[pve-devel] [PATCH v2 pve-firewall 0/5] improve update

Tim Marx t.marx at proxmox.com
Wed Jan 30 13:07:54 CET 2019 

Hi,

I reviewed it already, but as Thomas pointed out we would like to add the FW configs to the observed files and then access them with the cfs_{read,write}_file methods exclusively. It turned out that this can't be done without a bigger rework of the whole FW config stack.
Therefore it will take a little longer than originally expected, it's on my todo list, but please don't expect it to be done next week. I will keep you updated anyway.

You could take a look into the pve-ha-manager->PVE->HA->Config.pm
There are some usage examples for cfs_{read,write}_file methods.
(Just as info, because you asked for examples)

> Alexandre DERUMIER <aderumier at odiso.com> hat am 30. Januar 2019 um 11:31 geschrieben:
> 
> 
> Hi,
> 
> did you have time to review/improve it ?
> 
> Alexandre
> 
> ----- Mail original -----
> De: "Tim Marx" <t.marx at proxmox.com>
> À: "pve-devel" <pve-devel at pve.proxmox.com>, "aderumier" <aderumier at odiso.com>
> Envoyé: Lundi 14 Janvier 2019 14:41:04
> Objet: Re: [pve-devel] [PATCH v2 pve-firewall 0/5] improve update
> 
> Thanks for the v2, just to let you know, I'll go through your patches this week and probably adjust them, as Thomas suggested in his response, anyway I will keep you up to date. 
> Thanks! 
> 
> > Alexandre Derumier <aderumier at odiso.com> hat am 14. Januar 2019 um 10:15 geschrieben: 
> > 
> > 
> > This patch improve firewall update. 
> > We want to be sure that an update of a config file don't happen 
> > when update is running or pmxcfs is reloaded when firewall update is running. 
> > 
> > Changelog v2: 
> > - use noerr in PVE::Cluster::check_cfs_is_mounted 
> > - split read_config from compile 
> > - on update, read all configs twice at 1second interval, and compare values 
> > to be sure of consistency 
> > 
> > Alexandre Derumier (5): 
> > don't update if /etc/pve is not mounted 
> > remove_pvefw_chains_iptables : don't commit if rules are already 
> > removed. 
> > add syslog on pvefw chains removal 
> > split read_configuration from compile sub 
> > update: read config twice at 1second interval 
> > 
> > debian/control | 1 + 
> > src/PVE/Firewall.pm | 39 ++++++++++++++++++++++++++++++++------- 
> > src/PVE/Service/pve_firewall.pm | 10 ++++++---- 
> > src/pvefw-logger.c | 6 ++++-- 
> > test/fwtester.pl | 3 ++- 
> > 5 files changed, 45 insertions(+), 14 deletions(-) 
> > 
> > -- 
> > 2.11.0 
> > 
> > _______________________________________________ 
> > pve-devel mailing list 
> > pve-devel at pve.proxmox.com 
> > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
> 
> Best Regards, 
> Tim Marx 
> t.marx at proxmox.com 
> https://www.proxmox.com 
> _______________________________________________ 
> 
> Proxmox Server Solutions GmbH 
> Bräuhausgasse 37, 1050 Vienna 
> Austria Commercial register no.: FN 258879 f 
> Registration office: Handelsgericht Wien 
> 
>

More information about the pve-devel mailing list