tripleo

nova_libvirt docker image needs OVMF for UEFI machines

Bug #1814552 reported by Matt Faraday
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
kolla
Fix Released
Medium
Radosław Piliszek
kolla 10.0.0 "ussuri"
Rocky
Fix Committed
Medium
Radosław Piliszek
kolla 7.1.1 "rocky"
Stein
Fix Released
Medium
Radosław Piliszek
kolla 8.0.3 "stein"
Train
Fix Committed
Medium
Radosław Piliszek
kolla 9.1.0 "Train"
Ussuri
Fix Released
Medium
Radosław Piliszek
kolla 10.0.0 "ussuri"
tripleo
Incomplete
Medium
Unassigned
tripleo victoria-3 "tripleo victoria"

Bug Description

We have a use case that requires us to setup UEFI windows images to run under openstack for security reasons.

I have managed to get windows instances to boot, but only after having installed OVMF on the docker container for nova_libvirt.

This is what I did

sudo docker exec -u 0 -it nova_libvirt bash
yum install OVMF -y
ln -s /usr/share/OVMF/OVMF_CODE.secboot.fd /usr/share/OVMF/OVMF_CODE.fd

now windows guests boot in UEFI mode.

could / should this be incorporated into the docker container image ? or should people do this themselves?

Revision history for this message
Alex Schultz (alex-schultz) wrote :

This probably also affects Kolla as well.

Juan Antonio Osorio Robles (juan-osorio-robles)
Changed in tripleo:
status: New → Triaged
importance: Undecided → Medium
milestone: none → train-1
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: train-1 → train-2
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: train-2 → train-3
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: train-3 → ussuri-1
Mark Goddard (mgoddard)
Changed in kolla:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla (master)

Fix proposed to branch: master
Review: https://review.opendev.org/682280

Changed in kolla:
assignee: nobody → Chason Chan (chen-xing)
status: Triaged → In Progress
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: ussuri-1 → ussuri-2
OpenStack Infra (hudson-openstack)
Changed in kolla:
assignee: Chason Chan (chen-xing) → Marcin Juszkiewicz (hrw)
OpenStack Infra (hudson-openstack)
Changed in kolla:
assignee: Marcin Juszkiewicz (hrw) → Radosław Piliszek (yoctozepto)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (master)

Reviewed: https://review.opendev.org/682280
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=15b68c15c1dd0c2df1cc49b550f2fa03a4c65e8e
Submitter: Zuul
Branch: master

commit 15b68c15c1dd0c2df1cc49b550f2fa03a4c65e8e
Author: chenxing <email address hidden>
Date: Mon Sep 16 14:46:41 2019 +0800

    nova-libvirt: add UEFI packages to support UEFI instances

    Fix inability to run UEFI-based images/instances by installing UEFI
    packages also in nova-libvirt image which is not based on nova-base.

    Includes support for C8.
    Backport below Train w/o C8.

    Closes-Bug: #1814552
    Co-authored-by: Marcin Juszkiewicz <email address hidden>
    Co-authored-by: Radosław Piliszek <email address hidden>
    Change-Id: I1d5cd3d9af98444acac5bedd7daeaa6c6673dcd6

Changed in kolla:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/705287

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (stable/train)

Reviewed: https://review.opendev.org/705287
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=ffaf585d0f05ccd9123459bb0cdf345af5b09573
Submitter: Zuul
Branch: stable/train

commit ffaf585d0f05ccd9123459bb0cdf345af5b09573
Author: chenxing <email address hidden>
Date: Mon Sep 16 14:46:41 2019 +0800

    nova-libvirt: add UEFI packages to support UEFI instances

    Fix inability to run UEFI-based images/instances by installing UEFI
    packages also in nova-libvirt image which is not based on nova-base.

    Includes support for C8.
    Backport below Train w/o C8.

    Closes-Bug: #1814552
    Co-authored-by: Marcin Juszkiewicz <email address hidden>
    Co-authored-by: Radosław Piliszek <email address hidden>
    Change-Id: I1d5cd3d9af98444acac5bedd7daeaa6c6673dcd6
    (cherry picked from commit 15b68c15c1dd0c2df1cc49b550f2fa03a4c65e8e)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/706061

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/706065

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (stable/stein)

Reviewed: https://review.opendev.org/706061
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=757fe57563ed54e53c14c8cfae780b71fb49b7ba
Submitter: Zuul
Branch: stable/stein

commit 757fe57563ed54e53c14c8cfae780b71fb49b7ba
Author: chenxing <email address hidden>
Date: Mon Sep 16 14:46:41 2019 +0800

    nova-libvirt: add UEFI packages to support UEFI instances

    Fix inability to run UEFI-based images/instances by installing UEFI
    packages also in nova-libvirt image which is not based on nova-base.

    Adapted for Stein and below (e.g. Rocky) by removing
    any C8 support.

    Closes-Bug: #1814552
    Co-authored-by: Marcin Juszkiewicz <email address hidden>
    Co-authored-by: Radosław Piliszek <email address hidden>
    Change-Id: I1d5cd3d9af98444acac5bedd7daeaa6c6673dcd6
    (cherry picked from commit 15b68c15c1dd0c2df1cc49b550f2fa03a4c65e8e)
    (cherry picked from commit ffaf585d0f05ccd9123459bb0cdf345af5b09573)

wes hayutin (weshayutin)
Changed in tripleo:
milestone: ussuri-2 → ussuri-3
Revision history for this message
Radosław Piliszek (yoctozepto) wrote :

I think ooo got fixed by kolla fix unless you override it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (stable/rocky)

Reviewed: https://review.opendev.org/706065
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=f39fc9b0a77c2c7d75afedb217bb0f8d6e7eed19
Submitter: Zuul
Branch: stable/rocky

commit f39fc9b0a77c2c7d75afedb217bb0f8d6e7eed19
Author: chenxing <email address hidden>
Date: Mon Sep 16 14:46:41 2019 +0800

    nova-libvirt: add UEFI packages to support UEFI instances

    Fix inability to run UEFI-based images/instances by installing UEFI
    packages also in nova-libvirt image which is not based on nova-base.

    Adapted for Stein and below (e.g. Rocky) by removing
    any C8 support.
    Adapted for Rocky due to later base_distro refactorings.

    Closes-Bug: #1814552
    Co-authored-by: Marcin Juszkiewicz <email address hidden>
    Co-authored-by: Radosław Piliszek <email address hidden>
    Change-Id: I1d5cd3d9af98444acac5bedd7daeaa6c6673dcd6
    (cherry picked from commit 15b68c15c1dd0c2df1cc49b550f2fa03a4c65e8e)
    (cherry picked from commit ffaf585d0f05ccd9123459bb0cdf345af5b09573)
    (cherry picked from commit 757fe57563ed54e53c14c8cfae780b71fb49b7ba)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla 7.1.1

This issue was fixed in the openstack/kolla 7.1.1 release.

wes hayutin (weshayutin)
Changed in tripleo:
status: Triaged → Incomplete
wes hayutin (weshayutin)
Changed in tripleo:
milestone: ussuri-3 → ussuri-rc3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/721764

wes hayutin (weshayutin)
Changed in tripleo:
milestone: ussuri-rc3 → victoria-1
Revision history for this message
Mark Goddard (mgoddard) wrote :

This bug is marked incomplete for tripleo. Please remove the milestone to stop the spam with each RC :)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on kolla (stable/queens)

Change abandoned by Jeffrey Zhang (<email address hidden>) on branch: stable/queens
Review: https://review.opendev.org/721764

Emilien Macchi (emilienm)
Changed in tripleo:
milestone: victoria-1 → victoria-3
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.