "ovs_bridge $bridge"; - push @iface_config, "ovs_options tag=$tag"; + if($vnet->{vlanaware}) { + push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$tag"; + } else { + push @iface_config, "ovs_options tag=$tag"; + } + push(@{$config->{$vnet_uplink}}, @iface_config) if !$config->{$vnet_uplink}; @iface_config = (); -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [pve-network 3/3] qinq|vlan: ovs: add ovsint interfaces to ovs-ports list
if not, on reload, interfaces are unplug/replugged with packet loss. Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/QinQPlugin.pm | 4 PVE/Network/SDN/Zones/VlanPlugin.pm | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm index 9077713..e3423ef 100644 --- a/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -73,6 +73,10 @@ sub generate_sdn_config { push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$stag other_config:qinq-ethtype=$vlanprotocol"; push(@{$config->{$svlan_iface}}, @iface_config) if !$config->{$svlan_iface}; + #redefine main ovs bridge, ifupdown2 will merge ovs_ports + @iface_config = (); + push @iface_config, "ovs_ports $svlan_iface"; + push(@{$config->{$bridge}}, @iface_config); #zone vlan aware bridge @iface_config = (); diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index 987c553..aeff1a4 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -66,9 +66,13 @@ sub generate_sdn_config { } else { push @iface_config, "ovs_options tag=$tag"; } - push(@{$config->{$vnet_uplink}}, @iface_config) if !$config->{$vnet_uplink}; + #redefine main ovs bridge, ifupdown2 will merge ovs_ports + @iface_config = (); + push @iface_config, "ovs_ports $vnet_uplink"; + push(@{$config->{$bridge}}, @iface_config); + @iface_config = (); push @iface_config, "ovs_type OVSBridge"; push @iface_config, "ovs_ports $vnet_uplink"; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [pve-network 0/3] vlanaware vnets
This ass support for vlan-aware vnets. patch1 && 2 were already submit on the mailing patch3 is a small fix to avoid packet lost on reload with ovs + qinq|vlan plugins Alexandre Derumier (3): add vnet vlan-aware option vlan: ovs: use dot1q-tunnel when vlanaware is enabled qinq|vlan: ovs: add ovsint interfaces to ovs-ports list PVE/Network/SDN/VnetPlugin.pm| 5 + PVE/Network/SDN/Zones.pm | 14 + PVE/Network/SDN/Zones/EvpnPlugin.pm | 1 + PVE/Network/SDN/Zones/Plugin.pm | 31 +--- PVE/Network/SDN/Zones/QinQPlugin.pm | 8 +++ PVE/Network/SDN/Zones/VlanPlugin.pm | 15 +- PVE/Network/SDN/Zones/VxlanPlugin.pm | 4 7 files changed, 38 insertions(+), 40 deletions(-) -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [pve-network 1/3] add vnet vlan-aware option
Some users would like to be able to defined vlans at vm level, or allow trunks, on top of already tagged vnet. (including vlan on top of vxlan tunnel) Allow it on all layer2 plugins, and add a warn for evpn layer3 plugin. Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/VnetPlugin.pm| 5 + PVE/Network/SDN/Zones.pm | 14 + PVE/Network/SDN/Zones/EvpnPlugin.pm | 1 + PVE/Network/SDN/Zones/Plugin.pm | 31 +--- PVE/Network/SDN/Zones/QinQPlugin.pm | 4 PVE/Network/SDN/Zones/VlanPlugin.pm | 4 PVE/Network/SDN/Zones/VxlanPlugin.pm | 4 7 files changed, 24 insertions(+), 39 deletions(-) diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm index 179bfa4..2433013 100644 --- a/PVE/Network/SDN/VnetPlugin.pm +++ b/PVE/Network/SDN/VnetPlugin.pm @@ -58,6 +58,10 @@ sub properties { type => 'integer', description => "vlan or vxlan id", }, + vlanaware => { + type => 'boolean', + description => 'Allow vm VLANs to pass through this vnet.', + }, alias => { type => 'string', description => "alias name of the vnet", @@ -89,6 +93,7 @@ sub options { ipv4 => { optional => 1 }, ipv6 => { optional => 1 }, mac => { optional => 1 }, +vlanaware => { optional => 1 }, }; } diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm index 436b103..b8dc54c 100644 --- a/PVE/Network/SDN/Zones.pm +++ b/PVE/Network/SDN/Zones.pm @@ -214,18 +214,6 @@ sub status { return($zone_status, $vnet_status); } -sub get_bridge_vlan { -my ($vnetid) = @_; - -my $vnet = PVE::Network::SDN::Vnets::get_vnet($vnetid); - -return ($vnetid, undef) if !$vnet; # fallback for classic bridge - -my $plugin_config = get_plugin_config($vnet); -my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); -return $plugin->get_bridge_vlan($plugin_config, $vnetid, $vnet->{tag}); -} - sub tap_create { my ($iface, $bridge) = @_; @@ -270,7 +258,7 @@ sub tap_plug { if $plugin_config->{nodes} && !defined($plugin_config->{nodes}->{$nodename}); my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); -$plugin->tap_plug($plugin_config, $vnet, $iface, $bridge, $firewall, $rate); +$plugin->tap_plug($plugin_config, $vnet, $tag, $iface, $bridge, $firewall, $trunks, $rate); } 1; diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index 973e8e0..95fbb64 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -50,6 +50,7 @@ sub generate_sdn_config { my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; die "missing vxlan tag" if !$tag; +warn "vlan-aware vnet can't be enabled with evpn plugin" if $vnet->{vlanaware}; my @peers = split(',', $controller->{'peers'}); my ($ifaceip, $iface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers); diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm index 9ea7a50..0633b78 100644 --- a/PVE/Network/SDN/Zones/Plugin.pm +++ b/PVE/Network/SDN/Zones/Plugin.pm @@ -205,44 +205,23 @@ sub status { } -sub get_bridge_vlan { -my ($class, $plugin_config, $vnetid, $tag) = @_; - -my $bridge = $vnetid; -$tag = undef; - -die "bridge $bridge is missing" if !-d "/sys/class/net/$bridge/"; - -return ($bridge, $tag); -} - sub tap_create { my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_; -my $tag = $vnet->{tag}; -my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag); -die "unable to get bridge setting\n" if !$bridge; - -PVE::Network::tap_create($iface, $bridge); +PVE::Network::tap_create($iface, $vnetid); } sub veth_create { my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_; -my $tag = $vnet->{tag}; -my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag); -die "unable to get bridge setting\n" if !$bridge; - -PVE::Network::veth_create($veth, $vethpeer, $bridge, $hwaddr); +PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr); } sub tap_plug { -my ($class, $plugin_config, $vnet, $iface, $vnetid, $firewall, $rate) = @_; - -my $tag = $vnet->{tag}; +my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_; -($vnetid, $tag) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag); -my $trunks = undef; +my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering"); +die "vm vlans
[pve-devel] [PATCH ifupdown2 3/9] rebase 0007-networking.service-fix-dependencies-and-ordering.patch
Signed-off-by: Alexandre Derumier --- service-fix-dependencies-and-ordering.patch | 17 + 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/debian/patches/pve/0007-networking.service-fix-dependencies-and-ordering.patch b/debian/patches/pve/0007-networking.service-fix-dependencies-and-ordering.patch index 1c49ccd..66d1e18 100644 --- a/debian/patches/pve/0007-networking.service-fix-dependencies-and-ordering.patch +++ b/debian/patches/pve/0007-networking.service-fix-dependencies-and-ordering.patch @@ -1,4 +1,4 @@ -From 0aa90eb35e22ca156f6ab8fafd30071211bc3e50 Mon Sep 17 00:00:00 2001 +From e8ce294b4db6039216b72e353a51d1bac0c5313d Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Thu, 30 Jan 2020 12:48:23 +0100 Subject: [PATCH] networking.service: fix dependencies and ordering @@ -17,14 +17,14 @@ ONCE!! Signed-off-by: Thomas Lamprecht --- debian/ifupdown2-pre.service| 13 + - debian/ifupdown2.networking.service | 7 +-- + debian/ifupdown2.networking.service | 8 ++-- debian/rules| 1 + - 3 files changed, 19 insertions(+), 2 deletions(-) + 3 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 debian/ifupdown2-pre.service diff --git a/debian/ifupdown2-pre.service b/debian/ifupdown2-pre.service new file mode 100644 -index 000..f0fb308 +index 000..b129a62 --- /dev/null +++ b/debian/ifupdown2-pre.service @@ -0,0 +1,13 @@ @@ -42,7 +42,7 @@ index 000..f0fb308 +EnvironmentFile=-/etc/default/networking +ExecStart=/bin/udevadm settle diff --git a/debian/ifupdown2.networking.service b/debian/ifupdown2.networking.service -index b2acd97..8f54dc6 100644 +index 32f21f6..a49d1ba 100644 --- a/debian/ifupdown2.networking.service +++ b/debian/ifupdown2.networking.service @@ -2,8 +2,11 @@ @@ -58,14 +58,15 @@ index b2acd97..8f54dc6 100644 [Service] Type=oneshot -@@ -15,4 +18,4 @@ ExecStop=/sbin/ifdown -a - ExecReload=/sbin/ifreload -a +@@ -16,4 +19,5 @@ ExecStop=/usr/share/ifupdown2/sbin/start-networking stop + ExecReload=/usr/share/ifupdown2/sbin/start-networking reload [Install] -WantedBy=basic.target network.target shutdown.target +WantedBy=multi-user.target network-online.target ++ diff --git a/debian/rules b/debian/rules -index 6274b3a..9168c08 100755 +index ea6f434..fcb304f 100755 --- a/debian/rules +++ b/debian/rules @@ -15,6 +15,7 @@ override_dh_install: -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH ifupdown2 7/9] add extra patch: 0004-fix-start-networking-permission.patch
https://github.com/CumulusNetworks/ifupdown2/commit/5cbe13d17a28e1ce4a411092f0bd659360406572 Signed-off-by: Alexandre Derumier --- .../0004-fix-start-networking-permission.patch | 13 + debian/patches/series | 1 + 2 files changed, 14 insertions(+) create mode 100644 debian/patches/extra/0004-fix-start-networking-permission.patch diff --git a/debian/patches/extra/0004-fix-start-networking-permission.patch b/debian/patches/extra/0004-fix-start-networking-permission.patch new file mode 100644 index 000..5357e31 --- /dev/null +++ b/debian/patches/extra/0004-fix-start-networking-permission.patch @@ -0,0 +1,13 @@ +From 5cbe13d17a28e1ce4a411092f0bd659360406572 Mon Sep 17 00:00:00 2001 +From: bauen1 +Date: Fri, 15 May 2020 17:16:04 +0200 +Subject: [PATCH] allow systemd to execute the helper script + +--- + ifupdown2/sbin/start-networking | 0 + 1 file changed, 0 insertions(+), 0 deletions(-) + mode change 100644 => 100755 ifupdown2/sbin/start-networking + +diff --git a/ifupdown2/sbin/start-networking b/ifupdown2/sbin/start-networking +old mode 100644 +new mode 100755 diff --git a/debian/patches/series b/debian/patches/series index e6a1270..92b4af5 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,6 +1,7 @@ extra/0001-ovs-ovs-ports-condone-regex.patch extra/0002-nllistener-increase-buffer.patch extra/0003-ovs-multiple-ovsport.patch +extra/0004-fix-start-networking-permission.patch pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch pve/0002-add-dummy-mtu-bridgevlanport-modules.patch pve/0003-allow-vlan-subinterface-in-a-vlan-aware-bridge.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH ifupdown2 6/9] add extra patch: 0003-ovs-multiple-ovsport.patch
