From 2a24dd59ba3b930bae3e85929a8f7471c218adc5 Mon Sep 17 00:00:00 2001
From: James Denton <james.denton@rackspace.com>
Date: Wed, 10 Jun 2020 16:30:12 +0000
Subject: [PATCH] Add Support for Deploying UEFI Baremetal Nodes

This patchset adds support for deploying instances using UEFI baremetal
nodes. UEFI may replace Legacy BIOS mode in future Ironic releases. Tested
with Ubuntu Focal 20.04 LTS.

Change-Id: I0fa6234ec7321e1d69901175baeab4ddb08afc50
---
 files/grub.conf                               |  7 +++++++
 ...ds-uefi-boot-support-18ad99dd21f7e8be.yaml |  7 +++++++
 tasks/ironic_conductor_post_install.yml       | 21 +++++++++++++++++++
 templates/ironic.conf.j2                      |  2 +-
 vars/debian.yml                               |  9 ++++++++
 vars/redhat.yml                               |  9 ++++++++
 6 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 files/grub.conf
 create mode 100644 releasenotes/notes/adds-uefi-boot-support-18ad99dd21f7e8be.yaml

diff --git a/files/grub.conf b/files/grub.conf
new file mode 100644
index 00000000..14d506d4
--- /dev/null
+++ b/files/grub.conf
@@ -0,0 +1,7 @@
+set default=master
+set timeout=5
+set hidden_timeout_quiet=false
+
+menuentry "master"  {
+configfile /tftpboot/$net_default_ip.conf
+}
diff --git a/releasenotes/notes/adds-uefi-boot-support-18ad99dd21f7e8be.yaml b/releasenotes/notes/adds-uefi-boot-support-18ad99dd21f7e8be.yaml
new file mode 100644
index 00000000..b491a7a2
--- /dev/null
+++ b/releasenotes/notes/adds-uefi-boot-support-18ad99dd21f7e8be.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - UEFI boot support has been added. To migrate from Legacy BIOS mode,
+    define `boot_mode:uefi` as a capability for baremetal nodes that support
+    UEFI. In addition, corresponding flavor(s) will need to be created or
+    modified to include `boot_mode:uefi` as a capability for scheduling to
+    occur against UEFI nodes.
\ No newline at end of file
diff --git a/tasks/ironic_conductor_post_install.yml b/tasks/ironic_conductor_post_install.yml
index 08f9441c..12c2c38d 100644
--- a/tasks/ironic_conductor_post_install.yml
+++ b/tasks/ironic_conductor_post_install.yml
@@ -52,6 +52,27 @@
     remote_src: True
   with_items: "{{ ironic_library_modules_paths }}"
 
+- name: Ensure grub directory exists in tftpboot
+  file:
+    path: "{{ ironic_grub_dir }}"
+    state: directory
+    recurse: yes
+
+- name: Copy PXE grub config into tftpboot
+  copy:
+    src: "grub.conf"
+    dest: "{{ ironic_grub_dir }}/grub.cfg"
+    mode: "0644"
+    owner: "ironic"
+    group: "ironic"
+
+- name: Copy uefi modules into tftpboot
+  copy:
+    src: "{{ item.path }}"
+    dest: "{{ ironic_tftpd_root }}/{{ item.name }}"
+    remote_src: True
+  with_items: "{{ ironic_uefi_modules }}"
+
 - name: Start up tftp
   service:
     name: "{{ ironic_tftpd_service_name }}"
diff --git a/templates/ironic.conf.j2 b/templates/ironic.conf.j2
index 539ca2bc..4f85357c 100644
--- a/templates/ironic.conf.j2
+++ b/templates/ironic.conf.j2
@@ -204,7 +204,7 @@ pool_max_size = {{ ironic_wsgi_processes }}
 [pxe]
 {% if ironic_ipxe_enabled | bool %}
 pxe_bootfile_name = undionly.kpxe
-uefi_pxe_bootfile_name = ipxe.efi
+uefi_ipxe_bootfile_name = ipxe.efi
 pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template
 uefi_pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template
 {% endif %}
diff --git a/vars/debian.yml b/vars/debian.yml
index aed33e92..ed4bc553 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -38,6 +38,8 @@ ironic_conductor_distro_packages:
   - gdisk
   - ipxe
   - nginx
+  - grub-efi-amd64-signed
+  - shim-signed
 
 ironic_conductor_standalone_distro_packages:
   - isc-dhcp-server
@@ -49,6 +51,12 @@ ironic_library_modules_paths:
   - "/usr/lib/ipxe/undionly.kpxe"
   - "/usr/lib/ipxe/ipxe.efi"
 
+ironic_uefi_modules:
+  - name: "bootx64.efi"
+    path: "/usr/lib/shim/shimx64.efi.signed"
+  - name: "grubx64.efi"
+    path: "/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed"
+
 ironic_tftpd_service_name: tftpd-hpa
 ironic_tftpd_root: /tftpboot
 
@@ -89,3 +97,4 @@ ironic_inspector_library_modules_paths:
   - "/usr/lib/syslinux/modules/efi64/ldlinux.e64"
 
 ironic_nginx_conf_path: "sites-available"
+ironic_grub_dir: "/tftpboot/grub"
diff --git a/vars/redhat.yml b/vars/redhat.yml
index 14ff1d05..c916bf99 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -35,6 +35,8 @@ ironic_conductor_distro_packages:
   - gdisk
   - ipxe-bootimgs
   - nginx
+  - grub2-efi-x64
+  - shim
 
 ironic_conductor_standalone_distro_packages:
   - isc-dhcp-server
@@ -46,6 +48,12 @@ ironic_library_modules_paths:
   - "/usr/share/ipxe/undionly.kpxe"
   - "/usr/share/ipxe/ipxe-x86_64.efi"
 
+ironic_uefi_modules:
+  - name: "bootx64.efi"
+    path: "/boot/efi/EFI/centos/shimx64.efi"
+  - name: "grubx64.efi"
+    path: "/boot/efi/EFI/centos/grubx64.efi"
+
 ironic_tftpd_service_name: tftp
 ironic_tftpd_root: /var/lib/tftpboot
 
@@ -76,3 +84,4 @@ ironic_inspector_library_modules_paths:
   - "/usr/lib/syslinux/modules/efi64/ldlinux.e64"
 
 ironic_nginx_conf_path: "conf.d"
+ironic_grub_dir: "/tftpboot/EFI/centos"