feat: add arm64 support for iPXE and image

Signed-off-by: synthe102 <leonard@suslian.engineer>

Author: synthe102

.github/workflows/ironic-image-build-pr.yml

@@ -6,13 +6,16 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.platform == 'linux/amd64' && 'ubuntu-latest' || matrix.platform == 'linux/arm64' && 'ubuntu-24.04-arm'}}
     strategy:
       fail-fast: false
       matrix:
         centos_version:
         - stream9
         - stream10
+        platform:
+        - linux/amd64
+        - linux/arm64
 
     steps:
     - name: Checkout repository
@@ -34,6 +37,7 @@ jobs:
         file: ./Dockerfile
         push: false
         tags: ironic:${{ matrix.centos_version }}
+        platforms: ${{ matrix.platform }}
         build-args: |
           BASE_IMAGE=${{ steps.base-image.outputs.base_image }}
         cache-from: type=gha,scope=${{ matrix.centos_version }}

Dockerfile

@@ -7,22 +7,16 @@ ARG BASE_IMAGE=quay.io/centos/centos:stream9
 FROM $BASE_IMAGE AS ironic-builder
 
 ARG IPXE_COMMIT_HASH=e965f179e1654103eca33feed7a9cc4c51d91be6
-
-RUN --mount=type=cache,target=/var/cache/dnf \
-    echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
-    echo "tsflags=nodocs" >> /etc/dnf/dnf.conf && \
-    echo "keepcache=1" >> /etc/dnf/dnf.conf && \
-    dnf install -y gcc git make xz-devel
+ARG TARGETARCH
 
 WORKDIR /tmp
 
-RUN git clone https://github.com/ipxe/ipxe.git && \
-     cd ipxe && \
-     git reset --hard $IPXE_COMMIT_HASH && \
-     cd src && \
-     ARCH=$(uname -m | sed 's/aarch/arm/') && \
-     # NOTE(elfosardo): warning should not be treated as errors by default
-     NO_WERROR=1 make bin/undionly.kpxe "bin-$ARCH-efi/snponly.efi"
+COPY prepare-ipxe.sh /bin/
+RUN --mount=type=cache,target=/var/cache/dnf,sharing=locked \ 
+  prepare-ipxe.sh
+
+COPY build-ipxe.sh /bin/
+RUN build-ipxe.sh
 
 COPY prepare-efi.sh /bin/
 RUN prepare-efi.sh centos
@@ -39,7 +33,10 @@ LABEL org.opencontainers.image.title="Metal3 Ironic Container"
 LABEL org.opencontainers.image.url="https://github.com/metal3-io/ironic-image"
 LABEL org.opencontainers.image.vendor="Metal3-io"
 
+ARG TARGETARCH
+
 ARG PKGS_LIST=main-packages-list.txt
+ARG ARCH_PKGS_LIST=main-packages-list-${TARGETARCH}.txt
 ARG EXTRA_PKGS_LIST
 ARG PATCH_LIST
 
@@ -49,7 +46,7 @@ ARG IRONIC_SOURCE=7fe20fe31f0e184c68b7029e04acdb5d286fc4b2 # master
 ARG SUSHY_SOURCE
 
 COPY sources /sources/
-COPY ${UPPER_CONSTRAINTS_FILE} ironic-packages-list ${PKGS_LIST} \
+COPY ${UPPER_CONSTRAINTS_FILE} ironic-packages-list ${PKGS_LIST} ${ARCH_PKGS_LIST} \
      ${EXTRA_PKGS_LIST:-$PKGS_LIST} ${PATCH_LIST:-$PKGS_LIST} \
      /tmp/
 COPY ironic-config/inspector.ipxe.j2 ironic-config/httpd-ironic-api.conf.j2 \
@@ -58,12 +55,12 @@ COPY ironic-config/inspector.ipxe.j2 ironic-config/httpd-ironic-api.conf.j2 \
 COPY prepare-image.sh patch-image.sh configure-nonroot.sh /bin/
 COPY scripts/ /bin/
 
-RUN --mount=type=cache,target=/var/cache/dnf \
+RUN --mount=type=cache,target=/var/cache/dnf,sharing=locked \
     prepare-image.sh && \
      rm -f /bin/prepare-image.sh
 
 # IRONIC #
-COPY --from=ironic-builder /tmp/ipxe/src/bin/undionly.kpxe /tmp/ipxe/src/bin-x86_64-efi/snponly.efi /tftpboot/
+COPY --from=ironic-builder /tmp/ipxe/out/ /tftpboot/
 COPY --from=ironic-builder /tmp/uefi_esp*.img /templates/
 
 COPY ironic-config/ironic.conf.j2 /etc/ironic/

build-ipxe.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/bash
+
+set -euxo pipefail
+
+git clone https://github.com/ipxe/ipxe.git
+cd ipxe
+mkdir out
+git reset --hard "$IPXE_COMMIT_HASH"
+cd src
+
+# Build iPXE binaries based on architecture
+if [[ "$TARGETARCH" == "amd64" ]]; then
+    NO_WERROR=1 make bin/undionly.kpxe bin-x86_64-efi/snponly.efi
+    NO_WERROR=1 make CROSS=aarch64-linux-gnu- bin-arm64-efi/snponly.efi
+elif [[ "$TARGETARCH" == "arm64" ]]; then
+    NO_WERROR=1 make bin-arm64-efi/snponly.efi
+    NO_WERROR=1 make CROSS=x86_64-linux-gnu- bin/undionly.kpxe bin-x86_64-efi/snponly.efi
+else
+    echo "ERROR: Unsupported build architecture: $TARGETARCH"
+    exit 1
+fi
+
+cp bin/undionly.kpxe ../out/
+cp bin-x86_64-efi/snponly.efi ../out/snponly-x86_64.efi
+cp bin-arm64-efi/snponly.efi ../out/snponly-arm64.efi

