UEFI Recovery for Oracle Linux 7

by Ramses Soto-Navarro ramses@sotosystems.com, 7/26/2022

Overview
Create KVM Guest
Start SSH
Partition for UEFI
Format Partitions
Mount and Chroot
Reinstall UEFI Grub2
Initialize UEFI GRUB2
Rebuild the Boot Ramdisk
Last Tasks


Overview

Brief notes on P2V physical to virtual and back, Oracle Linux 7 migration, with UEFI secure boot included; useful for rescue or recovery of physical Linux servers that require UEFI. Here we migrate a physical Linux server to a virtual guest under Linux KVM. The same can be done with Linux version 8. The audience is experienced Linux administrators.

Create KVM Guest

  • While creating the KVM guest under virt-manager, select: Overview, Firmware, UEFI x86_64 /usr/share/OVMF/OVMF_CODE_4M.ms.fd
  • Boot with the installation ISO, and select to exit into a Recovery Console.

    Start SSH

  • Configure networking manually.
  • Start the rescue SSHD for remote console.
    # ifconfig eth0 172.30.0.79 netmask 255.255.255.0
    # route add default gw 172.30.0.1
    # vi > /etc/resolv.conf
    nameserver 172.30.0.75
    search example.com
    
    # cd /etc/ssh
    # mv sshd_config.anaconda sshd_config
    # ssh-keygen -f ssh_host_rsa_key -t rsa -N ""
    # /usr/sbin/sshd
    # ps aux | grep ssh
    

    Partition for UEFI

    Create the UEFI partition, the boot partition, and the logical volumes.

  • Create disk type gpt: fdisk, g, p, n, 1, <>, +100M, p, t, 1
  • Create the boot partitions below: n, 2, <>, +512M, p, t, 11
  • Create PVM and LVM’s for the rest: gpt type 31
    # fdisk /dev/vda
    
    /dev/sda1	100MB	EFI System
    /dev/sda2	512MB	Microsoft basic		/boot
    /dev/sda3	*	Linux LVM		/, swap
    
    # parted /dev/vda
    p
    set 1 boot off
    p
    q
    
    # parted -l /dev/vda
    

    Format Partitions

  • Format UEFI as vfat 16: mkfs.vfat /dev/vda1
  • Format /boot: mkfs.ext2 /dev/vda2
  • Format LVM volumes: pvcreate /dev/vda3 vg1, lvcreate -L 2G -n lvswap vg1, lvcreate -l +100%FREE -n lvroot vg1
  • Rsync OS directories remotely via ssh: rsync -auv -e ssh root@remotehost:/tmp/backup/ .
  • Create pseudo root directories: mnt srv dev media proc run sys
  • Verify /tmp/ has sticky bit set to 1777 (drwxrwxrwxt).

    Mount and Chroot

    Mount all partitions to be rescued; mount the psecudo partitions; mount the UEFI partition as a bind; and then chroot.

    # vgscan && vgchange -ay
    # mkdir -p /mnt/{root,efi}
    # mount /dev/vda1 /mnt/efi
    # mount /dev/vg1/lvroot /mnt/root
    # mount /dev/vda2 /mnt/root/boot
    # cd /mnt/root
    vfor a in dev proc sys pts ; do mount -o bind /$a $a ; done
    # mount -o bind /mnt/efi /mnt/root/boot/efi
    # chroot . /bin/bash
    

    Add the boot UUID’s to fstab and edit the automounts. Temporarily disable any mounts not needed.

    # blkid | grep vda1 >> etc/fstab
    # vi etc/fstab
    

    Reinstall UEFI Grub2

    Reinstall UEFI utilities and shim files.

    # yum reinstall grub2-efi shim
    

    Shim files should be restored in the new subdirectory:

    # ls /boot/efi/efi/EFI/redhat
    

    Initialize UEFI GRUB2

    Install GRUB on the disk; recreate the GRUB configuration; verify newly created files by date.

    # grub2-install --target=x86_64-efi /dev/vda
    # grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    # ls -lhtr /boot/efi/EFI/redhat/grub.cfg
    

    Rebuild the Boot Ramdisk

    Backup the old initial memory disk then rebuilt it.

    # KERN=4.14.35-1902.3.2.eluek.x86_64
    # cd /boot
    # dracut -f -v initrd-new.img $KERN
    # mv initramfs-$KERN.img initramfs-$KERN.bak
    # mv initrd-new.img initramfs-$KERN.img
    # reboot
    

    Last Tasks

  • Reboot and disable services not needed.
  • Configure networking properly.
  • Restore any disk mounts.
  • Take a slow motion video to detect any console errors.
  • Review the kernel logs and system logs.
  • Take a before and after comparative sar report after one week.

    The End.