openstack
/
ironic-inspector
Code Issues Proposed changes

Merge "Do not reset FSM when ironic ports cant be queried"

This commit is contained in:
Zuul 2021-07-30 14:28:11 +00:00 committed by Gerrit Code Review
parent 9cfd98e577 c3b316677c
commit 21105e9dc5
5 changed files with 64 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ironic_inspector/pxe_filter/dnsmasq.py
View File

@ -28,6 +28,7 @@ import fcntl
import os import os
import time import time
from openstack import exceptions as os_exc
from oslo_concurrency import processutils from oslo_concurrency import processutils
from oslo_config import cfg from oslo_config import cfg
from oslo_log import log from oslo_log import log
@ -83,11 +84,16 @@ class DnsmasqFilter(pxe_filter.BaseFilter):
LOG.debug('Syncing the driver') LOG.debug('Syncing the driver')
timestamp_start = timeutils.utcnow() timestamp_start = timeutils.utcnow()
try:
# active_macs are the MACs for which introspection is active # active_macs are the MACs for which introspection is active
active_macs = pxe_filter.get_active_macs(ironic) active_macs = pxe_filter.get_active_macs(ironic)
# ironic_macs are all the MACs know to ironic (all ironic ports) # ironic_macs are all the MACs know to ironic (all ironic ports)
ironic_macs = pxe_filter.get_ironic_macs(ironic) ironic_macs = pxe_filter.get_ironic_macs(ironic)
except os_exc.SDKException:
LOG.exception(
"Could not list ironic ports, can not sync dnsmasq PXE filter")
return
denylist, allowlist = _get_deny_allow_lists() denylist, allowlist = _get_deny_allow_lists()
# removedlist are the MACs that are in either in allow or denylist, # removedlist are the MACs that are in either in allow or denylist,

7
ironic_inspector/pxe_filter/iptables.py
View File

@ -13,6 +13,7 @@
import contextlib import contextlib
from openstack import exceptions as os_exc
from oslo_concurrency import processutils from oslo_concurrency import processutils
from oslo_config import cfg from oslo_config import cfg
from oslo_log import log from oslo_log import log
@ -110,12 +111,18 @@ class IptablesFilter(pxe_filter.BaseFilter):
self._disable_dhcp() self._disable_dhcp()
return return
try:
if CONF.pxe_filter.deny_unknown_macs: if CONF.pxe_filter.deny_unknown_macs:
to_allow = pxe_filter.get_active_macs(ironic) to_allow = pxe_filter.get_active_macs(ironic)
to_deny = None to_deny = None
else: else:
to_deny = pxe_filter.get_inactive_macs(ironic) to_deny = pxe_filter.get_inactive_macs(ironic)
to_allow = None to_allow = None
except os_exc.SDKException:
LOG.exception(
"Could not list ironic ports, iptables PXE filter can not "
"be synced")
return
if to_deny == self.denylist_cache and to_allow == self.allowlist_cache: if to_deny == self.denylist_cache and to_allow == self.allowlist_cache:
LOG.debug('Not updating iptables - no changes in MAC lists %s %s', LOG.debug('Not updating iptables - no changes in MAC lists %s %s',

16
ironic_inspector/test/unit/test_dnsmasq_pxe_filter.py
View File

@ -484,6 +484,22 @@ class TestSync(DnsmasqTestBase):
self.timestamp_end - self.timestamp_start) self.timestamp_end - self.timestamp_start)
]) ])
@mock.patch('time.sleep', lambda _x: None)
def test__sync_ironic_unavailable(self):
self.mock_ironic.ports.side_effect = os_exc.SDKException('boom')
self.driver._sync(self.mock_ironic)
self.mock__add_mac_to_allowlist.assert_not_called()
self.mock__add_mac_to_denylist.assert_not_called()
self.mock_ironic.ports.assert_called_with(fields=['address', 'extra'],
limit=None)
self.mock_get_active_macs.assert_called_once_with(self.mock_ironic)
self.mock__get_deny_allow_lists.assert_not_called()
self.mock__configure_removedlist.assert_not_called()
self.mock_log.debug.assert_called_once_with('Syncing the driver')
self.mock_log.exception.assert_called_once_with(
"Could not list ironic ports, can not sync dnsmasq PXE filter")
class Test_Execute(test_base.BaseTest): class Test_Execute(test_base.BaseTest):
def setUp(self): def setUp(self):

16
ironic_inspector/test/unit/test_iptables.py
View File

@ -16,6 +16,7 @@
from unittest import mock from unittest import mock
import fixtures import fixtures
from openstack import exceptions as os_exc
from oslo_config import cfg from oslo_config import cfg
from ironic_inspector import node_cache from ironic_inspector import node_cache
@ -354,6 +355,21 @@ class TestIptablesDriver(test_base.NodeTest):
self.assertRaisesRegex(utils.Error, 'Configuration error:', self.assertRaisesRegex(utils.Error, 'Configuration error:',
self.driver.__init__) self.driver.__init__)
def test_sync_ironic_unavailable_allowlist(self):
self.driver = iptables.IptablesFilter()
self.mock_ironic.ports.side_effect = os_exc.SDKException('boom')
self.driver.sync(self.mock_ironic)
self.mock_get_inactive_macs.assert_called_once_with(self.mock_ironic)
self.mock_iptables.assert_not_called()
def test_sync_ironic_unavailable_denylist(self):
CONF.set_override('deny_unknown_macs', True, 'pxe_filter')
self.driver = iptables.IptablesFilter()
self.mock_ironic.ports.side_effect = os_exc.SDKException('boom')
self.driver.sync(self.mock_ironic)
self.mock_get_active_macs.assert_called_once_with(self.mock_ironic)
self.mock_iptables.assert_not_called()
class Test_ShouldEnableDhcp(test_base.BaseTest): class Test_ShouldEnableDhcp(test_base.BaseTest):
def setUp(self): def setUp(self):

9
releasenotes/notes/pxe-filter-driver-stuck-ea5844cf3eafa61f.yaml Normal file
View File

@ -0,0 +1,9 @@
---
fixes:
- |
Inspector now ignores failures to list ironic ports during
pxe filter driver sync, and just skips the sync in this case.
Previously such errors resulted in pxe filter driver being stuck
in an uninitialized state until ironic inspector was restarted.
See bug `2008971 <https://storyboard.openstack.org/#!/story/2008971>`_.