https://github.com/CumulusNetworks/ifupdown2/pull/164 Signed-off-by: Alexandre Derumier --- .../extra/0003-ovs-multiple-ovsport.patch | 53 +++ debian/patches/series | 1 + 2 files changed, 54 insertions(+) create mode 100644 debian/patches/extra/0003-ovs-multiple-ovsport.patch diff --git a/debian/patches/extra/0003-ovs-multiple-ovsport.patch b/debian/patches/extra/0003-ovs-multiple-ovsport.patch new file mode 100644 index 000..bb18056 --- /dev/null +++ b/debian/patches/extra/0003-ovs-multiple-ovsport.patch @@ -0,0 +1,53 @@ +From 6cdb2b3d220fdf60ea8d0a2982a90c583dec467e Mon Sep 17 00:00:00 2001 +From: Alexandre Derumier +Date: Thu, 28 May 2020 11:21:55 +0200 +Subject: [PATCH] addons: openvswitch: allow multiple ovs-ports + glob/regex + +--- + ifupdown2/addons/openvswitch.py | 18 +++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +diff --git a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +index 468d7df..936c871 100644 +--- a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +@@ -37,6 +37,12 @@ class openvswitch(Addon, moduleBase): + 'help': 'Interfaces to be part of this ovs bridge.', + 'validvals': [''], + 'required': False, ++"multivalue": True, ++"example": [ ++"ovs-ports swp1.100 swp2.100 swp3.100", ++"ovs-ports glob swp1-3.100", ++"ovs-ports regex (swp[1|2|3].100)" ++] + }, + 'ovs-type': { + 'help': 'ovs interface type', +@@ -87,10 +93,15 @@ def _is_ovs_bridge (self, ifaceobj): + return False + + def _get_ovs_ports (self, ifaceobj): +-ovs_ports = ifaceobj.get_attr_value_first('ovs-ports') ++ovs_ports = [] ++ ++for port in ifaceobj.get_attr_value('ovs-ports') or []: ++ovs_ports.extend(port.split()) ++ + if ovs_ports: +-return sorted (ovs_ports.split ()) +-return None ++return self.parse_port_list(ifaceobj.name, ' '.join(ovs_ports)) ++else: ++return None + + def _get_running_ovs_ports (self, iface): + output = utils.exec_command("/usr/bin/ovs-vsctl list-ports %s" %iface) +@@ -152,6 +163,7 @@ def _addbridge (self, ifaceobj): + ovs_ports = self._get_ovs_ports(ifaceobj) + running_ovs_ports = self._get_running_ovs_ports(iface) + ++missingports = [] + if running_ovs_ports is not None and ovs_ports is not None: + missingports = list(set(running_ovs_ports) - set(ovs_ports)) + diff --git a/debian/patches/series b/debian/patches/series index e57723c..e6a1270 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,5 +1,6 @@ extra/0001-ovs-ovs-ports-condone-regex.patch extra/0002-nllistener-increase-buffer.patch +extra/0003-ovs-multiple-ovsport.patch pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch pve/0002-add-dummy-mtu-bridgevlanport-modules.patch pve/0003-allow-vlan-subinterface-in-a-vlan-aware-bridge.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH ifupdown2 0/9] 3.0.0-1 version
Hi, This patch series update ifupdown2 to 3.0.0-1. Please bump the proxmox git mirror to 3.0.0-1 tag. Main change python2 to python3 conversion. I have tested it since 2 weeks with differents sdn setup, I don't have seen regression. I have added extra patches from master branch, on top of 3.0.0-1 tag. They are some fix for ovs plugin, and some new interfaces like veth pair are supported too. (I need them for sdn). Alexandre Derumier (9): remove extra patches rebase 0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch rebase 0007-networking.service-fix-dependencies-and-ordering.patch remove 0008-add-openvswitch-addon.patch add extra patch: 0002-nllistener-increase-buffer.patch add extra patch: 0003-ovs-multiple-ovsport.patch add extra patch: 0004-fix-start-networking-permission.patch control: update python3 changelog: bump to 3.0.0-1 debian/changelog | 6 + debian/control| 13 +- ...g-option-to-common_argparse-to-avoid.patch | 44 -- .../0001-ovs-ovs-ports-condone-regex.patch| 66 ++ .../extra/0002-fix-default-forwarding.patch | 100 --- .../0002-nllistener-increase-buffer.patch | 25 + .../extra/0003-ovs-multiple-ovsport.patch | 53 ++ ...0004-fix-start-networking-permission.patch | 13 + ...-veth-fwpr-interfaces-from-bridge-on.patch | 29 +- ...ervice-fix-dependencies-and-ordering.patch | 17 +- .../pve/0008-add-openvswitch-addon.patch | 595 -- debian/patches/series | 7 +- 12 files changed, 191 insertions(+), 777 deletions(-) delete mode 100644 debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch create mode 100644 debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch delete mode 100644 debian/patches/extra/0002-fix-default-forwarding.patch create mode 100644 debian/patches/extra/0002-nllistener-increase-buffer.patch create mode 100644 debian/patches/extra/0003-ovs-multiple-ovsport.patch create mode 100644 debian/patches/extra/0004-fix-start-networking-permission.patch delete mode 100644 debian/patches/pve/0008-add-openvswitch-addon.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH ifupdown2 2/9] rebase 0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch
Signed-off-by: Alexandre Derumier --- ...-veth-fwpr-interfaces-from-bridge-on.patch | 29 +-- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/debian/patches/pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch b/debian/patches/pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch index 869f0f3..36b256e 100644 --- a/debian/patches/pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch +++ b/debian/patches/pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch @@ -1,43 +1,30 @@ -From 874ba884a7ff8f0059e069aac2855c2ffd5cacd2 Mon Sep 17 00:00:00 2001 +From e048d4f3c6516c4b7519112de13f79f70d56d44b Mon Sep 17 00:00:00 2001 From: Alexandre Derumier Date: Wed, 16 May 2018 02:11:45 +0200 -Subject: [PATCH 1/7] don't remove (tap|veth|fwpr) interfaces from bridge on - ifup bridge +Subject: [PATCH] don't remove (tap|veth|fwpr) interfaces from bridge on ifup + bridge as proxmox don't defined them in /etc/network/interfaces Signed-off-by: Thomas Lamprecht Signed-off-by: Alexandre Derumier --- - debian/rules | 2 +- ifupdown2/addons/bridge.py | 4 - 2 files changed, 5 insertions(+), 1 deletion(-) + 1 file changed, 4 insertions(+) -diff --git a/debian/rules b/debian/rules -index 6274b3a..dfd460f 100755 a/debian/rules -+++ b/debian/rules -@@ -1,6 +1,6 @@ - #!/usr/bin/make -f - --#export DH_VERBOSE=1 -+export DH_VERBOSE=1 - export PYBUILD_NAME=ifupdown2 - export PYBUILD_INSTALL_ARGS=--install-lib=/usr/share/ --install-scripts=/usr/share/ - diff --git a/ifupdown2/addons/bridge.py b/ifupdown2/addons/bridge.py -index 00b1eaa..35944ac 100644 +index d990b66..365e87d 100644 --- a/ifupdown2/addons/bridge.py +++ b/ifupdown2/addons/bridge.py -@@ -440,6 +440,7 @@ class bridge(Addon, moduleBase): +@@ -439,6 +439,7 @@ class bridge(Addon, moduleBase): "bridge-ports-condone-regex": { "help": "bridge ports to ignore/condone when reloading config / removing interfaces", "required": False, +"default": "^(tap|veth|fwpr)", "example": ["bridge-ports-condone-regex ^[a-zA-Z0-9]+_v[0-9]{1,4}$"] }, - } -@@ -1006,6 +1007,9 @@ class bridge(Addon, moduleBase): + "bridge-vlan-vni-map": { +@@ -1013,6 +1014,9 @@ class bridge(Addon, moduleBase): # up a compiled regex to be used in a match later. This way we try to avoid # a race condition where an (possibly VM) interface is created after this # function has been called but before the bridgeports are validated. -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH ifupdown2 1/9] remove extra patches
Signed-off-by: Alexandre Derumier --- ...g-option-to-common_argparse-to-avoid.patch | 44 .../extra/0002-fix-default-forwarding.patch | 100 -- debian/patches/series | 2 - 3 files changed, 146 deletions(-) delete mode 100644 debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch delete mode 100644 debian/patches/extra/0002-fix-default-forwarding.patch diff --git a/debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch b/debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch deleted file mode 100644 index f02574f..000 --- a/debian/patches/extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 8e9960454d58f648547fcb086a8b4352a4aa4faa Mon Sep 17 00:00:00 2001 -From: Julien Fortin -Date: Tue, 31 Dec 2019 20:25:44 +0100 -Subject: [PATCH] argv: move --nldebug option to common_argparse to avoid - exception in ifreload - -Signed-off-by: Julien Fortin -Signed-off-by: Thomas Lamprecht - ifupdown2/ifupdown/argv.py | 14 +++--- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/ifupdown2/ifupdown/argv.py b/ifupdown2/ifupdown/argv.py -index e560b40..a96a390 100644 a/ifupdown2/ifupdown/argv.py -+++ b/ifupdown2/ifupdown/argv.py -@@ -148,13 +148,6 @@ class Parse: -help='type of interface entry (iface or vlan). ' - 'This option can be used in case of ambiguity between ' - 'a vlan interface and an iface interface of the same name') --argparser.add_argument( --"--nldebug", --dest="nldebug", --action="store_true", --default=False, --help="print netlink debug messages" --) - - def update_ifupdown_argparser(self, argparser): - """ common arg parser for ifup and ifdown """ -@@ -248,3 +241,10 @@ class Parse: - ''' general parsing rules ''' - - argparser.add_argument('-V', '--version', action=VersionAction, nargs=0) -+argparser.add_argument( -+"--nldebug", -+dest="nldebug", -+action="store_true", -+default=False, -+help="print netlink debug messages" -+) --- -2.20.1 - diff --git a/debian/patches/extra/0002-fix-default-forwarding.patch b/debian/patches/extra/0002-fix-default-forwarding.patch deleted file mode 100644 index c1a72a3..000 --- a/debian/patches/extra/0002-fix-default-forwarding.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 85a93e870777f774e5901bd4443ddff2e8eaa444 Mon Sep 17 00:00:00 2001 -From: Alexandre Derumier -Date: Mon, 24 Feb 2020 15:18:56 +0100 -Subject: [PATCH] fix default forwarding - -Signed-off-by: Alexandre Derumier - ifupdown2/addons/address.py | 70 + - 1 file changed, 40 insertions(+), 30 deletions(-) - -diff --git a/ifupdown2/addons/address.py b/ifupdown2/addons/address.py -index 83974d7..b9a16ee 100644 a/ifupdown2/addons/address.py -+++ b/ifupdown2/addons/address.py -@@ -821,42 +821,52 @@ class address(Addon, moduleBase): -'bridge port' %ifaceobj.name) - return - setting_default_value = False -+ -+ - if not ipforward: - setting_default_value = True --ipforward = (self.ipforward or -- self.get_mod_subattr('ip-forward', 'default')) --ipforward = int(utils.get_boolean_from_string(ipforward)) --running_ipforward = self.cache.get_netconf_forwarding(socket.AF_INET, ifaceobj.name) --if ipforward != running_ipforward: --try: --self.sysctl_set('net.ipv4.conf.%s.forwarding' --%('/'.join(ifaceobj.name.split("."))), --ipforward) --except Exception as e: --if not setting_default_value: --ifaceobj.status = ifaceStatus.ERROR --self.logger.error('%s: %s' %(ifaceobj.name, str(e))) -+ ipforward = self.ipforward -+ -+if ipforward: -+ -+ipforward = int(utils.get_boolean_from_string(ipforward)) -+running_ipforward = self.cache.get_netconf_forwarding(socket.AF_INET, ifaceobj.name) -+ -+if ipforward != running_ipforward: -+try: -+self.sysctl_set('net.ipv4.conf.%s.forwarding' -+%('/'.join(ifaceobj.name.split("."))), -+ipforward) -+except Exception as e: -+if not setting_default_value: -+ifaceobj.status = ifaceStat
