I know very little about debian-installer, but here's a guess based on what I found in the puppet repo:

% git grep grub-installer/bootdev
modules/install_server/files/autoinstall/common.cfg:d-i grub-installer/bootdev  string  /dev/sda
modules/install_server/files/autoinstall/partman/ms-be-legacy.cfg:d-i   grub-installer/bootdev  string  /dev/sdm /dev/sdn
modules/install_server/files/autoinstall/partman/ms-be.cfg:d-i  grub-installer/bootdev  string  /dev/sda /dev/sdb
modules/install_server/files/autoinstall/virtual.cfg:d-i    grub-installer/bootdev  string default

The particular config used on thumbor2002 was raid1-lvm-ext4-srv.cfg, which -- although it sets up RAID1 between sda and sdb -- does not override the grub-installer/bootdev param from common.cfg.

Assumption 1: the partman-auto-raid directive exactly correlates with our use of Linux software RAID in production.
Assumption 2: in order to have a working grub install on each mirror, software RAID1/10 configs must override grub-installer/bootdev to list all the relevant disks.

If both of those are true, we have a lot of configs to update (35!). Only ms-be and ms-be-legacy seem to set grub-installer/bootdev.

Please note this is related to T156955.

Change 490404 had a related patch set uploaded (by CDanis; owner: CDanis):
[operations/puppet@production] partman: grub-install on all RAID{1,10} drives

https://gerrit.wikimedia.org/r/490404

@Joe made me aware of the existence of partman configs present on install1002 that are not in Puppet.

The good news is that almost all such files are either editor backup files (ending in ~ or .bak), or files once in Puppet but since deleted from git:

cdanis@cdanis ~/gits/puppet/modules/install_server/files/autoinstall/partman % comm -1 -3 \
  <(cat <(ls *.cfg) \
        <(git log --no-renames --diff-filter=D --summary -- . :/modules/install-server/files/autoinstall/partman :files/autoinstall/partman \
          | grep ' *delete mode ' | cut -d/ -f6) \
    | sort | uniq) \
  <(ssh install1002.wikimedia.org ls '/srv/autoinstall/partman/*.cfg' | cut -d/ -f5)

labvirt-ssd-sdb.cfg

That file dates from Oct 2015. The only meaningful diffs between it and labvirt-ssd.cfg is using sdb instead of sda for /. There are 0 labvirt/cloudvirt machines in the fleet for which this looks required:

cdanis@cumin1001.eqiad.wmnet ~ % sudo cumin -p95 'cloudvirt*,labvirt*' "df /boot | tail -n1 | cut -f1 -d' '"
36 hosts will be targeted:
cloudvirt[2001-2003]-dev.codfw.wmnet,cloudvirt[1009,1012-1030].eqiad.wmnet,cloudvirtan[1001-1005].eqiad.wmnet,labvirt[1001-1008].eqiad.wmnet
Confirm to continue [y/n]? y
===== NODE GROUP =====                                                                                                                                                 
(32) cloudvirt[1009,1012-1019,1021-1030].eqiad.wmnet,cloudvirtan[1001-1005].eqiad.wmnet,labvirt[1001-1008].eqiad.wmnet
----- OUTPUT of 'df /boot | tail -n1 | cut -f1 -d' '' -----
/dev/sda1
===== NODE GROUP =====                                                                                                                                                 
(3) cloudvirt[2001-2003]-dev.codfw.wmnet                                                                                                                               
----- OUTPUT of 'df /boot | tail -n1 | cut -f1 -d' '' -----
/dev/md0

(cloudvirt1020 skipped as it currently needs a reimage but should also use sda)

So, all of these files seem to be now-unnecessary cruft.

I am pretty sure we should be setting purge => true on the /srv/autoinstall File object installed by preseed_server.pp.

Change 491756 had a related patch set uploaded (by CDanis; owner: CDanis):
[operations/puppet@production] install_server: purge old files from /srv/autoinstall

https://gerrit.wikimedia.org/r/491756

Change 491756 merged by CDanis:
[operations/puppet@production] install_server: purge old files from /srv/autoinstall

https://gerrit.wikimedia.org/r/491756

Change 490404 merged by CDanis:
[operations/puppet@production] partman: grub-install on all RAID{1,10} drives

https://gerrit.wikimedia.org/r/490404

Buster failed to install on my md install for 2552d12fe15ec1 with "grub install sda sdb failed, cannot install on sda". I cannot be sure it is that change because buster, and because there is weird hybrid software raid + hw raid going on, and it could be a question of using the wrong recipe because of the extra disk, but FYI.

In T215183#5496348, @jcrespo wrote:

Buster failed to install on my md install for 2552d12fe15ec1 with "grub install sda sdb failed, cannot install on sda". I cannot be sure it is that change because buster, and because there is weird hybrid software raid + hw raid going on, and it could be a question of using the wrong recipe because of the extra disk, but FYI.

Jaime, if you have a spare host in this hardware configuration, I could try reimaging and gathering logs.

