search

coreos / coreos-assembler

Tooling container to assemble CoreOS-like systems
https://coreos.github.io/coreos-assembler/
Apache License 2.0
330 stars 165 forks source link

kola qemuexec fails on PXE with `uefi-secure` qemu-firmware #3804

Closed travier closed 1 month ago

travier commented 1 month ago

Bug Report

We're trying to boot using PXE and Secure Boot enabled:

$ tree pxe
[drwxr-xr-x tim      tim       4.0K]  pxe
├── [-rw-r--r-- tim      tim          0]  disk.img
├── [lrwxrwxrwx tim      tim         31]  ldlinux.c32 -> /usr/share/syslinux/ldlinux.c32
├── [lrwxrwxrwx tim      tim         30]  pxelinux.0 -> /usr/share/syslinux/pxelinux.0
├── [drwxr-xr-x tim      tim         21]  pxelinux.cfg
│   └── [-rw-r--r-- tim      tim        278]  default
├── [-rw-r--r-- tim      tim        88M]  rhcos-4.14.0-x86_64-live-initramfs.x86_64.img
├── [-rw-r--r-- tim      tim        12M]  rhcos-4.14.0-x86_64-live-kernel-x86_64
└── [-rw-r--r-- tim      tim       994M]  rhcos-4.14.0-x86_64-live-rootfs.x86_64.img
$ cat pxe/pxelinux.cfg/default
DEFAULT pxeboot
TIMEOUT 20
PROMPT 0
LABEL pxeboot
    KERNEL rhcos-4.14.0-x86_64-live-kernel-x86_64
    APPEND initrd=rhcos-4.14.0-x86_64-live-initramfs.x86_64.img,rhcos-4.14.0-x86_64-live-rootfs.x86_64.img ignition.f0
IPAPPEND 2
$ cosa run -c --netboot pxe/pxelinux.0 -m 4096 --qemu-image disk.img --qemu-firmware uefi-secure

>>Start PXE over IPv4.
  Station IP address is 10.0.2.15

  Server IP address is 10.0.2.2
  NBP filename is /pxelinux.0
  NBP filesize is 42529 Bytes
 Downloading NBP file...

  NBP file downloaded successfully.
BdsDxe: failed to load Boot0001 "UEFI PXEv4 (MAC:525400123456)" from PciRoot(0x0)/Pci(0x2,0x0)/MAC(525400123456,0x1)/IPv4(0.0.0.0,0x0,DHCP,0.0.0.0,0.0.0.0,0.0.0.0): Not Found

>>Start PXE over IPv6.QEMU 8.2.2 monitor - type 'help' for more information
(qemu) 
  PXE-E16: No valid offer received.
BdsDxe: failed to load Boot0002 "UEFI PXEv6 (MAC:525400123456)" from PciRoot(0x0)/Pci(0x2,0x0)/MAC(525400123456,0x1)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000,0x0,Static,0000:0000:0000:0000:0000:0000:0000:0000,0x40,0000:0000:0000:0000:d

>>Start HTTP Boot over IPv4.....
  Error: Could not retrieve NBP file size from HTTP server.

  Error: Server response timeout.
BdsDxe: failed to load Boot0003 "UEFI HTTPv4 (MAC:525400123456)" from PciRoot(0x0)/Pci(0x2,0x0)/MAC(525400123456,0x1)/IPv4(0.0.0.0,0x0,DHCP,0.0.0.0,0.0.0.0,0.0.0.0)/Uri(): Not Found

>>Start HTTP Boot over IPv6.

And it looks like something is missing in the PXE setup in COSA.

Environment

What operating system is being used to run coreos-assembler?

Fedora Kinoite 40

What operating system is being assembled?

RHCOS

Is coreos-assembler running in Podman or Docker?

podman

If Podman, is coreos-assembler running privileged or unprivileged?

Default alias

Expected Behavior

Actual Behavior

Reproduction Steps

  1. Follow the steps from https://coreos.github.io/coreos-assembler/cosa/run/#pxelinux
  2. Add --qemu-image disk.img --qemu-firmware uefi-secure to cosa run ... command

Other Information

For: https://issues.redhat.com/browse/OCPBUGS-33225

HuijingHei commented 1 month ago

Tried to add grub.cfg and shimx64.efi to pxelinux, failed with error coreos-livepxe-rootfs[797]: Only HTTP, HTTPS, and TFTP are supported. Please fix your PXE configuration., aslo can see EFI stub: UEFI Secure Boot is enabled.

$ cosa run -c --netboot pxelinux/shimx64.efi -m 4096 --qemu-firmware uefi-secure --qemu-image test.qcow2
  Booting `CoreOS (BIOS/UEFI)'

Loading kernel
Loading initrd
EFI stub: UEFI Secure Boot is enabled.
...
May 15 11:03:33 systemd[1]: Starting Acquire Live PXE rootfs Image...
May 15 11:03:33 coreos-livepxe-rootfs[797]: Fetching rootfs image from /rhcos-4.14.15-x86_64-live-rootfs.x86_64.img...
May 15 11:03:33 coreos-livepxe-rootfs[797]: Unsupported scheme for image specified by:
May 15 11:03:33 coreos-livepxe-rootfs[797]: coreos.live.rootfs_url=/rhcos-4.14.15-x86_64-live-rootfs.x86_64.img
May 15 11:03:33 coreos-livepxe-rootfs[797]: Only HTTP, HTTPS, and TFTP are supported. Please fix your PXE configuration.
May 15 11:03:33 systemd[1]: coreos-livepxe-rootfs.service: Main process exited, code=exited, status=1/FAILURE
May 15 11:03:33 systemd[1]: coreos-livepxe-rootfs.service: Failed with result 'exit-code'.
May 15 11:03:33 systemd[1]: Failed to start Acquire Live PXE rootfs Image.
May 15 11:03:33 systemd[1]: coreos-livepxe-rootfs.service: Triggering OnFailure= dependencies.
$ cat pxelinux/grub.cfg
default=0
timeout=1
menuentry "CoreOS (BIOS/UEFI)" {
        echo "Loading kernel"
        linux /rhcos-4.14.15-x86_64-live-kernel-x86_64 coreos.live.rootfs_url=/rhcos-4.14.15-x86_64-live-rootfs.x86_64.img ignition.firstboot ignition.platform.id=metal console=ttyS0
        echo "Loading initrd"
        initrd rhcos-4.14.15-x86_64-live-initramfs.x86_64.img
}
travier commented 1 month ago

I'll make docs PR.