The ironic_inspector.firewall Module

ironic_inspector.firewall.clean_up()[source]

Clean up everything before exiting.

ironic_inspector.firewall.init()[source]

Initialize firewall management.

Must be called one on start-up.

ironic_inspector.firewall.update_filters(ironic=None)[source]

Update firewall filter rules for introspection.

Gives access to PXE boot port for any machine, except for those, whose MAC is registered in Ironic and is not on introspection right now.

This function is called from both introspection initialization code and from periodic task. This function is supposed to be resistant to unexpected iptables state.

init() function must be called once before any call to this function. This function is using eventlet semaphore to serialize access from different green threads.

Does nothing, if firewall management is disabled in configuration.

Parameters:ironic – Ironic client instance, optional.