-bridge.patch
@@ -0,0 +1,49 @@
+From e4c6c2ace429d34ed0cda21fe4a08c67a7047d67 Mon Sep 17 00:00:00 2001
+From: Alexandre Derumier
+Date: Mon, 1 Apr 2019 09:17:11 +0200
+Subject: [PATCH pve-network 1/2] allow vlan subinterface in a vlan-aware
+ bridge
+
+for stacked/qinq vlan, it's perfectly fine to have a vlan
---
Makefile | 2 +-
debian/changelog | 6 ++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 91cb755..4d749be 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
PACKAGE=ifupdown2
-VER=1.2.2
+VER=1.2.5
PKGREL=1+pvetest1
SRCDIR=ifupdown2
bug introduce is commit
https://git.proxmox.com/?p=ifupdown2.git;a=commit;h=b58be4449b3a009ba8324e3f414f2355fcf94c06
We don't stop/start interface on config change,
but only apply changes. (to avoid stop/start bridge as we don't track tap/veth)
---
debian/patches/pve/0001-config-tuning.patch |
please update ifupdown2 mirror to 1.2.5-1
Alexandre Derumier (4):
ifupdown2 : bump to 1.2.5
config: keep ifreload_down_changed=0
allow vlan subinterface in vlan aware bridge
bridge up : skip tap|veth|fwpr
Makefile | 2 +-
debian/changelog
add something common like read_vm_config($node), with $node
optional)
- Mail original -
De: "dietmar"
À: "pve-devel" , "aderumier"
Envoyé: Vendredi 5 Avril 2019 06:21:15
Objet: applied: [pve-devel] [PATCH pve-network 2/2] vnetplugin: on_delet
plugin: on_delete_hook
: verify if vnet exist in vm && ct
applied, few questions inline - i am not really happy with this patch.
> On 04 April 2019 at 16:12 Alexandre Derumier wrote:
>
>
> ---
> PVE/API2/Network/Network.pm | 3 +-
> PVE/Network/Network/VnetPlugin.pm | 58
to generate and reload config
accross the nodes
> On 04 April 2019 at 12:16 Stoiko Ivanov wrote:
>
>
> On Thu, 4 Apr 2019 11:57:38 +0200 (CEST)
> Alexandre DERUMIER wrote:
>
> > > But how does it work ? who is currently listening for changes in
> > > pmx
---
PVE/API2/Network/Network.pm | 3 +-
PVE/Network/Network/VnetPlugin.pm | 58 +++
2 files changed, 60 insertions(+), 1 deletion(-)
diff --git a/PVE/API2/Network/Network.pm b/PVE/API2/Network/Network.pm
index 7a8b299..6ea8fe2 100644
---
and use it with ifupdown2 alias.
---
PVE/Network/Network/VlanPlugin.pm | 2 ++
PVE/Network/Network/VnetPlugin.pm | 6 +++---
PVE/Network/Network/VxlanMulticastPlugin.pm | 2 ++
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/PVE/Network/Network/VlanPlugin.pm
> But how does it work ? who is currently listening for changes in pmxcfs ?
> (through inotify?)
>>This is low-level C-code inside pmxcfs (corosync). Please not that INotify
>>does not work at all
>>on /etc/pve/ - instead, we use versions numbers to track changes (see
>>/etc/pve/.version).
ok
>>So the idea is to detect network.cfg changes inside pmxcfs, and if we detect
>>changes
>>do a network reload.
>>
>>That way we can apply the config without an additional daemon - sounds good.
Sound good. (so we can do changes in network.cfg.tmp, still have the test
button(api call to each
---
PVE/Network/Network/VnetPlugin.pm | 9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/PVE/Network/Network/VnetPlugin.pm
b/PVE/Network/Network/VnetPlugin.pm
index c2a4020..a1d49a7 100644
--- a/PVE/Network/Network/VnetPlugin.pm
+++ b/PVE/Network/Network/VnetPlugin.pm
Alexandre Derumier (5):
vnetplugin: make tag && transportzone non optional
vxlanmulticast plugin : make uplink-id && multicast addres non
optional
vlanplugin : make uplink-id non optional
add on_delete_hook
add on_update_hook
PVE/API2/Network/Network.pm
---
PVE/Network/Network/VxlanMulticastPlugin.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/PVE/Network/Network/VxlanMulticastPlugin.pm
b/PVE/Network/Network/VxlanMulticastPlugin.pm
index bcdc133..99383e5 100644
--- a/PVE/Network/Network/VxlanMulticastPlugin.pm
+++
do nothing for now
---
PVE/API2/Network/Network.pm | 10 --
PVE/Network/Network/Plugin.pm | 6 ++
PVE/Network/Network/VlanPlugin.pm | 8
PVE/Network/Network/VnetPlugin.pm | 6 ++
---
PVE/Network/Network/VlanPlugin.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/Network/Network/VlanPlugin.pm
b/PVE/Network/Network/VlanPlugin.pm
index fd53617..6a84f71 100644
--- a/PVE/Network/Network/VlanPlugin.pm
+++ b/PVE/Network/Network/VlanPlugin.pm
@@ -47,7
empty for now
---
PVE/API2/Network/Network.pm | 6 ++
PVE/Network/Network/Plugin.pm | 6 ++
PVE/Network/Network/VlanPlugin.pm | 6 ++
PVE/Network/Network/VnetPlugin.pm | 6 ++
PVE/Network/Network/VxlanMulticastPlugin.pm | 6 ++
> What do you mean by locally assigned ? manually with ip command ?
> because it's be overwritten by network service restart/reload. (if the
> interface is define in /etc/network/interfaces)
>>So you are sure that ifupdown2 can verify a network config on a remote node?
I don't think we can
forgot to add them in last patches
---
PVE/API2/Network/Network.pm | 236
PVE/Network/Network.pm | 64
2 files changed, 300 insertions(+)
create mode 100644 PVE/API2/Network/Network.pm
create mode 100644 PVE/Network/Network.pm
> >>Even when it has such option, it would need access to the local node? (to
> >>see what interfaces exists, ...).
> Yes, that's why my last proposition what to have a of local copy
> configuration to /etc/pve/. (to be able to test with only 1api call, without
> calling each node)
>>My
forgot to add them in last patches
---
PVE/API2/Network/Network.pm | 236
PVE/Network/Network.pm | 64
2 files changed, 300 insertions(+)
create mode 100644 PVE/API2/Network/Network.pm
create mode 100644 PVE/Network/Network.pm
---
test/generateconfig.pl | 31 +--
1 file changed, 21 insertions(+), 10 deletions(-)
diff --git a/test/generateconfig.pl b/test/generateconfig.pl
index 3279838..cf55192 100644
--- a/test/generateconfig.pl
+++ b/test/generateconfig.pl
@@ -3,14 +3,15 @@ use warnings;
---
data/PVE/Cluster.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 1d8ac85..05864da 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -90,6 +90,7 @@ my $observed = {
'ha/fence.cfg' => 1,
'status.cfg' => 1,
---
PVE/API2/Cluster.pm | 7 +++
1 file changed, 7 insertions(+)
diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index c72a075b..649b5859 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -23,6 +23,7 @@ use PVE::Firewall;
use PVE::API2::Firewall::Cluster;
use
changelog v3:
merge cluster && vnet api paths to
/cluster/network
changelog V2:
change api paths to
/cluster/network/transport
/cluster/network/vnet
Alexandre Derumier (1):
api2 : cluster: add network
PVE/API2/Cluster.pm | 7 +++
1 file changed, 7 insertions(+)
--
---
src/PVE/INotify.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index d1c563f..fe6cad8 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -1049,7 +1049,7 @@ sub __read_etc_network_interfaces {
} else {
---
src/PVE/INotify.pm | 4
1 file changed, 4 insertions(+)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index 0dae177..70c34b1 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -914,6 +914,10 @@ sub __read_etc_network_interfaces {
my $f = { method => $3 }; #
---
src/PVE/INotify.pm | 29 -
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index fe6cad8..0dae177 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -955,6 +955,8 @@ sub __read_etc_network_interfaces {
fix me : fix parsing of vnet(\d+) different than other plugins
---
src/PVE/JSONSchema.pm | 18 ++
1 file changed, 18 insertions(+)
diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index f0fc2aa..1b45398 100644
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@
changelog v5:
jsonschema : merge pve-transport-id && pve-vnet-id to pve-network-id
changelog v4:
add pve-net-id in jsonschema for network vnet api
changelog v3:
add pve-transport-id in jsonschema for network transport api
Alexandre Derumier (5):
INotify : add uplink-id option
INoti
uplink-id is an integer
it's used to abstract the interface name (could be different on differents
hosts)
and map it to a transportzone.
