yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #79569
[Bug 1825386] Re: Nova is looking for OVMF file no longer provided by CentOS 7.6
Reviewed: https://review.opendev.org/348394
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=363710b655434a15b6b85d9ca65343210b104e56
Submitter: Zuul
Branch: master
commit 363710b655434a15b6b85d9ca65343210b104e56
Author: Dirk Mueller <dirk@xxxxxxxx>
Date: Thu Jul 28 16:39:19 2016 +0200
libvirt: Handle alternative UEFI firmware binary paths
The OVMF binary paths differ based on the Linux distribution:
- Debian and Ubuntu:
- /usr/share/OVMF/OVMF_CODE.fd
- Fedora:
- /usr/share/edk2/ovmf/OVMF_CODE.fd
(`symlink`s to /usr/share/OVMF/OVMF_CODE.fd)
- /usr/share/edk2/ovmf/OVMF_CODE.secboot.fd (`symlink`s to
/usr/share/OVMF/OVMF_CODE.secboot.fd)
- CentOS and RHEL:
- /usr/share/OVMF/OVMF_CODE.secboot.fd
- SUSE:
- /usr/share/qemu/ovmf-x86_64-opensuse-code.bin
Currently, Nova only checks for one location OVMF_CODE.fd. Let's also
check for the other two common distributions, SUSE and CentOS OVMF
binary paths. This is a short-term solution to fix two bugs.
In the long run:
- We will get rid of the "DEFAULT_UEFI_LOADER_PATH", which is used to
probe for firmware file paths. Instead, we'll use the more robust
approach of the recently introduced[1] get_domain_capabilities()[1]
to query for the firmware binary paths (as reported in the 'loader'
attribute).
- Use libvirt's (>=5.3) firmware auto-selection feature. Which is a
more robust way to decide UEFI boot (secure or otherwise). More
details of it in the spec here[2].
[1] https://opendev.org/openstack/nova/commit/297f3ba687 -- Add
infrastructure for invoking libvirt's getDomainCapabilities API
[2] http://specs.openstack.org/openstack/nova-specs/specs/train/approved/allow-secure-boot-for-qemu-kvm-guests.html
Co-Authored-By: Kashyap Chamarthy <kchamart@xxxxxxxxxx>
Closes-Bug: 1607400
Closes-Bug: 1825386
blueprint: allow-secure-boot-for-qemu-kvm-guests
Signed-off-by: Kashyap Chamarthy <kchamart@xxxxxxxxxx>
Change-Id: I28afdb09d300be39981606d5234fd837ea738e1d
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1825386
Title:
Nova is looking for OVMF file no longer provided by CentOS 7.6
Status in OpenStack Compute (nova):
Fix Released
Status in openstack-ansible:
Fix Released
Bug description:
In nova/virt/libvirt/driver.py the code looks for a hardcoded path
"/usr/share/OVMF/OVMF_CODE.fd".
It appears that centos 7.6 has modified the OVMF-20180508-3 rpm to no
longer contain this file. Instead it now seems to be named
/usr/share/OVMF/OVMF_CODE.secboot.fd
This will break the ability to boot guests using UEFI.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1825386/+subscriptions
References