[pve-devel] [PATCH network v3 0/5] Add global locking and configuration rollback to SDN configuration

Tue Jul 29 11:29:28 CEST 2025

## Introduction

This patch series lays the groundwork for the Proxmox Datacenter Manager
SDN/EVPN integration on the Proxmox VE side by introducing global locking for
the SDN configuration. It is intended to be used by the PDM implementation to
prevent concurrent changes to the SDN configuration, while the datacenter
manager is making configuration changes.

## How it works

This patch series adds three new API calls:

* POST /cluster/sdn/lock
* DELETE /cluster/sdn/lock
* POST /cluster/sdn/rollback

The SDN configuration can be locked by invoking the lock endpoint, which returns
a lock-token when the configuration has been locked successfully. This
lock-token needs to be used for subsequent API calls that perform configuration
changes. For this purpose, a new parameter has been added to all SDN API
endpoints that perform configuration changes. If the lock is currently set, then
API callers have to provide the lock-token in order for the API endpoints to
work. If there is no global lock set, then the endpoints work the same as
before.

The lock-token is stored in a new file in the pmxcfs: `/etc/pve/sdn/.lock`.

The lock can be released automatically on applying, where I added a flag that
governs whether the global lock should automatically be released on applying the
configuration. Otherwise the lock can always be removed by the release endpoint,
which has a force flag for forcibly releasing the lock without providing the
token.

In order to provide an escape hatch in the case of errors on the PDM side, I
added the functionality of rolling back to the current running configuration,
which has not been possible before. This endpoint throws away all pending
changes. This saves us from introducing a third layer of configuration files,
while also adding a new feature to the existing SDN stack, where one had to
tediously revert all changes one-by-one if one wanted to rollback to the running
configuration. We could consider doing this automatically in the future from
PDM, or at least expose it as opt-in behavior in the PDM settings.

For now, in case of failures, users have to manually unlock the SDN
configuration and then rollback using the following API endpoints:

  pvesh delete /cluster/sdn/lock --force 1
  pvesh create /cluster/sdn/rollback

If we want to introduce automatic rollback, implementing it this way saves us
from having to manually revert every single change we make. We lock the SDN
configuration only if there are no pending changes (the lock endpoint includes a
flag that governs this behavior), then proceed to make our changes. If we run
into any error we can be sure that only the changes we made to the SDN
configuration are pending, so this enables us to safely roll back the
configuration changes we made and unlock the SDN configuration.

## Changelog:

v2, thanks @Stefan and @Thomas:
 * rename secret -> token
 * use UUIDv7 instead of random string

v1, thanks @Stefan and @Thomas:
 * rebase to trixie
 * remove lock file from pmxcfs (just use file_get_contents, file_set_contents)
 * change to a domain-lock like in the ha-stack
 * implement rollback and locking for the fabrics

network:

Stefan Hanreich (5):
  sdn: add global lock for configuration
  api: add lock-token parameter to all api calls
  api: add lock token parameter to apply endpoint
  api: add lock and release endpoints for global configuration lock
  api: add rollback endpoint

 debian/control                                |   1 +
 src/PVE/API2/Network/SDN.pm                   | 169 +++++++++++++++++-
 src/PVE/API2/Network/SDN/Controllers.pm       |  21 ++-
 src/PVE/API2/Network/SDN/Dns.pm               |  21 ++-
 src/PVE/API2/Network/SDN/Fabrics/Fabric.pm    |   8 +
 .../API2/Network/SDN/Fabrics/FabricNode.pm    |   9 +
 src/PVE/API2/Network/SDN/Ipams.pm             |  21 ++-
 src/PVE/API2/Network/SDN/Subnets.pm           |  22 ++-
 src/PVE/API2/Network/SDN/Vnets.pm             |  21 ++-
 src/PVE/API2/Network/SDN/Zones.pm             |  21 ++-
 src/PVE/Network/SDN.pm                        |  86 ++++++++-
 src/PVE/Network/SDN/Fabrics.pm                |   2 +
 12 files changed, 382 insertions(+), 20 deletions(-)

Summary over all repositories:
  12 files changed, 382 insertions(+), 20 deletions(-)

-- 
Generated by git-murpp 0.8.0