ERROR: Failed to configure cloud init. Please check logfile "/tmp/tdx-guest-setup.txt" for more information

[ShuochengWang]

Hi, I want to build the TD image, but I met following error when I run the ./create-td-image.sh script. My env is a google cloud vm (non-tdx) with ubuntu 24.04 (I met this error in google tdx vm, either)

Anyone helps? much thanks

sudo ./create-td-image.sh
INFO: Installation of required tools
--2024-11-01 10:15:31--  https://cloud-images.ubuntu.com/releases/noble/release//SHA256SUMS
Resolving cloud-images.ubuntu.com (cloud-images.ubuntu.com)... 185.125.190.37, 185.125.190.40, 2620:2d:4000:1::1a, ...
Connecting to cloud-images.ubuntu.com (cloud-images.ubuntu.com)|185.125.190.37|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7605 (7.4K)
Saving to: ‘/home/stuart_wang_2046inc_xyz/tdx/guest-tools/image/SHA256SUMS’

/home/stuart_wang_20 100%[======================>]   7.43K  --.-KB/s    in 0s      

2024-11-01 10:15:32 (263 MB/s) - ‘/home/stuart_wang_2046inc_xyz/tdx/guest-tools/image/SHA256SUMS’ saved [7605/7605]

--2024-11-01 10:15:32--  https://cloud-images.ubuntu.com/releases/noble/release//ubuntu-24.04-server-cloudimg-amd64.img
Resolving cloud-images.ubuntu.com (cloud-images.ubuntu.com)... 185.125.190.40, 185.125.190.37, 2620:2d:4000:1::1a, ...
Connecting to cloud-images.ubuntu.com (cloud-images.ubuntu.com)|185.125.190.40|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 587241984 (560M) [application/octet-stream]
Saving to: ‘/home/stuart_wang_2046inc_xyz/tdx/guest-tools/image/ubuntu-24.04-server-cloudimg-amd64.img’

/home/stuart_wang_20 100%[======================>] 560.04M  18.4MB/s    in 35s     

2024-11-01 10:16:08 (16.0 MB/s) - ‘/home/stuart_wang_2046inc_xyz/tdx/guest-tools/image/ubuntu-24.04-server-cloudimg-amd64.img’ saved [587241984/587241984]

SUCCESS: Verify the checksum for Ubuntu cloud image.
SUCCESS: Copy the ubuntu-24.04-server-cloudimg-amd64.img => /tmp/tdx-guest-tmp.qcow2
Image resized.
[   0.0] Examining the guest ...
[  37.6] Setting a random seed
virt-customize: warning: random seed could not be set for this type of 
guest
[  38.0] Setting the machine ID in /etc/machine-id
[  38.0] Running: growpart /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_hd0 1
[  43.0] Running: resize2fs /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_hd0-part1
[  44.8] Running: systemctl mask pollinate.service
[  45.9] SELinux relabelling
[  46.3] Finishing off
SUCCESS: Resize the guest image to 50G
/home/stuart_wang_2046inc_xyz/tdx/guest-tools/image/cloud-init-data /home/stuart_wang_2046inc_xyz/tdx/guest-tools/image
INFO: Generate configuration for cloud-init...
I: -input-charset not specified, using utf-8 (detected in locale settings)
Total translation table size: 0
Total rockridge attributes bytes: 331
Total directory bytes: 0
Path table size(bytes): 10
Max brk space used 0
183 extents written (0 MB)
INFO: Apply cloud-init configuration with virt-install...
INFO: (Check logfile for more details /tmp/tdx-guest-setup.txt)
/home/stuart_wang_2046inc_xyz/tdx/guest-tools/image
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
qemu-system-x86 is already the newest version (1:8.2.2+ds-0ubuntu1.2).
qemu-system-x86 set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 23 not upgraded.
WARN: Please increase wait time(--wait=12) above and try again...
ERROR: Failed to configure cloud init. Please check logfile "/tmp/tdx-guest-setup.txt" for more information.
INFO: Cleanup!

Here is the contents of /tmp/tdx-guest-setup.txt

[  483.937076] cloud-init[1011]: Service restarts being deferred:
[  483.940608] cloud-init[1011]:  systemctl restart unattended-upgrades.service
[  483.943972] cloud-init[1011]: No containers need to be restarted.
[  483.946992] cloud-init[1011]: No user sessions are running outdated binaries.
[  483.949689] cloud-init[1011]: No VM guests are running outdated hypervisor (qemu) binaries on this host.
ci-info: no authorized SSH keys fingerprints found for user tdx.
[  497.023288] cloud-init[1011]: 2024-11-01 10:25:27,235 - lifecycle.py[DEPRECATED]: 'user' of type string is deprecated in 22.2 and scheduled to be removed in 27.2. Use 'users' list instead.
<14>Nov  1 10:25:27 cloud-init: #############################################################
<14>Nov  1 10:25:27 cloud-init: -----BEGIN SSH HOST KEY FINGERPRINTS-----
<14>Nov  1 10:25:27 cloud-init: 256 SHA256:sazigtHYSHTZmz7extjPipLCwgSMSHkOEAqgYFyP/jU root@tdx-guest (ECDSA)
<14>Nov  1 10:25:27 cloud-init: 256 SHA256:J9gqGphVYMqfmfelzRWK8VZnmHoxt44IZhiZ4Yur6YY root@tdx-guest (ED25519)
<14>Nov  1 10:25:28 cloud-init: 3072 SHA256:RjYboSAaVAdrJQd60pl75DR6kHndHQW64ijowILYFNo root@tdx-guest (RSA)
<14>Nov  1 10:25:28 cloud-init: -----END SSH HOST KEY FINGERPRINTS-----
<14>Nov  1 10:25:28 cloud-init: #############################################################
-----BEGIN SSH HOST KEY KEYS-----
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEXEcTaaiiJURWjd8ZqQc5BFGKGATd55CK/ZGA0T+trZiE6GPmOz2uJMryhiwxkyxbxdgP6x2o0agQGY8Xj89qk= root@tdx-guest
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ZXaM+MzFsH8ztgH+cVCytakUloG84a1NTNT1vNhMz root@tdx-guest
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAzJVFMAZ5QP2afygR/iEKGkEQWXga6VI66I+X2JXNk4nDNFFoRM4DmRXwlfnJA1VL1UM5mrzVTODRQDufFJMngFzEJdFmyhSeVK/xG4rVxoqP6P1vvIG2loAZw7om+qZIVYKRPk3I/krgRK0Twbsp0UTwt9v6zcM6ZJ5h4e1+qhBXOEa+CX25PKN4utUM6a0VWOh3COUzKKPcf2OsrlrwXcg9H16K7m1RM0RnplmzLoa5QRvT0YwnXCMESLCipyOEWOe4ZT1K/rzZKT6waFV4PkSl+v9PuanACVAVmCYycT99aZkyCYpw2VNBdcHqdGdFlXa8QCjFgs9sV3zSmz+B2V3IsUbiM2A7R4uh431SmYZMtjAgT2TSQYem09LTMK/bNCIi/Lzv2kJAkCahicsuj9Wgb3ChDcG0cc3n0SoZ7QqYwM3UKiH1ZDKCSr1aoIT2RUa3UOvGAMI5kV/lZcZhn+pvsam/l2GcUSk16A9zMbpDRKUV2xovdHH74hl9Nl0= root@tdx-guest
-----END SSH HOST KEY KEYS-----
[  498.396422] cloud-init[1011]: Cloud-init v. 24.3.1-0ubuntu0~24.04.2 finished at Fri, 01 Nov 2024 10:25:28 +0000. Datasource DataSourceNoCloud [seed=/dev/sr0].  Up 498.26 seconds
[  OK  ] Finished cloud-final.service - Cloud-init: Final Stage.
[  OK  ] Reached target cloud-init.target - Cloud-init target.
[  OK  ] Removed slice system-modprobe.slice - Slice /system/modprobe.
[  OK  ] Stopped target cloud-init.target - Cloud-init target.
[  OK  ] Stopped target graphical.target - Graphical Interface.
[  OK  ] Stopped target timers.target - Timer Units.
[  OK  ] Stopped apt-daily-upgrade.timer - …y apt upgrade and clean activities.
[  OK  ] Stopped apt-daily.timer - Daily apt download activities.
[  OK  ] Stopped dpkg-db-backup.timer - Daily dpkg database backup timer.
[  OK  ] Stopped e2scrub_all.timer - Period…Metadata Check for All Filesystems.
[  OK  ] Stopped fstrim.timer - Discard unused filesystem blocks once a week.
[  OK  ] Stopped fwupd-refresh.timer - Refresh fwupd metadata regularly.
[  OK  ] Stopped logrotate.timer - Daily rotation of log files.
[  OK  ] Stopped man-db.timer - Daily man-db regeneration.
[  OK  ] Stopped motd-news.timer - Message of the Day.
[  OK  ] Stopped ntpsec-rotate-stats.timer - Rotate ntpd stats daily.
[  OK  ] Stopped sysstat-collect.timer - Ru…y accounting tool every 10 minutes.
[  OK  ] Stopped sysstat-summary.timer - Ge… of yesterday's process accounting.
[  OK  ] Stopped systemd-tmpfiles-clean.tim…y Cleanup of Temporary Directories.
[  OK  ] Stopped update-notifier-download.t…hat failed at package install time.
