Use centos grub artifacts with centos ramdisk for vmedia

It appears we are getting an opcode error when attempting to boot Centos 9-stream utilizing the EFI artifacts from Ubuntu. Technically this should work, however further aftifacts in the boot chain may be signed with other key credentials that Ubuntu's grub does not know about, because the chain of trust is MSFT -> Vendor shim (slow change rate) -> Vendor GRUB -> Kernel Where vendor differences should never work, is if Secure Boot is enforcing. Exception on launch: X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! A similar Debian bug is open for a very similar issue: https://groups.google.com/g/linux.debian.bugs.dist/c/BOiLLeROrmo However, no additional comments or information have been in follow up to that reported issue. So in the mean time, we're going to try and do what those smarter than I recommend, use the vendor's binaries for their distribution. There is one further, potentially far more depressing possibility, that centos9's kernel doesn't support the type of hardware we're getting. This is suggested by the precise opcode error, UD, https://xem.github.io/minix86/manual/intel-x86-and-64-manual-vol3/o_fe12b1e2a880e0ce-212.html But again, easiest possibility first. Change-Id: Id9bd30bc3c2f1076555317e4a3f277725fa7c1f4
2023-01-03 11:06:27 -08:00 · 2023-01-03 11:06:27 -08:00 · 1d07be8237
commit 1d07be8237
parent 6b84fbf8f2
2 changed files with 14 additions and 3 deletions
--- a/devstack/lib/ironic
+++ b/devstack/lib/ironic
@ -2943,8 +2943,16 @@ function upload_baremetal_ironic_efiboot {

        sudo mkdir -p $efiboot_mount/efi/boot

-        sudo cp "$IRONIC_GRUB2_SHIM_FILE" $efiboot_mount/efi/boot/bootx64.efi
-        sudo cp "$IRONIC_GRUB2_FILE" $efiboot_mount/efi/boot/grubx64.efi
+        if [[ "$IRONIC_GRUB2_SHIM_FILE" =~ "http".* ]]; then
+            sudo wget "$IRONIC_GRUB2_SHIM_FILE" -O $efiboot_mount/efi/boot/bootx64.efi
+        else
+            sudo cp "$IRONIC_GRUB2_SHIM_FILE" $efiboot_mount/efi/boot/bootx64.efi
+        fi
+        if [[ "$IRONIC_GRUB2_FILE" =~ "http".* ]]; then
+            sudo wget "$IRONIC_GRUB2_FILE" -O $efiboot_mount/efi/boot/grubx64.efi
+        else
+            sudo cp "$IRONIC_GRUB2_FILE" $efiboot_mount/efi/boot/grubx64.efi
+        fi

        sudo umount $efiboot_mount

@ -2981,7 +2989,7 @@ function upload_baremetal_ironic_efiboot {
        # NOTE(dtantsur): this is likely incorrect
        efi_grub_path=EFI/BOOT/grub.cfg
    fi
-    iniset $IRONIC_CONF_FILE DEFAULT grub_config_path $efi_grub_path
+    iniset $IRONIC_CONF_FILE DEFAULT grub_config_path ${IRONIC_GRUB2_CONFIG_PATH:-$efi_grub_path}
 }

 # build deploy kernel+ramdisk, then upload them to glance
--- a/zuul.d/ironic-jobs.yaml
+++ b/zuul.d/ironic-jobs.yaml
@ -299,6 +299,9 @@
        # result and makes this job VERY sensitive to heavy disk IO of the
        # underlying hypervisor/cloud.
        IRONIC_CALLBACK_TIMEOUT: 800
+        IRONIC_GRUB2_SHIM_FILE: https://mirror.iad3.inmotion.opendev.org/centos-stream/9-stream/BaseOS/x86_64/os/EFI/BOOT/BOOTX64.EFI
+        IRONIC_GRUB2_FILE: https://mirror.iad3.inmotion.opendev.org/centos-stream/9-stream/BaseOS/x86_64/os/EFI/BOOT/grubx64.efi
+        IRONIC_GRUB2_CONFIG_PATH: EFI/BOOT/grub.cfg
      devstack_services:
        s-account: True
        s-container: True