[pve-devel] [PATCH ifupdown2 5/9] add extra patch: 0002-nllistener-increase-buffer.patch
https://github.com/CumulusNetworks/ifupdown2/commit/523b347ad49234efb7787f6f084070034de7e977 Signed-off-by: Alexandre Derumier --- .../0002-nllistener-increase-buffer.patch | 25 +++ debian/patches/series | 1 + 2 files changed, 26 insertions(+) create mode 100644 debian/patches/extra/0002-nllistener-increase-buffer.patch diff --git a/debian/patches/extra/0002-nllistener-increase-buffer.patch b/debian/patches/extra/0002-nllistener-increase-buffer.patch new file mode 100644 index 000..72a4f06 --- /dev/null +++ b/debian/patches/extra/0002-nllistener-increase-buffer.patch @@ -0,0 +1,25 @@ +From 523b347ad49234efb7787f6f084070034de7e977 Mon Sep 17 00:00:00 2001 +From: Alexandre Derumier +Date: Wed, 27 May 2020 15:49:49 +0200 +Subject: [PATCH] nllistener: increase netlink buffer to 64k + +Currently 4k buffer is too small to handle some netlink messages + +(Like bridge vlans for example, with 32k messages detected). +--- + ifupdown2/nlmanager/nllistener.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ifupdown2/nlmanager/nllistener.py b/ifupdown2/nlmanager/nllistener.py +index b40b058..e319dc4 100644 +--- a/ifupdown2/nlmanager/nllistener.py b/ifupdown2/nlmanager/nllistener.py +@@ -44,7 +44,7 @@ class NetlinkListener(Thread): + # As defined in asm/socket.h + _SO_ATTACH_FILTER = 26 + +-RECV_BUFFER = 4096 # 1024 * 1024 ++RECV_BUFFER = 65536 # 1024 * 1024 + + def __init__(self, manager, groups, pid_offset=1, error_notification=False, rcvbuf_sz=1000, bpf_filter=None): + """ diff --git a/debian/patches/series b/debian/patches/series index 8363c15..e57723c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1,5 @@ extra/0001-ovs-ovs-ports-condone-regex.patch +extra/0002-nllistener-increase-buffer.patch pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch pve/0002-add-dummy-mtu-bridgevlanport-modules.patch pve/0003-allow-vlan-subinterface-in-a-vlan-aware-bridge.patch -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH ifupdown2 8/9] control: update python3
Signed-off-by: Alexandre Derumier --- debian/control | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/debian/control b/debian/control index 62358f6..5a95659 100644 --- a/debian/control +++ b/debian/control @@ -5,12 +5,13 @@ Maintainer: Proxmox Support Team Build-Depends: debhelper (>=9), dh-systemd, dh-python, - python-all, - python-setuptools, - python-docutils + python3, + python3-all, + python3-setuptools, + python3-docutils Standards-Version: 3.9.8 Homepage: https://github.com/cumulusnetworks/ifupdown2 -X-Python-Version: >= 2.7 +X-Python-Version: >= 3.7 Package: ifupdown2 Architecture: all @@ -18,8 +19,8 @@ Provides: ifupdown Conflicts: ifupdown Replaces: ifupdown Breaks: libpve-common-perl (<< 6.0-14) -Depends: ${python:Depends}, ${misc:Depends}, iproute2, python-argcomplete, python-ipaddr -Suggests: isc-dhcp-client, bridge-utils, ethtool, python-gvgen, python-mako +Depends: ${python3:Depends}, ${misc:Depends}, iproute2 +Suggests: isc-dhcp-client, bridge-utils, ethtool, python3-gvgen, python3-mako Description: Network Interface Management tool similar to ifupdown ifupdown2 is ifupdown re-written in Python. It replaces ifupdown and provides the same user interface as ifupdown for network interface configuration. -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH ifupdown2 9/9] changelog: bump to 3.0.0-1
Signed-off-by: Alexandre Derumier --- debian/changelog | 6 ++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 7ca7226..ff13c56 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ifupdown2 (3.0.0-1+pve1) pve; urgency=medium + + * Bump to 3.0.0-1 + + -- Proxmox Support Team Tue, 28 May 2020 11:10:20 +0200 + ifupdown2 (2.0.1-1+pve10) pve; urgency=medium * avoid bringing network config in sync if pve-common isn't available -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH ifupdown2 4/9] remove 0008-add-openvswitch-addon.patch
openvswitch is now upstream add extra-patch for ovs-ports-condone-regex https://github.com/CumulusNetworks/ifupdown2/pull/157 Signed-off-by: Alexandre Derumier --- .../0001-ovs-ovs-ports-condone-regex.patch| 66 ++ .../pve/0008-add-openvswitch-addon.patch | 595 -- debian/patches/series | 2 +- 3 files changed, 67 insertions(+), 596 deletions(-) create mode 100644 debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch delete mode 100644 debian/patches/pve/0008-add-openvswitch-addon.patch diff --git a/debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch b/debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch new file mode 100644 index 000..745c5e0 --- /dev/null +++ b/debian/patches/extra/0001-ovs-ovs-ports-condone-regex.patch @@ -0,0 +1,66 @@ +From 5efdf225e1f0e2705d44f36887c3e00207dd69d2 Mon Sep 17 00:00:00 2001 +From: Alexandre Derumier +Date: Sat, 16 May 2020 08:11:22 +0200 +Subject: [PATCH] addon: openvswitch : add ovs-ports-condone-regex option + +Like for bridge, add a option to skip delete a regex list of interfaces. +(can be usefull for hypervisor, when vm interfaces are dynamically plugged) +--- + ifupdown2/addons/openvswitch.py | 18 ++ + 1 file changed, 18 insertions(+) + +diff --git a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +index 767d09a..468d7df 100644 +--- a/ifupdown2/addons/openvswitch.py b/ifupdown2/addons/openvswitch.py +@@ -63,6 +63,11 @@ class openvswitch(Addon, moduleBase): + 'example': ['ovs_extra set bridge ${IFACE} other-config:hwaddr=00:59:cf:9c:84:3a -- br-set-external-id ${IFACE} bridge-id ${IFACE}'] + + }, ++'ovs-ports-condone-regex': { ++"help": "ovs ports to ignore/condone when reloading config / removing interfaces", ++"required": False, ++"example": ["ovs-ports-condone-regex ^[a-zA-Z0-9]+_v[0-9]{1,4}$"] ++}, + } + } + +@@ -94,6 +99,14 @@ def _get_running_ovs_ports (self, iface): + return ovs_ports + return None + ++def _get_ovs_port_condone_regex(self, ifaceobj, get_string = False): ++ovs_port_condone_regex = ifaceobj.get_attr_value_first('ovs-ports-condone-regex') ++if ovs_port_condone_regex: ++if get_string: ++return ovs_port_condone_regex ++return re.compile (r"%s" % ovs_port_condone_regex) ++return None ++ + def _ovs_vsctl(self, ifaceobj, cmdlist): + + if cmdlist: +@@ -122,6 +135,7 @@ def _addbridge (self, ifaceobj): + ovsoptions = ifaceobj.get_attr_value_first ('ovs-options') + ovsextra = ifaceobj.get_attr_value('ovs-extra') + ovsmtu = ifaceobj.get_attr_value_first ('ovs-mtu') ++ovsportscondoneregex = self._get_ovs_port_condone_regex(ifaceobj) + + cmd_list = [] + +@@ -137,11 +151,15 @@ def _addbridge (self, ifaceobj): + # on update, delete active ports not in the new port list + ovs_ports = self._get_ovs_ports(ifaceobj) + running_ovs_ports = self._get_running_ovs_ports(iface) ++ + if running_ovs_ports is not None and ovs_ports is not None: + missingports = list(set(running_ovs_ports) - set(ovs_ports)) + + if missingports is not None: + for port in missingports: ++if ovsportscondoneregex and ovsportscondoneregex.match(port): ++self.logger.info("%s: port %s will stay enslaved as it matches with ovs-ports-condone-regex" % (ifaceobj.name, port)) ++continue + cmd = "--if-exists del-port %s %s"%(iface, port) + cmd_list.append(cmd) + diff --git a/debian/patches/pve/0008-add-openvswitch-addon.patch b/debian/patches/pve/0008-add-openvswitch-addon.patch deleted file mode 100644 index 847c0bf..000 --- a/debian/patches/pve/0008-add-openvswitch-addon.patch +++ /dev/null @@ -1,595 +0,0 @@ -From 4311f4deb9b95e67694c04ced13782a3608a176b Mon Sep 17 00:00:00 2001 -From: Alexandre Derumier -Date: Mon, 17 Feb 2020 13:32:18 +0100 -Subject: [PATCH] add openvswitch addon - -Signed-off-by: Alexandre Derumier - etc/network/ifupdown2/addons.conf| 4 + - ifupdown2/addons/openvswitch.py | 248 - ifupdown2/addons/openvswitch_port.py | 274 +++ - ifupdown2/lib/iproute2.py| 3 + - ifupdown2/nlmanager/nlpacket.py | 1 + - 5 files changed, 530 insertions(+) - create mode 100644 ifupdown2/addons/openvswitch.py - create mode 100644 ifupdown2/addons/openvswitch_port.py - -diff --git a/etc/network/ifupdown2/addons.conf b/etc/network/ifupdown2/addons.conf -index c43d377..8811cc2 100644 a/etc/network/ifupdown2/addons.conf -+++ b/
[pve-devel] [pve-network] vlan: ovs: use dot1q-tunnel when vlanaware is enabled
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/VlanPlugin.pm | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index 8364451..987c553 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -61,7 +61,12 @@ sub generate_sdn_config { @iface_config = (); push @iface_config, "ovs_type OVSIntPort"; push @iface_config, "ovs_bridge $bridge"; - push @iface_config, "ovs_options tag=$tag"; + if($vnet->{vlanaware}) { + push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$tag"; + } else { + push @iface_config, "ovs_options tag=$tag"; + } + push(@{$config->{$vnet_uplink}}, @iface_config) if !$config->{$vnet_uplink}; @iface_config = (); -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager] sdn: add vlan aware option to vnet
Signed-off-by: Alexandre Derumier --- www/manager6/sdn/VnetEdit.js | 5 ++--- www/manager6/sdn/VnetView.js | 5 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/www/manager6/sdn/VnetEdit.js b/www/manager6/sdn/VnetEdit.js index e2ace128..c5e3859d 100644 --- a/www/manager6/sdn/VnetEdit.js +++ b/www/manager6/sdn/VnetEdit.js @@ -59,9 +59,8 @@ Ext.define('PVE.sdn.VnetInputPanel', { xtype: 'proxmoxcheckbox', name: 'vlanaware', uncheckedValue: 0, - defaultValue: 0, - checked: 1, - fieldLabel: gettext('Vlan Aware') + checked: false, + fieldLabel: gettext('VLAN aware') }, { xtype: 'textfield', diff --git a/www/manager6/sdn/VnetView.js b/www/manager6/sdn/VnetView.js index c8b0576a..c670ad70 100644 --- a/www/manager6/sdn/VnetView.js +++ b/www/manager6/sdn/VnetView.js @@ -92,6 +92,11 @@ Ext.define('PVE.sdn.VnetView', { flex: 1, dataIndex: 'tag', }, + { + header: gettext('VLAN aware'), + flex: 1, + dataIndex: 'vlanaware', + }, { header: 'IPv4/CIDR', flex: 1, -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-docs 3/3] sdn: fix qinq zone2 example
Signed-off-by: Alexandre Derumier --- pvesdn.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pvesdn.adoc b/pvesdn.adoc index af89bba..90a89d8 100644 --- a/pvesdn.adoc +++ b/pvesdn.adoc @@ -442,7 +442,7 @@ Create a `myvnet2' with customer VLAN-id 100 on the previously created id: myvnet2 -zone: qinqzone1 +zone: qinqzone2 tag: 100 -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-docs 2/3] sdn: add vnet vlan-aware option
