5
0
mirror of git://git.proxmox.com/git/pve-network.git synced 2025-01-06 17:18:00 +03:00
Commit Graph

110 Commits

Author SHA1 Message Date
Stefan Lendl
23e7fe3197 sdn: dnsmasq: extract function that generates the ethers file path
Extracted to a function so it can be mocked in tests.

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Max Carrara <m.carrara@proxmox.com>
Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com>
Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
2024-04-08 17:57:18 +02:00
Stefan Lendl
cac88dfa47 dns: dnsmasq: extract function to systemctl command.
systemctl_service() is a wrapper around PVE::Tools::run_command to allow
mocking the systemctl interactions in tests.

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Max Carrara <m.carrara@proxmox.com>
Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com>
Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
2024-04-08 17:57:18 +02:00
Stefan Lendl
2f37fddc0e sdn: zones: extract function that reads datacenter config
The datacenter_config() functions in SDN::Zones::Plugin is a simple
wrapper that reads datacenter.cfg via cfs.
This allows mocking datacenter.cfg in tests.

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Max Carrara <m.carrara@proxmox.com>
Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com>
Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
2024-04-08 17:57:18 +02:00
Stefan Hanreich
27b54a086b sdn: dhcp: rollback allocated ips on failure
If DHCP is configured for IPv4 and IPv6, failing to obtain an IPv6 IP
does not roll back the allocation made for IPv4. This patch rolls back
any changes made in case of failure, so that IP allocation is actually
atomic.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Reviewed-by: Stefan Lendl <s.lendl@proxmox.com>
Tested-by: Stefan Lendl <s.lendl@proxmox.com>
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
2024-04-08 17:57:18 +02:00
Stefan Hanreich
c60a7dc432 sdn: dhcp: only consider subnets that have dhcp-range configured
If DHCP is enabled on a zone with subnets, but no subnet has a
dhcp-range configured, then starting a VM will fail because no IP can
be allocated. This patch fixes this by only considering subnets that
have a dhcp-range configured and only failing if there is at least one
subnet with a dhcp-range configured.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Reviewed-by: Stefan Lendl <s.lendl@proxmox.com>
Tested-by: Stefan Lendl <s.lendl@proxmox.com>
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
2024-04-08 17:57:18 +02:00
Stefan Lendl
5fd3da139b sdn: dhcp: request both IPv4 and IPv6 addresses on VM start
If previously an IP was allocated in the IPAM, but a new subnet added
for the other IP version, we need to allocate an IP in the new subnet.

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com>
Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
2024-04-08 17:57:18 +02:00
Stefan Lendl
e06301af3a sdn: dhcp: get next free ip for a specific IP version
Specify the IP version (4|6) for which an IP shall be requested from the IPAM.

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com>
Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
2024-04-08 17:57:18 +02:00
Stefan Lendl
1b37d31170 tests: run tests in sbuild
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Max Carrara <m.carrara@proxmox.com>
Tested-By: Stefan Hanreich <s.hanreich@proxmox.com>
2024-04-04 16:50:08 +02:00
Stefan Lendl
1c3f1a7ed9 tests: mocking more functions to avoid system access
previously extracted functions are now mocked in the zone tests

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Max Carrara <m.carrara@proxmox.com>
Tested-By: Stefan Hanreich <s.hanreich@proxmox.com>
2024-04-04 16:50:08 +02:00
Stefan Lendl
96d7d81d6c evpn: extract read_local_frr_config
to allow mocking local fs access

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Max Carrara <m.carrara@proxmox.com>
Tested-By: Stefan Hanreich <s.hanreich@proxmox.com>
2024-04-04 16:50:08 +02:00
Stefan Lendl
d06ee817a7 controllers: extract read_etc_network_interfaces
to allow mocking local fs access

