https://lore.proxmox.com/pve-devel/20250716151815.348161-1-s.hanre...@proxmox.com/
On 7/9/25 21:45, Stefan Hanreich wrote:
> This patch series contains the following features:
> * transparent altname support for {pve, proxmox}-firewall and pve-network
> * pveeth tool for pinning NIC names
>
> Both are features aimed at mitigating the fallout caused from changing network
> interface names. Sending it as an RFC, since I will be gone for a few days and
> wanted to publish my current state to start some discussion on the approaches
> I've taken with the tools and possible additions / changes. Nothing in here is
> final or particularly polished.
>
> Both patch series only received rudimentary testing and are work in progress,
> so
> use at your own risk, I am not responsible for any broken hosts / VMs.
>
> For more information on the pveeth tool, see the respective commit.
>
> TODO:
> * possibly change wakeonlan setting in node config
> * decide on how to handle host.fw / cluster.fw:
>
> cluster.fw cannot be automatically updated, since the generated mapping might
> differ from the one generated on other nodes. One possibility would be to
> generate the mapping for the NICs one-by-one on each host, thus ensuring a
> consistent name on all nodes. Then add a flag that overwrites cluster.fw.
>
> cluster/host.fw is the only configuration file that gets applied immediately
> when updating it, since the firewall continously polls this file and applies
> the
> settings. We could add the new name as altname via ip link, ensuring that the
> firewall rules still work before *and* after reboot. Shouldn't be too hard to
> add (possibly with a flag). This is possible because of the new altname
> support
> {pve, proxmox}-firewall.
>
> * update detection of physical NICs
>
> We currently rely on the PHYSICAL_NIC_RE to detect physical network
> interfaces.
> We could instead use the ip link output for determining whether an interface
> is
> physical or not. This works in every case, except for PullMetric.pm. For this
> we
> could introduce another variable and fall back on the old logic depending on
> its
> existence. Maybe some one with more knowledge on the metrics system can chime
> in
> here. I have patches for this on my staff repo in case you are interested:
>
> pve-manager:physical-nic-re
> pve-common:physical-nic-re
>
> pve-common:
>
> Stefan Hanreich (2):
> network: add ip link and altname helpers
> network: add nic prefix to physical nic regex
>
> src/PVE/Network.pm | 47 +++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 46 insertions(+), 1 deletion(-)
>
>
> proxmox-ve-rs:
>
> Stefan Hanreich (1):
> config: ip link struct
>
> proxmox-ve-config/src/host/mod.rs | 1 +
> proxmox-ve-config/src/host/network.rs | 35 +++++++++++++++++++++++++++
> 2 files changed, 36 insertions(+)
> create mode 100644 proxmox-ve-config/src/host/network.rs
>
>
> proxmox-firewall:
>
> Stefan Hanreich (1):
> firewall: add altname support for firewall rules
>
> proxmox-firewall/src/config.rs | 29 +++++++++++++++++++++
> proxmox-firewall/src/rule.rs | 6 ++++-
> proxmox-firewall/tests/integration_tests.rs | 7 +++++
> 3 files changed, 41 insertions(+), 1 deletion(-)
>
>
> pve-firewall:
>
> Stefan Hanreich (1):
> firewall: add altname support
>
> src/PVE/Firewall.pm | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
>
> pve-network:
>
> Stefan Hanreich (1):
> controllers: isis: add altname support
>
> src/PVE/Network/SDN/Controllers/IsisPlugin.pm | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
>
> pve-manager:
>
> Stefan Hanreich (1):
> cli: add pveeth
>
> PVE/CLI/Makefile | 1 +
> PVE/CLI/pveeth.pm | 538 ++++++++++++++++++++++++++++++++++++++++++++++
> bin/Makefile | 5 +
> bin/pveeth | 8 +
> 4 files changed, 552 insertions(+)
> create mode 100644 PVE/CLI/pveeth.pm
> create mode 100644 bin/pveeth
>
>
> Summary over all repositories:
> 12 files changed, 684 insertions(+), 5 deletions(-)
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
