Bug 1871257

Summary: Change kexec options used on FDI to work on systems using UEFI + SecureBoot
Product: Red Hat Satellite Reporter: Joniel Pasqualetto <jpasqual>
Component: Discovery ImageAssignee: Lukas Zapletal <lzap>
Status: CLOSED ERRATA QA Contact: Roman Plevka <rplevka>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.7.0CC: egolov, lzap, rabajaj, wpinheir
Target Milestone: 6.9.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tfm-rubygem-smart_proxy_discovery_image-1.3.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-21 13:17:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joniel Pasqualetto 2020-08-21 19:22:14 UTC 
Description of problem:

Currently, when using FDI, there is a single kexec command which is executed when foreman triggers the power/kexec api.

This single command only works in systems using BIOS or UEFI without SecureBoot.

It seems to be possible to kexec systems using UEFI + SecureBoot using the kexec option "-s".

Adding a condition that will check if the system is using SecureBoot and changing accordingly the kexec options to be used, would allow provisioning those systems using FDI.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Configure a VM or a physical machine to use UEFI + SecureBoot
2. Try provisioning using discovery method


Actual results:

kexec fails, in the discovered host, with error below and doesn't restart:

~~~
kexec_load failed: Operation not permitted
~~~

Expected results:

kexec load would work and start provisioning

Additional info:

There is a PR upstream. Will link the BZ to it.
Comment 4 Bryan Kearney 2020-09-07 08:01:57 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/30680 has been resolved.
Comment 8 errata-xmlrpc 2021-04-21 13:17:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.9 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1313