openstack
diff --git a/‎doc/source/admin/drivers/redfish.rst
+38-2 b/‎doc/source/admin/drivers/redfish.rst
+38-2
diff --git a/‎ironic/common/boot_devices.py
+3 b/‎ironic/common/boot_devices.py
+3
diff --git a/‎ironic/common/exception.py
+6 b/‎ironic/common/exception.py
+6
diff --git a/‎ironic/drivers/modules/redfish/boot.py
+303 b/‎ironic/drivers/modules/redfish/boot.py
+303
@@ -23,13 +23,14 @@ Enabling the Redfish driver
 #. Add ``redfish`` to the list of ``enabled_hardware_types``,
    ``enabled_power_interfaces``, ``enabled_management_interfaces`` and
    ``enabled_inspect_interfaces`` as well as ``redfish-virtual-media``
-   to ``enabled_boot_interfaces`` in ``/etc/ironic/ironic.conf``.
+   and ``redfish-https`` to ``enabled_boot_interfaces`` in
+   ``/etc/ironic/ironic.conf``.
    For example::
 
     [DEFAULT]
     ...
     enabled_hardware_types = ipmi,redfish
-    enabled_boot_interfaces = ipxe,redfish-virtual-media
+    enabled_boot_interfaces = ipxe,redfish-virtual-media,redfish-https
     enabled_power_interfaces = ipmitool,redfish
     enabled_management_interfaces = ipmitool,redfish
     enabled_inspect_interfaces = inspector,redfish
@@ -386,6 +387,41 @@ Layer 3 or DHCP-less ramdisk booting
 DHCP-less deploy is supported by the Redfish virtual media boot. See
 :doc:`/admin/dhcp-less` for more information.
 
+Redfish HTTP(s) Boot
+====================
+
+The ``redfish-https`` boot interface is very similar to the
+``redfish-virtual-media`` boot interface. In this driver, we compose an ISO
+image, and request the BMC to inform the UEFI firmware to boot the Ironic
+ramdisk, or a other ramdisk image. This approach is intended to allow a
+pattern of engagement where we have minimal reliance on addressing and
+discovery of the Ironic deployment through autoconfiguration like DHCP,
+and somewhat mirrors vendor examples of booting from an HTTP URL.
+
+This interface has some basic constraints.
+
+* There is no configuration drive functionality, while Virtual Media did
+  help provide such functionality.
+* This interface *is* dependent upon BMC, EFI Firmware, and Bootloader,
+  which means we may not see additional embedded files an contents in
+  an ISO image. This is the same basic constraint over the ``ramdisk``
+  deploy interface when using Network Booting.
+* This is a UEFI-Only boot interface. No legacy boot is possible with
+  this interface.
+
+A good starting point for this interface, is to think of it as
+higher security network boot, as we are explicitly telling the BMC
+where the node should boot from.
+
+Like the ``redfish-virtual-media`` boot interface, you will need
+to create an EFI System Partition image (ESP_), see
+`Configuring an ESP image`_ for details on how to do this.
+
+Additionally, if you would like to use the ``ramdisk`` deployment
+interface, the same basic instructions covered in `Virtual Media Ramdisk`_
+apply, just use ``redfish-https`` as the boot_interface, and keep in mind,
+no configuration drives exist with the ``redfish-https`` boot interface.
+
 Firmware update using manual cleaning
 =====================================
 
 
@@ -52,3 +52,6 @@
 
 VMEDIA_DEVICES = [DISK, CDROM, FLOPPY]
 """Devices that make sense for virtual media attachment."""
+
+UEFIHTTP = "uefihttp"
+"Boot from a UEFI HTTP(s) URL"
@@ -883,3 +883,9 @@ class FirmwareComponentNotFound(NotFound):
 
 class InvalidNodeInventory(Invalid):
     _msg_fmt = _("Inventory for node %(node)s is invalid: %(reason)s")
+
+
+class UnsupportedHardwareFeature(Invalid):
+    _msg_fmt = _("Node %(node)s hardware does not support feature "
+                 "%(feature)s, which is required based upon the "
+                 "requested configuration.")
