[pdm-devel] [PATCH proxmox-datacenter-manager 03/13] api: sdn: add create_zone endpoint

Stefan Hanreich s.hanreich at proxmox.com
Fri Feb 28 16:17:53 CET 2025 

This endpoint is used for creating a new EVPN zone on multiple
remotes. It does the following actions when creating a new EVPN zone:

* lock the sdn configuration of all involved remotes
  * if it fails, release the lock on all remotes and return
    unsuccessfully
* invoke the API endpoints to create the new EVPN zone
  * if it fails, no further changes will be made to the remote and the
    configuration will stay locked, no rollbacks
* apply the configuration on all remotes where the changes were
  successful
  * any errors during applying the configuration on a remote will be
    logged
  * the configuration will stay locked if applying the configuration
    fails
* reload the network configuration on all nodes where applying was
  successful

Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
 lib/pdm-api-types/src/sdn.rs |  61 +++++++++++++++++++
 lib/pdm-client/src/lib.rs    |   7 +++
 server/src/api/sdn/zones.rs  | 111 +++++++++++++++++++++++++++++++++--
 3 files changed, 173 insertions(+), 6 deletions(-)

diff --git a/lib/pdm-api-types/src/sdn.rs b/lib/pdm-api-types/src/sdn.rs
index 28b20c5..2f72bca 100644
--- a/lib/pdm-api-types/src/sdn.rs
+++ b/lib/pdm-api-types/src/sdn.rs
@@ -4,6 +4,67 @@ use serde::{Deserialize, Serialize};
 
 use crate::remotes::REMOTE_ID_SCHEMA;
 
+pub const VXLAN_ID_SCHEMA: Schema = IntegerSchema::new("VXLAN VNI")
+    .minimum(1)
+    .maximum(16777215)
+    .schema();
+
+const_regex! {
+    SDN_ID_FORMAT = "[a-zA-Z][a-zA-Z]{0,7}";
+}
+
+pub const SDN_ID_SCHEMA: Schema = StringSchema::new("The name for an SDN object.")
+    .min_length(1)
+    .max_length(8)
+    .format(&ApiStringFormat::Pattern(&SDN_ID_FORMAT))
+    .schema();
+
+#[api(
+    properties: {
+        remote: {
+            schema: REMOTE_ID_SCHEMA,
+        },
+        controller: {
+            schema: SDN_ID_SCHEMA,
+        },
+    }
+)]
+/// Describes the remote-specific informations for creating a new zone.
+#[derive(Clone, Debug, Serialize, Deserialize)]
+#[serde(rename_all = "kebab-case")]
+pub struct CreateZoneRemote {
+    pub remote: String,
+    pub controller: String,
+}
+
+#[api(
+    properties: {
+        "vrf-vxlan": {
+            schema: VXLAN_ID_SCHEMA,
+            optional: true,
+        },
+        remotes: {
+            type: Array,
+            description: "List of remotes and the controllers with which the zone should get created.",
+            items: {
+                type: CreateZoneRemote,
+            }
+        },
+        zone: {
+            schema: SDN_ID_SCHEMA,
+        },
+    }
+)]
+/// Contains the information for creating a new zone as well as information about the remotes where
+/// the zone should get created.
+#[derive(Clone, Debug, Serialize, Deserialize)]
+#[serde(rename_all = "kebab-case")]
+pub struct CreateZoneParams {
+    pub zone: String,
+    pub vrf_vxlan: Option<u32>,
+    pub remotes: Vec<CreateZoneRemote>,
+}
+
 #[api(
     properties: {
         remote: {
diff --git a/lib/pdm-client/src/lib.rs b/lib/pdm-client/src/lib.rs
index 355d3ac..bd6ca63 100644
--- a/lib/pdm-client/src/lib.rs
+++ b/lib/pdm-client/src/lib.rs
@@ -58,6 +58,7 @@ pub mod types {
 
     pub use pve_api_types::PveUpid;
 
+    pub use pdm_api_types::sdn::{CreateZoneParams, ListZone};
     pub use pve_api_types::ListZonesType;
 }
 
@@ -861,6 +862,12 @@ impl<T: HttpApiClient> PdmClient<T> {
 
         Ok(self.0.get(&path).await?.expect_json()?.data)
     }
+
+    pub async fn pve_sdn_create_zone(&self, params: CreateZoneParams) -> Result<String, Error> {
+        let path = "/api2/extjs/sdn/zones";
+
+        Ok(self.0.post(path, &params).await?.expect_json()?.data)
+    }
 }
 
