Boot an uefi volume that migrated from VMware ESXI
Hi, list, I migrated a volume from VMware ESXI VMDK, and originally on VMware platform it's EFI boot mode and secure boot enabled. I cloned the entire VMDK by clonzilla and restored on OpenStack as a volume. I referred to this link https://docs.openstack.org/nova/latest/admin/secure-boot.html and uploaded that volume as an image. Then set properties. Finally, I launched an instance with a target image, however, it cannot boot up with a blank and dark screen. What's the right way to implement this? Thanks.
I also set hw_machine_type=q35 and hw_machine_type=pc. Neither works. Converting a volume to an image takes too much space and time because it's so large. Any alternative? On Fri, May 10, 2024 at 1:25 PM luckydog xf <luckydogxf@gmail.com> wrote:
Hi, list,
I migrated a volume from VMware ESXI VMDK, and originally on VMware platform it's EFI boot mode and secure boot enabled.
I cloned the entire VMDK by clonzilla and restored on OpenStack as a volume.
I referred to this link https://docs.openstack.org/nova/latest/admin/secure-boot.html and uploaded that volume as an image. Then set properties.
Finally, I launched an instance with a target image, however, it cannot boot up with a blank and dark screen.
What's the right way to implement this?
Thanks.
<os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> Here is the output from `virsh dumpxml XX`. As we can see uefi is properly setup. But it seems a device is required. On Fri, May 10, 2024 at 1:28 PM luckydog xf <luckydogxf@gmail.com> wrote:
I also set hw_machine_type=q35 and hw_machine_type=pc. Neither works.
Converting a volume to an image takes too much space and time because it's so large.
Any alternative?
On Fri, May 10, 2024 at 1:25 PM luckydog xf <luckydogxf@gmail.com> wrote:
Hi, list,
I migrated a volume from VMware ESXI VMDK, and originally on VMware platform it's EFI boot mode and secure boot enabled.
I cloned the entire VMDK by clonzilla and restored on OpenStack as a volume.
I referred to this link https://docs.openstack.org/nova/latest/admin/secure-boot.html and uploaded that volume as an image. Then set properties.
Finally, I launched an instance with a target image, however, it cannot boot up with a blank and dark screen.
What's the right way to implement this?
Thanks.
you need to modify the image properties on the boot volume to set hw_firmware_type=uefi preferably with hw_machine_type=q35 you can do this with "openstack volume set --image-property <key=value> ..." also in relation to your other therad you can also set the disk bus on the volume this way too by setting hw_disk_bus=sata instead of using ide ide would also work but its much much much slower. On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote:
<os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> Here is the output from `virsh dumpxml XX`. As we can see uefi is properly setup. But it seems a device is required.
On Fri, May 10, 2024 at 1:28 PM luckydog xf <luckydogxf@gmail.com> wrote:
I also set hw_machine_type=q35 and hw_machine_type=pc. Neither works.
Converting a volume to an image takes too much space and time because it's so large.
Any alternative?
On Fri, May 10, 2024 at 1:25 PM luckydog xf <luckydogxf@gmail.com> wrote:
Hi, list,
I migrated a volume from VMware ESXI VMDK, and originally on VMware platform it's EFI boot mode and secure boot enabled.
I cloned the entire VMDK by clonzilla and restored on OpenStack as a volume.
I referred to this link https://docs.openstack.org/nova/latest/admin/secure-boot.html and uploaded that volume as an image. Then set properties.
Finally, I launched an instance with a target image, however, it cannot boot up with a blank and dark screen.
What's the right way to implement this?
Thanks.
I uploaded volumes to images,and setup uefi properties accordingly like below. openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx-image Boot an instance from that image, however, it doesn't work. Below is part of XML definition of an instance. --- <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> --- My compute nodes are ubuntu 20.04 and ovmf was installed. --- On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote:
you need to modify the image properties on the boot volume to set hw_firmware_type=uefi
preferably with hw_machine_type=q35
you can do this with "openstack volume set --image-property <key=value> ..."
also in relation to your other therad you can also set the disk bus on the volume this way too by setting hw_disk_bus=sata instead of using ide
ide would also work but its much much much slower.
On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote:
<os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram
template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/> </os> Here is the output from `virsh dumpxml XX`. As we can see uefi is
properly
setup. But it seems a device is required.
On Fri, May 10, 2024 at 1:28 PM luckydog xf <luckydogxf@gmail.com> wrote:
I also set hw_machine_type=q35 and hw_machine_type=pc. Neither works.
Converting a volume to an image takes too much space and time because it's so large.
Any alternative?
