Re: UEFI boot order, Re: Tip: Remote FAI install
Hi, this doesn't seem to be a trivial task as the state of the boot medium prior to the fai installation as well as the UEFI settings for the single network interface both can have all kinds of states, e.g.: (of course for production I'd disable unneeded UEFI setting, in my case all IPv6 and HTTP boot options, so just the IPv4 PXE boot option usually would be active leading to the IPv4 PXE having highest boot priority and then just installed HD/NVMe medium having the second boot priority) root@jammysrv:/srv/fai/config# cat hooks/partition.GRUB_EFI #! /bin/bash # prior to disk partioning collect the UEFI boot order efibootmgr --- root@jammysrv:/srv/fai/config# less /var/log/fai/remote-logs/l65/last/fai.log ---Output [...] Calling hook: partition.GRUB_EFI BootCurrent: 0001 Timeout: 1 seconds BootOrder: 0001,0002,0003,0004,,0005 Boot* ubuntu Boot0001* UEFI: PXE IP4 Intel(R) Ethernet Connection (2) I219-V Boot0002* UEFI: HTTP IP4 Intel(R) Ethernet Connection (2) I219-V Boot0003* UEFI: HTTP IP6 Intel(R) Ethernet Connection (2) I219-V Boot0004* UEFI: PXE IP6 Intel(R) Ethernet Connection (2) I219-V Boot0005* UEFI: PXE IP6 Intel(R) Ethernet Connection (2) I219-V partition.GRUB_EFI OK. [...] root@jammysrv:/srv/fai/config# cat scripts/GRUB_EFI/01-UEFI-Collect_BootOrder #! /bin/bash error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code efibootmgr -v exit $error ---Output = shell: GRUB_EFI/01-UEFI-Collect_BootOrder = BootCurrent: 0001 Timeout: 1 seconds BootOrder: 0001,0002,0003,0004,,0005 Boot* ubuntu HD(1,GPT,6205f216-7aa2-4531-8319-d7b77a00514d,0x800,0x10 )/File(\EFI\UBUNTU\GRUBX64.EFI) Boot0001* UEFI: PXE IP4 Intel(R) Ethernet Connection (2) I219-V PciRoot(0x0)/Pci (0x1f,0x6)/MAC(b42e9987238b,0)/IPv4(0.0.0.00.0.0.0,0,0)..BO Boot0002* UEFI: HTTP IP4 Intel(R) Ethernet Connection (2) I219-V PciRoot( 0x0)/Pci(0x1f,0x6)/MAC(b42e9987238b,0)/IPv4(0.0.0.00.0.0.0,0,0)/Uri()..BO Boot0003* UEFI: HTTP IP6 Intel(R) Ethernet Connection (2) I219-V PciRoot( 0x0)/Pci(0x1f,0x6)/MAC(b42e9987238b,0)/IPv6([::]:<->[::]:,0,0)/Uri()..BO Boot0004* UEFI: PXE IP6 Intel(R) Ethernet Connection (2) I219-V PciRoot(0x0)/Pci(0x1f,0x6)/MAC(b42e9987238b,0)/IPv6([::]:<->[::]:,0,0)..BO Boot0005* UEFI: PXE IP6 Intel(R) Ethernet Connection (2) I219-V PciRoot(0x0)/Pci(0x1f,0x6)/MAC(b42e9987238b,0)/IPv6([::]:<->[::]:,0,0)..BO GRUB_EFI/01-UEFI-Collect_BootOrder OK. = shell: GRUB_EFI/10-setup = ainsl: appending to /target/etc/default/grub: GRUB_DISABLE_OS_PROBER=true Installing for x86_64-efi platform. Installation finished. No error reported. Grub installed on /dev/nvme0n1 = (hostdisk//dev/nvme0n1) Sourcing file `/etc/default/grub' Sourcing file `/etc/default/grub.d/init-select.cfg' Generating grub configuration file ... Found linux image: /boot/vmlinuz-5.15.0-58-generic Found initrd image: /boot/initrd.img-5.15.0-58-generic Memtest86+ needs a 16-bit boot, that is not available on EFI, exiting Warning: os-prober will not be executed to detect other bootable partitions. Systems on them will not be added to the GRUB boot configuration. Check GRUB_DISABLE_OS_PROBER documentation entry. Adding boot menu entry for UEFI Firmware Settings ... done GRUB_EFI/10-setupOK. root@jammysrv:/srv/fai/config# cat scripts/GRUB_EFI/90_UEFI_Adjust_BootOrder_pre #! /bin/bash error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code efibootmgr -v exit $error ---Output = shell: GRUB_EFI/90_UEFI_Adjust_BootOrder_pre = BootCurrent: 0001 Timeout: 1 seconds BootOrder: ,0001,0002,0003,0004,0005 Boot* ubuntu HD(1,GPT,ac900736-afc3-4b46-8bb5-ce1c1b71c9a8,0x800,0x10)/File(\EFI\ubuntu\grubx64.efi) Boot0001* UEFI: PXE IP4 Intel(R) Ethernet Connection (2) I219-V PciRoot(0x0)/Pci(0x1f,0x6)/MAC(b42e9987238b,0)/IPv4(0.0.0.00.0.0.0,0,0)..BO Boot0002* UEFI: HTTP IP4 Intel(R) Ethernet Connection (2) I219-V PciRoot(0x0)/Pci(0x1f,0x6)/MAC(b42e9987238b,0)/IPv4(0.0.0.00.0.0.0,0,0)/Uri()..BO Boot0003* UEFI: HTTP IP6 Intel(R) Ethernet Connection (2) I219-V PciRoot(0x0)/Pci(0x1f,0x6)/MAC(b42e9987238b,0)/IPv6([::]:<->[::]:,0,0)/Uri()..BO Boot0004* UEFI: PXE IP6 Intel(R) Ethernet Connection (2) I219-V PciRoot(0x0)/Pci(0x1f,0x6)/MAC(b42e9987238b,0)/IPv6([::]:<->[::]:,0,0)..BO Boot0005* UEFI: PXE IP6 Intel(R) Ethernet Connection (2) I219-V PciRoot(0x0)/Pci(0x1f,0x6)/MAC(b42e9987238b,0)/IPv6([::]:<->[::]:,0,0)..BO GRUB_EFI/90_UEFI_Adjust_BootOrder_pre OK. root@jammysrv:/srv/fai/config# cat scripts/GRUB_EFI/91_UEFI_Adjust_BootOrder #! /bin/bash error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code # FAI List 19.01.2023, 21:10h (Thomas Lange) #Hi, # #I found this code that move the first boot entry (which is expected to #be the new entry after an installation) to the end of the boot list. #
Re: UEFI boot order, Re: Tip: Remote FAI install
Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die eigentliche Nachricht steht dadurch in einem Anhang. This message was wrapped to be DMARC compliant. The actual message text is therefore in an attachment.--- Begin Message --- Hi Thomas, > I wonder why the second machine has two LAN entries, because it's a > Thinkpad laptop with only one ethernet device. my Tuxedo-Laptop also has two entries: Boot0001* UEFI: PXE IP4 Realtek PCIe GBE Family Controller and Boot0002* UEFI: PXE IP6 Realtek PCIe GBE Family Controller A ThinkPad on my desk also has two entries. From the out put of efibootmgr -v you can't tell the difference. But when you boot, you can choose between IPv4 and IPv6. Ingo Am 19.01.23 um 20:52 schrieb Thomas Lange: Hi for one-time changes in the boot order, you can use efibootmgr --bootnext and set this to the network device. From man efibootmgr: BootNext - the boot entry which is scheduled to be run on next boot. This supercedes BootOrder for one boot only, and is deleted by the boot manager after first use. This allows you to change the next boot behavior without changing BootOrder. But in the end, we want to have a script that changes the boot order. And we must check if an upgrade of the grub package calls grub-install again because that may change the order. First I like to collect the output of efibootmgr. I like to know how different the network boot options are stored in UEFI BIOS. Here are two examples: BootCurrent: BootOrder: ,0001 Boot* debian Boot0001* UEFI: IP4 Intel(R) 82579LM Gigabit Network Connection BootCurrent: 0001 BootOrder: 0001,0002,001D,0017,0018,0019,001A,001C,,001E,001F,0024,001B Boot* Windows Boot Manager Boot0001* debian Boot0002* Linux-Firmware-Updater . . Boot001D* PCI LAN Boot001E Other CD Boot001F Other HDD Boot0020* USBR BOOT CDROM Boot0021* USBR BOOT Floppy Boot0022* ATA HDD Boot0023* ATAPI CD Boot0024* PCI LAN I wonder why the second machine has two LAN entries, because it's a Thinkpad laptop with only one ethernet device. -- Linuxhotel GmbH, Geschäftsführer Dipl.-Ing. Ingo Wichmann HRB 20463 Amtsgericht Essen, UStID DE 814 943 641 Antonienallee 1, 45279 Essen, Tel.: 0201 8536-600, https://www.linuxhotel.de --- End Message ---
Re: UEFI boot order, Re: Tip: Remote FAI install
Hi,
I found this code that move the first boot entry (which is expected to
be the new entry after an installation) to the end of the boot list.
