)]}'
{"specs/approved/uefi-pxe-boot-from-volume.rst":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":15,"context_line":"servers support iPXE boot due to lacking of integrated NIC driver support in"},{"line_number":16,"context_line":"iPXE, especially many aarch64 servers don\u0027t support iPXE. But all the server"},{"line_number":17,"context_line":"may support PXE boot. So it makes sense that Ironic can support PXE BFV."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Problem description"},{"line_number":20,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"d6d70b5e_46bc5324","line":18,"updated":"2021-04-09 17:13:20.000000000","message":"I\u0027m confused, the expectation and what is coded is to chain load into an ipxe loader binary. This is known to work on x86_64 and I\u0027 believe based on some discussions should also work on aarch64 with a UEFI image build.\n\nIn UEFI cases, the binary doesn\u0027t *need* network interface card drivers, but are supposed to use the UEFI primitives for networking which does require that the card support UEFI as well. Obviously, if that is not the case, then it doesn\u0027t work.","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":34,"context_line":"  - Operator uploads partition user image to Glance image service."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"    Differences:"},{"line_number":37,"context_line":"    PXE BFV uses partition user image, and iPXE uses whole disk image."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"  - Operator enrolls nodes with property capabilities\u003d\u0027boot_mode:uefi,"},{"line_number":40,"context_line":"    iscsi_boot:True, boot_option:netboot\u0027 and make them as available provision"}],"source_content_type":"text/x-rst","patch_set":1,"id":"0e65d657_cf8c737e","line":37,"range":{"start_line":37,"start_character":17,"end_line":37,"end_character":37},"updated":"2021-04-09 17:13:20.000000000","message":"Ideally, we would really prefer people move away from partition images. At least for what it is worth.","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":45,"context_line":""},{"line_number":46,"context_line":"    Differences:"},{"line_number":47,"context_line":"    PXE boots from an existing volume like iPXE is not support, because the"},{"line_number":48,"context_line":"    existing volume doesn\u0027t contain any image meta data. This also means that"},{"line_number":49,"context_line":"    PXE BFV only support cinder storage interface and no external storage"},{"line_number":50,"context_line":"    interface support as there is no other way to cache kernel/ramdisk"},{"line_number":51,"context_line":"    currently."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"  - Ironic conductor changes the node provision state to deploying from"},{"line_number":54,"context_line":"    available, prepare instance to boot:"}],"source_content_type":"text/x-rst","patch_set":1,"id":"6461ea38_de635558","line":51,"range":{"start_line":48,"start_character":56,"end_line":51,"end_character":14},"updated":"2021-04-09 17:13:20.000000000","message":"This doesn\u0027t seem correct if the field values can be populated. Could you elaborate on this a little bit, becasue if the instance kernel/ramdisk is set. I don\u0027t see how volumes would have image metadata containing kernel/ramdisks, that seems like a fundimental reversal of the relationship model. Can you site any references on this?","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":52,"context_line":""},{"line_number":53,"context_line":"  - Ironic conductor changes the node provision state to deploying from"},{"line_number":54,"context_line":"    available, prepare instance to boot:"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"      - Cache kernel/ramdisk images."},{"line_number":57,"context_line":"      - Generate PXE grub config menuentry \u0027boot_iscsi\u0027, fill iSCSI kernel"},{"line_number":58,"context_line":"        command line options which defined by"},{"line_number":59,"context_line":"        `Dracut iSCSI kernel command line option`_ and"}],"source_content_type":"text/x-rst","patch_set":1,"id":"c688b8d0_0ab539e1","line":56,"range":{"start_line":55,"start_character":0,"end_line":56,"end_character":36},"updated":"2021-04-09 17:13:20.000000000","message":"Honestly, I\u0027m not a fan of caching the kernel/ramdisk image and doing pure network booting. It is problematic. Espescialy when people expect these things to be long lived. Often OSes don\u0027t comprehend this, which can mean the operator may break their OS\u0027s ability to boot or even worse, be unable to upgrade the instance in the event of a kernel security vulnerability.","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":71,"context_line":"    boot is out of scope of this specification."},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"    Differences:"},{"line_number":74,"context_line":"    PXE loads grub from tftpboot network dir and just boots into initrd, it"},{"line_number":75,"context_line":"    doesn\u0027t do any other thing. Whereas iPXE will attach the iSCSI volume disk"},{"line_number":76,"context_line":"    firstly, then load the grub from the volume disk, it also fills the iBFT"},{"line_number":77,"context_line":"    APCPI table with volume info. Finally it boots into initrd."}],"source_content_type":"text/x-rst","patch_set":1,"id":"401bfa46_07189a21","line":74,"range":{"start_line":74,"start_character":2,"end_line":74,"end_character":71},"updated":"2021-04-09 17:13:20.000000000","message":"Please chainload it over to HTTP for the kernel/initrd download. Grub supports this just fine.","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":74,"context_line":"    PXE loads grub from tftpboot network dir and just boots into initrd, it"},{"line_number":75,"context_line":"    doesn\u0027t do any other thing. Whereas iPXE will attach the iSCSI volume disk"},{"line_number":76,"context_line":"    firstly, then load the grub from the volume disk, it also fills the iBFT"},{"line_number":77,"context_line":"    APCPI table with volume info. Finally it boots into initrd."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"  - Initrd setup network ip with dhcp request, get the volume info from"},{"line_number":80,"context_line":"    command line options, attach the root volume disk, mount it and finally"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff32f07a_e1ceebb1","line":77,"range":{"start_line":77,"start_character":4,"end_line":77,"end_character":9},"updated":"2021-04-09 17:13:20.000000000","message":"typo?","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":83,"context_line":"    Differences:"},{"line_number":84,"context_line":"    PXE BFV gets the volume info from kernel command line options and iPXE BFV"},{"line_number":85,"context_line":"    gets it from the iBFT ACPI table. See `Debian volume attach script`_ as an"},{"line_number":86,"context_line":"    example."},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"Proposed change"},{"line_number":89,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":1,"id":"181dd9ae_00baf890","line":86,"updated":"2021-04-09 17:13:20.000000000","message":"I guess this might be the actual driver if iBFT is not a feature on aarch64?","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":110,"context_line":"  - Update ``storage.cinder.CinderStorage.validate`` driver logic to support"},{"line_number":111,"context_line":"    PXE."},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"  - Update ``storage.cinder.CinderStorage.should_write_image`` driver logic to"},{"line_number":114,"context_line":"    handle PXE BFV case which has an image source."},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9eaf313d_18b6ff7c","line":113,"range":{"start_line":113,"start_character":42,"end_line":113,"end_character":60},"updated":"2021-04-09 17:13:20.000000000","message":"Wouldn\u0027t you need to update externelstorage as well as cinderstorage? Of course, this may just be more of a details in the final code question/comment.","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":176,"context_line":"``Note`` that iSCSI volume info like username/password specified on the kernel"},{"line_number":177,"context_line":"command line are visible for all users via the file /proc/cmdline or via"},{"line_number":178,"context_line":"dmesg. Who gets the volume info can login and mount the iSCSI volume in the"},{"line_number":179,"context_line":"same storage network."},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"Other end user impact"},{"line_number":182,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"98d9f8e0_45cfbfe6","line":179,"updated":"2021-04-09 17:13:20.000000000","message":"This would need to be documented as an operational risk in final documentation.","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":177,"context_line":"command line are visible for all users via the file /proc/cmdline or via"},{"line_number":178,"context_line":"dmesg. Who gets the volume info can login and mount the iSCSI volume in the"},{"line_number":179,"context_line":"same storage network."},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"Other end user impact"},{"line_number":182,"context_line":"---------------------"},{"line_number":183,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"feb69fde_24b17564","line":180,"updated":"2021-04-09 17:13:20.000000000","message":"Another operational security aspect is the kernel/ramdisk will not be able to be updated from with-in the instance. The glance image would need to be updated. Granted, if there was some method where we periodically checked and re-synced the cache, that seems like it could be viable.","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":183,"context_line":""},{"line_number":184,"context_line":"PXE BFV doesn’t support whole disk image as iPXE BFV. It only supports"},{"line_number":185,"context_line":"partition user image. Which means that kernel updating automatically is not"},{"line_number":186,"context_line":"supported, It needs to copy kernel/initrd to tftpboot dir for PXE boot"},{"line_number":187,"context_line":"manually when updating kernel."},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"The user needs to know how to build partition user images. It should be built"}],"source_content_type":"text/x-rst","patch_set":1,"id":"6467a523_eec40604","line":186,"range":{"start_line":186,"start_character":45,"end_line":186,"end_character":53},"updated":"2021-04-09 17:13:20.000000000","message":"httpboot please. We *should* only be using tftpboot for chain loading of small files, not whole kernel/ramdisks if we can at all avoid it.","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"fd910bde151195bf6c10af2eb5acc3ed7c7b8784","unresolved":true,"context_lines":[{"line_number":224,"context_line":"Work Items"},{"line_number":225,"context_line":"----------"},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"* Implement support to pass image source info into Ironic for PXE BFV (Nova)."},{"line_number":228,"context_line":"* Implement support for PXE BFV."},{"line_number":229,"context_line":"* Update `Boot From Volume user guide`_ page on how to use this functionality."},{"line_number":230,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"c6ea9612_c04a7729","line":227,"updated":"2021-04-09 17:13:20.000000000","message":"Nova is going to want a specific blueprint for their end of work tracking.","commit_id":"7675b0b078b00d50efb2391ca0ffdf6e49465ec4"}]}