diff --git a/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml b/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml index e84883ca8e2..bf0c094837f 100644 --- a/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml +++ b/pkg/features/embedded/cloud-config-essentials/system/oem/08_boot_assessment.yaml @@ -16,22 +16,14 @@ stages: # enable_boot_assessment to 'yes'. # This can be then customized easily by having a cloud-config file which always enables boot assessment on # the boot stage. - - &remountEFIrw - name: "Mounting EFI as RW" - if: 'mountpoint -q /run/elemental/efi' - commands: - - mount -o rw,remount /run/elemental/efi - name: "Remove GRUB sentinels" if: '[ -f "/run/elemental/active_mode" ]' commands: - | + mount -o rw,remount /run/elemental/efi grub2-editenv /run/elemental/efi/boot_assessment set enable_boot_assessment= grub2-editenv /run/elemental/efi/boot_assessment set boot_assessment_tentative= - - &remountEFIro - name: "Mounting EFI as RO" - if: 'mountpoint -q /run/elemental/efi' - commands: - - mount -o ro,remount /run/elemental/efi + mount -o ro,remount /run/elemental/efi - name: "Create upgrade failure sentinel if necessary" if: cat /proc/cmdline | grep -q "upgrade_failure" files: @@ -40,17 +32,28 @@ stages: permissions: 0600 owner: 0 group: 0 + after-install: # After install, reset, and upgrade, we install additional GRUB configuration for boot assessment into COS_GRUB. + # Note we mount efi partition in a new location in order workaround potentially different + # mountpoints across install, reset and upgrade commands. + # Here we hook the boot assessment configuration to 'grubcustom' # we do that selectively in order to just "append" eventual other configuration provided. - # XXX: maybe we should just write to /grubcustom and override any other custom grub? + - &efimount + name: "Mount efi" + commands: + - | + EFIDIR=/tmp/mnt/EFI + EFI=$(blkid --list-one --output device --match-token PARTLABEL=efi || true) + mkdir -p $EFIDIR || true + mount ${EFI} $EFIDIR - &customhook name: "Hook boot assessment grub configuration" - if: '[ ! -f "/run/elemental/efi/grubcustom" ]' + if: '[ ! -f "/tmp/mnt/EFI/grubcustom" ]' files: - - path: "/run/elemental/efi/grubcustom" + - path: "/tmp/mnt/EFI/grubcustom" permissions: 0600 content: | set bootfile="/grub_boot_assessment" @@ -58,6 +61,11 @@ stages: if [ "${bootfile_loc}" ]; then source "(${bootfile_loc})${bootfile}" fi + - &efiumount + name: "Mount efi" + commands: + - | + umount /tmp/mnt/EFI # Overrides the active cmdline by adding "rd.emergency=reboot", "rd.shell=0" and "panic=5" # so that any failure in booting initramfs or kernel loading results in a reboot. @@ -69,9 +77,9 @@ stages: # - &bootgrub name: "Add boot assessment grub configuration" - if: '[ ! -f "/run/elemental/efi/grub_boot_assessment" ]' + if: '[ ! -f "/tmp/mnt/EFI/grub_boot_assessment" ]' files: - - path: "/run/elemental/efi/grub_boot_assessment" + - path: "/tmp/mnt/EFI/grub_boot_assessment" owner: 0 group: 0 permissions: 0600 @@ -96,28 +104,28 @@ stages: # Here we do enable boot assessment for the next bootup. # Similarly, we could trigger boot assessment in other cases after-upgrade: - - <<: *remountEFIrw + - <<: *efimount - name: "Set upgrade sentinel on active" if: '[ ! -f "/run/elemental/recovery_mode" ]' commands: - - grub2-editenv /run/elemental/efi/boot_assessment set enable_boot_assessment=yes + - grub2-editenv /tmp/mnt/EFI/boot_assessment set enable_boot_assessment=yes - name: "Set upgrade sentinel on recovery" if: '[ -f "/run/elemental/recovery_mode" ]' commands: - - grub2-editenv /run/elemental/efi/boot_assessment set enable_boot_assessment=yes + - grub2-editenv /tmp/mnt/EFI/boot_assessment set enable_boot_assessment=yes # We do re-install hooks here if needed to track upgrades of boot assessment - <<: *customhook - <<: *bootgrub - - <<: *remountEFIro + - <<: *efiumount after-reset: - - <<: *remountEFIrw + - <<: *efimount - name: "Remove GRUB sentinels" commands: - | - grub2-editenv /run/elemental/efi/boot_assessment set enable_boot_assessment= - grub2-editenv /run/elemental/efi/boot_assessment set boot_assessment_tentative= + grub2-editenv /tmp/mnt/EFI/boot_assessment set enable_boot_assessment= + grub2-editenv /tmp/mnt/EFI/boot_assessment set boot_assessment_tentative= # Reset completely restores COS_STATE, so we re-inject ourselves - <<: *customhook - <<: *bootgrub - - <<: *remountEFIro + - <<: *efiumount