Fixes #37653 - Always load local disk's GRUB2 configuration

... instead of using chainloading when SecureBoot is disabled. This standardizes the procedure under UEFI for both cases. This also allows us to boot systems with host and vendor specific GRUB2 binaries which do not support the `connectefi` command (EL GRUB2 only). The `connectefi` command is required for a successful `chainloader` command usage.
theforeman · Jul 17, 2024 · 16bb94c · 16bb94c
1 parent 7ce3336
commit 16bb94c
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 625 deletions.
diff --git a/app/views/unattended/provisioning_templates/snippet/pxegrub2_chainload.erb b/app/views/unattended/provisioning_templates/snippet/pxegrub2_chainload.erb
@@ -4,28 +4,11 @@ name: pxegrub2_chainload
 model: ProvisioningTemplate
 snippet: true
 description: |
-  In Foreman's typical PXE workflow, managed hosts are configured to always boot from network and inventory build flag dictates if they should boot into installer (build is on) or boot from local drive (build is off). This template is used to chainload from EFI ESP for systems which booted from network. It is not as straightforward as in BIOS and EFI boot file must be found on an ESP partition.
+  In Foreman's typical PXE workflow, managed hosts are configured to always boot from network and inventory build flag dictates if they should boot into installer (build is on) or boot from local drive (build is off). This template is used to load the GRUB2 configuration file from local EFI ESP for systems which booted from network.
 
   This will only be needed when provisioned hosts are set to boot from network, typically EFI firmware implementations overrides boot order after new OS installation. This behavior can be set in EFI, or "efi_bootentry" host parameter can be set to "previous" to override boot order back to previous (network) setting. See efibootmgr_netboot snippet for more info.
 -%>
 <%
-  paths = [
-    '/EFI/fedora/shim.efi',
-    '/EFI/fedora/grubx64.efi',
-    '/EFI/redhat/shim.efi',
-    '/EFI/redhat/grubx64.efi',
-    '/EFI/centos/shim.efi',
-    '/EFI/centos/grubx64.efi',
-    '/EFI/rocky/shim.efi',
-    '/EFI/rocky/grubx64.efi',
-    '/EFI/almalinux/shim.efi',
-    '/EFI/almalinux/grubx64.efi',
-    '/EFI/debian/grubx64.efi',
-    '/EFI/ubuntu/grubx64.efi',
-    '/EFI/sles/grubx64.efi',
-    '/EFI/opensuse/grubx64.efi',
-    '/EFI/Microsoft/boot/bootmgfw.efi'
-  ]
   config_paths = [
     '/EFI/fedora/grub.cfg',
     '/EFI/redhat/grub.cfg',
@@ -42,37 +25,7 @@ insmod part_gpt
 insmod fat
 insmod chain
 
-echo "VMWare hosts with QuickBoot feature enabled may not find the local ESP"
-echo "partition due to not initializing all the EFI devices. To address this,"
-echo "use an up-to-date grub2 (*) version and include the "connectefi scsi" statement"
-echo "as provided below. If you're using an older grub2 version or"
-echo "the "connectefi" option isn't recognized by your grub2, grub2 will print a error"
-echo "like 'can't find command connectefi' but the boot process will continue."
-echo "For hosts, you can omit this by adding a (global) parameter to 'grub2-connectefi=false'."
-echo "For the default GRUB2 script, you can omit this by setting the"
-echo "default_connectefi_option below to 'false'."
-echo "Valid values of 'grub2-connectefi' parameter: false, scsi, pciroot"
-echo
-echo "Virtual or physical hosts using Software RAID for the ESP partition may try"
-echo "booting on the Software RAID, which will fail. To workaround, upgrade to the"
-echo "latest grub2 (*) and add "--efidisk-only" argument to the "search" command in"
-echo "the grub2_chainload template."
-echo
-echo "(*) grub2-efi-x64-2.02-122.el8 (upstream doesn't have the patches yet)"
-echo
-<%=
-  default_connectefi_option = 'scsi'
-  connectefi_option = @host ? host_param('grub2-connectefi', default_connectefi_option) : default_connectefi_option
-  connectefi_option = nil if connectefi_option == 'false'
-  "connectefi #{connectefi_option}" if connectefi_option
-%>
-
-if [ "${lockdown}" == "y" ]; then
-  if [ "${default}" == "local" ]; then
-    set default="grub_config"
-  fi
-
-  menuentry 'Loading GRUB2 config from ESP' --id grub_config {
+menuentry 'Loading GRUB2 config from ESP' --id local {
 <%
   config_paths.each do |config_path|
 -%>
@@ -86,31 +39,10 @@ if [ "${lockdown}" == "y" ]; then
 <%
   end
 -%>
-  }
-fi
 
