[RFE] HTTP ISO Boot via Network (UEFI) HTTP Boot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ironic |
Confirmed
|
Wishlist
|
Julia Kreger |
Bug Description
With the completion of bug #2032380, Ironic gained several new HTTP enabled boot interfaces.
Most of them utilize a pre-existing network boot loader, i.e. iPXE or Grub to enable the machine to begin booting. These interfaces are "http", "http-ipxe". The exception is "redfish-https" which forms an ISO image and remotely instructs a redfish BMC to utilize the Boot from URL functionality in the BMC.
But in theory, not always true, but UEFI Http Boot standard does permit the artifact to be an ISO image *instead* of a network boot loader. And we should likely support this as well.
Why would we want to support this though?
- An increasing demand and government requirement for Secure Boot means that iPXE as the one bootloader addresses almost all cases, is not really a future possibility unless vendors work to get iPXE signed, which may never happen. In other words, we need another path forward for network booting in a secure mode, and ISOs can contain signed UEFI loaders which don't need to be network aware.
This does mean that this boot interface cannot support aspects like booting from a volume, but that is likely okay given that is an existing constraint for network booting grub.
What would we do then?
We would create a new boot_interface class, with the driver name http-iso,
which would take a similar code pattern to the redfish-https driver,
in that it would attempt to build an iso, and instead of sending it to a BMC
it would use that URL for the dhcp configuration.
description: | updated |
tags: | added: rfe |
Changed in ironic: | |
assignee: | nobody → Julia Kreger (juliaashleykreger) |
Changed in ironic: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
Changed in ironic: | |
status: | Triaged → Confirmed |
tags: |
added: rfe-approved removed: rfe |