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Max Carrara <m.carrara@proxmox.com>
Tested-By: Stefan Hanreich <s.hanreich@proxmox.com>
2024-04-04 16:50:08 +02:00
Thomas Lamprecht
ddd3d0f726 test: run through perltidy
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-22 10:08:31 +01:00
Stefan Hanreich
74dcbe9c08 sdn: powerdns: fix counting records of existing rrset
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
2024-03-05 06:26:23 +01:00
Stefan Hanreich
2ca78c7556 sdn: powerdns: remove priority from tests
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
2024-03-05 06:26:23 +01:00
Thomas Lamprecht
e92b11a2e5 dns: style and code clean-up powerdns plugin
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-04 17:07:36 +01:00
Stefan Hanreich
244fb03d3a fix #5275: remove priority field from powerdns
Since v3.4.2 the priority field has been removed and since v4.9 they
are actively rejected by PowerDNS. Stop sending this field in order to
make the PowerDNS plugin work with versions >= 4.9 again. [1]

[1] https://doc.powerdns.com/authoritative/upgrading.html#api-changes

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
2024-03-04 15:47:57 +01:00
Alexandre Derumier
b18b34aad5 ipam: netbox : fix ip_is_gateway
Originally-by: Jasper Yu <007seadog@gmail.com>
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-02-20 15:06:09 +01:00
Thomas Lamprecht
7343076a62 ipam: whitespace/indentation clean ups
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-02-20 14:40:00 +01:00
Alexandre Derumier
e4e8158722 ipam: phpipam: add_range_next_freeip
Currently is not possible in phpipam to search in specific range,
fallback to full subnet search

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-02-20 14:40:00 +01:00
Alexandre Derumier
9e65d5f597 ipam: phpipam: add get_ip_from_mac error handling
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-02-20 14:40:00 +01:00
Alexandre Derumier
f38c18f7af ipam: phpipam: add subnet create error handling
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-02-20 14:39:45 +01:00
Alexandre Derumier
b906257d4a ipams : add_next_freeip : return ip not cidr
we want same result than add_next_free_range

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-01-22 12:06:55 +01:00
Alexandre Derumier
6e96fd3314 sdn: prefer proxy from datacenter.cfg for api calls
We only setup proxies from the environment previously, but also check
the one configured in the cluster-wide datacenter.cfg and prefer that
over anything else.

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-01-22 12:05:40 +01:00
Thomas Lamprecht
9f4525c350 sdn: code & indentation cleanup
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-01-22 12:05:34 +01:00
Alexandre Derumier
d7d1181ed5 controllers: evpn: fix null routes order && ipv6
- don't duplicate ip
- ipv6 use "ipv6 route"
- order correctly

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-01-22 11:57:37 +01:00
Alexandre Derumier
dbacff605f controllers: evpn: frr config cleanup
Some values have been reordered in last version

- bump version to 8.5.2
- move no bgp graceful-restart notification
- move neighbor VTEP activate

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-01-22 11:57:37 +01:00
Alexandre Derumier
e614da43f1 controllers: evpn: bugfix: use prefix-list in route-map instead evpn match
"match evpn" in route-map is broken since 8.5.0
https://github.com/FRRouting/frr/issues/14419

the patch
272c6d5db1
is converting type-2 && type-5 evpn routes to prefix-prefix.
(fixing prefix-list not working previously, but breaking "match evpn")

So, simply use prefix-list now, as "match epvn" was a workaround anyway.

reported on the forum, where user have routing loop between the 2 exit-nodes:
https://forum.proxmox.com/threads/sdn-with-evpn-controller-routing-loop-when-using-multiple-exit-nodes.137362/

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-01-22 11:57:37 +01:00
Alexandre Derumier
b5471f5a2f controllers: evpn: add ipv6 prefix-list support
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2024-01-22 11:57:37 +01:00
Thomas Lamprecht
764dba5033 tests: zone: code cleanup
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-29 12:48:24 +01:00
Thomas Lamprecht
1ed61845d4 tests: zone: include error if test interfaces file cannot be opened
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-29 12:48:24 +01:00
Thomas Lamprecht
1e289d2303 controllers: die if opening network interface config fails
we should not continue in that case..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-29 12:48:24 +01:00
Thomas Lamprecht
a0216bf276 controllers: fix interfacing with read_etc_network_interfaces
While not used currently in the parser, passing 1 as file name still
makes no sense, and we might want to rework that in general, as why
does this have to use the non-inotify read path and manually open the
file.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-29 12:48:24 +01:00
Thomas Lamprecht
677e12cacf tests: zones: output any unexpected error as diagnostic
really helps debugging things..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-29 12:48:24 +01:00
Stefan Lendl
af7e542ad7 tests: mocking cfs_lock_file to pass subnet tests
IPAM tries to lock file in clusterfs which it can't when testing as
non-root.

