[pve-devel] small dhcp patch review

Wed Sep 11 06:21:58 CEST 2013

> 1) we can use bridge without gateway defined. (this is my production setup, the
> only gateway is for the proxmox host admin ip)
> 
> sub get_dhcp_ifaces {
>     my ($ifaces) = @_;
> 
>     my $dhcp_ifaces = {};
>     foreach my $iface (keys %$ifaces) {
>         next if $iface eq 'lo';
>         my $d = $ifaces->{$iface};
>         next if $d->{method} ne 'static';
>         next if !$d->{address};
>         next if !$d->{netmask};
>         next if !$d->{gateway};  #remove this

OK

> 2) where to defined dhcp options ? (like gateway,..).
>    resources.cfg in ippool seem to be the right place.(I think you have suggested
> this too)

Yes, that is the right place

> 3) maybe send a warning or die if ip configured for the vm is not on the right
> bridge/ippool. (because it'll not get any ip from dhcp server)

I am currently unsure where we store the IP assignment. I currently use 
the VM config file, but there are other options. For example a cluster wide
file /etc/pve/ipallocations which following content:

<vmid>:<bridge>:<IP>
100:vmbr0:192.168.5.100
101:vmbr1:10.0.0.12

> Otherwise, things works fine
> I was also thinking about something (not sure is a good idea):
> 
> As we could restrict user permission to use only some ippool,
> 
> maybe could we extend ipool concept to "virtual network" concept (ip range
> optionnal and also defined if nat|routed|bridge)
> 
> vnetwork: vnetwork_1
>           iprange 192.168.10.100-192.168.10.150
>           comment dhcp bridge
>           dhcp vmbr2
>           type bridge
> 
> vnetwork: vnetwork_2
>           iprange 192.168.2.100-192.168.2.150
>           comment dhcp routed bridge
>           dhcp vmbr3
>           type routed
> 
> vnetwork: vnetwork_3
>           iprange 192.168.3.100-192.168.3.150
>           comment dhcp nat bridge
>           dhcp vmbr4
>           type nat
> 
> vnetwork: vnetwork_4
>           comment simple bridge without dhcp
>           vmbr5
>           type bridge
> 
> 
> then in vm config
> 
> instead
> 
> ,bridge=vmbr2,ip=192.168.10.101
> 
> use
> 
> vnetwork=vnetwork_1,ip=192.168.10.101
> 
> 
> 
> So you can give to a customer an access only to a specific vnetwork, user just
> have to setup ip and don't need to care about bridge name,routed/bridge,vlan.

I need to think about that (some more days).

> and of course we can keep old bridge option to not break current setups.
> 
> What do you think about this ?

We also need a way to define permission for ippools/networks. On thing that
comes in mind is to use VM pools for that (assign one or more 'virtual networks'
to a pool).