def setup_uefi_https(task, iso, persistent=False):
"""Sets up system to boot from UEFIHTTP boot device.
Sets the one-time/persistent boot device to UEFIHTTP based
on the argument supplied.
:param task: a TaskManager instance containing the node to act on.
:param iso: ISO URL to be set to boot from.
:param persistent: Indicates whether the system should be set to boot
from the given device one-time or each time.
:raises: IloOperationError on an error from IloClient library.
:raises: IloOperationNotSupported if retrieving post state is not
supported on the server.
"""
node = task.node
ilo_object = get_ilo_object(node)
scheme = urlparse.urlparse(iso).scheme.lower()
operation = (_("Setting up node %(node)s to boot from URL %(iso)s.") % {
'iso': iso,
'node': node.uuid
})
if scheme != 'https':
msg = (_('Error setting up node %(node)s to boot from '
'URL %(iso)s. A secure URL is expected that is exposed '
'over HTTPS.') % {
'node': node.uuid,
'iso': iso
})
raise exception.IloOperationNotSupported(operation=operation,
error=msg)
try:
ilo_object.set_http_boot_url(iso)
LOG.info(
"Set the node %(node)s to boot from URL %(iso)s "
"successfully.", {
'node': node.uuid,
'iso': iso
})
if not persistent:
ilo_object.set_one_time_boot('UEFIHTTP')
else:
ilo_object.update_persistent_boot(['UEFIHTTP'])
except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception:
raise exception.IloOperationNotSupported(operation=operation,
error=ilo_exception)
except ilo_error.IloError as ilo_exception:
raise exception.IloOperationError(operation=operation,
error=ilo_exception)
def set_secure_boot_mode(task, flag):
"""Enable or disable UEFI Secure Boot for the next boot
Enable or disable UEFI Secure Boot for the next boot
:param task: a task from TaskManager.
:param flag: Boolean value. True if the secure boot to be
enabled in next boot.
:raises: IloOperationError on an error from IloClient library.
:raises: IloOperationNotSupported if UEFI secure boot is not supported.
"""
operation = (_("Setting secure boot to %(flag)s for node %(node)s.") % {
'flag': flag,
'node': task.node.uuid
})
ilo_object = get_ilo_object(task.node)
try:
ilo_object.set_secure_boot_mode(flag)
LOG.debug(operation)
except ilo_error.IloCommandNotSupportedError as ilo_exception:
raise exception.IloOperationNotSupported(operation=operation,
error=ilo_exception)
except ilo_error.IloError as ilo_exception:
raise exception.IloOperationError(operation=operation,
error=ilo_exception)
def get_secure_boot_mode(task):
"""Retrieves current enabled state of UEFI secure boot on the node
Returns the current enabled state of UEFI secure boot on the node.
:param task: a task from TaskManager.
:raises: MissingParameterValue if a required iLO parameter is missing.
:raises: IloOperationError on an error from IloClient library.
:raises: IloOperationNotSupported if UEFI secure boot is not supported.
:returns: Boolean value indicating current state of UEFI secure boot
on the node.
"""
operation = _("Get secure boot mode for node %s.") % task.node.uuid
secure_boot_state = False
ilo_object = get_ilo_object(task.node)
try:
current_boot_mode = ilo_object.get_current_boot_mode()
if current_boot_mode == 'UEFI':
secure_boot_state = ilo_object.get_secure_boot_mode()
except ilo_error.IloCommandNotSupportedError as ilo_exception:
raise exception.IloOperationNotSupported(operation=operation,
error=ilo_exception)
except ilo_error.IloError as ilo_exception:
raise exception.IloOperationError(operation=operation,
error=ilo_exception)
LOG.debug("Get secure boot mode for node %(node)s returned %(value)s", {
'value': secure_boot_state,
'node': task.node.uuid
})
return secure_boot_state
def clear_certificates(task, cert_file_list=None):
"""Clears any certificates added to the node.
Clears the certificates added to the node as part of any Ironic
operation
:param task: a TaskManager instance containing the node to act on.
:param cert_file_list: List of certificates to be removed from node.
If None, all the certificates present on the node will be removed.
:raises: IloOperationError on an error from IloClient library.
:raises: IloOperationNotSupported if retrieving post state is not
supported on the server.
"""
node = task.node
operation = (_("Clearing certificates from node %(node)s.") % {
'node': node.uuid
})
try:
ilo_object = get_ilo_object(node)
ilo_object.remove_tls_certificate(cert_file_list)
except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception:
raise exception.IloOperationNotSupported(operation=operation,
error=ilo_exception)
except ilo_error.IloError as ilo_exception:
raise exception.IloOperationError(operation=operation,
error=ilo_exception)
LOG.info(
"Cleared TLS certificates from the node %(node)s "
"successfully from paths %(cpath)s.", {
'node': node.uuid,
'cpath': cert_file_list
})
def set_iscsi_boot_target(self, task):
"""Set iSCSI details of the system in UEFI boot mode.
The initiator is set with the target details like
IQN, LUN, IP, Port etc.
:param task: a task from TaskManager.
:raises: MissingParameterValue if a required parameter is missing.
:raises: IloCommandNotSupportedInBiosError if system in BIOS boot mode.
:raises: IloError on an error from iLO.
