Use node_cache in firewall for fetching MAC's on discovery

Partial-Bug: #1391868
Change-Id: I18e1abcb1e9d5899ad04a9d2c3e731d25ac9d5b2
This commit is contained in:
Dmitry Tantsur 2014-11-21 17:55:37 +01:00
parent cb32def5c5
commit ac5db21519
4 changed files with 18 additions and 22 deletions

View File

@ -116,7 +116,6 @@ def _process_node(ironic, node, node_info, valid_macs):
LOG.info('Node %s was updated with data from discovery process, forcing '
'power off', node.uuid)
firewall.unwhitelist_macs(valid_macs)
firewall.update_filters(ironic)
try:
@ -206,7 +205,6 @@ def _background_discover(ironic, nodes):
if all_macs:
LOG.info('Whitelisting MAC\'s %s in the firewall', all_macs)
firewall.whitelist_macs(all_macs)
firewall.update_filters(ironic)
for node in nodes:

View File

@ -17,11 +17,11 @@ import subprocess
from eventlet import semaphore
from ironic_discoverd import conf
from ironic_discoverd import node_cache
from ironic_discoverd import utils
LOG = logging.getLogger("discoverd")
MACS_DISCOVERY = set()
NEW_CHAIN = 'discovery_temp'
CHAIN = 'discovery'
INTERFACE = None
@ -61,18 +61,6 @@ def init():
_iptables('-N', CHAIN)
def whitelist_macs(macs):
"""Ensure given MAC's are allowed to access PXE boot server."""
with LOCK:
MACS_DISCOVERY.update(macs)
def unwhitelist_macs(macs):
"""Ensure given MAC's are NOT allowed to access PXE boot server."""
with LOCK:
MACS_DISCOVERY.difference_update(macs)
def update_filters(ironic=None):
"""Update firewall filter rules for discovery.
@ -94,7 +82,8 @@ def update_filters(ironic=None):
with LOCK:
macs_active = set(p.address for p in ironic.port.list(limit=0))
to_blacklist = macs_active - MACS_DISCOVERY
to_blacklist = macs_active - node_cache.macs_on_discovery()
LOG.debug('Blacklisting MAC\'s %s', to_blacklist)
# Clean up a bit to account for possible troubles on previous run
_iptables('-F', NEW_CHAIN, ignore=True)

View File

@ -78,6 +78,12 @@ def add_node(uuid, **attributes):
{'name': name, 'value': value})
def macs_on_discovery():
"""List all MAC's that are on discovery right now."""
return {x[0] for x in _db().execute("select value from attributes "
"where name='mac'")}
def drop_node(uuid):
"""Forget information about node with given uuid."""
with _db():

View File

@ -68,8 +68,6 @@ class TestProcess(unittest.TestCase):
}
}
self.macs = ['11:22:33:44:55:66', 'broken', '', '66:55:44:33:22:11']
firewall.MACS_DISCOVERY = set(['11:22:33:44:55:66',
'66:55:44:33:22:11'])
init_conf()
def _do_test(self, client_mock, pop_mock, filters_mock):
@ -93,7 +91,6 @@ class TestProcess(unittest.TestCase):
address='66:55:44:33:22:11')
self.assertEqual(2, cli.port.create.call_count)
filters_mock.assert_called_once_with(cli)
self.assertEqual(set(), firewall.MACS_DISCOVERY)
cli.node.set_power_state.assert_called_once_with(self.node.uuid, 'off')
def test_ok(self, client_mock, pop_mock, filters_mock):
@ -162,7 +159,6 @@ class TestDiscover(unittest.TestCase):
instance_uuid=None,
power_state='power off',
extra={'on_discovery': True})
firewall.MACS_DISCOVERY = set()
init_conf()
@patch.object(time, 'time', lambda: 42.0)
@ -198,8 +194,6 @@ class TestDiscover(unittest.TestCase):
bmc_address='1.2.3.5',
mac=['3-1', '3-2'])
filters_mock.assert_called_once_with(cli)
self.assertEqual(set(port.address for l in ports for port in l),
firewall.MACS_DISCOVERY)
self.assertEqual(3, cli.node.set_power_state.call_count)
cli.node.set_power_state.assert_called_with(ANY, 'reboot')
patch = [{'op': 'add', 'path': '/extra/on_discovery', 'value': 'true'},
@ -483,6 +477,15 @@ class TestNodeCache(unittest.TestCase):
self.assertEqual([], self.db.execute(
"select * from attributes").fetchall())
def test_macs_on_discovery(self):
self.db.execute("insert into nodes(uuid) values(?)", (self.node.uuid,))
self.db.executemany("insert into attributes(name, value, uuid) "
"values(?, ?, ?)",
[('mac', '11:22:11:22:11:22', self.node.uuid),
('mac', '22:11:22:11:22:11', self.node.uuid)])
self.assertEqual({'11:22:11:22:11:22', '22:11:22:11:22:11'},
node_cache.macs_on_discovery())
class TestNodeCachePop(unittest.TestCase):
def setUp(self):