[pve-devel] rfc : pve-network : idea to generate and reload config accross the nodes

Alexandre DERUMIER aderumier at odiso.com
Tue Apr 2 06:35:57 CEST 2019 

Hi,

I have rethinked about it, I have (again ;) a new idea for implementation.

The main problem is how to test a change at datacenter level, as we need to test the local configuration of each node.

and it's not currently in /etc/pve  ,  but in /etc/network/interfaces of each node.


I think, something easy, is that we could have a copy of each /etc/network/interfaces of each node in /etc/pve/nodes/<nodename>/interfaces.
(could be done we a change is done in gui local netowrk, or local network daemon copy it at regular interval in case of manual change for example).


Like this, it's very easy, when a network change is one at datacenter level, we can directly test it on all network interfaces of all nodes ( /etc/pve/nodes/*/interfaces). (in the api endpoint),
and then write directly the conf. (no need vnet.new tmp file).

Then the local daemon simply reload the network configuration. 

What do you think about this ?


----- Mail original -----
De: "aderumier" <aderumier at odiso.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Lundi 1 Avril 2019 15:18:51
Objet: Re: [pve-devel] rfc : pve-network : idea to generate and reload config accross the nodes

as alternative, 
we could simply 

manage multiple change in /etc/pve/network/vnet.cfg.new 

apply button -> replace /etc/pve/network/vnet.cfg 

The the local daemon, 
do test (dry-run,....) and report error in his status file. (and it's displayed at network level in datacenter) 
if ok, 
it's apply change, and report error in his status file. 
if ok, update status to ok. 


So, user can wait some seconds, and check the status of nodes at datacenter level. 

Seem to be simplier. What do you think about this ? 



----- Mail original ----- 
De: "Alexandre Derumier" <aderumier at odiso.com> 
À: "dietmar" <dietmar at proxmox.com> 
Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Lundi 1 Avril 2019 15:05:07 
Objet: Re: [pve-devel] rfc : pve-network : idea to generate and reload config accross the nodes 

>>I don't really get why you want to do that? There are so many ways to damage a network, and 
>>I doubt that we can reliable verify that.... 

ifupdown2 have a dry-run too, it's working not too bad (but not 100% complete) 

But I would avoid some basic mistakes, 
like a vlan interface already defined and enslaved in another bridge for example, 
or look to not enslave an interface with ipmanagement in a bridge (try to not break cluster connectivity) 


But I don't want to manage rollback across all nodes. 
(config correctly applied on 1 node, another node fail, I don't want to rollback the first node) 
It's more best effort, if 1 node have failed, it's simply report the error in his status file. 





>>Also, what if some nodes are offline ... 
We could make an exception, if a node is offline (down, network daemon down,...), 
Then don't wait for validation, and apply config. 

Then the local deamon will try to apply config when node is up again. 
In case of error, It'll report it through his status file. 

----- Mail original ----- 
De: "dietmar" <dietmar at proxmox.com> 
À: "Alexandre Derumier" <aderumier at odiso.com>, "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Lundi 1 Avril 2019 12:00:13 
Objet: Re: [pve-devel] rfc : pve-network : idea to generate and reload config accross the nodes 

> maybe better: 
> 
> in gui, at network,datacenter level 
> 
> at each change, make a 
> /etc/pve/networks/vnet.cfg.<randomversion> 
> 
> 
> on local node, the daemon detect the new version,make verification, 
> and update /etc/pve/nodes/<node>/.networkconfigstatus 
> 
> version:<randomversion> verify:ok 

I don't really get why you want to do that? There are so many ways to damage a network, and 
I doubt that we can reliable verify that.... 

Also, what if some nodes are offline ... 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

More information about the pve-devel mailing list