Signed-off-by: Alexandre Derumier --- pvesdn.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pvesdn.adoc b/pvesdn.adoc index 0dd58ee..af89bba 100644 --- a/pvesdn.adoc +++ b/pvesdn.adoc @@ -114,6 +114,9 @@ VNet properties are: * Tag: The unique VLAN or VXLAN id +* Vlan Aware: Allow to add an extra Vlan tag in vm|ct nic configuration or allow + vlans tag coming from the vm|ct guest os. + * IPv4: an anycast IPv4 address, it will be configured on the underlying bridge on each node part of the Zone. It's only useful for `bgp-evpn` routing. -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-docs 1/3] sdn: add a note to add "source /etc/network/interfaces.d/*"
Signed-off-by: Alexandre Derumier --- pvesdn.adoc | 6 ++ 1 file changed, 6 insertions(+) diff --git a/pvesdn.adoc b/pvesdn.adoc index f890003..0dd58ee 100644 --- a/pvesdn.adoc +++ b/pvesdn.adoc @@ -267,6 +267,12 @@ After applying the configuration through the main SDN web-interface panel, the local network configuration is generated locally on each node in `/etc/network/interfaces.d/sdn`, and with ifupdown2 reloaded. +You need to add + +source /etc/network/interfaces.d/* + +at the end of /etc/network/interfaces to have the sdn config included + You can monitor the status of local zones and vnets through the main tree. -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-docs 0/3] sdn: improvement
Somes fixes, and add description for new vnet vlan-aware option Alexandre Derumier (3): sdn: add a note to add "source /etc/network/interfaces.d/*" sdn: add vnet vlan-aware option sdn: fix qinq zone2 example pvesdn.adoc | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network] add vnet vlan-aware option
Some users would like to be able to defined vlans at vm level, or allow trunks, on top of already tagged vnet. (including vlan on top of vxlan tunnel) Allow it on all layer2 plugins, and add a warn for evpn layer3 plugin. Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/VnetPlugin.pm| 5 + PVE/Network/SDN/Zones.pm | 14 + PVE/Network/SDN/Zones/EvpnPlugin.pm | 1 + PVE/Network/SDN/Zones/Plugin.pm | 31 +--- PVE/Network/SDN/Zones/QinQPlugin.pm | 4 PVE/Network/SDN/Zones/VlanPlugin.pm | 4 PVE/Network/SDN/Zones/VxlanPlugin.pm | 4 7 files changed, 24 insertions(+), 39 deletions(-) diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm index 179bfa4..2433013 100644 --- a/PVE/Network/SDN/VnetPlugin.pm +++ b/PVE/Network/SDN/VnetPlugin.pm @@ -58,6 +58,10 @@ sub properties { type => 'integer', description => "vlan or vxlan id", }, + vlanaware => { + type => 'boolean', + description => 'Allow vm VLANs to pass through this vnet.', + }, alias => { type => 'string', description => "alias name of the vnet", @@ -89,6 +93,7 @@ sub options { ipv4 => { optional => 1 }, ipv6 => { optional => 1 }, mac => { optional => 1 }, +vlanaware => { optional => 1 }, }; } diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm index 436b103..b8dc54c 100644 --- a/PVE/Network/SDN/Zones.pm +++ b/PVE/Network/SDN/Zones.pm @@ -214,18 +214,6 @@ sub status { return($zone_status, $vnet_status); } -sub get_bridge_vlan { -my ($vnetid) = @_; - -my $vnet = PVE::Network::SDN::Vnets::get_vnet($vnetid); - -return ($vnetid, undef) if !$vnet; # fallback for classic bridge - -my $plugin_config = get_plugin_config($vnet); -my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); -return $plugin->get_bridge_vlan($plugin_config, $vnetid, $vnet->{tag}); -} - sub tap_create { my ($iface, $bridge) = @_; @@ -270,7 +258,7 @@ sub tap_plug { if $plugin_config->{nodes} && !defined($plugin_config->{nodes}->{$nodename}); my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); -$plugin->tap_plug($plugin_config, $vnet, $iface, $bridge, $firewall, $rate); +$plugin->tap_plug($plugin_config, $vnet, $tag, $iface, $bridge, $firewall, $trunks, $rate); } 1; diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index 973e8e0..95fbb64 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -50,6 +50,7 @@ sub generate_sdn_config { my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; die "missing vxlan tag" if !$tag; +warn "vlan-aware vnet can't be enabled with evpn plugin" if $vnet->{vlanaware}; my @peers = split(',', $controller->{'peers'}); my ($ifaceip, $iface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers); diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm index 9ea7a50..0633b78 100644 --- a/PVE/Network/SDN/Zones/Plugin.pm +++ b/PVE/Network/SDN/Zones/Plugin.pm @@ -205,44 +205,23 @@ sub status { } -sub get_bridge_vlan { -my ($class, $plugin_config, $vnetid, $tag) = @_; - -my $bridge = $vnetid; -$tag = undef; - -die "bridge $bridge is missing" if !-d "/sys/class/net/$bridge/"; - -return ($bridge, $tag); -} - sub tap_create { my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_; -my $tag = $vnet->{tag}; -my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag); -die "unable to get bridge setting\n" if !$bridge; - -PVE::Network::tap_create($iface, $bridge); +PVE::Network::tap_create($iface, $vnetid); } sub veth_create { my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_; -my $tag = $vnet->{tag}; -my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag); -die "unable to get bridge setting\n" if !$bridge; - -PVE::Network::veth_create($veth, $vethpeer, $bridge, $hwaddr); +PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr); } sub tap_plug { -my ($class, $plugin_config, $vnet, $iface, $vnetid, $firewall, $rate) = @_; - -my $tag = $vnet->{tag}; +my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_; -($vnetid, $tag) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag); -my $trunks = undef; +my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering"); +die "vm vlans
[pve-devel] [PATCH pve-common] network: vlan-aware bridge: fix pvid when trunks is defined
Currently, when a trunks is defined, the vlan tag is not used for pvid with vlan-aware bridge. (It's ok with ovs switch) example: net0: e1000=BA:90:68:B8:CF:F5,bridge=vmbr1,tag=2,trunks=2-11 before -- tap100i0 2-11 after - tap100i0 2 PVID Egress Untagged 3-11 No regression for other configurations: net0: e1000=BA:90:68:B8:CF:F5,bridge=vmbr1 before -- tap100i0 1 PVID Egress Untagged 2-4094 after - tap100i0 1 PVID Egress Untagged 2-4094 net0: e1000=BA:90:68:B8:CF:F5,bridge=vmbr1,tag=2 before -- tap100i0 2 PVID Egress Untagged after - tap100i0 2 PVID Egress Untagged net0: e1000=BA:90:68:B8:CF:F5,bridge=vmbr1,trunks=2-11 before -- tap100i0 1 PVID Egress Untagged 2-11 after - tap100i0 1 PVID Egress Untagged 2-11 Signed-off-by: Alexandre Derumier --- src/PVE/Network.pm | 36 +--- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/src/PVE/Network.pm b/src/PVE/Network.pm index b5d3777..12536c7 100644 --- a/src/PVE/Network.pm +++ b/src/PVE/Network.pm @@ -216,26 +216,24 @@ my $bridge_add_interface = sub { my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); if ($vlan_aware) { - if ($tag) { - eval { run_command(['/sbin/bridge', 'vlan', 'del', 'dev', $iface, 'vid', '1-4094']) }; - die "failed to remove default vlan tags of $iface - $@\n" if $@; - eval { run_command(['/sbin/bridge', 'vlan', 'add', 'dev', $iface, 'vid', $tag, 'pvid', 'untagged']) }; - die "unable to add vlan $tag to interface $iface - $@\n" if $@; - - warn "Caution: Setting VLAN ID 1 on a VLAN aware bridge may be dangerous\n" if $tag == 1; - } elsif (!$trunks) { - eval { run_command(['/sbin/bridge', 'vlan', 'add', 'dev', $iface, 'vid', '2-4094']) }; - die "unable to add default vlan tags to interface $iface - $@\n" if $@; - } - - if ($trunks) { - my @trunks_array = split /;/, $trunks; - foreach my $trunk (@trunks_array) { - eval { run_command(['/sbin/bridge', 'vlan', 'add', 'dev', $iface, 'vid', $trunk]) }; - die "unable to add vlan $trunk to interface $iface - $@\n" if $@; - } - } +eval { run_command(['/sbin/bridge', 'vlan', 'del', 'dev', $iface, 'vid', '1-4094']) }; +die "failed to remove default vlan tags of $iface - $@\n" if $@; + +if ($trunks) { +my @trunks_array = split /;/, $trunks; +foreach my $trunk (@trunks_array) { +eval { run_command(['/sbin/bridge', 'vlan', 'add', 'dev', $iface, 'vid', $trunk]) }; +die "unable to add vlan $trunk to interface $iface - $@\n" if $@; +} +} elsif (!$tag) { +eval { run_command(['/sbin/bridge', 'vlan', 'add', 'dev', $iface, 'vid', '2-4094']) }; +die "unable to add default vlan tags to interface $iface - $@\n" if $@; +} + +$tag = 1 if !$tag; +eval { run_command(['/sbin/bridge', 'vlan', 'add', 'dev', $iface, 'vid', $tag, 'pvid', 'untagged']) }; +die "unable to add vlan $tag to interface $iface - $@\n" if $@; } }; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] ceph octopus rbd benchmark
Hi, I have done some benchmark with librbd octopus, results are really great with new the write-around cache policy. (Simply need to enable cache=writeback in qemu) Here some iops result with 1vm - 1disk - 4k block iodepth=64, librbd, no iothread. nautilus-cache=none nautilus-cache=writeback octopus-cache=none octopus-cache=writeback randread 4k 62.1k 25.2k 61.1k 60.8k randwrite 4k 27.7k 19.5k 34.5k 53.0k seqwrite 4k 7850 37.5k 24.9k 82.6k We don't have anymore read degradation with cache=writeback, and write performance is around 2,5x faster ! I think that when octopus will be ready for proxmox6, we could advise user to change the disk cache to writeback. (and maybe select it as default in gui when an rbd storage is used for a new vm isk) ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] applied-series: Re: [PATCH V2 pve-network 0/6] always use a vnet bridge model
>>pplied series, thanks! There could be probably some improved error >>checking/warnings, >>e.g., if a QinQ bridge exists, ideally with a "Info" column in the general >>SDN status >>panel where such erros are then also visible (as it's checked on apply). yes, I need to improve that. I'll look at this next week. - Mail original - De: "Thomas Lamprecht" À: "pve-devel" , "aderumier" Envoyé: Mardi 19 Mai 2020 21:45:15 Objet: applied-series: Re: [pve-devel] [PATCH V2 pve-network 0/6] always use a vnet bridge model On 5/19/20 6:37 PM, Alexandre Derumier wrote: > Hi, > > this is a rework of vlan && qinq plugin to always use a vnet=20 > bridge for all plugin. > > Avoid to tag vmport directly on vlan-aware bridge or ovs. > Instead, plug the vm interface on a vnet bridge, and plug the > vnet bridge on the ovs|bridge-vlan-aware|... and do the tag here. > > This will help a lot of handling tag modification on a vnet, as we=20 > don't defined tap|veth in /etc/network/interfaces, > and make same vnet model for each plugins. > > Qinq plugin was buggy, I have fixed it and added support for > ovs+classic linux bridge. > I have also added vlan-protocol option back, to handle=20 > both 802.1ad && 802.1q service vlan. > > I'll update documentation && gui tomorrow > > > Changelog v2: > > - keep interfaces sort > - fix the vnet name character to 8 > > Alexandre Derumier (6): > restrict zone name to 8 characters > retrict vnet name to 8 characters > vlan: use new model > qinq: use new model + ovs/classic bridge support > evpn: prefix interfaces > vxlan: prefix interfaces > > PVE/Network/SDN/Controllers/EvpnPlugin.pm | 2 +- > PVE/Network/SDN/VnetPlugin.pm | 2 +- > PVE/Network/SDN/Zones/EvpnPlugin.pm | 24 ++-- > PVE/Network/SDN/Zones/Plugin.pm | 2 +- > PVE/Network/SDN/Zones/QinQPlugin.pm | 133 +- > PVE/Network/SDN/Zones/VlanPlugin.pm | 90 ++- > PVE/Network/SDN/Zones/VxlanPlugin.pm | 6 +- > 7 files changed, 183 insertions(+), 76 deletions(-) > applied series, thanks! There could be probably some improved error checking/warnings, e.g., if a QinQ bridge exists, ideally with a "Info" column in the general SDN status panel where such erros are then also visible (as it's checked on apply). ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 0/3] sdn: updates
