mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-26 11:30:23 +00:00
Refine PXE/HTTP log
Add logs for ignored boot requests, suppress discovery warning for known uuids, and generally throttle logging these to once per mac address per minute.
This commit is contained in:
parent
6b28877828
commit
034eca3bb0
@ -1090,7 +1090,7 @@ def discover_node(cfg, handler, info, nodename, manual):
|
||||
del unknown_info[info['hwaddr']]
|
||||
info['discostatus'] = 'identified'
|
||||
dp = cfg.get_node_attributes(
|
||||
[nodename], ('discovery.policy',
|
||||
[nodename], ('discovery.policy', 'id.uuid',
|
||||
'pubkeys.tls_hardwaremanager'))
|
||||
policy = dp.get(nodename, {}).get('discovery.policy', {}).get(
|
||||
'value', None)
|
||||
@ -1163,10 +1163,19 @@ def discover_node(cfg, handler, info, nodename, manual):
|
||||
except KeyError:
|
||||
pass
|
||||
return True
|
||||
log.log({'info': 'Detected {0}, but discovery.policy is not set to a '
|
||||
'value allowing discovery (open or permissive)'.format(
|
||||
nodename)})
|
||||
info['discofailure'] = 'policy'
|
||||
if info['handler'] == pxeh:
|
||||
olduuid = dp.get(nodename, {}).get('discovery.policy', {}).get(
|
||||
'value', None)
|
||||
if olduuid.lower() != info['uuid']:
|
||||
log.log({'info': 'Detected {0}, but discovery.policy is not set to a '
|
||||
'value allowing discovery (open, permissive, or pxe)'.format(
|
||||
nodename)})
|
||||
info['discofailure'] = 'policy'
|
||||
else:
|
||||
log.log({'info': 'Detected {0}, but discovery.policy is not set to a '
|
||||
'value allowing discovery (open or permissive)'.format(
|
||||
nodename)})
|
||||
info['discofailure'] = 'policy'
|
||||
return False
|
||||
|
||||
|
||||
|
@ -34,6 +34,7 @@ import eventlet.green.socket as socket
|
||||
import eventlet.green.select as select
|
||||
import netifaces
|
||||
import struct
|
||||
import time
|
||||
import traceback
|
||||
|
||||
libc = ctypes.CDLL(ctypes.util.find_library('c'))
|
||||
@ -41,6 +42,8 @@ libc = ctypes.CDLL(ctypes.util.find_library('c'))
|
||||
iphdr = b'\x45\x00\x00\x00\x00\x00\x00\x00\x40\x11\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff'
|
||||
constiphdrsum = b'\x85\x11'
|
||||
udphdr = b'\x00\x43\x00\x44\x00\x00\x00\x00'
|
||||
ignoremacs = {}
|
||||
ignoredisco = {}
|
||||
|
||||
def _ipsum(data):
|
||||
currsum = 0
|
||||
@ -392,10 +395,9 @@ def snoop(handler, protocol=None):
|
||||
'architecture': disco['arch'],
|
||||
'netinfo': {'ifidx': idx, 'recvip': recv, 'txid': txid},
|
||||
'services': ('pxe-client',)}
|
||||
if disco['uuid']: #TODO(jjohnson2): need to explictly check for
|
||||
# discover, so that the parser can go ahead and
|
||||
# parse the options including uuid to enable
|
||||
# ACK
|
||||
if (disco['uuid']
|
||||
and time.time() > ignoredisco.get(netaddr, 0) + 60):
|
||||
ignoredisco[netaddr] = time.time()
|
||||
handler(info)
|
||||
consider_discover(info, rqinfo, net4, cfg, rqv)
|
||||
except Exception as e:
|
||||
@ -457,6 +459,11 @@ def check_reply(node, info, packet, sock, cfg, reqview):
|
||||
cfd = cfg.get_node_attributes(node, ('deployment.*'))
|
||||
profile = get_deployment_profile(node, cfg, cfd)
|
||||
if not profile:
|
||||
if time.time() > ignoremacs.get(info['hwaddr'], 0) + 90:
|
||||
ignoremacs[info['hwaddr']] = time.time()
|
||||
log.log({'info': 'Ignoring boot attempt by {0} no deployment profile specified (uuid {1}, hwaddr {2})'.format(
|
||||
node, info['uuid'], info['hwaddr']
|
||||
)})
|
||||
return
|
||||
myipn = info['netinfo']['recvip']
|
||||
myipn = socket.inet_aton(myipn)
|
||||
@ -638,6 +645,13 @@ def consider_discover(info, packet, sock, cfg, reqview):
|
||||
check_reply(uuidmap[info['uuid']], info, packet, sock, cfg, reqview)
|
||||
elif packet.get(53, None) == b'\x03':
|
||||
ack_request(packet, reqview, info)
|
||||
elif info.get('uuid', None) and info.get('hwaddr', None):
|
||||
if time.time() > ignoremacs.get(info['hwaddr'], 0) + 90:
|
||||
ignoremacs[info['hwaddr']] = time.time()
|
||||
log.log(
|
||||
{'info': 'No node matches boot attempt from uuid {0} or hardware address {1}'.format(
|
||||
info['uuid'], info['hwaddr']
|
||||
)})
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
Loading…
Reference in New Issue
Block a user