https://community.theforeman.org/t/efi-boot-order-with-centos-7-network-boot-vs-local-boot/10529/2
# the EFI boot manager is only installed on UEFI hosts by Anaconda
if [[ -f /sbin/efibootmgr ]]; then
echo "- Changing EFI boot order to preserve network boot ..."
created_entry=$(efibootmgr | grep "BootOrder" | cut -d " " -f 2 | cut -d
"," -f 1)
others=$(efibootmgr | grep "BootOrder" | cut -d " " -f 2 | cut -d "," -f 2-)
new_order="${others},${created_entry}"
efibootmgr -q -o ${new_order}
fi
--
regards Thomas
Re: UEFI boot order, Re: Tip: Remote FAI install
Oh, you can set an efi boot entry inactive using -A Maybe this helps changing the boot device, without changing the overall boot order. -- regards Thomas
Re: UEFI boot order, Re: Tip: Remote FAI install
Hi for one-time changes in the boot order, you can use efibootmgr --bootnext and set this to the network device. From man efibootmgr: BootNext - the boot entry which is scheduled to be run on next boot. This supercedes BootOrder for one boot only, and is deleted by the boot manager after first use. This allows you to change the next boot behavior without changing BootOrder. But in the end, we want to have a script that changes the boot order. And we must check if an upgrade of the grub package calls grub-install again because that may change the order. First I like to collect the output of efibootmgr. I like to know how different the network boot options are stored in UEFI BIOS. Here are two examples: BootCurrent: BootOrder: ,0001 Boot* debian Boot0001* UEFI: IP4 Intel(R) 82579LM Gigabit Network Connection BootCurrent: 0001 BootOrder: 0001,0002,001D,0017,0018,0019,001A,001C,,001E,001F,0024,001B Boot* Windows Boot Manager Boot0001* debian Boot0002* Linux-Firmware-Updater . . Boot001D* PCI LAN Boot001E Other CD Boot001F Other HDD Boot0020* USBR BOOT CDROM Boot0021* USBR BOOT Floppy Boot0022* ATA HDD Boot0023* ATAPI CD Boot0024* PCI LAN I wonder why the second machine has two LAN entries, because it's a Thinkpad laptop with only one ethernet device. -- regards Thomas
Re: UEFI boot order, Re: Tip: Remote FAI install
Hi all, I'm wondering whether this issue concerning bad/wrong UEFI boot order after a fai installation already was resolved in the meantime (since September, 2021)? https://lists.uni-koeln.de/pipermail/linux-fai/2021-September/012770.html The idea was to e.g. add a few lines in config/scripts/GRUB_EFI/10-setup with efibootmgr commands (possibly before and) after the grub-install commands to correct the changed UEFI boot order. Currently I'm installing new desktops with uninitialized ssds and after the reboot I find the PXE boot option with a lower priority than the installed OS which for my environment is quite inconvenient... Best regards, Andreas -- Dr. Andreas Sindermann fon: +49 (221) 470-4201 Institut fuer Theoretische Physikfax: +49 (221) 470-5159 Universitaet zu Koeln Zuelpicher Str. 77 mailto:sin...@thp.uni-koeln.de D-50937 Koeln, Germany http://www.thp.uni-koeln.de/~sinder
Re: UEFI boot order, Re: Tip: Remote FAI install
Seasons greeting to everyone,
there's something that didn't let me rest since I discovered it.