On Fri, May 10, 2024 at 1:25 PM luckydog xf <luckydogxf@gmail.com> wrote:
Hi, list,
I migrated a volume from VMware ESXI VMDK, and originally on VMware platform it's EFI boot mode and secure boot enabled.
I cloned the entire VMDK by clonzilla and restored on OpenStack as a volume.
I referred to this link https://docs.openstack.org/nova/latest/admin/secure-boot.html and uploaded that volume as an image. Then set properties.
Finally, I launched an instance with a target image, however, it cannot boot up with a blank and dark screen.
What's the right way to implement this?
Thanks.
I installed a VM on KVM manually. This VM is okay to boot from UEFI. Here is part of XML. --- ubuntu@freeradius:~$ virsh dumpxml ubuntu20.04 <domain type='kvm'> <name>ubuntu20.04</name> <uuid>99660c76-953d-4b68-9f29-f1471da8d659</uuid> <metadata> <libosinfo:libosinfo xmlns:libosinfo=" http://libosinfo.org/xmlns/libvirt/domain/1.0"> <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/> </libosinfo:libosinfo> </metadata> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <vcpu placement='static'>2</vcpu> <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> --- VM controller is virtio. I uploaded VM qcow2 as an OpenStack image, and set properties like --- openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx --- Then I launched an instance with this image. It cannot be started up. XML of this instance is ... <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> The difference is /usr/share/OVMF/OVMF_CODE.secboot.fd VS /usr/share/OVMF/OVMF_CODE_4M.secboot.fd. These two files have different md5 checksums. By the way, ovmf package is the same version. On Sat, May 11, 2024 at 1:43 PM luckydog xf <luckydogxf@gmail.com> wrote:
I uploaded volumes to images,and setup uefi properties accordingly like below. openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx-image
Boot an instance from that image, however, it doesn't work. Below is part of XML definition of an instance. --- <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> ---
My compute nodes are ubuntu 20.04 and ovmf was installed. ---
On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote:
you need to modify the image properties on the boot volume to set hw_firmware_type=uefi
preferably with hw_machine_type=q35
you can do this with "openstack volume set --image-property <key=value> ..."
also in relation to your other therad you can also set the disk bus on the volume this way too by setting hw_disk_bus=sata instead of using ide
ide would also work but its much much much slower.
On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote:
<os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram
template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/> </os> Here is the output from `virsh dumpxml XX`. As we can see uefi is
properly
setup. But it seems a device is required.
On Fri, May 10, 2024 at 1:28 PM luckydog xf <luckydogxf@gmail.com> wrote:
I also set hw_machine_type=q35 and hw_machine_type=pc. Neither works.
Converting a volume to an image takes too much space and time because it's so large.
Any alternative?
On Fri, May 10, 2024 at 1:25 PM luckydog xf <luckydogxf@gmail.com> wrote:
Hi, list,
I migrated a volume from VMware ESXI VMDK, and originally on VMware platform it's EFI boot mode and secure boot enabled.
I cloned the entire VMDK by clonzilla and restored on OpenStack as a volume.
I referred to this link https://docs.openstack.org/nova/latest/admin/secure-boot.html and uploaded that volume as an image. Then set properties.
Finally, I launched an instance with a target image, however, it cannot boot up with a blank and dark screen.
What's the right way to implement this?
Thanks.
set hw_machine_type=q35 would generate a machine= 'pc-q35-4.2'. But it makes no difference. On Sat, May 11, 2024 at 1:49 PM luckydog xf <luckydogxf@gmail.com> wrote:
I installed a VM on KVM manually. This VM is okay to boot from UEFI.
Here is part of XML. --- ubuntu@freeradius:~$ virsh dumpxml ubuntu20.04 <domain type='kvm'> <name>ubuntu20.04</name> <uuid>99660c76-953d-4b68-9f29-f1471da8d659</uuid> <metadata> <libosinfo:libosinfo xmlns:libosinfo=" http://libosinfo.org/xmlns/libvirt/domain/1.0"> <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/> </libosinfo:libosinfo> </metadata> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <vcpu placement='static'>2</vcpu> <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> --- VM controller is virtio. I uploaded VM qcow2 as an OpenStack image, and set properties like --- openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx --- Then I launched an instance with this image. It cannot be started up.
XML of this instance is ...
<os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/>
The difference is /usr/share/OVMF/OVMF_CODE.secboot.fd VS /usr/share/OVMF/OVMF_CODE_4M.secboot.fd. These two files have different md5 checksums.
By the way, ovmf package is the same version.
