diff options
| author | ankit <ankit.dhn31@gmail.com> | 2017-04-06 07:51:33 +0000 |
|---|---|---|
| committer | ankit <ankit.dhn31@gmail.com> | 2018-04-03 11:40:05 +0000 |
| commit | 0f441ab5ba8e995888ea73c53e02f1a437cd0a12 (patch) | |
| tree | 1ce161095fb4f5275bfa3253dce9e891e1006c17 /devstack | |
| parent | 5816e50766e3ed9e08ff7fd7176a85b2ab835659 (diff) | |
| download | ironic-0f441ab5ba8e995888ea73c53e02f1a437cd0a12.tar.gz | |
Adding grub2 bootloader support to devstack plugin
This commit enables support for grub2 bootloader for UEFI.
It also enables UEFI Secure Boot based provisioning in devstack plugin.
Change-Id: I36a50656a52870121eda099f396523c46b7cb1aa
Diffstat (limited to 'devstack')
| -rw-r--r-- | devstack/lib/ironic | 64 |
1 files changed, 59 insertions, 5 deletions
diff --git a/devstack/lib/ironic b/devstack/lib/ironic index 75afd3bd6..a968a5d81 100644 --- a/devstack/lib/ironic +++ b/devstack/lib/ironic @@ -470,19 +470,29 @@ IRONIC_PXE_BOOT_IMAGE=${IRONIC_PXE_BOOT_IMAGE:-$(get_pxe_boot_file)} IRONIC_AUTOMATED_CLEAN_ENABLED=$(trueorfalse True IRONIC_AUTOMATED_CLEAN_ENABLED) +IRONIC_SECURE_BOOT=${IRONIC_SECURE_BOOT:-False} +IRONIC_UEFI_BOOT_LOADER=${IRONIC_UEFI_BOOT_LOADER:-grub2} +IRONIC_GRUB2_SHIM_FILE=${IRONIC_GRUB2_SHIM_FILE:-} +IRONIC_GRUB2_FILE=${IRONIC_GRUB2_FILE:-} IRONIC_UEFI_FILES_DIR=${IRONIC_UEFI_FILES_DIR:-/var/lib/libvirt/images} UEFI_LOADER_PATH=$IRONIC_UEFI_FILES_DIR/OVMF_CODE.fd UEFI_NVRAM_PATH=$IRONIC_UEFI_FILES_DIR/OVMF_VARS.fd # Sanity checks if [[ "$IRONIC_BOOT_MODE" == "uefi" ]]; then - if [[ "$IRONIC_IPXE_ENABLED" == "False" ]]; then - die $LINENO "Boot mode UEFI is only supported when used with iPXE for now." + if [[ "$IRONIC_IPXE_ENABLED" == "False" ]] && [[ "$IRONIC_UEFI_BOOT_LOADER" != "grub2" ]]; then + die $LINENO "Boot mode UEFI is only supported with iPXE and grub2 bootloaders." fi if ! is_fedora && ! is_ubuntu; then die $LINENO "Boot mode UEFI only works in Ubuntu or Fedora for now." fi + + if [[ "$IRONIC_IPXE_ENABLED" == "False" ]]; then + if [[ -z $IRONIC_GRUB2_SHIM_FILE ]] || [[ -z $IRONIC_GRUB2_FILE ]] || [[ ! -f $IRONIC_GRUB2_SHIM_FILE ]] || [[ ! -f $IRONIC_GRUB2_FILE ]]; then + die $LINENO "Grub2 Bootloader and Shim file missing." + fi + fi fi # TODO(dtantsur): change this when we change the default value. @@ -1831,6 +1841,13 @@ function enroll_nodes { if [[ "$IRONIC_BOOT_MODE" == "uefi" ]]; then node_capabilities+=" --property capabilities=boot_mode:uefi" fi + if [[ "$IRONIC_SECURE_BOOT" == "True" ]]; then + if [[ -n "$node_capabilities" ]]; then + node_capabilities+=",secure_boot:true" + else + node_capabilities+=" --property capabilities=secure_boot:true" + fi + fi if [[ "$IRONIC_IS_HARDWARE" == "False" ]]; then interface_info=$(echo $hardware_info | awk '{print $1}') @@ -2050,6 +2067,10 @@ function enroll_nodes { openstack flavor set baremetal --property "trait:$trait"="required" done + if [[ "$IRONIC_SECURE_BOOT" == "True" ]]; then + openstack flavor set baremetal --property "capabilities:secure_boot"="true" + fi + # NOTE(dtantsur): sometimes nova compute fails to start with ironic due # to keystone restarting and not being able to authenticate us. # Restart it just to be sure (and avoid gate problems like bug 1537076) @@ -2121,10 +2142,43 @@ function configure_tftpd { # setup tftp file mapping to satisfy requests at the root (booting) and # /tftpboot/ sub-dir (as per deploy-ironic elements) - echo "r ^([^/]) $IRONIC_TFTPBOOT_DIR/\1" >$IRONIC_TFTPBOOT_DIR/map-file - echo "r ^(/tftpboot/) $IRONIC_TFTPBOOT_DIR/\2" >>$IRONIC_TFTPBOOT_DIR/map-file + # this section is only for ubuntu and fedora + if [[ "$IRONIC_IPXE_ENABLED" == "False" && \ + ( "$IRONIC_BOOT_MODE" == "uefi" || "$IRONIC_SECURE_BOOT" == "True" ) && \ + "$IRONIC_UEFI_BOOT_LOADER" == "grub2" ]]; then + local grub_dir + + echo "re ^($IRONIC_TFTPBOOT_DIR/) $IRONIC_TFTPBOOT_DIR/\2" >$IRONIC_TFTPBOOT_DIR/map-file + echo "re ^$IRONIC_TFTPBOOT_DIR/ $IRONIC_TFTPBOOT_DIR/" >>$IRONIC_TFTPBOOT_DIR/map-file + echo "re ^(^/) $IRONIC_TFTPBOOT_DIR/\1" >>$IRONIC_TFTPBOOT_DIR/map-file + echo "re ^([^/]) $IRONIC_TFTPBOOT_DIR/\1" >>$IRONIC_TFTPBOOT_DIR/map-file + + sudo cp $IRONIC_GRUB2_SHIM_FILE $IRONIC_TFTPBOOT_DIR/bootx64.efi + sudo cp $IRONIC_GRUB2_FILE $IRONIC_TFTPBOOT_DIR/grubx64.efi + if is_fedora; then + grub_dir=$IRONIC_TFTPBOOT_DIR/EFI/fedora + elif is_ubuntu; then + grub_dir=$IRONIC_TFTPBOOT_DIR/grub + fi + mkdir -p $grub_dir + cat << EOF > $grub_dir/grub.cfg +set default=master +set timeout=5 +set hidden_timeout_quiet=false + +menuentry "master" { +configfile $IRONIC_TFTPBOOT_DIR/\$net_default_ip.conf +} +EOF + chmod 644 $grub_dir/grub.cfg + iniset $IRONIC_CONF_FILE pxe uefi_pxe_config_template '$pybasedir/drivers/modules/pxe_grub_config.template' + iniset $IRONIC_CONF_FILE pxe uefi_pxe_bootfile_name "bootx64.efi" + else + echo "r ^([^/]) $IRONIC_TFTPBOOT_DIR/\1" >$IRONIC_TFTPBOOT_DIR/map-file + echo "r ^(/tftpboot/) $IRONIC_TFTPBOOT_DIR/\2" >>$IRONIC_TFTPBOOT_DIR/map-file + fi - chmod -R 0755 $IRONIC_TFTPBOOT_DIR + sudo chmod -R 0755 $IRONIC_TFTPBOOT_DIR restart_service xinetd } |