uplink-id is only allowed on physical interfaces (bond,eth,vlan)
as it's used for traffic to external
example:
auto eth0
iface eth0 inet manual
config is now merged in /etc/pve/networks.cfg
Vnet is a Plugin
---
PVE/API2/Makefile | 4 -
PVE/API2/Network/Makefile | 2 +-
PVE/API2/Network/Transport.pm | 235 -
PVE/API2/Network/Vnet.pm
vnet1
...
So yes, I can merge both files.
/etc/pve/network/vnet.cfg ? /etc/pve/network.cfg ?
- Mail original -
De: "dietmar"
À: "pve-devel" , "Alexandre Derumier"
Envoyé: Mercredi 3 Avril 2019 06:28:51
Objet: applied: [pve-devel] [PATCH pve-netwo
>>I is still unclear to me how you do those tests? AFAIK, ifreload does not
>>have a --dry-run option.
with ifupdown2, ifreload -a --no-act.
(+ tests with our currrent read_networt_interface code)
>>Even when it has such option, it would need access to the local node? (to see
>>what interfaces
/cluster/network/vnet
/cluster/network/transport
---
PVE/API2/Makefile | 3 +++
PVE/API2/NetworkConfig.pm | 62 +++
2 files changed, 65 insertions(+)
create mode 100644 PVE/API2/NetworkConfig.pm
diff --git a/PVE/API2/Makefile
changelog V2:
change api paths to
/cluster/network/transport
/cluster/network/vnet
Alexandre Derumier (1):
api2 : cluster: add network
PVE/API2/Cluster.pm | 7 +++
1 file changed, 7 insertions(+)
--
2.11.0
___
pve-devel mailing list
pve
---
PVE/API2/Network/Transport.pm | 32 +++---
PVE/Network/Makefile | 6 ++--
PVE/Network/Transport.pm | 12
PVE/Network/Transport/Makefile | 9 ++
PVE/Network/{ =>
also for now, use classic sectionconfig format
vnet: vnet1
ipv4 10.0.0.1
ipv6 2a03:2880:f003:c07:face:b00c::2
mtu 1500
tag 2
vnet: vnet2
ipv6 2a03:2880:f003:c07:face:b00c::2
name network2
tag 3
transportzone vlanzone1
---
---
src/PVE/JSONSchema.pm | 16
1 file changed, 16 insertions(+)
diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index f0fc2aa..1ef3b96 100644
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@ -79,6 +79,11 @@ register_standard_option('pve-storage-id', {
---
src/PVE/INotify.pm | 4
1 file changed, 4 insertions(+)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index 0dae177..70c34b1 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -914,6 +914,10 @@ sub __read_etc_network_interfaces {
my $f = { method => $3 }; #
add vnet api
reorganize plugins to Network/Transport aa Network/Vnet
Alexandre Derumier (3):
add vnet api
move transport plugins to Network/Transport/
api2: add networkconfig
PVE/API2/Makefile | 3 +
PVE/API2/Network/Makefile
---
PVE/API2/Cluster.pm | 7 +++
1 file changed, 7 insertions(+)
diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index c72a075b..71b5071d 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -23,6 +23,7 @@ use PVE::Firewall;
use PVE::API2::Firewall::Cluster;
use
---
src/PVE/INotify.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index d1c563f..fe6cad8 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -1049,7 +1049,7 @@ sub __read_etc_network_interfaces {
} else {
---
src/PVE/INotify.pm | 29 -
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index fe6cad8..0dae177 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -955,6 +955,8 @@ sub __read_etc_network_interfaces {
uplink-id is an integer
it's used to abstract the interface name (could be different on differents
hosts)
and map it to a transportzone.
uplink-id is only allowed on physical interfaces (bond,eth,vlan)
as it's used for traffic to external
example:
auto eth0
iface eth0 inet manual
---
src/PVE/JSONSchema.pm | 16
1 file changed, 16 insertions(+)
diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index 1ef3b96..4b0e273 100644
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@ -84,6 +84,11 @@ register_standard_option('pve-transport-id', {
changelog v4:
add pve-net-id in jsonschema for network vnet api
changelog v3:
add pve-transport-id in jsonschema for network transport api
Alexandre Derumier (6):
INotify : add uplink-id option
INotify : add vnet as bridge type
INotify: add vrf support
INotify: check duplicate
---
src/PVE/INotify.pm | 29 -
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index fe6cad8..0dae177 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -955,6 +955,8 @@ sub __read_etc_network_interfaces {
---
PVE/API2.pm | 6 ++
1 file changed, 6 insertions(+)
diff --git a/PVE/API2.pm b/PVE/API2.pm
index 38baf133..ec8150bd 100644
--- a/PVE/API2.pm
+++ b/PVE/API2.pm
@@ -15,6 +15,7 @@ use PVE::API2::Nodes;
use PVE::API2::Pool;
use PVE::API2::AccessControl;
use PVE::API2::Storage::Config;
---
src/PVE/JSONSchema.pm | 16
1 file changed, 16 insertions(+)
diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index f0fc2aa..1ef3b96 100644
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@ -79,6 +79,11 @@ register_standard_option('pve-storage-id', {
---
src/PVE/INotify.pm | 4
1 file changed, 4 insertions(+)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index 0dae177..70c34b1 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -914,6 +914,10 @@ sub __read_etc_network_interfaces {
my $f = { method => $3 }; #
---
src/PVE/INotify.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index d1c563f..fe6cad8 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -1049,7 +1049,7 @@ sub __read_etc_network_interfaces {
} else {
- Add a small fix on vlanplugin vlan-aware option
- Implement network transport api
Alexandre Derumier (2):
vlanplugin : fix vlan-aware option
add network transport api
PVE/API2/Makefile | 5 +
PVE/API2/Network/Makefile | 8 ++
PVE/API2/Network/Transport.pm
---
PVE/Network/VlanPlugin.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/Network/VlanPlugin.pm b/PVE/Network/VlanPlugin.pm
index a349890..6f76f18 100644
--- a/PVE/Network/VlanPlugin.pm
+++ b/PVE/Network/VlanPlugin.pm
@@ -85,7 +85,7 @@ sub generate_network_config {
changelog:
add pve-transport-id in jsonschema for network transport api
Alexandre Derumier (5):
INotify : add uplink-id option
INotify : add vnet as bridge type
INotify: add vrf support
INotify: check duplicate interface name by family
jsonschema : add pve-transport-id
src/PVE
Needed by pve-network transport api
Alexandre Derumier (1):
api2: add network/transport api
PVE/API2.pm | 6 ++
1 file changed, 6 insertions(+)
--
2.11.0
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin
---
PVE/API2/Makefile | 5 +
PVE/API2/Network/Makefile | 8 ++
PVE/API2/Network/Transport.pm | 235
PVE/Makefile| 1 +
PVE/Network/Plugin.pm | 9 +-
PVE/Network/Transport.pm
uplink-id is an integer
it's used to abstract the interface name (could be different on differents
hosts)
and map it to a transportzone.
uplink-id is only allowed on physical interfaces (bond,eth,vlan)
as it's used for traffic to external
example:
auto eth0
iface eth0 inet manual
pve-devel] [PATCH v6 qemu-server 2/3] add QemuMigrateExternal.pm
The VM created in the 'prepare' sub never gets deleted if it fails there
already. Cleanup only happens for phases 1, 2 and 3.
