From 5a9dd8b0920e43e406bb4743771af8661842e63e Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Wed, 9 Feb 2022 14:33:57 +0100 Subject: [PATCH] Deprecate instance network boot It's insecure and not very popular. See this post for details: http://lists.openstack.org/pipermail/openstack-discuss/2021-December/026224.html Change-Id: I9a2df47bb8c08cc991b3c615a9eb533aba3171f4 --- doc/source/admin/adoption.rst | 5 +--- doc/source/admin/drivers/ilo.rst | 5 ++++ doc/source/admin/drivers/snmp.rst | 29 ++++++------------- doc/source/admin/report.txt | 2 +- ironic/conf/deploy.py | 5 +++- ironic/drivers/modules/agent.py | 5 ++++ ironic/drivers/modules/deploy_utils.py | 6 ---- .../netboot-deprecation-fe5751a47df2d0b7.yaml | 14 +++++++++ zuul.d/ironic-jobs.yaml | 2 +- 9 files changed, 40 insertions(+), 33 deletions(-) create mode 100644 releasenotes/notes/netboot-deprecation-fe5751a47df2d0b7.yaml diff --git a/doc/source/admin/adoption.rst b/doc/source/admin/adoption.rst index ba404fd0b2..570b360721 100644 --- a/doc/source/admin/adoption.rst +++ b/doc/source/admin/adoption.rst @@ -51,10 +51,7 @@ The adoption process makes no changes to the physical node, with the exception of operator supplied configurations where virtual media is used to boot the node under normal circumstances. An operator should ensure that any supplied configuration defining the node is sufficient -for the continued operation of the node moving forward. Such as, if the -node is configured to network boot via instance_info/boot_option="netboot", -then appropriate driver specific node configuration should be set to -support this capability. +for the continued operation of the node moving forward. Possible Risk ============= diff --git a/doc/source/admin/drivers/ilo.rst b/doc/source/admin/drivers/ilo.rst index 40bb06735d..4ffa8bcfbf 100644 --- a/doc/source/admin/drivers/ilo.rst +++ b/doc/source/admin/drivers/ilo.rst @@ -1084,6 +1084,11 @@ intermediate images on conductor as described in Deploy Process ============== +.. note:: + Network boot is deprecated and will be removed in the Zed release. + +.. TODO(dtantsur): review these diagrams to exclude netboot. + Netboot with glance and swift ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/doc/source/admin/drivers/snmp.rst b/doc/source/admin/drivers/snmp.rst index 7a91bc1269..1c402ab9b2 100644 --- a/doc/source/admin/drivers/snmp.rst +++ b/doc/source/admin/drivers/snmp.rst @@ -77,30 +77,20 @@ Enabling the SNMP Hardware Type enabled_management_interfaces = noop enabled_power_interfaces = snmp -#. To set the default boot option, update ``default_boot_option`` in +#. To enable the network boot fallback, update ``enable_netboot_fallback`` in ``ironic.conf``: .. code-block:: ini - [DEFAULT] - default_boot_option = netboot + [pxe] + enable_netboot_fallback = True .. note:: - Currently the default value of ``default_boot_option`` is ``netboot`` - but it will be changed to ``local`` in the future. It is recommended - to set an explicit value for this option. - - .. note:: - It is important to set ``boot_option`` to ``netboot`` as SNMP hardware - type does not support setting of boot devices. One can also configure - a node to boot using ``netboot`` by setting its ``capabilities`` and - updating Nova flavor as described below: - - .. code-block:: console - - baremetal node set --property capabilities="boot_option:netboot" - openstack flavor set --property "capabilities:boot_option"="netboot" ironic-flavor - + It is important to enable the fallback as SNMP hardware type does not + support setting of boot devices. When booting in legacy (BIOS) mode, + the generated network booting artifact will force booting from local + disk. In UEFI mode, Ironic will configure the boot order using UEFI + variables. #. Restart the Ironic conductor service. @@ -165,5 +155,4 @@ type: --driver snmp --driver-info snmp_driver= \ --driver-info snmp_address= \ --driver-info snmp_outlet= \ - --driver-info snmp_community= \ - --properties capabilities=boot_option:netboot + --driver-info snmp_community= diff --git a/doc/source/admin/report.txt b/doc/source/admin/report.txt index e098e5aef8..1f1fc4d8e7 100644 --- a/doc/source/admin/report.txt +++ b/doc/source/admin/report.txt @@ -321,7 +321,7 @@ default: deploy: continue_if_disk_secure_erase_fails = False - default_boot_option = netboot + default_boot_option = local erase_devices_metadata_priority = None erase_devices_priority = 0 http_root = /opt/stack/data/ironic/httpboot diff --git a/ironic/conf/deploy.py b/ironic/conf/deploy.py index 32f53644aa..7a7fb37d7e 100644 --- a/ironic/conf/deploy.py +++ b/ironic/conf/deploy.py @@ -128,7 +128,10 @@ opts = [ help=_('Default boot option to use when no boot option is ' 'requested in node\'s driver_info. Defaults to ' '"local". Prior to the Ussuri release, the default ' - 'was "netboot".')), + 'was "netboot".'), + deprecated_for_removal=True, + deprecated_reason=_('Support for network boot will be removed ' + 'after the Yoga release.')), cfg.StrOpt('default_boot_mode', choices=[(boot_modes.UEFI, _('UEFI boot mode')), (boot_modes.LEGACY_BIOS, _('Legacy BIOS boot mode'))], diff --git a/ironic/drivers/modules/agent.py b/ironic/drivers/modules/agent.py index 2dcd8a819c..c171f81b1d 100644 --- a/ironic/drivers/modules/agent.py +++ b/ironic/drivers/modules/agent.py @@ -505,6 +505,11 @@ class AgentDeploy(CustomAgentDeploy): validate_http_provisioning_configuration(node) validate_image_proxies(node) + capabilities = utils.parse_instance_info_capabilities(node) + if 'boot_option' in capabilities: + LOG.warning("The boot_option capability has been deprecated, " + "please unset it for node %s", node.uuid) + @METRICS.timer('AgentDeployMixin.write_image') @base.deploy_step(priority=80) @task_manager.require_exclusive_lock diff --git a/ironic/drivers/modules/deploy_utils.py b/ironic/drivers/modules/deploy_utils.py index e1aabb5009..d09a616ea0 100644 --- a/ironic/drivers/modules/deploy_utils.py +++ b/ironic/drivers/modules/deploy_utils.py @@ -604,12 +604,6 @@ def validate_image_properties(task, deploy_info): "%(properties)s") % {'image': image_href, 'properties': props}) -def get_default_boot_option(): - """Gets the default boot option.""" - # TODO(TheJulia): Deprecated: Remove after Ussuri. - return CONF.deploy.default_boot_option - - def get_boot_option(node): """Gets the boot option. diff --git a/releasenotes/notes/netboot-deprecation-fe5751a47df2d0b7.yaml b/releasenotes/notes/netboot-deprecation-fe5751a47df2d0b7.yaml new file mode 100644 index 0000000000..9c8df1106b --- /dev/null +++ b/releasenotes/notes/netboot-deprecation-fe5751a47df2d0b7.yaml @@ -0,0 +1,14 @@ +--- +deprecations: + - | + Booting final instances via network (as opposed to via a local bootloader) + is now deprecated, except for the cases of booting from volume or the + ramdisk deploy interface. + + Network boot for whole disk images only works reliable for legacy (BIOS) + boot. In case of partition images, there is no way to update the kernel, + which makes this approach insecure. + + Users of partition images must ensure that they either contain the + ``grub-install`` binary, enough EFI artifacts to boot the operating + system or a legacy boot partition. diff --git a/zuul.d/ironic-jobs.yaml b/zuul.d/ironic-jobs.yaml index 9b928f0743..ff7727b7a3 100644 --- a/zuul.d/ironic-jobs.yaml +++ b/zuul.d/ironic-jobs.yaml @@ -322,7 +322,7 @@ - job: name: ironic-tempest-wholedisk-bios-snmp-pxe - description: SNMP power, no-op management, netboot and whole disk images. + description: SNMP power, no-op management and whole disk images. parent: ironic-base vars: devstack_localrc: