[pve-devel] [PATCH firewall 2/5] Add function to iterate all ringX_addr for all nodes
Stefan Reiter
s.reiter at proxmox.com
Mon Jul 1 10:49:21 CEST 2019
The sub 'for_all_corosync_addresses' iterates through all nodes in a
passed corosync config and calls a lambda function for every ringX_addr
on every node it finds.
Signed-off-by: Stefan Reiter <s.reiter at proxmox.com>
---
src/PVE/Firewall.pm | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index b08cea5..3a3bd11 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2515,6 +2515,26 @@ sub enable_host_firewall {
ruleset_addrule($ruleset, "PVEFW-INPUT", "", "-j PVEFW-HOST-IN");
}
+sub for_all_corosync_addresses {
+ my ($corosync_conf, $lambda) = @_;
+
+ my $nodelist = $corosync_conf->{main}->{nodelist}->{node};
+
+ # iterate sorted to make rules deterministic (for change detection)
+ foreach my $node_name (sort keys %$nodelist) {
+ my $node_config = $nodelist->{$node_name};
+ foreach my $node_key (sort keys %$node_config) {
+ if ($node_key =~ /^(ring|link)\d+_addr$/) {
+ my $node_ip = $node_config->{$node_key};
+ my $testip = Net::IP->new($node_ip);
+
+ $lambda->($node_name, $node_ip, $testip->version, $node_key)
+ if defined($testip);
+ }
+ }
+ }
+}
+
sub generate_group_rules {
my ($ruleset, $cluster_conf, $group, $ipversion) = @_;
--
2.20.1
More information about the pve-devel
mailing list