openstack
/
diskimage-builder
Code Issues Proposed changes
diskimage-builder/diskimage_builder/elements/rhel
History
Steve Baker 27a326dafb Support secure-boot bootloader where possible 
As of grub2 >= 2.02-95 on redhat family distros, calling grub2-install
on an EFI partition will fail with: "this utility cannot be used for
EFI platforms because it does not support UEFI Secure Boot."

This version of grub is now in centos8-stream and non-eus repos of
RHEL-8. It is not currently possible to build whole-disk UEFI images
on these distros, and when this package is promoted this will also
affect centos8 and RHEL-8 eus. The grub maintainers made this change
because the grub2-install generated /boot/efi/EFI/BOOT/BOOTX64.EFI
will never be capable of booting with Secure Boot.

This change defines a $EFI_BOOT_DIR for every distro element. When
directory /boot/efi/$EFI_BOOT_DIR exists a grub.cfg file in will be
generated there. This change also installs the shim package on redhat
family distros, which installs a copy of the shim bootloader to
/boot/efi/EFI/BOOT/BOOTX64.EFI. Using centos as an example, this
allows UEFI to boot the shim /boot/efi/EFI/BOOT/BOOTX64.EFI which
then chains to /boot/efi/EFI/centos/grubx64.efi.

If /boot/efi/$EFI_BOOT_DIR doesn't exist (such as for Ubuntu,
/boot/efi/EFI/ubuntu) the current behaviour of running grub-install to
generate /boot/efi/EFI/BOOT/BOOTX64.EFI will continue. For distros
such as Ubutnu where packaging does not populate /boot/efi/EFI/ubuntu
with .efi files, secure boot can be added in the future by copying
.efi files to /boot/efi/EFI/ubuntu and copying the shim file to
/boot/efi/EFI/BOOT/BOOTX64.EFI.

Change-Id: I90925218ff2aa4c4daffcf86e686b6d98d6b0f21
 		2021-03-11 10:27:59 +13:00
..
environment.d Support secure-boot bootloader where possible 2021-03-11 10:27:59 +13:00
pre-install.d Create /etc/machine-id for RHEL images 2019-08-07 18:18:34 +10:00
root.d Add aarch64 support for rhel 2021-03-08 07:00:15 +00:00
README.rst Add version-less RHEL element for RHEL7 and RHEL8 2019-05-29 11:28:53 +03:00
element-deps Add version-less RHEL element for RHEL7 and RHEL8 2019-05-29 11:28:53 +03:00
element-provides Add version-less RHEL element for RHEL7 and RHEL8 2019-05-29 11:28:53 +03:00

README.rst

rhel

Use RHEL cloud images as the baseline for built disk images.

Because RHEL base images are not publicly available, it is necessary to first download the RHEL cloud image from the Red Hat Customer Portal and pass the path to the resulting file to disk-image-create as the DIB_LOCAL_IMAGE environment variable.

The cloud image can be found at (login required): RHEL8: https://access.redhat.com/downloads/content/479/ver=/rhel---8/8.0/x86_64/product-software RHEL7: https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.1/x86_64/product-downloads

Then before running the image build, define DIB_LOCAL_IMAGE (replace the file name with the one downloaded, if it differs from the example):

export DIB_LOCAL_IMAGE=rhel-8.0-x86_64-kvm.qcow2

The downloaded file will then be used as the basis for any subsequent image builds.

For further details about building RHEL images, see the rhel-common and redhat-common element README files.

Environment Variables

DIB_LOCAL_IMAGE
Required

Yes

Default

None

Description

The RHEL 8 base image you have downloaded. See the element description above for more details.

Example

DIB_LOCAL_IMAGE=/tmp/rhel8-cloud.qcow2