Support PXE network boot with grub

It is now possible to do a PXE network boot with grub as an alternative to iPXE. Grub is loaded via the signed shim, so it may allow end-to-end automated deployments with secure-boot enabled. To use grub network boot, deploy bifrost with variable ``default_boot_interface`` set to ``pxe``. This feature is tested by job bifrost-integration-redfish-uefi-fedora-latest. test-bifrost.sh is also modified to only enable the hardware-type driver which matches driver used for test nodes. This allows a default interface to be set which is not supported by one of the enabled drivers (for example, ironic will exit because the ilo driver doesn't support the pxe boot interface) Change-Id: I8ac33d0aa0f71b092d2c0538ac3a73491ff44921
2022-11-17 15:05:31 +13:00 · 2022-11-17 15:05:31 +13:00 · 51d988af54
parent 3218eb5891
commit 51d988af54
5 changed files with 28 additions and 7 deletions
--- a/playbooks/ci/run.yaml
+++ b/playbooks/ci/run.yaml
@ -17,6 +17,7 @@
        USE_DHCP: "{{ use_dhcp | default(false) | bool | lower }}"
        ZUUL_BRANCH: "{{ zuul.branch }}"
        BOOT_MODE: "{{ boot_mode | default('') }}"
+        ENABLE_GRUB_NETWORK_BOOT: "{{ enable_grub_network_boot | default(false) | bool | lower }}"
        TEST_VM_NODE_DRIVER: "{{ test_driver | default('ipmi') }}"
        NOAUTH_MODE: "{{ noauth_mode | default(false) | bool | lower }}"
        ENABLE_TLS: "{{ enable_tls | default(false) | bool | lower }}"
--- a/playbooks/roles/bifrost-ironic-install/templates/dnsmasq.conf.j2
+++ b/playbooks/roles/bifrost-ironic-install/templates/dnsmasq.conf.j2
@ -88,6 +88,9 @@ dhcp-option=42,{{dnsmasq_ntp_servers}}
 {% endif %}

 dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
+dhcp-match=set:efi,option:client-arch,7
+dhcp-match=set:efi,option:client-arch,9
+dhcp-match=set:efi,option:client-arch,11

 dhcp-optsdir={{ dnsmasq_dhcp_optsdir }}
 {% if dhcp_provider == 'none' %}
@ -97,10 +100,10 @@ dhcp-optsdir={{ dnsmasq_dhcp_optsdir }}
 dhcp-userclass=set:gpxe,"gPXE"
 dhcp-boot=tag:gpxe,/ipxe.pxe

-{% if 'ipxe' in enabled_boot_interfaces.split(',') %}
-dhcp-match=set:efi,option:client-arch,7
-dhcp-match=set:efi,option:client-arch,9
-dhcp-match=set:efi,option:client-arch,11
+{% if default_boot_interface is defined and default_boot_interface == 'pxe' %}
+# Client is PXE booting over EFI, boot with the grub shim
+dhcp-boot=tag:efi,/bootx64.efi
+{% elif 'ipxe' in enabled_boot_interfaces.split(',') %}
 # Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader
 dhcp-boot=tag:efi,tag:!ipxe,/{{ ipxe_efi_binary }}
 {% endif %}
--- a/releasenotes/notes/grub-network-boot-a27beef089e041ef.yaml
+++ b/releasenotes/notes/grub-network-boot-a27beef089e041ef.yaml
@ -0,0 +1,10 @@
+---
+features:
+  - |
+    It is now possible to do a PXE network boot with grub as an alternative to
+    iPXE. Grub is loaded via the signed shim, so it may allow end-to-end
+    automated deployments with secure-boot enabled.
+
+    To use grub network boot, deploy bifrost with variable
+    ``default_boot_interface`` set to ``pxe`` and use the ``pxe`` boot interface
+    when deploying nodes.
--- a/scripts/test-bifrost.sh
+++ b/scripts/test-bifrost.sh
@ -12,6 +12,7 @@ ENABLE_KEYSTONE="${ENABLE_KEYSTONE:-false}"
 ZUUL_BRANCH=${ZUUL_BRANCH:-}
 CLI_TEST=${CLI_TEST:-false}
 BOOT_MODE=${BOOT_MODE:-}
+ENABLE_GRUB_NETWORK_BOOT=${ENABLE_GRUB_NETWORK_BOOT:-false}
 ENABLE_TLS=${ENABLE_TLS:-false}
 ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false}
 USE_VMEDIA=${USE_VMEDIA:-false}
@ -45,6 +46,7 @@ PROVISION_WAIT_TIMEOUT=${PROVISION_WAIT_TIMEOUT:-900}
 NOAUTH_MODE=${NOAUTH_MODE:-false}
 CLOUD_CONFIG=""
 WAIT_FOR_DEPLOY=true
+TEST_VM_NODE_DRIVER=${TEST_VM_NODE_DRIVER:-}

 # Get OS information
 source /etc/os-release || source /usr/lib/os-release
@ -119,8 +121,13 @@ fi
 if [ ${USE_VMEDIA} = "true" ]; then
    TEST_VM_NODE_DRIVER=redfish
    CLOUD_CONFIG+=" -e default_boot_interface=redfish-virtual-media"
-    # The default won't work for other hardware types
-    CLOUD_CONFIG+=" -e enabled_hardware_types=redfish"
+elif [ ${ENABLE_GRUB_NETWORK_BOOT} = "true" ]; then
+    CLOUD_CONFIG+=" -e default_boot_interface=pxe"
+fi
+
+if [[ -n "$TEST_VM_NODE_DRIVER" ]]; then
+    VM_SETUP_EXTRA+=" --driver $TEST_VM_NODE_DRIVER"
+    CLOUD_CONFIG+=" -e enabled_hardware_types=$TEST_VM_NODE_DRIVER"
 fi

 on_exit() {
@ -150,7 +157,6 @@ done
    --memory ${VM_MEMORY_SIZE:-1024} \
    --disk ${VM_DISK:-5} \
    --inventory "${BAREMETAL_DATA_FILE}" \
-    --driver ${TEST_VM_NODE_DRIVER:-ipmi} \
    --extra-vars git_url_root="${WORKSPACE:-https://opendev.org}" \
    ${VM_SETUP_EXTRA:-} \
    ${BIFROST_CLI_EXTRA:-}
--- a/zuul.d/bifrost-jobs.yaml
+++ b/zuul.d/bifrost-jobs.yaml
@ -175,6 +175,7 @@
    name: bifrost-integration-redfish-uefi-fedora-latest
    parent: bifrost-integration-tinyipa-fedora-latest
    vars:
+      enable_grub_network_boot: true
      test_driver: redfish

 - job: