Project

General

Profile

Actions

Bug #35101

open

Create /EFI/redhat symlinks in TFTP directory

Added by Lukas Zapletal almost 2 years ago. Updated over 1 year ago.

Status:
New
Priority:
Urgent
Assignee:
-
Category:
Foreman modules
Target version:
-
Difficulty:
easy
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

A change in grub2 build config (package grub2-efi file grubx64.efi) changed the base directory where grub2 tries to find configuration files. It used to be the current directory, now it changed to /EFI/redhat (or /EFI/centos or /EFI/fedora etc). While this works fine for local booting, it breaks our PXE/TFTP provisioning.

We could start building our grub via `grub2-mknetdir` which has options to configure where grub should load configuration files from, but then the bootloader will not be signed and SecureBoot will not be possible.

Therefore I suggest a workaround, let's create a relative symlinks in the TFTP directory (/var/lib/tftpboot) as follows:

  • /var/lib/tftpboot/EFI/redhat -> ../../grub2
  • /var/lib/tftpboot/EFI/centos -> ../../grub2
  • /var/lib/tftpboot/EFI/fedora -> ../../grub2

Unfortunately every distribution or RH clone has their own ESP EFI subdirectory (which is needed for multi-boot systems), therefore we need to create symlinks for all linux distributions we support.

This was reported multiple times, for example:

https://community.theforeman.org/t/provisioning-bare-metal-host-over-uefi-client-requesting-grub-cfg-in-wrong-location/29053
Alternative solution would be start building grub2 via the mknetdir and dropping support for SecureBoot for all network booting completely. This is what we do for Debian anyway because the grub2 there is not signed anyway, so we would start doing the same for Red Hat systems.

Triage: This is high-impact regression, all Red Hat / clones systems are affected.


Related issues 1 (1 open0 closed)

Related to Installer - Bug #29187: Create /EFI/BOOT -> /grub2 symlink within TFTP directoryNewLukas ZapletalActions
Actions #1

Updated by Lukas Zapletal almost 2 years ago

  • Description updated (diff)
Actions #2

Updated by Marek Hulán almost 2 years ago

  • Category set to Foreman modules
Actions #3

Updated by Marek Hulán almost 2 years ago

  • Bugzilla link set to 2101818
Actions #4

Updated by Ewoud Kohl van Wijngaarden over 1 year ago

  • Related to Bug #29187: Create /EFI/BOOT -> /grub2 symlink within TFTP directory added
Actions #5

Updated by Paul Donohue over 1 year ago

foreman-proxy strips /EFI/ from the HTTP path when reading files from the filesystem, so creating /var/lib/tftpboot/EFI/... symlinks does not fix this issue. You need symlinks like /var/lib/tftpboot/redhat -> grub2/

Actions

Also available in: Atom PDF