Mocking cfs_lock_file to emulate locking behavior.

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
2023-11-29 11:09:57 +01:00
Stefan Hanreich
24ab59e0af dhcp: dnsmasq: untaint when deleting configuration files
The current invocation is quite unsafe and triggers the taint mode of
Perl that is enabled for our API daemons, but not pvesh used on
cluster-wide apply.
Replacing it with dir_glob_foreach solves those issues.

Reported-By: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-29 11:04:37 +01:00
Stefan Hanreich
2664f29575 api: vnet: fix warning in vnet API
If zone is not set, we also check the pending changes for a zone key,
since it is set as pending when the Vnet settings have not yet been
applied.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
2023-11-29 10:54:37 +01:00
Stefan Hanreich
fb97ed300a validation: add support for arrays to change tracking
This is needed so dhcp-ranges are properly displayed as changed in the
web UI.

Also took the chance to properly indent the encode_value function with
our indentation scheme.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Tested-by: Hannes Duerr <h.duerr@proxmox.com>
2023-11-29 10:28:26 +01:00
Thomas Lamprecht
0558f26d2e dhcp dnsmasq: suppress warning too if dhcp is not configured
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-23 12:11:41 +01:00
Thomas Lamprecht
bed9fbc246 dhcp dnsmasq: guard die with zone having enabled dhcp
as stop-gap

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-11-23 12:03:00 +01:00
Thomas Lamprecht
d4a671e3f7 dnsmasq: drop no-resolve for default config
for a better default user experience make dnsmasq always answer to DNS
requests, we can add a more sophisticated logic later.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-23 11:30:02 +01:00
Thomas Lamprecht
a3c114c0ef controller: evpn reload: use log_warn to cause a task-warning
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-22 19:49:04 +01:00
Stefan Hanreich
2c298fa1f8 dnsmasq: check for existence of dnsmasq binary
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
2023-11-22 19:45:52 +01:00
Alexandre Derumier
708b2f40ce Fix #4917: evpn: forbid vlan-aware bridge
Do it on vnet update instead throwing a warning at config generation.

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2023-11-22 19:45:52 +01:00
Stefan Lendl
4a675ba3a3 sdn: allow deletion of empty subnet with gateway
If the gateway IP is last remaining IP in the subnet (in IPAM), allow
deleting the subnet.

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
2023-11-22 15:24:41 +01:00
Wolfgang Bumiller
2a17e5f323 dnsmasq: use quite-ra
otherwise each instance logs its RAs every 10 seconds the journal

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-11-22 14:37:39 +01:00
Wolfgang Bumiller
f9497f55e8 install dnsmasq@.service snippet
To
- start after networking.service (in order to make sure ifupdown has
  created all the interfaces before dnsmasq tries to find them via the
  'interfaces=' lines.
- drop the 'Requires=network.target' since it is not a *provider* of
  that target

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-11-22 14:37:39 +01:00
Stefan Lendl
d4938d7aa3 sdn: validate dhcp-range in API
* start- and end-addresses must be valid IPs
* must both be in the subnet's CIDR
* and start needs to smaller (or equal) to end

Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
2023-11-22 14:37:32 +01:00
Stefan Hanreich
fb045d8c75 ipam: improve update / delete behavior
Currently when updating or deleting a mapping in the IPAM we would
delete all existing entries in the IPAM with that mac address. Now we
only delete the specific entry we are updating / deleting.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
2023-11-22 14:14:29 +01:00
Thomas Lamprecht
5469161c13 subnets: avoid nested post-if in eval
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-22 14:08:00 +01:00
Stefan Hanreich
5aea20cd5b subnets: only delete macs.db entries if mac is available
When removing a gateway do not attempt to delete its entry from
macs.db since we do not have anything cached for the gateway anyway.

Reported-By: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
2023-11-22 14:05:08 +01:00