def setup_uefi_https(task, iso, persistent=False): """Sets up system to boot from UEFIHTTP boot device. Sets the one-time/persistent boot device to UEFIHTTP based on the argument supplied. :param task: a TaskManager instance containing the node to act on. :param iso: ISO URL to be set to boot from. :param persistent: Indicates whether the system should be set to boot from the given device one-time or each time. :raises: IloOperationError on an error from IloClient library. :raises: IloOperationNotSupported if retrieving post state is not supported on the server. """ node = task.node ilo_object = get_ilo_object(node) scheme = urlparse.urlparse(iso).scheme.lower() operation = (_("Setting up node %(node)s to boot from URL %(iso)s.") % { 'iso': iso, 'node': node.uuid }) if scheme != 'https': msg = (_('Error setting up node %(node)s to boot from ' 'URL %(iso)s. A secure URL is expected that is exposed ' 'over HTTPS.') % { 'node': node.uuid, 'iso': iso }) raise exception.IloOperationNotSupported(operation=operation, error=msg) try: ilo_object.set_http_boot_url(iso) LOG.info( "Set the node %(node)s to boot from URL %(iso)s " "successfully.", { 'node': node.uuid, 'iso': iso }) if not persistent: ilo_object.set_one_time_boot('UEFIHTTP') else: ilo_object.update_persistent_boot(['UEFIHTTP']) except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception: raise exception.IloOperationNotSupported(operation=operation, error=ilo_exception) except ilo_error.IloError as ilo_exception: raise exception.IloOperationError(operation=operation, error=ilo_exception)
def set_secure_boot_mode(task, flag): """Enable or disable UEFI Secure Boot for the next boot Enable or disable UEFI Secure Boot for the next boot :param task: a task from TaskManager. :param flag: Boolean value. True if the secure boot to be enabled in next boot. :raises: IloOperationError on an error from IloClient library. :raises: IloOperationNotSupported if UEFI secure boot is not supported. """ operation = (_("Setting secure boot to %(flag)s for node %(node)s.") % { 'flag': flag, 'node': task.node.uuid }) ilo_object = get_ilo_object(task.node) try: ilo_object.set_secure_boot_mode(flag) LOG.debug(operation) except ilo_error.IloCommandNotSupportedError as ilo_exception: raise exception.IloOperationNotSupported(operation=operation, error=ilo_exception) except ilo_error.IloError as ilo_exception: raise exception.IloOperationError(operation=operation, error=ilo_exception)
def get_secure_boot_mode(task): """Retrieves current enabled state of UEFI secure boot on the node Returns the current enabled state of UEFI secure boot on the node. :param task: a task from TaskManager. :raises: MissingParameterValue if a required iLO parameter is missing. :raises: IloOperationError on an error from IloClient library. :raises: IloOperationNotSupported if UEFI secure boot is not supported. :returns: Boolean value indicating current state of UEFI secure boot on the node. """ operation = _("Get secure boot mode for node %s.") % task.node.uuid secure_boot_state = False ilo_object = get_ilo_object(task.node) try: current_boot_mode = ilo_object.get_current_boot_mode() if current_boot_mode == 'UEFI': secure_boot_state = ilo_object.get_secure_boot_mode() except ilo_error.IloCommandNotSupportedError as ilo_exception: raise exception.IloOperationNotSupported(operation=operation, error=ilo_exception) except ilo_error.IloError as ilo_exception: raise exception.IloOperationError(operation=operation, error=ilo_exception) LOG.debug("Get secure boot mode for node %(node)s returned %(value)s", { 'value': secure_boot_state, 'node': task.node.uuid }) return secure_boot_state
def clear_certificates(task, cert_file_list=None): """Clears any certificates added to the node. Clears the certificates added to the node as part of any Ironic operation :param task: a TaskManager instance containing the node to act on. :param cert_file_list: List of certificates to be removed from node. If None, all the certificates present on the node will be removed. :raises: IloOperationError on an error from IloClient library. :raises: IloOperationNotSupported if retrieving post state is not supported on the server. """ node = task.node operation = (_("Clearing certificates from node %(node)s.") % { 'node': node.uuid }) try: ilo_object = get_ilo_object(node) ilo_object.remove_tls_certificate(cert_file_list) except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception: raise exception.IloOperationNotSupported(operation=operation, error=ilo_exception) except ilo_error.IloError as ilo_exception: raise exception.IloOperationError(operation=operation, error=ilo_exception) LOG.info( "Cleared TLS certificates from the node %(node)s " "successfully from paths %(cpath)s.", { 'node': node.uuid, 'cpath': cert_file_list })
