+ # Create an exact copy of the old security group
+ $cluster_conf->{groups}->{$group} = $cluster_conf->{groups}->{$rename};
+ $cluster_conf->{group_comments}->{$group} = $cluster_conf->{group_comments}->{$rename};
+
+ # Update comment if provided
+ $cluster_conf->{group_comments}->{$group} = $comment if defined($comment);
+
+ # Write the copy to the cluster config, so that if something fails inbetween, the new firewall
+ # rules won't be broken when the new name is referenced
+ PVE::Firewall::save_clusterfw_conf($cluster_conf);
+
+ # Update all the host configs to the new copy
+ my $hosts = PVE::Cluster::get_nodelist();
+ foreach my $host (@$hosts) {
+ PVE::Firewall::lock_hostfw_conf($host, 10, sub {
+ my $host_conf_path = "/etc/pve/nodes/$host/host.fw";
+ my $host_conf = PVE::Firewall::load_hostfw_conf($cluster_conf, $host_conf_path);
+
+ if (defined($host_conf)) {
+ &$rename_fw_rules($rename,
+ $group,
+ $host_conf->{rules});
+ PVE::Firewall::save_hostfw_conf($host_conf, $host_conf_path);
+ }
+ });
+ }