openstack/ironic
Code Issues Proposed changes

Deprecate instance network boot

Browse Source 
It's insecure and not very popular. See this post for details:
http://lists.openstack.org/pipermail/openstack-discuss/2021-December/026224.html

Change-Id: I9a2df47bb8c08cc991b3c615a9eb533aba3171f4
This commit is contained in:
Dmitry Tantsur 2022-02-09 14:33:57 +01:00
parent 2f09b7b102
commit 5a9dd8b092
9 changed files with 40 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/source/admin/adoption.rst
View File

@ -51,10 +51,7 @@ The adoption process makes no changes to the physical node, with the
exception of operator supplied configurations where virtual media is exception of operator supplied configurations where virtual media is
used to boot the node under normal circumstances. An operator should used to boot the node under normal circumstances. An operator should
ensure that any supplied configuration defining the node is sufficient ensure that any supplied configuration defining the node is sufficient
for the continued operation of the node moving forward. Such as, if the for the continued operation of the node moving forward.
node is configured to network boot via instance_info/boot_option="netboot",
then appropriate driver specific node configuration should be set to
support this capability.
Possible Risk Possible Risk
============= =============

5
doc/source/admin/drivers/ilo.rst
View File

@ -1084,6 +1084,11 @@ intermediate images on conductor as described in
Deploy Process Deploy Process
============== ==============
.. note::
Network boot is deprecated and will be removed in the Zed release.
.. TODO(dtantsur): review these diagrams to exclude netboot.
Netboot with glance and swift Netboot with glance and swift
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

29
doc/source/admin/drivers/snmp.rst
View File

@ -77,30 +77,20 @@ Enabling the SNMP Hardware Type
enabled_management_interfaces = noop enabled_management_interfaces = noop
enabled_power_interfaces = snmp enabled_power_interfaces = snmp
#. To set the default boot option, update ``default_boot_option`` in #. To enable the network boot fallback, update ``enable_netboot_fallback`` in
``ironic.conf``: ``ironic.conf``:
.. code-block:: ini .. code-block:: ini
[DEFAULT] [pxe]
default_boot_option = netboot enable_netboot_fallback = True
.. note:: .. note::
Currently the default value of ``default_boot_option`` is ``netboot`` It is important to enable the fallback as SNMP hardware type does not
but it will be changed to ``local`` in the future. It is recommended support setting of boot devices. When booting in legacy (BIOS) mode,
to set an explicit value for this option. the generated network booting artifact will force booting from local
disk. In UEFI mode, Ironic will configure the boot order using UEFI
.. note:: variables.
It is important to set ``boot_option`` to ``netboot`` as SNMP hardware
type does not support setting of boot devices. One can also configure
a node to boot using ``netboot`` by setting its ``capabilities`` and
updating Nova flavor as described below:
.. code-block:: console
baremetal node set --property capabilities="boot_option:netboot" <node>
openstack flavor set --property "capabilities:boot_option"="netboot" ironic-flavor
#. Restart the Ironic conductor service. #. Restart the Ironic conductor service.
@ -165,5 +155,4 @@ type:
--driver snmp --driver-info snmp_driver=<pdu_manufacturer> \ --driver snmp --driver-info snmp_driver=<pdu_manufacturer> \
--driver-info snmp_address=<ip_address> \ --driver-info snmp_address=<ip_address> \
--driver-info snmp_outlet=<outlet_index> \ --driver-info snmp_outlet=<outlet_index> \
--driver-info snmp_community=<community_string> \ --driver-info snmp_community=<community_string>
--properties capabilities=boot_option:netboot

2
doc/source/admin/report.txt
View File

@ -321,7 +321,7 @@ default:
deploy: deploy:
continue_if_disk_secure_erase_fails = False continue_if_disk_secure_erase_fails = False
default_boot_option = netboot default_boot_option = local
erase_devices_metadata_priority = None erase_devices_metadata_priority = None
erase_devices_priority = 0 erase_devices_priority = 0
http_root = /opt/stack/data/ironic/httpboot http_root = /opt/stack/data/ironic/httpboot

5
ironic/conf/deploy.py
View File

@ -128,7 +128,10 @@ opts = [
help=_('Default boot option to use when no boot option is ' help=_('Default boot option to use when no boot option is '
'requested in node\'s driver_info. Defaults to ' 'requested in node\'s driver_info. Defaults to '
'"local". Prior to the Ussuri release, the default ' '"local". Prior to the Ussuri release, the default '
'was "netboot".')), 'was "netboot".'),
deprecated_for_removal=True,
deprecated_reason=_('Support for network boot will be removed '
'after the Yoga release.')),
cfg.StrOpt('default_boot_mode', cfg.StrOpt('default_boot_mode',
choices=[(boot_modes.UEFI, _('UEFI boot mode')), choices=[(boot_modes.UEFI, _('UEFI boot mode')),
(boot_modes.LEGACY_BIOS, _('Legacy BIOS boot mode'))], (boot_modes.LEGACY_BIOS, _('Legacy BIOS boot mode'))],

5
ironic/drivers/modules/agent.py
View File

@ -505,6 +505,11 @@ class AgentDeploy(CustomAgentDeploy):
validate_http_provisioning_configuration(node) validate_http_provisioning_configuration(node)
validate_image_proxies(node) validate_image_proxies(node)
capabilities = utils.parse_instance_info_capabilities(node)
if 'boot_option' in capabilities:
LOG.warning("The boot_option capability has been deprecated, "
"please unset it for node %s", node.uuid)
@METRICS.timer('AgentDeployMixin.write_image') @METRICS.timer('AgentDeployMixin.write_image')
@base.deploy_step(priority=80) @base.deploy_step(priority=80)
@task_manager.require_exclusive_lock @task_manager.require_exclusive_lock

6
ironic/drivers/modules/deploy_utils.py
View File

@ -604,12 +604,6 @@ def validate_image_properties(task, deploy_info):
"%(properties)s") % {'image': image_href, 'properties': props}) "%(properties)s") % {'image': image_href, 'properties': props})
def get_default_boot_option():
"""Gets the default boot option."""
# TODO(TheJulia): Deprecated: Remove after Ussuri.
return CONF.deploy.default_boot_option
def get_boot_option(node): def get_boot_option(node):
"""Gets the boot option. """Gets the boot option.

14
releasenotes/notes/netboot-deprecation-fe5751a47df2d0b7.yaml Normal file
View File

@ -0,0 +1,14 @@
---
deprecations:
- |
Booting final instances via network (as opposed to via a local bootloader)
is now deprecated, except for the cases of booting from volume or the
ramdisk deploy interface.
Network boot for whole disk images only works reliable for legacy (BIOS)
boot. In case of partition images, there is no way to update the kernel,
which makes this approach insecure.
Users of partition images must ensure that they either contain the
``grub-install`` binary, enough EFI artifacts to boot the operating
system or a legacy boot partition.

2
zuul.d/ironic-jobs.yaml
View File

@ -322,7 +322,7 @@
- job: - job:
name: ironic-tempest-wholedisk-bios-snmp-pxe name: ironic-tempest-wholedisk-bios-snmp-pxe
description: SNMP power, no-op management, netboot and whole disk images. description: SNMP power, no-op management and whole disk images.
parent: ironic-base parent: ironic-base
vars: vars:
devstack_localrc: devstack_localrc: