From ffbaa39844c05934c06035d0eeb1eca016937d40 Mon Sep 17 00:00:00 2001
From: Bartosz Bezak <bartosz@stackhpc.com>
Date: Thu, 31 Oct 2024 13:27:21 +0100
Subject: [PATCH 1/3] Ironic: Add ESP image for UEFI virtual media

UEFI virtual media boot requires an ESP image [1].

[1] https://docs.openstack.org/ironic/2024.2/admin/drivers/redfish.html#virtual-media-boot

Change-Id: Ie8485a7098743e1d736145e8fd9441cf13c929d7
(cherry picked from commit 5025ab688be5d484ae2c4ab798a5be13a3489026)
---
 docker/ironic/ironic-pxe/Dockerfile.j2        |  4 +++
 docker/ironic/ironic-pxe/extend_start.sh      | 30 +++++++++++++++++++
 .../ironic-esp-image-886b5fb5b01e7b56.yaml    |  6 ++++
 3 files changed, 40 insertions(+)
 create mode 100644 releasenotes/notes/ironic-esp-image-886b5fb5b01e7b56.yaml

diff --git a/docker/ironic/ironic-pxe/Dockerfile.j2 b/docker/ironic/ironic-pxe/Dockerfile.j2
index d122e1b115..fbca7ba7c3 100644
--- a/docker/ironic/ironic-pxe/Dockerfile.j2
+++ b/docker/ironic/ironic-pxe/Dockerfile.j2
@@ -9,10 +9,12 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% if base_package_type == 'rpm' %}
     {% set ironic_pxe_packages = [
+        'dosfstools',
         'grub2-tools',
         'grub2-efi-*64',
         'grub2-efi-aa64-modules',
         'ipxe-bootimgs',
+        'mtools',
         'shim-*64',
         'tftp-server',
     ] %}
@@ -26,8 +28,10 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {{ macros.install_packages(ironic_pxe_packages | customizable("packages")) }}
 {% elif base_package_type == 'deb' %}
     {% set ironic_pxe_packages = [
+        'dosfstools',
         'grub-efi-*64-signed',
         'ipxe',
+        'mtools',
         'pxelinux',
         'shim-signed',
         'syslinux-common',
diff --git a/docker/ironic/ironic-pxe/extend_start.sh b/docker/ironic/ironic-pxe/extend_start.sh
index 50aa543a70..54d6b1b21c 100644
--- a/docker/ironic/ironic-pxe/extend_start.sh
+++ b/docker/ironic/ironic-pxe/extend_start.sh
@@ -55,6 +55,35 @@ function prepare_ipxe {
     fi
 }
 
+function prepare_esp_image {
+    # NOTE(bbezak): based on https://docs.openstack.org/ironic/2024.2/install/configure-esp.html
+    # ESP image needs to be provided for UEFI boot with virtual media:
+    # https://docs.openstack.org/ironic/2024.2/admin/drivers/redfish.html#virtual-media-boot
+    if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then
+        shim_src_file="/usr/lib/shim/shim*64.efi.signed"
+        grub_src_file="/usr/lib/grub/*-efi-signed/grubnet*64.efi.signed"
+    elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|rocky ]]; then
+        shim_src_file="/boot/efi/EFI/${KOLLA_BASE_DISTRO}/shim*64.efi"
+        grub_src_file="/boot/efi/EFI/${KOLLA_BASE_DISTRO}/grub*64.efi"
+    fi
+
+    if [[ "${KOLLA_BASE_ARCH}" == "x86_64" ]]; then
+        shim_dst_file="bootx64.efi"
+        grub_dst_file="grubx64.efi"
+    elif [[ "${KOLLA_BASE_ARCH}" == "aarch64" ]]; then
+        shim_dst_file="bootaa64.efi"
+        grub_dst_file="grubaa64.efi"
+    fi
+
+    DEST=${HTTPBOOT_PATH}/esp.img
+    dd if=/dev/zero of=$DEST bs=4096 count=2048
+    mkfs.msdos -F 12 -n ESP_IMAGE $DEST
+    mmd -i $DEST EFI EFI/BOOT
+    mcopy -i $DEST -v $shim_src_file ::EFI/BOOT/$shim_dst_file
+    mcopy -i $DEST -v $grub_src_file ::EFI/BOOT/$grub_dst_file
+    mdir -i $DEST ::EFI/BOOT
+}
+
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
@@ -63,6 +92,7 @@ if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
     prepare_pxe_pxelinux
     prepare_pxe_grub
     prepare_ipxe
+    prepare_esp_image
     exit 0
 fi
 
