[pve-devel] [RFC firewall 3/3] use IPCC to read FW files if the are backed by pmxcfs

[Thomas Lamprecht]

This allows us to profit from the IPCC pmxcfs restart mechanisms,
which will block this call for the grace period (~10 seconds) and
transparently try to reconnect to the IPCC interface of pmxcfs, if a
restart is detected..

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
 src/PVE/Firewall.pm | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 72d5a69..4dfb7cc 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2801,21 +2801,27 @@ sub parse_alias {
 sub generic_fw_config_parser {
     my ($filename, $cluster_conf, $empty_conf, $rule_env) = @_;
 
-    my $fh = IO::File->new($filename, O_RDONLY);
-    return {} if !$fh;
-
     my $section;
     my $group;
 
     my $res = $empty_conf;
 
-    while (defined(my $line = <$fh>)) {
+    my $raw;
+    if ($filename =~ m!^/etc/pve/(.*)$!) {
+	$raw = PVE::Cluster::get_config($1);
+    } else {
+	$raw = eval { PVE::Tools::file_get_contents($filename) }; # ignore errors
+    }
+    return {} if !$raw;
+
+    my $linenr = 0;
+    while ($raw =~ /^\h*(.*?)\h*$/gm) {
+	my $line = $1;
+	$linenr++;
 	next if $line =~ m/^#/;
 	next if $line =~ m/^\s*$/;
-
 	chomp $line;
 
-	my $linenr = $fh->input_line_number();
 	my $prefix = "$filename (line $linenr)";
 
 	if ($empty_conf->{options} && ($line =~ m/^\[options\]$/i)) {
-- 
2.20.1