[  OK  ] Stopped update-notifier-motd.timer… a new version of Ubuntu available.
[  OK  ] Stopped target time-set.target - System Time Set.
[  OK  ] Closed cloud-init-hotplugd.socket - cloud-init hotplug hook socket.
[  OK  ] Closed lvm2-lvmpolld.socket - LVM2 poll daemon socket.
[  OK  ] Closed systemd-rfkill.socket - Loa…ll Switch Status /dev/rfkill Watch.
         Stopping blk-availability.service - Availability of block devices...
[  OK  ] Stopped cloud-final.service - Cloud-init: Final Stage.
[  OK  ] Stopped target multi-user.target - Multi-User System.
[  OK  ] Stopped target getty.target - Login Prompts.
         Stopping ModemManager.service - Modem Manager...
         Stopping apport.service - automatic crash report generation...
[  OK  ] Stopped cloud-config.service - Cloud-init: Config Stage.
[  OK  ] Stopped target cloud-config.target - Cloud-config availability.
[  OK  ] Stopped target network-online.target - Network is Online.
         Stopping cron.service - Regular ba…ground program processing daemon...
         Stopping finalrd.service - Create …time dir for shutdown pivot root...
         Stopping getty@tty1.service - Getty on tty1...
         Stopping ntpsec.service - Network Time Service...
         Stopping packagekit.service - PackageKit Daemon...
[  OK  ] Stopped plymouth-quit.service - Terminate Plymouth Boot Screen.
         Stopping rsyslog.service - System Logging Service...
         Stopping serial-getty@ttyS0.service - Serial Getty on ttyS0...
[  OK  ] Stopped snapd.seeded.service - Wait until snapd is fully seeded.
[  OK  ] Stopped sysstat.service - Resets System Activity Logs.
         Stopping systemd-logind.service - User Login Management...
         Stopping systemd-random-seed.service - Load/Save OS Random Seed...
         Stopping udisks2.service - Disk Manager...
[  OK  ] Stopped cron.service - Regular background program processing daemon.
[  OK  ] Stopped systemd-logind.service - User Login Management.
[  OK  ] Stopped udisks2.service - Disk Manager.
[  OK  ] Stopped rsyslog.service - System Logging Service.
[  OK  ] Stopped ModemManager.service - Modem Manager.
[  OK  ] Stopped serial-getty@ttyS0.service - Serial Getty on ttyS0.
[  OK  ] Stopped getty@tty1.service - Getty on tty1.
[  OK  ] Stopped ntpsec.service - Network Time Service.
[  OK  ] Stopped packagekit.service - PackageKit Daemon.
[  OK  ] Stopped systemd-random-seed.service - Load/Save OS Random Seed.
[  OK  ] Removed slice system-getty.slice - Slice /system/getty.
[  OK  ] Removed slice system-serial\x2dget…slice - Slice /system/serial-getty.
[  OK  ] Stopped target getty-pre.target - Preparation for Logins.
[  OK  ] Stopped target nss-lookup.target - Host and Network Name Lookups.
[  OK  ] Stopped plymouth-quit-wait.service…old until boot process finishes up.
         Stopping polkit.service - Authorization Manager...
         Stopping systemd-user-sessions.service - Permit User Sessions...
[  OK  ] Stopped polkit.service - Authorization Manager.
[  OK  ] Stopped blk-availability.service - Availability of block devices.
[  OK  ] Stopped systemd-user-sessions.service - Permit User Sessions.
[  OK  ] Stopped target network.target - Network.
[  OK  ] Stopped apport.service - automatic crash report generation.
[  OK  ] Stopped target basic.target - Basic System.
[  OK  ] Stopped target paths.target - Path Units.
[  OK  ] Stopped target remote-fs.target - Remote File Systems.
[  OK  ] Stopped target remote-fs-pre.targe…reparation for Remote File Systems.
[  OK  ] Stopped target slices.target - Slice Units.
[  OK  ] Removed slice user.slice - User and Session Slice.
[  OK  ] Stopped target sockets.target - Socket Units.
[  OK  ] Closed iscsid.socket - Open-iSCSI iscsid Socket.
[  OK  ] Closed lxd-installer.socket - Helper to install lxd snap on demand.
[  OK  ] Closed snapd.socket - Socket activation for snappy daemon.
[  OK  ] Closed ssh.socket - OpenBSD Secure Shell server socket.
