bond + vlan + webinterface = no?

[mo_]

Hello,

Im setting up a proxmox system here in a (so I thought) regular way:
4 physical network interfaces. 1 unused, 1 for management, 2 configured as a bond, heres the /etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.5.5.100
netmask 255.255.255.0
gateway 10.5.5.1

iface eth1 inet manual

iface eth2 inet manual

auto eth3
iface eth3 inet manual

auto bond0
iface bond0 inet manual
slaves eth1 eth2
bond_miimon 100
bond_mode balance-rr

auto vlan11
iface vlan11 inet manual
vlan_raw_device bond0

auto vlan14
iface vlan14 inet manual
vlan_raw_device bond0

#this one was just a test:
auto bond0.13
iface bond0.13 inet manual
vlan_raw_device bond0

iface vmbr0 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0

The problem is that neither vlanX nor bondX.Y devices get listed on the webinterface and looking through the source code of the webinterface, when trying to add interfaces to bridges, it allows:
ethX, ethX.Y, bondX but nothing else.

So. Neither can I see the vlan interfaces in the webinterface, nor can I add them to bridges through the webinterface. I know full well how to do all this in the console, but I actually wanted to do it through the webinterface to not need to give a book full of commands to people when they want to add VEs.

When doing it manually, I have to use the vethX network mode from what Ive figured so far to be able to add that interface to the bridge containing the VE-interface and the vlan-interface.
The problem with that is that for every VE youre getting another interface which makes ifconfig display tons of interfaces i dont actually want to see. Is there a way to hide these interfaces - without hacking my own ifconfig binary? or to set up the networking differently that doesnt need veth devices?

one thing is given tho: I will NOT do the vlan configuration inside the VEs, setting up those is supposed to be easy and fast, meaning theyre only ever going to have an eth0 device and thats it (well.. and the venet0 management thing of course).

 

[dietmar]

So. Neither can I see the vlan interfaces in the webinterface, nor can I add them to bridges through the webinterface.

Because you can simply add them without creating them first.

 

[mo_]

like.. add them to bridges? like I said, the bridge adding thing only accepts very special interface names, and bondX.Y isnt among them (like I posted). i mean I could edit the source code of the webinterface, but that doesnt seem like the proper way to go since I would consider this a bug / oversight that might want to get fixed.

 

[dietmar]

like.. add them to bridges? like I said, the bridge adding thing only accepts very special interface names, and bondX.Y isnt among them (like I posted).

Ah - seems that is not implemented.

i mean I could edit the source code of the webinterface, but that doesnt seem like the proper way to go...

Well, you can implement and test it - and then contribute that code.

 

[mo_]

I dont know the proper channels to contribute stuff, but heres the original file section:

/usr/share/pve-manager/root/system/index.htm
Starting at line 162

if ($port =~ m/^eth\d+$/ && defined ($ifaces->{$port})) {
           $ifaces->{$iface}->{'bridge_ports'}->{$port} = 1;
           my $nif = { type => 'manual', autostart => 0 };
           $ifaces->{$port} = merge_ifdata ($ifaces->{$port}, $nif);
         } elsif ($port =~ m/^(eth\d+)\.\d+$/ && defined ($ifaces->{$1})) {
           $ifaces->{$iface}->{'bridge_ports'}->{$port} = 1;
         } elsif ($port =~ m/^bond\d+$/ && defined ($ifaces->{$port})) {
           $ifaces->{$iface}->{'bridge_ports'}->{$port} = 1;
           my $nif = { type => 'manual', autostart => 1 };
           $ifaces->{$port} = merge_ifdata ($ifaces->{$port}, $nif);
         } else {
           die "unable to bridge device '$port'\n";
         }

and I just inflated that section a bit, to look like this:

if ($port =~ m/^eth\d+$/ && defined ($ifaces->{$port})) {
           $ifaces->{$iface}->{'bridge_ports'}->{$port} = 1;
           my $nif = { type => 'manual', autostart => 0 };
           $ifaces->{$port} = merge_ifdata ($ifaces->{$port}, $nif);
         } elsif ($port =~ m/^(eth\d+)\.\d+$/ && defined ($ifaces->{$1})) {
           $ifaces->{$iface}->{'bridge_ports'}->{$port} = 1;
         #--- BEGIN ADDITION ---
         } elsif ($port =~ m/^(bond\d+)\.\d+$/ && defined ($ifaces->{$1})) {
           $ifaces->{$iface}->{'bridge_ports'}->{$port} = 1;
         } elsif ($port =~ m/^(veth\d+)\.\d+$/) { #these interfaces arent listed in /etc/network/interfaces so I had to remove the defined-check
           $ifaces->{$iface}->{'bridge_ports'}->{$port} = 1;
         } elsif ($port =~ m/^(vlan\d+)$/ && defined ($ifaces->{$1})) {
           $ifaces->{$iface}->{'bridge_ports'}->{$port} = 1;
         #--- END ADDITION ---
         } elsif ($port =~ m/^bond\d+$/ && defined ($ifaces->{$port})) {
           $ifaces->{$iface}->{'bridge_ports'}->{$port} = 1;
           my $nif = { type => 'manual', autostart => 1 };
           $ifaces->{$port} = merge_ifdata ($ifaces->{$port}, $nif);
         } else {
            die "unable to bridge device '$port'. Supported device names are: eth.X ,bond.X and vethX.Z as well as vlan devices named ethX.Y, vlanY or bondX.Y\ where X can be any positive integer <4096 and Y,Z single digits.n"; #because the original error doesnt really help you out.

         }

the ONLY thing this does is allow you to add ethernet devices named bondX.Y and vlanX to bridges. it will NOT make these devices show up in the interface list of the webinterface, because
a) technically I cant really read perl scripts (yet?), so sadly,I dont really understand the internal workings there (I know how to read code and find the interesting places though ), and
b) it would make the interface list pretty long, I dont think one would want this

With this addition, setting up the networking for a VE would work like this:

1. Does the host already have a vlan interface for the vlan you want the VE to connect to?
2. • If no: add the following to /etc/network/interfaces :
     

     auto bond0.100
     iface bond0.100 inet manual
             vlan_raw_device bond0
     auto vmbr100
     iface vmbr100 inet manual
             bridge_ports bond0.100
             bridge_stp off
             bridge_fd 0

     You can replace all occurrences of bond0.100 with whatever name your vlan interface is supposed to be. could either be ethX.[V] or vlan[V] or if you use vlans over a bond like me, keep it as bondX.[V] where [V] is the vlan ID.
     
     
   • If yes, continue below
3. There is a chance that the webinterface will still show vmbr100 without any slave devices after this. If that's the case manually add it through the webinterface which is quite likely to shuffle around the contents of /etc/network/interfaces without changing the actual information stored within.
4. Now the network interface list in the System menu should show a vmbr100 interface with one slave device
5. Create the VE, make sure to select Bridged Ethernet (veth) as the network type, VENET WILL NOT WORK and you cant change this (through the webinterface anyway) after creating the VE
6. Start the VE. This is required because openvz will only create the veth device on the host system when you run the VE.
7. If you have selected vmbr100 in the network section while creating the VE, "brctl show" will now tell you, that the vethX device is added to the vmbr100 bridge and thus will be functional.
8. However! The webinterface will never show you this on its own and neither will it be added to /etc/network/interfaces (where the webinterface pulls its interface list from)
   So. If you WANT to see the vethX device as a slave of vmbr100 in the webinterface, you have to manually add it there (delimited by spaces), so the "Bridge Ports" field would say something like "bond0.100 veth102.0". This does not result in a change of functionality whatsoever (in this procedure anyway), it will only make the interface list look prettier