@@ -21,6 +21,7 @@
 from ironic.common import exception
 from ironic.common.i18n import _
 from ironic.common import states
+from ironic.common import utils as common_utils
 from ironic.conductor import utils as manager_utils
 from ironic.conf import CONF
 from ironic.drivers import base
@@ -712,6 +713,11 @@ def _attach_configdrive(self, task, managers):
         if not configdrive:
             return
 
+        if 'ramdisk_boot_configdrive' not in self.capabilities:
+            raise exception.InstanceDeployFailure(
+                _('Cannot attach a configdrive to node %s, as it is not '
+                  'supported in the driver.') % task.node.uuid)
+
         _eject_vmedia(task, managers, sushy.VIRTUAL_MEDIA_USBSTICK)
         cd_ref = image_utils.prepare_configdrive_image(task, configdrive)
         try:
@@ -775,3 +781,300 @@ def _set_boot_device(cls, task, device, persistent=False):
             ManagementInterface fails.
         """
         manager_utils.node_set_boot_device(task, device, persistent)
+
+
+class RedfishHttpsBoot(base.BootInterface):
+    """A driver which utilizes UefiHttp like virtual media.
+
+    Utilizes the virtual media image build to craft a ISO image to
+    signal to remote BMC to boot.
+
+    This interface comes with some constraints. For example, this
+    interface is built under the operating assumption that DHCP is
+    used. The UEFI Firmware needs to load some base configuration,
+    regardless. Also depending on UEFI Firmware, and how it handles
+    UefiHttp Boot, additional ISO contents, such as "configuration drive"
+    materials might be unavailable. A similar constraint exists with
+    ``ramdisk`` deployment.
+    """
+
+    capabilities = ['ramdisk_boot']
+
+    def get_properties(self):
+        """Return the properties of the interface.
+
+        :returns: dictionary of <property name>:<property description> entries.
+        """
+        return REQUIRED_PROPERTIES
+
+    def _validate_driver_info(self, task):
+        """Validate the prerequisites for Redfish HTTPS based boot.
+
+        This method validates whether the 'driver_info' property of the
+        supplied node contains the required information for this driver.
+
+        :param task: a TaskManager instance containing the node to act on.
+        :raises: InvalidParameterValue if any parameters are incorrect
+        :raises: MissingParameterValue if some mandatory information
+            is missing on the node
+        """
+        node = task.node
+
+        _parse_driver_info(node)
+        # Issue the deprecation warning if needed
+        driver_utils.get_agent_iso(node, deprecated_prefix='redfish')
+
+    def _validate_instance_info(self, task):
+        """Validate instance image information for the task's node.
+
+        This method validates whether the 'instance_info' property of the
+        supplied node contains the required information for this driver.
+
+        :param task: a TaskManager instance containing the node to act on.
+        :raises: InvalidParameterValue if any parameters are incorrect
+        :raises: MissingParameterValue if some mandatory information
+            is missing on the node
+        """
+        node = task.node
+
+        # NOTE(dtantsur): if we're are writing an image with local boot
+        # the boot interface does not care about image parameters and
+        # must not validate them.
+        if (not task.driver.storage.should_write_image(task)
+                or deploy_utils.get_boot_option(node) == 'local'):
+            return
+
+        d_info = _parse_deploy_info(node)
+        deploy_utils.validate_image_properties(task, d_info)
+
+    def _validate_hardware(self, task):
+        """Validates hardware support.
+
+        :param task: a TaskManager instance containing the node to act on.
+        :raises: InvalidParameterValue if vendor not supported
+        """
+        system = redfish_utils.get_system(task.node)
+        if "UefiHttp" not in system.boot.allowed_values:
+            raise exception.UnsupportedHardwareFeature(
+                node=task.node.uuid,
+                feature="UefiHttp boot")
+
+    def validate(self, task):
+        """Validate the deployment information for the task's node.
