support a more generic ipxe installer

[mikemrm]

Description

Allows more generic support for ipxe installers for installation of an OS which cannot be modified to work with the OSIE installation method.

The new ipxe installer works similar to custom_ipxe however differs in that it is selected earlier in the process for different handling of data and which is used for any os which has the installer set to ipxe.

Why is this needed

Some os installation processes have unique installation environments which do not lend themselves easily to osie liveos / workflow setup as seen with other installers in boots like vmware and coreos. However instead of hard coding a new OS into boots, this method allows for those dynamic configurations to be handled separately by allowing the installer to be set to ipxe which supports chaining or injecting a script to boot the installer.

The model has changed for packet.OperatingSystem to now have two additional optional fields Installer and InstallerData.

The ipxe installer is configurable through the InstallerData field which it expects to be a string encoded JSON blob of which two fields may be specified chain which should be a full URL to a valid iPXE script and script which allows for injecting an ipxe script directly.

Example of both configurable fields:

{
  "chain": "https://boot.example.com/unique_os_installer.ipxe",
  "script": "echo Welcome to unique os installer\nshell\n"
}

Example using iPXE installer with chain loading:

{
  "distro": "Unique OS",
  "os_slug": "unique_os",
  "slug": "unique_os_7",
  "version": "7",
  "installer": "ipxe",
  "installer_data": "{\"chain\": \"https://boot.example.com/unique_os_installer.ipxe\"}"
}

How are existing users impacted? What migration steps/scripts do we need?

No changes to existing functionality, only adding additional support.

[codecov]

Codecov Report

Merging #192 (1f966ce) into master (94f4394) will increase coverage by 0.56%.
The diff coverage is 72.00%.

@@            Coverage Diff             @@
##           master     #192      +/-   ##
==========================================
+ Coverage   41.38%   41.94%   +0.56%     
==========================================
  Files          41       41              
  Lines        2576     2620      +44     
==========================================
+ Hits         1066     1099      +33     
- Misses       1423     1436      +13     
+ Partials       87       85       -2     

Impacted Files	Coverage Δ
job/ipxe.go	0.00% <0.00%> (ø)
job/mock.go	60.91% <0.00%> (-1.92%)	⬇️
packet/models.go	78.00% <ø> (ø)
installers/custom_ipxe/main.go	100.00% <100.00%> (+30.00%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 94f4394...1f966ce. Read the comment docs.

[jacobweinstock]

Hey @mikemrm, I'm not seeing how this is different than the existing custom_ipxe? custom_ipxe can already handle ipxe scripts via a URL to chain load or just a custom IPXE script.

Also, I've put out a proposal that includes deprecating all installers besides a default. I believe there has been an unofficial desire amongst the community to deprecate all installers too.

[mikemrm]

Correct @jacobweinstock however this differs in how it is triggered. The custom_ipxe is only used when an OperatingSystem distro is set to custom_ipxe which it then looks at a field attached to the instance ipxe_script_url.

The trouble is that this process is only triggered due to the distro being custom_ipxe so if we needed to support a new OS which would have a distro of My OS (my_os) which needed to chain load an ipxe script. We would have to overwrite the distro field sent to cacher/tink with custom_ipxe which is undesireable.

This change makes this path more direct by not relying on faking / overriding a field.

[mikemrm]

Also, I've put out a proposal that includes deprecating all installers besides a default. I believe there has been an unofficial desire amongst the community to deprecate all installers too.

I agree with that desire and I believe this functionality would allow us to remove the other installers leaving only this method.

[jacobweinstock]

@mikemrm , there are actually 2 fields that can trigger a Boots Installer. metadata.instance.operating_system.slug and metadata.instance.operating_system.distro. slug is checked first and then distro is checked.

If I understand the use-case correctly, then the slug can be set to custom_ipxe, and the distro can be anything (my_os) for example.

[mikemrm]

Correct, it does appear custom_ipxe is actually only being registered for a slug. Meaning slug is the field that would need to be set.

This however doesn't change the issue, as slugs are typically understood as a unique string. Which in this case is the Operating System Version slug which an OS may have many OSVs.

[mmlb]

chaining and script can both be done with custom_ipxe, why do we need this instead of custom_ipxe?

[mmlb]

chaining and script can both be done with custom_ipxe, why do we need this instead of custom_ipxe?

well I should refresh before commenting it seems

[jacobweinstock]

@mikemrm and I talked offline. (@mikemrm correct me if I misspeak here at all!) Here's the synopsis. There is a desire to add an additional hardware data field metadata.instance.operatiing_system.Installer that will be checked before slug and distro. Also, there is a desire to add another new add hardware data field: metadata.instance.operatiing_system.IntallerData. This field would be a string but expected to be a JSON string of {"chain": "", "script":""}.
The reasoning behind this is that it makes sense for the custom business logic internal to Equinix metal that interacts with hardware data via tink/cacher. As the hardware data model in Tink is arbitrary and not enforced, I don't see why this shouldn't be allowed. I did ask Mike to compromise and not create a new Boots Installer but to modify custom_ipxe without breaking backwards compatibility. Mike said he will see what he can do and update this PR.

