From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
by lore.proxmox.com (Postfix) with ESMTPS id C11B81FF164
for <inbox@lore.proxmox.com>; Fri, 28 Feb 2025 14:06:36 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 458F6E0D7;
Fri, 28 Feb 2025 14:06:24 +0100 (CET)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Fri, 28 Feb 2025 14:05:45 +0100
Message-Id: <20250228130549.100357-3-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250228130549.100357-1-s.hanreich@proxmox.com>
References: <20250228130549.100357-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results: 0
AWL -0.242 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
methods
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_NONE 0.001 SPF: sender does not publish an SPF Record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information. [sdn.pm]
Subject: [pve-devel] [PATCH pve-network 1/5] sdn: add global lock for
configuration
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
Add a new cluster-wide lock for SDN that prevents any changes to the
configuration if the generated lock-secret is not provided. It works
by generating and storing a secret in sdn/.lock which gets checked by
lock_sdn_config on every invocation. If the lock file exists, then the
lock secret has to be supplied in order to make changes to the SDN
configuration.
This is mainly a preparation for PDM, where PDM can take the lock and
prevent concurrent modifications to the SDN configuration from other
sources, even across multiple API calls.
For now, we are still locking the running config, but we plan to
change over to using domain level locking with the next major release.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
Notes:
Do we have any better way of generating a random string? I didn't find a common function for this, so I repurposed code from qemu-server. Might make sense to extract this to pve-common?
src/PVE/Network/SDN.pm | 46 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 44 insertions(+), 2 deletions(-)
diff --git a/src/PVE/Network/SDN.pm b/src/PVE/Network/SDN.pm
index 4ac9720..3b3ea67 100644
--- a/src/PVE/Network/SDN.pm
+++ b/src/PVE/Network/SDN.pm
@@ -45,6 +45,12 @@ my $write_running_cfg = sub {
PVE::Cluster::cfs_register_file($running_cfg, $parse_running_cfg, $write_running_cfg);
+my $LOCK_SECRET_FILE = "sdn/.lock";
+PVE::Cluster::cfs_register_file(
+ $LOCK_SECRET_FILE,
+ sub { my ($filename, $data) = @_; return $data; },
+ sub { my ($filename, $data) = @_; return $data; }
+);
# improve me : move status code inside plugins ?
@@ -161,14 +167,50 @@ sub commit_config {
cfs_write_file($running_cfg, $cfg);
}
+sub generate_lock_secret {
+ my $min = ord('!'); # first printable ascii
+
+ my $rand_bytes = Crypt::OpenSSL::Random::random_bytes(32);
+ die "failed to generate lock secret!\n" if !$rand_bytes;
+
+ my $str = join('', map { chr((ord($_) & 0x3F) + $min) } split('', $rand_bytes));
+ return $str;
+};
+
+sub create_global_lock {
+ my $secret = generate_lock_secret();
+ PVE::Cluster::cfs_write_file($LOCK_SECRET_FILE, $secret);
+ return $secret;
+}
+
+sub delete_global_lock {
+ unlink "/etc/pve/$LOCK_SECRET_FILE" if -e "/etc/pve/$LOCK_SECRET_FILE";
+}
+
sub lock_sdn_config {
- my ($code, $errmsg) = @_;
+ my ($code, $errmsg, $lock_secret_user) = @_;
- cfs_lock_file($running_cfg, undef, $code);
+ my $lock_wrapper = sub {
+ my $lock_secret = undef;
+ if (-e "/etc/pve/$LOCK_SECRET_FILE") {
+ $lock_secret = cfs_read_file($LOCK_SECRET_FILE);
+ }
+
+ if (defined($lock_secret) && (!defined($lock_secret_user) || $lock_secret ne $lock_secret_user)) {
+ die "invalid lock secret provided!";
+ }
+
+ return $code->();
+ };
+
+ # TODO: PVE 9+ change to domain lock
+ my $res = cfs_lock_file($running_cfg, undef, $lock_wrapper);
if (my $err = $@) {
$errmsg ? die "$errmsg: $err" : die $err;
}
+
+ return $res;
}
sub get_local_vnets {
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel