From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [pve-network 1/1] ipam: move mac-cache.db to unprivileged sdn/ subdirectory
Date: Mon, 18 Nov 2024 21:55:37 +0100 [thread overview]
Message-ID: <20241118205537.3136251-3-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20241118205537.3136251-1-s.ivanov@proxmox.com>
follows commit:
0f48bc6 ("ipam: move state file of PVE plugin over to common sdn directory")
as far as reasoning goes, and also closely code-wise (if only to make
the clean-up with PVE 9.0 a bit more straight-forward):
files in priv/ are sensitive in the sense that access there can be
used to hijack (external systems) - the mac-cache can be kept next to
the remaining sdn-config.
minimally tested on my machine.
depends on the pve-cluster commit sent with this.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PVE/Network/SDN/Ipams.pm | 29 +++++++++++++++++++++++++++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/src/PVE/Network/SDN/Ipams.pm b/src/PVE/Network/SDN/Ipams.pm
index 926df90..c689b8f 100644
--- a/src/PVE/Network/SDN/Ipams.pm
+++ b/src/PVE/Network/SDN/Ipams.pm
@@ -20,9 +20,34 @@ PVE::Network::SDN::Ipams::NetboxPlugin->register();
PVE::Network::SDN::Ipams::PhpIpamPlugin->register();
PVE::Network::SDN::Ipams::Plugin->init();
-my $macdb_filename = 'priv/macs.db';
+my $macdb_filename = "sdn/mac-cache.json";
+my $macdb_filename_legacy = 'priv/macs.db';
+
+cfs_register_file(
+ $macdb_filename,
+ sub {
+ my ($filename , $data) = @_;
+ if (defined($data)) {
+ return json_reader($filename, $data);
+ } else {
+ # TODO: remove legacy cache file handling with PVE 9+ after ensuring all call sites got
+ # switched over.
+ return cfs_read_file($macdb_filename_legacy);
+ }
+ },
+ sub {
+ my ($filename , $data) = @_;
+ # TODO: remove below with PVE 9+, add a pve8to9 check to allow doing so.
+ if (-e $macdb_filename_legacy && -e $macdb_filename) {
+ # only clean-up if we succeeded to write the new path at least once
+ unlink $macdb_filename_legacy or $!{ENOENT} or warn "failed to unlink legacy MAC cache - $!\n";
+ }
+ return json_writer->($filename, $data);
+ }
+);
-cfs_register_file($macdb_filename, \&json_reader, \&json_writer);
+# drop reading $macdb_filename_legacy with PVE 9+ - for now do not write it anymore.
+cfs_register_file($macdb_filename_legacy, \&json_reader, undef);
sub json_reader {
my ($filename, $data) = @_;
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-11-18 20:55 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-18 20:55 [pve-devel] [pve-cluster/pve-network] move macs.db from priv/ to sdn/ Stoiko Ivanov
2024-11-18 20:55 ` [pve-devel] [PATCH cluster 1/1] cfs: add 'sdn/mac-cache.json' to observed files Stoiko Ivanov
2024-11-18 20:55 ` Stoiko Ivanov [this message]
2024-11-18 21:22 ` [pve-devel] applied: [pve-cluster/pve-network] move macs.db from priv/ to sdn/ Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241118205537.3136251-3-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.