+
+        This method validates whether the 'driver_info' and/or 'instance_info'
+        properties of the task's node contains the required information for
+        this interface to function.
+
+        :param task: A TaskManager instance containing the node to act on.
+        :raises: InvalidParameterValue on malformed parameter(s)
+        :raises: MissingParameterValue on missing parameter(s)
+        """
+        self._validate_hardware(task)
+        self._validate_driver_info(task)
+        self._validate_instance_info(task)
+
+    def validate_inspection(self, task):
+        """Validate that the node has required properties for inspection.
+
+        :param task: A TaskManager instance with the node being checked
+        :raises: MissingParameterValue if node is missing one or more required
+            parameters
+        :raises: UnsupportedDriverExtension
+        """
+        try:
+            self._validate_driver_info(task)
+        except exception.MissingParameterValue:
+            # Fall back to non-managed in-band inspection
+            raise exception.UnsupportedDriverExtension(
+                driver=task.node.driver, extension='inspection')
+
+    def prepare_ramdisk(self, task, ramdisk_params):
+        """Prepares the boot of the agent ramdisk.
+
+        This method prepares the boot of the deploy or rescue ramdisk after
+        reading relevant information from the node's driver_info and
+        instance_info.
+
+        :param task: A task from TaskManager.
+        :param ramdisk_params: the parameters to be passed to the ramdisk.
+        :returns: None
+        :raises: MissingParameterValue, if some information is missing in
+            node's driver_info or instance_info.
+        :raises: InvalidParameterValue, if some information provided is
+            invalid.
+        :raises: IronicException, if some power or set boot boot device
+            operation failed on the node.
+        """
+        node = task.node
+        if not driver_utils.need_prepare_ramdisk(node):
+            return
+
+        d_info = _parse_driver_info(node)
+
+        if manager_utils.is_fast_track(task):
+            LOG.debug('Fast track operation for node %s, not setting up '
+                      'a HTTP Boot url', node.uuid)
+            return
+
+        can_config = d_info.pop('can_provide_config', True)
+        if can_config:
+            manager_utils.add_secret_token(node, pregenerated=True)
+            node.save()
+            ramdisk_params['ipa-agent-token'] = \
+                node.driver_internal_info['agent_secret_token']
+
+        manager_utils.node_power_action(task, states.POWER_OFF)
+
+        deploy_nic_mac = deploy_utils.get_single_nic_with_vif_port_id(task)
+        if deploy_nic_mac is not None:
+            ramdisk_params['BOOTIF'] = deploy_nic_mac
+        if CONF.debug and 'ipa-debug' not in ramdisk_params:
+            ramdisk_params['ipa-debug'] = '1'
+
+        # NOTE(TheJulia): This is a mandatory setting for virtual media
+        # based deployment operations and boot modes similar where we
+        # want the ramdisk to consider embedded configuration.
+        ramdisk_params['boot_method'] = 'vmedia'
+
+        mode = deploy_utils.rescue_or_deploy_mode(node)
+
+        iso_ref = image_utils.prepare_deploy_iso(task, ramdisk_params,
+                                                 mode, d_info)
+        boot_mode_utils.sync_boot_mode(task)
+
+        self._set_boot_device(task, boot_devices.UEFIHTTP,
+                              http_boot_url=iso_ref)
+
+        LOG.debug("Node %(node)s is set to one time boot from "
+                  "%(device)s", {'node': task.node.uuid,
+                                 'device': boot_devices.UEFIHTTP})
+
+    def clean_up_ramdisk(self, task):
+        """Cleans up the boot of ironic ramdisk.
+
+        This method cleans up the environment that was setup for booting the
+        deploy ramdisk.
+
+        :param task: A task from TaskManager.
+        :returns: None
+        """
+        if manager_utils.is_fast_track(task):
+            LOG.debug('Fast track operation for node %s, not ejecting '
+                      'any devices', task.node.uuid)
+            return
+
+        LOG.debug("Cleaning up deploy boot for "
+                  "%(node)s", {'node': task.node.uuid})
+        self._clean_up(task)
+
+    def prepare_instance(self, task):
+        """Prepares the boot of instance over virtual media.
