ironic_inspector.pxe_filter package

Submodules

ironic_inspector.pxe_filter.base module

Base code for PXE boot filtering.

class ironic_inspector.pxe_filter.base.BaseFilter[source]

Bases: ironic_inspector.pxe_filter.interface.FilterDriver

The generic PXE boot filtering interface implementation.

This driver doesn’t do anything but provides a basic synchronization and initialization logic for some drivers to reuse. Subclasses have to provide a custom sync() method.

fsm = <automaton.machines.FiniteMachine object>
fsm_reset_on_error()[source]

Reset the filter driver upon generic exception.

The context is self.fsm. The automaton.exceptions.NotFound error is cast to the InvalidFilterDriverState error. Other exceptions trigger self.reset()

Raises

InvalidFilterDriverState

Returns

nothing.

get_periodic_sync_task()[source]

Get periodic sync task for the filter.

The periodic task returned is casting the InvalidFilterDriverState to the periodics.NeverAgain exception to quit looping.

Raises

periodics.NeverAgain

Returns

a periodic task to be run in the background.

init_filter()[source]

Base driver initialization logic. Locked.

Raises

InvalidFilterDriverState

Returns

nothing.

reset()[source]

Reset internal driver state.

This method is called by the fsm_context manager upon exception as well as by the tear_down_filter method. A subclass might wish to override as necessary, though must not lock the driver. The overriding subclass should up-call.

Returns

nothing.

property state

Current driver state.

sync(ironic)[source]

Base driver sync logic. Locked.

Parameters

ironic – obligatory ironic client instance

Returns

nothing.

tear_down_filter()[source]

Base driver tear down logic. Locked.

Returns

nothing.

class ironic_inspector.pxe_filter.base.Events[source]

Bases: object

PXE filter driver transitions.

initialize = 'initialize'
reset = 'reset'
sync = 'sync'
exception ironic_inspector.pxe_filter.base.InvalidFilterDriverState[source]

Bases: RuntimeError

The fsm of the filter driver raised an error.

class ironic_inspector.pxe_filter.base.NoopFilter[source]

Bases: ironic_inspector.pxe_filter.base.BaseFilter

A trivial PXE boot filter.

get_periodic_sync_task()[source]

Get periodic sync task for the filter.

The periodic task returned is casting the InvalidFilterDriverState to the periodics.NeverAgain exception to quit looping.

Raises

periodics.NeverAgain

Returns

a periodic task to be run in the background.

class ironic_inspector.pxe_filter.base.States[source]

Bases: object

PXE filter driver states.

initialized = 'initialized'
uninitialized = 'uninitialized'
ironic_inspector.pxe_filter.base.driver()[source]

Get the driver for the PXE filter.

Returns

the singleton PXE filter driver object.

ironic_inspector.pxe_filter.base.get_active_macs(ironic)[source]
ironic_inspector.pxe_filter.base.get_inactive_macs(ironic)[source]
ironic_inspector.pxe_filter.base.get_ironic_macs(ironic)[source]
ironic_inspector.pxe_filter.base.locked_driver_event(event)[source]

Call driver method having processed the fsm event.

ironic_inspector.pxe_filter.dnsmasq module

class ironic_inspector.pxe_filter.dnsmasq.DnsmasqFilter[source]

Bases: ironic_inspector.pxe_filter.base.BaseFilter

The dnsmasq PXE filter driver.

A pxe filter driver implementation that controls access to dnsmasq through amending its configuration.

init_filter()[source]

Performs an initial sync with ironic and starts dnsmasq.

The initial _sync() call reduces the chances dnsmasq might lose some inotify deny list events by prefetching the list before dnsmasq is started.

Raises

OSError, IOError.

Returns

None.

reset()[source]

Stop dnsmasq and upcall reset.

sync(ironic)[source]

Sync dnsmasq configuration with current Ironic&Inspector state.

Polls all ironic ports. Those being inspected, the active ones, are added to the allow list while the rest are added to the deny list in the dnsmasq configuration.

Parameters

ironic – an ironic client instance.

Raises

OSError, IOError.

Returns

None.

ironic_inspector.pxe_filter.interface module

The code of the PXE boot filtering interface.

class ironic_inspector.pxe_filter.interface.FilterDriver[source]

Bases: object

The PXE boot filtering interface.

abstract get_periodic_sync_task()[source]

Get periodic sync task for the filter.

Returns

a periodic task to be run in the background.

abstract init_filter()[source]

Initialize the internal driver state.

This method should be idempotent and may perform system-wide filter state changes. Can be synchronous.

Returns

nothing.

abstract sync(ironic)[source]

Synchronize the filter with ironic and inspector.

To be called both periodically and as needed by inspector. The filter should tear down its internal state if the sync method raises in order to “propagate” filtering exception between periodic and on-demand sync call. To this end, a driver should raise from the sync call if its internal state isn’t properly initialized.

Parameters

ironic – an ironic client instance.

Returns

nothing.

abstract tear_down_filter()[source]

Reset the filter.

This method should be idempotent and may perform system-wide filter state changes. Can be synchronous.

Returns

nothing.

ironic_inspector.pxe_filter.iptables module

class ironic_inspector.pxe_filter.iptables.IptablesFilter[source]

Bases: ironic_inspector.pxe_filter.base.BaseFilter

A PXE boot filtering interface implementation.

init_filter()[source]

Base driver initialization logic. Locked.

Raises

InvalidFilterDriverState

Returns

nothing.

reset()[source]

Reset internal driver state.

This method is called by the fsm_context manager upon exception as well as by the tear_down_filter method. A subclass might wish to override as necessary, though must not lock the driver. The overriding subclass should up-call.

Returns

nothing.

sync(ironic)[source]

Sync firewall filter rules for introspection.

Gives access to PXE boot port for any machine, except for those, whose MAC is registered in Ironic and is not on introspection right now.

This function is called from both introspection initialization code and from periodic task. This function is supposed to be resistant to unexpected iptables state.

init() function must be called once before any call to this function. This function is using eventlet semaphore to serialize access from different green threads.

Parameters

ironic – an ironic client instance.

Returns

nothing.

Module contents