On Sat, May 11, 2024 at 1:43 PM luckydog xf <luckydogxf@gmail.com> wrote:
I uploaded volumes to images,and setup uefi properties accordingly like below. openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx-image
Boot an instance from that image, however, it doesn't work. Below is part of XML definition of an instance. --- <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> ---
My compute nodes are ubuntu 20.04 and ovmf was installed. ---
On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote:
you need to modify the image properties on the boot volume to set hw_firmware_type=uefi
preferably with hw_machine_type=q35
you can do this with "openstack volume set --image-property <key=value> ..."
also in relation to your other therad you can also set the disk bus on the volume this way too by setting hw_disk_bus=sata instead of using ide
ide would also work but its much much much slower.
On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote:
<os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram
template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/> </os> Here is the output from `virsh dumpxml XX`. As we can see uefi is
properly
setup. But it seems a device is required.
On Fri, May 10, 2024 at 1:28 PM luckydog xf <luckydogxf@gmail.com> wrote:
I also set hw_machine_type=q35 and hw_machine_type=pc. Neither works.
Converting a volume to an image takes too much space and time because it's so large.
Any alternative?
On Fri, May 10, 2024 at 1:25 PM luckydog xf <luckydogxf@gmail.com> wrote:
Hi, list,
I migrated a volume from VMware ESXI VMDK, and originally on VMware platform it's EFI boot mode and secure boot enabled.
I cloned the entire VMDK by clonzilla and restored on OpenStack as a volume.
I referred to this link https://docs.openstack.org/nova/latest/admin/secure-boot.html and uploaded that volume as an image. Then set properties.
Finally, I launched an instance with a target image, however, it cannot boot up with a blank and dark screen.
What's the right way to implement this?
Thanks.
On Sat, 2024-05-11 at 14:39 +0800, luckydog xf wrote:
set hw_machine_type=q35 would generate a machine= 'pc-q35-4.2'. But it makes no difference. ya so looking at the xml its using i440fx not q35
you do not need to specify the explict version q35 is an alias to the newest pc-q35-* machine type looking at how you typed it "openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ " that looks like you might have a space before hw_machine_type can you confirm that is not the case? hw_machine_type is the correct extra spec to set https://github.com/openstack/glance/blob/master/etc/metadefs/compute-libvirt... and you are configureing it as we would expect https://opendev.org/openstack/nova/src/branch/master/doc/source/admin/hw-mac... so it would be also good to confirm that the image porperties on the volume that was created form this glance image have the same values set if you create the volume before you updated the properties in glance it wont have the updated image properties.
On Sat, May 11, 2024 at 1:49 PM luckydog xf <luckydogxf@gmail.com> wrote:
I installed a VM on KVM manually. This VM is okay to boot from UEFI.
Here is part of XML. --- ubuntu@freeradius:~$ virsh dumpxml ubuntu20.04 <domain type='kvm'> <name>ubuntu20.04</name> <uuid>99660c76-953d-4b68-9f29-f1471da8d659</uuid> <metadata> <libosinfo:libosinfo xmlns:libosinfo=" http://libosinfo.org/xmlns/libvirt/domain/1.0"> <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/> </libosinfo:libosinfo> </metadata> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <vcpu placement='static'>2</vcpu> <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> --- VM controller is virtio. I uploaded VM qcow2 as an OpenStack image, and set properties like --- openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx --- Then I launched an instance with this image. It cannot be started up.
XML of this instance is ...
<os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/>
The difference is /usr/share/OVMF/OVMF_CODE.secboot.fd VS /usr/share/OVMF/OVMF_CODE_4M.secboot.fd. These two files have different md5 checksums.
By the way, ovmf package is the same version.
On Sat, May 11, 2024 at 1:43 PM luckydog xf <luckydogxf@gmail.com> wrote:
I uploaded volumes to images,and setup uefi properties accordingly like below. openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx-image
Boot an instance from that image, however, it doesn't work. Below is part of XML definition of an instance. --- <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> ---
My compute nodes are ubuntu 20.04 and ovmf was installed. ---
On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote:
you need to modify the image properties on the boot volume to set hw_firmware_type=uefi
preferably with hw_machine_type=q35
you can do this with "openstack volume set --image-property <key=value> ..."
also in relation to your other therad you can also set the disk bus on the volume this way too by setting hw_disk_bus=sata instead of using ide
ide would also work but its much much much slower.
On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote:
<os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram
<boot dev='hd'/> <smbios mode='sysinfo'/> </os> Here is the output from `virsh dumpxml XX`. As we can see uefi is
template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram> properly
setup. But it seems a device is required.
On Fri, May 10, 2024 at 1:28 PM luckydog xf <luckydogxf@gmail.com> wrote:
I also set hw_machine_type=q35 and hw_machine_type=pc. Neither works.
Converting a volume to an image takes too much space and time because it's so large.
Any alternative?
