[pve-devel] [PATCH pve-network 1/5] sdn: add global lock for configuration

[Stefan Hanreich <s.hanreich@proxmox.com>]

Add a new cluster-wide lock for SDN that prevents any changes to the
configuration if the generated lock-secret is not provided. It works
by generating and storing a secret in sdn/.lock which gets checked by
lock_sdn_config on every invocation. If the lock file exists, then the
lock secret has to be supplied in order to make changes to the SDN
configuration.

This is mainly a preparation for PDM, where PDM can take the lock and
prevent concurrent modifications to the SDN configuration from other
sources, even across multiple API calls.

For now, we are still locking the running config, but we plan to
change over to using domain level locking with the next major release.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---

Notes:
    Do we have any better way of generating a random string? I didn't find a common function for this, so I repurposed code from qemu-server. Might make sense to extract this to pve-common?

 src/PVE/Network/SDN.pm | 46 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Network/SDN.pm b/src/PVE/Network/SDN.pm
index 4ac9720..3b3ea67 100644
--- a/src/PVE/Network/SDN.pm
+++ b/src/PVE/Network/SDN.pm
@@ -45,6 +45,12 @@ my $write_running_cfg = sub {
 
 PVE::Cluster::cfs_register_file($running_cfg, $parse_running_cfg, $write_running_cfg);
 
+my $LOCK_SECRET_FILE = "sdn/.lock";
+PVE::Cluster::cfs_register_file(
+    $LOCK_SECRET_FILE,
+    sub { my ($filename, $data) = @_; return $data; },
+    sub { my ($filename, $data) = @_; return $data; }
+);
 
 # improve me : move status code inside plugins ?
 
@@ -161,14 +167,50 @@ sub commit_config {
     cfs_write_file($running_cfg, $cfg);
 }
 
+sub generate_lock_secret {
+    my $min = ord('!'); # first printable ascii
+
+    my $rand_bytes = Crypt::OpenSSL::Random::random_bytes(32);
+    die "failed to generate lock secret!\n" if !$rand_bytes;
+
+    my $str = join('', map { chr((ord($_) & 0x3F) + $min) } split('', $rand_bytes));
+    return $str;
+};
+
+sub create_global_lock {
+    my $secret = generate_lock_secret();
+    PVE::Cluster::cfs_write_file($LOCK_SECRET_FILE, $secret);
+    return $secret;
+}
+
+sub delete_global_lock {
+    unlink "/etc/pve/$LOCK_SECRET_FILE" if -e "/etc/pve/$LOCK_SECRET_FILE";
+}
+
 sub lock_sdn_config {
-    my ($code, $errmsg) = @_;
+    my ($code, $errmsg, $lock_secret_user) = @_;
 
-    cfs_lock_file($running_cfg, undef, $code);
+    my $lock_wrapper = sub {
+	my $lock_secret = undef;
+	if (-e "/etc/pve/$LOCK_SECRET_FILE") {
+	    $lock_secret = cfs_read_file($LOCK_SECRET_FILE);
+	}
+
+	if (defined($lock_secret) && (!defined($lock_secret_user) || $lock_secret ne $lock_secret_user)) {
+	    die "invalid lock secret provided!";
+	}
+
+	return $code->();
+    };
+
+    # TODO: PVE 9+ change to domain lock
+    my $res = cfs_lock_file($running_cfg, undef, $lock_wrapper);
 
     if (my $err = $@) {
         $errmsg ? die "$errmsg: $err" : die $err;
     }
+
+    return $res;
 }
 
 sub get_local_vnets {
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel