Deprecate instance network boot

It's insecure and not very popular. See this post for details:
http://lists.openstack.org/pipermail/openstack-discuss/2021-December/026224.html

Change-Id: I9a2df47bb8c08cc991b3c615a9eb533aba3171f4

doc/source/admin/adoption.rst

@@ -51,10 +51,7 @@ The adoption process makes no changes to the physical node, with the
 exception of operator supplied configurations where virtual media is
 used to boot the node under normal circumstances. An operator should
 ensure that any supplied configuration defining the node is sufficient
-for the continued operation of the node moving forward. Such as, if the
-node is configured to network boot via instance_info/boot_option="netboot",
-then appropriate driver specific node configuration should be set to
-support this capability.
+for the continued operation of the node moving forward.
 
 Possible Risk
 =============

doc/source/admin/drivers/ilo.rst

@@ -1084,6 +1084,11 @@ intermediate images on conductor as described in
 Deploy Process
 ==============
 
+.. note::
+   Network boot is deprecated and will be removed in the Zed release.
+
+.. TODO(dtantsur): review these diagrams to exclude netboot.
+
 Netboot with glance and swift
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

doc/source/admin/drivers/snmp.rst

@@ -77,30 +77,20 @@ Enabling the SNMP Hardware Type
     enabled_management_interfaces = noop
     enabled_power_interfaces = snmp
 
-#. To set the default boot option, update ``default_boot_option`` in
+#. To enable the network boot fallback, update ``enable_netboot_fallback`` in
    ``ironic.conf``:
 
    .. code-block:: ini
 
-    [DEFAULT]
-    default_boot_option = netboot
+    [pxe]
+    enable_netboot_fallback = True
 
    .. note::
-      Currently the default value of ``default_boot_option`` is ``netboot``
-      but it will be changed to ``local`` in the future. It is recommended
-      to set an explicit value for this option.
-
-   .. note::
-      It is important to set ``boot_option`` to ``netboot`` as SNMP hardware
-      type does not support setting of boot devices. One can also configure
-      a node to boot using ``netboot`` by setting its ``capabilities`` and
-      updating Nova flavor as described below:
-
-      .. code-block:: console
-
-          baremetal node set --property capabilities="boot_option:netboot" <node>
-          openstack flavor set --property "capabilities:boot_option"="netboot" ironic-flavor
-
+      It is important to enable the fallback as SNMP hardware type does not
+      support setting of boot devices. When booting in legacy (BIOS) mode,
+      the generated network booting artifact will force booting from local
+      disk. In UEFI mode, Ironic will configure the boot order using UEFI
+      variables.
 
 #. Restart the Ironic conductor service.
 
@@ -165,5 +155,4 @@ type:
     --driver snmp --driver-info snmp_driver=<pdu_manufacturer> \
     --driver-info snmp_address=<ip_address> \
     --driver-info snmp_outlet=<outlet_index> \
-    --driver-info snmp_community=<community_string> \
-    --properties capabilities=boot_option:netboot
+    --driver-info snmp_community=<community_string>

doc/source/admin/report.txt

@@ -321,7 +321,7 @@ default:
 
 deploy:
   continue_if_disk_secure_erase_fails = False
-  default_boot_option = netboot
+  default_boot_option = local
   erase_devices_metadata_priority = None
   erase_devices_priority = 0
   http_root = /opt/stack/data/ironic/httpboot

ironic/conf/deploy.py

@@ -128,7 +128,10 @@ opts = [
                help=_('Default boot option to use when no boot option is '
                       'requested in node\'s driver_info. Defaults to '
                       '"local". Prior to the Ussuri release, the default '
-                      'was "netboot".')),
+                      'was "netboot".'),
+               deprecated_for_removal=True,
+               deprecated_reason=_('Support for network boot will be removed '
+                                   'after the Yoga release.')),
     cfg.StrOpt('default_boot_mode',
                choices=[(boot_modes.UEFI, _('UEFI boot mode')),
                         (boot_modes.LEGACY_BIOS, _('Legacy BIOS boot mode'))],

ironic/drivers/modules/agent.py

@@ -505,6 +505,11 @@ class AgentDeploy(CustomAgentDeploy):
         validate_http_provisioning_configuration(node)
         validate_image_proxies(node)
 
+        capabilities = utils.parse_instance_info_capabilities(node)
+        if 'boot_option' in capabilities:
+            LOG.warning("The boot_option capability has been deprecated, "
+                        "please unset it for node %s", node.uuid)
+
     @METRICS.timer('AgentDeployMixin.write_image')
     @base.deploy_step(priority=80)
     @task_manager.require_exclusive_lock

ironic/drivers/modules/deploy_utils.py

@@ -604,12 +604,6 @@ def validate_image_properties(task, deploy_info):
             "%(properties)s") % {'image': image_href, 'properties': props})
 
 
-def get_default_boot_option():
-    """Gets the default boot option."""
-    # TODO(TheJulia): Deprecated: Remove after Ussuri.
-    return CONF.deploy.default_boot_option
-
-
 def get_boot_option(node):
     """Gets the boot option.
 

releasenotes/notes/netboot-deprecation-fe5751a47df2d0b7.yaml

@@ -0,0 +1,14 @@
+---
+deprecations:
+  - |
+    Booting final instances via network (as opposed to via a local bootloader)
+    is now deprecated, except for the cases of booting from volume or the
+    ramdisk deploy interface.
+
+    Network boot for whole disk images only works reliable for legacy (BIOS)
+    boot. In case of partition images, there is no way to update the kernel,
+    which makes this approach insecure.
+
+    Users of partition images must ensure that they either contain the
+    ``grub-install`` binary, enough EFI artifacts to boot the operating
+    system or a legacy boot partition.

zuul.d/ironic-jobs.yaml

@@ -322,7 +322,7 @@
 
 - job:
     name: ironic-tempest-wholedisk-bios-snmp-pxe
-    description: SNMP power, no-op management, netboot and whole disk images.
+    description: SNMP power, no-op management and whole disk images.
     parent: ironic-base
     vars:
       devstack_localrc: