From c5e004a73eb96820a0c46402e9474d211d6f09ca Mon Sep 17 00:00:00 2001 From: Nisha Agarwal Date: Mon, 10 Oct 2022 12:38:49 +0000 Subject: [PATCH] Fixes Secureboot with Anaconda deploy Fixes Secureboot with Anaconda deploy with PXE and iPXE Story:2010356 Task: 46529 Change-Id: Id6262654bb5e41e02c7d90b9a9aaf395e7b6a088 --- ironic/drivers/modules/pxe.py | 15 +++------------ ironic/drivers/modules/pxe_base.py | 7 ++++--- ironic/tests/unit/drivers/modules/test_pxe.py | 10 ++++++++-- ...oot_with_anaconda_deploy-84d7c1e3bbfa40f2.yaml | 4 ++++ 4 files changed, 19 insertions(+), 17 deletions(-) create mode 100644 releasenotes/notes/fix_secure_boot_with_anaconda_deploy-84d7c1e3bbfa40f2.yaml diff --git a/ironic/drivers/modules/pxe.py b/ironic/drivers/modules/pxe.py index fe93acefde..a55f5b9fd7 100644 --- a/ironic/drivers/modules/pxe.py +++ b/ironic/drivers/modules/pxe.py @@ -27,6 +27,7 @@ from ironic.conductor import utils as manager_utils from ironic.conf import CONF from ironic.drivers import base from ironic.drivers.modules import agent_base +from ironic.drivers.modules import boot_mode_utils from ironic.drivers.modules import deploy_utils from ironic.drivers.modules import pxe_base LOG = logging.getLogger(__name__) @@ -113,22 +114,12 @@ class PXEAnacondaDeploy(agent_base.AgentBaseMixin, agent_base.HeartbeatMixin, def reboot_to_instance(self, task): node = task.node - try: - # anaconda deploy will install the bootloader and the node is ready - # to boot from disk. - - deploy_utils.try_set_boot_device(task, boot_devices.DISK) - except Exception as e: - msg = (_("Failed to change the boot device to %(boot_dev)s " - "when deploying node %(node)s. Error: %(error)s") % - {'boot_dev': boot_devices.DISK, 'node': node.uuid, - 'error': e}) - agent_base.log_and_raise_deployment_error(task, msg) - try: task.process_event('resume') self.clean_up(task) manager_utils.node_power_action(task, states.POWER_OFF) + deploy_utils.try_set_boot_device(task, boot_devices.DISK) + boot_mode_utils.configure_secure_boot_if_needed(task) task.driver.network.remove_provisioning_network(task) task.driver.network.configure_tenant_networks(task) manager_utils.node_power_action(task, states.POWER_ON) diff --git a/ironic/drivers/modules/pxe_base.py b/ironic/drivers/modules/pxe_base.py index daa90ba8d5..f3ac498902 100644 --- a/ironic/drivers/modules/pxe_base.py +++ b/ironic/drivers/modules/pxe_base.py @@ -231,11 +231,12 @@ class PXEBaseMixin(object): :returns: None """ boot_mode_utils.sync_boot_mode(task) - boot_mode_utils.configure_secure_boot_if_needed(task) - node = task.node - boot_option = deploy_utils.get_boot_option(node) boot_device = None + boot_option = deploy_utils.get_boot_option(node) + if boot_option != "kickstart": + boot_mode_utils.configure_secure_boot_if_needed(task) + instance_image_info = {} if boot_option == "ramdisk" or boot_option == "kickstart": instance_image_info = pxe_utils.get_instance_image_info( diff --git a/ironic/tests/unit/drivers/modules/test_pxe.py b/ironic/tests/unit/drivers/modules/test_pxe.py index e7d4441048..f163664707 100644 --- a/ironic/tests/unit/drivers/modules/test_pxe.py +++ b/ironic/tests/unit/drivers/modules/test_pxe.py @@ -550,6 +550,8 @@ class PXEBootTestCase(db_base.DbTestCase): def test_prepare_instance_ramdisk_pxe_conf_exists(self): self._test_prepare_instance_ramdisk(config_file_exits=False) + @mock.patch.object(boot_mode_utils, 'configure_secure_boot_if_needed', + autospec=True) @mock.patch.object(manager_utils, 'node_set_boot_device', autospec=True) @mock.patch.object(deploy_utils, 'switch_pxe_config', autospec=True) @mock.patch.object(pxe_utils, 'create_pxe_config', autospec=True) @@ -567,7 +569,7 @@ class PXEBootTestCase(db_base.DbTestCase): self, exec_mock, write_file_mock, render_mock, api_url_mock, boot_opt_mock, get_image_info_mock, cache_mock, dhcp_factory_mock, create_pxe_config_mock, switch_pxe_config_mock, - set_boot_device_mock): + set_boot_device_mock, mock_conf_sec_boot): image_info = {'kernel': ['ins_kernel_id', '/path/to/kernel'], 'ramdisk': ['ins_ramdisk_id', '/path/to/ramdisk'], 'stage2': ['ins_stage2_id', '/path/to/stage2'], @@ -611,6 +613,7 @@ class PXEBootTestCase(db_base.DbTestCase): set_boot_device_mock.assert_called_once_with(task, boot_devices.PXE, persistent=True) + self.assertFalse(mock_conf_sec_boot.called) @mock.patch.object(manager_utils, 'node_set_boot_device', autospec=True) @mock.patch.object(deploy_utils, 'switch_pxe_config', autospec=True) @@ -786,11 +789,13 @@ class PXEAnacondaDeployTestCase(db_base.DbTestCase): task.driver.deploy.prepare(task) mock_prepare_instance.assert_called_once_with(mock.ANY, task) + @mock.patch.object(boot_mode_utils, 'configure_secure_boot_if_needed', + autospec=True) @mock.patch.object(pxe_utils, 'clean_up_pxe_env', autospec=True) @mock.patch.object(pxe_utils, 'get_instance_image_info', autospec=True) @mock.patch.object(deploy_utils, 'try_set_boot_device', autospec=True) def test_reboot_to_instance(self, mock_set_boot_dev, mock_image_info, - mock_cleanup_pxe_env): + mock_cleanup_pxe_env, mock_conf_sec_boot): image_info = {'kernel': ('', '/path/to/kernel'), 'ramdisk': ('', '/path/to/ramdisk'), 'stage2': ('', '/path/to/stage2'), @@ -802,6 +807,7 @@ class PXEAnacondaDeployTestCase(db_base.DbTestCase): with task_manager.acquire(self.context, self.node.uuid) as task: task.driver.deploy.reboot_to_instance(task) mock_set_boot_dev.assert_called_once_with(task, boot_devices.DISK) + mock_conf_sec_boot.assert_called_once_with(task) mock_cleanup_pxe_env.assert_called_once_with(task, image_info, ipxe_enabled=False) diff --git a/releasenotes/notes/fix_secure_boot_with_anaconda_deploy-84d7c1e3bbfa40f2.yaml b/releasenotes/notes/fix_secure_boot_with_anaconda_deploy-84d7c1e3bbfa40f2.yaml new file mode 100644 index 0000000000..a03289c42f --- /dev/null +++ b/releasenotes/notes/fix_secure_boot_with_anaconda_deploy-84d7c1e3bbfa40f2.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixes secure boot with anaconda deploy.