On Fri, May 10, 2024 at 1:25 PM luckydog xf <luckydogxf@gmail.com> wrote:
> Hi, list, > > I migrated a volume from VMware ESXI VMDK, and originally on VMware > platform it's EFI boot mode and secure boot enabled. > > I cloned the entire VMDK by clonzilla and restored on OpenStack as a > volume. > > I referred to this link > https://docs.openstack.org/nova/latest/admin/secure-boot.html and > uploaded that volume as an image. Then set properties. > > Finally, I launched an instance with a target image, however, it cannot > boot up with a blank and dark screen. > > What's the right way to implement this? > > Thanks. > > > >
--- 1. openstack image set --property hw_firmware_type=uefi --property os_secure_boot=required ubuntu-2004 2. Boot an instance from image ubuntu-2004 3. Console is dark and blank. ### XML of this instance ### <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-0000021b_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> --- This image originates from KVM VM, and it's bootable with uefi secure boot. that looks like you might have a space before hw_machine_type? ---> I beg your pardon, a space before hw_machine_type, what's this ? On Mon, May 13, 2024 at 9:51 PM <smooney@redhat.com> wrote:
On Sat, 2024-05-11 at 14:39 +0800, luckydog xf wrote:
set hw_machine_type=q35 would generate a machine= 'pc-q35-4.2'. But it makes no difference. ya so looking at the xml its using i440fx not q35
you do not need to specify the explict version
q35 is an alias to the newest pc-q35-* machine type
looking at how you typed it
"openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ "
that looks like you might have a space before hw_machine_type can you confirm that is not the case?
hw_machine_type is the correct extra spec to set
https://github.com/openstack/glance/blob/master/etc/metadefs/compute-libvirt... and you are configureing it as we would expect
https://opendev.org/openstack/nova/src/branch/master/doc/source/admin/hw-mac...
so it would be also good to confirm that the image porperties on the volume that was created form this glance image have the same values set
if you create the volume before you updated the properties in glance it wont have the updated image properties.
On Sat, May 11, 2024 at 1:49 PM luckydog xf <luckydogxf@gmail.com>
wrote:
I installed a VM on KVM manually. This VM is okay to boot from UEFI.
Here is part of XML. --- ubuntu@freeradius:~$ virsh dumpxml ubuntu20.04 <domain type='kvm'> <name>ubuntu20.04</name> <uuid>99660c76-953d-4b68-9f29-f1471da8d659</uuid> <metadata> <libosinfo:libosinfo xmlns:libosinfo=" http://libosinfo.org/xmlns/libvirt/domain/1.0"> <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/> </libosinfo:libosinfo> </metadata> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <vcpu placement='static'>2</vcpu> <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> --- VM controller is virtio. I uploaded VM qcow2 as an OpenStack image, and set properties like --- openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx --- Then I launched an instance with this image. It cannot be started
XML of this instance is ...
<os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/>
The difference is /usr/share/OVMF/OVMF_CODE.secboot.fd VS /usr/share/OVMF/OVMF_CODE_4M.secboot.fd. These two files have
different md5
checksums.
By the way, ovmf package is the same version.
On Sat, May 11, 2024 at 1:43 PM luckydog xf <luckydogxf@gmail.com> wrote:
I uploaded volumes to images,and setup uefi properties accordingly
up. like
below. openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx-image
Boot an instance from that image, however, it doesn't work. Below is part of XML definition of an instance. --- <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/> </os> ---
My compute nodes are ubuntu 20.04 and ovmf was installed. ---
On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote:
you need to modify the image properties on the boot volume to set hw_firmware_type=uefi
preferably with hw_machine_type=q35
you can do this with "openstack volume set --image-property
<key=value>
..."
also in relation to your other therad you can also set the disk bus on the volume this way too by setting hw_disk_bus=sata instead of using ide
ide would also work but its much much much slower.
On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote:
<os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram
template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/> </os> Here is the output from `virsh dumpxml XX`. As we can see uefi is
properly
setup. But it seems a device is required.
