summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ironic_python_agent/extensions/image.py60
-rw-r--r--ironic_python_agent/tests/unit/extensions/test_image.py20
-rw-r--r--releasenotes/notes/ignore-grub-efi-fail-dcf7eb07f61f4388.yaml10
3 files changed, 61 insertions, 29 deletions
diff --git a/ironic_python_agent/extensions/image.py b/ironic_python_agent/extensions/image.py
index 9f776524..3fe5cc59 100644
--- a/ironic_python_agent/extensions/image.py
+++ b/ironic_python_agent/extensions/image.py
@@ -631,34 +631,38 @@ def _install_grub2(device, root_uuid, efi_system_part_uuid=None,
"Secure Boot signed binaries.", efi_partition)
utils.execute('mount', efi_partition, efi_partition_mount_point)
efi_mounted = True
- # FIXME(rg): does not work in cross boot mode case (target
- # boot mode differs from ramdisk one)
- # Probe for the correct target (depends on the arch, example
- # --target=x86_64-efi)
- utils.execute('chroot %(path)s /bin/sh -c '
- '"%(bin)s-install"' %
- {'path': path, 'bin': binary_name},
- shell=True,
- env_variables={
- 'PATH': path_variable
- })
- # Also run grub-install with --removable, this installs grub to
- # the EFI fallback path. Useful if the NVRAM wasn't written
- # correctly, was reset or if testing with virt as libvirt
- # resets the NVRAM on instance start.
- # This operation is essentially a copy operation. Use of the
- # --removable flag, per the grub-install source code changes
- # the default file to be copied, destination file name, and
- # prevents NVRAM from being updated.
- # We only run grub2_install for uefi if we can't verify the
- # uefi bits
- utils.execute('chroot %(path)s /bin/sh -c '
- '"%(bin)s-install --removable"' %
- {'path': path, 'bin': binary_name},
- shell=True,
- env_variables={
- 'PATH': path_variable
- })
+ try:
+ utils.execute('chroot %(path)s /bin/sh -c '
+ '"%(bin)s-install"' %
+ {'path': path, 'bin': binary_name},
+ shell=True,
+ env_variables={
+ 'PATH': path_variable
+ })
+ except processutils.ProcessExecutionError as e:
+ LOG.warning('Ignoring GRUB2 boot loader installation failure: '
+ '%s.', e)
+ try:
+ # Also run grub-install with --removable, this installs grub to
+ # the EFI fallback path. Useful if the NVRAM wasn't written
+ # correctly, was reset or if testing with virt as libvirt
+ # resets the NVRAM on instance start.
+ # This operation is essentially a copy operation. Use of the
+ # --removable flag, per the grub-install source code changes
+ # the default file to be copied, destination file name, and
+ # prevents NVRAM from being updated.
+ # We only run grub2_install for uefi if we can't verify the
+ # uefi bits
+ utils.execute('chroot %(path)s /bin/sh -c '
+ '"%(bin)s-install --removable"' %
+ {'path': path, 'bin': binary_name},
+ shell=True,
+ env_variables={
+ 'PATH': path_variable
+ })
+ except processutils.ProcessExecutionError as e:
+ LOG.warning('Ignoring GRUB2 boot loader installation failure: '
+ '%s.', e)
utils.execute('umount', efi_partition_mount_point, attempts=3,
delay_on_retry=True)
efi_mounted = False
diff --git a/ironic_python_agent/tests/unit/extensions/test_image.py b/ironic_python_agent/tests/unit/extensions/test_image.py
index e2b633a7..599a1973 100644
--- a/ironic_python_agent/tests/unit/extensions/test_image.py
+++ b/ironic_python_agent/tests/unit/extensions/test_image.py
@@ -1675,6 +1675,21 @@ efibootmgr: ** Warning ** : Boot0005 has same label ironic1\n
mock_is_md_device,
mock_execute, mock_dispatch):
+ # return success for every execute call
+ mock_execute.side_effect = [('', '')] * 21
+
+ # make grub2-install calls fail
+ grub_failure = processutils.ProcessExecutionError(
+ stdout='',
+ stderr='grub2-install: error: this utility cannot be used '
+ 'for EFI platforms because it does not support '
+ 'UEFI Secure Boot.\n',
+ exit_code=1,
+ cmd='grub2-install'
+ )
+ mock_execute.side_effect[9] = grub_failure
+ mock_execute.side_effect[10] = grub_failure
+
mock_get_part_uuid.side_effect = [self.fake_root_part,
self.fake_efi_system_part]
environ_mock.get.return_value = '/sbin'
@@ -1686,7 +1701,10 @@ efibootmgr: ** Warning ** : Boot0005 has same label ironic1\n
efi_system_part_uuid=self.fake_efi_system_part_uuid,
target_boot_mode='uefi')
- expected = [mock.call('mount', '/dev/fake2', self.fake_dir),
+ expected = [mock.call('partx', '-u', '/dev/fake', attempts=3,
+ delay_on_retry=True),
+ mock.call('udevadm', 'settle'),
+ mock.call('mount', '/dev/fake2', self.fake_dir),
mock.call('mount', '-o', 'bind', '/dev',
self.fake_dir + '/dev'),
mock.call('mount', '-o', 'bind', '/proc',
diff --git a/releasenotes/notes/ignore-grub-efi-fail-dcf7eb07f61f4388.yaml b/releasenotes/notes/ignore-grub-efi-fail-dcf7eb07f61f4388.yaml
new file mode 100644
index 00000000..87b00b93
--- /dev/null
+++ b/releasenotes/notes/ignore-grub-efi-fail-dcf7eb07f61f4388.yaml
@@ -0,0 +1,10 @@
+---
+fixes:
+ - |
+ Recent releases of redhat grub2 will always fail when installing to EFI
+ paths, to encourage a transition to the signed shim bootloader. Partition
+ image deploys avoid calling grub2-install with the preserve-efi-assets
+ functions. Deploying whole disk images doesn't require grub2-install. This
+ leaves whole disk images installed onto softraid devices, which still calls
+ grub2-install. Running grub2-install is still attempted in this one
+ remaining case, but any failures are now ignored. \ No newline at end of file