Use node_cache in firewall for fetching MAC's on discovery
Partial-Bug: #1391868 Change-Id: I18e1abcb1e9d5899ad04a9d2c3e731d25ac9d5b2
This commit is contained in:
parent
cb32def5c5
commit
ac5db21519
|
@ -116,7 +116,6 @@ def _process_node(ironic, node, node_info, valid_macs):
|
||||||
LOG.info('Node %s was updated with data from discovery process, forcing '
|
LOG.info('Node %s was updated with data from discovery process, forcing '
|
||||||
'power off', node.uuid)
|
'power off', node.uuid)
|
||||||
|
|
||||||
firewall.unwhitelist_macs(valid_macs)
|
|
||||||
firewall.update_filters(ironic)
|
firewall.update_filters(ironic)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -206,7 +205,6 @@ def _background_discover(ironic, nodes):
|
||||||
|
|
||||||
if all_macs:
|
if all_macs:
|
||||||
LOG.info('Whitelisting MAC\'s %s in the firewall', all_macs)
|
LOG.info('Whitelisting MAC\'s %s in the firewall', all_macs)
|
||||||
firewall.whitelist_macs(all_macs)
|
|
||||||
firewall.update_filters(ironic)
|
firewall.update_filters(ironic)
|
||||||
|
|
||||||
for node in nodes:
|
for node in nodes:
|
||||||
|
|
|
@ -17,11 +17,11 @@ import subprocess
|
||||||
from eventlet import semaphore
|
from eventlet import semaphore
|
||||||
|
|
||||||
from ironic_discoverd import conf
|
from ironic_discoverd import conf
|
||||||
|
from ironic_discoverd import node_cache
|
||||||
from ironic_discoverd import utils
|
from ironic_discoverd import utils
|
||||||
|
|
||||||
|
|
||||||
LOG = logging.getLogger("discoverd")
|
LOG = logging.getLogger("discoverd")
|
||||||
MACS_DISCOVERY = set()
|
|
||||||
NEW_CHAIN = 'discovery_temp'
|
NEW_CHAIN = 'discovery_temp'
|
||||||
CHAIN = 'discovery'
|
CHAIN = 'discovery'
|
||||||
INTERFACE = None
|
INTERFACE = None
|
||||||
|
@ -61,18 +61,6 @@ def init():
|
||||||
_iptables('-N', CHAIN)
|
_iptables('-N', CHAIN)
|
||||||
|
|
||||||
|
|
||||||
def whitelist_macs(macs):
|
|
||||||
"""Ensure given MAC's are allowed to access PXE boot server."""
|
|
||||||
with LOCK:
|
|
||||||
MACS_DISCOVERY.update(macs)
|
|
||||||
|
|
||||||
|
|
||||||
def unwhitelist_macs(macs):
|
|
||||||
"""Ensure given MAC's are NOT allowed to access PXE boot server."""
|
|
||||||
with LOCK:
|
|
||||||
MACS_DISCOVERY.difference_update(macs)
|
|
||||||
|
|
||||||
|
|
||||||
def update_filters(ironic=None):
|
def update_filters(ironic=None):
|
||||||
"""Update firewall filter rules for discovery.
|
"""Update firewall filter rules for discovery.
|
||||||
|
|
||||||
|
@ -94,7 +82,8 @@ def update_filters(ironic=None):
|
||||||
|
|
||||||
with LOCK:
|
with LOCK:
|
||||||
macs_active = set(p.address for p in ironic.port.list(limit=0))
|
macs_active = set(p.address for p in ironic.port.list(limit=0))
|
||||||
to_blacklist = macs_active - MACS_DISCOVERY
|
to_blacklist = macs_active - node_cache.macs_on_discovery()
|
||||||
|
LOG.debug('Blacklisting MAC\'s %s', to_blacklist)
|
||||||
|
|
||||||
# Clean up a bit to account for possible troubles on previous run
|
# Clean up a bit to account for possible troubles on previous run
|
||||||
_iptables('-F', NEW_CHAIN, ignore=True)
|
_iptables('-F', NEW_CHAIN, ignore=True)
|
||||||
|
|
|
@ -78,6 +78,12 @@ def add_node(uuid, **attributes):
|
||||||
{'name': name, 'value': value})
|
{'name': name, 'value': value})
|
||||||
|
|
||||||
|
|
||||||
|
def macs_on_discovery():
|
||||||
|
"""List all MAC's that are on discovery right now."""
|
||||||
|
return {x[0] for x in _db().execute("select value from attributes "
|
||||||
|
"where name='mac'")}
|
||||||
|
|
||||||
|
|
||||||
def drop_node(uuid):
|
def drop_node(uuid):
|
||||||
"""Forget information about node with given uuid."""
