Improperly placed firewall.update_rules call when aborting introspection

Bug #1548806 reported by milan k
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ironic Inspector
Fix Released
Low
Zhenguo Niu

Bug Description

Atm, `firewall.update_rules()` is called before `node.finished()`[1].
This call therefore has no effect because`firewall.update_rules` white-lists MAC addresses that are under introspection[2][3].
However, a node is effectively under introspection unless `node.finished`[4] is called that drops node's MAC addresses and makes the firewall black-list those.
This issue isn't as critical as the firewall periodic update task will eventually black-list an aborted node[5].

[1] https://github.com/openstack/ironic-inspector/blob/master/ironic_inspector/introspect.py#L211
[2] https://github.com/openstack/ironic-inspector/blob/master/ironic_inspector/firewall.py#L132
[3] https://github.com/openstack/ironic-inspector/blob/master/ironic_inspector/node_cache.py#L421
[4] https://github.com/openstack/ironic-inspector/blob/master/ironic_inspector/node_cache.py#L171
[5] https://github.com/openstack/ironic-inspector/blob/master/ironic_inspector/main.py#L292

Dmitry Tantsur (divius)
Changed in ironic-inspector:
status: New → Triaged
summary: - fix firewall.update_rules when aborting introspection
+ Improperly placed firewall.update_rules call when aborting introspection
Changed in ironic-inspector:
importance: Undecided → Low
tags: added: low-hanging-fruit
Changed in ironic-inspector:
assignee: nobody → Viswanath Nuggu (nugguviswanathcse)
Changed in ironic-inspector:
assignee: Viswanath Nuggu (nugguviswanathcse) → nobody
assignee: nobody → Viswanath Nuggu (nugguviswanathcse)
Changed in ironic-inspector:
assignee: Viswanath Nuggu (nugguviswanathcse) → Venkat Rahul Dantuluri (rahuldantuluri)
Revision history for this message
Zhenguo Niu (niu-zglinux) wrote :

hi Venkat Rahul Dantuluri, are you still working on this? there's no any update for a long time!

Changed in ironic-inspector:
assignee: Venkat Rahul Dantuluri (rahuldantuluri) → nobody
Changed in ironic-inspector:
assignee: nobody → Zhenguo Niu (niu-zglinux)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ironic-inspector (master)

Fix proposed to branch: master
Review: https://review.openstack.org/344544

Changed in ironic-inspector:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ironic-inspector (master)

Reviewed: https://review.openstack.org/344544
Committed: https://git.openstack.org/cgit/openstack/ironic-inspector/commit/?id=7b29eaf4a2ed9e53686afc7b6c47ead12e4988f3
Submitter: Jenkins
Branch: master

commit 7b29eaf4a2ed9e53686afc7b6c47ead12e4988f3
Author: Zhenguo Niu <email address hidden>
Date: Wed Jul 20 10:56:33 2016 +0800

    Fix improperly placed firewall.update_filters when aborting

    Currently, firewall.update_filters() is called before introspection
    finished, which has no effect as it white-lists MAC addresses that
    are under introspection.

    Change-Id: I789e39a86dc72470b80167e53f1755b506ca6f44
    Closes-Bug: #1548806

Changed in ironic-inspector:
status: In Progress → Fix Released
Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/ironic-inspector 4.1.0

This issue was fixed in the openstack/ironic-inspector 4.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.