Add basic Vlan tag support

[wcarty]

Can you add VLAN tag support when creating a new node?

[dsieradzki]

Yes, sure. In one week or earlier I should create this feature.

[dsieradzki]

Unfortunately, the feature has to be delayed.
Adding an extra field and passing the VLAN tag to vm creation is not a problem. The problem is that Makoon communicates with VM using ssh, when the VM is in another vlan, Makoon cannot reach it via SSH. In that scenario, you have to have routing defined in your network to give the ability to Makoon to connect vms in every vlan.

My second idea is to execute commands via qemu-agent but this requires doing a custom clout-init to install packages on start because Proxmox doesn't support specifying required packages in cloud-init via GUI/API.

[wcarty]

Hello

The api supports setting the vlan id.

GET /api2/json/nodes/{node}/qemu/{vmid}/config to fetch the current vnic config
PUT /api2/json/nodes/{node}/qemu/{vmid}/config to update the new vnic config with vlan tag

[dsieradzki]

Yes, that's true, but after I create vm with tag, Makoon cannot connect to it because vm is in another network unless you have some routing to reach vms between vlans. After creation Makoon cannot connect via ssh and do the rest of setup.
Putting vlan after setup also doesn't make sense because cluster will be not manageable by Makoon too.

[wcarty]

Another option if your calling the proxmox qm through ssh you can do something like

qm set $VMID --net0 virtio,bridge=${NET_BRIDGE}${VLAN:+,tag=$VLAN}

If everything is configured correctly, Makoon can connect to the virtual machines over ssh. I was able to change the VLAN's manually and was able to connect just fine.

In my case Makon was on Vlan 7 and the vm's were on vlan 6.

[dsieradzki]

As I said, setting vlan is not a problem, I can do this during vm creation via API. Btw, I don't want to couple the app with ssh to proxmox, this is a security issue, I'm trying to do everything via API - but it's not the case for now.

Maybe you have created routing between vlans, I want to do a solution that is not dependent on your network config that's why I'm not convinced with that. And that's why I'm doing experiments with qemu-agent which is also not perfect.

I will think about doing in the first iteration only adding vlan tag and warning the user to ensure connectivity between VLANs, but I need to change my router because mine doesn't have vlan support and I cannot configure the connection between vlans.

[wcarty]

I understand your concerns about ssh. In my case, routing is already established between VLANs, so if we can set it using an API call then I think it would be preferred.