[pve-devel] [PATCH v2 manager 1/2] api: nodes: allow setting HA shutdown policy during shutdown/reboot

Tue, 20 Jun 2023 03:55:33 -0700 

Increases flexibility/user-friendliness.

In the edge case that an override is already present, but the user
doesn't have Sys.Modify privilege, just proceed with the existing
override. Could in principle happen when the requests from a
privileged user with a policy and an unprivileged user without a
policy arrive at the same time.

Suggested-by: Thomas Lamprecht <t.lampre...@proxmox.com>
Signed-off-by: Fiona Ebner <f.eb...@proxmox.com>
---

(Build-)dependency bump for libpve-cluster-perl needed.

Changes in v2:
    * Also check for Sys.Modify privilege when parameter is specified.

 PVE/API2/Nodes.pm | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index 9269694d..b8f0c6ce 100644
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -8,7 +8,7 @@ use Digest::SHA;
 use Filesys::Df;
 use HTTP::Status qw(:constants);
 use JSON;
-use POSIX qw(LONG_MAX);
+use POSIX qw(ENOENT LONG_MAX);
 use Time::Local qw(timegm_nocheck);
 use Socket;
 use IO::Socket::SSL;
@@ -544,6 +544,7 @@ __PACKAGE__->register_method({
     method => 'POST',
     permissions => {
        check => ['perm', '/nodes/{node}', [ 'Sys.PowerMgmt' ]],
+       description => "The 'shutdown-policy' parameter additionally requires 
'Sys.Modify'.",
     },
     protected => 1,
     description => "Reboot or shutdown a node.",
@@ -557,12 +558,27 @@ __PACKAGE__->register_method({
                type => 'string',
                enum => [qw(reboot shutdown)],
            },
+           'shutdown-policy' => get_standard_option('pve-ha-shutdown-policy', 
{ optional => 1 }),
        },
     },
     returns => { type => "null" },
     code => sub {
        my ($param) = @_;
 
+       my $rpcenv = PVE::RPCEnvironment::get();
+       my $user = $rpcenv->get_user();
+       my $node = $param->{node};
+
+       my $sp_override_fn = '/run/pve-ha-lrm/shutdown-policy.local-override';
+
+       if ($param->{'shutdown-policy'}) {
+           $rpcenv->check($user, "/nodes/$node", ['Sys.Modify']);
+           eval { PVE::Tools::file_set_contents($sp_override_fn, 
$param->{'shutdown-policy'}); };
+           die "could not write shutdown policy override to $sp_override_fn - 
$@" if $@;
+       } elsif (-e $sp_override_fn && $rpcenv->check($user, "/nodes/$node", 
['Sys.Modify'], 1)) {
+           unlink $sp_override_fn or die "unable to remove $sp_override_fn - 
$!";
+       }
+
        if ($param->{command} eq 'reboot') {
            system ("(sleep 2;/sbin/reboot)&");
        } elsif ($param->{command} eq 'shutdown') {
-- 
2.39.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to