On Fri, May 10, 2024 at 1:28 PM luckydog xf < luckydogxf@gmail.com> wrote:
> I also set hw_machine_type=q35 and hw_machine_type=pc. Neither works. > > Converting a volume to an image takes too much space and time because it's > so large. > > Any alternative? > > On Fri, May 10, 2024 at 1:25 PM luckydog xf < luckydogxf@gmail.com> wrote: > > > Hi, list, > > > > I migrated a volume from VMware ESXI VMDK, and originally on VMware > > platform it's EFI boot mode and secure boot enabled. > > > > I cloned the entire VMDK by clonzilla and restored on OpenStack as a > > volume. > > > > I referred to this link > > https://docs.openstack.org/nova/latest/admin/secure-boot.html and > > uploaded that volume as an image. Then set properties. > > > > Finally, I launched an instance with a target image, however, it cannot > > boot up with a blank and dark screen. > > > > What's the right way to implement this? > > > > Thanks. > > > > > > > >
when I perform the following, 1. openstack image set --property hw_firmware_type=uefi --property hw_machine_type=q35 --property os_secure_boot=required ubuntu-2004 2. Boot an instance from image ubuntu-2004 3. dark and blank console, too. ### XML of this instance ### <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-0000021c_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> ############# As we can see machine becomes machine='pc-q35-4.2'. But on KVM, VM XML is #### <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> ### The only difference between them is flash file, /usr/share/OVMF/OVMF_CODE_4M.secboot.fd VS /usr/share/OVMF/OVMF_CODE.secboot.fd I confirm both files exist on my openstack nodes. On Tue, May 14, 2024 at 9:28 AM luckydog xf <luckydogxf@gmail.com> wrote:
--- 1. openstack image set --property hw_firmware_type=uefi --property os_secure_boot=required ubuntu-2004 2. Boot an instance from image ubuntu-2004 3. Console is dark and blank.
### XML of this instance ### <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-0000021b_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os>
--- This image originates from KVM VM, and it's bootable with uefi secure boot.
that looks like you might have a space before hw_machine_type? ---> I beg your pardon, a space before hw_machine_type, what's this ?
On Mon, May 13, 2024 at 9:51 PM <smooney@redhat.com> wrote:
On Sat, 2024-05-11 at 14:39 +0800, luckydog xf wrote:
set hw_machine_type=q35 would generate a machine= 'pc-q35-4.2'. But it makes no difference. ya so looking at the xml its using i440fx not q35
you do not need to specify the explict version
q35 is an alias to the newest pc-q35-* machine type
looking at how you typed it
"openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ "
that looks like you might have a space before hw_machine_type can you confirm that is not the case?
hw_machine_type is the correct extra spec to set
https://github.com/openstack/glance/blob/master/etc/metadefs/compute-libvirt... and you are configureing it as we would expect
https://opendev.org/openstack/nova/src/branch/master/doc/source/admin/hw-mac...
so it would be also good to confirm that the image porperties on the volume that was created form this glance image have the same values set
if you create the volume before you updated the properties in glance it wont have the updated image properties.
On Sat, May 11, 2024 at 1:49 PM luckydog xf <luckydogxf@gmail.com>
wrote:
I installed a VM on KVM manually. This VM is okay to boot from UEFI.
Here is part of XML. --- ubuntu@freeradius:~$ virsh dumpxml ubuntu20.04 <domain type='kvm'> <name>ubuntu20.04</name> <uuid>99660c76-953d-4b68-9f29-f1471da8d659</uuid> <metadata> <libosinfo:libosinfo xmlns:libosinfo=" http://libosinfo.org/xmlns/libvirt/domain/1.0"> <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/> </libosinfo:libosinfo> </metadata> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <vcpu placement='static'>2</vcpu> <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> --- VM controller is virtio. I uploaded VM qcow2 as an OpenStack image,
set properties like --- openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx --- Then I launched an instance with this image. It cannot be started up.
XML of this instance is ...
<os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/>
The difference is /usr/share/OVMF/OVMF_CODE.secboot.fd VS /usr/share/OVMF/OVMF_CODE_4M.secboot.fd. These two files have
different md5
checksums.
By the way, ovmf package is the same version.
On Sat, May 11, 2024 at 1:43 PM luckydog xf <luckydogxf@gmail.com> wrote:
I uploaded volumes to images,and setup uefi properties accordingly
and like
below. openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx-image
Boot an instance from that image, however, it doesn't work. Below is part of XML definition of an instance. --- <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/> </os> ---
My compute nodes are ubuntu 20.04 and ovmf was installed. ---
On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote:
you need to modify the image properties on the boot volume to set hw_firmware_type=uefi
preferably with hw_machine_type=q35
you can do this with "openstack volume set --image-property
<key=value>
..."
also in relation to your other therad you can also set the disk bus on the volume this way too by setting hw_disk_bus=sata instead of using ide
ide would also work but its much much much slower.
