Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1478427 Details for
Bug 1622021
[OVMF] The guest can not be booted via iPXE under the secure boot
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
OVMF iPXE dhcp server guest configure document
OVMF iPXE dhcp server guest configure document (text/plain), 8.22 KB, created by
Michael
on 2018-08-24 07:58:44 UTC
(
hide
)
Description:
OVMF iPXE dhcp server guest configure document
Filename:
MIME Type:
Creator:
Michael
Created:
2018-08-24 07:58:44 UTC
Size:
8.22 KB
patch
obsolete
> 1. create a private switch on host > > # cat /etc/qemu-ifup-private > #!/bin/sh > switch=private-switch > /sbin/ifconfig $1 0.0.0.0 up > /usr/sbin/brctl addif ${switch} $1 > /usr/sbin/brctl setfd ${switch} 0 > /usr/sbin/brctl stp ${switch} off > > > > # cat /etc/qemu-ifup-private > #!/bin/sh > switch=private-switch > /sbin/ifconfig $1 0.0.0.0 up > /usr/sbin/brctl addif ${switch} $1 > /usr/sbin/brctl setfd ${switch} 0 > /usr/sbin/brctl stp ${switch} off > [root@dell-per515-04 ipxe]# cat /etc/qemu-ifdown-private > #!/bin/sh > switch=private-switch > /sbin/ifconfig $1 0.0.0.0 down > /usr/sbin/brctl delif ${switch} $1 > > > > 2. boot 2 guest on the same private switch > > ipxe server: > > /usr/libexec/qemu-kvm -enable-kvm -M q35 -nodefaults -smp 4 -m 4G -name vm1 -drive file=/root/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on -drive file=/root/OVMF_VARS.fd,if=pflash,format=raw,unit=1 -debugcon file:/home/test/ovmf.log -drive file=/usr/share/OVMF/UefiShell.iso,if=none,cache=none,snapshot=off,aio=native,media=cdrom,id=cdrom1 -device ahci,id=ahci0 -device ide-cd,drive=cdrom1,id=ide-cd1,bus=ahci0.1 -global isa-debugcon.iobase=0x402 -drive file=/home/rhel7.5-secureboot.qcow2,if=none,id=guest-img,format=qcow2,werror=stop,rerror=stop -device ide-hd,drive=guest-img,bus=ide.0,unit=0,id=os-disk,bootindex=1 -spice port=5931,disable-ticketing -vga qxl -monitor stdio -qmp tcp:0:6666,server,nowait -boot menu=on,reboot-timeout=8,strict=on -device pcie-root-port,bus=pcie.0,id=root.0,slot=0,io-reserve=0 -device e1000,netdev=tap0,mac=9a:6a:6b:6c:6d:50,bus=root.0 -netdev tap,id=tap0 -device virtio-net-pci,netdev=tap11,mac=08:9e:01:c2:6d:6f,disable-legacy=on,disable-modern=off,bootindex=2 -netdev tap,id=tap11,script=/etc/qemu-ifup-private,downscript=/etc/qemu-ifdown-private -machine kernel_irqchip=split -device intel-iommu,intremap=on,eim=on -global mch.extended-tseg-mbytes=48 -serial unix:/tmp/console,server,nowait -vnc :1 > > > > ipxe client(connect to ipxe server), will start it later > > /usr/libexec/qemu-kvm -enable-kvm -M q35 -nodefaults -smp 4 -m 4G -name vm1 -drive file=/home/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on -drive file=/home/OVMF_VARS.fd,if=pflash,format=raw,unit=1 -debugcon file:/home/test/ovmf.log -drive file=/usr/share/OVMF/UefiShell.iso,if=none,cache=none,snapshot=off,aio=native,media=cdrom,id=cdrom1 -device ahci,id=ahci0 -device ide-cd,drive=cdrom1,id=ide-cd1,bus=ahci0.1 -global isa-debugcon.iobase=0x402 -drive file=/root/test.qcow2,if=none,id=guest-img,format=qcow2,werror=stop,rerror=stop -device ide-hd,drive=guest-img,bus=ide.0,unit=0,id=os-disk,bootindex=2 -spice port=5932,disable-ticketing -vga qxl -monitor stdio -qmp tcp:0:6667,server,nowait -boot menu=on,reboot-timeout=8,strict=on -device pcie-root-port,bus=pcie.0,id=root.0,slot=0,io-reserve=0 -device virtio-serial-pci,id=virtio-serial0 -device virtio-net-pci,netdev=tap10,mac=08:9e:01:c2:6d:01,disable-legacy=on,disable-modern=off,bootindex=1 -netdev tap,id=tap10,script=/etc/qemu-ifup-private,downscript=/etc/qemu-ifdown-private -global mch.extended-tseg-mbytes=48 -serial unix:/tmp/console,server,nowait -vnc :2 > > > > 3. assign private ip address via manually for private switch and guest > > guest: > > #ifconfig eth0 192.168.1.100 netmask 255.255.255.0 > > host: > > #ifconfig private-switch 192.168.1.101 netmask 255.255.255.0 > > > > 4. configure tftp server inside guest > > # cat /etc/xinetd.d/tftp > service tftp > { > disable = no > socket_type = dgram > protocol = udp > wait = yes > user = root > server = /usr/sbin/in.tftpd > server_args = -v -v -v -v -v -s /var/lib/tftpboot/ > # server_args = --map-file=/etc/tftp.mapfile -v -v -v -v -v -s /var/lib/tftpboot/arm64pe > disable = yes > per_source = 11 > cps = 100 2 > flags = IPv4 > } > > > > 5. configure dhcp server inside guest > > # cat /etc/dhcp/dhcpd.conf > # > # DHCP Server Configuration file. > # see /usr/share/doc/dhcp*/dhcpd.conf.example > # see dhcpd.conf(5) man page > # > option architecture-type code 93 = unsigned integer 16; > > > > subnet 192.168.1.0 netmask 255.255.255.0 { > option routers 192.168.1.100; > option domain-name-servers 192.168.1.100; > range 192.168.1.1 192.168.1.2; > class "pxeclients" { > match if substring (option vendor-class-identifier, 0, 9) = > "PXEClient"; > next-server 192.168.1.100; > if exists user-class and option user-class = "iPXE" { > # rhbz-1462351 > # second stage: iPXE is booting, serve command script > filename "ipxe.cfg"; > } else { > # first stage, firmware is booting > if option architecture-type = 00:07 { > # rhbz-1462351, serve iPXE > filename "ipxe.efi"; > } elsif option architecture-type = 00:0b { > # serve arm64pe installer > filename "efi/boot/bootaa64.efi"; > } else { > # rhbz-1462351, serve iPXE > filename "undionly.kpxe"; > } > } > } > } > > > > 6.disable iptables and setenforce 0 inside guest > > #iptables -F > > #setenforce 0 > > > > 7.download initrd.img & vmlinuz to /var/lib/tftpboot > > 7.1) configure ipxe.cfg > > #cat ipxe.cfg > > #!ipxe > > kernel vmlinuz initrd=initrd.img ip=dhcp inst.repo=nfs:192.168.1.100:/home/RHEL-7.4-20170711.0-Server-x86_64-dvd1.iso > initrd initrd.img > boot > > > > 7.2)# cat grub.cfg(not sure it is useful) > > set timeout=60 > ### END /etc/grub.d/00_header ### > > > > search --no-floppy --set=root -l 'RHEL-7.4 Server.x86_64' > > > > ### BEGIN /etc/grub.d/10_linux ### > menuentry 'Install Red Hat Enterprise Linux 7.4' --class fedora --class gnu-linux --class gnu --class os { > linuxefi images/vmlinuz ip=dhcp inst.repo=ftp:192.168.1.100:/RHEL-7.4-20170711.0-Server-x86_64-dvd1.iso > initrdefi images/initrd.img > } > > > > 7.3)copy shim.efi shimx64.efi ipxe.efi grubx64.efi BOOTX64.EFI to /var/lib/tftpboot/ from iso file or brewweb.(only part of files is used) > > > > 8.In order to share ISO file, setup nfs server inside guest > > #cat /etc/exports > > /home *(rw,no_root_squash,async) > > > > 9. start nfs service and xinetd and dhcp server inside guest > > > > 10. boot client guest to install os via ipxe > > ipxe client(connect to ipxe server) > > /usr/libexec/qemu-kvm -enable-kvm -M q35 -nodefaults -smp 4 -m 4G -name vm1 -drive file=/home/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on -drive file=/home/OVMF_VARS.fd,if=pflash,format=raw,unit=1 -debugcon file:/home/test/ovmf.log -drive file=/usr/share/OVMF/UefiShell.iso,if=none,cache=none,snapshot=off,aio=native,media=cdrom,id=cdrom1 -device ahci,id=ahci0 -device ide-cd,drive=cdrom1,id=ide-cd1,bus=ahci0.1 -global isa-debugcon.iobase=0x402 -drive file=/root/test.qcow2,if=none,id=guest-img,format=qcow2,werror=stop,rerror=stop -device ide-hd,drive=guest-img,bus=ide.0,unit=0,id=os-disk,bootindex=2 -spice port=5932,disable-ticketing -vga qxl -monitor stdio -qmp tcp:0:6667,server,nowait -boot menu=on,reboot-timeout=8,strict=on -device pcie-root-port,bus=pcie.0,id=root.0,slot=0,io-reserve=0 -device virtio-serial-pci,id=virtio-serial0 -device virtio-net-pci,netdev=tap10,mac=08:9e:01:c2:6d:01,disable-legacy=on,disable-modern=off,bootindex=1 -netdev tap,id=tap10,script=/etc/qemu-ifup-private,downscript=/etc/qemu-ifdown-private -global mch.extended-tseg-mbytes=48 -serial unix:/tmp/console,server,nowait -vnc :2 > > > > Notes: I already saved a ipxe rhel7.5 guest. All configuration works inside guest. you can download it directly from refer to. > > > > Refer to: > > https://bugzilla.redhat.com/show_bug.cgi?id=1462351 > > http://fileshare.englab.nay.redhat.com/pub/section2/images_backup/personal/xfu/rhel7.5-secureboot.qcow2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1478427">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1622021
: 1478427 |
1478428
|
1478431