[pve-devel] [PATCH v2 pve-firewall 5/5] update: read config twice at 1second interval

[Alexandre Derumier]

We want to be sure that all configs (cluster,host,vmconfig,vmdata) don't have change during an update,
to have consistency.
---
 debian/control      | 1 +
 src/PVE/Firewall.pm | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/debian/control b/debian/control
index 2a92b16..c28353e 100644
--- a/debian/control
+++ b/debian/control
@@ -20,6 +20,7 @@ Depends: ebtables,
          iptables,
          libpve-access-control,
          libpve-common-perl,
+         libdata-compare-perl,
          lsb-base,
          pve-cluster,
          ${misc:Depends},
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index f738dba..be448c9 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -4,6 +4,7 @@ use warnings;
 use strict;
 use POSIX;
 use Data::Dumper;
+use Data::Compare;
 use Digest::SHA;
 use Socket qw(AF_INET6 inet_ntop inet_pton);
 use PVE::INotify;
@@ -4204,6 +4205,14 @@ sub update {
         return if !PVE::Cluster::check_cfs_is_mounted(1);
 
 	my ($cluster_conf, $hostfw_conf, $vmdata, $vmfw_configs) = read_config();
+	sleep 1;
+	my ($cluster_conf2, $hostfw_conf2, $vmdata2, $vmfw_configs2) = read_config();
+
+	if (!Compare($cluster_conf, $cluster_conf) || !Compare($hostfw_conf, $hostfw_conf) || 
+	    !Compare($vmdata, $vmdata2) || !Compare($vmfw_configs, $vmfw_configs2)) {
+	    syslog(info => "Can't update. Rules have changed during update");
+	    return;
+	}
 
 	my $cluster_options = $cluster_conf->{options};
 
-- 
2.11.0