ironic-config/dnsmasq.conf.j2

@@ -37,11 +37,13 @@ dhcp-option=option:router,{{ env["GATEWAY_IP"] }}
 # Note: Need to test EFI booting
 dhcp-match=set:efi,option:client-arch,7
 dhcp-match=set:efi,option:client-arch,9
-dhcp-match=set:efi,option:client-arch,11
 # Client is (i)PXE booting on EFI machine
-dhcp-boot=tag:efi,/snponly.efi,{{ env.IRONIC_IP }}
+dhcp-boot=tag:efi,/snponly-x86_64.efi,{{ env.IRONIC_IP }}
+# Client is (i)PXE booting on arm64 EFI machine
+dhcp-match=set:efi-arm64,option:client-arch,11
+dhcp-boot=tag:efi-arm64,/snponly-arm64.efi,{{ env.IRONIC_IP }}
 # Client is running (i)PXE on BIOS machine
-dhcp-boot=tag:!efi,/undionly.kpxe,{{ env.IRONIC_IP }}
+dhcp-boot=tag:!efi,tag:!efi-arm64,/undionly.kpxe,{{ env.IRONIC_IP }}
 {%- if env.IPXE_TLS_SETUP != "true" %}
 dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/boot.ipxe
 {% endif %}
@@ -55,7 +57,12 @@ ra-param={{ env.PROVISIONING_INTERFACE }},0,0
 dhcp-vendorclass=set:pxe6,enterprise:343,PXEClient
 dhcp-userclass=set:ipxe6,iPXE
 # Client is (i)PXE booting on EFI machine
-dhcp-option=tag:pxe6,option6:bootfile-url,tftp://{{ env.IRONIC_URL_HOST }}/snponly.efi
+dhcp-match=set:amd64,option:client-arch,7
+dhcp-match=set:amd64,option:client-arch,9
+dhcp-option=tag:pxe6,tag:amd64,option6:bootfile-url,tftp://{{ env.IRONIC_URL_HOST }}/snponly-x86_64.efi
+# Client is (i)PXE booting on arm64 EFI machine
+dhcp-match=set:arm64,option:client-arch,11
+dhcp-option=tag:pxe6,tag:arm64,option6:bootfile-url,tftp://{{ env.IRONIC_URL_HOST }}/snponly-arm64.efi
 # Client is running (i)PXE on BIOS machine
 dhcp-option=tag:!pxe6,option6:bootfile-url,tftp://{{ env.IRONIC_URL_HOST }}/undionly.kpxe
 {%- if env.IPXE_TLS_SETUP != "true" %}

main-packages-list-amd64.txt

@@ -0,0 +1 @@
+syslinux-nonlinux

main-packages-list-arm64.txt

@@ -9,6 +9,5 @@ mod_ssl
 procps
 qemu-img
 sqlite
-syslinux-nonlinux
 util-linux
 xorriso

main-packages-list.txt

@@ -62,6 +62,9 @@ getent passwd ironic > /dev/null || useradd -r -g ironic -u "${IRONIC_UID}" -s /
 dnf remove -y "${BUILD_DEPS[@]}"
 
 xargs -rtd'\n' dnf install -y < /tmp/"${PKGS_LIST}"
+if [[ -s "/tmp/${ARCH_PKGS_LIST}" ]]; then
+    xargs -rtd'\n' dnf install -y < /tmp/"${ARCH_PKGS_LIST}"
+fi
 
 if [[ -n "${EXTRA_PKGS_LIST:-}" ]]; then
     if [[ -s "/tmp/${EXTRA_PKGS_LIST}" ]]; then

prepare-image.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/bash
+
+set -euxo pipefail
+
+echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
+echo "tsflags=nodocs" >> /etc/dnf/dnf.conf && \
+echo "keepcache=1" >> /etc/dnf/dnf.conf && \
+dnf install -y epel-release && \
+dnf config-manager --set-disabled epel && \
+dnf install -y git make xz-devel
+
+# Install appropriate gcc binaries based on build architecture
+if [[ "$TARGETARCH" == "amd64" ]]; then
+    # On x86_64, we need native gcc for x86 builds and cross-compiler for arm64
+    dnf install -y gcc && \
+    dnf install --enablerepo=epel -y gcc-aarch64-linux-gnu gcc-c++-aarch64-linux-gnu
+elif [[ "$TARGETARCH" == "arm64" ]]; then
+    # On arm64, we need native gcc for arm64 builds and cross-compiler for x86_64
+    dnf install -y gcc && \
+    dnf install --enablerepo=epel -y gcc-x86_64-linux-gnu gcc-c++-x86_64-linux-gnu
+else
+    echo "ERROR: Unsupported build architecture: $TARGETARCH"
+    exit 1
+fi

prepare-ipxe.sh

@@ -24,10 +24,11 @@ mkdir -p /shared/tftpboot
 # Copy files to shared mount
 if [[ -r "${IPXE_CUSTOM_FIRMWARE_DIR}" ]]; then
     cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
-        "${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
+        "${IPXE_CUSTOM_FIRMWARE_DIR}/snponly-x86_64.efi" \
+        "${IPXE_CUSTOM_FIRMWARE_DIR}/snponly-arm64.efi" \
         "/shared/tftpboot"
 else
-    cp /tftpboot/undionly.kpxe /tftpboot/snponly.efi /shared/tftpboot
+    cp /tftpboot/undionly.kpxe /tftpboot/snponly-x86_64.efi /tftpboot/snponly-arm64.efi /shared/tftpboot
 fi
 
 # Template and write dnsmasq.conf