[mmlb]

Do we really need support for both chain and script fields? Chain can already by done by filling into script.

[mikemrm]

Do we really need support for both chain and script fields? Chain can already by done by filling into script.

Script was included to make it easier to push an exact script rather than relying on an externally hosted one. This is just a beneficial addition I can see useful for many things including testing without relying on external services.

[jacobweinstock]

I think it's important to note the following. This functionality can already be accomplished via the existing custom_ipxe Installer. In my opinion, what this PR does do is create a more clear mapping from hardware data to Boots installer.
New:
metadata.instance.operating_system.installer -> Boots Installer
Existing:
metadata.instance.operating_system.slug -> Boots Installer
metadata.instance.operating_system.distro -> Boots Installer

[jacobweinstock]

Thank you for being open to change so much!

[jacobweinstock]

just a DCO issue to address and this should be good to go!

[mmlb]

Do we really need support for both chain and script fields? Chain can already by done by filling into script.

Script was included to make it easier to push an exact script rather than relying on an externally hosted one. This is just a beneficial addition I can see useful for many things including testing without relying on external services.

Right, so why don't we just support only script and if the use wants to chain they can provide the script that does so.

[mikemrm]

Do we really need support for both chain and script fields? Chain can already by done by filling into script.

Script was included to make it easier to push an exact script rather than relying on an externally hosted one. This is just a beneficial addition I can see useful for many things including testing without relying on external services.

Right, so why don't we just support only script and if the use wants to chain they can provide the script that does so.

Besides the fact that it supports the two code paths of the original custom_ipxe method. I think it also makes an easy way to do the chain loading and adds minimal code. However if you feel this cannot be, I can remove.

[mmlb]

Do we really need support for both chain and script fields? Chain can already by done by filling into script.

Script was included to make it easier to push an exact script rather than relying on an externally hosted one. This is just a beneficial addition I can see useful for many things including testing without relying on external services.

Right, so why don't we just support only script and if the use wants to chain they can provide the script that does so.

Besides the fact that it supports the two code paths of the original custom_ipxe method. I think it also makes an easy way to do the chain loading and adds minimal code. However if you feel this cannot be, I can remove.

Yeah I think this makes sense, it also makes explicit what was implicit before (either you feed in an ipxe script or we'll chainload what is presumably a url).

[mmlb]

the job should have its own logger already with these fields (and more) already populated, so this should just be:

logger := job.logger.With("installer", "custom_ipxe")

[mikemrm]

good point. updating

[mmlb]

Hmm we should probably return a s.Shell if there's no instance id right?

[mikemrm]

I see your point, will update.

[mmlb]

err is currently nil here, actually this looks like the only use of err at all so no need for var err error right?

[mikemrm]

good catch, with all the changes this is no longer needed.

[displague]

I'm late to the party, but I have brought up previously that a data uri should be supported as a way to offer ipxe scripts. #110

This would be a minimal change that introduces added functionality within the existing spec.

Thoughts, @mikemrm?

[mikemrm]

That is an interesting idea @displague however I'm not sure how common it is for someone to want to data uri encode a script and would be interested to see others thoughts about supporting it.

[displague]

however I'm not sure how common it is for someone to want to data uri encode a script

I imagine users are not writing templates by hand and would use CLIs and APIs to get the value in place.

We have a URL field and data URLs are an established pattern for providing any data as a URL. Rather than fetch the resource over HTTP, ftp, nntp, gopher, we have the data contained in the URL and the field can be said to support HTTP, HTTPS, and data URLs.

Existing APIs and CLIs that wrap the Tinkerbell API and pass the IPXE URL to Tinkerbell will get this functionality for free (they won't need to be updated for a changed Tinkerbell spec).

[displague]

To illustrate how we could benefit from Data URL handling (using https://pkg.go.dev/github.com/vincent-petithory/dataurl#example-DecodeString):

} else if dataURL, err := dataurl.DecodeString(j.IPXEScriptURL()); err == nil {
    // I assume err is returned unless there is a real data URL, but we might need different logic to ensure the URL was actually a data URL and not just empty
    cfg = &packet.InstallerData{Script: dataURL.Data}
} else if j.IPXEScriptURL() != "" {
...

[mmlb]

@displague lets give it a go in a different PR.