[pve-devel] sdn: looking to unify .cfg files, need opinions about config format
alexandre derumier
aderumier at odiso.com
Tue Apr 20 09:51:30 CEST 2021
Hi Thomas!
On 18/04/2021 19:01, Thomas Lamprecht wrote:
> On 12.01.21 10:19, aderumier at odiso.com wrote:
>> Hi,
>>
>> I'm looking to unify sdn .cfg files with only 1 file,
>> with something different than section config format.
>>
>> We have relationship like zones->vnets->subnets,
>> so I was thinking about something like this:
>>
>>
>>
>> [zone myzone]
>> type: vxlan
>> option1: xxx
>> option2: xxx
>> [[vnet myvnet]]
>> option1: xxx
>> option2: xxx
>> [[[subnet 10.0.0.0/8]]]
>> option1: xxx
>> option2: xxx
>>
>>
>> [controller mycontroller]
>> type: evpn
>> option1: xxx
>> option2: xxx
>>
>> [dns mydns]
>> type: powerdns
>> option1: xxx
>> option2: xxx
>>
>>
>> What do you think about this ?
> That looks like section config, just spelled differently?
>
> But yes, the way section config does schema and types are not ideal when combined
> with quite different things.
>
> Maybe we should really just go the simple way and keep it separated for now.
>
> For zones it works good this way, there exist different types and we can use that as
> section config type. Subnets and vnets could be combined as vnets are really not that
> specially I guess?
I think that maybe the only thing that could be improve is indeed
subnets/vnets.
currently, we can have same subnet range defined on zones.
but they are really different object, as gateway or other subnet option
can be different,
that's why I'm doing concatenate zone+subnet to have a unique subnetid,
something like
subnet: zone1-192.168.0.0-24
vnet vnet1
gateway 192.168.0.1
subnet: zone2-192.168.0.0-24
vnet vnet2
gateway 192.168.0.254
It's not bad, but maybe it could be better, with defining subnet
somewhere inside the vnet directly.
Not sure how the config format should be to handle this ?
>
> We had a mail about what would be Ok to merge, but I do not remember/find it anymore...
Small reminder of other related patches:
pve-network:
[pve-devel] [PATCH pve-network 0/2] evpn && bgp improvements
https://www.mail-archive.com/pve-devel@lists.proxmox.com/msg03265.html
(2 small patches)
pve-manager:
[PATCH V11 pve-manager 1/1] sdn: add subnet/ipam/sdn management
https://www.mail-archive.com/pve-devel@lists.proxmox.com/msg02746.html
(I had merged and rebased the differents patches from previous series)
pve-cluster:
[PATCH V5 pve-cluster 0/5] sdn : add subnets management
https://lists.proxmox.com/pipermail/pve-devel/2020-September/045284.html
pve-common:
INotify: add support for dummy interfaces type
(this is a small patch for ebgp loopback/dummy interface support)
https://www.mail-archive.com/pve-devel@lists.proxmox.com/msg01755.html
pve-container: (maybe we could wait a little bit to finish qemu support too)
[PATCH pve-container] add ipam support
https://lists.proxmox.com/pipermail/pve-devel/2021-January/046609.html
>> Another way could be a simple yaml config file. (but I think it's not
>> really matching currents proxmox configs formats)
>>
> I do not like yaml to much, it looks simple first but can do way to much (turing
> complete, IIRC) and we do not really use it anywhere atm., so that would mean lots
> of new tooling/work to do to handle it sanely and as first-class citizen in PVE
> stack...
>
> My goal would be to do a pve-network bump at end of next week, and for that we
> need pve-cluster bump.
>
> Currently there we get three new configs:
>
> 1. ipams, different management plugins (types), so OK to be own section config
> 2. dns, different, APIs/DNS servers (types), so OK to be own section config
> 3. subnets, only one type, or?
subnet only 1 type indeed
> hmm, rethinking this now it could be OK to keep as is... While subnets could
> possibly be merged into vnets, there's a mediocre benefit there, API could
> maybe even get more complicated?
not sure about api, but if current config format with subnetid is ok for
you, it's ok for me ;)
> If we'd bump now the biggest thing missing is applying an IP to a VM and CT.
>
> For a CT we can quite easily do it.
yes, I have already send patches, maybe it need more testing.
>
> For a VM we could even need to support different ways?
>
> * DHCP (?)
for dhcp, It'll be more difficult for bridged setup, as we need an 1 by
subnet.
for routed setup, it's more easy.
I think we should see that later, I have an idea about managing some
kind of
gateways edges vms/appliance feature like vmware nsx edge gateway.
https://bugzilla.proxmox.com/show_bug.cgi?id=3382
where you could manage this kind of central service (dhcp, vpn, nat 1:1,
balancing,...).
(a lot of users use pfsense for exemple or other gateway applicance, my
idea is to manage this kind of appliance through api, or maybe manage
our own appliance)
This should works with any kind of network, bridged/routed, or any zone
(vlan/vxlan/...)
But It's a big thing, so later ;)
> * cloudinit
yes, this is my current plan.
offline, it's easy;
online, it's more difficult.
That's why I was working on cloudinit too recently, with pending
features,...
I need to do more test with ipam + ipconfig in pending state (if user
try to rollback,...)
Also, cloudinit is a little bit tricky to apply changes online, but it's
possible at least on linux with some udev rules.
That's why I'm also playing with opennebula context agent
https://github.com/OpenNebula/addon-context-linux
https://github.com/OpenNebula/addon-context-windows
This is doing the same thing than cloudinit (I have added configdrive
format recently), but with simply bash scripts + udev rules for online
change. It's working very well.
I wonder if at the end, we shouldn't have similar proxmox daemon (or
maybe fork it,
https://github.com/aderumier/addon-context-linux/commits/proxmox ;) to
have true online changes. (adding udev rules for hotplug mem/cpu ,extend
disk/lvm partition, do network config changes,...)
Cloud-init is really done to bootstrap the vm, but online changes are
still tricky.
> * would the qemu-guest-agent work too?
This is a good question. I don't known if we can write config file with
qemu-guest-agent.
>
> IMO that's the biggest thing left, or what do you think?
>
yes, qemu is the biggest thing.
I think that the sdn part itself (zone/vnets/subnets/...) are working fine.
More information about the pve-devel
mailing list