From 1d07be823782eca4706f474702e37b3515bcff40 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Tue, 3 Jan 2023 11:06:27 -0800 Subject: [PATCH] Use centos grub artifacts with centos ramdisk for vmedia It appears we are getting an opcode error when attempting to boot Centos 9-stream utilizing the EFI artifacts from Ubuntu. Technically this should work, however further aftifacts in the boot chain may be signed with other key credentials that Ubuntu's grub does not know about, because the chain of trust is MSFT -> Vendor shim (slow change rate) -> Vendor GRUB -> Kernel Where vendor differences should never work, is if Secure Boot is enforcing. Exception on launch: X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! A similar Debian bug is open for a very similar issue: https://groups.google.com/g/linux.debian.bugs.dist/c/BOiLLeROrmo However, no additional comments or information have been in follow up to that reported issue. So in the mean time, we're going to try and do what those smarter than I recommend, use the vendor's binaries for their distribution. There is one further, potentially far more depressing possibility, that centos9's kernel doesn't support the type of hardware we're getting. This is suggested by the precise opcode error, UD, https://xem.github.io/minix86/manual/intel-x86-and-64-manual-vol3/o_fe12b1e2a880e0ce-212.html But again, easiest possibility first. Change-Id: Id9bd30bc3c2f1076555317e4a3f277725fa7c1f4 --- devstack/lib/ironic | 14 +++++++++++--- zuul.d/ironic-jobs.yaml | 3 +++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/devstack/lib/ironic b/devstack/lib/ironic index aae8ca5cf3..cd27c35212 100644 --- a/devstack/lib/ironic +++ b/devstack/lib/ironic @@ -2943,8 +2943,16 @@ function upload_baremetal_ironic_efiboot { sudo mkdir -p $efiboot_mount/efi/boot - sudo cp "$IRONIC_GRUB2_SHIM_FILE" $efiboot_mount/efi/boot/bootx64.efi - sudo cp "$IRONIC_GRUB2_FILE" $efiboot_mount/efi/boot/grubx64.efi + if [[ "$IRONIC_GRUB2_SHIM_FILE" =~ "http".* ]]; then + sudo wget "$IRONIC_GRUB2_SHIM_FILE" -O $efiboot_mount/efi/boot/bootx64.efi + else + sudo cp "$IRONIC_GRUB2_SHIM_FILE" $efiboot_mount/efi/boot/bootx64.efi + fi + if [[ "$IRONIC_GRUB2_FILE" =~ "http".* ]]; then + sudo wget "$IRONIC_GRUB2_FILE" -O $efiboot_mount/efi/boot/grubx64.efi + else + sudo cp "$IRONIC_GRUB2_FILE" $efiboot_mount/efi/boot/grubx64.efi + fi sudo umount $efiboot_mount @@ -2981,7 +2989,7 @@ function upload_baremetal_ironic_efiboot { # NOTE(dtantsur): this is likely incorrect efi_grub_path=EFI/BOOT/grub.cfg fi - iniset $IRONIC_CONF_FILE DEFAULT grub_config_path $efi_grub_path + iniset $IRONIC_CONF_FILE DEFAULT grub_config_path ${IRONIC_GRUB2_CONFIG_PATH:-$efi_grub_path} } # build deploy kernel+ramdisk, then upload them to glance diff --git a/zuul.d/ironic-jobs.yaml b/zuul.d/ironic-jobs.yaml index f311ef1ecb..58d9de525d 100644 --- a/zuul.d/ironic-jobs.yaml +++ b/zuul.d/ironic-jobs.yaml @@ -299,6 +299,9 @@ # result and makes this job VERY sensitive to heavy disk IO of the # underlying hypervisor/cloud. IRONIC_CALLBACK_TIMEOUT: 800 + IRONIC_GRUB2_SHIM_FILE: https://mirror.iad3.inmotion.opendev.org/centos-stream/9-stream/BaseOS/x86_64/os/EFI/BOOT/BOOTX64.EFI + IRONIC_GRUB2_FILE: https://mirror.iad3.inmotion.opendev.org/centos-stream/9-stream/BaseOS/x86_64/os/EFI/BOOT/grubx64.efi + IRONIC_GRUB2_CONFIG_PATH: EFI/BOOT/grub.cfg devstack_services: s-account: True s-container: True