sdn: use new IPAM state path with fallback to legacy one

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-05-23 20:11:03 +00:00 · 2024-11-19 11:10:36 +01:00 · 2024-11-19 11:10:36 +01:00 · 217df011c9
commit 217df011c9
parent 601a82cb64
1 changed files with 19 additions and 9 deletions
--- a/pve-rs/src/firewall/sdn.rs
+++ b/pve-rs/src/firewall/sdn.rs
@ -86,7 +86,8 @@ mod export {
    }

    const SDN_RUNNING_CONFIG: &str = "/etc/pve/sdn/.running-config";
-    const SDN_IPAM: &str = "/etc/pve/priv/ipam.db";
+    const SDN_IPAM: &str = "/etc/pve/sdn/pve-ipam-state.json";
+    const SDN_IPAM_LEGACY: &str = "/etc/pve/priv/ipam.db"; // TODO: remove with PVE 9+

    #[export]
    pub fn config(
@ -110,16 +111,25 @@ mod export {
            }
        };

-        match fs::read_to_string(SDN_IPAM) {
-            Ok(data) => {
-                let ipam_json: IpamJson = serde_json::from_str(&data)?;
-                let ipam: Ipam = Ipam::try_from(ipam_json)
-                    .with_context(|| "Failed to parse IPAM".to_string())?;
+        let add_ipam_ipsets = |data: String| -> Result<(), Error> {
+            let ipam_json: IpamJson = serde_json::from_str(&data)?;
+            let ipam: Ipam =
+                Ipam::try_from(ipam_json).with_context(|| "Failed to parse IPAM".to_string())?;

-                let allowlist = vm_filter.map(Allowlist::from_iter);
-                refs.extend_ipsets(ipam.ipsets(allowlist.as_ref()));
+            let allowlist = vm_filter.map(Allowlist::from_iter);
+            refs.extend_ipsets(ipam.ipsets(allowlist.as_ref()));
+            Ok(())
+        };
+        match fs::read_to_string(SDN_IPAM) {
+            Ok(data) => add_ipam_ipsets(data)?,
+            // Fallback to legacy path for transition from priv/ to sdn/ folder for cache/state
+            Err(e) if e.kind() == io::ErrorKind::NotFound => {
+                match fs::read_to_string(SDN_IPAM_LEGACY) {
+                    Ok(data) => add_ipam_ipsets(data)?,
+                    Err(e) if e.kind() == io::ErrorKind::NotFound => (),
+                    Err(e) => bail!("Cannot open legacy IPAM database: {e:#}"),
+                }
            }
-            Err(e) if e.kind() == io::ErrorKind::NotFound => (),
            Err(e) => {
                bail!("Cannot open IPAM database: {e:#}");
            }