On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote: > <os> > <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> > <loader readonly='yes' > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> > <nvram >
template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram>
> <boot dev='hd'/> > <smbios mode='sysinfo'/> > </os> > Here is the output from `virsh dumpxml XX`. As we can see uefi is properly > setup. But it seems a device is required. > > On Fri, May 10, 2024 at 1:28 PM luckydog xf < luckydogxf@gmail.com> wrote: > > > I also set hw_machine_type=q35 and hw_machine_type=pc. Neither works. > > > > Converting a volume to an image takes too much space and time because it's > > so large. > > > > Any alternative? > > > > On Fri, May 10, 2024 at 1:25 PM luckydog xf < luckydogxf@gmail.com> wrote: > > > > > Hi, list, > > > > > > I migrated a volume from VMware ESXI VMDK, and originally on VMware > > > platform it's EFI boot mode and secure boot enabled. > > > > > > I cloned the entire VMDK by clonzilla and restored on OpenStack as a > > > volume. > > > > > > I referred to this link > > > https://docs.openstack.org/nova/latest/admin/secure-boot.html and > > > uploaded that volume as an image. Then set properties. > > > > > > Finally, I launched an instance with a target image, however, it cannot > > > boot up with a blank and dark screen. > > > > > > What's the right way to implement this? > > > > > > Thanks. > > > > > > > > > > > >
https://bugs.launchpad.net/nova/+bug/1960758 not sure I hit a bug or not. My OpenStack is Ussuri <https://docs.openstack.org/ussuri/> and ubuntu 20.04 On Tue, May 14, 2024 at 9:37 AM luckydog xf <luckydogxf@gmail.com> wrote:
when I perform the following, 1. openstack image set --property hw_firmware_type=uefi --property hw_machine_type=q35 --property os_secure_boot=required ubuntu-2004 2. Boot an instance from image ubuntu-2004 3. dark and blank console, too.
### XML of this instance ### <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-0000021c_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> #############
As we can see machine becomes machine='pc-q35-4.2'.
But on KVM, VM XML is #### <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> ###
The only difference between them is flash file,
/usr/share/OVMF/OVMF_CODE_4M.secboot.fd VS /usr/share/OVMF/OVMF_CODE.secboot.fd
I confirm both files exist on my openstack nodes.
On Tue, May 14, 2024 at 9:28 AM luckydog xf <luckydogxf@gmail.com> wrote:
--- 1. openstack image set --property hw_firmware_type=uefi --property os_secure_boot=required ubuntu-2004 2. Boot an instance from image ubuntu-2004 3. Console is dark and blank.
### XML of this instance ### <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-0000021b_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os>
--- This image originates from KVM VM, and it's bootable with uefi secure boot.
that looks like you might have a space before hw_machine_type? ---> I beg your pardon, a space before hw_machine_type, what's this ?
On Mon, May 13, 2024 at 9:51 PM <smooney@redhat.com> wrote:
On Sat, 2024-05-11 at 14:39 +0800, luckydog xf wrote:
set hw_machine_type=q35 would generate a machine= 'pc-q35-4.2'. But it makes no difference. ya so looking at the xml its using i440fx not q35
you do not need to specify the explict version
q35 is an alias to the newest pc-q35-* machine type
looking at how you typed it
"openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ "
that looks like you might have a space before hw_machine_type can you confirm that is not the case?
hw_machine_type is the correct extra spec to set
https://github.com/openstack/glance/blob/master/etc/metadefs/compute-libvirt... and you are configureing it as we would expect
https://opendev.org/openstack/nova/src/branch/master/doc/source/admin/hw-mac...
so it would be also good to confirm that the image porperties on the volume that was created form this glance image have the same values set
if you create the volume before you updated the properties in glance it wont have the updated image properties.
On Sat, May 11, 2024 at 1:49 PM luckydog xf <luckydogxf@gmail.com>
wrote:
I installed a VM on KVM manually. This VM is okay to boot from UEFI.
Here is part of XML. --- ubuntu@freeradius:~$ virsh dumpxml ubuntu20.04 <domain type='kvm'> <name>ubuntu20.04</name> <uuid>99660c76-953d-4b68-9f29-f1471da8d659</uuid> <metadata> <libosinfo:libosinfo xmlns:libosinfo=" http://libosinfo.org/xmlns/libvirt/domain/1.0"> <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/> </libosinfo:libosinfo> </metadata> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <vcpu placement='static'>2</vcpu> <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> --- VM controller is virtio. I uploaded VM qcow2 as an OpenStack image,
set properties like --- openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx --- Then I launched an instance with this image. It cannot be started up.
XML of this instance is ...
<os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/>
The difference is /usr/share/OVMF/OVMF_CODE.secboot.fd VS /usr/share/OVMF/OVMF_CODE_4M.secboot.fd. These two files have
different md5
checksums.
By the way, ovmf package is the same version.
On Sat, May 11, 2024 at 1:43 PM luckydog xf <luckydogxf@gmail.com> wrote:
I uploaded volumes to images,and setup uefi properties accordingly
and like
below. openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx-image
Boot an instance from that image, however, it doesn't work. Below is part of XML definition of an instance. --- <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/> </os> ---
My compute nodes are ubuntu 20.04 and ovmf was installed. ---
On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote:
> you need to modify the image properties on the boot volume to set > hw_firmware_type=uefi > > preferably with hw_machine_type=q35 > > you can do this with "openstack volume set --image-property
<key=value>
> ..." > > also in relation to your other therad you can also set the disk bus on > the volume this way too > by setting hw_disk_bus=sata instead of using ide > > ide would also work but its much much much slower. > > On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote: > > <os> > > <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> > > <loader readonly='yes' > > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> > > <nvram > > > template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram> > > <boot dev='hd'/> > > <smbios mode='sysinfo'/> > > </os> > > Here is the output from `virsh dumpxml XX`. As we can see uefi is > properly > > setup. But it seems a device is required. > > > > On Fri, May 10, 2024 at 1:28 PM luckydog xf < luckydogxf@gmail.com> > wrote: > > > > > I also set hw_machine_type=q35 and hw_machine_type=pc. Neither > works. > > > > > > Converting a volume to an image takes too much space and time > because it's > > > so large. > > > > > > Any alternative? > > > > > > On Fri, May 10, 2024 at 1:25 PM luckydog xf < luckydogxf@gmail.com> > wrote: > > > > > > > Hi, list, > > > > > > > > I migrated a volume from VMware ESXI VMDK, and originally on VMware > > > > platform it's EFI boot mode and secure boot enabled. > > > > > > > > I cloned the entire VMDK by clonzilla and restored on OpenStack > as a > > > > volume. > > > > > > > > I referred to this link > > > > https://docs.openstack.org/nova/latest/admin/secure-boot.html and > > > > uploaded that volume as an image. Then set properties. > > > > > > > > Finally, I launched an instance with a target image, however, it > cannot > > > > boot up with a blank and dark screen. > > > > > > > > What's the right way to implement this? > > > > > > > > Thanks. > > > > > > > > > > > > > > > > > >
https://bugs.launchpad.net/nova/+bug/1960758/comments/30 Yes, uefi isn't supported properly in Ussuri. Here is a workaround. Thanks Problem solved. On Tue, May 14, 2024 at 2:48 PM luckydog xf <luckydogxf@gmail.com> wrote:
https://bugs.launchpad.net/nova/+bug/1960758 not sure I hit a bug or not. My OpenStack is Ussuri <https://docs.openstack.org/ussuri/> and ubuntu 20.04
On Tue, May 14, 2024 at 9:37 AM luckydog xf <luckydogxf@gmail.com> wrote:
when I perform the following, 1. openstack image set --property hw_firmware_type=uefi --property hw_machine_type=q35 --property os_secure_boot=required ubuntu-2004 2. Boot an instance from image ubuntu-2004 3. dark and blank console, too.
### XML of this instance ### <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-0000021c_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> #############
As we can see machine becomes machine='pc-q35-4.2'.
But on KVM, VM XML is #### <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> ###
The only difference between them is flash file,
/usr/share/OVMF/OVMF_CODE_4M.secboot.fd VS /usr/share/OVMF/OVMF_CODE.secboot.fd
I confirm both files exist on my openstack nodes.
On Tue, May 14, 2024 at 9:28 AM luckydog xf <luckydogxf@gmail.com> wrote:
--- 1. openstack image set --property hw_firmware_type=uefi --property os_secure_boot=required ubuntu-2004 2. Boot an instance from image ubuntu-2004 3. Console is dark and blank.
### XML of this instance ### <os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/instance-0000021b_VARS.fd</nvram> <boot dev='hd'/> <smbios mode='sysinfo'/> </os>
--- This image originates from KVM VM, and it's bootable with uefi secure boot.
that looks like you might have a space before hw_machine_type? ---> I beg your pardon, a space before hw_machine_type, what's this ?
On Mon, May 13, 2024 at 9:51 PM <smooney@redhat.com> wrote:
On Sat, 2024-05-11 at 14:39 +0800, luckydog xf wrote:
set hw_machine_type=q35 would generate a machine= 'pc-q35-4.2'. But it makes no difference. ya so looking at the xml its using i440fx not q35
you do not need to specify the explict version
q35 is an alias to the newest pc-q35-* machine type
looking at how you typed it
"openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ "
that looks like you might have a space before hw_machine_type can you confirm that is not the case?
hw_machine_type is the correct extra spec to set
https://github.com/openstack/glance/blob/master/etc/metadefs/compute-libvirt... and you are configureing it as we would expect
https://opendev.org/openstack/nova/src/branch/master/doc/source/admin/hw-mac...
so it would be also good to confirm that the image porperties on the volume that was created form this glance image have the same values set
if you create the volume before you updated the properties in glance it wont have the updated image properties.
