Ironic Inspector

[RFE] multiple PXE white--blacklist backends

Bug #1665666 reported by milan k on 2017-02-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ironic Inspector	Fix Released	Wishlist	milan k

Bug Description

Currently Inspector supports only a custom IPtables "backend" to black--whitelist its PXE facility.
Introduce a plugin-based mechanism w/ a default IPtables plugin implementing the PXE protection.
Possible backends:
* Neutron
* dnsmasq DBus ctl

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-01: Fix proposed to ironic-inspector (master)

Fix proposed to branch: master
Review: https://review.openstack.org/439603

Changed in ironic-inspector:
assignee:	nobody → milan k (vetrisko)
status:	New → In Progress

Vladyslav Drok (vdrok) on 2017-03-01

tags:	added: rfe
Changed in ironic-inspector:
importance:	Undecided → Wishlist

Vladyslav Drok (vdrok) on 2017-03-01

tags:

added: needs-spec

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-24: Fix merged to ironic-inspector-specs (master)

Reviewed: https://review.openstack.org/439862
Committed: https://git.openstack.org/cgit/openstack/ironic-inspector-specs/commit/?id=e30c6916edae2fbaf8b92af16460d09e39437fee
Submitter: Jenkins
Branch: master

commit e30c6916edae2fbaf8b92af16460d09e39437fee
Author: dparalen <email address hidden>
Date: Wed Mar 1 22:40:10 2017 +0100

Multiple PXE filtering backends

Change-Id: I7022d10fd22e6e141e59d0596402f43d2dcde056
Partial-Bug: 1665666

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-29: Fix proposed to ironic-inspector (master)

Fix proposed to branch: master
Review: https://review.openstack.org/451350

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-06-08: Change abandoned on ironic-inspector (master)

Change abandoned by Milan Kováčik (<email address hidden>) on branch: master
Review: https://review.openstack.org/451350
Reason: no need atm

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-06-30: Fix merged to ironic-inspector (master)

Reviewed: https://review.openstack.org/439603
Committed: https://git.openstack.org/cgit/openstack/ironic-inspector/commit/?id=e02bc755a64a6be29fb80719399d1c5dffb45b50
Submitter: Jenkins
Branch: master

commit e02bc755a64a6be29fb80719399d1c5dffb45b50
Author: dparalen <email address hidden>
Date: Tue Jun 6 19:21:23 2017 +0200

PXE boot filtering drivers

Introduce a driver concept for PXE filtering

Change-Id: I73297771c4118f368b80a5f1021a0d5c3fc8b96e
Closes-Bug: 1665666

Changed in ironic-inspector:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-17: Fix included in openstack/ironic-inspector 6.0.0

This issue was fixed in the openstack/ironic-inspector 6.0.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-05: Related fix merged to ironic-inspector (master)

Reviewed: https://review.openstack.org/487909
Committed: https://git.openstack.org/cgit/openstack/ironic-inspector/commit/?id=581c40c769cc12ed187ea1ea62f995b6ca833cf5
Submitter: Jenkins
Branch: master

commit 581c40c769cc12ed187ea1ea62f995b6ca833cf5
Author: dparalen <email address hidden>
Date: Thu Jul 27 16:04:33 2017 +0200

Allow periodics to terminate inspector

    This patch allows a periodic task to shut down the inspector upon a
    (critical) failure. This is needed in case of a (future) PXE filter driver
    malfunction to avoid inspector running with a broken filter.

The test_wsgi_service unit test module was refactored to address test
ordering dependency issues and to enhance the mocking.

Change-Id: I50e6408bf30416d8c7ff9e30be0e938cec12b7cd
Related-Bug: 1665666

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-19:

Reviewed: https://review.openstack.org/471831
Committed: https://git.openstack.org/cgit/openstack/ironic-inspector/commit/?id=7b2758546376394777c7d36c8f5bb62ff7ef3830
Submitter: Zuul
Branch: master

commit 7b2758546376394777c7d36c8f5bb62ff7ef3830
Author: dparalen <email address hidden>
Date: Tue Jun 6 19:28:30 2017 +0200

Refactoring the firewall

Adopting the PXE filter interface/driver concept

Related-Bug: 1665666
Change-Id: If83db978080b9c4e5d51ba50bbe8ed26e29abe83

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-24:

Reviewed: https://review.openstack.org/466448
Committed: https://git.openstack.org/cgit/openstack/ironic-inspector/commit/?id=8ddfacdf341670c923f7e41e7c3bb1986dc3bcaf
Submitter: Zuul
Branch: master

commit 8ddfacdf341670c923f7e41e7c3bb1986dc3bcaf
Author: dparalen <email address hidden>
Date: Sat May 20 02:48:09 2017 +0200

Introducing a dnsmasq PXE filter driver

A PXE filter driver is introduced that works by configuring and controlling
the dnsmasq service.

    Closes-Bug: 1693813
    Related-Bug: 1665666
    Change-Id: I63fe91ee4f9ac3021bcfd9a4a378af56af800fac

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.