foreman_bootdisk 16.0.0 → 18.0.0

data/app/lib/foreman_bootdisk/scope/bootdisk.rb

@@ -3,10 +3,23 @@
 module ForemanBootdisk
   module Scope
     class Bootdisk < ::Foreman::Renderer::Scope::Provisioning
+      extend ApipieDSL::Class
+
+      apipie :class, 'Macros related to provisioning via boot disk' do
+        name 'Bootdisk'
+        sections only: %w[all provisioning]
+      end
+
+      apipie :method, 'Generates URL for boot chain' do
+        optional :mac, String, 'MAC address of the host', default: 'MAC address of the current host'
+        optional :action, String, 'Bootloader to use', default: 'iPXE'
+        returns String, desc: 'URL for boot chain'
+        example 'bootdisk_chain_url #=> "http://foreman.some.host.fqdn/unattended/iPXE?mac=00%3A11%3A22%3A33%3A44%3A55"'
+        example 'bootdisk_chain_url("00:11:22:33:44:55") #=> "http://foreman.some.host.fqdn/unattended/iPXE?mac=00%3A11%3A22%3A33%3A44%3A55"'
+      end
       def bootdisk_chain_url(mac = host.try(:mac), action = 'iPXE')
         url = foreman_url(action)
         u = URI.parse(url)
-        ForemanBootdisk.logger.warn("Foreman or proxy is configured with HTTPS, probably not supported by iPXE: #{u}") if u.scheme == 'https'
         new_query_data = URI.decode_www_form(u.query || '') << ['mac', mac || '']
         new_querystring = URI.encode_www_form(new_query_data)
         u.query = nil
@@ -15,9 +28,23 @@ module ForemanBootdisk
         u.to_s
       end
 
+      apipie :method, 'Always raises an error with a description provided as an argument' do
+        desc 'This method is useful for aborting script execution if some of the conditions are not met'
+        list :args, desc: 'Description for the error'
+        raises error: ::Foreman::Exception, desc: 'The error is always being raised'
+        returns nil, desc: "Doesn't return anything"
+        example "<%
+  interface = @host.provision_interface #=> interface = nil
+  bootdisk_raise(N_('Host has no provisioning interface defined')) unless interface #=> Foreman::Exception is raised and the execution of the script is aborted
+%>"
+      end
       def bootdisk_raise(*args)
         raise ::Foreman::Exception.new(*args)
       end
+
+      def template_name
+        "Foreman Bootdisk"
+      end
     end
   end
 end

data/app/lib/foreman_bootdisk/scope/full_host_bootdisk_efi.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module ForemanBootdisk
+  module Scope
+    class FullHostBootdiskEfi < Bootdisk
+      def kernel(medium_provider)
+        '/' + ForemanBootdisk::ISOGenerator.iso9660_filename(super)
+      end
+
+      def initrd(medium_provider)
+        '/' + ForemanBootdisk::ISOGenerator.iso9660_filename(super)
+      end
+    end
+  end
+end

data/app/models/concerns/foreman_bootdisk/compute_resources/vmware.rb

@@ -36,12 +36,21 @@ module ForemanBootdisk
           'instance_uuid' => vm_uuid,
           'iso' => "foreman_isos/#{iso}",
           'datastore' => bootdisk_datastore(vm_uuid),
-          'start_connected' => false,
+          'start_connected' => true,
           'connected' => true,
           'allow_guest_control' => true
         }
         client.vm_reconfig_cdrom options
       end
+
+      def iso_detach(vm_uuid)
+        options = {
+          'instance_uuid' => vm_uuid,
+          'start_connected' => false,
+          'connected' => false,
+        }
+        client.vm_reconfig_cdrom options
+      end
     end
   end
 end

data/app/models/concerns/foreman_bootdisk/host_ext.rb

@@ -4,15 +4,14 @@ require 'uri'
 
 module ForemanBootdisk
   module HostExt
+    extend ApipieDSL::Extension
+
     def bootdisk_template
-      template = ProvisioningTemplate.unscoped.find_by(
-        name: Setting[:bootdisk_host_template]
-      )
+      template = ProvisioningTemplate.unscoped.find_by(name: Setting[:bootdisk_host_template])
       unless template
-        raise ::Foreman::Exception.new(
-          N_('Unable to find template specified by %s setting'), 'bootdisk_host_template'
-        )
+        raise ::Foreman::Exception.new(N_('Unable to find template specified by %s setting'), 'bootdisk_host_template')
       end
+
       template
     end
 
@@ -39,5 +38,13 @@ module ForemanBootdisk
     def can_be_built?
       super || (managed? && SETTINGS[:unattended] && bootdisk_build? && !build?)
     end
+
+    apipie_update :class do
+      property :bootdisk_build?, one_of: [true, false], desc: 'Returns true if provision method for this host is bootdisk, false otherwise'
+    end
   end
 end
+
+class Host::Managed::Jail < Safemode::Jail
+  allow :bootdisk_build?
+end

data/app/models/concerns/foreman_bootdisk/orchestration/compute.rb

@@ -9,7 +9,6 @@ module ForemanBootdisk
 
       included do
         after_validation :queue_bootdisk_compute
-        after_build :rebuild_with_bootdisk
       end
 
       def bootdisk_isodir
@@ -21,20 +20,38 @@ module ForemanBootdisk
       end
 
       def queue_bootdisk_compute
-        return unless compute? && errors.empty? && new_record?
+        return unless compute? && errors.empty?
         return unless provision_method == 'bootdisk'
 
-        queue.create(name: _('Generating ISO image for %s') % self, priority: 5,
-                     action: [self, :setGenerateIsoImage])
-        queue.create(name: _('Upload ISO image to datastore for %s') % self, priority: 6,
-                     action: [self, :setIsoImage])
-        queue.create(name: _('Attach ISO image to CDROM drive for %s') % self, priority: 1001,
-                     action: [self, :setAttachIsoImage])
+        # We want to add our queue jobs only if really necessary:
+        #   - in case of starting to create a new host
+        #   - in case of a rebuild
+        if (old.nil? || !old.build?) && build?
+          queue.create(name: _('Generating ISO image for %s') % self, priority: 5,
+                       action: [self, :setGenerateIsoImage])
+          queue.create(name: _('Upload ISO image to datastore for %s') % self, priority: 6,
+                       action: [self, :setIsoImage])
+          queue.create(name: _('Attach ISO image to CDROM drive for %s') % self, priority: 1001,
+                       action: [self, :setAttachIsoImage])
+        # Detach ISO image when host sends 'built' HTTP POST request
+        elsif old&.build? && !build?
+          queue.create(name: _('Detach ISO image from CDROM drive for %s') % self, priority: 52,
+                       action: [self, :setDetachIsoImage])
+        end
+        true
       end
 
       def bootdisk_generate_iso_image
-        ForemanBootdisk::ISOGenerator.generate(ipxe: bootdisk_template_render, dir: Dir.tmpdir) do |image|
-          FileUtils.mv image, bootdisk_isofile
+        if self.build? && self.provisioning_template(kind: :PXELinux) && self.provisioning_template(kind: :PXEGrub2)
+          logger.info format('Generating FULL HOST ISO image for %s', name)
+          ForemanBootdisk::ISOGenerator.generate_full_host(self, dir: Dir.tmpdir) do |image|
+            FileUtils.mv image, bootdisk_isofile
+          end
+        else
+          logger.info format('Generating HOST ISO image for %s', name)
+          ForemanBootdisk::ISOGenerator.generate(ipxe: bootdisk_template_render, dir: Dir.tmpdir) do |image|
+            FileUtils.mv image, bootdisk_isofile
+          end
         end
       end
 
@@ -46,8 +63,11 @@ module ForemanBootdisk
         compute_resource.iso_attach(File.basename(bootdisk_isofile), uuid)
       end
 
+      def bootdisk_detach_iso
+        compute_resource.iso_detach(uuid)
+      end
+
       def setGenerateIsoImage
-        logger.info format('Generating ISO image for %s', name)
         bootdisk_generate_iso_image
       rescue StandardError => e
         failure format(_('Failed to generate ISO image for instance %{name}: %{message}'), name: name, message: e.message), e
@@ -73,18 +93,14 @@ module ForemanBootdisk
 
