bootupd: call bootupctl with --update-firmware #5508
Conversation
|
I haven't tested this yet, but wanted to file it as a way to flag the issue. It seems like images that use bootupd (Silverblue and IoT) do not boot after install on UEFI in openQA. I believe this is why: they don't actually write an EFI boot manager entry (I modified one openQA test to run I'm running a test build of a Silverblue image with anaconda patched with this patch ATM, and will try and get openQA to test a UEFI install and boot with it once it's done. |
AdamWill
force-pushed
the
bootupd-update-firmware
branch
from
b462dad
to
5eaf3eb
Compare
AdamWill
had a problem deploying
to
gh-cockpituous
GitHub Actions
Failure
AdamWill
force-pushed
the
bootupd-update-firmware
branch
from
5eaf3eb
to
a405c66
Compare
AdamWill
force-pushed
the
bootupd-update-firmware
branch
from
a405c66
to
d1424ea
Compare
AdamWill
had a problem deploying
to
gh-cockpituous
GitHub Actions
Failure
|
CC @cgwalters |
There was a problem hiding this comment.
This LGTM. We indeed need to do this for Atomic Desktops.
Investigation in https://pagure.io/workstation-ostree-config/pull-request/453#comment-199664
Yeah, though this is how all FCOS (and derivatives) installs work by default; coreos/fedora-coreos-tracker#946 has a lot of related bits. This also relates to the general idea of having the operating system work like cloud instances, which always start from a disk image. (This is how booting in AWS/GCP/qemu-with-uefi work etc.) But yes, it does probably make sense to do this. That said, we could also use Anaconda's code for this. If this works it's probably simplest, but the equivalent bootupd logic here is currently way less battle-tested than Anaconda's, to state the obvious. (We are testing it though in at least AWS instances with UEFI) |
|
Yeah, I think it's an environmental thing; for FCOS it's sensible since the target environment is one where we know fallback path boot works and is commonly relied upon. But this isn't really the case for desktop spins, obviously; they get installed into, er, extremely heterogeneous firmware environments ;) Even without real issues in the firmware, take the "install alongside Windows" case - if we don't write a boot manager entry, it won't be particularly obvious that in order to boot Fedora, you have to tell the firmware to do a fallback path boot from the disk you installed it to. IoT I guess is somewhere in the middle. Yeah, there's definitely some subtlety to this beyond "does it work". It seems like it does work to fix boot of a clean Silverblue install in openQA, at least. But questions I can think of: what does it call the efibootmgr entry it creates? What does it do if one with the same name already exists? How do attempts to dual boot between an anaconda-bootloader-code install and a bootupd-bootloader-code install work out? I'm downloading the image locally so I can look into at least a couple of those. BTW, on the FCOS topic - it looks like the openQA FCOS tests don't run into this because they're all run on BIOS...maybe I should flip them to UEFI... |
|
Looks like a good approach to me. However, I wonder if we want to take into account also the |
|
If it is environment dependent than it could be resolved by Anaconda configuration files |
|
I don't think we really need to not do this in some environments (unless Colin disagrees), it shouldn't cause any harm at all in cloud environments. It's just not really necessary. For the |
|
So, hum. I don't think bootupd actually has the behaviour that argument is meant to produce. Looking at the way the EFI bootloader classes work, when that argument is set, they run In bootupd, it looks like if you pass BTW, while researching this, I think the bootupd path is not implementing quite a few other pykickstart (Honestly, those |
|
So...this is a giant topic, but part of the push for bootupd is to "static" grub configuration, and not dynamic, and ideally also not per-machine. And there's an overall tension between:
It should actually work for example to drop in grub configuration into |
|
I'm not sure you could manage "don't install a bootloader at all" that way, though. (edit: of course...we probably can't manage that at all with an ostree/container-based deployment, which will have some bootloader bits baked into it. I think for old-school installs, Don't get me wrong - when I say "complete rewrite" I mean "we should probably get rid of like 75% of them and tell people to live with it". :D But as long as they all exist, I guess, we should at least consider the interface between those options and the bootupd path; at a minimum we could update the pykickstart docs to flag which options are intentionally not implemented for the bootupd path, and maybe log warnings if they're passed in the kickstart for such an install? But that seems rather beyond the scope of this PR. Given that we're already not implementing lots of other args, I'm not sure if implementing that arg should block this PR, especially if it needs changes to bootupd first? |
|
Filed https://bugzilla.redhat.com/show_bug.cgi?id=2268505 and proposed as a Beta blocker for the IoT case; it may not really be serious enough to make it a blocker, but I figured we could discuss it at least, and should at least make it an FE for the Atomic Desktops case. |
|
Good point. I agree for leaving bootloader kickstart out of this and document that. |
|
