Skip to content

Commit

Permalink
Fixes #36940 - Add SecureBoot support for arbitrary operating systems…
Browse files Browse the repository at this point in the history
… to "Grub2 UEFI" PXE loaders

In the course of theforeman/foreman#9864 and theforeman/smart-proxy#877,
SecureBoot support for arbitrary operating systems has been added to the
"Grub2 UEFI" PXE loaders.
This patch adds a new parameter 'bootloader_universe' to the TFTP
configuration and a directory 'host_config' inside the TFTP root
directory, that are both required by the aforementioned PRs.
  • Loading branch information
goarsna committed Mar 8, 2024
1 parent a0d0eee commit 49517b7
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 1 deletion.
3 changes: 3 additions & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,8 @@
#
# $tftp_replace_grub2_cfg:: Determines if grub2.cfg will be replaced
#
# $tftp_bootloader_universe:: Directory for OS specific NBPs for "Grub2 UEFI" PXE loaders
#
# $dhcp:: Enable DHCP feature
#
# $dhcp_listen_on:: DHCP proxy to listen on https, http, or both
Expand Down Expand Up @@ -341,6 +343,7 @@
Optional[Array[Stdlib::Absolutepath]] $tftp_dirs = undef,
Optional[String] $tftp_servername = undef,
Boolean $tftp_replace_grub2_cfg = false,
Optional[Stdlib::Absolutepath] $tftp_bootloader_universe = undef,
Boolean $dhcp = false,
Foreman_proxy::ListenOn $dhcp_listen_on = 'https',
Boolean $dhcp_managed = true,
Expand Down
4 changes: 4 additions & 0 deletions manifests/module/tftp.pp
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,14 @@
#
# @param tftproot
# The root directory to use. This is required if the module is enabled.
#
# @param tftp_bootloader_universe
# Directory for OS specific NBPs for "Grub2 UEFI" PXE loaders.
class foreman_proxy::module::tftp (
Boolean $enabled = $foreman_proxy::tftp,
Foreman_proxy::ListenOn $listen_on = $foreman_proxy::tftp_listen_on,
Optional[Stdlib::Absolutepath] $tftproot = $foreman_proxy::tftp_root,
Optional[Stdlib::Absolutepath] $tftp_bootloader_universe = $foreman_proxy::tftp_bootloader_universe,
) {
if $enabled {
assert_type(NotUndef, $tftproot)
Expand Down
3 changes: 2 additions & 1 deletion manifests/tftp.pp
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,13 @@
Boolean $manage_wget = $foreman_proxy::tftp_manage_wget,
String[1] $wget_version = $foreman_proxy::ensure_packages_version,
Boolean $tftp_replace_grub2_cfg = $foreman_proxy::tftp_replace_grub2_cfg,
Optional[Stdlib::Absolutepath] $tftp_bootloader_universe = $foreman_proxy::tftp_bootloader_universe,
) {
class { 'tftp':
root => $root,
}

$dirs = pick($directories, prefix(['pxelinux.cfg','grub','grub2','boot','ztp.cfg','poap.cfg'], "${tftp::root}/"))
$dirs = pick($directories, prefix(['pxelinux.cfg','grub','grub2','boot','ztp.cfg','poap.cfg', 'host_config'], "${tftp::root}/"))

file { $dirs:
ensure => directory,
Expand Down
3 changes: 3 additions & 0 deletions templates/tftp.yml.erb
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,6 @@
# Defines the default certificate action for certificate checking.
# When false, the argument --no-check-certificate will be used.
#:verify_server_cert: true

# Directory for OS specific NBPs for "Grub2 UEFI" PXE loaders
<%= '#' if [nil, :undefined, :undef].include?(scope.lookupvar("foreman_proxy::module::tftp::tftp_bootloader_universe")) %>:bootloader_universe: <%= scope.lookupvar("foreman_proxy::module::tftp::tftp_bootloader_universe") %>

0 comments on commit 49517b7

Please sign in to comment.