diff --git a/releasenotes/notes/ironic-esp-image-886b5fb5b01e7b56.yaml b/releasenotes/notes/ironic-esp-image-886b5fb5b01e7b56.yaml
new file mode 100644
index 0000000000..616e1a7bf9
--- /dev/null
+++ b/releasenotes/notes/ironic-esp-image-886b5fb5b01e7b56.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Added ESP image needed for UEFI virtual media boot. More context in
+    `Ironic documentation
+    <https://docs.openstack.org/ironic/2024.2/admin/drivers/redfish.html#virtual-media-boot>`__.

From ed199ee8470e5823f3808dcebedf4bb83cea61bb Mon Sep 17 00:00:00 2001
From: Matt Anson <matta@stackhpc.com>
Date: Tue, 18 Mar 2025 13:21:46 +0000
Subject: [PATCH 2/3] Add support for aarch64 ipxe to ironic-pxe image

Support aarch64 ipxe only when using Ubuntu and Rocky
Linux base images, as the Debian ipxe package does not
provide a suitable aarch64 ipxe binary.

Change-Id: If5610148fc80acf13d4eb79fef78349764f08a17
(cherry picked from commit 16b3223d8c1e236edf498695786c960aef121db1)
---
 docker/ironic/ironic-pxe/Dockerfile.j2                | 1 +
 docker/ironic/ironic-pxe/extend_start.sh              | 7 ++++++-
 releasenotes/notes/aarch64-ipxe-51888a5972528d77.yaml | 9 +++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/aarch64-ipxe-51888a5972528d77.yaml

diff --git a/docker/ironic/ironic-pxe/Dockerfile.j2 b/docker/ironic/ironic-pxe/Dockerfile.j2
index fbca7ba7c3..c7ebdcc873 100644
--- a/docker/ironic/ironic-pxe/Dockerfile.j2
+++ b/docker/ironic/ironic-pxe/Dockerfile.j2
@@ -14,6 +14,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
         'grub2-efi-*64',
         'grub2-efi-aa64-modules',
         'ipxe-bootimgs',
+        'ipxe-bootimgs-aarch64',
         'mtools',
         'shim-*64',
         'tftp-server',
diff --git a/docker/ironic/ironic-pxe/extend_start.sh b/docker/ironic/ironic-pxe/extend_start.sh
index 54d6b1b21c..48504c6e62 100644
--- a/docker/ironic/ironic-pxe/extend_start.sh
+++ b/docker/ironic/ironic-pxe/extend_start.sh
@@ -43,7 +43,12 @@ function prepare_ipxe {
     # was ipxe.efi. Ensure that both exist, using symlinks where the files are
     # named differently to allow the original names to be used in ironic.conf.
     if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then
-        cp /usr/lib/ipxe/{undionly.kpxe,ipxe.efi,snponly.efi} ${TFTPBOOT_PATH}/
+        # NOTE(m-anson): ipxe-arm64.efi is not symlinked from /boot to
+        # /usr/lib/ipxe by the Ubuntu ipxe package, so fix that here.
+        if [[ -e /boot/ipxe-arm64.efi ]]; then
+            ln -s /boot/ipxe-arm64.efi /usr/lib/ipxe/
+        fi
+        cp /usr/lib/ipxe/{undionly.kpxe,ipxe*.efi,snponly.efi} ${TFTPBOOT_PATH}/
     elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|rocky ]]; then
         cp /usr/share/ipxe/{undionly.kpxe,ipxe*.efi} ${TFTPBOOT_PATH}/
         if [[ ! -e ${TFTPBOOT_PATH}/ipxe.efi ]]; then
diff --git a/releasenotes/notes/aarch64-ipxe-51888a5972528d77.yaml b/releasenotes/notes/aarch64-ipxe-51888a5972528d77.yaml
new file mode 100644
index 0000000000..eb891b30c3
--- /dev/null
+++ b/releasenotes/notes/aarch64-ipxe-51888a5972528d77.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Adds aarch64 iPXE support to the ironic-pxe image, by adding
+    ``ipxe-bootimgs-aarch64`` RPM package to Rocky Linux ironic-pxe
+    images, and ensuring that an aarch64 iPXE binary is available
+    in Ubuntu ironic-pxe images. No support for aarch64 iPXE in
+    Debian images is included, as the distro packages do not
+    install an aarch64 binary.

From 8b1f4aa4d2b6c1cdf9a8e132d5050c5a2ec0fc7a Mon Sep 17 00:00:00 2001
From: Matt Anson <matta@stackhpc.com>
Date: Tue, 8 Apr 2025 17:25:02 +0100
Subject: [PATCH 3/3] Fix preparation of /tftpboot for ironic-pxe

Copy aarch64 snponly.efi to /tftpboot during bootstrapping
of Centos- and Rocky-based ironic-pxe.

Don't use $KOLLA_BASE_ARCH when symlinking to
/tftpboot/ipxe.efi, because an aarch64 variant of this
binary doesn't exist, just x86_64.

Change-Id: Ie19fcb441a2e54a60762e5c8483487b713a29ddd
---
 docker/ironic/ironic-pxe/extend_start.sh                    | 5 ++++-
 .../notes/el-aarch64-ipxe-snponly-e7fc23bdc7edfe3d.yaml     | 6 ++++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/el-aarch64-ipxe-snponly-e7fc23bdc7edfe3d.yaml

diff --git a/docker/ironic/ironic-pxe/extend_start.sh b/docker/ironic/ironic-pxe/extend_start.sh
index 48504c6e62..07652b803e 100644
--- a/docker/ironic/ironic-pxe/extend_start.sh
+++ b/docker/ironic/ironic-pxe/extend_start.sh
@@ -51,8 +51,11 @@ function prepare_ipxe {
         cp /usr/lib/ipxe/{undionly.kpxe,ipxe*.efi,snponly.efi} ${TFTPBOOT_PATH}/
     elif [[ "${KOLLA_BASE_DISTRO}" =~ centos|rocky ]]; then
         cp /usr/share/ipxe/{undionly.kpxe,ipxe*.efi} ${TFTPBOOT_PATH}/
+        cp /usr/share/ipxe/arm64-efi/snponly.efi ${TFTPBOOT_PATH}/ipxe-snponly-aarch64.efi
         if [[ ! -e ${TFTPBOOT_PATH}/ipxe.efi ]]; then
-            ln -s ${TFTPBOOT_PATH}/ipxe-${KOLLA_BASE_ARCH}.efi ${TFTPBOOT_PATH}/ipxe.efi
+            # NOTE(m-anson): No ipxe-aarch64.efi exists so no need to use
+            # $KOLLA_BASE_ARCH in the symlink target
+            ln -s ${TFTPBOOT_PATH}/ipxe-x86_64.efi ${TFTPBOOT_PATH}/ipxe.efi
         fi
         if [[ ! -e ${TFTPBOOT_PATH}/snponly.efi ]]; then
             ln -s ${TFTPBOOT_PATH}/ipxe-snponly-${KOLLA_BASE_ARCH}.efi ${TFTPBOOT_PATH}/snponly.efi
diff --git a/releasenotes/notes/el-aarch64-ipxe-snponly-e7fc23bdc7edfe3d.yaml b/releasenotes/notes/el-aarch64-ipxe-snponly-e7fc23bdc7edfe3d.yaml
new file mode 100644
index 0000000000..539a6886c7
--- /dev/null
+++ b/releasenotes/notes/el-aarch64-ipxe-snponly-e7fc23bdc7edfe3d.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Ensure that ipxe-snponly-aarch64.efi is available in
+    /tftpboot in Centos and Rocky after bootstrapping
+    ironic-pxe.