       def delAttachIsoImage; end
 
-      def rebuild_with_bootdisk
-        return true unless bootdisk?
-
-        begin
-          bootdisk_generate_iso_image
-          bootdisk_upload_iso
-          bootdisk_attach_iso
-        rescue StandardError => e
-          Foreman::Logging.exception "Failed to rebuild Bootdisk image for #{name}", e, level: :error
-          return false
-        end
+      def setDetachIsoImage
+        logger.info format('Detaching ISO image from CDROM drive for %s', name)
+        bootdisk_detach_iso
+      rescue StandardError => e
+        failure format(_('Failed to detach ISO image from CDROM drive of instance %{name}: %{message}'), name: name, message: e.message), e
       end
+
+      def delDetachIsoImage; end
     end
   end
 end

data/app/models/setting/bootdisk.rb

@@ -6,23 +6,36 @@ class Setting
       ipxe = ['/usr/lib/ipxe'].find { |p| File.exist?(p) } || '/usr/share/ipxe'
       isolinux = ['/usr/lib/ISOLINUX'].find { |p| File.exist?(p) } || '/usr/share/syslinux'
       syslinux = ['/usr/lib/syslinux/modules/bios', '/usr/lib/syslinux'].find { |p| File.exist?(p) } || '/usr/share/syslinux'
+      grub2 = ['/var/lib/tftpboot/grub2'].find { |p| File.exist?(p) } || '/var/lib/foreman/bootdisk'
       templates = -> { Hash[ProvisioningTemplate.where(template_kind: TemplateKind.where(name: 'Bootdisk')).map { |temp| [temp[:name], temp[:name]] }] }
 
       [
         set('bootdisk_ipxe_dir', N_('Path to directory containing iPXE images'), ipxe, N_('iPXE directory')),
         set('bootdisk_isolinux_dir', N_('Path to directory containing isolinux images'), isolinux, N_('ISOLINUX directory')),
         set('bootdisk_syslinux_dir', N_('Path to directory containing syslinux images'), syslinux, N_('SYSLINUX directory')),
+        set('bootdisk_grub2_dir', N_('Path to directory containing grubx64.efi and shimx64.efi'), grub2, N_('Grub2 directory')),
         set('bootdisk_host_template', N_('iPXE template to use for host-specific boot disks'),
             'Boot disk iPXE - host', N_('Host image template'), nil, collection: templates),
         set('bootdisk_generic_host_template', N_('iPXE template to use for generic host boot disks'),
             'Boot disk iPXE - generic host', N_('Generic image template'), nil, collection: templates),
+        set('bootdisk_generic_efi_host_template', N_('Grub2 template to use for generic EFI host boot disks'),
+            'Boot disk Grub2 EFI - generic host', N_('Generic Grub2 EFI image template'), nil, collection: templates),
         set('bootdisk_mkiso_command', N_('Command to generate ISO image, use genisoimage or mkisofs'), 'genisoimage', N_('ISO generation command')),
-        set('bootdisk_cache_media', N_('Installation media files will be cached for full host images'), true, N_('Installation media caching'))
+        set('bootdisk_cache_media', N_('Installation media files will be cached for full host images'), true, N_('Installation media caching')),
+        set('bootdisk_allowed_types', N_('List of allowed bootdisk types, remove type to disable it'), Setting::Bootdisk.bootdisk_types, N_('Allowed bootdisk types'))
       ]
     end
 
     def self.humanized_category
       N_('Boot disk')
     end
+
+    def self.bootdisk_types
+      %w(generic host full_host subnet)
+    end
+
+    def self.allowed_types
+      Setting['bootdisk_allowed_types']
+    end
   end
 end

data/app/services/foreman_bootdisk/iso_generator.rb

@@ -10,10 +10,13 @@ require 'uri'
 # requires syslinux, ipxe/ipxe-bootimgs, genisoimage, isohybrid
 module ForemanBootdisk
   class ISOGenerator
+    extend Foreman::HTTPProxy
+
     def self.generate_full_host(host, opts = {}, &block)
-      raise(Foreman::Exception, N_('Host is not in build mode, so the template cannot be rendered')) unless host.build?
+      raise Foreman::Exception.new(N_('Host is not in build mode, so the template cannot be rendered')) unless host.build?
 
