From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id CD9BAA2BA9 for ; Tue, 20 Jun 2023 12:55:13 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A69D73397D for ; Tue, 20 Jun 2023 12:54:43 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 20 Jun 2023 12:54:43 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id C023241C6F for ; Tue, 20 Jun 2023 12:54:42 +0200 (CEST) From: Fiona Ebner To: pve-devel@lists.proxmox.com Date: Tue, 20 Jun 2023 12:54:37 +0200 Message-Id: <20230620105438.121605-9-f.ebner@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230620105438.121605-1-f.ebner@proxmox.com> References: <20230620105438.121605-1-f.ebner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.046 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH v2 manager 1/2] api: nodes: allow setting HA shutdown policy during shutdown/reboot X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2023 10:55:13 -0000 Increases flexibility/user-friendliness. In the edge case that an override is already present, but the user doesn't have Sys.Modify privilege, just proceed with the existing override. Could in principle happen when the requests from a privileged user with a policy and an unprivileged user without a policy arrive at the same time. Suggested-by: Thomas Lamprecht Signed-off-by: Fiona Ebner --- (Build-)dependency bump for libpve-cluster-perl needed. Changes in v2: * Also check for Sys.Modify privilege when parameter is specified. PVE/API2/Nodes.pm | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm index 9269694d..b8f0c6ce 100644 --- a/PVE/API2/Nodes.pm +++ b/PVE/API2/Nodes.pm @@ -8,7 +8,7 @@ use Digest::SHA; use Filesys::Df; use HTTP::Status qw(:constants); use JSON; -use POSIX qw(LONG_MAX); +use POSIX qw(ENOENT LONG_MAX); use Time::Local qw(timegm_nocheck); use Socket; use IO::Socket::SSL; @@ -544,6 +544,7 @@ __PACKAGE__->register_method({ method => 'POST', permissions => { check => ['perm', '/nodes/{node}', [ 'Sys.PowerMgmt' ]], + description => "The 'shutdown-policy' parameter additionally requires 'Sys.Modify'.", }, protected => 1, description => "Reboot or shutdown a node.", @@ -557,12 +558,27 @@ __PACKAGE__->register_method({ type => 'string', enum => [qw(reboot shutdown)], }, + 'shutdown-policy' => get_standard_option('pve-ha-shutdown-policy', { optional => 1 }), }, }, returns => { type => "null" }, code => sub { my ($param) = @_; + my $rpcenv = PVE::RPCEnvironment::get(); + my $user = $rpcenv->get_user(); + my $node = $param->{node}; + + my $sp_override_fn = '/run/pve-ha-lrm/shutdown-policy.local-override'; + + if ($param->{'shutdown-policy'}) { + $rpcenv->check($user, "/nodes/$node", ['Sys.Modify']); + eval { PVE::Tools::file_set_contents($sp_override_fn, $param->{'shutdown-policy'}); }; + die "could not write shutdown policy override to $sp_override_fn - $@" if $@; + } elsif (-e $sp_override_fn && $rpcenv->check($user, "/nodes/$node", ['Sys.Modify'], 1)) { + unlink $sp_override_fn or die "unable to remove $sp_override_fn - $!"; + } + if ($param->{command} eq 'reboot') { system ("(sleep 2;/sbin/reboot)&"); } elsif ($param->{command} eq 'shutdown') { -- 2.39.2