Use node_cache in firewall for fetching MAC's on discovery
Partial-Bug: #1391868 Change-Id: I18e1abcb1e9d5899ad04a9d2c3e731d25ac9d5b2
This commit is contained in:
parent
cb32def5c5
commit
ac5db21519
|
@ -116,7 +116,6 @@ def _process_node(ironic, node, node_info, valid_macs):
|
|||
LOG.info('Node %s was updated with data from discovery process, forcing '
|
||||
'power off', node.uuid)
|
||||
|
||||
firewall.unwhitelist_macs(valid_macs)
|
||||
firewall.update_filters(ironic)
|
||||
|
||||
try:
|
||||
|
@ -206,7 +205,6 @@ def _background_discover(ironic, nodes):
|
|||
|
||||
if all_macs:
|
||||
LOG.info('Whitelisting MAC\'s %s in the firewall', all_macs)
|
||||
firewall.whitelist_macs(all_macs)
|
||||
firewall.update_filters(ironic)
|
||||
|
||||
for node in nodes:
|
||||
|
|
|
@ -17,11 +17,11 @@ import subprocess
|
|||
from eventlet import semaphore
|
||||
|
||||
from ironic_discoverd import conf
|
||||
from ironic_discoverd import node_cache
|
||||
from ironic_discoverd import utils
|
||||
|
||||
|
||||
LOG = logging.getLogger("discoverd")
|
||||
MACS_DISCOVERY = set()
|
||||
NEW_CHAIN = 'discovery_temp'
|
||||
CHAIN = 'discovery'
|
||||
INTERFACE = None
|
||||
|
@ -61,18 +61,6 @@ def init():
|
|||
_iptables('-N', CHAIN)
|
||||
|
||||
|
||||
def whitelist_macs(macs):
|
||||
"""Ensure given MAC's are allowed to access PXE boot server."""
|
||||
with LOCK:
|
||||
MACS_DISCOVERY.update(macs)
|
||||
|
||||
|
||||
def unwhitelist_macs(macs):
|
||||
"""Ensure given MAC's are NOT allowed to access PXE boot server."""
|
||||
with LOCK:
|
||||
MACS_DISCOVERY.difference_update(macs)
|
||||
|
||||
|
||||
def update_filters(ironic=None):
|
||||
"""Update firewall filter rules for discovery.
|
||||
|
||||
|
@ -94,7 +82,8 @@ def update_filters(ironic=None):
|
|||
|
||||
with LOCK:
|
||||
macs_active = set(p.address for p in ironic.port.list(limit=0))
|
||||
to_blacklist = macs_active - MACS_DISCOVERY
|
||||
to_blacklist = macs_active - node_cache.macs_on_discovery()
|
||||
LOG.debug('Blacklisting MAC\'s %s', to_blacklist)
|
||||
|
||||
# Clean up a bit to account for possible troubles on previous run
|
||||
_iptables('-F', NEW_CHAIN, ignore=True)
|
||||
|
|
|
@ -78,6 +78,12 @@ def add_node(uuid, **attributes):
|
|||
{'name': name, 'value': value})
|
||||
|
||||
|
||||
def macs_on_discovery():
|
||||
"""List all MAC's that are on discovery right now."""
|
||||
return {x[0] for x in _db().execute("select value from attributes "
|
||||
"where name='mac'")}
|
||||
|
||||
|
||||
def drop_node(uuid):
|
||||
"""Forget information about node with given uuid."""
|
||||
with _db():
|
||||
|
|
|
@ -68,8 +68,6 @@ class TestProcess(unittest.TestCase):
|
|||
}
|
||||
}
|
||||
self.macs = ['11:22:33:44:55:66', 'broken', '', '66:55:44:33:22:11']
|
||||
firewall.MACS_DISCOVERY = set(['11:22:33:44:55:66',
|
||||
'66:55:44:33:22:11'])
|
||||
init_conf()
|
||||
|
||||
def _do_test(self, client_mock, pop_mock, filters_mock):
|
||||
|
@ -93,7 +91,6 @@ class TestProcess(unittest.TestCase):
|
|||
address='66:55:44:33:22:11')
|
||||
self.assertEqual(2, cli.port.create.call_count)
|
||||
filters_mock.assert_called_once_with(cli)
|
||||
self.assertEqual(set(), firewall.MACS_DISCOVERY)
|
||||
cli.node.set_power_state.assert_called_once_with(self.node.uuid, 'off')
|
||||
|
||||
def test_ok(self, client_mock, pop_mock, filters_mock):
|
||||
|
@ -162,7 +159,6 @@ class TestDiscover(unittest.TestCase):
|
|||
instance_uuid=None,
|
||||
power_state='power off',
|
||||
extra={'on_discovery': True})
|
||||
firewall.MACS_DISCOVERY = set()
|
||||
init_conf()
|
||||
|
||||
@patch.object(time, 'time', lambda: 42.0)
|
||||
|
@ -198,8 +194,6 @@ class TestDiscover(unittest.TestCase):
|
|||
bmc_address='1.2.3.5',
|
||||
mac=['3-1', '3-2'])
|
||||
filters_mock.assert_called_once_with(cli)
|
||||
self.assertEqual(set(port.address for l in ports for port in l),
|
||||
firewall.MACS_DISCOVERY)
|
||||
self.assertEqual(3, cli.node.set_power_state.call_count)
|
||||
cli.node.set_power_state.assert_called_with(ANY, 'reboot')
|
||||
patch = [{'op': 'add', 'path': '/extra/on_discovery', 'value': 'true'},
|
||||
|
@ -483,6 +477,15 @@ class TestNodeCache(unittest.TestCase):
|
|||
self.assertEqual([], self.db.execute(
|
||||
"select * from attributes").fetchall())
|
||||
|
||||
def test_macs_on_discovery(self):
|
||||
self.db.execute("insert into nodes(uuid) values(?)", (self.node.uuid,))
|
||||
self.db.executemany("insert into attributes(name, value, uuid) "
|
||||
"values(?, ?, ?)",
|
||||
[('mac', '11:22:11:22:11:22', self.node.uuid),
|
||||
('mac', '22:11:22:11:22:11', self.node.uuid)])
|
||||
self.assertEqual({'11:22:11:22:11:22', '22:11:22:11:22:11'},
|
||||
node_cache.macs_on_discovery())
|
||||
|
||||
|
||||
class TestNodeCachePop(unittest.TestCase):
|
||||
def setUp(self):
|
||||
|
|
Loading…
Reference in New Issue