[pve-devel] [PATCH network v3 3/5] api: add lock token parameter to apply endpoint

[Gabriel Goller]

From: Stefan Hanreich <s.hanreich at proxmox.com>

Committing the configuration now requires a lock on the SDN
configuration, which was not required before. This is to prevent
concurrent callers from applying the SDN configuration, while the lock
is held. If there is no lock set, then this function behaves the same
as before.

Also add the functionality to automatically release the lock after
applying the configuration, for convenience reasons.

Co-authored-by: Gabriel Goller <g.goller at proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
 src/PVE/API2/Network/SDN.pm | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm
index 6645f28b5de1..924c9e4b31a2 100644
--- a/src/PVE/API2/Network/SDN.pm
+++ b/src/PVE/API2/Network/SDN.pm
@@ -9,7 +9,7 @@ use PVE::JSONSchema qw(get_standard_option);
 use PVE::RESTHandler;
 use PVE::RPCEnvironment;
 use PVE::SafeSyslog;
-use PVE::Tools qw(run_command);
+use PVE::Tools qw(run_command extract_param);
 use PVE::Network::SDN;
 
 use PVE::API2::Network::SDN::Controllers;
@@ -126,6 +126,16 @@ __PACKAGE__->register_method({
     },
     parameters => {
         additionalProperties => 0,
+        properties => {
+            'lock-token' => get_standard_option('pve-sdn-lock-token'),
+            'release-lock' => {
+                type => 'boolean',
+                optional => 1,
+                default => 1,
+                description =>
+                    'When lock-token has been provided and configuration successfully commited, release the lock automatically afterwards',
+            },
+        },
     },
     returns => {
         type => 'string',
@@ -136,10 +146,24 @@ __PACKAGE__->register_method({
         my $rpcenv = PVE::RPCEnvironment::get();
         my $authuser = $rpcenv->get_user();
 
-        my $previous_config_has_frr = PVE::Network::SDN::running_config_has_frr();
-        PVE::Network::SDN::commit_config();
+        my $lock_token = extract_param($param, 'lock-token');
+        my $release_lock = extract_param($param, 'release-lock');
+
+        my $previous_config_has_frr;
+        my $new_config_has_frr;
+
+        PVE::Network::SDN::lock_sdn_config(
+            sub {
+                $previous_config_has_frr = PVE::Network::SDN::running_config_has_frr();
+                PVE::Network::SDN::commit_config();
+                $new_config_has_frr = PVE::Network::SDN::running_config_has_frr();
+
+                PVE::Network::SDN::delete_global_lock() if $lock_token && $release_lock;
+            },
+            "could not commit SDN config",
+            $lock_token,
+        );
 
-        my $new_config_has_frr = PVE::Network::SDN::running_config_has_frr();
         my $skip_frr = !($previous_config_has_frr || $new_config_has_frr);
 
         my $code = sub {
-- 
2.39.5