diff options
| author | Dmitry Tantsur <dtantsur@protonmail.com> | 2022-07-14 17:33:55 +0200 |
|---|---|---|
| committer | Dmitry Tantsur <dtantsur@protonmail.com> | 2022-08-02 12:47:31 +0200 |
| commit | f0a1778766d2fbd13dfa7dcf4521004deddcab55 (patch) | |
| tree | 0b44e395d9b7c930c7610d702c4738d03d233283 /devstack/lib/ironic | |
| parent | 41484988efaa99122bb92b2314f781a53bba6984 (diff) | |
| download | ironic-f0a1778766d2fbd13dfa7dcf4521004deddcab55.tar.gz | |
Finally remove support for netboot and the boot_option capability
Instance network boot (not to be confused with ramdisk, iSCSI or
anaconda deploy methods) is insecure, underused and difficult to
maintain. This change removes a lot of related code from Ironic.
The so called "netboot fallback" is still supported for legacy boot when
boot device management is not available or is unreliable.
Change-Id: Ia8510e4acac6dec0a1e4f5cb0e07008548a00c52
Diffstat (limited to 'devstack/lib/ironic')
| -rw-r--r-- | devstack/lib/ironic | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/devstack/lib/ironic b/devstack/lib/ironic index 90842cfaf..ab96638c0 100644 --- a/devstack/lib/ironic +++ b/devstack/lib/ironic @@ -681,12 +681,6 @@ if [[ "$IRONIC_BOOT_MODE" == "uefi" ]]; then fi fi -# TODO(dtantsur): change this when we change the default value. -IRONIC_DEFAULT_BOOT_OPTION=${IRONIC_DEFAULT_BOOT_OPTION:-local} -if [ $IRONIC_DEFAULT_BOOT_OPTION != "netboot" ] && [ $IRONIC_DEFAULT_BOOT_OPTION != "local" ]; then - die $LINENO "Supported values for IRONIC_DEFAULT_BOOT_OPTION are 'netboot' and 'local' only." -fi - # TODO(pas-ha) find a way to (cross-)sign the custom CA bundle used by tls-proxy # with default iPXE cert - for reference see http://ipxe.org/crypto if is_service_enabled tls-proxy && [[ "$IRONIC_IPXE_USE_SWIFT" == "True" ]]; then @@ -1855,8 +1849,6 @@ function configure_ironic_conductor { iniset $IRONIC_CONF_FILE dhcp dhcp_provider $IRONIC_DHCP_PROVIDER - iniset $IRONIC_CONF_FILE deploy default_boot_option $IRONIC_DEFAULT_BOOT_OPTION - isolinux=$(find -L /usr -type f -name "isolinux.bin" | head -1) if [[ -n "$isolinux" ]]; then iniset $IRONIC_CONF_FILE DEFAULT isolinux_bin "$isolinux" @@ -2903,8 +2895,7 @@ function upload_image_if_needed { # Change the default image only if the provided settings prevent the # default cirros image from working. - if [[ "$IRONIC_TEMPEST_WHOLE_DISK_IMAGE" != True \ - && "$IRONIC_DEFAULT_BOOT_OPTION" == local ]]; then + if [[ "$IRONIC_TEMPEST_WHOLE_DISK_IMAGE" != True ]]; then IRONIC_IMAGE_NAME=$IRONIC_PARTITIONED_IMAGE_NAME DEFAULT_IMAGE_NAME=$IRONIC_IMAGE_NAME fi @@ -3242,7 +3233,9 @@ function ironic_configure_tempest { # Driver for API tests iniset $TEMPEST_CONFIG baremetal driver fake-hardware - iniset $TEMPEST_CONFIG baremetal default_boot_option $IRONIC_DEFAULT_BOOT_OPTION + # NOTE(dtantsur): remove this when the tempest plugin no longer supports + # netboot (i.e. when Zed is the oldest supported branch). + iniset $TEMPEST_CONFIG baremetal default_boot_option local local adjusted_root_disk_size_gb if [[ "$IRONIC_IS_HARDWARE" == "False" ]]; then |