[pve-devel] small dhcp patch review

Alexandre DERUMIER aderumier at odiso.com
Wed Sep 11 07:58:09 CEST 2013 

>>I am currently unsure where we store the IP assignment. I currently use 
>>the VM config file, but there are other options. For example a cluster wide 
>>file /etc/pve/ipallocations which following content: 
>
>
>><vmid>:<bridge>:<IP> 
>>100:vmbr0:192.168.5.100 
>>101:vmbr1:10.0.0.12 

I think you need to define nic too ?
(But maybe in gui is better to have it on vm nic config ? like openvz ?)





>>I need to think about that (some more days). 
Yes, sure, no problem. (I'm bit busy for the moment )


for nat and routed, we could also do it like this, without need to configure a bridge in /etc/network/interfaces

vnetwork: vnetwork_2 
          iprange 192.168.2.100-192.168.2.150 
          gateway 192.168.2.1
          comment dhcp routed bridge 
          type routed|nat

then create the bridge dynamicaly (named vnetwork_2) , with gateway adress as static ip



>>We also need a way to define permission for ippools/networks. On thing that 
>>comes in mind is to use VM pools for that (assign one or more 'virtual networks' 
>>to a pool). 
Yes, I think it could do the job.
Customer have vm pools, and can only choose the 'virtual networks' assigned to the pool.


I'll be offline the next 2 days,going to move servers to a new datacenter. 




offtopic:

I find an old interview of Martin here:
http://www.montanalinux.org/proxmox-ve-martin-interview.html
Martin: Dietmar (my brother and CTO at Proxmox) is a Linux developer from the early beginning. He started with programming a Commodore VIC-20 (oh, we are getting old), and later moved as everyone did to the C64. After that he invested all of his money in an Amiga 1000, eventually moving on to the first i386 PC. "

This remember me old good days when I was 6 year old ;) (I had also a VIC-20, C64 and AMIGA500 a little bit later).
10 PRINT "HELLO"
20 GOTO 10


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com>, "pve.proxmox.com" <pve-devel at pve.proxmox.com> 
Envoyé: Mercredi 11 Septembre 2013 06:21:58 
Objet: RE: [pve-devel] small dhcp patch review 

> 1) we can use bridge without gateway defined. (this is my production setup, the 
> only gateway is for the proxmox host admin ip) 
> 
> sub get_dhcp_ifaces { 
> my ($ifaces) = @_; 
> 
> my $dhcp_ifaces = {}; 
> foreach my $iface (keys %$ifaces) { 
> next if $iface eq 'lo'; 
> my $d = $ifaces->{$iface}; 
> next if $d->{method} ne 'static'; 
> next if !$d->{address}; 
> next if !$d->{netmask}; 
> next if !$d->{gateway}; #remove this 

OK 


> 2) where to defined dhcp options ? (like gateway,..). 
> resources.cfg in ippool seem to be the right place.(I think you have suggested 
> this too) 

Yes, that is the right place 

> 3) maybe send a warning or die if ip configured for the vm is not on the right 
> bridge/ippool. (because it'll not get any ip from dhcp server) 

I am currently unsure where we store the IP assignment. I currently use 
the VM config file, but there are other options. For example a cluster wide 
file /etc/pve/ipallocations which following content: 

<vmid>:<bridge>:<IP> 
100:vmbr0:192.168.5.100 
101:vmbr1:10.0.0.12 

> Otherwise, things works fine 
> I was also thinking about something (not sure is a good idea): 
> 
> As we could restrict user permission to use only some ippool, 
> 
> maybe could we extend ipool concept to "virtual network" concept (ip range 
> optionnal and also defined if nat|routed|bridge) 
> 
> vnetwork: vnetwork_1 
> iprange 192.168.10.100-192.168.10.150 
> comment dhcp bridge 
> dhcp vmbr2 
> type bridge 
> 
> vnetwork: vnetwork_2 
> iprange 192.168.2.100-192.168.2.150 
> comment dhcp routed bridge 
> dhcp vmbr3 
> type routed 
> 
> vnetwork: vnetwork_3 
> iprange 192.168.3.100-192.168.3.150 
> comment dhcp nat bridge 
> dhcp vmbr4 
> type nat 
> 
> vnetwork: vnetwork_4 
> comment simple bridge without dhcp 
> vmbr5 
> type bridge 
> 
> 
> then in vm config 
> 
> instead 
> 
> ,bridge=vmbr2,ip=192.168.10.101 
> 
> use 
> 
> vnetwork=vnetwork_1,ip=192.168.10.101 
> 
> 
> 
> So you can give to a customer an access only to a specific vnetwork, user just 
> have to setup ip and don't need to care about bridge name,routed/bridge,vlan. 

I need to think about that (some more days). 

> and of course we can keep old bridge option to not break current setups. 
> 
> What do you think about this ? 

We also need a way to define permission for ippools/networks. On thing that 
comes in mind is to use VM pools for that (assign one or more 'virtual networks' 
to a pool).

More information about the pve-devel mailing list