On 4/1/19 7:26 AM, Alexandre DERUMIER wrote:
>>> oh, and this all lacks a bit of cleanups o
ok, update status to ok.
So, user can wait some seconds, and check the status of nodes at datacenter
level.
Seem to be simplier. What do you think about this ?
- Mail original -
De: "Alexandre Derumier"
À: "dietmar"
Cc: "pve-devel"
Envoyé: Lu
ply change, and report error in his status file.
if ok, update status to ok.
So, user can wait some seconds, and check the status of nodes at datacenter
level.
Seem to be simplier. What do you think about this ?
- Mail original -
De: "Alexandre Derumier"
À: "dietma
dation, and apply config.
Then the local deamon will try to apply config when node is up again.
In case of error, It'll report it through his status file.
- Mail original -
De: "dietmar"
À: "Alexandre Derumier" , "pve-devel"
Envoyé: Lundi 1 Avril 2019 12:00:13
Objet
for the review)
- Mail original -
De: "Thomas Lamprecht"
À: "aderumier"
Cc: "pve-devel"
Envoyé: Lundi 1 Avril 2019 07:45:45
Objet: Re: [pve-devel] [PATCH v6 qemu-server 2/3] add QemuMigrateExternal.pm
On 4/1/19 6:55 AM, Alexandre DERUMIER wrote:
>>> I
by default,
if all local daemon verify version are ok (matching the vnet.cfg.),
enable the apply button.
Then on apply,
mv /etc/pve/networks/vnet.cfg. /etc/pve/networks/vnet.cfg
and local node apply with new config and reload network
- Mail original -
De: "Alexandre Derumie
>>Can't we simply add a manual "apply" button for now?
Yes, I have thinked a little bit more about it.
But I really would like to have some kind of verification before apply.
>>Just by using backup config files:
>>
>>vnet.cfg.new
>>vnet.cfg
I'm not sure, as we could apply the change, the
mier"
Envoyé: Samedi 30 Mars 2019 17:31:46
Objet: Re: [pve-devel] [PATCH v6 qemu-server 2/3] add QemuMigrateExternal.pm
On 2/20/19 1:22 AM, Alexandre Derumier wrote:
> ---
> PVE/Makefile | 1 +
> PVE/QemuMigrateExternal.pm | 872
> +
>
--- Mail original -
De: "Thomas Lamprecht"
À: "pve-devel" , "aderumier"
Envoyé: Samedi 30 Mars 2019 17:27:09
Objet: Re: [pve-devel] [PATCH v6 qemu-server 2/3] add QemuMigrateExternal.pm
On 2/20/19 1:22 AM, Alexandre Derumier wrote:
> ---
> PVE/Makefile |
Hi,
I have thinked about a way to generate config and reload it to differents nodes
"
make changes in /etc/pve/network/*.cfg
at datacenter level, network panel , click button ->verify config,
this create a
/etc/pve/nodes//.networkconfigstatus for all nodes (with something like
vlan-protocol is on vlan interface, better to always define it
Signed-off-by: Alexandre Derumier
---
PVE/Network/VlanPlugin.pm | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/PVE/Network/VlanPlugin.pm b/PVE/Network/VlanPlugin.pm
index 0bd43fe..cbeecf6 100644
--- a/PVE
easier to debug if verification fail after
Signed-off-by: Alexandre Derumier
---
test/generateconfig.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/generateconfig.pl b/test/generateconfig.pl
index afc8fa8..0f96584 100644
--- a/test/generateconfig.pl
+++ b/test
Signed-off-by: Alexandre Derumier
---
src/PVE/INotify.pm | 29 -
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index fe6cad8..0dae177 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -955,6 +955,8
and remove verification of existing vlan interface in VlanPlugin.
(we do all verifications later reusing INotify read/write interfaces)
Signed-off-by: Alexandre Derumier
---
PVE/Network/VlanPlugin.pm | 4 +---
PVE/Network/VxlanMulticastPlugin.pm | 2 +-
test/generateconfig.pl
Signed-off-by: Alexandre Derumier
---
src/PVE/INotify.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index d1c563f..fe6cad8 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -1049,7 +1049,7 @@ sub
uplink-id 1
Signed-off-by: Alexandre Derumier
---
src/PVE/INotify.pm | 18 +-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index c52d992..d1c563f 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -954,6 +954,7 @@ sub
- vlan-protocol need to be defined on vlan interface, not bridge
- remove check from duplicate interface in vlan plugin,
and do it in INotify read network interfaces. (patch sent for in pve-common)
Alexandre Derumier (3):
vlanplugin: define vlan interface and fix vlan-protocol
Signed-off-by: Alexandre Derumier
---
src/PVE/INotify.pm | 4
1 file changed, 4 insertions(+)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index 0dae177..70c34b1 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -914,6 +914,10 @@ sub __read_etc_network_interfaces
and other network apis into this package later ?
A test file is provided to generate configuration, reload is not yet
implemented.
I'm still looking how to handle error on local node, and how/where to apply it
(new daemon ?)
Alexandre Derumier (6):
initial package commit
add transport
uplink-id 1
Signed-off-by: Alexandre Derumier
---
src/PVE/INotify.pm | 18 +-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index c52d992..d1c563f 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -954,6 +954,7 @@ sub
/etc/pve/network/transports.cfg
vlan: vlanzone1
uplink-id 1
vlan-aware 1
vlan-allowed 2-4,6,10
vlan-protocol 802.1ad
vlan: vlanzone2
uplink-id 2
vlan-aware 1
Signed-off-by: Alexandre Derumier
---
PVE/Network/VlanPlugin.pm | 94
Signed-off-by: Alexandre Derumier
---
Makefile | 54
PVE/Makefile | 3 +++
PVE/Network/Makefile | 4
debian/changelog | 6 ++
debian/compat| 1 +
debian/control | 20
/etc/pve/network/transports.cfg
vxlanmulticast: vxlanmulticastzone1
uplink-id 1
multicast-address 225.20.21.1
vxlan-allowed 4-5
Signed-off-by: Alexandre Derumier
---
PVE/Network/VxlanMulticastPlugin.pm | 85
Signed-off-by: Alexandre Derumier
---
src/PVE/INotify.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
index d1c563f..fe6cad8 100644
--- a/src/PVE/INotify.pm
+++ b/src/PVE/INotify.pm
@@ -1049,7 +1049,7 @@ sub
:
transportzone vlanzone1
tag 3
name network2
ipv6 2a03:2880:f003:c07:face:b00c::2
vnet3:
transportzone vxlanmulticastzone1
tag 10
name network3
mtu 1400
Signed-off-by: Alexandre Derumier
---
PVE/Network/Vnet.pm | 94
used to generate network configuration for differents kind of plugins
(vlan,vxlan)
Signed-off-by: Alexandre Derumier
---
PVE/Network/Plugin.pm | 96 +++
1 file changed, 96 insertions(+)
create mode 100644 PVE/Network/Plugin.pm
diff --git
generate /etc/network/interfaces.d/vnet
reloading is not yet implemented
Signed-off-by: Alexandre Derumier
---
test/generateconfig.pl | 95 ++
1 file changed, 95 insertions(+)
create mode 100644 test/generateconfig.pl
diff --git a/test
Signed-off-by: Alexandre Derumier
---
data/PVE/Cluster.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 1d8ac85..a41c20e 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -90,6 +90,8 @@ my $observed = {
'ha/fence.cfg' =>
>>I think this would be great.
ok thanks !
>>I suggest we start with simple setups, then test and extend the code and
>>models ...
yes, I'll first works on vlan, this is the simple part
then extend it to vxlan l2
and then on vxlan l3 (with routing and vrf), where it's more complex.
and last,
Hi Dietmar,
some news:
I'm still working on it, but after some discussions with my co-workers using a
lot vmware and students at last training,
I have some changes for proposal.