def set_iscsi_boot_target(self, task): """Set iSCSI details of the system in UEFI boot mode. The initiator is set with the target details like IQN, LUN, IP, Port etc. :param task: a task from TaskManager. :raises: MissingParameterValue if a required parameter is missing. :raises: IloCommandNotSupportedInBiosError if system in BIOS boot mode. :raises: IloError on an error from iLO. """ # Getting target info node = task.node macs = [port['address'] for port in task.ports] boot_volume = node.driver_internal_info.get('boot_from_volume') volume = volume_target.VolumeTarget.get_by_uuid( task.context, boot_volume) properties = volume.properties username = properties.get('auth_username') password = properties.get('auth_password') try: portal = properties['target_portal'] iqn = properties['target_iqn'] lun = properties['target_lun'] host, port = portal.split(':') except KeyError as e: raise exception.MissingParameterValue( _('Failed to get iSCSI target info for node ' '%(node)s. Error: %(error)s') % { 'node': task.node.uuid, 'error': e }) ilo_object = ilo_common.get_ilo_object(task.node) try: auth_method = 'CHAP' if username else None ilo_object.set_iscsi_info(iqn, lun, host, port, auth_method=auth_method, username=username, password=password, macs=macs) except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception: operation = (_("Setting of target IQN %(target_iqn)s for node " "%(node)s") % { 'target_iqn': iqn, 'node': node.uuid }) raise exception.IloOperationNotSupported(operation=operation, error=ilo_exception) except ilo_error.IloError as ilo_exception: operation = (_("Setting of target IQN %(target_iqn)s for node " "%(node)s") % { 'target_iqn': iqn, 'node': node.uuid }) raise exception.IloOperationError(operation=operation, error=ilo_exception)
def clear_iscsi_boot_target(self, task): """Unset iSCSI details of the system in UEFI boot mode. :param task: a task from TaskManager. :raises: IloCommandNotSupportedInBiosError if system in BIOS boot mode. :raises: IloError on an error from iLO. """ ilo_object = ilo_common.get_ilo_object(task.node) try: ilo_object.unset_iscsi_info() except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception: operation = (_("Unsetting of iSCSI target for node %(node)s") % {'node': task.node.uuid}) raise exception.IloOperationNotSupported(operation=operation, error=ilo_exception) except ilo_error.IloError as ilo_exception: operation = (_("Unsetting of iSCSI target for node %(node)s") % {'node': task.node.uuid}) raise exception.IloOperationError(operation=operation, error=ilo_exception)
def get_server_post_state(node): """Get the current state of system POST. :param node: an ironic node object. :returns: POST state of the server. The valida states are:- null, Unknown, Reset, PowerOff, InPost, InPostDiscoveryComplete and FinishedPost. :raises: IloOperationError on an error from IloClient library. :raises: IloOperationNotSupported if retrieving post state is not supported on the server. """ ilo_object = get_ilo_object(node) operation = _("Get server post state for node %s.") % node.uuid try: return ilo_object.get_host_post_state() except ilo_error.IloCommandNotSupportedError as ilo_exception: raise exception.IloOperationNotSupported(operation=operation, error=ilo_exception) except ilo_error.IloError as ilo_exception: raise exception.IloOperationError(operation=operation, error=ilo_exception)
def inject_nmi(self, task): """Inject NMI, Non Maskable Interrupt. Inject NMI (Non Maskable Interrupt) for a node immediately. :param task: A TaskManager instance containing the node to act on. :raises: IloCommandNotSupportedError if system does not support NMI injection. :raises: IloError on an error from iLO. :returns: None """ node = task.node ilo_object = ilo_common.get_ilo_object(node) try: operation = (_("Injecting NMI for node %(node)s") % {'node': node.uuid}) ilo_object.inject_nmi() except ilo_error.IloCommandNotSupportedError as ilo_exception: raise exception.IloOperationNotSupported(operation=operation, error=ilo_exception) except ilo_error.IloError as ilo_exception: raise exception.IloOperationError(operation=operation, error=ilo_exception)
def add_certificates(task, cert_file_list=None): """Adds certificates to the node. Adds certificates to the node based on the driver info provided. :param task: a TaskManager instance containing the node to act on. :param cert_file_list: List of certificates to be added to the node. If None, certificates from path configured in 'webserver_verify_ca' will be added to the node. :raises: IloOperationError on an error from IloClient library. :raises: IloOperationNotSupported if retrieving post state is not supported on the server. :raises: InvalidParameterValue, if any of the required parameters are invalid. """ node = task.node ilo_object = get_ilo_object(node) d_info = node.driver_info export_certs = d_info.get('ilo_add_certificates', True) if export_certs is None: export_certs = True else: try: export_certs = strutils.bool_from_string(export_certs, strict=True) except ValueError: raise exception.InvalidParameterValue( _('Invalid value type set in driver_info/' 'ilo_add_certificates on node %(node)s. ' 'The value should be a Boolean ' ' not "%(value)s"') % { 'value': export_certs, 'node': node.uuid }) if not export_certs: LOG.info( "Adding of certificates to the node %(node)s is not " "requested. Assuming required certificates are available " "on the node.", {'node': node.uuid}) return cfl = _get_certificate_file_list(cert_file_list) if not cfl: LOG.debug( "Not adding any certificate to the node %(node)s " "as no certificates are provided", {'node': node.uuid}) return try: # NOTE(vmud213): Add the certificates to the node which are # eventually being used for TLS verification by the node before # downloading the deploy/instance images during HTTPS boot from # URL. operation = (_("Add certificates to %(node)s from paths " "%(cpath)s.") % { 'cpath': cfl, 'node': node.uuid }) ilo_object.add_tls_certificate(cfl) LOG.info( "Successfully added certificates to the node %(node)s from " "paths %(cpath)s.", { 'cpath': cfl, 'node': node.uuid }) except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception: raise exception.IloOperationNotSupported(operation=operation, error=ilo_exception) except ilo_error.IloError as ilo_exception: raise exception.IloOperationError(operation=operation, error=ilo_exception)