Skip to content

DLPX-95335 delphix-sb-enroll.service fails on OCI VMs #547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 8, 2025
Merged

DLPX-95335 delphix-sb-enroll.service fails on OCI VMs #547

merged 1 commit into from
Sep 8, 2025

Conversation

tonynguien
Copy link
Contributor

@tonynguien tonynguien commented Sep 3, 2025
edited
Loading

Problem

On OCI VMs, the service fails to start

delphix@tonyn-oci-1-nic-1:~$ systemctl status delphix-sb-enroll
× delphix-sb-enroll.service - Enroll Secure Boot variables (PK/KEK/db) from .auth files
     Loaded: loaded (/usr/lib/systemd/system/delphix-sb-enroll.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Thu 2025-09-04 15:11:07 UTC; 1min 47s ago
       Docs: man:efi-updatevar(1)
   Main PID: 527 (code=exited, status=1/FAILURE)
        CPU: 16ms

It turned out the OCI VMs don’t have the SecureBoot efivar, likely because secure boot is explicitly disabled.

delphix@tonyn-oci-1-nic-1:~$ sudo journalctl -u delphix-sb-enroll.service
Sep 04 15:11:07 tonyn-oci-1-nic-1 sb-enroll-efivars.sh[533]: od: '/sys/firmware/efi/efivars/SecureBoot-*': No such file or directory
Sep 04 15:11:07 tonyn-oci-1-nic-1 systemd[1]: Starting delphix-sb-enroll.service - Enroll Secure Boot variables (PK/KEK/db) from .auth files...
Sep 04 15:11:07 tonyn-oci-1-nic-1 systemd[1]: delphix-sb-enroll.service: Main process exited, code=exited, status=1/FAILURE
Sep 04 15:11:07 tonyn-oci-1-nic-1 systemd[1]: delphix-sb-enroll.service: Failed with result 'exit-code'.
Sep 04 15:11:07 tonyn-oci-1-nic-1 systemd[1]: Failed to start delphix-sb-enroll.service - Enroll Secure Boot variables (PK/KEK/db) from .auth files.

delphix@tonyn-oci-1-nic-1:~$ ls /sys/firmware/efi/efivars/SecureBoot-*
ls: cannot access '/sys/firmware/efi/efivars/SecureBoot-*': No such file or directory

Solution

A simple fix would be to move the check for AWS platform to earlier since secure boot is only supported on AWS at the moment. This way we wouldn’t even look for SecureBoot efivar for non-AWS systems.

Testing Done

Confirmed delphix-sb-enroll.service no longer fails on all platforms.

Successful appliance builds:
OCI - https://selfservice-jenkins.eng-tools-prd.aws.delphixcloud.com/job/appliance-build-orchestrator-pre-push/12072/console
ESX, AWS, Azure, GCP - https://selfservice-jenkins.eng-tools-prd.aws.delphixcloud.com/job/appliance-build-orchestrator-pre-push/12080/console

@tonynguien tonynguien force-pushed the dlpx/pr/tonynguien/54960d8a-6eb7-44c3-bb8a-8d0e2071f46f branch from eb9316e to ff8a3df Compare September 3, 2025 17:34
@tonynguien tonynguien force-pushed the dlpx/pr/tonynguien/54960d8a-6eb7-44c3-bb8a-8d0e2071f46f branch from ff8a3df to 47d6786 Compare September 4, 2025 15:23
@tonynguien tonynguien changed the title Check cloud first DLPX-95335 delphix-sb-enroll.service fails on OCI VMs Sep 4, 2025
@tonynguien tonynguien marked this pull request as ready for review September 4, 2025 15:28
@tonynguien tonynguien merged commit 8e8627c into develop Sep 8, 2025
23 of 24 checks passed
@tonynguien tonynguien deleted the dlpx/pr/tonynguien/54960d8a-6eb7-44c3-bb8a-8d0e2071f46f branch September 8, 2025 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sebroy sebroy sebroy approved these changes

@david-mendez1 david-mendez1 david-mendez1 approved these changes

@nealquigley nealquigley nealquigley approved these changes

@prakashsurya prakashsurya Awaiting requested review from prakashsurya

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tonynguien @sebroy @david-mendez1 @nealquigley