From 06320eb0823c756df8dc836ecd4325839fb768e2 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 13 Feb 2014 12:33:22 +0100
Subject: [PATCH] implement locking

---
 PVE/Firewall.pm | 16 ++++++++-
 pvefw           | 93 ++++++++++++++++++++++++++++++++++---------------
 2 files changed, 80 insertions(+), 29 deletions(-)

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index 8e5cfb1..19314ad 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -8,10 +8,12 @@ use PVE::QemuServer;
 use File::Path;
 use IO::File;
 use Net::IP;
-use PVE::Tools qw(run_command);
+use PVE::Tools qw(run_command lock_file);
 
 use Data::Dumper;
 
+my $pve_fw_lock_filename = "/var/lock/pvefw.lck";
+
 my $macros;
 my @ruleset = ();
 
@@ -960,6 +962,18 @@ sub parse_fw_rules {
     return $res;
 }
 
+sub run_locked {
+    my ($code, @param) = @_;
+
+    my $timeout = 10;
+
+    my $res = lock_file($pve_fw_lock_filename, $timeout, $code, @param);
+
+    die $@ if $@;
+
+    return $res;
+}
+
 sub read_local_vm_config {
 
     my $openvz = {};
diff --git a/pvefw b/pvefw
index f727394..e33518d 100755
--- a/pvefw
+++ b/pvefw
@@ -51,17 +51,21 @@ __PACKAGE__->register_method({
         my $vmid = $param->{vmid};
         my $netid = $param->{netid};
 
-	my $conf = PVE::QemuServer::load_config($vmid);
-
-	foreach my $opt (keys %$conf) {
-            next if $opt !~ m/^net(\d+)$/;
-            my $net = PVE::QemuServer::parse_net($conf->{$opt});
-            next if !$net;
-	    next if $netid && $opt != $netid;
-	    PVE::Firewall::generate_tap_rules($net, $opt, $vmid);
-	}
-
-        return undef;
+	my $code = sub {
+	    my $conf = PVE::QemuServer::load_config($vmid);
+
+	    foreach my $opt (keys %$conf) {
+		next if $opt !~ m/^net(\d+)$/;
+		my $net = PVE::QemuServer::parse_net($conf->{$opt});
+		next if !$net;
+		next if $netid && $opt != $netid;
+		PVE::Firewall::generate_tap_rules($net, $opt, $vmid);
+	    }
+	};
+
+	PVE::Firewall::run_locked($code);
+        
+	return undef;
     }});
 
 __PACKAGE__->register_method({
@@ -87,15 +91,20 @@ __PACKAGE__->register_method({
         my $vmid = $param->{vmid};
         my $netid = $param->{netid};
 
-	my $conf = PVE::QemuServer::load_config($vmid);
 
-	foreach my $opt (keys %$conf) {
-            next if $opt !~ m/^net(\d+)$/;
-            my $net = PVE::QemuServer::parse_net($conf->{$opt});
-            next if !$net;
-	    next if $netid && $opt != $netid;
-	    PVE::Firewall::flush_tap_rules($net, $opt, $vmid);
-	}
+	my $code = sub {
+	    my $conf = PVE::QemuServer::load_config($vmid);
+
+	    foreach my $opt (keys %$conf) {
+		next if $opt !~ m/^net(\d+)$/;
+		my $net = PVE::QemuServer::parse_net($conf->{$opt});
+		next if !$net;
+		next if $netid && $opt != $netid;
+		PVE::Firewall::flush_tap_rules($net, $opt, $vmid);
+	    }
+	};
+
+	PVE::Firewall::run_locked($code);
 
         return undef;
     }});
@@ -116,9 +125,13 @@ __PACKAGE__->register_method({
     code => sub {
         my ($param) = @_;
 
-	my $group = $param->{securitygroup};
-	PVE::Firewall::enable_group_rules($group);
+	my $code = sub {
+	    my $group = $param->{securitygroup};
+	    PVE::Firewall::enable_group_rules($group);
+	};
 
+	PVE::Firewall::run_locked($code);
+	
         return undef;
     }});
 
@@ -139,8 +152,12 @@ __PACKAGE__->register_method({
     code => sub {
         my ($param) = @_;
 
-	my $group = $param->{securitygroup};
-	PVE::Firewall::disable_group_rules($group);
+	my $code = sub {
+	    my $group = $param->{securitygroup};
+	    PVE::Firewall::disable_group_rules($group);
+	};
+
+	PVE::Firewall::run_locked($code);
 
         return undef;
     }});
@@ -158,7 +175,11 @@ __PACKAGE__->register_method({
     code => sub {
 	my ($param) = @_;
 
-	PVE::Firewall::enablehostfw();
+	my $code = sub {
+	    PVE::Firewall::enablehostfw();
+	};
+
+	PVE::Firewall::run_locked($code);
 
 	return undef;
     }});
@@ -176,7 +197,11 @@ __PACKAGE__->register_method({
     code => sub {
 	my ($param) = @_;
 
-	PVE::Firewall::disablehostfw();
+	my $code = sub {
+	    PVE::Firewall::disablehostfw();
+	};
+
+	PVE::Firewall::run_locked($code);
 
 	return undef;
     }});
@@ -195,7 +220,11 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
-	PVE::Firewall::compile();
+	my $code = sub {
+	    PVE::Firewall::compile();
+	};
+
+	PVE::Firewall::run_locked($code);
 
 	return undef;
     }});
@@ -214,7 +243,11 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
-	PVE::Firewall::compile_and_start();
+	my $code = sub {
+	    PVE::Firewall::compile_and_start();
+	};
+
+	PVE::Firewall::run_locked($code);
 
 	return undef;
     }});
@@ -233,7 +266,11 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
-	die "implement me";
+	my $code = sub {
+	    die "implement me";
+	};
+
+	PVE::Firewall::run_locked($code);
 
 	return undef;
     }});
-- 
2.39.2