def test_update_filters_args_node_not_found_hook(self, mock_call, mock_get_client, mock_iptables): # DHCP should be always opened if node_not_found hook is set CONF.set_override('node_not_found_hook', 'enroll', 'processing') firewall.init() update_filters_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-F', firewall.NEW_CHAIN), ('-X', firewall.NEW_CHAIN), ('-N', firewall.NEW_CHAIN), ('-A', firewall.NEW_CHAIN, '-j', 'ACCEPT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-E', firewall.NEW_CHAIN, CONF.firewall.firewall_chain) ] firewall.update_filters() call_args_list = mock_iptables.call_args_list for (args, call) in zip(update_filters_expected_args, call_args_list): self.assertEqual(args, call[0])
def test_init_args_old_iptables(self, mock_call, mock_get_client, mock_iptables): rootwrap_path = '/some/fake/path' CONF.set_override('rootwrap_config', rootwrap_path) mock_call.side_effect = firewall.subprocess.CalledProcessError(2, '') firewall.init() init_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain) ] call_args_list = mock_iptables.call_args_list for (args, call) in zip(init_expected_args, call_args_list): self.assertEqual(args, call[0]) expected = ( 'sudo', 'ironic-inspector-rootwrap', rootwrap_path, 'iptables', ) self.assertEqual(expected, firewall.BASE_COMMAND)
def test_update_filters_args(self, mock_call, mock_get_client, mock_iptables): firewall.init() update_filters_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-F', firewall.NEW_CHAIN), ('-X', firewall.NEW_CHAIN), ('-N', firewall.NEW_CHAIN), ('-A', firewall.NEW_CHAIN, '-j', 'ACCEPT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-E', firewall.NEW_CHAIN, CONF.firewall.firewall_chain) ] firewall.update_filters() call_args_list = mock_iptables.call_args_list for (args, call) in zip(update_filters_expected_args, call_args_list): self.assertEqual(args, call[0])
def test_update_filters_args(self, mock_call, mock_get_client, mock_iptables): # Pretend that we have nodes on introspection node_cache.add_node(self.node.uuid, state=istate.States.waiting, bmc_address='1.2.3.4') firewall.init() update_filters_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-F', firewall.NEW_CHAIN), ('-X', firewall.NEW_CHAIN), ('-N', firewall.NEW_CHAIN), ('-A', firewall.NEW_CHAIN, '-j', 'ACCEPT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-E', firewall.NEW_CHAIN, CONF.firewall.firewall_chain) ] firewall.update_filters() call_args_list = mock_iptables.call_args_list for (args, call) in zip(update_filters_expected_args, call_args_list): self.assertEqual(args, call[0])
def test_update_filters_kwargs(self, mock_call, mock_get_client, mock_iptables): firewall.init() update_filters_expected_kwargs = [ {'ignore': True}, {'ignore': True}, {'ignore': True}, {}, {'ignore': True}, {'ignore': True}, {'ignore': True}, {}, {}, {}, {'ignore': True}, {'ignore': True}, {'ignore': True} ] firewall.update_filters() call_args_list = mock_iptables.call_args_list for (kwargs, call) in zip(update_filters_expected_kwargs, call_args_list): self.assertEqual(kwargs, call[1])
def _init_host(self): """Initialize Worker host Init db connection, load and validate processing hooks, runs periodic tasks. :returns None """ db.init() try: hooks = plugins_base.validate_processing_hooks() except Exception as exc: LOG.critical(str(exc)) sys.exit(1) LOG.info('Enabled processing hooks: %s', [h.name for h in hooks]) if CONF.firewall.manage_firewall: firewall.init() periodic_update_ = periodics.periodic( spacing=CONF.firewall.firewall_update_period, enabled=CONF.firewall.manage_firewall)(periodic_update) periodic_clean_up_ = periodics.periodic( spacing=CONF.clean_up_period)(periodic_clean_up) self._periodics_worker = periodics.PeriodicWorker( callables=[(periodic_update_, None, None), (periodic_clean_up_, None, None)], executor_factory=periodics.ExistingExecutor(utils.executor())) utils.executor().submit(self._periodics_worker.start)
def test_update_filters_kwargs(self, mock_call, mock_get_client, mock_iptables): firewall.init() update_filters_expected_kwargs = [{ 'ignore': True }, { 'ignore': True }, { 'ignore': True }, {}, { 'ignore': True }, { 'ignore': True }, { 'ignore': True }, {}, {}, {}, { 'ignore': True }, { 'ignore': True }, { 'ignore': True }] firewall.update_filters() call_args_list = mock_iptables.call_args_list for (kwargs, call) in zip(update_filters_expected_kwargs, call_args_list): self.assertEqual(kwargs, call[1])
def test_init_kwargs(self, mock_call, mock_get_client, mock_iptables): firewall.init() init_expected_kwargs = [ {'ignore': True}, {'ignore': True}, {'ignore': True}] call_args_list = mock_iptables.call_args_list for (kwargs, call) in zip(init_expected_kwargs, call_args_list): self.assertEqual(kwargs, call[1])
def test_update_filters_args_no_introspection(self, mock_call, mock_get_client, mock_iptables): firewall.init() firewall.BLACKLIST_CACHE = ['foo'] mock_get_client.return_value.port.list.return_value = [ mock.Mock(address='foobar')] update_filters_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-F', firewall.NEW_CHAIN), ('-X', firewall.NEW_CHAIN), ('-N', firewall.NEW_CHAIN), ('-A', firewall.NEW_CHAIN, '-j', 'REJECT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-E', firewall.NEW_CHAIN, CONF.firewall.firewall_chain) ] firewall.update_filters() call_args_list = mock_iptables.call_args_list for (args, call) in zip(update_filters_expected_args, call_args_list): self.assertEqual(args, call[0]) self.assertIsNone(firewall.BLACKLIST_CACHE) # Check caching enabled flag mock_iptables.reset_mock() firewall.update_filters() self.assertFalse(mock_iptables.called) # Adding a node changes it back node_cache.add_node(self.node.uuid, state=istate.States.starting, bmc_address='1.2.3.4') mock_iptables.reset_mock() firewall.update_filters() mock_iptables.assert_any_call('-A', firewall.NEW_CHAIN, '-j', 'ACCEPT') self.assertEqual({'foobar'}, firewall.BLACKLIST_CACHE)
def test_update_filters_args_no_introspection(self, mock_call, mock_get_client, mock_iptables): firewall.init() firewall.BLACKLIST_CACHE = ['foo'] mock_get_client.return_value.port.list.return_value = [ mock.Mock(address='foobar') ] update_filters_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-F', firewall.NEW_CHAIN), ('-X', firewall.NEW_CHAIN), ('-N', firewall.NEW_CHAIN), ('-A', firewall.NEW_CHAIN, '-j', 'REJECT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-E', firewall.NEW_CHAIN, CONF.firewall.firewall_chain) ] firewall.update_filters() call_args_list = mock_iptables.call_args_list for (args, call) in zip(update_filters_expected_args, call_args_list): self.assertEqual(args, call[0]) self.assertIsNone(firewall.BLACKLIST_CACHE) # Check caching enabled flag mock_iptables.reset_mock() firewall.update_filters() self.assertFalse(mock_iptables.called) # Adding a node changes it back node_cache.add_node(self.node.uuid, state=istate.States.starting, bmc_address='1.2.3.4') mock_iptables.reset_mock() firewall.update_filters() mock_iptables.assert_any_call('-A', firewall.NEW_CHAIN, '-j', 'ACCEPT') self.assertEqual({'foobar'}, firewall.BLACKLIST_CACHE)
def test_init_kwargs(self, mock_call, mock_get_client, mock_iptables): firewall.init() init_expected_kwargs = [{ 'ignore': True }, { 'ignore': True }, { 'ignore': True }] call_args_list = mock_iptables.call_args_list for (kwargs, call) in zip(init_expected_kwargs, call_args_list): self.assertEqual(kwargs, call[1])
def test_update_filters_infiniband(self, mock_call, mock_get_client, mock_iptables): CONF.set_override('ethoib_interfaces', ['eth0'], 'firewall') active_macs = ['11:22:33:44:55:66', '66:55:44:33:22:11'] expected_rmac = '02:00:00:61:00:02' ports = [mock.Mock(address=m) for m in active_macs] ports.append( mock.Mock(address='7c:fe:90:29:24:4f', extra={'client-id': self.CLIENT_ID}, spec=['address', 'extra'])) mock_get_client.port.list.return_value = ports node_cache.add_node(self.node.uuid, mac=active_macs, state=istate.States.finished, bmc_address='1.2.3.4', foo=None) firewall.init() update_filters_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-F', firewall.NEW_CHAIN), ('-X', firewall.NEW_CHAIN), ('-N', firewall.NEW_CHAIN), # Blacklist ('-A', firewall.NEW_CHAIN, '-m', 'mac', '--mac-source', expected_rmac, '-j', 'DROP'), ('-A', firewall.NEW_CHAIN, '-j', 'ACCEPT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-E', firewall.NEW_CHAIN, CONF.firewall.firewall_chain) ] fileobj = mock.mock_open(read_data=IB_DATA) with mock.patch('six.moves.builtins.open', fileobj, create=True): firewall.update_filters(mock_get_client) call_args_list = mock_iptables.call_args_list for (args, call) in zip(update_filters_expected_args, call_args_list): self.assertEqual(args, call[0])
