feat(network): canonical template reconciliation + CIDR-aware inventory (network epic)#98
feat(network): canonical template reconciliation + CIDR-aware inventory (network epic)#98pparage wants to merge 8 commits into
Conversation
Byte-parity with the deployer-ui TS expander; resolves gateway_template to gateway per team id. Verified by the shared expand_replication vector 03_per_team_gateway_template.
…rk-template form
Byte-parity with the deployer-ui TS expander: read cidr/bridge/gateway
templates at node level (per range42.schema.json) and render the canonical
Jinja {{ bridge_base + team_id }} form, keeping legacy {N+team_id} support.
Threads bridge_base from the document. Resolves #84 schema<->impl
divergence; verified by the shared expand_replication vector.
… regen Node Non-numeric bridge_base previously crashed the Python expander with a TypeError where the TS expander defaulted to 140; now both agree. Regenerates generated.py to include node-level gateway_template. Verified by the shared expand_replication vectors.
A host NIC's node_ref now resolves to its network node's cidr (rendering a
node-level cidr_template per team via the canonical renderer), and the host
ip is derived inside that subnet instead of the hardcoded 192.168.{bridge_base}
scheme. Precedence: explicit NIC ip > node_ref CIDR > hardcoded fallback, so
topologies without networks[] are unchanged. Honors canvas-drawn custom CIDRs.
Backend becomes the single source of resolved network values so the
_universal playbook stops recomputing them. Each host now carries
r42_ci_netmask/r42_ci_gateway/r42_net_bridge (derived from its bound network,
else the legacy 192.168.{bridge_base+team} scheme), and all.vars carries
r42_network_map (per network id + team -> resolved bridge/cidr/gateway).
Prereq for the playbook slices 4/5 (network-aware bridge create + cloud-init).
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ca063abb10
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| gateway_template: Annotated[ | ||
| str | None, | ||
| Field( | ||
| description="Gateway IP template, e.g., 192.168.{{ bridge_base + team_id }}.1 (network kind only)" | ||
| ), | ||
| ] = None |
There was a problem hiding this comment.
The new inventory path reads cidr, bridge, and gateway on network nodes (and the added tests create those topologies), but this model still has extra="forbid" and only adds gateway_template here. Since validate_project validates base docs with CatalogEntry.model_validate, any catalog that uses a static custom CIDR/gateway is reported invalid before it can be deployed; add the materialized fields to the schema alongside the templates.
Useful? React with 👍 / 👎.
…way nodes Addresses PR review (Codex + subagent): - team_count is now a global extravar so the proxmox-cli provisioning plays see it (set_fact on localhost is host-scoped). Fixes deploy-fatal undefined. - Regenerate Node to include materialized cidr/bridge/gateway (network kind), so a catalog authoring a static custom CIDR passes CatalogEntry validation (Node has extra=forbid; expand_replication also emits these fields).
|
Addressed review in 526a25b: |
Returns the raw PVE guest config (net0/net1/ipconfig*, ...) via the host token over httpx. The v1 VM list omits per-NIC detail, so the UI import flow needs this to reconstruct bridge/network edges for imported machines.
The proxmox_controller role's node-network tasks (bridge create/list) read proxmox_api_host/user/token_id/token_secret as plain vars, but deploy_trigger never provided them (generated inventory has no token) — so a live _universal deploy could not authenticate to Proxmox. Derive them from the target host (token_ref 'user!tokenid=secret') into extravars, and add the secret to the redaction tainted-set. Surfaced by live testing the network epic.
1 participant
What
Backend half of the "drawn networks actually provision" epic — makes the canvas's network definitions authoritative end-to-end. Five commits, all TDD, full overlay+core suites green (the one unrelated
test_alembicfailure is pre-existing: systemalembicon SQLAlchemy 1.x vs project 2.x).d4edbd7/673ad00— reconcileexpand_replicationto the canonical schema (fix(compose): expand_replication reads network templates from config, but canonical schema defines them node-level #84). Network templates (cidr_template/bridge_template/gateway_template) are now read at node level and rendered with the canonical Jinja{{ bridge_base + team_id }}form (legacy{N+team_id}still accepted). Byte-parity with the deployer-ui TS expander, enforced by the shared vector harness. Fixes a 3-way schema↔impl divergence (location, placeholder syntax, vlan field).b5afd2b—bridge_basenull/non-int falls back to 140 (TS parity). Caught by a Sonnet verification pass: Python crashed where TS defaulted. Also adds node-levelgateway_templateto the schema/Pydantic (it was rendered but would fail strict validation).b779a05— deriveansible_hostfrom the bound network CIDR (fix(deploy): derive inventory ansible_host from topology instead of hardcoded 192.168.x scheme #73). A host NIC'snode_refresolves to its network'scidr(per-team rendered via the same canonical renderer). Precedence: explicit NICip>node_refCIDR > legacy192.168.{bridge_base+team}fallback.ca063ab— emit per-host cloud-init net vars +r42_network_map. Backend becomes the single source of resolved network values so the_universalplaybook stops recomputing them: each host carriesr42_ci_netmask/r42_ci_gateway/r42_net_bridge;all.vars.r42_network_mapcarries per-network/per-team resolvedbridge/cidr/gateway.Companion PRs / context
r42_network_map+ the per-host ci vars (slices 4/5). It depends on this PR.devper that repo's direct-commit convention.Test
pytest tests/overlay tests/coregreen (excluding the pre-existingtest_alembicenv failure). Deployer-ui full unit suite: 539 passed.