From 4bd1c40bdcf4ef890930c82a5c4adcd4b18e5d99 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Mon, 29 Mar 2021 10:41:47 -0700 Subject: [PATCH] Always add 'boot_method' vmedia in redfish/ilo vmedia boot The inclusion of a boot_method=vmedia kernel command line argument is mandatory singnaling so IPA understands it has been booted via virtual media, and to act accordingly. Change-Id: I92751a3f4305fe0ded9ff379643b45132fe66157 Story: 2008749 Task: 42181 --- ironic/drivers/modules/ilo/boot.py | 5 +++++ ironic/drivers/modules/redfish/boot.py | 8 ++++---- .../tests/unit/drivers/modules/ilo/test_boot.py | 3 ++- .../unit/drivers/modules/redfish/test_boot.py | 2 ++ ...vmedia-boot-method-label-8008f49ace96f1cc.yaml | 15 +++++++++++++++ 5 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/fix-vmedia-boot-method-label-8008f49ace96f1cc.yaml diff --git a/ironic/drivers/modules/ilo/boot.py b/ironic/drivers/modules/ilo/boot.py index a5428ad4f1..0452418fac 100644 --- a/ironic/drivers/modules/ilo/boot.py +++ b/ironic/drivers/modules/ilo/boot.py @@ -453,6 +453,8 @@ class IloVirtualMediaBoot(base.BootInterface): task.node.driver_internal_info['agent_secret_token'] task.node.save() + ramdisk_params['boot_method'] = 'vmedia' + deploy_nic_mac = deploy_utils.get_single_nic_with_vif_port_id(task) if deploy_nic_mac is not None: ramdisk_params['BOOTIF'] = deploy_nic_mac @@ -1097,6 +1099,9 @@ class IloUefiHttpsBoot(base.BootInterface): if deploy_nic_mac is not None: ramdisk_params['BOOTIF'] = deploy_nic_mac + # Signal to IPA that this is a vmedia boot operation. + ramdisk_params['boot_method'] = 'vmedia' + mode = 'deploy' if node.provision_state == states.RESCUING: mode = 'rescue' diff --git a/ironic/drivers/modules/redfish/boot.py b/ironic/drivers/modules/redfish/boot.py index fc1c8851a5..5b49714847 100644 --- a/ironic/drivers/modules/redfish/boot.py +++ b/ironic/drivers/modules/redfish/boot.py @@ -487,6 +487,10 @@ class RedfishVirtualMediaBoot(base.BootInterface): managers = redfish_utils.get_system(task.node).managers + # NOTE(TheJulia): This is a mandatory setting for virtual media + # based deployment operations. + ramdisk_params['boot_method'] = 'vmedia' + if config_via_removable: removable = _has_vmedia_device( @@ -494,10 +498,6 @@ class RedfishVirtualMediaBoot(base.BootInterface): # Prefer USB devices since floppies are outdated [sushy.VIRTUAL_MEDIA_USBSTICK, sushy.VIRTUAL_MEDIA_FLOPPY]) if removable: - # NOTE (etingof): IPA will read the device only if - # we tell it to - ramdisk_params['boot_method'] = 'vmedia' - floppy_ref = image_utils.prepare_floppy_image( task, params=ramdisk_params) diff --git a/ironic/tests/unit/drivers/modules/ilo/test_boot.py b/ironic/tests/unit/drivers/modules/ilo/test_boot.py index 761a910e05..0c496772e7 100644 --- a/ironic/tests/unit/drivers/modules/ilo/test_boot.py +++ b/ironic/tests/unit/drivers/modules/ilo/test_boot.py @@ -592,7 +592,8 @@ class IloVirtualMediaBootTestCase(test_common.BaseIloTest): prepare_node_for_deploy_mock.assert_called_once_with(task) eject_mock.assert_called_once_with(task) expected_ramdisk_opts = {'a': 'b', 'BOOTIF': '12:34:56:78:90:ab', - 'ipa-agent-token': mock.ANY} + 'ipa-agent-token': mock.ANY, + 'boot_method': 'vmedia'} get_nic_mock.assert_called_once_with(task) setup_vmedia_mock.assert_called_once_with(task, iso, expected_ramdisk_opts) diff --git a/ironic/tests/unit/drivers/modules/redfish/test_boot.py b/ironic/tests/unit/drivers/modules/redfish/test_boot.py index 27ec9c8482..d75712b674 100644 --- a/ironic/tests/unit/drivers/modules/redfish/test_boot.py +++ b/ironic/tests/unit/drivers/modules/redfish/test_boot.py @@ -448,6 +448,7 @@ class RedfishVirtualMediaBootTestCase(db_base.DbTestCase): expected_params = { 'ipa-agent-token': mock.ANY, 'ipa-debug': '1', + 'boot_method': 'vmedia', } mock_prepare_deploy_iso.assert_called_once_with( @@ -494,6 +495,7 @@ class RedfishVirtualMediaBootTestCase(db_base.DbTestCase): expected_params = { 'ipa-agent-token': mock.ANY, + 'boot_method': 'vmedia', } mock_prepare_deploy_iso.assert_called_once_with( diff --git a/releasenotes/notes/fix-vmedia-boot-method-label-8008f49ace96f1cc.yaml b/releasenotes/notes/fix-vmedia-boot-method-label-8008f49ace96f1cc.yaml new file mode 100644 index 0000000000..1edcba1afc --- /dev/null +++ b/releasenotes/notes/fix-vmedia-boot-method-label-8008f49ace96f1cc.yaml @@ -0,0 +1,15 @@ +--- +security: + - | + Fixes an issue where ironic was not properly labeling dynamicly built + virtual media ramdisks with the signifier flag so the ramdisk understands + it was booted from virtual media. +fixes: + - | + Fixes the missing ``boot_method`` ramdisk parameter for dynamicly build + virtual media payloads. This value must be set to ``vmedia`` for the + ramdisk running on virtual media to understand it is executing from + virtual media. This was fixed for cases where it is used with the + ``redfish-virtual-media`` based boot interfaces as well as the + ``ilo-virtual-media`` boot interface, which is where dynamic virtual media + deployment/cleaning ramdisk generation is supported.