## Introduction This patch series lays the groundwork for the Proxmox Datacenter Manager SDN/EVPN integration on the Proxmox VE side by introducing global locking for the SDN configuration. It is intended to be used by the PDM implementation to prevent concurrent changes to the SDN configuration, while the datacenter manager is making configuration changes.
## How it works This patch series adds three new API calls: * POST /cluster/sdn/lock * DELETE /cluster/sdn/lock * POST /cluster/sdn/rollback The SDN configuration can be locked by invoking the lock endpoint, which returns a lock-secret when the configuration has been locked successfully. This lock-secret needs to be used for subsequent API calls that perform configuration changes. For this purpose, a new parameter has been added to all SDN API endpoints that perform configuration changes. If the lock is currently set, then API callers have to provide the lock-secret in order for the API endpoints to work. If there is no global lock set, then the endpoints work the same as before. The lock-secret is stored in a new file in the pmxcfs: `/etc/pve/sdn/.lock`. The lock can be released automatically on applying, where I added a flag that governs whether the global lock should automatically be released on applying the configuration. Otherwise the lock can always be removed by the release endpoint, which has a force flag for forcibly releasing the lock without providing the secret. In order to provide an escape hatch in the case of errors on the PDM side, I added the functionality of rolling back to the current running configuration, which has not been possible before. This endpoint throws away all pending changes. This saves us from introducing a third layer of configuration files, while also adding a new feature to the existing SDN stack, where one had to tediously revert all changes one-by-one if one wanted to rollback to the running configuration. We could consider doing this automatically in the future from PDM, or at least expose it as opt-in behavior in the PDM settings. For now, in case of failures, users have to manually unlock the SDN configuration and then rollback using the following API endpoints: pvesh delete /cluster/sdn/lock --force 1 pvesh create /cluster/sdn/rollback If we want to introduce automatic rollback, implementing it this way saves us from having to manually revert every single change we make. We lock the SDN configuration only if there are no pending changes (the lock endpoint includes a flag that governs this behavior), then proceed to make our changes. If we run into any error we can be sure that only the changes we made to the SDN configuration are pending, so this enables us to safely roll back the configuration changes we made and unlock the SDN configuration. ## Changelog: v1, thanks @Stefan and @Thomas: * rebase to trixie * remove lock file from pmxcfs (just use file_get_contents, file_set_contents) * change to a domain-lock like in the ha-stack * implement rollback and locking for the fabrics network: Stefan Hanreich (5): sdn: add global lock for configuration api: add lock-secret parameter to all api calls api: add lock secret parameter to apply endpoint api: add lock and release endpoints for global configuration lock api: add rollback endpoint src/PVE/API2/Network/SDN.pm | 169 +++++++++++++++++- src/PVE/API2/Network/SDN/Controllers.pm | 21 ++- src/PVE/API2/Network/SDN/Dns.pm | 21 ++- src/PVE/API2/Network/SDN/Fabrics/Fabric.pm | 8 + .../API2/Network/SDN/Fabrics/FabricNode.pm | 9 + src/PVE/API2/Network/SDN/Ipams.pm | 21 ++- src/PVE/API2/Network/SDN/Subnets.pm | 24 ++- src/PVE/API2/Network/SDN/Vnets.pm | 21 ++- src/PVE/API2/Network/SDN/Zones.pm | 21 ++- src/PVE/Network/SDN.pm | 85 ++++++++- src/PVE/Network/SDN/Fabrics.pm | 2 + 11 files changed, 380 insertions(+), 22 deletions(-) Summary over all repositories: 11 files changed, 380 insertions(+), 22 deletions(-) -- Generated by git-murpp 0.8.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