[  OK  ] Closed syslog.socket - Syslog Socket.
[  OK  ] Closed uuidd.socket - UUID daemon activation socket.
[  OK  ] Stopped target sysinit.target - System Initialization.
[  OK  ] Stopped target cryptsetup.target - Local Encrypted Volumes.
[  OK  ] Stopped systemd-ask-password-conso…equests to Console Directory Watch.
[  OK  ] Stopped systemd-ask-password-wall.…d Requests to Wall Directory Watch.
[  OK  ] Stopped target integritysetup.targ… Local Integrity Protected Volumes.
[  OK  ] Stopped target swap.target - Swaps.
[  OK  ] Stopped target veritysetup.target - Local Verity Protected Volumes.
[  OK  ] Stopped cloud-init.service - Cloud-init: Network Stage.
         Stopping systemd-binfmt.service - Set Up Additional Binary Formats...
[  OK  ] Stopped systemd-networkd-wait-onli… Wait for Network to be Configured.
         Stopping systemd-networkd.service - Network Configuration...
         Stopping systemd-resolved.service - Network Name Resolution...
[  OK  ] Stopped systemd-update-done.service - Update is Completed.
[  OK  ] Stopped ldconfig.service - Rebuild Dynamic Linker Cache.
[  OK  ] Stopped systemd-journal-catalog-up….service - Rebuild Journal Catalog.
         Stopping systemd-update-utmp.servi…ord System Boot/Shutdown in UTMP...
[  OK  ] Stopped systemd-resolved.service - Network Name Resolution.
[  OK  ] Stopped systemd-networkd.service - Network Configuration.
[  OK  ] Stopped target network-pre.target - Preparation for Network.
[  OK  ] Closed systemd-networkd.socket - Network Service Netlink Socket.
[  OK  ] Stopped cloud-init-local.service -…ud-init: Local Stage (pre-network).
[  OK  ] Stopped systemd-sysctl.service - Apply Kernel Variables.
[  OK  ] Stopped systemd-modules-load.service - Load Kernel Modules.
[  OK  ] Stopped systemd-binfmt.service - Set Up Additional Binary Formats.
[  OK  ] Unset automount proc-sys-fs-binfmt…ormats File System Automount Point.
[  OK  ] Stopped systemd-update-utmp.servic…ecord System Boot/Shutdown in UTMP.
[  OK  ] Stopped systemd-tmpfiles-setup.ser…ate Volatile Files and Directories.
[  OK  ] Stopped finalrd.service - Create f…untime dir for shutdown pivot root.
[  OK  ] Stopped target local-fs.target - Local File Systems.
[  OK  ] Stopped target snapd.mounts.target - Mounted snaps.
[  OK  ] Stopped target snapd.mounts-pre.target - Mounting snaps.
         Unmounting boot-efi.mount - /boot/efi...
[  OK  ] Unmounted boot-efi.mount - /boot/efi.
         Unmounting boot.mount - /boot...
[  OK  ] Stopped systemd-fsck@dev-disk-by\x…m Check on /dev/disk/by-label/UEFI.
[  OK  ] Unmounted boot.mount - /boot.
[  OK  ] Reached target umount.target - Unmount All Filesystems.
[  OK  ] Stopped systemd-fsck@dev-disk-by\x…m Check on /dev/disk/by-label/BOOT.
[  OK  ] Removed slice system-systemd\x2dfs…slice - Slice /system/systemd-fsck.
[  OK  ] Stopped target local-fs-pre.target…Preparation for Local File Systems.
         Stopping lvm2-monitor.service - Mo…ing dmeventd or progress polling...
         Stopping multipathd.service - Devi…pper Multipath Device Controller...
[  OK  ] Stopped systemd-tmpfiles-setup-dev…Create Static Device Nodes in /dev.
[  OK  ] Stopped systemd-sysusers.service - Create System Users.
[  OK  ] Stopped systemd-tmpfiles-setup-dev…ic Device Nodes in /dev gracefully.
[  OK  ] Stopped multipathd.service - Devic…Mapper Multipath Device Controller.
[  OK  ] Stopped systemd-remount-fs.service…mount Root and Kernel File Systems.
[  OK  ] Stopped systemd-fsck-root.service - File System Check on Root Device.
[  OK  ] Stopped lvm2-monitor.service - Mon…using dmeventd or progress polling.
[  OK  ] Reached target shutdown.target - System Shutdown.
[  OK  ] Reached target final.target - Late Shutdown Services.
[  OK  ] Finished systemd-poweroff.service - System Power Off.
[  OK  ] Reached target poweroff.target - System Power Off.
[  529.347856] reboot: Power down