-      tmpl = render_pxelinux_template(host)
+      isolinux_template = render_template(host, :PXELinux, ForemanBootdisk::Scope::FullHostBootdisk)
+      grub_template = render_template(host, :PXEGrub2, ForemanBootdisk::Scope::FullHostBootdiskEfi)
 
       # pxe_files and filename conversion is utterly bizarre
       # aim to convert filenames to something usable under ISO 9660, to match as rendered in the template
@@ -24,87 +27,154 @@ module ForemanBootdisk
         hash[iso_filename] = host.url_for_boot(type)
       end
 
-      generate(opts.merge(isolinux: tmpl, files: files), &block)
+      generate(opts.merge(isolinux: isolinux_template, grub: grub_template, files: files), &block)
+    rescue ::Foreman::Exception => e
+      if e.code == 'ERF42-0067'
+        ForemanBootdisk.logger.warn e
+      else
+        raise e
+      end
     end
 
-    def self.render_pxelinux_template(host)
-      pxelinux_template = host.provisioning_template(kind: :PXELinux)
+    def self.render_template(host, kind, scope_class)
+      template = host.provisioning_template(kind: kind)
 
-      raise(Foreman::Exception, N_('Unable to generate disk template, PXELinux template not found.')) unless pxelinux_template
+      raise Foreman::Exception.new(N_('Unable to generate disk template, %{kind} template not found.'), kind: kind) unless template
 
       template = ForemanBootdisk::Renderer.new.render_template(
-        template: pxelinux_template,
+        template: template,
         host: host,
-        scope_class: ForemanBootdisk::Scope::FullHostBootdisk
+        scope_class: scope_class
       )
 
       unless template
         err = host.errors.full_messages.to_sentence
-        raise(::Foreman::Exception.new(N_('Unable to generate disk PXELinux template: %s'), err))
+        raise Foreman::Exception.new(N_('Unable to generate disk %{kind} template: %{error}'), kind: kind, error: err)
       end
 
       template
     end
 
+    def self.system_or_exception(command, error)
+      unless system(command)
+        ForemanBootdisk.logger.debug "Bootdisk command failed: #{command}"
+        raise Foreman::Exception.new(N_(error))
+      end
+    end
+
     def self.generate(opts = {})
-      opts[:isolinux] = <<~ISOLINUX if opts[:isolinux].nil? && opts[:ipxe]
-        default ipxe
-        label ipxe
-        kernel /ipxe
-        initrd /script
-      ISOLINUX
-
-      Dir.mktmpdir('bootdisk') do |wd|
-        Dir.mkdir(File.join(wd, 'build'))
-
-        if opts[:isolinux]
-          isolinux_source_file = File.join(Setting[:bootdisk_isolinux_dir], 'isolinux.bin')
-          raise(Foreman::Exception, N_('Please ensure the isolinux/syslinux package(s) are installed.')) unless File.exist?(isolinux_source_file)
-
-          FileUtils.cp(isolinux_source_file, File.join(wd, 'build', 'isolinux.bin'))
-
-          source_files = ['ldlinux.c32', 'menu.c32']
-          source_files.each do |source_file|
-            full_path = File.join(Setting[:bootdisk_syslinux_dir], source_file)
-            FileUtils.cp(full_path, File.join(wd, 'build', source_file)) if File.exist?(source_file)
-          end
+      # isolinux template not provided for generic BIOS bootdisks
+      if opts[:isolinux].nil? && opts[:ipxe]
+        opts[:isolinux] = <<~EOT
+          default ipxe
+          label ipxe
+          kernel /ipxe
+          initrd /script
+        EOT
+      end
 
-          File.open(File.join(wd, 'build', 'isolinux.cfg'), 'w') do |file|
-            file.write(opts[:isolinux])
-          end
-        end
+      if opts[:grub].nil? && opts[:ipxe]
+        opts[:grub] = <<~EOT
+          echo "Grub2 template not associated and/or unsupported bootdisk type."
+          echo "The following bootdisks are supported for EFI systems:"
+          echo " * FULL HOST BOOTDISK"
+          echo " * SUBNET GENERIC BOOTDISK"
+          echo "The system will poweroff in few minutes..."
+          sleep 500
+          poweroff
+        EOT
+      end
+
+      # And create new temporary directory:
+      wd = Dir.mktmpdir('bootdisk-iso-', Rails.root.join('tmp'))
+      Dir.mkdir(File.join(wd, 'build'))
 
-        if opts[:ipxe]
-          ipxe_source_file = File.join(Setting[:bootdisk_ipxe_dir], 'ipxe.lkrn')
-          raise(Foreman::Exception, N_('Please ensure the ipxe-bootimgs package is installed.')) unless File.exist?(ipxe_source_file)
+      if opts[:isolinux]
+        isolinux_source_file = File.join(Setting[:bootdisk_isolinux_dir], 'isolinux.bin')
+        raise Foreman::Exception.new(N_('Please ensure the isolinux/syslinux package(s) are installed.')) unless File.exist?(isolinux_source_file)
 