Following last pve-network series Alexandre Derumier (3): vnetview: remove mtu field sdn: restrict zone && vnet name to 8 characters qinq: add vlan-protocol option www/manager6/sdn/Browser.js | 4 ++-- www/manager6/sdn/VnetEdit.js | 2 +- www/manager6/sdn/VnetView.js | 1 - www/manager6/sdn/controllers/EvpnEdit.js | 2 +- www/manager6/sdn/zones/EvpnEdit.js | 2 +- www/manager6/sdn/zones/QinQEdit.js | 10 +- www/manager6/sdn/zones/VxlanEdit.js | 2 +- 7 files changed, 15 insertions(+), 8 deletions(-) -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 1/3] vnetview: remove mtu field
Signed-off-by: Alexandre Derumier --- www/manager6/sdn/Browser.js | 4 ++-- www/manager6/sdn/VnetView.js | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/www/manager6/sdn/Browser.js b/www/manager6/sdn/Browser.js index 339fedb1..20944bd5 100644 --- a/www/manager6/sdn/Browser.js +++ b/www/manager6/sdn/Browser.js @@ -25,14 +25,14 @@ Ext.define('PVE.sdn.Browser', { hstateid: 'sdntab' }); -// if (caps.sdn['SDN.Audit']) { + if (caps.sdn['SDN.Audit']) { me.items.push({ xtype: 'pveSDNZoneContentView', title: gettext('Content'), iconCls: 'fa fa-th', itemId: 'content' }); -// } + } // if (caps.sdn['Permissions.Modify']) { me.items.push({ diff --git a/www/manager6/sdn/VnetView.js b/www/manager6/sdn/VnetView.js index 35814e83..c8b0576a 100644 --- a/www/manager6/sdn/VnetView.js +++ b/www/manager6/sdn/VnetView.js @@ -125,7 +125,6 @@ Ext.define('PVE.sdn.VnetView', { 'ipv4', 'ipv6', 'mac', - 'mtu', 'tag', 'type', 'vnet', -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 3/3] qinq: add vlan-protocol option
Signed-off-by: Alexandre Derumier --- www/manager6/sdn/zones/QinQEdit.js | 8 1 file changed, 8 insertions(+) diff --git a/www/manager6/sdn/zones/QinQEdit.js b/www/manager6/sdn/zones/QinQEdit.js index 9d0fdb67..beb2573e 100644 --- a/www/manager6/sdn/zones/QinQEdit.js +++ b/www/manager6/sdn/zones/QinQEdit.js @@ -39,6 +39,14 @@ Ext.define('PVE.sdn.zones.QinQInputPanel', { fieldLabel: gettext('Service vlan'), allowBlank: false }, + { +xtype: 'proxmoxKVComboBox', +name: 'vlan-protocol', +fieldLabel: gettext('Service vlan protocol'), +allowBlank: true, +value: '802.1q', +comboItems: [['802.1q', '802.1q'], ['802.1ad', '802.1ad']] + }, { xtype: 'proxmoxintegerfield', name: 'mtu', -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-manager 2/3] sdn: restrict zone && vnet name to 8 characters
Signed-off-by: Alexandre Derumier --- www/manager6/sdn/VnetEdit.js | 2 +- www/manager6/sdn/controllers/EvpnEdit.js | 2 +- www/manager6/sdn/zones/EvpnEdit.js | 2 +- www/manager6/sdn/zones/QinQEdit.js | 2 +- www/manager6/sdn/zones/VxlanEdit.js | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/www/manager6/sdn/VnetEdit.js b/www/manager6/sdn/VnetEdit.js index ca18c4ec..9ef2b1c0 100644 --- a/www/manager6/sdn/VnetEdit.js +++ b/www/manager6/sdn/VnetEdit.js @@ -29,7 +29,7 @@ Ext.define('PVE.sdn.VnetInputPanel', { cbind: { editable: '{isCreate}', }, - maxLength: 10, + maxLength: 8, flex: 1, allowBlank: false, fieldLabel: gettext('Name'), diff --git a/www/manager6/sdn/controllers/EvpnEdit.js b/www/manager6/sdn/controllers/EvpnEdit.js index 8856939b..125a8fc7 100644 --- a/www/manager6/sdn/controllers/EvpnEdit.js +++ b/www/manager6/sdn/controllers/EvpnEdit.js @@ -10,7 +10,7 @@ Ext.define('PVE.sdn.controllers.EvpnInputPanel', { { xtype: me.isCreate ? 'textfield' : 'displayfield', name: 'controller', - maxLength: 10, + maxLength: 8, value: me.controllerid || '', fieldLabel: 'ID', allowBlank: false diff --git a/www/manager6/sdn/zones/EvpnEdit.js b/www/manager6/sdn/zones/EvpnEdit.js index 6229da29..f5a9560e 100644 --- a/www/manager6/sdn/zones/EvpnEdit.js +++ b/www/manager6/sdn/zones/EvpnEdit.js @@ -22,7 +22,7 @@ Ext.define('PVE.sdn.zones.EvpnInputPanel', { { xtype: me.isCreate ? 'textfield' : 'displayfield', name: 'zone', -maxLength: 10, +maxLength: 8, value: me.zone || '', fieldLabel: 'ID', allowBlank: false diff --git a/www/manager6/sdn/zones/QinQEdit.js b/www/manager6/sdn/zones/QinQEdit.js index b50b505e..9d0fdb67 100644 --- a/www/manager6/sdn/zones/QinQEdit.js +++ b/www/manager6/sdn/zones/QinQEdit.js @@ -22,7 +22,7 @@ Ext.define('PVE.sdn.zones.QinQInputPanel', { { xtype: me.isCreate ? 'textfield' : 'displayfield', name: 'zone', -maxLength: 10, +maxLength: 8, value: me.zone || '', fieldLabel: 'ID', allowBlank: false diff --git a/www/manager6/sdn/zones/VxlanEdit.js b/www/manager6/sdn/zones/VxlanEdit.js index 7ec0e382..4d8c1719 100644 --- a/www/manager6/sdn/zones/VxlanEdit.js +++ b/www/manager6/sdn/zones/VxlanEdit.js @@ -23,7 +23,7 @@ Ext.define('PVE.sdn.zones.VxlanInputPanel', { me.items = [ { xtype: me.isCreate ? 'textfield' : 'displayfield', - maxLength: 10, + maxLength: 8, name: 'zone', value: me.zone || '', fieldLabel: 'ID', -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 5/6] evpn: prefix interfaces
vnets can have random name, prefix other interfaces to avoid conflicts Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Controllers/EvpnPlugin.pm | 2 +- PVE/Network/SDN/Zones/EvpnPlugin.pm | 24 +++ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm index 87c8a2b..79ecaeb 100644 --- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm +++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm @@ -106,7 +106,7 @@ sub generate_controller_config { sub generate_controller_zone_config { my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; -my $vrf = $id; +my $vrf = "vrf_$id"; my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; my $asn = $controller->{asn}; my $gatewaynodes = $controller->{'gateway-nodes'}; diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index aa75988..973e8e0 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -46,7 +46,7 @@ sub generate_sdn_config { my $ipv6 = $vnet->{ipv6}; my $mac = $vnet->{mac}; -my $vrf = $zoneid; +my $vrf_iface = "vrf_$zoneid"; my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; die "missing vxlan tag" if !$tag; @@ -59,22 +59,22 @@ sub generate_sdn_config { $mtu = $plugin_config->{mtu} if $plugin_config->{mtu}; #vxlan interface +my $vxlan_iface = "vxlan_$vnetid"; my @iface_config = (); push @iface_config, "vxlan-id $tag"; - push @iface_config, "vxlan-local-tunnelip $ifaceip" if $ifaceip; push @iface_config, "bridge-learning off"; push @iface_config, "bridge-arp-nd-suppress on"; push @iface_config, "mtu $mtu" if $mtu; -push(@{$config->{"vxlan$vnetid"}}, @iface_config) if !$config->{"vxlan$vnetid"}; +push(@{$config->{$vxlan_iface}}, @iface_config) if !$config->{$vxlan_iface}; #vnet bridge @iface_config = (); push @iface_config, "address $ipv4" if $ipv4; push @iface_config, "address $ipv6" if $ipv6; push @iface_config, "hwaddress $mac" if $mac; -push @iface_config, "bridge_ports vxlan$vnetid"; +push @iface_config, "bridge_ports $vxlan_iface"; push @iface_config, "bridge_stp off"; push @iface_config, "bridge_fd 0"; push @iface_config, "mtu $mtu" if $mtu; @@ -82,34 +82,34 @@ sub generate_sdn_config { push @iface_config, "ip-forward on" if $ipv4; push @iface_config, "ip6-forward on" if $ipv6; push @iface_config, "arp-accept on" if $ipv4||$ipv6; -push @iface_config, "vrf $vrf" if $vrf; +push @iface_config, "vrf $vrf_iface" if $vrf_iface; push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid}; -if ($vrf) { +if ($vrf_iface) { #vrf interface @iface_config = (); push @iface_config, "vrf-table auto"; - push(@{$config->{$vrf}}, @iface_config) if !$config->{$vrf}; + push(@{$config->{$vrf_iface}}, @iface_config) if !$config->{$vrf_iface}; if ($vrfvxlan) { #l3vni vxlan interface - my $iface_vxlan = "vxvrf$vrf"; + my $iface_vrf_vxlan = "vrfvx_$zoneid"; @iface_config = (); push @iface_config, "vxlan-id $vrfvxlan"; push @iface_config, "vxlan-local-tunnelip $ifaceip" if $ifaceip; push @iface_config, "bridge-learning off"; push @iface_config, "bridge-arp-nd-suppress on"; push @iface_config, "mtu $mtu" if $mtu; - push(@{$config->{$iface_vxlan}}, @iface_config) if !$config->{$iface_vxlan}; + push(@{$config->{$iface_vrf_vxlan}}, @iface_config) if !$config->{$iface_vrf_vxlan}; #l3vni bridge - my $brvrf = "br$vrf"; + my $brvrf = "vrfbr_$zoneid"; @iface_config = (); - push @iface_config, "bridge-ports $iface_vxlan"; + push @iface_config, "bridge-ports $iface_vrf_vxlan"; push @iface_config, "bridge_stp off"; push @iface_config, "bridge_fd 0"; push @iface_config, "mtu $mtu" if $mtu; - push @iface_config, "vrf $vrf"; + push @iface_config, "vrf $vrf_iface"; push(@{$config->{$brvrf}}, @iface_config) if !$config->{$brvrf}; } } -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 4/6] qinq: use new model + ovs/classic bridge support
Always create a vnet bridge for each vnet, and avoid to tag vm port directly. As we don't manage tap|veth vlan tag in /etc/network/interfaces, this could break on reload if user change vlan value on a vnet. ovs --- eth0--->ovsintport(dot1q-tunnel tag)--->vlanawarebrige-(tag)--->vnet--->vm vlanawarebridge --- eth0vlanawarebrige-(tag)->vlanwarebridge-(tag)->vnet--->vm non-vlanaware bridge eth0--->eth0.x(svlan)--->eth0.x.y(cvlan)>vnet---->vm Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/QinQPlugin.pm | 133 ++-- 1 file changed, 105 insertions(+), 28 deletions(-) diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm index 3f0697f..fe43d42 100644 --- a/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -2,9 +2,9 @@ package PVE::Network::SDN::Zones::QinQPlugin; use strict; use warnings; -use PVE::Network::SDN::Zones::VlanPlugin; +use PVE::Network::SDN::Zones::Plugin; -use base('PVE::Network::SDN::Zones::VlanPlugin'); +use base('PVE::Network::SDN::Zones::Plugin'); sub type { return 'qinq'; @@ -21,6 +21,12 @@ sub properties { description => "mtu", optional => 1, }, + 'vlan-protocol' => { + type => 'string', + enum => ['802.1q', '802.1ad'], + default => '802.1q', + optional => 1, + } }; } @@ -31,6 +37,7 @@ sub options { 'tag' => { optional => 0 }, 'bridge' => { optional => 0 }, 'mtu' => { optional => 1 }, + 'vlan-protocol' => { optional => 1 }, }; } @@ -38,28 +45,113 @@ sub options { sub generate_sdn_config { my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_; -my $tag = $plugin_config->{tag}; +my $stag = $plugin_config->{tag}; my $mtu = $plugin_config->{mtu}; my $bridge = $plugin_config->{'bridge'}; +my $vlanprotocol = $plugin_config->{'vlan-protocol'}; +my $ctag = $vnet->{tag}; +my $alias = $vnet->{alias}; -die "missing vlan tag" if !