[pve-devel] [PATCH ha-manager 1/1] nodestate: do not write unknown node status in get_node_state

[Daniel Kral]

PVE::HA::NodeStatus->get_node_state($node) and its proxies are accessed
by many call sites with untrusted input data, e.g., migrate/relocate crm
commands, node maintenance commands, etc.

For example, if node 'node19' does not exist, and a user issues the
migrate command, 'node19' will be written to the node state and will
stay there until it is removed as a gone node (after ~60 min):

    $ ha-manager migrate vm:100 node19
    $ ha-manager status
    unable to read file '/etc/pve/nodes/node19/lrm_status'
    quorum OK
    [...]
    lrm node19 (unable to read lrm status)
    [...]

As the transition between unknown/gone and other node states are already
handled by PVE::HA::NodeStatus->update(...), remove this side effect
from get_node_state(...).

Signed-off-by: Daniel Kral <d.kral at proxmox.com>
---
 src/PVE/HA/NodeStatus.pm | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/PVE/HA/NodeStatus.pm b/src/PVE/HA/NodeStatus.pm
index e5dddf3b..381be7d0 100644
--- a/src/PVE/HA/NodeStatus.pm
+++ b/src/PVE/HA/NodeStatus.pm
@@ -33,10 +33,7 @@ my $valid_node_states = {
 sub get_node_state {
     my ($self, $node) = @_;
 
-    $self->{status}->{$node} = 'unknown'
-        if !$self->{status}->{$node};
-
-    return $self->{status}->{$node};
+    return $self->{status}->{$node} // 'unknown';
 }
 
 sub node_is_operational {
-- 
2.47.3