From 51d988af5408a5c0a63c1f0562d614e3112c1a79 Mon Sep 17 00:00:00 2001 From: Steve Baker Date: Thu, 17 Nov 2022 15:05:31 +1300 Subject: [PATCH] Support PXE network boot with grub It is now possible to do a PXE network boot with grub as an alternative to iPXE. Grub is loaded via the signed shim, so it may allow end-to-end automated deployments with secure-boot enabled. To use grub network boot, deploy bifrost with variable ``default_boot_interface`` set to ``pxe``. This feature is tested by job bifrost-integration-redfish-uefi-fedora-latest. test-bifrost.sh is also modified to only enable the hardware-type driver which matches driver used for test nodes. This allows a default interface to be set which is not supported by one of the enabled drivers (for example, ironic will exit because the ilo driver doesn't support the pxe boot interface) Change-Id: I8ac33d0aa0f71b092d2c0538ac3a73491ff44921 --- playbooks/ci/run.yaml | 1 + .../bifrost-ironic-install/templates/dnsmasq.conf.j2 | 11 +++++++---- .../notes/grub-network-boot-a27beef089e041ef.yaml | 10 ++++++++++ scripts/test-bifrost.sh | 12 +++++++++--- zuul.d/bifrost-jobs.yaml | 1 + 5 files changed, 28 insertions(+), 7 deletions(-) create mode 100644 releasenotes/notes/grub-network-boot-a27beef089e041ef.yaml diff --git a/playbooks/ci/run.yaml b/playbooks/ci/run.yaml index 4cbe08664..327e2c1fa 100644 --- a/playbooks/ci/run.yaml +++ b/playbooks/ci/run.yaml @@ -17,6 +17,7 @@ USE_DHCP: "{{ use_dhcp | default(false) | bool | lower }}" ZUUL_BRANCH: "{{ zuul.branch }}" BOOT_MODE: "{{ boot_mode | default('') }}" + ENABLE_GRUB_NETWORK_BOOT: "{{ enable_grub_network_boot | default(false) | bool | lower }}" TEST_VM_NODE_DRIVER: "{{ test_driver | default('ipmi') }}" NOAUTH_MODE: "{{ noauth_mode | default(false) | bool | lower }}" ENABLE_TLS: "{{ enable_tls | default(false) | bool | lower }}" diff --git a/playbooks/roles/bifrost-ironic-install/templates/dnsmasq.conf.j2 b/playbooks/roles/bifrost-ironic-install/templates/dnsmasq.conf.j2 index fe336cb99..0eb908525 100644 --- a/playbooks/roles/bifrost-ironic-install/templates/dnsmasq.conf.j2 +++ b/playbooks/roles/bifrost-ironic-install/templates/dnsmasq.conf.j2 @@ -88,6 +88,9 @@ dhcp-option=42,{{dnsmasq_ntp_servers}} {% endif %} dhcp-match=set:ipxe,175 # iPXE sends a 175 option. +dhcp-match=set:efi,option:client-arch,7 +dhcp-match=set:efi,option:client-arch,9 +dhcp-match=set:efi,option:client-arch,11 dhcp-optsdir={{ dnsmasq_dhcp_optsdir }} {% if dhcp_provider == 'none' %} @@ -97,10 +100,10 @@ dhcp-optsdir={{ dnsmasq_dhcp_optsdir }} dhcp-userclass=set:gpxe,"gPXE" dhcp-boot=tag:gpxe,/ipxe.pxe -{% if 'ipxe' in enabled_boot_interfaces.split(',') %} -dhcp-match=set:efi,option:client-arch,7 -dhcp-match=set:efi,option:client-arch,9 -dhcp-match=set:efi,option:client-arch,11 +{% if default_boot_interface is defined and default_boot_interface == 'pxe' %} +# Client is PXE booting over EFI, boot with the grub shim +dhcp-boot=tag:efi,/bootx64.efi +{% elif 'ipxe' in enabled_boot_interfaces.split(',') %} # Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader dhcp-boot=tag:efi,tag:!ipxe,/{{ ipxe_efi_binary }} {% endif %} diff --git a/releasenotes/notes/grub-network-boot-a27beef089e041ef.yaml b/releasenotes/notes/grub-network-boot-a27beef089e041ef.yaml new file mode 100644 index 000000000..69d88b1e7 --- /dev/null +++ b/releasenotes/notes/grub-network-boot-a27beef089e041ef.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + It is now possible to do a PXE network boot with grub as an alternative to + iPXE. Grub is loaded via the signed shim, so it may allow end-to-end + automated deployments with secure-boot enabled. + + To use grub network boot, deploy bifrost with variable + ``default_boot_interface`` set to ``pxe`` and use the ``pxe`` boot interface + when deploying nodes. \ No newline at end of file diff --git a/scripts/test-bifrost.sh b/scripts/test-bifrost.sh index cea320657..32e089104 100755 --- a/scripts/test-bifrost.sh +++ b/scripts/test-bifrost.sh @@ -12,6 +12,7 @@ ENABLE_KEYSTONE="${ENABLE_KEYSTONE:-false}" ZUUL_BRANCH=${ZUUL_BRANCH:-} CLI_TEST=${CLI_TEST:-false} BOOT_MODE=${BOOT_MODE:-} +ENABLE_GRUB_NETWORK_BOOT=${ENABLE_GRUB_NETWORK_BOOT:-false} ENABLE_TLS=${ENABLE_TLS:-false} ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} USE_VMEDIA=${USE_VMEDIA:-false} @@ -45,6 +46,7 @@ PROVISION_WAIT_TIMEOUT=${PROVISION_WAIT_TIMEOUT:-900} NOAUTH_MODE=${NOAUTH_MODE:-false} CLOUD_CONFIG="" WAIT_FOR_DEPLOY=true +TEST_VM_NODE_DRIVER=${TEST_VM_NODE_DRIVER:-} # Get OS information source /etc/os-release || source /usr/lib/os-release @@ -119,8 +121,13 @@ fi if [ ${USE_VMEDIA} = "true" ]; then TEST_VM_NODE_DRIVER=redfish CLOUD_CONFIG+=" -e default_boot_interface=redfish-virtual-media" - # The default won't work for other hardware types - CLOUD_CONFIG+=" -e enabled_hardware_types=redfish" +elif [ ${ENABLE_GRUB_NETWORK_BOOT} = "true" ]; then + CLOUD_CONFIG+=" -e default_boot_interface=pxe" +fi + +if [[ -n "$TEST_VM_NODE_DRIVER" ]]; then + VM_SETUP_EXTRA+=" --driver $TEST_VM_NODE_DRIVER" + CLOUD_CONFIG+=" -e enabled_hardware_types=$TEST_VM_NODE_DRIVER" fi on_exit() { @@ -150,7 +157,6 @@ done --memory ${VM_MEMORY_SIZE:-1024} \ --disk ${VM_DISK:-5} \ --inventory "${BAREMETAL_DATA_FILE}" \ - --driver ${TEST_VM_NODE_DRIVER:-ipmi} \ --extra-vars git_url_root="${WORKSPACE:-https://opendev.org}" \ ${VM_SETUP_EXTRA:-} \ ${BIFROST_CLI_EXTRA:-} diff --git a/zuul.d/bifrost-jobs.yaml b/zuul.d/bifrost-jobs.yaml index 619fc6f5c..e82ba72a8 100644 --- a/zuul.d/bifrost-jobs.yaml +++ b/zuul.d/bifrost-jobs.yaml @@ -175,6 +175,7 @@ name: bifrost-integration-redfish-uefi-fedora-latest parent: bifrost-integration-tinyipa-fedora-latest vars: + enable_grub_network_boot: true test_driver: redfish - job: