search

canonical / packer-maas

Packer templates to create MAAS deployable images
Other
279 stars 167 forks source link

Packer Rocky 9 image deploys but fails to boot - Blue Screen Could not install security protocol #108

Open sho1sho1sho1 opened 1 year ago

sho1sho1sho1 commented 1 year ago

I am new to Maas Custom Images. I followed the Maas custom image guide using the Rocky 9 packer template and created a Rocky 9 custom image. I see the baremetal machine deploys, but after first reboot, it gets a blue screen error "Could not install security protocol: (0x2) Invalid Parameter."

Is this a bug? Or did I miss a step in creating the Rocky 9 custom image?

sho1sho1sho1 commented 1 year ago

I did more testing and it looks like when MAAS tries to chainload the bootloader, it looks for /efi/ubuntu, /efi/centos, /efi/redhat, /efi/rhel, /efi/red, /efi/Microsoft. On the custom Rocky9 image, the directory is /boot/efi/EFI/rocky which does not match any of the default MAAS fallback.

I added "cp -vr /boot/efi/EFI/rocky /boot/efi/EFI/rhel" to the post installation section in the rock.ks and the custom image is able to boot and successfully deploy.

I am not sure if this is a valid workaround or if there's anything else that I am missing. Any comment or suggestion would be truly appreciated.

%post --erroronfail
# workaround anaconda requirements and clear root password
passwd -d root
passwd -l root

# Clean up install config not applicable to deployed environments.
for f in resolv.conf fstab; do
    rm -f /etc/$f
    touch /etc/$f
    chown root:root /etc/$f
    chmod 644 /etc/$f
done

rm -f /etc/sysconfig/network-scripts/ifcfg-[^lo]*

# Kickstart copies install boot options. Serial is turned on for logging with
# Packer which disables console output. Disable it so console output is shown
# during deployments
sed -i 's/^GRUB_TERMINAL=.*/GRUB_TERMINAL_OUTPUT="console"/g' /etc/default/grub
sed -i '/GRUB_SERIAL_COMMAND="serial"/d' /etc/default/grub
sed -ri 's/(GRUB_CMDLINE_LINUX=".*)\s+console=ttyS0(.*")/\1\2/' /etc/default/grub

yum clean all

# Passwordless sudo for the user 'rocky'
echo "rocky ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/rocky
chmod 440 /etc/sudoers.d/rocky

cp -vr /boot/efi/EFI/rocky /boot/efi/EFI/rhel

#---- Optional - Install your SSH key ----
# mkdir -m0700 /home/rocky/.ssh/
#
# cat <<EOF >/home/rocky/.ssh/authorized_keys
# ssh-rsa <your_public_key_here> you@your.domain
# EOF
#
### set permissions
# chmod 0600 /home/rocky/.ssh/authorized_keys
#
#### fix up selinux context
# restorecon -R /home/rocky/.ssh/

%end
SK1Y101 commented 1 year ago

Hey @sho1sho1sho1, could you create a PR for your fix?

joaofeteira commented 9 months ago

Hi,

I had the same issue on rocky8 and tried to apply your proposed fix by adding the line cp -vr /boot/efi/EFI/rocky /boot/efi/EFI/rhel to the http/rocky.ks.in %post section but it didn't work. I get the blue screen nevertheless:

image

BR

jurekh commented 1 month ago

Is this with grub, or with iPXE? There's a known issue with iPXE that breaks nested boot setup: https://github.com/rhboot/shim/issues/549

joaofeteira commented 1 week ago

Hi, Just an update still happening on maas 3.5.1 and latest build from the packer-maas repo