openstack/ironic
Code Issues Proposed changes

Also wipe agent token on manual power off or reboot

Browse Source 
We have a check in the code that is never true for manual power
actions because of what happens in the conductor manager. Remove it.

Change-Id: I50b7b78a41188c41e4944894851f1d12684f824a
This commit is contained in:
Dmitry Tantsur 2020-09-14 16:01:36 +02:00
parent 72baa1da58
commit bc04a42a96
3 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
ironic/conductor/utils.py
View File

@ -278,20 +278,19 @@ def node_power_action(task, new_state, timeout=None):
# Set the target_power_state and clear any last_error, if we're # Set the target_power_state and clear any last_error, if we're
# starting a new operation. This will expose to other processes # starting a new operation. This will expose to other processes
# and clients that work is in progress. # and clients that work is in progress.
if node['target_power_state'] != target_state: node['target_power_state'] = target_state
node['target_power_state'] = target_state node['last_error'] = None
node['last_error'] = None driver_internal_info = node.driver_internal_info
driver_internal_info = node.driver_internal_info driver_internal_info['last_power_state_change'] = str(
driver_internal_info['last_power_state_change'] = str( timeutils.utcnow().isoformat())
timeutils.utcnow().isoformat()) node.driver_internal_info = driver_internal_info
node.driver_internal_info = driver_internal_info # NOTE(dtantsur): wipe token on shutting down, otherwise a reboot in
# NOTE(dtantsur): wipe token on shutting down, otherwise a reboot in # fast-track (or an accidentally booted agent) will cause subsequent
# fast-track (or an accidentally booted agent) will cause subsequent # actions to fail.
# actions to fail. if target_state in (states.POWER_OFF, states.SOFT_POWER_OFF,
if target_state in (states.POWER_OFF, states.SOFT_POWER_OFF, states.REBOOT, states.SOFT_REBOOT):
states.REBOOT, states.SOFT_REBOOT): wipe_internal_info_on_power_off(node)
wipe_internal_info_on_power_off(node) node.save()
node.save()
# take power action # take power action
try: try:
@ -455,6 +454,8 @@ def cleaning_error_handler(task, msg, tear_down_cleaning=True,
def wipe_internal_info_on_power_off(node): def wipe_internal_info_on_power_off(node):
"""Wipe information that should not survive reboot/power off.""" """Wipe information that should not survive reboot/power off."""
driver_internal_info = node.driver_internal_info driver_internal_info = node.driver_internal_info
# DHCP may result in a new IP next time.
driver_internal_info.pop('agent_url', None)
if not is_agent_token_pregenerated(node): if not is_agent_token_pregenerated(node):
# Wipe the token if it's not pre-generated, otherwise we'll refuse to # Wipe the token if it's not pre-generated, otherwise we'll refuse to
# generate it again for the newly booted agent. # generate it again for the newly booted agent.

1
ironic/tests/unit/conductor/test_utils.py
View File

@ -386,6 +386,7 @@ class NodePowerActionTestCase(db_base.DbTestCase):
self.assertEqual(states.POWER_OFF, node['power_state']) self.assertEqual(states.POWER_OFF, node['power_state'])
self.assertEqual(states.NOSTATE, node['target_power_state']) self.assertEqual(states.NOSTATE, node['target_power_state'])
self.assertIsNone(node['last_error']) self.assertIsNone(node['last_error'])
self.assertNotIn('agent_secret_token', node['driver_internal_info'])
@mock.patch.object(conductor_utils, 'LOG', autospec=True) @mock.patch.object(conductor_utils, 'LOG', autospec=True)
@mock.patch.object(fake.FakePower, 'set_power_state', autospec=True) @mock.patch.object(fake.FakePower, 'set_power_state', autospec=True)

5
releasenotes/notes/power-off-token-0403e8a054f31125.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- |
Fixes wiping the agent secret token on manual power off or reboot. Also
makes sure to remove the agent URL since it may potentially change.