diff options
-rw-r--r-- | ironic_python_agent/extensions/image.py | 60 | ||||
-rw-r--r-- | ironic_python_agent/tests/unit/extensions/test_image.py | 20 | ||||
-rw-r--r-- | releasenotes/notes/ignore-grub-efi-fail-dcf7eb07f61f4388.yaml | 10 |
3 files changed, 61 insertions, 29 deletions
diff --git a/ironic_python_agent/extensions/image.py b/ironic_python_agent/extensions/image.py index 9f776524..3fe5cc59 100644 --- a/ironic_python_agent/extensions/image.py +++ b/ironic_python_agent/extensions/image.py @@ -631,34 +631,38 @@ def _install_grub2(device, root_uuid, efi_system_part_uuid=None, "Secure Boot signed binaries.", efi_partition) utils.execute('mount', efi_partition, efi_partition_mount_point) efi_mounted = True - # FIXME(rg): does not work in cross boot mode case (target - # boot mode differs from ramdisk one) - # Probe for the correct target (depends on the arch, example - # --target=x86_64-efi) - utils.execute('chroot %(path)s /bin/sh -c ' - '"%(bin)s-install"' % - {'path': path, 'bin': binary_name}, - shell=True, - env_variables={ - 'PATH': path_variable - }) - # Also run grub-install with --removable, this installs grub to - # the EFI fallback path. Useful if the NVRAM wasn't written - # correctly, was reset or if testing with virt as libvirt - # resets the NVRAM on instance start. - # This operation is essentially a copy operation. Use of the - # --removable flag, per the grub-install source code changes - # the default file to be copied, destination file name, and - # prevents NVRAM from being updated. - # We only run grub2_install for uefi if we can't verify the - # uefi bits - utils.execute('chroot %(path)s /bin/sh -c ' - '"%(bin)s-install --removable"' % - {'path': path, 'bin': binary_name}, - shell=True, - env_variables={ - 'PATH': path_variable - }) + try: + utils.execute('chroot %(path)s /bin/sh -c ' + '"%(bin)s-install"' % + {'path': path, 'bin': binary_name}, + shell=True, + env_variables={ + 'PATH': path_variable + }) + except processutils.ProcessExecutionError as e: + LOG.warning('Ignoring GRUB2 boot loader installation failure: ' + '%s.', e) + try: + # Also run grub-install with --removable, this installs grub to + # the EFI fallback path. Useful if the NVRAM wasn't written + # correctly, was reset or if testing with virt as libvirt + # resets the NVRAM on instance start. + # This operation is essentially a copy operation. Use of the + # --removable flag, per the grub-install source code changes + # the default file to be copied, destination file name, and + # prevents NVRAM from being updated. + # We only run grub2_install for uefi if we can't verify the + # uefi bits + utils.execute('chroot %(path)s /bin/sh -c ' + '"%(bin)s-install --removable"' % + {'path': path, 'bin': binary_name}, + shell=True, + env_variables={ + 'PATH': path_variable + }) + except processutils.ProcessExecutionError as e: + LOG.warning('Ignoring GRUB2 boot loader installation failure: ' + '%s.', e) utils.execute('umount', efi_partition_mount_point, attempts=3, delay_on_retry=True) efi_mounted = False diff --git a/ironic_python_agent/tests/unit/extensions/test_image.py b/ironic_python_agent/tests/unit/extensions/test_image.py index e2b633a7..599a1973 100644 --- a/ironic_python_agent/tests/unit/extensions/test_image.py +++ b/ironic_python_agent/tests/unit/extensions/test_image.py @@ -1675,6 +1675,21 @@ efibootmgr: ** Warning ** : Boot0005 has same label ironic1\n mock_is_md_device, mock_execute, mock_dispatch): + # return success for every execute call + mock_execute.side_effect = [('', '')] * 21 + + # make grub2-install calls fail + grub_failure = processutils.ProcessExecutionError( + stdout='', + stderr='grub2-install: error: this utility cannot be used ' + 'for EFI platforms because it does not support ' + 'UEFI Secure Boot.\n', + exit_code=1, + cmd='grub2-install' + ) + mock_execute.side_effect[9] = grub_failure + mock_execute.side_effect[10] = grub_failure + mock_get_part_uuid.side_effect = [self.fake_root_part, self.fake_efi_system_part] environ_mock.get.return_value = '/sbin' @@ -1686,7 +1701,10 @@ efibootmgr: ** Warning ** : Boot0005 has same label ironic1\n efi_system_part_uuid=self.fake_efi_system_part_uuid, target_boot_mode='uefi') - expected = [mock.call('mount', '/dev/fake2', self.fake_dir), + expected = [mock.call('partx', '-u', '/dev/fake', attempts=3, + delay_on_retry=True), + mock.call('udevadm', 'settle'), + mock.call('mount', '/dev/fake2', self.fake_dir), mock.call('mount', '-o', 'bind', '/dev', self.fake_dir + '/dev'), mock.call('mount', '-o', 'bind', '/proc', diff --git a/releasenotes/notes/ignore-grub-efi-fail-dcf7eb07f61f4388.yaml b/releasenotes/notes/ignore-grub-efi-fail-dcf7eb07f61f4388.yaml new file mode 100644 index 00000000..87b00b93 --- /dev/null +++ b/releasenotes/notes/ignore-grub-efi-fail-dcf7eb07f61f4388.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + Recent releases of redhat grub2 will always fail when installing to EFI + paths, to encourage a transition to the signed shim bootloader. Partition + image deploys avoid calling grub2-install with the preserve-efi-assets + functions. Deploying whole disk images doesn't require grub2-install. This + leaves whole disk images installed onto softraid devices, which still calls + grub2-install. Running grub2-install is still attempted in this one + remaining case, but any failures are now ignored.
\ No newline at end of file |