Bug 1672498
| Summary: | Change permissions for grub2/shim.efi | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Jitendra Yejare <jyejare> | ||||||
| Component: | Packaging | Assignee: | Jitendra Yejare <jyejare> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Jitendra Yejare <jyejare> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 6.5.0 | CC: | lzap, rabajaj | ||||||
| Target Milestone: | 6.5.0 | Keywords: | Triaged | ||||||
| Target Release: | Unused | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2019-05-14 12:40:00 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Changing the component to packaging actually. The file is under puppet control but puppet does not manage permissions. I initially flipped the BZ to installer team because shim.efi is being deployed by puppet: https://bugzilla.redhat.com/show_bug.cgi?id=1672498 but today I realized that puppet does not manage permissions of the file. Downstream we do have a package foreman-bootloaders-redhat and script called foreman-generate-bootloaders that does execute upon RPM install. So we need a slight change in foreman-generate-bootloaders script. REL-ENG: Please modify the foreman-generate-bootloaders script in dist-git foreman-bootloaders-redhat and modify as follows: diff --git a/foreman-generate-bootloaders b/foreman-generate-bootloaders index d994ef6..f20e8a1 100755 --- a/foreman-generate-bootloaders +++ b/foreman-generate-bootloaders @@ -50,3 +50,5 @@ fi check_pkg shim-ia32 check_pkg shim-x64 cp -f /boot/efi/EFI/*/shim*.efi /var/lib/tftpboot/grub2 +chmod 644 /var/lib/tftpboot/grub2/*.efi +chown root:root /var/lib/tftpboot/grub2/*.efi Created attachment 1548122 [details]
[Verified Screenshot] Discovery_Boot_grub2
Verified!
@ Satellite 6.5 snap 21
Steps:
--------
Steps to Reproduce:
1. Setup Discovery on Satellite server (setup DHCP, TFTP and DNS on sat server only).
2. Build the pxe grub2 default template for UEFI discovery.
3. PXE Boot the UEFI firmware bare metal system to be discovered by satellite.
Observation:
The UEFI system pxe booted successfully with shim.efi file from satellite.
Screenshot is attached.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222 |
Created attachment 1527032 [details] PXE UEFI Discovery Failed Description of problem: The UEFI host was unable to boot the grub2/shim.efi(was saying efi is of size 0 Bytes). On digging more, I came to know that the shim.efi don't have any permission to group and others. It has rwx permissions to owner only. Also, both owner and group were set to root for shim.efi. I set 755 permission to the shim.efi and set owner to foreman-proxy and then the UEFI host was pxe booted successfully. Version-Release number of selected component (if applicable): Satellite 6.5 snap 13 How reproducible: Steps to Reproduce: 1. Setup Discovery on Satellite server (setup DHCP, TFTP and DNS on sat server only). 2. Build the pxe grub2 default template for UEFI discovery. 3. PXE Boot the UEFI firmware bare metal system to be discovered by satellite. Actual results: Discovery is failed with system showing the shim.efi is of 0 bytes and hence error : PXE-E23: Client received TFTP error from server. [screenshot attached] Expected results: The UEFI system should be pxe booted and discovered successfully using shim.efi Additional info: Setting correct permissions to shim.efi and retrying discovery works as stated in description.