On Sat, May 11, 2024 at 1:49 PM luckydog xf <luckydogxf@gmail.com>
wrote:
I installed a VM on KVM manually. This VM is okay to boot from UEFI.
Here is part of XML. --- ubuntu@freeradius:~$ virsh dumpxml ubuntu20.04 <domain type='kvm'> <name>ubuntu20.04</name> <uuid>99660c76-953d-4b68-9f29-f1471da8d659</uuid> <metadata> <libosinfo:libosinfo xmlns:libosinfo=" http://libosinfo.org/xmlns/libvirt/domain/1.0"> <libosinfo:os id="http://ubuntu.com/ubuntu/20.04"/> </libosinfo:libosinfo> </metadata> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <vcpu placement='static'>2</vcpu> <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.secboot.fd</loader> <nvram>/var/lib/libvirt/qemu/nvram/ubuntu20.04_VARS.fd</nvram> </os> --- VM controller is virtio. I uploaded VM qcow2 as an OpenStack image,
and
set properties like --- openstack image set \ --property hw_firmware_type=uefi \ --property os_secure_boot=required \ --property hw_machine_type=q35 \ xxx --- Then I launched an instance with this image. It cannot be started up.
XML of this instance is ...
<os> <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram>
<boot dev='hd'/> <smbios mode='sysinfo'/>
The difference is /usr/share/OVMF/OVMF_CODE.secboot.fd VS /usr/share/OVMF/OVMF_CODE_4M.secboot.fd. These two files have
different md5
checksums.
By the way, ovmf package is the same version.
On Sat, May 11, 2024 at 1:43 PM luckydog xf <luckydogxf@gmail.com> wrote:
> I uploaded volumes to images,and setup uefi properties accordingly like > below. > openstack image set \ > --property hw_firmware_type=uefi \ > --property os_secure_boot=required \ > --property hw_machine_type=q35 \ > xxx-image > > Boot an instance from that image, however, it doesn't work. Below is > part of XML definition of an instance. > --- > <os> > <type arch='x86_64' machine='pc-i440fx-4.2'>hvm</type> > <loader readonly='yes' > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> > <nvram>/var/lib/libvirt/qemu/nvram/instance-00000212_VARS.fd</nvram> > <boot dev='hd'/> > <smbios mode='sysinfo'/> > </os> > --- > > My compute nodes are ubuntu 20.04 and ovmf was installed. > --- > > > > On Fri, May 10, 2024 at 6:37 PM <smooney@redhat.com> wrote: > > > you need to modify the image properties on the boot volume to set > > hw_firmware_type=uefi > > > > preferably with hw_machine_type=q35 > > > > you can do this with "openstack volume set --image-property <key=value> > > ..." > > > > also in relation to your other therad you can also set the disk bus on > > the volume this way too > > by setting hw_disk_bus=sata instead of using ide > > > > ide would also work but its much much much slower. > > > > On Fri, 2024-05-10 at 17:06 +0800, luckydog xf wrote: > > > <os> > > > <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> > > > <loader readonly='yes' > > > type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader> > > > <nvram > > > > > template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/instance-00000206_VARS.fd</nvram> > > > <boot dev='hd'/> > > > <smbios mode='sysinfo'/> > > > </os> > > > Here is the output from `virsh dumpxml XX`. As we can see uefi is > > properly > > > setup. But it seems a device is required. > > > > > > On Fri, May 10, 2024 at 1:28 PM luckydog xf < luckydogxf@gmail.com> > > wrote: > > > > > > > I also set hw_machine_type=q35 and hw_machine_type=pc. Neither > > works. > > > > > > > > Converting a volume to an image takes too much space and time > > because it's > > > > so large. > > > > > > > > Any alternative? > > > > > > > > On Fri, May 10, 2024 at 1:25 PM luckydog xf < luckydogxf@gmail.com> > > wrote: > > > > > > > > > Hi, list, > > > > > > > > > > I migrated a volume from VMware ESXI VMDK, and originally on VMware > > > > > platform it's EFI boot mode and secure boot enabled. > > > > > > > > > > I cloned the entire VMDK by clonzilla and restored on OpenStack > > as a > > > > > volume. > > > > > > > > > > I referred to this link > > > > > https://docs.openstack.org/nova/latest/admin/secure-boot.html and > > > > > uploaded that volume as an image. Then set properties. > > > > > > > > > > Finally, I launched an instance with a target image, however, it > > cannot > > > > > boot up with a blank and dark screen. > > > > > > > > > > What's the right way to implement this? > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > > > > > > > > >
participants (2)
-
luckydog xf
-
smooney@redhat.com