-          FileUtils.cp(ipxe_source_file, File.join(wd, 'build', 'ipxe'))
-          File.open(File.join(wd, 'build', 'script'), 'w') { |file| file.write(opts[:ipxe]) }
+        FileUtils.cp(isolinux_source_file, File.join(wd, 'build', 'isolinux.bin'))
+
+        source_files = ['ldlinux.c32', 'menu.c32', 'libutil.c32']
+        source_files.each do |source_file|
+          full_path = File.join(Setting[:bootdisk_syslinux_dir], source_file)
+          FileUtils.cp(full_path, File.join(wd, 'build', source_file)) if File.exist?(full_path)
         end
 
-        if opts[:files]
-          if opts[:files].respond_to?(:each)
-            opts[:files].each do |file, source|
-              fetch(File.join(wd, 'build', file), source)
-            end
-          end
+        File.open(File.join(wd, 'build', 'isolinux.cfg'), 'w') do |file|
+          file.write(opts[:isolinux])
         end
+      end
 
-        iso = if opts[:dir]
-                Tempfile.new(['bootdisk', '.iso'], opts[:dir]).path
-              else
-                File.join(wd, 'output.iso')
-              end
-        raise(Foreman::Exception, N_('ISO build failed')) unless system(build_mkiso_command(output_file: iso, source_directory: File.join(wd, 'build')))
+      if opts[:ipxe]
+        ipxe_source_file = File.join(Setting[:bootdisk_ipxe_dir], 'ipxe.lkrn')
+        raise Foreman::Exception.new(N_('Please ensure the ipxe-bootimgs package is installed.')) unless File.exist?(ipxe_source_file)
 
-        # Make the ISO bootable as a HDD/USB disk too
-        raise(Foreman::Exception, N_('ISO hybrid conversion failed')) unless system('isohybrid', iso)
+        FileUtils.cp(ipxe_source_file, File.join(wd, 'build', 'ipxe'))
+        File.open(File.join(wd, 'build', 'script'), 'w') { |file| file.write(opts[:ipxe]) }
+      end
+
+      if opts[:grub]
+        FileUtils.mkdir_p(File.join(wd, 'build', 'EFI', 'BOOT'))
+        # a copy when using CDROM directly
+        File.open(File.join(wd, 'build', 'EFI', 'BOOT', 'grub.cfg'), 'w') { |file| file.write(opts[:grub]) }
+        # a copy when using USB/HDD (copied into EFI image as well)
+        File.open(File.join(wd, 'build', 'grub-hdd.cfg'), 'w') do |f|
+          # set root to (cd0) or similar when booting via disk
+          f.write("search --file /ISOLINUX.BIN --set root\n")
+          f.write(opts[:grub])
+        end
+        efibootimg = File.join(wd, 'build', 'efiboot.img')
+        system_or_exception("truncate -s 4M #{efibootimg}", N_('Creating new image failed, install truncate utility'))
+        system_or_exception("mkfs.msdos #{efibootimg}", N_('Failed to format the ESP image via mkfs.msdos'))
+        system_or_exception("mmd -i #{efibootimg} '::/EFI'", N_('Failed to create a directory within the ESP image'))
+        system_or_exception("mmd -i #{efibootimg} '::/EFI/BOOT'", N_('Failed to create a directory within the ESP image'))
+        {
+          File.join(wd, 'build', 'grub-hdd.cfg').to_s => 'GRUB.CFG',
+          File.join(Setting[:bootdisk_grub2_dir], 'grubx64.efi').to_s => 'GRUBX64.EFI',
+          File.join(Setting[:bootdisk_grub2_dir], 'shimx64.efi').to_s => 'BOOTX64.EFI',
+        }.each do |src, dest|
+          raise(Foreman::Exception.new(N_('Ensure %{file} is readable (or update "Grub2 directory" setting)'), file: src)) unless File.exist?(src)
+          raise(Foreman::Exception.new(N_('Unable to mcopy %{file}'), file: src)) unless system("mcopy -m -i #{efibootimg} '#{src}' '#{"::/EFI/BOOT/#{dest}"}'")
+        end
+        mkiso_args = "-eltorito-alt-boot -e efiboot.img -no-emul-boot"
+        isohybrod_args = ["--uefi"]
+      else
+        mkiso_args = ''
+        isohybrod_args = []
+      end
 