A while back I had suggested to restore the UEFI BootOrder that was in effect
before GRUB-EFI was installed:
On Fri, 2021-09-17 at 11:24:52 +0200, Thomas Lange wrote:
> > On Fri, 17 Sep 2021 11:06:30 +0200, Steffen Grunewald
> > said:
>
> > That would either involve additions to GRUB_EFI/10-setup itself, or two
> > extra scripts 09-x and 11-x which would have to communicate e.g. via
> > ${LOGDIR}/bootorder ...
> > I can imagine using an extra class, e.g. RESTORE_UEFI_ORDER, to make
> this
> > optional (but I can't see the drawbacks of doing it by default).
>
> Hi Steffen,
>
> I also had this problem with my UEFI machines. Currently I delete the
> first boot entry manually, which is "boot Debian from disk".
When? Not while the system is to be running, and to be rebooted into the
installed system instead of FAI... it would require to move the HD boot
entry more to the end of the BootOrder list instead.
> I was thinking of a small shell script that moves the network boot
> entry in the UEFI BootOrder to the first place, without deleting the
> "boot Debian from disk" entry. I had not time to implement it yet.
That's the important difference to my suggested approach - which has the
pitfall that it requires an active "boot from HD" entry before FAI is run.
For empty disks, this obvioulsy isn't the case (the UEFI BIOS seems to
look for EFI partitions, and if there is none, only PXE and EFI Shell
entries can be found, no matter what is set in the BIOS boot order -
this the old boot order would not be suitable).
> But maybe just restoring the original boot order is also a good
> solution.
It's not, for the reason outlined above - if the system hasn't been EFI
installed before, that is.
I've written a script to change the BootOrder on the system already running
now; this leaves some minimal risk of the system not booting (which would
require a manual pass through BIOS to put PXE on top again), but I'm
planning to add it to scripts/GRUB_EFI.
The (bash) code still needs some cleanup (and perhaps it could be made more
efficient by using Perl and internal variable storage), but the basic idea
is to
- check for availability of UEFI (/sys) and EFI boot manager
- loop over a predefined order of "PXE HD OTHER SHELL" (which, I suppose, would
fit a FAI-ready setup most)
- find lines matching "^Boot[0-9A-F][0-9A-F][0-9A-F][0-9A-F]\*" in
"efibootmgr"
output (only use active entries?)
- extract the four digit hex code, and determine the type from the full string
- output the code if type matches the outer loop item
- pipe through xargs | tr " " "," to get a proper comma-separated list
- use "efibootmgr -o"
Caveat: if for some reason PXE on NIC1 (0007 here) is prioritized over NIC0
(0006)
this order would be reversed! (More pitfalls are imaginable. Not all network
interfaces are identified by their order number, I've seen MAC addresses
only...)
Also a fixed BootOrder (defined as an environment variable, or via a file) does
NOT work! Different (but same-type, same-batch) machines, for unknown reasons,
may present different initial numbers for the UEFI entries!
> I hope we get more feedback on what should be the default behaviour
> in FAI.
If there was a way to stop GRUB from modifying the BootOrder we might know
whether
that actually would be sufficient (if the BIOS order would be kept as-is).
Best,
Steffen
--
Steffen Grunewald, Cluster Administrator
Max Planck Institute for Gravitational Physics (Albert Einstein Institute)
Am Mühlenberg 1 * D-14476 Potsdam-Golm * Germany
~~~
Fon: +49-331-567 7274
Mail: steffen.grunewald(at)aei.mpg.de
~~~
UEFI boot order, Re: Tip: Remote FAI install
> On Fri, 17 Sep 2021 11:06:30 +0200, Steffen Grunewald
> said:
> That would either involve additions to GRUB_EFI/10-setup itself, or two
> extra scripts 09-x and 11-x which would have to communicate e.g. via
> ${LOGDIR}/bootorder ...
