Ignore efi grub2-install failure
Recent releases of redhat grub2 will always fail when installing to EFI paths, to encourage a transition to the signed shim bootloader. Partition image deploys avoid calling grub2-install with the preserve-efi-assets functions. Deploying whole disk images doesn't require grub2-install. This leaves whole disk images installed onto softraid devices, which still attempts to call grub2-install. This change will still attempt to run grub2-install in this one remaining case, but will ignore any failure. A future enhancement can avoid calling grub2-install entirely so that non-redhat secure-boot capable images can keep their signed bootloaders. Story: 2008923 Task: 42521 Change-Id: If432ef795d64d76442d739eb4f7d155ff847041e
This commit is contained in:
parent
5c063c8224
commit
a057be7dad
@ -631,34 +631,38 @@ def _install_grub2(device, root_uuid, efi_system_part_uuid=None,
|
|||||||
"Secure Boot signed binaries.", efi_partition)
|
"Secure Boot signed binaries.", efi_partition)
|
||||||
utils.execute('mount', efi_partition, efi_partition_mount_point)
|
utils.execute('mount', efi_partition, efi_partition_mount_point)
|
||||||
efi_mounted = True
|
efi_mounted = True
|
||||||
# FIXME(rg): does not work in cross boot mode case (target
|
try:
|
||||||
# boot mode differs from ramdisk one)
|
utils.execute('chroot %(path)s /bin/sh -c '
|
||||||
# Probe for the correct target (depends on the arch, example
|
'"%(bin)s-install"' %
|
||||||
# --target=x86_64-efi)
|
{'path': path, 'bin': binary_name},
|
||||||
utils.execute('chroot %(path)s /bin/sh -c '
|
shell=True,
|
||||||
'"%(bin)s-install"' %
|
env_variables={
|
||||||
{'path': path, 'bin': binary_name},
|
'PATH': path_variable
|
||||||
shell=True,
|
})
|
||||||
env_variables={
|
except processutils.ProcessExecutionError as e:
|
||||||
'PATH': path_variable
|
LOG.warning('Ignoring GRUB2 boot loader installation failure: '
|
||||||
})
|
'%s.', e)
|
||||||
# Also run grub-install with --removable, this installs grub to
|
try:
|
||||||
# the EFI fallback path. Useful if the NVRAM wasn't written
|
# Also run grub-install with --removable, this installs grub to
|
||||||
# correctly, was reset or if testing with virt as libvirt
|
# the EFI fallback path. Useful if the NVRAM wasn't written
|
||||||
# resets the NVRAM on instance start.
|
# correctly, was reset or if testing with virt as libvirt
|
||||||
# This operation is essentially a copy operation. Use of the
|
# resets the NVRAM on instance start.
|
||||||
# --removable flag, per the grub-install source code changes
|
# This operation is essentially a copy operation. Use of the
|
||||||
# the default file to be copied, destination file name, and
|
# --removable flag, per the grub-install source code changes
|
||||||
# prevents NVRAM from being updated.
|
# the default file to be copied, destination file name, and
|
||||||
# We only run grub2_install for uefi if we can't verify the
|
# prevents NVRAM from being updated.
|
||||||
# uefi bits
|
# We only run grub2_install for uefi if we can't verify the
|
||||||
utils.execute('chroot %(path)s /bin/sh -c '
|
# uefi bits
|
||||||
'"%(bin)s-install --removable"' %
|
utils.execute('chroot %(path)s /bin/sh -c '
|
||||||
{'path': path, 'bin': binary_name},
|
'"%(bin)s-install --removable"' %
|
||||||
shell=True,
|
{'path': path, 'bin': binary_name},
|
||||||
env_variables={
|
shell=True,
|
||||||
'PATH': path_variable
|
env_variables={
|
||||||
})
|
'PATH': path_variable
|
||||||
|
})
|
||||||
|
except processutils.ProcessExecutionError as e:
|
||||||
|
LOG.warning('Ignoring GRUB2 boot loader installation failure: '
|
||||||
|
'%s.', e)
|
||||||
utils.execute('umount', efi_partition_mount_point, attempts=3,
|
utils.execute('umount', efi_partition_mount_point, attempts=3,
|
||||||
delay_on_retry=True)
|
delay_on_retry=True)
|
||||||
efi_mounted = False
|
efi_mounted = False
|
||||||
|
@ -1675,6 +1675,21 @@ efibootmgr: ** Warning ** : Boot0005 has same label ironic1\n
|
|||||||
mock_is_md_device,
|
mock_is_md_device,
|
||||||
mock_execute, mock_dispatch):
|
mock_execute, mock_dispatch):
|
||||||
|
|
||||||
|
# return success for every execute call
|
||||||
|
mock_execute.side_effect = [('', '')] * 21
|
||||||
|
|
||||||
|
# make grub2-install calls fail
|
||||||
|
grub_failure = processutils.ProcessExecutionError(
|
||||||
|
stdout='',
|
||||||
|
stderr='grub2-install: error: this utility cannot be used '
|
||||||
|
'for EFI platforms because it does not support '
|
||||||
|
'UEFI Secure Boot.\n',
|
||||||
|
exit_code=1,
|
||||||
|
cmd='grub2-install'
|
||||||
|
)
|
||||||
|
mock_execute.side_effect[9] = grub_failure
|
||||||
|
mock_execute.side_effect[10] = grub_failure
|
||||||
|
|
||||||
mock_get_part_uuid.side_effect = [self.fake_root_part,
|
mock_get_part_uuid.side_effect = [self.fake_root_part,
|
||||||
self.fake_efi_system_part]
|
self.fake_efi_system_part]
|
||||||
environ_mock.get.return_value = '/sbin'
|
environ_mock.get.return_value = '/sbin'
|
||||||
@ -1686,7 +1701,10 @@ efibootmgr: ** Warning ** : Boot0005 has same label ironic1\n
|
|||||||
efi_system_part_uuid=self.fake_efi_system_part_uuid,
|
efi_system_part_uuid=self.fake_efi_system_part_uuid,
|
||||||
target_boot_mode='uefi')
|
target_boot_mode='uefi')
|
||||||
|
|
||||||
expected = [mock.call('mount', '/dev/fake2', self.fake_dir),
|
expected = [mock.call('partx', '-u', '/dev/fake', attempts=3,
|
||||||
|
delay_on_retry=True),
|
||||||
|
mock.call('udevadm', 'settle'),
|
||||||
|
mock.call('mount', '/dev/fake2', self.fake_dir),
|
||||||
mock.call('mount', '-o', 'bind', '/dev',
|
mock.call('mount', '-o', 'bind', '/dev',
|
||||||
self.fake_dir + '/dev'),
|
self.fake_dir + '/dev'),
|
||||||
mock.call('mount', '-o', 'bind', '/proc',
|
mock.call('mount', '-o', 'bind', '/proc',
|
||||||
|
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Recent releases of redhat grub2 will always fail when installing to EFI
|
||||||
|
paths, to encourage a transition to the signed shim bootloader. Partition
|
||||||
|
image deploys avoid calling grub2-install with the preserve-efi-assets
|
||||||
|
functions. Deploying whole disk images doesn't require grub2-install. This
|
||||||
|
leaves whole disk images installed onto softraid devices, which still calls
|
||||||
|
grub2-install. Running grub2-install is still attempted in this one
|
||||||
|
remaining case, but any failures are now ignored.
|
Loading…
Reference in New Issue
Block a user