|
"""Forget information about node with given uuid."""
|
||||||
with _db():
|
with _db():
|
||||||
|
|
|
@ -68,8 +68,6 @@ class TestProcess(unittest.TestCase):
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
self.macs = ['11:22:33:44:55:66', 'broken', '', '66:55:44:33:22:11']
|
self.macs = ['11:22:33:44:55:66', 'broken', '', '66:55:44:33:22:11']
|
||||||
firewall.MACS_DISCOVERY = set(['11:22:33:44:55:66',
|
|
||||||
'66:55:44:33:22:11'])
|
|
||||||
init_conf()
|
init_conf()
|
||||||
|
|
||||||
def _do_test(self, client_mock, pop_mock, filters_mock):
|
def _do_test(self, client_mock, pop_mock, filters_mock):
|
||||||
|
@ -93,7 +91,6 @@ class TestProcess(unittest.TestCase):
|
||||||
address='66:55:44:33:22:11')
|
address='66:55:44:33:22:11')
|
||||||
self.assertEqual(2, cli.port.create.call_count)
|
self.assertEqual(2, cli.port.create.call_count)
|
||||||
filters_mock.assert_called_once_with(cli)
|
filters_mock.assert_called_once_with(cli)
|
||||||
self.assertEqual(set(), firewall.MACS_DISCOVERY)
|
|
||||||
cli.node.set_power_state.assert_called_once_with(self.node.uuid, 'off')
|
cli.node.set_power_state.assert_called_once_with(self.node.uuid, 'off')
|
||||||
|
|
||||||
def test_ok(self, client_mock, pop_mock, filters_mock):
|
def test_ok(self, client_mock, pop_mock, filters_mock):
|
||||||
|
@ -162,7 +159,6 @@ class TestDiscover(unittest.TestCase):
|
||||||
instance_uuid=None,
|
instance_uuid=None,
|
||||||
power_state='power off',
|
power_state='power off',
|
||||||
extra={'on_discovery': True})
|
extra={'on_discovery': True})
|
||||||
firewall.MACS_DISCOVERY = set()
|
|
||||||
init_conf()
|
init_conf()
|
||||||
|
|
||||||
@patch.object(time, 'time', lambda: 42.0)
|
@patch.object(time, 'time', lambda: 42.0)
|
||||||
|
@ -198,8 +194,6 @@ class TestDiscover(unittest.TestCase):
|
||||||
bmc_address='1.2.3.5',
|
bmc_address='1.2.3.5',
|
||||||
mac=['3-1', '3-2'])
|
mac=['3-1', '3-2'])
|
||||||
filters_mock.assert_called_once_with(cli)
|
filters_mock.assert_called_once_with(cli)
|
||||||
self.assertEqual(set(port.address for l in ports for port in l),
|
|
||||||
firewall.MACS_DISCOVERY)
|
|
||||||
self.assertEqual(3, cli.node.set_power_state.call_count)
|
self.assertEqual(3, cli.node.set_power_state.call_count)
|
||||||
cli.node.set_power_state.assert_called_with(ANY, 'reboot')
|
cli.node.set_power_state.assert_called_with(ANY, 'reboot')
|
||||||
patch = [{'op': 'add', 'path': '/extra/on_discovery', 'value': 'true'},
|
patch = [{'op': 'add', 'path': '/extra/on_discovery', 'value': 'true'},
|
||||||
|
@ -483,6 +477,15 @@ class TestNodeCache(unittest.TestCase):
|
||||||
self.assertEqual([], self.db.execute(
|
self.assertEqual([], self.db.execute(
|
||||||
"select * from attributes").fetchall())
|
"select * from attributes").fetchall())
|
||||||
|
|
||||||
|
def test_macs_on_discovery(self):
|
||||||
|
self.db.execute("insert into nodes(uuid) values(?)", (self.node.uuid,))
|
||||||
|
self.db.executemany("insert into attributes(name, value, uuid) "
|
||||||
|
"values(?, ?, ?)",
|
||||||
|
[('mac', '11:22:11:22:11:22', self.node.uuid),
|
||||||
|
('mac', '22:11:22:11:22:11', self.node.uuid)])
|
||||||
|
self.assertEqual({'11:22:11:22:11:22', '22:11:22:11:22:11'},
|
||||||
|
node_cache.macs_on_discovery())
|
||||||
|
|
||||||
|
|
||||||
class TestNodeCachePop(unittest.TestCase):
|
class TestNodeCachePop(unittest.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
|
Loading…
Reference in New Issue