From 098fc93151f5d092ed2c23608af76835681cc421 Mon Sep 17 00:00:00 2001 From: David Cassany Date: Mon, 26 Feb 2024 15:45:32 +0100 Subject: [PATCH 1/2] Fix regression introduced in 547cb932 Signed-off-by: David Cassany --- .../system/oem/08_boot_assessment.yaml | 54 +++++++++++-------- 1 file changed, 31 insertions(+), 23 deletions(-) diff --git a/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml b/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml index e84883ca8e2..bf0c094837f 100644 --- a/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml +++ b/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml @@ -16,22 +16,14 @@ stages: # enable_boot_assessment to 'yes'. # This can be then customized easily by having a cloud-config file which always enables boot assessment on # the boot stage. - - &remountEFIrw - name: "Mounting EFI as RW" - if: 'mountpoint -q /run/elemental/efi' - commands: - - mount -o rw,remount /run/elemental/efi - name: "Remove GRUB sentinels" if: '[ -f "/run/elemental/active_mode" ]' commands: - | + mount -o rw,remount /run/elemental/efi grub2-editenv /run/elemental/efi/boot_assessment set enable_boot_assessment= grub2-editenv /run/elemental/efi/boot_assessment set boot_assessment_tentative= - - &remountEFIro - name: "Mounting EFI as RO" - if: 'mountpoint -q /run/elemental/efi' - commands: - - mount -o ro,remount /run/elemental/efi + mount -o ro,remount /run/elemental/efi - name: "Create upgrade failure sentinel if necessary" if: cat /proc/cmdline | grep -q "upgrade_failure" files: @@ -40,17 +32,28 @@ stages: permissions: 0600 owner: 0 group: 0 + after-install: # After install, reset, and upgrade, we install additional GRUB configuration for boot assessment into COS_GRUB. + # Note we mount efi partition in a new location in order workaround potentially different + # mountpoints across install, reset and upgrade commands. + # Here we hook the boot assessment configuration to 'grubcustom' # we do that selectively in order to just "append" eventual other configuration provided. - # XXX: maybe we should just write to /grubcustom and override any other custom grub? + - &efimount + name: "Mount efi" + commands: + - | + EFIDIR=/tmp/mnt/EFI + EFI=$(blkid --list-one --output device --match-token PARTLABEL=efi || true) + mkdir -p $EFIDIR || true + mount ${EFI} $EFIDIR - &customhook name: "Hook boot assessment grub configuration" - if: '[ ! -f "/run/elemental/efi/grubcustom" ]' + if: '[ ! -f "/tmp/mnt/EFI/grubcustom" ]' files: - - path: "/run/elemental/efi/grubcustom" + - path: "/tmp/mnt/EFI/grubcustom" permissions: 0600 content: | set bootfile="/grub_boot_assessment" @@ -58,6 +61,11 @@ stages: if [ "${bootfile_loc}" ]; then source "(${bootfile_loc})${bootfile}" fi + - &efiumount + name: "Mount efi" + commands: + - | + umount /tmp/mnt/EFI # Overrides the active cmdline by adding "rd.emergency=reboot", "rd.shell=0" and "panic=5" # so that any failure in booting initramfs or kernel loading results in a reboot. @@ -69,9 +77,9 @@ stages: # - &bootgrub name: "Add boot assessment grub configuration" - if: '[ ! -f "/run/elemental/efi/grub_boot_assessment" ]' + if: '[ ! -f "/tmp/mnt/EFI/grub_boot_assessment" ]' files: - - path: "/run/elemental/efi/grub_boot_assessment" + - path: "/tmp/mnt/EFI/grub_boot_assessment" owner: 0 group: 0 permissions: 0600 @@ -96,28 +104,28 @@ stages: # Here we do enable boot assessment for the next bootup. # Similarly, we could trigger boot assessment in other cases after-upgrade: - - <<: *remountEFIrw + - <<: *efimount - name: "Set upgrade sentinel on active" if: '[ ! -f "/run/elemental/recovery_mode" ]' commands: - - grub2-editenv /run/elemental/efi/boot_assessment set enable_boot_assessment=yes + - grub2-editenv /tmp/mnt/EFI/boot_assessment set enable_boot_assessment=yes - name: "Set upgrade sentinel on recovery" if: '[ -f "/run/elemental/recovery_mode" ]' commands: - - grub2-editenv /run/elemental/efi/boot_assessment set enable_boot_assessment=yes + - grub2-editenv /tmp/mnt/EFI/boot_assessment set enable_boot_assessment=yes # We do re-install hooks here if needed to track upgrades of boot assessment - <<: *customhook - <<: *bootgrub - - <<: *remountEFIro + - <<: *efiumount after-reset: - - <<: *remountEFIrw + - <<: *efimount - name: "Remove GRUB sentinels" commands: - | - grub2-editenv /run/elemental/efi/boot_assessment set enable_boot_assessment= - grub2-editenv /run/elemental/efi/boot_assessment set boot_assessment_tentative= + grub2-editenv /tmp/mnt/EFI/boot_assessment set enable_boot_assessment= + grub2-editenv /tmp/mnt/EFI/boot_assessment set boot_assessment_tentative= # Reset completely restores COS_STATE, so we re-inject ourselves - <<: *customhook - <<: *bootgrub - - <<: *remountEFIro + - <<: *efiumount From 07f2330ddae2e21f35c8dbe781e5ac635953ee9e Mon Sep 17 00:00:00 2001 From: David Cassany Date: Mon, 26 Feb 2024 18:41:53 +0100 Subject: [PATCH 2/2] Update comment message Signed-off-by: David Cassany --- .../cloud-config-essentials/system/oem/08_boot_assessment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml b/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml index bf0c094837f..b984934064f 100644 --- a/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml +++ b/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml @@ -36,7 +36,7 @@ stages: after-install: # After install, reset, and upgrade, we install additional GRUB configuration for boot assessment into COS_GRUB. - # Note we mount efi partition in a new location in order workaround potentially different + # Note we mount efi partition in a new location in order workaround different # mountpoints across install, reset and upgrade commands. # Here we hook the boot assessment configuration to 'grubcustom'