def test_update_filters_with_blacklist(self, mock_call, mock_get_client, mock_iptables): active_macs = ['11:22:33:44:55:66', '66:55:44:33:22:11'] inactive_mac = ['AA:BB:CC:DD:EE:FF'] self.macs = active_macs + inactive_mac self.ports = [mock.Mock(address=m) for m in self.macs] mock_get_client.port.list.return_value = self.ports node_cache.add_node(self.node.uuid, mac=active_macs, state=istate.States.finished, bmc_address='1.2.3.4', foo=None) firewall.init() update_filters_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-F', firewall.NEW_CHAIN), ('-X', firewall.NEW_CHAIN), ('-N', firewall.NEW_CHAIN), # Blacklist ('-A', firewall.NEW_CHAIN, '-m', 'mac', '--mac-source', inactive_mac[0], '-j', 'DROP'), ('-A', firewall.NEW_CHAIN, '-j', 'ACCEPT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-E', firewall.NEW_CHAIN, CONF.firewall.firewall_chain) ] firewall.update_filters(mock_get_client) call_args_list = mock_iptables.call_args_list for (args, call) in zip(update_filters_expected_args, call_args_list): self.assertEqual(args, call[0]) # check caching mock_iptables.reset_mock() firewall.update_filters(mock_get_client) self.assertFalse(mock_iptables.called)
def init(self): if utils.get_auth_strategy() != 'noauth': utils.add_auth_middleware(app) else: LOG.warning(_LW('Starting unauthenticated, please check' ' configuration')) if CONF.processing.store_data == 'none': LOG.warning(_LW('Introspection data will not be stored. Change ' '"[processing] store_data" option if this is not ' 'the desired behavior')) elif CONF.processing.store_data == 'swift': LOG.info(_LI('Introspection data will be stored in Swift in the ' 'container %s'), CONF.swift.container) utils.add_cors_middleware(app) db.init() try: hooks = [ext.name for ext in plugins_base.processing_hooks_manager()] except KeyError as exc: # callback function raises MissingHookError derived from KeyError # on missing hook LOG.critical(_LC('Hook(s) %s failed to load or was not found'), str(exc)) sys.exit(1) LOG.info(_LI('Enabled processing hooks: %s'), hooks) if CONF.firewall.manage_firewall: firewall.init() periodic_update_ = periodics.periodic( spacing=CONF.firewall.firewall_update_period, enabled=CONF.firewall.manage_firewall )(periodic_update) periodic_clean_up_ = periodics.periodic( spacing=CONF.clean_up_period )(periodic_clean_up) self._periodics_worker = periodics.PeriodicWorker( callables=[(periodic_update_, None, None), (periodic_clean_up_, None, None)], executor_factory=periodics.ExistingExecutor(utils.executor())) utils.executor().submit(self._periodics_worker.start)
def init(self): if CONF.auth_strategy != 'noauth': utils.add_auth_middleware(app) else: LOG.warning('Starting unauthenticated, please check' ' configuration') if CONF.processing.store_data == 'none': LOG.warning('Introspection data will not be stored. Change ' '"[processing] store_data" option if this is not ' 'the desired behavior') elif CONF.processing.store_data == 'swift': LOG.info( 'Introspection data will be stored in Swift in the ' 'container %s', CONF.swift.container) utils.add_cors_middleware(app) db.init() try: hooks = [ ext.name for ext in plugins_base.processing_hooks_manager() ] except KeyError as exc: # callback function raises MissingHookError derived from KeyError # on missing hook LOG.critical('Hook(s) %s failed to load or was not found', str(exc)) sys.exit(1) LOG.info('Enabled processing hooks: %s', hooks) if CONF.firewall.manage_firewall: firewall.init() periodic_update_ = periodics.periodic( spacing=CONF.firewall.firewall_update_period, enabled=CONF.firewall.manage_firewall)(periodic_update) periodic_clean_up_ = periodics.periodic( spacing=CONF.clean_up_period)(periodic_clean_up) self._periodics_worker = periodics.PeriodicWorker( callables=[(periodic_update_, None, None), (periodic_clean_up_, None, None)], executor_factory=periodics.ExistingExecutor(utils.executor())) utils.executor().submit(self._periodics_worker.start)
def test_init_args(self, mock_call, mock_get_client, mock_iptables): rootwrap_path = '/some/fake/path' CONF.set_override('rootwrap_config', rootwrap_path) firewall.init() init_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain)] call_args_list = mock_iptables.call_args_list for (args, call) in zip(init_expected_args, call_args_list): self.assertEqual(args, call[0]) expected = ('sudo', 'ironic-inspector-rootwrap', rootwrap_path, 'iptables', '-w') self.assertEqual(expected, firewall.BASE_COMMAND)