+
+        This method prepares the boot of the instance after reading
+        relevant information from the node's instance_info.
+
+        The internal logic is as follows:
+
+        - Cleanup any related files
+        - Sync the boot mode with the machine.
+        - Configure Secure boot, if required.
+        - If local boot, or a whole disk image was deployed,
+          set the next boot device as disk.
+        - If "ramdisk" is the desired, then the UefiHttp boot
+          option is set to the BMC with a request for this to
+          be persistent.
+
+        :param task: a task from TaskManager.
+        :returns: None
+        :raises: InstanceDeployFailure, if its try to boot iSCSI volume in
+                 'BIOS' boot mode.
+        """
+        node = task.node
+
+        self._clean_up(task)
+
+        boot_mode_utils.sync_boot_mode(task)
+        boot_mode_utils.configure_secure_boot_if_needed(task)
+
+        boot_option = deploy_utils.get_boot_option(node)
+        iwdi = node.driver_internal_info.get('is_whole_disk_image')
+        if boot_option == "local" or iwdi:
+            self._set_boot_device(task, boot_devices.DISK, persistent=True)
+
+            LOG.debug("Node %(node)s is set to permanently boot from local "
+                      "%(device)s", {'node': task.node.uuid,
+                                     'device': boot_devices.DISK})
+            return
+
+        params = {}
+
+        if boot_option != 'ramdisk':
+            root_uuid = node.driver_internal_info.get('root_uuid_or_disk_id')
+            if not root_uuid and task.driver.storage.should_write_image(task):
+                LOG.warning(
+                    "The UUID of the root partition could not be found for "
+                    "node %s. Booting instance from disk anyway.", node.uuid)
+
+                self._set_boot_device(task, boot_devices.DISK, persistent=True)
+
+                return
+
+            params.update(root_uuid=root_uuid)
+
+        deploy_info = _parse_deploy_info(node)
+
+        iso_ref = image_utils.prepare_boot_iso(task, deploy_info, **params)
+        self._set_boot_device(task, boot_devices.UEFIHTTP, persistent=True,
+                              http_boot_url=iso_ref)
+
+        LOG.debug("Node %(node)s is set to permanently boot from "
+                  "%(device)s", {'node': task.node.uuid,
+                                 'device': boot_devices.UEFIHTTP})
+
+    def _clean_up(self, task):
+        image_utils.cleanup_iso_image(task)
+
+    def clean_up_instance(self, task):
+        """Cleans up the boot of instance.
+
+        This method cleans up the environment that was setup for booting
+        the instance.
+
+        :param task: A task from TaskManager.
+        :returns: None
+        """
+        LOG.debug("Cleaning up instance boot for "
+                  "%(node)s", {'node': task.node.uuid})
+        self._clean_up(task)
+        boot_mode_utils.deconfigure_secure_boot_if_needed(task)
+
+    @classmethod
+    def _set_boot_device(cls, task, device, persistent=False,
+                         http_boot_url=None):
+        """Set the boot device for a node.
+
+        This is a hook method which can be used by other drivers based upon
+        this class, in order to facilitate vendor specific logic,
+        if needed.
+
+        Furthermore, we are not considering a *lack* of a URL as fatal.
+        A driver could easily update DHCP and send the message to the BMC.
+
+        :param task: a TaskManager instance.
+        :param device: the boot device, one of
+                       :mod:`ironic.common.boot_devices`.
+        :param persistent: Whether to set next-boot, or make the change
+            permanent. Default: False.
+        :param http_boot_url: The URL to send to the BMC in order to boot
+            the node via UEFIHTTP.
+        :raises: InvalidParameterValue if the validation of the
+            ManagementInterface fails.
+        """
+
+        if http_boot_url:
+            common_utils.set_node_nested_field(
+                task.node, 'driver_internal_info',
+                'redfish_uefi_http_url', http_boot_url)
+            task.node.save()
+        manager_utils.node_set_boot_device(task, device, persistent)