Link MACs with PXE config to pxe_enabled ports

Currently, Ironic creates a pxe link file for every port,
even when a port's pxe_enabled property is set to false,
which means it can still boot from this port when it shouldn't.

With this commit, unless explicitly configured otherwise, only
pxe_enabled ports (pxe_enabled=True) will have the pxe link file.

Closes-Bug: #1741422
Change-Id: I013861dd5b9a7525058606f8dc8b05502a28af1e
This commit is contained in:
cid 2024-06-07 15:19:38 +01:00
parent 8086167054
commit e958b379c1
3 changed files with 55 additions and 0 deletions

View File

@ -115,6 +115,8 @@ def _link_mac_pxe_configs(task, ipxe_enabled=False):
pxe_config_file_path = get_pxe_config_file_path(
task.node.uuid, ipxe_enabled=ipxe_enabled)
for port in task.ports:
if not CONF.neutron.add_all_ports and not port.pxe_enabled:
continue
client_id = port.extra.get('client-id')
# Syslinux, ipxe, depending on settings.
create_link(_get_pxe_mac_path(port.address, client_id=client_id,

View File

@ -517,6 +517,53 @@ class TestPXEUtils(db_base.DbTestCase):
unlink_mock.assert_has_calls(unlink_calls)
create_link_mock.assert_has_calls(create_link_calls)
@mock.patch('ironic.common.utils.create_link_without_raise', autospec=True)
def test_link_mac_pxe_configs_with_pxe_disabled(self, create_link_mock):
port_1 = object_utils.create_test_port(
self.context, node_id=self.node.id, pxe_enabled=True,
address='11:22:33:44:55:66', uuid=uuidutils.generate_uuid())
port_2 = object_utils.create_test_port(
self.context, node_id=self.node.id, pxe_enabled=False,
address='11:22:33:44:55:67', uuid=uuidutils.generate_uuid())
with task_manager.acquire(self.context, self.node.uuid) as task:
task.ports = [port_1, port_2]
# Test with add_all_ports set to False (default)
pxe_utils._link_mac_pxe_configs(task)
# Verify that no links were created for pxe disabled ports
self.assertNotIn(mock.call(
u'../%s/config' % self.node.uuid,
'/tftpboot/pxelinux.cfg/01-11-22-33-44-55-67'),
create_link_mock.mock_calls)
self.assertNotIn(mock.call(
u'%s/config' % self.node.uuid,
'/tftpboot/grub.cfg-01-11-22-33-44-55-67'),
create_link_mock.mock_calls)
self.assertNotIn(mock.call(
u'%s/config' % self.node.uuid,
'/tftpboot/11:22:33:44:55:67.conf'),
create_link_mock.mock_calls)
# Test with add_all_ports set to True
self.config(add_all_ports=True, group='neutron')
pxe_utils._link_mac_pxe_configs(task)
# Verify that links were created for all ports
self.assertIn(mock.call(
u'../%s/config' % self.node.uuid,
'/tftpboot/pxelinux.cfg/01-11-22-33-44-55-67'),
create_link_mock.mock_calls)
self.assertIn(mock.call(
u'%s/config' % self.node.uuid,
'/tftpboot/grub.cfg-01-11-22-33-44-55-67'),
create_link_mock.mock_calls)
self.assertIn(mock.call(
u'%s/config' % self.node.uuid,
'/tftpboot/11:22:33:44:55:67.conf'),
create_link_mock.mock_calls)
@mock.patch('ironic.common.utils.create_link_without_raise', autospec=True)
@mock.patch('ironic_lib.utils.unlink_without_raise', autospec=True)
@mock.patch('ironic.common.dhcp_factory.DHCPFactory.provider',

View File

@ -0,0 +1,6 @@
---
fixes:
- |
During node deployment, unless explicitly configured otherwise,
Ironic now only creates PXE link files for ports with pxe_enabled=True,
preventing unintended booting from disabled ports.