## Introduction This patch series lays the groundwork for the Proxmox Datacenter Manager SDN/EVPN integration on the Proxmox VE side by introducing global locking for the SDN configuration. It is intended to be used by the PDM implementation to prevent concurrent changes to the SDN configuration, while the datacenter manager is making configuration changes.
## How it works This patch series adds three new API calls: * POST /cluster/sdn/lock * DELETE /cluster/sdn/lock * POST /cluster/sdn/rollback The SDN configuration can be locked by invoking the lock endpoint, which returns a lock-secret when the configuration has been locked successfully. This lock-secret needs to be used for subsequent API calls that perform configuration changes. For this purpose, a new parameter has been added to all SDN API endpoints that perform configuration changes. If the lock is currently set, then API callers have to provide the lock-secret in order for the API endpoints to work. If there is no global lock set, then the endpoints work the same as before. The lock-secret is stored in a new file in the pmxcfs: `/etc/pve/sdn/.lock`. The lock can be released automatically on applying, where I added a flag that governs whether the global lock should automatically be released on applying the configuration. Otherwise the lock can always be removed by the release endpoint, which has a force flag for forcibly releasing the lock without providing the secret. In order to provide an escape hatch in the case of errors on the PDM side, I added the functionality of rolling back to the current running configuration, which has not been possible before. This endpoint throws away all pending changes. This saves us from introducing a third layer of configuration files, while also adding a new feature to the existing SDN stack, where one had to tediously revert all changes one-by-one if one wanted to rollback to the running configuration. We could consider doing this automatically in the future from PDM, or at least expose it as opt-in behavior in the PDM settings. For now, in case of failures, users have to manually unlock the SDN configuration and then rollback using the following API endpoints: pvesh delete /cluster/sdn/lock --force 1 pvesh create /cluster/sdn/rollback If we want to introduce automatic rollback, implementing it this way saves us from having to manually revert every single change we make. We lock the SDN configuration only if there are no pending changes (the lock endpoint includes a flag that governs this behavior), then proceed to make our changes. If we run into any error we can be sure that only the changes we made to the SDN configuration are pending, so this enables us to safely roll back the configuration changes we made and unlock the SDN configuration. The existing lock_sdn_config function locked the running configuration file. For backwards compatibility reasons, I left it this way. For Proxmox VE 9 we should consider moving this to a domain-lock, as for instance done in the HA stack. ## Dependencies * pve-network depends on pve-cluster pve-cluster: Stefan Hanreich (1): cfs: add 'sdn/.lock' file src/PVE/Cluster.pm | 1 + src/pmxcfs/status.c | 1 + 2 files changed, 2 insertions(+) pve-network: Stefan Hanreich (5): sdn: add global lock for configuration api: add lock-secret parameter to all api calls api: add lock secret parameter to apply endpoint api: add lock and release endpoints for global configuration lock api: add rollback endpoint src/PVE/API2/Network/SDN.pm | 153 +++++++++++++++++++++++- src/PVE/API2/Network/SDN/Controllers.pm | 18 ++- src/PVE/API2/Network/SDN/Dns.pm | 18 ++- src/PVE/API2/Network/SDN/Ipams.pm | 18 ++- src/PVE/API2/Network/SDN/Subnets.pm | 19 ++- src/PVE/API2/Network/SDN/Vnets.pm | 18 ++- src/PVE/API2/Network/SDN/Zones.pm | 18 ++- src/PVE/Network/SDN.pm | 75 +++++++++++- 8 files changed, 303 insertions(+), 34 deletions(-) Summary over all repositories: 10 files changed, 305 insertions(+), 34 deletions(-) -- Generated by git-murpp 0.8.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
