[pve-devel] [PATCH firewall 7/7] Display corosync rule info on localnet call

Stefan Reiter s.reiter at proxmox.com
Mon Jul 22 15:21:55 CEST 2019


If no corosync.conf exists (i.e. a standalone node), the output is left
the same.

(cherry picked from commit 5305cfad594d8aada080a6a877241ca0493c1161)
Signed-off-by: Stefan Reiter <s.reiter at proxmox.com>
---
 src/PVE/Service/pve_firewall.pm | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/PVE/Service/pve_firewall.pm b/src/PVE/Service/pve_firewall.pm
index d8e42ec..3c1254b 100755
--- a/src/PVE/Service/pve_firewall.pm
+++ b/src/PVE/Service/pve_firewall.pm
@@ -10,6 +10,7 @@ use PVE::Tools qw(dir_glob_foreach file_read_firstline);
 use PVE::ProcFSTools;
 use PVE::INotify;
 use PVE::Cluster qw(cfs_read_file);
+use PVE::Corosync;
 use PVE::RPCEnvironment;
 use PVE::CLIHandler;
 use PVE::Firewall;
@@ -264,6 +265,28 @@ __PACKAGE__->register_method ({
 	    print "using detected local_network: $localnet\n";
 	}
 
+	if (PVE::Corosync::check_conf_exists(1)) {
+	    my $corosync_conf = PVE::Cluster::cfs_read_file("corosync.conf");
+	    my $corosync_node_found = 0;
+
+	    print "\naccepting corosync traffic from/to:\n";
+
+	    PVE::Corosync::for_all_corosync_addresses($corosync_conf, undef, sub {
+		my ($node_name, $node_ip, $node_ipversion, $key) = @_;
+
+		if (!$corosync_node_found) {
+		    $corosync_node_found = 1;
+		}
+
+		$key =~ m/(?:ring|link)(\d+)_addr/;
+		print " - $node_name: $node_ip (link: $1)\n";
+	    });
+
+	    if (!$corosync_node_found) {
+		print " - no nodes found\n";
+	    }
+	}
+
 	return undef;
     }});
 
-- 
2.20.1





More information about the pve-devel mailing list