[pve-devel] [PATCH network v2 5/5] api: add rollback endpoint

[Gabriel Goller]

From: Stefan Hanreich <s.hanreich at proxmox.com>

This adds the functionality of rolling back the pending configuration
to the currently running configuration, resetting all changes made
since last applying the SDN configuration. This is mainly thought as
an escape hatch for failed PDM transactions.

You can invoke the endpoint via CLI:

  pvesh create /cluster/sdn/rollback [--lock-secret X [--release-lock]]

If a lock is currently held on the configuration and you want to
forcibly rollback, you need to release the lock first via the
lock_release API endpoint.

Co-authored-by: Gabriel Goller <g.goller at proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
 src/PVE/API2/Network/SDN.pm | 57 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm
index 692dec8718f7..16f92a4ee758 100644
--- a/src/PVE/API2/Network/SDN.pm
+++ b/src/PVE/API2/Network/SDN.pm
@@ -197,7 +197,62 @@ __PACKAGE__->register_method({
     },
 });
 
-__PACKAGE__->register_method ({
+__PACKAGE__->register_method({
+    name => 'rollback',
+    protected => 1,
+    path => 'rollback',
+    method => 'POST',
+    description => "Rollback pending changes to SDN configuration",
+    permissions => {
+        check => ['perm', '/sdn', ['SDN.Allocate']],
+    },
+    parameters => {
+        additionalProperties => 0,
+        properties => {
+            'lock-secret' => get_standard_option('pve-sdn-lock-secret'),
+            'release-lock' => {
+                type => 'boolean',
+                optional => 1,
+                default => 1,
+                description =>
+                    'When lock-secret has been provided and configuration successfully rollbacked, release the lock automatically afterwards',
+            },
+        },
+    },
+    returns => {
+        type => 'null',
+    },
+    code => sub {
+        my ($param) = @_;
+
+        my $lock_secret = extract_param($param, 'lock-secret');
+        my $release_lock = extract_param($param, 'release-lock');
+
+        my $rollback = sub {
+            my $running_config = PVE::Network::SDN::running_config();
+
+            PVE::Network::SDN::Zones::write_config($running_config->{zones});
+            PVE::Network::SDN::Vnets::write_config($running_config->{vnets});
+            PVE::Network::SDN::Subnets::write_config($running_config->{subnets});
+            PVE::Network::SDN::Controllers::write_config($running_config->{controllers});
+
+            # if the config hasn't yet been applied after the introduction of
+            # fabrics then the key does not exist in the running config so we
+            # default to an empty hash
+            my $fabrics_config = $running_config->{fabrics}->{ids} // {};
+            my $parsed_fabrics_config = PVE::RS::SDN::Fabrics->running_config($fabrics_config);
+            PVE::Network::SDN::Fabrics::write_config($parsed_fabrics_config);
+
+            PVE::Network::SDN::delete_global_lock() if $lock_secret && $release_lock;
+        };
+
+        PVE::Network::SDN::lock_sdn_config(
+            $rollback, "could not rollback SDN configuration", $lock_secret,
+        );
+    },
+});
+
+__PACKAGE__->register_method({
     name => 'reload',
     protected => 1,
     path => '',
-- 
2.39.5