fix(bootloader): run efibootmgr on host for universal chroot compatibility

The previous approach ran efibootmgr inside the chroot, which only works with arch-chroot (auto-mounts efivars) but fails silently with systemd-nspawn or plain chroot. Move EFI boot entry creation to the host where efivars is always available. Also fixes wrong EFI loader path (\efi\EFI\... -> \EFI\...) and uses the correct vendor label (e.g. "redhat" instead of raw os variable). For non-RHEL distros, grub-install now uses --no-nvram to avoid redundant NVRAM writes; the host efibootmgr handles entry creation for all distros uniformly with idempotent pre-check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 03:36:20 +01:00
parent eeb580f180
commit cfc261878a
1 changed files with 32 additions and 21 deletions
--- a/roles/configuration/tasks/bootloader.yml
+++ b/roles/configuration/tasks/bootloader.yml
@@ -1,27 +1,40 @@
 ---
 - name: Configure Bootloader
+  vars:
+    _efi_vendor: >-
+      {{
+        "redhat" if os == "rhel"
+        else ("ubuntu" if os in ["ubuntu", "ubuntu-lts"] else os)
+      }}
+    _efi_loader: >-
+      {{ "shimx64.efi" if is_rhel | bool else "grubx64.efi" }}
  block:
-    - name: Install Bootloader
-      vars:
-        configuration_use_efibootmgr: "{{ is_rhel | bool }}"
-        configuration_efi_dir: "{{ partitioning_efi_mountpoint }}"
-        configuration_bootloader_id: >-
-          {{ "ubuntu" if os in ["ubuntu", "ubuntu-lts"] else os }}
-        configuration_efi_vendor: >-
-          {{ "redhat" if os == "rhel" else os }}
-        configuration_efibootmgr_cmd: >-
-          /usr/sbin/efibootmgr -c -L '{{ os }}' -d "{{ install_drive }}" -p 1
-          -l '\efi\EFI\{{ configuration_efi_vendor }}\shimx64.efi'
-        configuration_grub_cmd: >-
-          /usr/sbin/grub-install --target=x86_64-efi
-          --efi-directory={{ configuration_efi_dir }}
-          --bootloader-id={{ configuration_bootloader_id }}
-        configuration_bootloader_cmd: >-
-          {{ configuration_efibootmgr_cmd if configuration_use_efibootmgr else configuration_grub_cmd }}
-      ansible.builtin.command: "{{ chroot_command }} {{ configuration_bootloader_cmd }}"
+    - name: Install GRUB EFI binary
+      when: not (is_rhel | bool)
+      ansible.builtin.command: >-
+        {{ chroot_command }} /usr/sbin/grub-install --target=x86_64-efi
+        --efi-directory={{ partitioning_efi_mountpoint }}
+        --bootloader-id={{ _efi_vendor }}
+        --no-nvram
      register: configuration_bootloader_result
      changed_when: configuration_bootloader_result.rc == 0

+    - name: Check existing EFI boot entries
+      ansible.builtin.command: efibootmgr
+      register: _efi_entries
+      changed_when: false
+
+    - name: Ensure EFI boot entry exists
+      when: ('* ' + _efi_vendor) not in _efi_entries.stdout
+      ansible.builtin.command: >-
+        efibootmgr -c
+        -L '{{ _efi_vendor }}'
+        -d '{{ install_drive }}'
+        -p 1
+        -l '\EFI\{{ _efi_vendor }}\{{ _efi_loader }}'
+      register: _efi_entry_result
+      changed_when: _efi_entry_result.rc == 0
+
    - name: Ensure lvm2 for non btrfs filesystems
      when: os == "archlinux" and system_cfg.filesystem != "btrfs"
      ansible.builtin.lineinfile:
@@ -50,13 +63,11 @@

    - name: Generate grub config
      vars:
-        configuration_efi_vendor: >-
-          {{ "redhat" if os == "rhel" else os }}
        configuration_grub_cfg_cmd: >-
          {{
            '/usr/sbin/grub2-mkconfig -o '
            + partitioning_efi_mountpoint
-            + '/EFI/' + configuration_efi_vendor + '/grub.cfg'
+            + '/EFI/' + _efi_vendor + '/grub.cfg'
            if is_rhel | bool
            else '/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg'
          }}