[pve-devel] [PATCH firewall 2/5] Add function to iterate all ringX_addr for all nodes
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Jul 1 14:05:10 CEST 2019
On Mon, Jul 01, 2019 at 10:49:21AM +0200, Stefan Reiter wrote:
> The sub 'for_all_corosync_addresses' iterates through all nodes in a
> passed corosync config and calls a lambda function for every ringX_addr
> on every node it finds.
>
> Signed-off-by: Stefan Reiter <s.reiter at proxmox.com>
> ---
> src/PVE/Firewall.pm | 20 ++++++++++++++++++++
> 1 file changed, 20 insertions(+)
>
> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
> index b08cea5..3a3bd11 100644
> --- a/src/PVE/Firewall.pm
> +++ b/src/PVE/Firewall.pm
> @@ -2515,6 +2515,26 @@ sub enable_host_firewall {
> ruleset_addrule($ruleset, "PVEFW-INPUT", "", "-j PVEFW-HOST-IN");
> }
>
> +sub for_all_corosync_addresses {
> + my ($corosync_conf, $lambda) = @_;
nit: while I get where this is coming from, we usually call such 'subs
passed by ref' $code or $func
> + my $nodelist = $corosync_conf->{main}->{nodelist}->{node};
my $nodelist = PVE::Corosync::nodelist($corosync_conf);
return if !defined($nodelist);
> + # iterate sorted to make rules deterministic (for change detection)
> + foreach my $node_name (sort keys %$nodelist) {
> + my $node_config = $nodelist->{$node_name};
> + foreach my $node_key (sort keys %$node_config) {
> + if ($node_key =~ /^(ring|link)\d+_addr$/) {
> + my $node_ip = $node_config->{$node_key};
this is not an ip, but an address string -> name accordingly
> + my $testip = Net::IP->new($node_ip);
why not use our IP REs here? Net::IP is only needed for CIDR support, and
Corosync only accepts plain IPs without CIDR (or hostnames)
> + $lambda->($node_name, $node_ip, $testip->version, $node_key)
> + if defined($testip);
> + }
> + }
> + }
> +}
> +
> sub generate_group_rules {
> my ($ruleset, $cluster_conf, $group, $ipversion) = @_;
>
> --
> 2.20.1
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list