[pve-devel] [PATCH pve-network 3/5] api: add lock secret parameter to apply endpoint

Fri, 28 Feb 2025 05:06:30 -0800 

Committing the configuration now requires a lock on the SDN
configuration, which was not required before. This is to prevent
concurrent callers from applying the SDN configuration, while the lock
is held. If there is no lock set, then this function behaves the same
as before.

Also add the functionality to automatically release the lock after
applying the configuration, for convenience reasons.

Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com>
---
 src/PVE/API2/Network/SDN.pm | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm
index d216e48..b09a54b 100644
--- a/src/PVE/API2/Network/SDN.pm
+++ b/src/PVE/API2/Network/SDN.pm
@@ -9,7 +9,7 @@ use PVE::JSONSchema qw(get_standard_option);
 use PVE::RESTHandler;
 use PVE::RPCEnvironment;
 use PVE::SafeSyslog;
-use PVE::Tools qw(run_command);
+use PVE::Tools qw(run_command extract_param);
 use PVE::Network::SDN;
 
 use PVE::API2::Network::SDN::Controllers;
@@ -110,6 +110,15 @@ __PACKAGE__->register_method ({
     },
     parameters => {
         additionalProperties => 0,
+       properties => {
+           'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+           'release-lock' => {
+               type => 'boolean',
+               optional => 1,
+               default => 1,
+               description => 'When lock-secret has been provided and 
configuration successfully commited, release the lock automatically afterwards',
+           }
+       },
     },
     returns => {
         type => 'string',
@@ -120,7 +129,17 @@ __PACKAGE__->register_method ({
         my $rpcenv = PVE::RPCEnvironment::get();
         my $authuser = $rpcenv->get_user();
 
-       PVE::Network::SDN::commit_config();
+       my $lock_secret = extract_param($param, 'lock-secret');
+       my $release_lock = extract_param($param, 'release-lock');
+
+       PVE::Network::SDN::lock_sdn_config(
+           sub {
+               PVE::Network::SDN::commit_config();
+               PVE::Network::SDN::delete_global_lock() if $lock_secret && 
$release_lock;
+           },
+           "could not commit SDN config",
+           $lock_secret
+       );
 
         my $code = sub {
             $rpcenv->{type} = 'priv'; # to start tasks in background
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to