-menuentry 'Chainload Grub2 EFI from ESP' --id local_chain_hd0 {
-  echo "Chainloading Grub2 EFI from ESP, enabled devices for booting:"
-  ls
-<%
-  paths.each do |path|
--%>
-  echo "Trying <%= path %> "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot <%= path %>
-  if [ -f ($chroot)<%= path %> ]; then
-    chainloader ($chroot)<%= path %>
-    echo "Found <%= path %> at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-<%
-  end
--%>
-  echo "Partition with known EFI file not found, you may want to drop to grub shell"
-  echo "and investigate available files updating 'pxegrub2_chainload' template and"
-  echo "the list of known filepaths for probing. Available devices are:"
+  echo "EFI partition with GRUB2 configuration file not found, you may want to drop
+  echo "to grub shell and investigate available files updating 'pxegrub2_chainload'
+  echo "template and the list of known filepaths for probing. Available devices are:"
   echo
   ls
   echo

diff --git a/...er/snapshots/ProvisioningTemplate/PXEGrub2/PXEGrub2_default_local_boot.host4dhcp.snap.txt b/...er/snapshots/ProvisioningTemplate/PXEGrub2/PXEGrub2_default_local_boot.host4dhcp.snap.txt
@@ -6,32 +6,7 @@ insmod part_gpt
 insmod fat
 insmod chain
 
-echo "VMWare hosts with QuickBoot feature enabled may not find the local ESP"
-echo "partition due to not initializing all the EFI devices. To address this,"
-echo "use an up-to-date grub2 (*) version and include the "connectefi scsi" statement"
-echo "as provided below. If you're using an older grub2 version or"
-echo "the "connectefi" option isn't recognized by your grub2, grub2 will print a error"
-echo "like 'can't find command connectefi' but the boot process will continue."
-echo "For hosts, you can omit this by adding a (global) parameter to 'grub2-connectefi=false'."
-echo "For the default GRUB2 script, you can omit this by setting the"
-echo "default_connectefi_option below to 'false'."
-echo "Valid values of 'grub2-connectefi' parameter: false, scsi, pciroot"
-echo
-echo "Virtual or physical hosts using Software RAID for the ESP partition may try"
-echo "booting on the Software RAID, which will fail. To workaround, upgrade to the"
-echo "latest grub2 (*) and add "--efidisk-only" argument to the "search" command in"
-echo "the grub2_chainload template."
-echo
-echo "(*) grub2-efi-x64-2.02-122.el8 (upstream doesn't have the patches yet)"
-echo
-connectefi scsi
-
-if [ "${lockdown}" == "y" ]; then
-  if [ "${default}" == "local" ]; then
-    set default="grub_config"
-  fi
-
-  menuentry 'Loading GRUB2 config from ESP' --id grub_config {
+menuentry 'Loading GRUB2 config from ESP' --id local {
   echo "Trying /EFI/fedora/grub.cfg"
   unset chroot
   # add --efidisk-only when using Software RAID
@@ -95,165 +70,10 @@ if [ "${lockdown}" == "y" ]; then
   if [ -f ($chroot)/EFI/opensuse/grub.cfg ]; then
     configfile ($chroot)/EFI/opensuse/grub.cfg
   fi
-  }
-fi
 