1)
in /etc/network/interfaces, don't use "transport-zone" as name for option,
but use "uplink", this is the name in
>>BTW, are you sure that's it's only limiting logging ? What happen on an
>>ACCEPT log for example ?
sorry, respond to my myself, it's only applied on -j LOG, so it's ok.
- Mail original -
De: "aderumier"
À: "pve-devel"
Envoyé: Mardi 19 Mars 2019 16:09:56
Objet: Re: [pve-devel]
Hi,
Nice work !
Could we have an option to disable rate limit or configure it (host option for
example)
The patch change the current behaviour on default vm log action, where we don't
have limit currently.
(and I really need to log all dropped/reject)
BTW, are you sure that's it's only
gzilla.proxmox.com/show_bug.cgi?id=2130
it's a simple config with the wrong multicast macaddress.
- Mail original -
De: "Wolfgang Bumiller"
À: "Alexandre Derumier"
Cc: "pve-devel"
Envoyé: Mardi 12 Mars 2019 08:55:30
Objet: Re: [pve-devel] proxmox
t;XC:" (for X =~ /A-F0-9/))?
Indeed, odd number in second nibble don't work (1,3,5,7,...,F)
- Mail original -
De: "Stoiko Ivanov"
À: "aderumier"
Cc: "pve-devel"
Envoyé: Lundi 11 Mars 2019 20:45:30
Objet: Re: [pve-devel] proxmox training week :
ot;aderumier"
Cc: "pve-devel"
Envoyé: Lundi 11 Mars 2019 20:45:30
Objet: Re: [pve-devel] proxmox training week : error starting lxc with network
interface
On Mon, 11 Mar 2019 20:17:27 +0100 (CET)
Alexandre DERUMIER wrote:
> >>hm - could be related to multicast mac-a
ard to find/unexpected (I had luck
in choosing the correct logline to search for).
We could consider checking for this when the prefix is set in
datacenter.cfg?
Thanks for reporting!
[0]https://lists.linuxcontainers.org/pipermail/lxc-users/2010-August/000783.html
[1]https://en.wikipedia.org/
Ok found the problem,
I had setup a mac address prefix in datacenter:
AF:BB
and it seem to not work with lxc (qemu is fine)
- Mail original -
De: "aderumier"
À: "pve-devel"
Envoyé: Lundi 11 Mars 2019 17:36:03
Objet: [pve-devel] proxmox training week : error starting lxc with
Hi,
We are doing some tests in this training week,
and I have a bug never seen before with lxc container, when a network interface
is present in ct
root@kvmformation1:~# pveversion -v
proxmox-ve: 5.3-1 (running kernel: 4.15.18-11-pve)
pve-manager: 5.3-11 (running version: 5.3-11/d4907f84)
This implemented arp filtering if ipfilter is enable
https://bugzilla.proxmox.com/show_bug.cgi?id=2125
They are another filters possible (ipv4,rarp),
i don't known if we need them.
Signed-off-by: Alexandre Derumier
---
src/PVE/Firewall.pm | 38 +-
1 file
- split the layer2_protocols change in separate commit
Alexandre Derumier (2):
ebtables: add arp filtering
ebtables: test layer2_protocols in an external chain
src/PVE/Firewall.pm | 50 +-
1 file changed, 41 insertions(+), 9 deletions
We need the not matching DROP outside the main tapchain,
in a specific proto chain, and a ACCEPT in the main tap chain.
Signed-off-by: Alexandre Derumier
---
src/PVE/Firewall.pm | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE
our comments, and send a V2 monday
- Mail original -
De: "Wolfgang Bumiller"
À: "aderumier"
Cc: "pve-devel"
Envoyé: Vendredi 8 Mars 2019 10:25:22
Objet: Re: [pve-devel] [PATCH pve-firewall] ebtables: add arp filtering
On Fri, Mar 08, 2
701 - 800 of 6079 matches
Mail list logo