[Bug 1642298] Re: Grub package upgrades overwrites NVRAM, causing MAAS boot order to be overwritten.

Rod Smith rod.smith at canonical.com
Wed Aug 30 21:32:40 UTC 2017 

Ooh, lots of activity while I typed my last comment.

This may be beating a dead horse, but concerning comment #42, Andres, I
tried that command and got similar output:

$ ipmitool -H 10.20.30.13 -I lanplus -U user -P pass chassis bootdev pxe options=persistent,efiboot
Set Boot Device to pxe
$ ipmitool -H 10.20.30.13 -I lanplus -U user -P pass chassis bootparam get 5
Boot parameter version: 1
Boot parameter 5 is valid/unlocked
Boot parameter data: a004000000
 Boot Flags :
   - Boot Flag Valid
   - Options apply to only next boot
   - BIOS EFI boot 
   - Boot Device Selector : Force PXE
   - Console Redirection control : System Default
   - BIOS verbosity : Console redirection occurs per BIOS configuration setting (default)
   - BIOS Mux Control Override : BIOS uses recommended setting of the mux at the end of POST

On the node, efibootmgr showed an unchanged boot order, and it continued
to boot from the hard disk without PXE-booting. What's more, on reboot I
noticed that ipmitool claimed the system would boot in legacy mode:

$ ipmitool -H 10.20.30.13 -I lanplus -U user -P pass chassis bootparam get 5
Boot parameter version: 1
Boot parameter 5 is valid/unlocked
Boot parameter data: 0000000000
 Boot Flags :
   - Boot Flag Invalid
   - Options apply to only next boot
   - BIOS PC Compatible (legacy) boot 
   - Boot Device Selector : No override
   - Console Redirection control : System Default
   - BIOS verbosity : Console redirection occurs per BIOS configuration setting (default)
   - BIOS Mux Control Override : BIOS uses recommended setting of the mux at the end of POST

(Note the "BIOS PC Compatible (legacy) boot" line.) On reboot, the
system booted in EFI mode. I see similar things on other nodes that are
configured to boot in EFI mode. Thus, you really can't trust what IPMI
tells you (or what you tell it) about boot mode or boot device on an
EFI-based computer.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1642298

Title:
  Grub package upgrades overwrites NVRAM, causing MAAS boot order to be
  overwritten.

Status in curtin:
  Confirmed
Status in MAAS:
  Confirmed
Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2 source package in Trusty:
  Triaged
Status in grub2 source package in Xenial:
  Triaged
Status in grub2 source package in Yakkety:
  Triaged

Bug description:
  [Impact]
  Typically when you install Ubuntu on an EFI system, it installs a new default EFI boot entry that makes the system reboot directly into the OS. During MAAS installs, curtin is careful to disable that behavior. MAAS requires the default boot entry to remain PXE, so that it can direct the system to boot from disk or network as necessary. curtin does this by passing --no-nvram to grub-install when installing the bootloader.

  *Update*: newer curtin releases actually allow the creation of a new
  boot entry, but updates the boot menu to make PXE the default. That
  change is orthogonal to this bug.

  ***However***, this doesn't stop a new default boot entry from being
  added after deploy. If the user installs a grub package update or
  manually runs 'grub-install', booting from disk will become the
  default, and MAAS will lose control of the system.

  [Proposed Solution (er... glorified workaround)]
  The GRUB package in zesty now has support for setting the --no-nvram flag *persistently*. This is implemented via a debconf template (grub2/update_nvram). If curtin sets this flag to "false" during install, post-deploy grub updates will also pass the --no-nvram flag when running grub-install.

  This isn't a perfect solution - users can still call grub-install
  manually and omit this flag.

  [Test Case]
   - MAAS deploy an EFI system.
   - After deploy, login and run 'sudo apt --reinstall install grub-efi-$(dpkg --print-architecture)
   - Reboot and observe that the system does not PXE boot.

  [Regression Risk]
   - The GRUB implementation does not change the defaults of the package. The user would need to opt-in to the "grub2/update_nvram=false". This option is also only presented to users who specifically request a low debconf priority (e.g. expert mode installs).
   - XXX curtin risk XXX

To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1642298/+subscriptions

More information about the foundations-bugs mailing list