[pve-devel] pve-network : new proposal for apply/reload config

Dietmar Maurer dietmar at proxmox.com
Tue May 7 06:35:45 CEST 2019 

comment inline ...

> I have rethinked about reloading config, without extra daemon:
> 
> 
> "
> datacenter level:
>    -commit config :  - mv /etc/pve/networks.cfg.new /etc/pve/networks.cfg
>                      - call each (online) node reload api.
> 
> 
> local node:
>       reload api:  -> generate /etc/network/interfaces.d/vnet
>                       merge pending /etc/network/interfaces.new to /etc/network/interfaces
>                       ifreload -a  (2minutes for 2000 vnets, but take 15s at boot ( ifup -a --perfmode)
> )
> 
>                     
> pvestatd:
> 
>  get running config : ifquery -a -r    (15second for 2000vnets -> maybe make a cache(cron?otherdaemon?) to not block pvestatd ?)

Inside pvestad, you can do a fork() to avoid blocking other things.

>  for each vnet and vnet bridge-ports
>       compare running_config with /etc/network/interfaces.d/vnet
>       status: ok / error (vnet missing, or different config(vlan tag,...)) -> broadcast status
>  

worth to try. Maybe simply write the result to a file on /etc/pve?

> (they are also a "ifquery -c <int>" to compare running and configuration, but it's interface by interface, and maybe more slower,
> so it could be used to have an accurate detail on a specific vnet in the gui)
>       
> Error should occur because a conflict with a local setting (already used vlan, missing uplink-id,...)
> So user can easy see errors from pvestatd status for each vnet. (displayed in the tree ?).
> then for fix error, user go the local network configuration, do local network fix changes,
> and call reload api again.
> 
> If the node was offline when we have commit network config, the vnets will also be displayed in error (different config, missing vnet,...),

I thought we can apply pending changes when a node starts up?

> so user can also reload it manually from local config.
> 
> "
> 
> 
> I think this give more control to user, and avoid to have a background daemon reloading networking. (More simpler to fix error, avoid reload loop,....)
> 
> What do you think about this ?

Sounds good. Now there is less magic, and the admin has more control ...

More information about the pve-devel mailing list