def test_update_filters_args_no_introspection(self, mock_call, mock_get_client, mock_iptables): firewall.init() update_filters_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-N', CONF.firewall.firewall_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-F', firewall.NEW_CHAIN), ('-X', firewall.NEW_CHAIN), ('-N', firewall.NEW_CHAIN), ('-A', firewall.NEW_CHAIN, '-j', 'REJECT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', firewall.NEW_CHAIN), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', '67', '-j', CONF.firewall.firewall_chain), ('-F', CONF.firewall.firewall_chain), ('-X', CONF.firewall.firewall_chain), ('-E', firewall.NEW_CHAIN, CONF.firewall.firewall_chain) ] firewall.update_filters() call_args_list = mock_iptables.call_args_list for (args, call) in zip(update_filters_expected_args, call_args_list): self.assertEqual(args, call[0]) # Check caching enabled flag mock_iptables.reset_mock() firewall.update_filters() self.assertFalse(mock_iptables.called) # Adding a node changes it back node_cache.add_node(self.node.uuid, bmc_address='1.2.3.4') mock_iptables.reset_mock() firewall.update_filters() mock_iptables.assert_any_call('-A', firewall.NEW_CHAIN, '-j', 'ACCEPT')
def init(self): if utils.get_auth_strategy() != 'noauth': utils.add_auth_middleware(app) else: LOG.warning( _LW('Starting unauthenticated, please check' ' configuration')) if CONF.processing.store_data == 'none': LOG.warning( _LW('Introspection data will not be stored. Change ' '"[processing] store_data" option if this is not ' 'the desired behavior')) elif CONF.processing.store_data == 'swift': LOG.info( _LI('Introspection data will be stored in Swift in the ' 'container %s'), CONF.swift.container) utils.add_cors_middleware(app) db.init() try: hooks = [ ext.name for ext in plugins_base.processing_hooks_manager() ] except KeyError as exc: # stevedore raises KeyError on missing hook LOG.critical(_LC('Hook %s failed to load or was not found'), str(exc)) sys.exit(1) LOG.info(_LI('Enabled processing hooks: %s'), hooks) if CONF.firewall.manage_firewall: firewall.init() self._periodics_worker = periodics.PeriodicWorker( callables=[(periodic_update, None, None), (periodic_clean_up, None, None)], executor_factory=periodics.ExistingExecutor(utils.executor())) utils.executor().submit(self._periodics_worker.start)
def init(): if utils.get_auth_strategy() != 'noauth': utils.add_auth_middleware(app) else: LOG.warning( _LW('Starting unauthenticated, please check' ' configuration')) if CONF.processing.store_data == 'none': LOG.warning( _LW('Introspection data will not be stored. Change ' '"[processing] store_data" option if this is not the ' 'desired behavior')) elif CONF.processing.store_data == 'swift': LOG.info( _LI('Introspection data will be stored in Swift in the ' 'container %s'), CONF.swift.container) db.init() try: hooks = [ext.name for ext in plugins_base.processing_hooks_manager()] except KeyError as exc: # stevedore raises KeyError on missing hook LOG.critical(_LC('Hook %s failed to load or was not found'), str(exc)) sys.exit(1) LOG.info(_LI('Enabled processing hooks: %s'), hooks) if CONF.firewall.manage_firewall: firewall.init() period = CONF.firewall.firewall_update_period utils.spawn_n(periodic_update, period) if CONF.timeout > 0: period = CONF.clean_up_period utils.spawn_n(periodic_clean_up, period) else: LOG.warning(_LW('Timeout is disabled in configuration'))
def init(): if utils.get_auth_strategy() != 'noauth': utils.add_auth_middleware(app) else: LOG.warning(_LW('Starting unauthenticated, please check' ' configuration')) if CONF.processing.store_data == 'none': LOG.warning(_LW('Introspection data will not be stored. Change ' '"[processing] store_data" option if this is not the ' 'desired behavior')) elif CONF.processing.store_data == 'swift': LOG.info(_LI('Introspection data will be stored in Swift in the ' 'container %s'), CONF.swift.container) db.init() try: hooks = [ext.name for ext in plugins_base.processing_hooks_manager()] except KeyError as exc: # stevedore raises KeyError on missing hook LOG.critical(_LC('Hook %s failed to load or was not found'), str(exc)) sys.exit(1) LOG.info(_LI('Enabled processing hooks: %s'), hooks) if CONF.firewall.manage_firewall: firewall.init() period = CONF.firewall.firewall_update_period utils.spawn_n(periodic_update, period) if CONF.timeout > 0: period = CONF.clean_up_period utils.spawn_n(periodic_clean_up, period) else: LOG.warning(_LW('Timeout is disabled in configuration'))