"""
# Getting target info
node = task.node
macs = [port['address'] for port in task.ports]
boot_volume = node.driver_internal_info.get('boot_from_volume')
volume = volume_target.VolumeTarget.get_by_uuid(
task.context, boot_volume)
properties = volume.properties
username = properties.get('auth_username')
password = properties.get('auth_password')
try:
portal = properties['target_portal']
iqn = properties['target_iqn']
lun = properties['target_lun']
host, port = portal.split(':')
except KeyError as e:
raise exception.MissingParameterValue(
_('Failed to get iSCSI target info for node '
'%(node)s. Error: %(error)s') % {
'node': task.node.uuid,
'error': e
})
ilo_object = ilo_common.get_ilo_object(task.node)
try:
auth_method = 'CHAP' if username else None
ilo_object.set_iscsi_info(iqn,
lun,
host,
port,
auth_method=auth_method,
username=username,
password=password,
macs=macs)
except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception:
operation = (_("Setting of target IQN %(target_iqn)s for node "
"%(node)s") % {
'target_iqn': iqn,
'node': node.uuid
})
raise exception.IloOperationNotSupported(operation=operation,
error=ilo_exception)
except ilo_error.IloError as ilo_exception:
operation = (_("Setting of target IQN %(target_iqn)s for node "
"%(node)s") % {
'target_iqn': iqn,
'node': node.uuid
})
raise exception.IloOperationError(operation=operation,
error=ilo_exception)
def clear_iscsi_boot_target(self, task):
"""Unset iSCSI details of the system in UEFI boot mode.
:param task: a task from TaskManager.
:raises: IloCommandNotSupportedInBiosError if system in BIOS boot mode.
:raises: IloError on an error from iLO.
"""
ilo_object = ilo_common.get_ilo_object(task.node)
try:
ilo_object.unset_iscsi_info()
except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception:
operation = (_("Unsetting of iSCSI target for node %(node)s")
% {'node': task.node.uuid})
raise exception.IloOperationNotSupported(operation=operation,
error=ilo_exception)
except ilo_error.IloError as ilo_exception:
operation = (_("Unsetting of iSCSI target for node %(node)s")
% {'node': task.node.uuid})
raise exception.IloOperationError(operation=operation,
error=ilo_exception)
def get_server_post_state(node):
"""Get the current state of system POST.
:param node: an ironic node object.
:returns: POST state of the server. The valida states are:-
null, Unknown, Reset, PowerOff, InPost, InPostDiscoveryComplete
and FinishedPost.
:raises: IloOperationError on an error from IloClient library.
:raises: IloOperationNotSupported if retrieving post state is not
supported on the server.
"""
ilo_object = get_ilo_object(node)
operation = _("Get server post state for node %s.") % node.uuid
try:
return ilo_object.get_host_post_state()
except ilo_error.IloCommandNotSupportedError as ilo_exception:
raise exception.IloOperationNotSupported(operation=operation,
error=ilo_exception)
except ilo_error.IloError as ilo_exception:
raise exception.IloOperationError(operation=operation,
error=ilo_exception)
def inject_nmi(self, task):
"""Inject NMI, Non Maskable Interrupt.
Inject NMI (Non Maskable Interrupt) for a node immediately.
:param task: A TaskManager instance containing the node to act on.
:raises: IloCommandNotSupportedError if system does not support
NMI injection.
:raises: IloError on an error from iLO.
:returns: None
"""
node = task.node
ilo_object = ilo_common.get_ilo_object(node)
try:
operation = (_("Injecting NMI for node %(node)s")
% {'node': node.uuid})
ilo_object.inject_nmi()
except ilo_error.IloCommandNotSupportedError as ilo_exception:
raise exception.IloOperationNotSupported(operation=operation,
error=ilo_exception)
except ilo_error.IloError as ilo_exception:
raise exception.IloOperationError(operation=operation,
error=ilo_exception)
def add_certificates(task, cert_file_list=None):
"""Adds certificates to the node.
Adds certificates to the node based on the driver info
provided.
:param task: a TaskManager instance containing the node to act on.
:param cert_file_list: List of certificates to be added to the node.
If None, certificates from path configured in 'webserver_verify_ca'
will be added to the node.
:raises: IloOperationError on an error from IloClient library.
:raises: IloOperationNotSupported if retrieving post state is not
supported on the server.
:raises: InvalidParameterValue, if any of the required parameters are
invalid.
"""
node = task.node
ilo_object = get_ilo_object(node)
d_info = node.driver_info
export_certs = d_info.get('ilo_add_certificates', True)
if export_certs is None:
export_certs = True
else:
try:
export_certs = strutils.bool_from_string(export_certs, strict=True)
except ValueError:
raise exception.InvalidParameterValue(
_('Invalid value type set in driver_info/'
'ilo_add_certificates on node %(node)s. '
'The value should be a Boolean '
' not "%(value)s"') % {
'value': export_certs,
'node': node.uuid
})
if not export_certs:
LOG.info(
"Adding of certificates to the node %(node)s is not "
"requested. Assuming required certificates are available "
"on the node.", {'node': node.uuid})
return
cfl = _get_certificate_file_list(cert_file_list)
if not cfl:
LOG.debug(
"Not adding any certificate to the node %(node)s "
"as no certificates are provided", {'node': node.uuid})
return
try:
# NOTE(vmud213): Add the certificates to the node which are
# eventually being used for TLS verification by the node before
# downloading the deploy/instance images during HTTPS boot from
# URL.
operation = (_("Add certificates to %(node)s from paths "
"%(cpath)s.") % {
'cpath': cfl,
'node': node.uuid
})
ilo_object.add_tls_certificate(cfl)
LOG.info(
"Successfully added certificates to the node %(node)s from "
"paths %(cpath)s.", {
'cpath': cfl,
'node': node.uuid
})
except ilo_error.IloCommandNotSupportedInBiosError as ilo_exception:
raise exception.IloOperationNotSupported(operation=operation,
error=ilo_exception)
except ilo_error.IloError as ilo_exception:
raise exception.IloOperationError(operation=operation,
error=ilo_exception)