So looking into how bootupd names the entry, it seems that it calls its own This worries me a bit, because on my system, I have: Note, "dell". Which alphabetically comes before "fedora". so...er, yeah, that seems like it may cause some issues. It kinda looks like that would break creating the EFI boot manager entry (it doesn't just use the vendor dir it finds as the name of the entry, it also looks in that directory for a shim file for the entry to point to), and installing anyhow, aside from that, it seems like at least bootupd's intent is to call the entry "fedora". Which is not quite the same as "Fedora", which is what anaconda calls the entry when it makes it itself (for Fedora, anyway; it actually uses When anaconda is handling the efibootmgr install, it removes existing entries before creating its new one (unless Unlike anaconda, bootupd doesn't try to remove existing entries with the same label as the one it's going to create. It finds the |
|
That looks like an RFE on bootupd project to me. |
|
Given all of what you wrote, it feels like we should be using a subset of the logic in Anaconda as this is going to be a lot of changes on the bootupd side otherwise. So we might as well share the "efibootmgr" logic here instead of duplicating it in bootupd and having to test it all again. |
|
Yeah, so far as efibootmgr invocations go that kinda sounds sensible to me. But then should we try and move that code out somewhere for anaconda and bootupd to share? Well, we'd have to, since they're not even the same language. It might be a bit difficult to do in practice as I think anaconda's logic is quite...embedded into the whole anaconda architecture... |
|
I can't imagine it'd be a problem for the anaconda environment to depend on bootupd? Or dunno, we could split out a distinct helper binary. But anyways, this is in some distant future because as you say there's some not-small risk from touching the Anaconda code here I suspect. |
To be clear, the rationale for bootupd having this is around supporting (It'd also make sense to support running anaconda as a container for these types of flows, installing the target OS container...or I guess via What I would like to do is get #5285 merged, then we can flesh out using bootc as part of anaconda more, which will help drive some deduplication too hopefully. |
|
I agree that ideally we would have a shared tool doing that setup for us but in the meantime, in oder to make this ready for F40 (beta ideally), could we re-add some of the logic from Anaconda around EFI boot entry setup (likely things that have been skipped in #5342)? @jkonecny12 |
|
Updated:
|
|
/kickstart-test --testtype smoke |
|
I think that ideally we would have Anaconda support the following for the bootupd case:
From https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader I don't know how/where kargs are parsed/interpreted in Anaconda. Oh, we have https://anaconda-installer.readthedocs.io/en/latest/boot-options.html#boot-loader-options and https://anaconda-installer.readthedocs.io/en/latest/boot-options.html#inst-leavebootorder |
|
The main issue that we have right now is that as soon as we add bootupd to the images, this enables the bootupd code path in Anaconda and there is no way to use the other path. If we could have a variable that force one or the other that would be helpful as well. |
Agreed! |
jkonecny12
temporarily deployed
to
gh-cockpituous
GitHub Actions
Inactive
|
I've added the requested code. It needs to be tested though. |
|
/kickstart-test --testtype bootc |
|
/kickstart-test --testtype smoke |
If leavebootorder was specified through kickstart or kernel boot arguments we won't pass `--update-firmware` to bootupdctl. That will avoid creation of the UEFI entry for the bootloader and give people possibility for additional tweaking or debugging. This was requested by bootloader developers. Suggested-by: Timothée Ravier <[email protected]>
jkonecny12
force-pushed
the
bootupd-update-firmware
branch
from
7dc6ea3
to
28d1aed
Compare
jkonecny12
temporarily deployed
to
gh-cockpituous
GitHub Actions
Inactive
|
/kickstart-test --testtype smoke |
|
/kickstart-test --testtype bootc |
|
@cgwalters @travier I wasn't able to make it into today's build. Are you fine to wait for next build Tuesday or do you want me to do extra build for this change during the week? |
|
@jikortus @cgwalters do we want to backport this to RHEL branches too? |
If there was anything that couldn't wait a week we'd be sure to flag that I think.
Should definitely go into c10s relatively quickly, and let's do verification of things there, then target c9s probably too. |
jkonecny12
added
port to RHEL9
|
@jkonecny12 ACK for backporting this feature to RHEL-10, it looks useful for non-cloud use-cases. Just note that, to my best knowledge, we'll be only able to test the installation with a CS10 bootc image at this point. |
|
For testing upstream I used fedora:eln container which we are using in KS tests. |
|
Thanks for the code @jkonecny12 ! Could we get this in Rawhide? I'll push an updated bootupd & re-enable it for the Atomic Desktops in Rawhide as well. |
|
Yes, sorry we missed yesterday release because there is a fix we would like to get out. We will try to get this out today. |
With the following issues now fixed: - coreos/bootupd#630 - coreos/bootupd#658 - coreos/bootupd#551 And corresponding support in Anaconda: - rhinstaller/anaconda#5508 We can now (re-)enable bootupd for the bootable containers. After a bit of testing, we will enable it for the classic ostree ones. See: https://gitlab.com/fedora/ostree/sig/-/issues/1
This is required to write an entry to the EFI boot manager, which we ought to do (anaconda does it when installing the bootloader itself). Without this, boot of the installed system will only work if it's configured to try and boot from the hard disk using the fallback path.