-        yield iso
+      if opts[:files]
+        if opts[:files].respond_to?(:each)
+          opts[:files].each do |file, source|
+            fetch(File.join(wd, 'build', file), source)
+          end
+        end
       end
+
+      iso = if opts[:dir]
+              Tempfile.new(['bootdisk', '.iso'], opts[:dir]).path
+            else
+              File.join(wd, 'output.iso')
+            end
+      raise Foreman::Exception.new(N_('ISO build failed')) unless system(build_mkiso_command(output_file: iso, extra_commands: mkiso_args, source_directory: File.join(wd, 'build')))
+
+      # Make the ISO bootable as a HDD/USB disk too
+      raise Foreman::Exception.new(N_('ISO hybrid conversion failed: %s'), $?) unless system(*["isohybrid", isohybrod_args, iso].flatten.compact)
+
+      yield iso
+    ensure
+      # Clean the working directory (not the ISO file itself)
+      FileUtils.rm_f(File.join(wd, 'build'))
+      # Temporary directory cannot be cleaned in-process due to asynchronous send_file call.
+      # Also we cannot rely on systemd-tmpfiles-clean as private temporary files are not subject
+      # of scheduled cleanups. Let's clean bootdisks from prevous requests manually by finding
+      # and deleting all directories created 30 minutes ago.
+      delete_older_than = Time.now.to_i - (60 * 30)
+      Rails.root.glob('tmp/bootdisk-iso-*').select { |f| File.ctime(f) < delete_older_than }.each { |f| FileUtils.rm_f(f) }
     end
 
-    def self.build_mkiso_command(output_file:, source_directory:)
+    def self.build_mkiso_command(output_file:, source_directory:, extra_commands:)
       arguments = [
         "-o #{output_file}",
         '-iso-level 2',
@@ -114,6 +184,7 @@ module ForemanBootdisk
         '-boot-load-size 4',
         '-boot-info-table'
       ]
+      arguments.push(extra_commands) unless extra_commands.nil?
       [Setting[:bootdisk_mkiso_command], arguments, source_directory].flatten.join(' ')
     end
 
@@ -140,7 +211,14 @@ module ForemanBootdisk
           ForemanBootdisk.logger.info("Fetching #{uri}")
           write_cache = use_cache
           uri = URI(uri)
-          Net::HTTP.start(uri.host, uri.port) do |http|
+
+          if proxy_http_request?(nil, uri.host, uri.scheme)
+            proxy_uri = URI.parse(http_proxy)
+            http_object = Net::HTTP::Proxy(proxy_uri.host, proxy_uri.port, proxy_uri.user, proxy_uri.password)
+          else
+            http_object = Net::HTTP
+          end
+          http_object.start(uri.host, uri.port) do |http|
             request = Net::HTTP::Get.new(uri.request_uri, 'Accept-Encoding' => 'plain')
 
             http.request(request) do |response|

data/app/services/foreman_bootdisk/renderer.rb

@@ -4,36 +4,46 @@ require 'uri'
 
 module ForemanBootdisk
   class Renderer
-    def generic_template_render(subnet = nil)
-      host = if subnet.present?
-               # rendering a subnet-level bootdisk requires tricking the renderer into thinking it has a
-               # valid host, without a token, but with a tftp proxy
-               Struct.new(:token, :provision_interface, :content_source).new(
-                 nil,
-                 Struct.new(:subnet).new(subnet),
-                 nil
-               )
-             else
-               Struct.new(:token, :subnet, :content_source).new(nil, nil, nil)
-             end
-
-      render_template(template: generic_host_template, host: host)
-    end
-
-    def render_template(template:, host:, scope_class: renderer_scope)
+    def render_template(template:, host:, scope_class: renderer_scope, subnet: nil)
       source = Foreman::Renderer.get_source(
         template: template,
-        host: host
       )
       scope = Foreman::Renderer.get_scope(
         host: host,
-        klass: scope_class
+        variables: { subnet: subnet, bootdisk: true },
+        klass: scope_class,
       )
       Foreman::Renderer.render(source, scope)
     end
 