 /// Builder for migration parameters.
diff --git a/server/src/api/sdn/zones.rs b/server/src/api/sdn/zones.rs
index 4b08736..abdc737 100644
--- a/server/src/api/sdn/zones.rs
+++ b/server/src/api/sdn/zones.rs
@@ -1,13 +1,23 @@
-use anyhow::Error;
+use anyhow::{format_err, Error};
 use pbs_api_types::REMOTE_ID_SCHEMA;
-use pdm_api_types::{remotes::RemoteType, sdn::ListZone};
-use proxmox_router::Router;
+use pdm_api_types::{
+    remotes::RemoteType,
+    sdn::{CreateZoneRemote, ListZone, SDN_ID_SCHEMA, VXLAN_ID_SCHEMA},
+    Authid,
+};
+use proxmox_rest_server::WorkerTask;
+use proxmox_router::{Router, RpcEnvironment};
 use proxmox_schema::api;
-use pve_api_types::ListZonesType;
+use pve_api_types::{CreateZone, ListZonesType};
 
-use crate::api::pve::{connect, get_remote};
+use crate::{
+    api::pve::{connect, get_remote},
+    sdn_client::{apply_sdn_configuration, create_locked_clients},
+};
 
-pub const ROUTER: Router = Router::new().get(&API_METHOD_LIST_ZONES);
+pub const ROUTER: Router = Router::new()
+    .get(&API_METHOD_LIST_ZONES)
+    .post(&API_METHOD_CREATE_ZONE);
 
 #[api(
     input: {
@@ -76,3 +86,92 @@ pub async fn list_zones(
 
     Ok(result)
 }
+
+#[api(
+    input: {
+        properties: {
+            zone: { schema: SDN_ID_SCHEMA },
+            "vrf-vxlan": {
+                schema: VXLAN_ID_SCHEMA,
+                optional: true,
+            },
+            remotes: {
+                type: Array,
+                description: "List of remotes with their controller where zone should get created.",
+                items: {
+                    type: CreateZoneRemote
+                }
+            },
+        },
+    },
+    returns: { type: String, description: "Worker UPID" },
+)]
+/// Create a zone across multiple remotes
+async fn create_zone(
+    zone: String,
+    vrf_vxlan: Option<u32>,
+    remotes: Vec<CreateZoneRemote>,
+    rpcenv: &mut dyn RpcEnvironment,
+) -> Result<String, Error> {
+    let auth_id: Authid = rpcenv
+        .get_auth_id()
+        .ok_or_else(|| format_err!("no authid available"))?
+        .parse()?;
+
+    let upid = WorkerTask::spawn(
+        "create_zone",
+        None,
+        auth_id.to_string(),
+        false,
+        move |_worker| async move {
+            let mut locked_clients =
+                create_locked_clients(remotes.iter().map(|remote| remote.remote.clone())).await?;
+
+            for CreateZoneRemote { remote, controller } in remotes {
+                let create_zone = CreateZone {
+                    zone: zone.clone(),
+                    vrf_vxlan,
+                    controller: Some(controller.clone()),
+                    ty: ListZonesType::Evpn,
+                    advertise_subnets: None,
+                    bridge: None,
+                    bridge_disable_mac_learning: None,
+                    dhcp: None,
+                    disable_arp_nd_suppression: None,
+                    dns: None,
+                    dnszone: None,
+                    dp_id: None,
+                    exitnodes: None,
+                    exitnodes_local_routing: None,
+                    exitnodes_primary: None,
+                    ipam: None,
+                    mac: None,
+                    mtu: None,
+                    nodes: None,
+                    peers: None,
+                    reversedns: None,
+                    rt_import: None,
+                    tag: None,
+                    vlan_protocol: None,
+                    vxlan_port: None,
+                    lock_secret: None,
+                };
+
+                let client = locked_clients
+                    .get(&remote)
+                    .expect("client has been created for remote");
+
+                proxmox_log::info!("creating zone {zone} on remote {remote}");
+
+                if let Err(error) = client.create_zone(create_zone).await {
+                    proxmox_log::error!("could not create vnet for remote {remote}: {error:#}",);
+                    locked_clients.remove(&remote);
+                }
+            }
+
+            apply_sdn_configuration(locked_clients).await
+        },
+    )?;
+
+    Ok(upid)
+}
-- 
2.39.5

More information about the pdm-devel mailing list