An update: as of now, 20.8% of the fleet (or 30% of hosts with software RAID enabled) have redundant bootloaders. This is just from fixing the partman configs and waiting for reimages to happen 'naturally'. That's about all the work I'm going to do on this for the time being; I figure improvements will continue as services need to move to Buster.

Jaime, if you have a spare host in this hardware configuration, I could try reimaging and gathering logs.

@CDanis I was able to install it in the end, it was a conflict with other drive (hw RAID, in addition to the sw one) what caused issues, not the recipe. Sorry for the misreporting.

In T215183#5575143, @CDanis wrote:

An update: as of now, 20.8% of the fleet (or 30% of hosts with software RAID enabled) have redundant bootloaders. This is just from fixing the partman configs and waiting for reimages to happen 'naturally'. That's about all the work I'm going to do on this for the time being; I figure improvements will continue as services need to move to Buster.

Current stats as of April 27:

• 1405 physical machines
• 1 machine broken (mw1280)
• 357/1405 (~25%) don't use software RAID, so are out of scope
• 711 machines use software RAID, and have bootloaders on all their drive replicas (51% of fleet, 68% of SW RAID machines)
• 336 machines use software RAID, but don't have properly replicated bootloaders (24% of fleet, 32% of SW RAID machines)

Here's a list of the bad machines:

Going to continue to let this linger; natural reimaging activity is solving the problem well.

@CDanis backup2002 was recently installed into buster (apparently, wrongly), but it already contains data. Would a simple:

grub-install /dev/sdb

(I am assuming sda already has it) fix the issue?

In T215183#6087811, @jcrespo wrote:

@CDanis backup2002 was recently installed into buster (apparently, wrongly), but it already contains data. Would a simple:

grub-install /dev/sdb

(I am assuming sda already has it) fix the issue?

That ought to take care of it, yeah. I confirm it is sdb that is missing grub.

I'm not sure how backup2002 wound up in that state -- AFAIK the partman files should have been fixed since Buster was available, and I see that you reimaged on Apr 15... so it's strange that it happened.

In T215183#6089160, @CDanis wrote:

I'm not sure how backup2002 wound up in that state -- AFAIK the partman files should have been fixed since Buster was available, and I see that you reimaged on Apr 15... so it's strange that it happened.

backup* hosts don't use the new standard partman recipes :-)

Ah, I see, no-srv-format.cfg doesn't set up any SW RAID at all, which means debian-installer of course won't know to install grub on both disks. I'm guessing you set up the RAID for / manually? So then this state is expected.

no-srv-format.cfg is the (wrong) recipe we use for forcing a failure so stateful services don't get accidentally reimaged (as it happened once) :-D.

Backup hosts use normally custom/backup-format.cfg when setup for the first time. This is custom because it sets up both a sw RAID and a hw RAID in the same host.

It is true, however, that I installed this one manually as we had an unrelated issue on install (not related to partman, but to dhcp server reimage).

Ah okay. It does look like backup-format.cfg contains the necessary incantations for replicated GRUB.

I've corrected manually backup2002, db1115, db2093 and will ask Manuel about the proxies, some of those are just being decommissioned or will be reimaged soon. Arguably we will not have lots of servers affected because most of ours use hw raid with a single virtual sda, not md.

Thanks for the help!

Hello people, I found this task after dealing with /dev/sda failed in a raid1 array. I thought that I had to do grub-install on /dev/sdb via d-i rescue, but then I noticed that the partman recipe was already fixed and the host was reimaged recently, so I checked in the BIOS. There is an option called Hard disk failover, that it was set to Disabled, preventing the host to try another disk if the first one listed is missing. After setting it to enabled I was able to boot correctly (before that the host went directly to PXE every time). I am writing this in here to warn other people that might get into my position in the future :D

Is there a way to audit this option and see how many hosts have it set disabled? After all this work it seems something that we'd want to keep enabled..

Is there a way to audit this option and see how many hosts have it set disabled? After all this work it seems something that we'd want to keep enabled..

If there is a way to get/set the parameter via ipmitool we could add it to spicerack and create a cookbook. however from a quick scan of ipmitool i couldn't see a way to get this information

I agree we should audit it. I think that with redfish API it should be doable, adding @crusnov as they've worked on it last Q.

In T215183#6719053, @Volans wrote:

I agree we should audit it. I think that with redfish API it should be doable, adding @crusnov as they've worked on it last Q.

Indeed. I don't know if there's a direct Redfish end point for it, but that setting does show up in the Server Configuration Profile, for example:

{ "Name": "HddFailover",
  "Value": "Disabled",
  "Set On Import": "True",
  "Comment": "Read and Write" },

This quarter I'll be working on Spicerack support for manipulating these settings, but in the mean time I have some little tools that can manipulate them if needed.

For context, the Server Configuration Profile is a Dell specific interface to setting BIOS settings across the available BIOSen in a particular box. It can be manipulated via Redfish or via other interfaces.