$tag; +my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); +my $is_ovs = 1 if !-d "/sys/class/net/$bridge/brif"; -if (!$config->{$zoneid}) { - #zone vlan bridge - my @iface_config = (); +my @iface_config = (); +my $vnet_bridge_ports = ""; + +if($is_ovs) { + +#ovs--->ovsintport(dot1q-tunnel tag)--->vlanawarebrige-(tag)--->vnet + + $vlanprotocol = "802.1q" if !$vlanprotocol; + my $svlan_iface = "sv_".$zoneid; + my $zone = "z_$zoneid"; + + #ovs dot1q-tunnel port + @iface_config = (); + push @iface_config, "ovs_type OVSIntPort"; + push @iface_config, "ovs_bridge $bridge"; + push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$stag other_config:qinq-ethtype=$vlanprotocol"; + push(@{$config->{$svlan_iface}}, @iface_config) if !$config->{$svlan_iface}; + + + #zone vlan aware bridge + @iface_config = (); push @iface_config, "mtu $mtu" if $mtu; push @iface_config, "bridge-stp off"; + push @iface_config, "bridge-ports $svlan_iface"; push @iface_config, "bridge-fd 0"; push @iface_config, "bridge-vlan-aware yes"; push @iface_config, "bridge-vids 2-4094"; - push(@{$config->{$zoneid}}, @iface_config); + push(@{$config->{$zone}}, @iface_config) if !$config->{$zone}; + + $vnet_bridge_ports = "$zone.$ctag"; + +} elsif ($vlan_aware) { + +#vlanawarebrige-(tag)->vlanwarebridge-(tag)->vnet - #main bridge. ifupdown2 will merge it + my $zone = "z_$zoneid"; + + if($vlanprotocol) { + @iface_config = (); + push @iface_config, "bridge-vlan-protocol $vlanprotocol"; + push(@{$config->{$bridge}}, @iface_config) if !$config->{$bridge}; + } + + #zone vlan bridge @iface_config = (); - push @iface_config, "bridge-ports $zoneid.$tag"; - push(@{$config->{$bridge}}, @iface_config); - return $config; -} + push @iface_config, "mtu $mtu" if $mtu; + push @iface_config, "bridge-stp off"; + push @iface_config, "bridge-ports $bridge.$stag"; + push @iface_config, "bridge-fd 0"; + push @iface_config, "bridge-vlan-aware yes"; + push @iface_config, "bridge-vids 2-4094"; + push(@{$config->{$zone}}, @iface_config) if !$config->{$zone}
[pve-devel] [PATCH V2 pve-network 2/6] retrict vnet name to 8 characters
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/VnetPlugin.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm index b0280fc..179bfa4 100644 --- a/PVE/Network/SDN/VnetPlugin.pm +++ b/PVE/Network/SDN/VnetPlugin.pm @@ -24,7 +24,7 @@ sub parse_sdn_vnet_id { return undef if $noerr; die "vnet ID '$id' contains illegal characters\n"; } -die "vnet ID '$id' can't be more length than 10 characters\n" if length($id) > 10; +die "vnet ID '$id' can't be more length than 8 characters\n" if length($id) > 8; return $id; } -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 3/6] vlan: use new model
Always create a vnet bridge for each vnet, and avoid to tag vm port directly. As we don't manage tap|veth vlan tag in /etc/network/interfaces, this could break on reload if user change vlan value on a vnet. ovs --- eth0ovs vmbr0--(ovsintport tag)>vnet>vm vlanawarebridge --- eth0vlanaware bridge vmbr0--(vmbr0.X tag)>vnet>vm non-vlanaware bridge keep vmbrXvY for compatibility with existing network eth0<>eth0.Xvmbr0v10--vnet>vm Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/VlanPlugin.pm | 90 +++-- 1 file changed, 59 insertions(+), 31 deletions(-) diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index b0d3784..9d459cd 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -43,34 +43,78 @@ sub generate_sdn_config { my $bridge = $plugin_config->{bridge}; my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); my $is_ovs = 1 if !-d "/sys/class/net/$bridge/brif"; -return if $vlan_aware || $is_ovs; my $tag = $vnet->{tag}; my $alias = $vnet->{alias}; my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu}; -my $bridgevlan = $bridge."v".$tag; -my @bridge_ifaces = (); -my $dir = "/sys/class/net/$bridge/brif"; -PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub { -push @bridge_ifaces, $_[0]; -}); +my $vnet_uplink = "ln_".$vnetid; +my $vnet_uplinkpeer = "pr_".$vnetid; -my $bridge_ports = ""; -$bridge_ports = "none" if scalar(@bridge_ifaces) == 0; +my @iface_config = (); + +if($is_ovs) { + +# keep vmbrXvY for compatibility with existing network +# eth0ovs vmbr0--(ovsintport tag)>vnet>vm + + @iface_config = (); + push @iface_config, "ovs_type OVSIntPort"; + push @iface_config, "ovs_bridge $bridge"; + push @iface_config, "ovs_options tag=$tag"; + push(@{$config->{$vnet_uplink}}, @iface_config) if !$config->{$vnet_uplink}; + + @iface_config = (); + push @iface_config, "ovs_type OVSBridge"; + push @iface_config, "ovs_ports $vnet_uplink"; + push(@{$config->{$bridge}}, @iface_config) if !$config->{$bridge}; -foreach my $bridge_iface (@bridge_ifaces) { - $bridge_ports .= " $bridge_iface.$tag"; +} elsif ($vlan_aware) { +# eth0vlanaware bridge vmbr0--(vmbr0.X tag)>vnet>vm + $vnet_uplink = "$bridge.$tag"; +} else { + +# keep vmbrXvY for compatibility with existing network +# eth0<>eth0.Xvmbr0v10--vnet>vm + + my $bridgevlan = $bridge."v".$tag; + + my @bridge_ifaces = (); + my $dir = "/sys/class/net/$bridge/brif"; + PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub { + push @bridge_ifaces, $_[0]; + }); + + my $bridge_ports = ""; + foreach my $bridge_iface (@bridge_ifaces) { + $bridge_ports .= " $bridge_iface.$tag"; + } + + @iface_config = (); + push @iface_config, "link-type veth"; + push @iface_config, "veth-peer-name $vnet_uplinkpeer"; + push(@{$config->{$vnet_uplink}}, @iface_config) if !$config->{$vnet_uplink}; + + @iface_config = (); + push @iface_config, "link-type veth"; + push @iface_config, "veth-peer-name $vnet_uplink"; + push(@{$config->{$vnet_uplinkpeer}}, @iface_config) if !$config->{$vnet_uplinkpeer}; + + @iface_config = (); + push @iface_config, "bridge_ports $bridge_ports $vnet_uplinkpeer"; + push @iface_config, "bridge_stp off"; + push @iface_config, "bridge_fd 0"; + push(@{$config->{$bridgevlan}}, @iface_config) if !$config->{$bridgevlan}; } -#vnet bridge (keep vmbrXvY for compatibility) -my @iface_config = (); -push @iface_config, "bridge_ports $bridge_ports"; +#vnet bridge +@iface_config = (); +push @iface_config, "bridge_ports $vnet_uplink"; push @iface_config, "bridge_stp off"; push @iface_config, "bridge_fd 0"; push @iface_config, "mtu $mtu" if $mtu; push @iface_config, "alias $alias" if $alias; -push(@{$config->{$bridgevlan}}, @iface_config) if !$config->{$vnetid}; +push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid}; return $config; } @@ -95,22 +139,6 @@ sub status { } } -sub get_bridge_vlan { -my ($class, $plu
[pve-devel] [PATCH V2 pve-network 1/6] restrict zone name to 8 characters
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/Plugin.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm index 2335d9e..9ea7a50 100644 --- a/PVE/Network/SDN/Zones/Plugin.pm +++ b/PVE/Network/SDN/Zones/Plugin.pm @@ -29,7 +29,7 @@ sub parse_sdn_zone_id { return undef if $noerr; die "zone ID '$id' contains illegal characters\n"; } -die "zone ID '$id' can't be more length than 10 characters\n" if length($id) > 10; +die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8; return $id; } -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 0/6] always use a vnet bridge model
Hi, this is a rework of vlan && qinq plugin to always use a vnet=20 bridge for all plugin. Avoid to tag vmport directly on vlan-aware bridge or ovs. Instead, plug the vm interface on a vnet bridge, and plug the vnet bridge on the ovs|bridge-vlan-aware|... and do the tag here. This will help a lot of handling tag modification on a vnet, as we=20 don't defined tap|veth in /etc/network/interfaces, and make same vnet model for each plugins. Qinq plugin was buggy, I have fixed it and added support for ovs+classic linux bridge. I have also added vlan-protocol option back, to handle=20 both 802.1ad && 802.1q service vlan. I'll update documentation && gui tomorrow Changelog v2: - keep interfaces sort - fix the vnet name character to 8 Alexandre Derumier (6): restrict zone name to 8 characters retrict vnet name to 8 characters vlan: use new model qinq: use new model + ovs/classic bridge support evpn: prefix interfaces vxlan: prefix interfaces PVE/Network/SDN/Controllers/EvpnPlugin.pm | 2 +- PVE/Network/SDN/VnetPlugin.pm | 2 +- PVE/Network/SDN/Zones/EvpnPlugin.pm | 24 ++-- PVE/Network/SDN/Zones/Plugin.pm | 2 +- PVE/Network/SDN/Zones/QinQPlugin.pm | 133 +- PVE/Network/SDN/Zones/VlanPlugin.pm | 90 ++- PVE/Network/SDN/Zones/VxlanPlugin.pm | 6 +- 7 files changed, 183 insertions(+), 76 deletions(-) -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-network 6/6] vxlan: prefix interfaces
vnets can have random name, prefix other interfaces to avoid conflicts Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/VxlanPlugin.pm | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/PVE/Network/SDN/Zones/VxlanPlugin.pm b/PVE/Network/SDN/Zones/VxlanPlugin.pm index ce9aebf..b3ed05f 100644 --- a/PVE/Network/SDN/Zones/VxlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VxlanPlugin.pm @@ -51,6 +51,7 @@ sub generate_sdn_config { my $mac = $vnet->{mac}; my $multicastaddress = $plugin_config->{'multicast-address'}; my @peers = split(',', $plugin_config->{'peers'}) if $plugin_config->{'peers'}; +my $vxlan_iface = "vxlan_$vnetid"; die "missing vxlan tag" if !$tag; @@ -69,15 +70,16 @@ sub generate_sdn_config { push @iface_config, "vxlan_remoteip $address"; } + push @iface_config, "mtu $mtu" if $mtu; -push(@{$config->{"vxlan$vnetid"}}, @iface_config) if !$config->{"vxlan$vnetid"}; +push(@{$config->{$vxlan_iface}}, @iface_config) if !$config->{$vxlan_iface}; #vnet bridge @iface_config = (); push @iface_config, "address $ipv4" if $ipv4; push @iface_config, "address $ipv6" if $ipv6; push @iface_config, "hwaddress $mac" if $mac; -push @iface_config, "bridge_ports vxlan$vnetid"; +push @iface_config, "bridge_ports $vxlan_iface"; push @iface_config, "bridge_stp off"; push @iface_config, "bridge_fd 0"; push @iface_config, "mtu $mtu" if $mtu; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] applied: [PATCH V2 ifupdown2 1/1] openvswitch: don't remove tap|veth interfaces when adding an internal ovs port