> I can imagine using an extra class, e.g. RESTORE_UEFI_ORDER, to make this
> optional (but I can't see the drawbacks of doing it by default).
Hi Steffen,
I also had this problem with my UEFI machines. Currently I delete the
first boot entry manually, which is "boot Debian from disk".
> Thomas, does this make sense?
Totally.
I was thinking of a small shell script that moves the network boot
entry in the UEFI BootOrder to the first place, without deleting the
"boot Debian from disk" entry. I had not time to implement it yet.
But maybe just restoring the original boot order is also a good
solution.
I hope we get more feedback on what should be the default behaviour
in FAI.
--
beste regards Thomas
UEFI boot order, Re: Tip: Remote FAI install
On Mon, 2021-02-08 at 12:31:22 -0600, John G Heim wrote:
> In these days when so many of us are working from home, I thought I'd give a
> tip I discovered today on how to trigger an FAI install remotely.
>
> For years I've been triggering an FAI install remotely by wiping the hard
> drive and hoping PXE boot was somewhere in the boot sequence. That had the
> drawback of making the machine unbootable if anything went wrong. But on a
> machine with a EUFI, you can tell it to reorder the boot sequence for the
> next reboot.
>
> 1. Display a list of the boot devices with the efibootmgr command:
>
> # efibootmgr -v
>
> Take not of the hex number assigned to your network interface. On my
> desktop, the disk is device 0 and the NIC is F.
>
> 2. Change the boot sequence for the next boot:
>
> # efibootmgr -o F,0
>
> This tells the EUFI to boot from the NIC first, and if that fails, to boot
> from the hard disk. The sequence should return to the previous sequence
> after one reboot.
>
> 3. Reboot.
>
> If you have FAI configured to reboot the target machine when it is finished,
> you should be able to ssh back into a fully loaded Linux machine once the
> install is done.
Good morning fellow FAIers.
First, thanks John for your instructions.
I found that the devil is in the details, and the overall approach might be
wrong... Let me explain.
I received a couple new machines yesterday, and - of course - BOOT mode was
set to UEFI (with LEGACY still available - if you can get your hands on the
BIOS settings, that is).
After some tweaking of my rather old package lists (which still had "grub2"
in them in several places... conflicting with "grub-efi" nowadays), I was
able to install one of the machines - once.
It turned out that the boot order was modified by the grub setup step,
putting the HD ("debian") entry on top of the network interfaces (1-4 for me,
BTW).
This would disable any subsequent installation, in particular from power-off
state, which is somewhat counterintuitive if you've been used to the LEGACY
order for a long time that would not change, so you'd have Network first,
and HD further down the list - non-existence of a matching TFTP entry (after
having run fai-chboot) would just boot the installed system, but if there
was a fresh entry I would get a FAI run.
Not so for UEFI: with the boot order changed, I would have to re-change it
to get another network boot, either by running "efibootmgr" as above (which
requires a running machine) or by hand (which requires direct access to the
machine to change the BIOS setting). That's not exactly FAI style...
There is a way out though.
*IF* one takes the BootOrder line from "efibootmgr" output *BEFORE* running
the grub installer, and restores it *AFTER*, boot order would be the same
as before (= as once set in the BIOS, usually network first). Problem gone.
That would either involve additions to GRUB_EFI/10-setup itself, or two
extra scripts 09-x and 11-x which would have to communicate e.g. via
${LOGDIR}/bootorder ...
I can imagine using an extra class, e.g. RESTORE_UEFI_ORDER, to make this
optional (but I can't see the drawbacks of doing it by default).
Thomas, does this make sense?
Cheers, Steffen
--
Steffen Grunewald, Cluster Administrator
Max Planck Institute for Gravitational Physics (Albert Einstein Institute)
Am Mühlenberg 1 * D-14476 Potsdam-Golm * Germany
~~~
Fon: +49-331-567 7274
Mail: steffen.grunewald(at)aei.mpg.de
~~~