[Fri, 01 Nov 2024 10:26:00 virt-install 13364] DEBUG (cli:266) Domain has shutdown. Continuing.
[Fri, 01 Nov 2024 10:26:00 virt-install 13364] DEBUG (cli:266) Domain creation completed.
[Fri, 01 Nov 2024 10:26:00 virt-install 13364] DEBUG (cli:266) You can restart your domain by running:
  virsh --connect qemu:///system start tdx-config-cloud-init
Running text console command: virsh --connect qemu:///system console tdx-config-cloud-init

Domain is still running. Installation may be in progress.
Waiting 12 minutes for the installation to complete.
Domain has shutdown. Continuing.
Domain creation completed.
You can restart your domain by running:
  virsh --connect qemu:///system start tdx-config-cloud-init

Here is my system report

Git ref

387764af665cddce319af1667c1648ee988947e5

Operating system details

Distributor ID: Ubuntu
Description:    Ubuntu 24.04.1 LTS
Release:        24.04
Codename:       noble

Kernel version

6.8.0-1015-gcp #17-Ubuntu SMP Mon Sep  2 17:57:02 UTC 2024 x86_64 x86_64 GNU/Linux

TDX kernel logs

...

TDX CPU instruction support

No TDX support in CPU according to /proc/cpuinfo

rdmsr: CPU 0 cannot read MSR 0x00000982 rdmsr: CPU 0 cannot read MSR 0x00001401 rdmsr: CPU 0 cannot read MSR 0x00000087 rdmsr: CPU 0 cannot read MSR 0x000000a0 rdmsr: open: Permission denied

Model specific registers (MSRs)

MK_TME_ENABLED bit:  (expected value: 1)
SEAM_RR bit:  (expected value: 1)
NUM_TDX_PRIV_KEYS: 
SGX_AND_MCHECK_STATUS:  (expected value: 0)
Production platform: Pre-production (expected value: Production)

CPU details

 AMD EPYC 7B12

QEMU package details

Status: Installed
Package: qemu-system-x86
Version: 1:8.2.2+ds-0ubuntu1.2
APT-Sources: http://asia-northeast1.gce.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages

Libvirt package details

Status: Installed
Package: libvirt-clients
Version: 10.0.0-2ubuntu8.4
APT-Sources: http://asia-northeast1.gce.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages

OVMF package details

Status: Installed
Package: ovmf
Version: 2024.02-2
APT-Sources: http://asia-northeast1.gce.archive.ubuntu.com/ubuntu noble/main amd64 Packages

sgx-dcap-pccs package details

Status: Not Installed

tdx-qgs package details

Status: Not Installed

sgx-ra-service package details

Status: Not Installed

sgx-pck-id-retrieval-tool package details

Status: Not Installed

QGSD service status

Unit qgsd.service could not be found.

PCCS service status

Unit pccs.service could not be found.

MPA registration logs (last 30 lines)

[syncronize-issues-to-jira[bot]]

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/PEK-1441.

This message was autogenerated

[hector-cao]

@ShuochengWang Thanks for your feedback, could you please test the fix available in this branch ? https://github.com/canonical/tdx/tree/noble-24.04-fix-261

[ShuochengWang]

@ShuochengWang Thanks for your feedback, could you please test the fix available in this branch ? https://github.com/canonical/tdx/tree/noble-24.04-fix-261

great!!! it works!!! Thanks very much!!!