>>I saw that ifupdown2 3.0.0 got tagged recently, seems to be partly for python3 >>compat, AFAICS. yes, it's full rewrite in python3. >>Or do you know of bigger featuers/fixes om that version? They are newer features, like 1vxlan tunnel mapping with multiple vlans. (I don't use it currently). They was the veth-couple handling, I'll need it for vlanplugin with non-vlanaware bridge, but I can backport it to 2.0 if needed. openvswitch addon is upstream. I have already prepared patches for proxmox package for testing, I can upload them if you want. I don't have see regression. The changes are lower than 1.X->2.X upgrade, it's mainly python3 upgrade + some new features. 1.X->2.X was a bigger change with full netlink support (and they was regression first) So, I think it should be ok, but it need more testing of course - Mail original - De: "Thomas Lamprecht" À: "pve-devel" , "aderumier" Envoyé: Mardi 19 Mai 2020 08:28:16 Objet: applied: [pve-devel] [PATCH V2 ifupdown2 1/1] openvswitch: don't remove tap|veth interfaces when adding an internal ovs port On 5/16/20 2:07 PM, Alexandre Derumier wrote: > Currently, tap|veth interfaces are removed if user add a new ovs internal > port and reload. > > add ovs-ports-condone-regex option, like for bridge (to have the patch > upstream). > default options to "tap|veth|fwpr" > > to avoid to remove theses interfaces > > Signed-off-by: Alexandre Derumier > --- > .../pve/0008-add-openvswitch-addon.patch | 37 +++ > 1 file changed, 30 insertions(+), 7 deletions(-) > applied, much thanks! I saw that ifupdown2 3.0.0 got tagged recently, seems to be partly for python3 compat, AFAICS. Or do you know of bigger featuers/fixes om that version? ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH pve-network 1/7] don't sort interfaces in /etc/network/interfaces.d/sdn
I have retest all plugins with last code, I don't have this problem anymore, I think I have some bad config during my rework and ifupdown2 couldn't handle it correclty. I'll remove this patch. - Mail original - De: "aderumier" À: "Thomas Lamprecht" Cc: "pve-devel" Envoyé: Mardi 19 Mai 2020 17:50:30 Objet: Re: [pve-devel] [PATCH pve-network 1/7] don't sort interfaces in /etc/network/interfaces.d/sdn >>makes no sense, this is a hash and perl actively re-orders the return >>set of keys pseudo-randomly .. >> >>If order is really required use an array. Damn, you are right. I think I'm going to make some ordering by kind of interfaces, like for /etc/network/interfaces - Mail original - De: "Thomas Lamprecht" À: "pve-devel" , "aderumier" Envoyé: Mardi 19 Mai 2020 16:43:20 Objet: Re: [pve-devel] [PATCH pve-network 1/7] don't sort interfaces in /etc/network/interfaces.d/sdn On 5/19/20 3:48 PM, Alexandre Derumier wrote: > Sometime, ifupdown2 can't handle depend correctly, and interface order is > used > makes no sense, this is a hash and perl actively re-orders the return set of keys pseudo-randomly .. If order is really required use an array. > Signed-off-by: Alexandre Derumier > --- > PVE/Network/SDN/Zones.pm | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm > index 436b103..435e40b 100644 > --- a/PVE/Network/SDN/Zones.pm > +++ b/PVE/Network/SDN/Zones.pm > @@ -113,7 +113,7 @@ sub generate_etc_network_config { > } > > my $raw_network_config = "\#version:$version\n"; > - foreach my $iface (sort keys %$config) { > + foreach my $iface (keys %$config) { > $raw_network_config .= "\n"; > $raw_network_config .= "auto $iface\n"; > $raw_network_config .= "iface $iface\n"; > ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH pve-network 3/7] retrict vnet name to 8 characters
damn, sorry - Mail original - De: "Thomas Lamprecht" À: "pve-devel" , "aderumier" Envoyé: Mardi 19 Mai 2020 16:43:59 Objet: Re: [pve-devel] [PATCH pve-network 3/7] retrict vnet name to 8 characters On 5/19/20 3:48 PM, Alexandre Derumier wrote: > Signed-off-by: Alexandre Derumier > --- > PVE/Network/SDN/VnetPlugin.pm | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm > index b0280fc..169f694 100644 > --- a/PVE/Network/SDN/VnetPlugin.pm > +++ b/PVE/Network/SDN/VnetPlugin.pm > @@ -24,7 +24,7 @@ sub parse_sdn_vnet_id { > return undef if $noerr; > die "vnet ID '$id' contains illegal characters\n"; > } > - die "vnet ID '$id' can't be more length than 10 characters\n" if > length($id) > 10; > + die "vnet ID '$id' can't be more length than 8 characters\n" if length($id) > > 10; While the message was adapted the actual check wasn't ;) > return $id; > } > > ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH pve-network 1/7] don't sort interfaces in /etc/network/interfaces.d/sdn
>>makes no sense, this is a hash and perl actively re-orders the return >>set of keys pseudo-randomly .. >> >>If order is really required use an array. Damn, you are right. I think I'm going to make some ordering by kind of interfaces, like for /etc/network/interfaces - Mail original - De: "Thomas Lamprecht" À: "pve-devel" , "aderumier" Envoyé: Mardi 19 Mai 2020 16:43:20 Objet: Re: [pve-devel] [PATCH pve-network 1/7] don't sort interfaces in /etc/network/interfaces.d/sdn On 5/19/20 3:48 PM, Alexandre Derumier wrote: > Sometime, ifupdown2 can't handle depend correctly, and interface order is > used > makes no sense, this is a hash and perl actively re-orders the return set of keys pseudo-randomly .. If order is really required use an array. > Signed-off-by: Alexandre Derumier > --- > PVE/Network/SDN/Zones.pm | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm > index 436b103..435e40b 100644 > --- a/PVE/Network/SDN/Zones.pm > +++ b/PVE/Network/SDN/Zones.pm > @@ -113,7 +113,7 @@ sub generate_etc_network_config { > } > > my $raw_network_config = "\#version:$version\n"; > - foreach my $iface (sort keys %$config) { > + foreach my $iface (keys %$config) { > $raw_network_config .= "\n"; > $raw_network_config .= "auto $iface\n"; > $raw_network_config .= "iface $iface\n"; > ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-docs] sdn: update qinq plugin doc
Signed-off-by: Alexandre Derumier --- pvesdn.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pvesdn.adoc b/pvesdn.adoc index 4277bb2..f890003 100644 --- a/pvesdn.adoc +++ b/pvesdn.adoc @@ -164,10 +164,12 @@ NOTE: Your physical network switches must support stacked VLANs! Specific QinQ configuration options: -bridge:: A local VLAN-aware bridge already configured on each local node +bridge:: A local Linux or OVS bridge already configured on each local node service vlan:: The main VLAN tag of this zone +vlan protocol:: Define the service vlan protocol. Values: 802.1q (default) or 802.1ad. + mtu:: Due to the double stacking of tags you need 4 more bytes for QinQ VLANs. For example, you reduce the MTU to `1496` if you physical interface MTU is `1500`. -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network 0/7] always use a vnet bridge model
Hi, this is a rework of vlan && qinq plugin to always use a vnet bridge for all plugin. Avoid to tag vmport directly on vlan-aware bridge or ovs. Instead, plug the vm interface on a vnet bridge, and plug the vnet bridge on the ovs|bridge-vlan-aware|... and do the tag here. This will help a lot of handling tag modification on a vnet, as we don't defined tap|veth in /etc/network/interfaces, and make same vnet model for each plugins. Qinq plugin was buggy, I have fixed it and added support for ovs+classic linux bridge. I have also added vlan-protocol option back, to handle both 802.1ad && 802.1q service vlan. I'll update documentation && gui tomorrow Alexandre Derumier (7): don't sort interfaces in /etc/network/interfaces.d/sdn restrict zone name to 8 characters retrict vnet name to 8 characters vlan: use new model qinq: use new model + ovs/classic bridge support evpn: prefix interfaces vxlan: prefix interfaces PVE/Network/SDN/Controllers/EvpnPlugin.pm | 2 +- PVE/Network/SDN/VnetPlugin.pm | 2 +- PVE/Network/SDN/Zones.pm | 2 +- PVE/Network/SDN/Zones/EvpnPlugin.pm | 24 ++-- PVE/Network/SDN/Zones/Plugin.pm | 2 +- PVE/Network/SDN/Zones/QinQPlugin.pm | 133 +- PVE/Network/SDN/Zones/VlanPlugin.pm | 90 ++- PVE/Network/SDN/Zones/VxlanPlugin.pm | 6 +- 8 files changed, 184 insertions(+), 77 deletions(-) -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network 6/7] evpn: prefix interfaces
vnets can have random name, prefix other interfaces to avoid conflicts Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Controllers/EvpnPlugin.pm | 2 +- PVE/Network/SDN/Zones/EvpnPlugin.pm | 24 +++ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm index 87c8a2b..79ecaeb 100644 --- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm +++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm @@ -106,7 +106,7 @@ sub generate_controller_config { sub generate_controller_zone_config { my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; -my $vrf = $id; +my $vrf = "vrf_$id"; my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; my $asn = $controller->{asn}; my $gatewaynodes = $controller->{'gateway-nodes'}; diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index aa75988..973e8e0 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -46,7 +46,7 @@ sub generate_sdn_config { my $ipv6 = $vnet->{ipv6}; my $mac = $vnet->{mac}; -my $vrf = $zoneid; +my $vrf_iface = "vrf_$zoneid"; my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; die "missing vxlan tag" if !$tag; @@ -59,22 +59,22 @@ sub generate_sdn_config { $mtu = $plugin_config->{mtu} if $plugin_config->{mtu}; #vxlan interface +my $vxlan_iface = "vxlan_$vnetid"; my @iface_config = (); push @iface_config, "vxlan-id $tag"; - push @iface_config, "vxlan-local-tunnelip $ifaceip" if $ifaceip; push @iface_config, "bridge-learning off"; push @iface_config, "bridge-arp-nd-suppress on"; push @iface_config, "mtu $mtu" if $mtu; -push(@{$config->{"vxlan$vnetid"}}, @iface_config) if !$config->{"vxlan$vnetid"}; +push(@{$config->{$vxlan_iface}}, @iface_config) if !$config->{$vxlan_iface}; #vnet bridge @iface_config = (); push @iface_config, "address $ipv4" if $ipv4; push @iface_config, "address $ipv6" if $ipv6; push @iface_config, "hwaddress $mac" if $mac; -push @iface_config, "bridge_ports vxlan$vnetid"; +push @iface_config, "bridge_ports $vxlan_iface"; push @iface_config, "bridge_stp off"; push @iface_config, "bridge_fd 0"; push @iface_config, "mtu $mtu" if $mtu; @@ -82,34 +82,34 @@ sub generate_sdn_config { push @iface_config, "ip-forward on" if $ipv4; push @iface_config, "ip6-forward on" if $ipv6; push @iface_config, "arp-accept on" if $ipv4||$ipv6; -push @iface_config, "vrf $vrf" if $vrf; +push @iface_config, "vrf $vrf_iface" if $vrf_iface; push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid}; -if ($vrf) { +if ($vrf_iface) { #vrf interface @iface_config = (); push @iface_config, "vrf-table auto"; - push(@{$config->{$vrf}}, @iface_config) if !$config->{$vrf}; + push(@{$config->{$vrf_iface}}, @iface_config) if !$config->{$vrf_iface}; if ($vrfvxlan) { #l3vni vxlan interface - my $iface_vxlan = "vxvrf$vrf"; + my $iface_vrf_vxlan = "vrfvx_$zoneid"; @iface_config = (); push @iface_config, "vxlan-id $vrfvxlan"; push @iface_config, "vxlan-local-tunnelip $ifaceip" if $ifaceip; push @iface_config, "bridge-learning off"; push @iface_config, "bridge-arp-nd-suppress on"; push @iface_config, "mtu $mtu" if $mtu; - push(@{$config->{$iface_vxlan}}, @iface_config) if !$config->{$iface_vxlan}; + push(@{$config->{$iface_vrf_vxlan}}, @iface_config) if !$config->{$iface_vrf_vxlan}; #l3vni bridge - my $brvrf = "br$vrf"; + my $brvrf = "vrfbr_$zoneid"; @iface_config = (); - push @iface_config, "bridge-ports $iface_vxlan"; + push @iface_config, "bridge-ports $iface_vrf_vxlan"; push @iface_config, "bridge_stp off"; push @iface_config, "bridge_fd 0"; push @iface_config, "mtu $mtu" if $mtu; - push @iface_config, "vrf $vrf"; + push @iface_config, "vrf $vrf_iface"; push(@{$config->{$brvrf}}, @iface_config) if !$config->{$brvrf}; } } -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network 1/7] don't sort interfaces in /etc/network/interfaces.d/sdn