-menuentry 'Chainload Grub2 EFI from ESP' --id local_chain_hd0 {
-  echo "Chainloading Grub2 EFI from ESP, enabled devices for booting:"
-  ls
-  echo "Trying /EFI/fedora/shim.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/fedora/shim.efi
-  if [ -f ($chroot)/EFI/fedora/shim.efi ]; then
-    chainloader ($chroot)/EFI/fedora/shim.efi
-    echo "Found /EFI/fedora/shim.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/fedora/grubx64.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/fedora/grubx64.efi
-  if [ -f ($chroot)/EFI/fedora/grubx64.efi ]; then
-    chainloader ($chroot)/EFI/fedora/grubx64.efi
-    echo "Found /EFI/fedora/grubx64.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/redhat/shim.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/redhat/shim.efi
-  if [ -f ($chroot)/EFI/redhat/shim.efi ]; then
-    chainloader ($chroot)/EFI/redhat/shim.efi
-    echo "Found /EFI/redhat/shim.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/redhat/grubx64.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/redhat/grubx64.efi
-  if [ -f ($chroot)/EFI/redhat/grubx64.efi ]; then
-    chainloader ($chroot)/EFI/redhat/grubx64.efi
-    echo "Found /EFI/redhat/grubx64.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/centos/shim.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/centos/shim.efi
-  if [ -f ($chroot)/EFI/centos/shim.efi ]; then
-    chainloader ($chroot)/EFI/centos/shim.efi
-    echo "Found /EFI/centos/shim.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/centos/grubx64.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/centos/grubx64.efi
-  if [ -f ($chroot)/EFI/centos/grubx64.efi ]; then
-    chainloader ($chroot)/EFI/centos/grubx64.efi
-    echo "Found /EFI/centos/grubx64.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/rocky/shim.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/rocky/shim.efi
-  if [ -f ($chroot)/EFI/rocky/shim.efi ]; then
-    chainloader ($chroot)/EFI/rocky/shim.efi
-    echo "Found /EFI/rocky/shim.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/rocky/grubx64.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/rocky/grubx64.efi
-  if [ -f ($chroot)/EFI/rocky/grubx64.efi ]; then
-    chainloader ($chroot)/EFI/rocky/grubx64.efi
-    echo "Found /EFI/rocky/grubx64.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/almalinux/shim.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/almalinux/shim.efi
-  if [ -f ($chroot)/EFI/almalinux/shim.efi ]; then
-    chainloader ($chroot)/EFI/almalinux/shim.efi
-    echo "Found /EFI/almalinux/shim.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/almalinux/grubx64.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/almalinux/grubx64.efi
-  if [ -f ($chroot)/EFI/almalinux/grubx64.efi ]; then
-    chainloader ($chroot)/EFI/almalinux/grubx64.efi
-    echo "Found /EFI/almalinux/grubx64.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/debian/grubx64.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/debian/grubx64.efi
-  if [ -f ($chroot)/EFI/debian/grubx64.efi ]; then
-    chainloader ($chroot)/EFI/debian/grubx64.efi
-    echo "Found /EFI/debian/grubx64.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/ubuntu/grubx64.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/ubuntu/grubx64.efi
-  if [ -f ($chroot)/EFI/ubuntu/grubx64.efi ]; then
-    chainloader ($chroot)/EFI/ubuntu/grubx64.efi
-    echo "Found /EFI/ubuntu/grubx64.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/sles/grubx64.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/sles/grubx64.efi
-  if [ -f ($chroot)/EFI/sles/grubx64.efi ]; then
-    chainloader ($chroot)/EFI/sles/grubx64.efi
-    echo "Found /EFI/sles/grubx64.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/opensuse/grubx64.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/opensuse/grubx64.efi
-  if [ -f ($chroot)/EFI/opensuse/grubx64.efi ]; then
-    chainloader ($chroot)/EFI/opensuse/grubx64.efi
-    echo "Found /EFI/opensuse/grubx64.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Trying /EFI/Microsoft/boot/bootmgfw.efi "
-  unset chroot
-  # add --efidisk-only when using Software RAID
-  search --file --no-floppy --set=chroot /EFI/Microsoft/boot/bootmgfw.efi
-  if [ -f ($chroot)/EFI/Microsoft/boot/bootmgfw.efi ]; then
-    chainloader ($chroot)/EFI/Microsoft/boot/bootmgfw.efi
-    echo "Found /EFI/Microsoft/boot/bootmgfw.efi at $chroot, attempting to chainboot it..."
-    sleep 2
-    boot
-  fi
-  echo "Partition with known EFI file not found, you may want to drop to grub shell"
-  echo "and investigate available files updating 'pxegrub2_chainload' template and"
-  echo "the list of known filepaths for probing. Available devices are:"
+  echo "EFI partition with GRUB2 configuration file not found, you may want to drop
+  echo "to grub shell and investigate available files updating 'pxegrub2_chainload'
+  echo "template and the list of known filepaths for probing. Available devices are:"
   echo
   ls
   echo