From: Stefan Reiter <s.reiter@proxmox.com>
Date: Wed, 3 Jul 2019 12:27:34 +0000 (+0200)
Subject: Display corosync rule info on localnet call
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=c89fafa240e50e3d64ed6543dbb5da27148bd938

Display corosync rule info on localnet call

If no corosync.conf exists (i.e. a standalone node), the output is left
the same.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
---

diff --git a/src/PVE/Service/pve_firewall.pm b/src/PVE/Service/pve_firewall.pm
index d8e42ec..3c1254b 100755
--- a/src/PVE/Service/pve_firewall.pm
+++ b/src/PVE/Service/pve_firewall.pm
@@ -10,6 +10,7 @@ use PVE::Tools qw(dir_glob_foreach file_read_firstline);
 use PVE::ProcFSTools;
 use PVE::INotify;
 use PVE::Cluster qw(cfs_read_file);
+use PVE::Corosync;
 use PVE::RPCEnvironment;
 use PVE::CLIHandler;
 use PVE::Firewall;
@@ -264,6 +265,28 @@ __PACKAGE__->register_method ({
 	    print "using detected local_network: $localnet\n";
 	}
 
+	if (PVE::Corosync::check_conf_exists(1)) {
+	    my $corosync_conf = PVE::Cluster::cfs_read_file("corosync.conf");
+	    my $corosync_node_found = 0;
+
+	    print "\naccepting corosync traffic from/to:\n";
+
+	    PVE::Corosync::for_all_corosync_addresses($corosync_conf, undef, sub {
+		my ($node_name, $node_ip, $node_ipversion, $key) = @_;
+
+		if (!$corosync_node_found) {
+		    $corosync_node_found = 1;
+		}
+
+		$key =~ m/(?:ring|link)(\d+)_addr/;
+		print " - $node_name: $node_ip (link: $1)\n";
+	    });
+
+	    if (!$corosync_node_found) {
+		print " - no nodes found\n";
+	    }
+	}
+
 	return undef;
     }});