[pve-devel] small dhcp patch review

Dietmar Maurer dietmar at proxmox.com
Wed Sep 11 06:21:58 CEST 2013

> 1) we can use bridge without gateway defined. (this is my production setup, the
> only gateway is for the proxmox host admin ip)
> sub get_dhcp_ifaces {
>     my ($ifaces) = @_;
>     my $dhcp_ifaces = {};
>     foreach my $iface (keys %$ifaces) {
>         next if $iface eq 'lo';
>         my $d = $ifaces->{$iface};
>         next if $d->{method} ne 'static';
>         next if !$d->{address};
>         next if !$d->{netmask};
>         next if !$d->{gateway};  #remove this


> 2) where to defined dhcp options ? (like gateway,..).
>    resources.cfg in ippool seem to be the right place.(I think you have suggested
> this too)

Yes, that is the right place
> 3) maybe send a warning or die if ip configured for the vm is not on the right
> bridge/ippool. (because it'll not get any ip from dhcp server)

I am currently unsure where we store the IP assignment. I currently use 
the VM config file, but there are other options. For example a cluster wide
file /etc/pve/ipallocations which following content:


> Otherwise, things works fine
> I was also thinking about something (not sure is a good idea):
> As we could restrict user permission to use only some ippool,
> maybe could we extend ipool concept to "virtual network" concept (ip range
> optionnal and also defined if nat|routed|bridge)
> vnetwork: vnetwork_1
>           iprange
>           comment dhcp bridge
>           dhcp vmbr2
>           type bridge
> vnetwork: vnetwork_2
>           iprange
>           comment dhcp routed bridge
>           dhcp vmbr3
>           type routed
> vnetwork: vnetwork_3
>           iprange
>           comment dhcp nat bridge
>           dhcp vmbr4
>           type nat
> vnetwork: vnetwork_4
>           comment simple bridge without dhcp
>           vmbr5
>           type bridge
> then in vm config
> instead
> ,bridge=vmbr2,ip=
> use
> vnetwork=vnetwork_1,ip=
> So you can give to a customer an access only to a specific vnetwork, user just
> have to setup ip and don't need to care about bridge name,routed/bridge,vlan.

I need to think about that (some more days).
> and of course we can keep old bridge option to not break current setups.
> What do you think about this ?

We also need a way to define permission for ippools/networks. On thing that
comes in mind is to use VM pools for that (assign one or more 'virtual networks'
to a pool).

More information about the pve-devel mailing list