[pve-devel] applied: [PATCH access-control v3 2/2] add realm-sync plugin for jobs and CRUD api for realm-sync-jobs

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Jun 7 10:38:00 CEST 2023


Am 17/01/2023 um 12:46 schrieb Dominik Csapak:
> to be able to define automated jobs that sync ldap/ad
> 
> The jobs plugin contains special handling when no node is given, since
> we only want it to run on a single node when that triggers. For that,
> we save a statefile in /etc/pve/priv/jobs/ which contains the
> node/time/upid of the node that runs the job. The first node that
> is able to lock the realm (via cfs_lock_domain) "wins" and may
> sync from the ldap.
> 
> in case a specific node was selected, this is omitted and the Jobs
> handling will not let it run on other nodes anyway
> 
> the API part is our usual sectionconfig CRUD api, but specialized
> for the specific type of job.
> 
> the api will be at /cluster/jobs/realm-sync
> (this must be done in pve-manager)
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  src/PVE/API2/AccessControl/Makefile     |   6 +
>  src/PVE/API2/AccessControl/RealmSync.pm | 292 ++++++++++++++++++++++++
>  src/PVE/API2/Makefile                   |   4 +
>  src/PVE/Jobs/Makefile                   |   6 +
>  src/PVE/Jobs/RealmSync.pm               | 201 ++++++++++++++++
>  src/PVE/Makefile                        |   1 +
>  6 files changed, 510 insertions(+)
>  create mode 100644 src/PVE/API2/AccessControl/Makefile
>  create mode 100644 src/PVE/API2/AccessControl/RealmSync.pm
>  create mode 100644 src/PVE/Jobs/Makefile
>  create mode 100644 src/PVE/Jobs/RealmSync.pm
> 
>

applied, moving the API from AccessControl namespace to Jobs one, as it's confusing
if it's located in PVE::API2::AccessControl::, but isn't mounted there.

Some small code/import cleanups thrown in, thanks!





More information about the pve-devel mailing list