+    def generic_template_render(subnet = nil)
+      render_template(template: generic_host_template, host: stub_host(subnet), subnet: subnet)
+    end
+
+    def generic_efi_template_render(subnet)
+      if subnet.httpboot?
+        render_template(template: generic_efi_host_template, host: stub_host(subnet), subnet: subnet)
+      else
+        ForemanBootdisk.logger.warn('HTTPBOOT feature is not enabled for subnet %s, UEFI may not be available for bootdisk' % subnet.name)
+      end
+    end
+
     private
 
+    def stub_host(subnet)
+      if subnet.present?
+        # rendering a subnet-level bootdisk requires tricking the renderer into thinking it has a
+        # valid host, without a token, but with a tftp proxy
+        Struct.new(:token, :provision_interface, :content_source).new(
+          nil,
+          Struct.new(:subnet).new(subnet),
+          nil
+        )
+      else
+        Struct.new(:token, :subnet, :content_source).new(nil, nil, nil)
+      end
+    end
+
     def renderer_scope
       ForemanBootdisk::Scope::Bootdisk
     end
@@ -44,5 +54,12 @@ module ForemanBootdisk
 
       template
     end
+
+    def generic_efi_host_template
+      template = ProvisioningTemplate.unscoped.find_by(name: Setting[:bootdisk_generic_efi_host_template])
+      raise ::Foreman::Exception.new(N_('Unable to find template specified by %s setting'), 'bootdisk_generic_efi_host_template') unless template
+
+      template
+    end
   end
 end

data/app/views/foreman_bootdisk/disks/help.html.erb

@@ -9,7 +9,12 @@
     <%= _('All images are usable as either ISOs or as disk images, including being written to a USB disk with `dd`.') %>
   </p>
 
-  <h2><%= _('Host image') %></h2>
+  <h2><%= _('Host images') %></h2>
+  <p>
+    <%= _('These images are used for host. You can find them at host detail page.') %>
+  </p>
+
+  <h3><%= _('Host image') %><%= mark_disabled_bootdisk_type('host') %></h3>
   <p>
     <%= _("Per-host images contain data about a particular host registered in Foreman and set up fully static networking, avoiding the requirement for DHCP.  After networking is configured, they chainload from Foreman, picking up the current OS configuration and build state from the server.") %>
   </p>
@@ -17,12 +22,17 @@
     <%= _("Once chainloaded, the OS bootloader and installer are downloaded directly from the installation media configured in Foreman, and the provisioning script (kickstart/preseed) is downloaded from Foreman.") %>
   </p>
 
-  <h2><%= _('Full host image') %></h2>
+  <h3><%= _('Full host image') %><%= mark_disabled_bootdisk_type('full_host') %></h3>
   <p>
     <%= _('A variant of the per-host image which contains the OS bootloader embedded inside the disk.  This may be useful if chainloading fails on certain hardware, but has the downside that the image must be regenerated for any change in the OS, bootloader or PXELinux templates.') %>
   </p>
 
-  <h2><%= _('Generic image') %></h2>
+  <h2><%= _('Generic images') %></h2>
+  <p>
+    <%= _('These images are more generic than previous images. You can find them at subnet index page.') %>
+  </p>
+
+  <h3><%= _('Generic image') %><%= mark_disabled_bootdisk_type('generic') %></h3>
   <p>
     <%= _('Generic images are a reusable disk image that works for any host registered in Foreman.  It requires a basic DHCP and DNS service to function and contact the server, but does not require DHCP reservations or static IP addresses.') %>
   </p>
@@ -30,11 +40,13 @@
     <%= _('The OS install continues using the installation media configured in Foreman, and it will typically configure static networking, depending on how the OS iPXE template is configured.') %>
   </p>
 
-  <h2><%= _('Subnet image') %></h2>
+  <h3><%= _('Subnet image') %><%= mark_disabled_bootdisk_type('subnet') %></h3>
   <p>
     <%= _('Subnet images are similar to generic images, but chain-loading is done via the TFTP Smart Proxy assigned to the Subnet of the host. The smart proxy must have the "Templates" module enabled and configured.') %>
   </p>
   <p>
     <%= _('This image is generic for all hosts with a provisioning NIC on that subnet.') %>
   </p>
+
+  <p><%= _('* - These bootdisk types were disabled, you can enable them in Administer - Settings.') %></p>
 </div>