[pve-devel] rfc : pve-network : idea to generate and reload config accross the nodes
Stoiko Ivanov
s.ivanov at proxmox.com
Wed Apr 3 20:24:10 CEST 2019
Hi,
Since I'm quite interested in networking I would like to support you
with this topic (and learn new things).
Am still reading up on the theory and our current code (will try to
setup a test-environment soon in order to get some hands-on experience).
Two ideas that came up in my head (not sure if they are good or
sensibly implementable):
* The networking config has the common property with the corosync
configuration (the chicken and egg problem - if it's wrong the
cluster cannot push the corrected config to a broken node) so why
don't we use the same/a similar mechanism for pushing out changes to
the live-config and getting changes from the live-config into the
pmxcfs (if we keep the live-data in pmxcfs we know when a write to it
happens and can copy it over to /etc/network/interfaces(.d) (and run
some ifquery and other tests) before)? Also this would save us from
having yet another daemon running in the background and consuming
resources.
* from a very quick run with ifquery - it has the ability to read an
parse the complete config (including 'source' statements) - so we
could use this to get support for '/etc/network/interfaces.d/*'
snippets to the API and GUI (IIRC there have been a few requests from
users for such a functionality)
Does this make any sense? What do you think?
Looking forward to this topic!
stoiko
On Tue, 2 Apr 2019 06:35:57 +0200 (CEST)
Alexandre DERUMIER <aderumier at odiso.com> wrote:
> Hi,
>
> I have rethinked about it, I have (again ;) a new idea for
> implementation.
>
> The main problem is how to test a change at datacenter level, as we
> need to test the local configuration of each node.
>
> and it's not currently in /etc/pve , but in /etc/network/interfaces
> of each node.
>
>
> I think, something easy, is that we could have a copy of
> each /etc/network/interfaces of each node
> in /etc/pve/nodes/<nodename>/interfaces. (could be done we a change
> is done in gui local netowrk, or local network daemon copy it at
> regular interval in case of manual change for example).
>
>
> Like this, it's very easy, when a network change is one at datacenter
> level, we can directly test it on all network interfaces of all nodes
> ( /etc/pve/nodes/*/interfaces). (in the api endpoint), and then write
> directly the conf. (no need vnet.new tmp file).
>
> Then the local daemon simply reload the network configuration.
>
> What do you think about this ?
>
>
> ----- Mail original -----
> De: "aderumier" <aderumier at odiso.com>
> À: "pve-devel" <pve-devel at pve.proxmox.com>
> Envoyé: Lundi 1 Avril 2019 15:18:51
> Objet: Re: [pve-devel] rfc : pve-network : idea to generate and
> reload config accross the nodes
>
> as alternative,
> we could simply
>
> manage multiple change in /etc/pve/network/vnet.cfg.new
>
> apply button -> replace /etc/pve/network/vnet.cfg
>
> The the local daemon,
> do test (dry-run,....) and report error in his status file. (and it's
> displayed at network level in datacenter) if ok,
> it's apply change, and report error in his status file.
> if ok, update status to ok.
>
>
> So, user can wait some seconds, and check the status of nodes at
> datacenter level.
>
> Seem to be simplier. What do you think about this ?
>
>
>
> ----- Mail original -----
> De: "Alexandre Derumier" <aderumier at odiso.com>
> À: "dietmar" <dietmar at proxmox.com>
> Cc: "pve-devel" <pve-devel at pve.proxmox.com>
> Envoyé: Lundi 1 Avril 2019 15:05:07
> Objet: Re: [pve-devel] rfc : pve-network : idea to generate and
> reload config accross the nodes
>
> >>I don't really get why you want to do that? There are so many ways
> >>to damage a network, and I doubt that we can reliable verify
> >>that....
>
> ifupdown2 have a dry-run too, it's working not too bad (but not 100%
> complete)
>
> But I would avoid some basic mistakes,
> like a vlan interface already defined and enslaved in another bridge
> for example, or look to not enslave an interface with ipmanagement in
> a bridge (try to not break cluster connectivity)
>
>
> But I don't want to manage rollback across all nodes.
> (config correctly applied on 1 node, another node fail, I don't want
> to rollback the first node) It's more best effort, if 1 node have
> failed, it's simply report the error in his status file.
>
>
>
>
>
> >>Also, what if some nodes are offline ...
> We could make an exception, if a node is offline (down, network
> daemon down,...), Then don't wait for validation, and apply config.
>
> Then the local deamon will try to apply config when node is up again.
> In case of error, It'll report it through his status file.
>
> ----- Mail original -----
> De: "dietmar" <dietmar at proxmox.com>
> À: "Alexandre Derumier" <aderumier at odiso.com>, "pve-devel"
> <pve-devel at pve.proxmox.com> Envoyé: Lundi 1 Avril 2019 12:00:13
> Objet: Re: [pve-devel] rfc : pve-network : idea to generate and
> reload config accross the nodes
>
> > maybe better:
> >
> > in gui, at network,datacenter level
> >
> > at each change, make a
> > /etc/pve/networks/vnet.cfg.<randomversion>
> >
> >
> > on local node, the daemon detect the new version,make verification,
> > and update /etc/pve/nodes/<node>/.networkconfigstatus
> >
> > version:<randomversion> verify:ok
>
> I don't really get why you want to do that? There are so many ways to
> damage a network, and I doubt that we can reliable verify that....
>
> Also, what if some nodes are offline ...
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list