Sometime, ifupdown2 can't handle depend correctly, and interface order is used Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm index 436b103..435e40b 100644 --- a/PVE/Network/SDN/Zones.pm +++ b/PVE/Network/SDN/Zones.pm @@ -113,7 +113,7 @@ sub generate_etc_network_config { } my $raw_network_config = "\#version:$version\n"; -foreach my $iface (sort keys %$config) { +foreach my $iface (keys %$config) { $raw_network_config .= "\n"; $raw_network_config .= "auto $iface\n"; $raw_network_config .= "iface $iface\n"; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network 2/7] restrict zone name to 8 characters
Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/Plugin.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm index 2335d9e..9ea7a50 100644 --- a/PVE/Network/SDN/Zones/Plugin.pm +++ b/PVE/Network/SDN/Zones/Plugin.pm @@ -29,7 +29,7 @@ sub parse_sdn_zone_id { return undef if $noerr; die "zone ID '$id' contains illegal characters\n"; } -die "zone ID '$id' can't be more length than 10 characters\n" if length($id) > 10; +die "zone ID '$id' can't be more length than 8 characters\n" if length($id) > 8; return $id; } -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network 5/7] qinq: use new model + ovs/classic bridge support
Always create a vnet bridge for each vnet, and avoid to tag vm port directly. As we don't manage tap|veth vlan tag in /etc/network/interfaces, this could break on reload if user change vlan value on a vnet. ovs --- eth0--->ovsintport(dot1q-tunnel tag)--->vlanawarebrige-(tag)--->vnet--->vm vlanawarebridge --- eth0vlanawarebrige-(tag)->vlanwarebridge-(tag)->vnet--->vm non-vlanaware bridge eth0--->eth0.x(svlan)--->eth0.x.y(cvlan)>vnet---->vm Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/QinQPlugin.pm | 133 ++-- 1 file changed, 105 insertions(+), 28 deletions(-) diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm index 3f0697f..fe43d42 100644 --- a/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -2,9 +2,9 @@ package PVE::Network::SDN::Zones::QinQPlugin; use strict; use warnings; -use PVE::Network::SDN::Zones::VlanPlugin; +use PVE::Network::SDN::Zones::Plugin; -use base('PVE::Network::SDN::Zones::VlanPlugin'); +use base('PVE::Network::SDN::Zones::Plugin'); sub type { return 'qinq'; @@ -21,6 +21,12 @@ sub properties { description => "mtu", optional => 1, }, + 'vlan-protocol' => { + type => 'string', + enum => ['802.1q', '802.1ad'], + default => '802.1q', + optional => 1, + } }; } @@ -31,6 +37,7 @@ sub options { 'tag' => { optional => 0 }, 'bridge' => { optional => 0 }, 'mtu' => { optional => 1 }, + 'vlan-protocol' => { optional => 1 }, }; } @@ -38,28 +45,113 @@ sub options { sub generate_sdn_config { my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $interfaces_config, $config) = @_; -my $tag = $plugin_config->{tag}; +my $stag = $plugin_config->{tag}; my $mtu = $plugin_config->{mtu}; my $bridge = $plugin_config->{'bridge'}; +my $vlanprotocol = $plugin_config->{'vlan-protocol'}; +my $ctag = $vnet->{tag}; +my $alias = $vnet->{alias}; -die "missing vlan tag" if !$tag; +my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); +my $is_ovs = 1 if !-d "/sys/class/net/$bridge/brif"; -if (!$config->{$zoneid}) { - #zone vlan bridge - my @iface_config = (); +my @iface_config = (); +my $vnet_bridge_ports = ""; + +if($is_ovs) { + +#ovs--->ovsintport(dot1q-tunnel tag)--->vlanawarebrige-(tag)--->vnet + + $vlanprotocol = "802.1q" if !$vlanprotocol; + my $svlan_iface = "sv_".$zoneid; + my $zone = "z_$zoneid"; + + #ovs dot1q-tunnel port + @iface_config = (); + push @iface_config, "ovs_type OVSIntPort"; + push @iface_config, "ovs_bridge $bridge"; + push @iface_config, "ovs_options vlan_mode=dot1q-tunnel tag=$stag other_config:qinq-ethtype=$vlanprotocol"; + push(@{$config->{$svlan_iface}}, @iface_config) if !$config->{$svlan_iface}; + + + #zone vlan aware bridge + @iface_config = (); push @iface_config, "mtu $mtu" if $mtu; push @iface_config, "bridge-stp off"; + push @iface_config, "bridge-ports $svlan_iface"; push @iface_config, "bridge-fd 0"; push @iface_config, "bridge-vlan-aware yes"; push @iface_config, "bridge-vids 2-4094"; - push(@{$config->{$zoneid}}, @iface_config); + push(@{$config->{$zone}}, @iface_config) if !$config->{$zone}; + + $vnet_bridge_ports = "$zone.$ctag"; + +} elsif ($vlan_aware) { + +#vlanawarebrige-(tag)->vlanwarebridge-(tag)->vnet - #main bridge. ifupdown2 will merge it + my $zone = "z_$zoneid"; + + if($vlanprotocol) { + @iface_config = (); + push @iface_config, "bridge-vlan-protocol $vlanprotocol"; + push(@{$config->{$bridge}}, @iface_config) if !$config->{$bridge}; + } + + #zone vlan bridge @iface_config = (); - push @iface_config, "bridge-ports $zoneid.$tag"; - push(@{$config->{$bridge}}, @iface_config); - return $config; -} + push @iface_config, "mtu $mtu" if $mtu; + push @iface_config, "bridge-stp off"; + push @iface_config, "bridge-ports $bridge.$stag"; + push @iface_config, "bridge-fd 0"; + push @iface_config, "bridge-vlan-aware yes"; + push @iface_config, "bridge-vids 2-4094"; + push(@{$config->{$zone}}, @iface_config) if !$config->{$zone}
[pve-devel] [PATCH pve-network 7/7] vxlan: prefix interfaces
vnets can have random name, prefix other interfaces to avoid conflicts Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/VxlanPlugin.pm | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/PVE/Network/SDN/Zones/VxlanPlugin.pm b/PVE/Network/SDN/Zones/VxlanPlugin.pm index ce9aebf..b3ed05f 100644 --- a/PVE/Network/SDN/Zones/VxlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VxlanPlugin.pm @@ -51,6 +51,7 @@ sub generate_sdn_config { my $mac = $vnet->{mac}; my $multicastaddress = $plugin_config->{'multicast-address'}; my @peers = split(',', $plugin_config->{'peers'}) if $plugin_config->{'peers'}; +my $vxlan_iface = "vxlan_$vnetid"; die "missing vxlan tag" if !$tag; @@ -69,15 +70,16 @@ sub generate_sdn_config { push @iface_config, "vxlan_remoteip $address"; } + push @iface_config, "mtu $mtu" if $mtu; -push(@{$config->{"vxlan$vnetid"}}, @iface_config) if !$config->{"vxlan$vnetid"}; +push(@{$config->{$vxlan_iface}}, @iface_config) if !$config->{$vxlan_iface}; #vnet bridge @iface_config = (); push @iface_config, "address $ipv4" if $ipv4; push @iface_config, "address $ipv6" if $ipv6; push @iface_config, "hwaddress $mac" if $mac; -push @iface_config, "bridge_ports vxlan$vnetid"; +push @iface_config, "bridge_ports $vxlan_iface"; push @iface_config, "bridge_stp off"; push @iface_config, "bridge_fd 0"; push @iface_config, "mtu $mtu" if $mtu; -- 2.20.1 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH pve-network 4/7] vlan: use new model
Always create a vnet bridge for each vnet, and avoid to tag vm port directly. As we don't manage tap|veth vlan tag in /etc/network/interfaces, this could break on reload if user change vlan value on a vnet. ovs --- eth0ovs vmbr0--(ovsintport tag)>vnet>vm vlanawarebridge --- eth0vlanaware bridge vmbr0--(vmbr0.X tag)>vnet>vm non-vlanaware bridge keep vmbrXvY for compatibility with existing network eth0<>eth0.Xvmbr0v10--vnet>vm Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/VlanPlugin.pm | 90 +++-- 1 file changed, 59 insertions(+), 31 deletions(-) diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index b0d3784..9d459cd 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -43,34 +43,78 @@ sub generate_sdn_config { my $bridge = $plugin_config->{bridge}; my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); my $is_ovs = 1 if !-d "/sys/class/net/$bridge/brif"; -return if $vlan_aware || $is_ovs; my $tag = $vnet->{tag}; my $alias = $vnet->{alias}; my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu}; -my $bridgevlan = $bridge."v".$tag; -my @bridge_ifaces = (); -my $dir = "/sys/class/net/$bridge/brif"; -PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub { -push @bridge_ifaces, $_[0]; -}); +my $vnet_uplink = "ln_".$vnetid; +my $vnet_uplinkpeer = "pr_".$vnetid; -my $bridge_ports = ""; -$bridge_ports = "none" if scalar(@bridge_ifaces) == 0; +my @iface_config = (); + +if($is_ovs) { + +# keep vmbrXvY for compatibility with existing network +# eth0ovs vmbr0--(ovsintport tag)>vnet>vm + + @iface_config = (); + push @iface_config, "ovs_type OVSIntPort"; + push @iface_config, "ovs_bridge $bridge"; + push @iface_config, "ovs_options tag=$tag"; + push(@{$config->{$vnet_uplink}}, @iface_config) if !$config->{$vnet_uplink}; + + @iface_config = (); + push @iface_config, "ovs_type OVSBridge"; + push @iface_config, "ovs_ports $vnet_uplink"; + push(@{$config->{$bridge}}, @iface_config) if !$config->{$bridge}; -foreach my $bridge_iface (@bridge_ifaces) { - $bridge_ports .= " $bridge_iface.$tag"; +} elsif ($vlan_aware) { +# eth0vlanaware bridge vmbr0--(vmbr0.X tag)>vnet>vm + $vnet_uplink = "$bridge.$tag"; +} else { + +# keep vmbrXvY for compatibility with existing network +# eth0<>eth0.Xvmbr0v10--vnet>vm + + my $bridgevlan = $bridge."v".$tag; + + my @bridge_ifaces = (); + my $dir = "/sys/class/net/$bridge/brif"; + PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub { + push @bridge_ifaces, $_[0]; + }); + + my $bridge_ports = ""; + foreach my $bridge_iface (@bridge_ifaces) { + $bridge_ports .= " $bridge_iface.$tag"; + } + + @iface_config = (); + push @iface_config, "link-type veth"; + push @iface_config, "veth-peer-name $vnet_uplinkpeer"; + push(@{$config->{$vnet_uplink}}, @iface_config) if !$config->{$vnet_uplink}; + + @iface_config = (); + push @iface_config, "link-type veth"; + push @iface_config, "veth-peer-name $vnet_uplink"; + push(@{$config->{$vnet_uplinkpeer}}, @iface_config) if !$config->{$vnet_uplinkpeer}; + + @iface_config = (); + push @iface_config, "bridge_ports $bridge_ports $vnet_uplinkpeer"; + push @iface_config, "bridge_stp off"; + push @iface_config, "bridge_fd 0"; + push(@{$config->{$bridgevlan}}, @iface_config) if !$config->{$bridgevlan}; } -#vnet bridge (keep vmbrXvY for compatibility) -my @iface_config = (); -push @iface_config, "bridge_ports $bridge_ports"; +#vnet bridge +@iface_config = (); +push @iface_config, "bridge_ports $vnet_uplink"; push @iface_config, "bridge_stp off"; push @iface_config, "bridge_fd 0"; push @iface_config, "mtu $mtu" if $mtu; push @iface_config, "alias $alias" if $alias; -push(@{$config->{$bridgevlan}}, @iface_config) if !$config->{$vnetid}; +push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid}; return $config; } @@ -95,22 +139,6 @@ sub status { } } -sub get_bridge_vlan { -my ($class, $plu