This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch 4.22
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.22 by this push:
new 2dd1e6d786f Enable UEFI on KVM hosts (by default), and configure with
some default settings (#11740)
2dd1e6d786f is described below
commit 2dd1e6d786f362adfffc7f45c49642d8e44184dd
Author: Suresh Kumar Anaparti <[email protected]>
AuthorDate: Fri Nov 7 19:24:02 2025 +0530
Enable UEFI on KVM hosts (by default), and configure with some default
settings (#11740)
---
.../conf/uefi.properties.in | 19 +++++++------------
debian/cloudstack-agent.install | 1 +
debian/cloudstack-agent.postinst | 2 +-
debian/control | 2 +-
packaging/debian/replace.properties | 5 +++++
packaging/el8/cloud.spec | 13 ++++++++++++-
packaging/el8/replace.properties | 5 +++++
pom.xml | 4 ++++
.../java/com/cloud/server/ManagementServerImpl.java | 5 ++++-
systemvm/systemvm-agent-descriptor.xml | 1 +
10 files changed, 41 insertions(+), 16 deletions(-)
diff --git a/debian/cloudstack-agent.install b/agent/conf/uefi.properties.in
similarity index 65%
copy from debian/cloudstack-agent.install
copy to agent/conf/uefi.properties.in
index 58715e0746b..3c8866f634b 100644
--- a/debian/cloudstack-agent.install
+++ b/agent/conf/uefi.properties.in
@@ -15,15 +15,10 @@
# specific language governing permissions and limitations
# under the License.
-/etc/cloudstack/agent/agent.properties
-/etc/cloudstack/agent/environment.properties
-/etc/cloudstack/agent/log4j-cloud.xml
-/etc/default/cloudstack-agent
-/etc/profile.d/cloudstack-agent-profile.sh
-/etc/logrotate.d/cloudstack-agent
-/usr/bin/cloudstack-setup-agent
-/usr/bin/cloudstack-ssh
-/usr/bin/cloudstack-agent-upgrade
-/usr/bin/cloudstack-guest-tool
-/usr/share/cloudstack-agent/lib/*
-/usr/share/cloudstack-agent/plugins
+# Configuration file for UEFI
+
+guest.nvram.template.legacy=@GUESTNVRAMTEMPLATELEGACY@
+guest.loader.legacy=@GUESTLOADERLEGACY@
+guest.nvram.template.secure=@GUESTNVRAMTEMPLATESECURE@
+guest.loader.secure=@GUESTLOADERSECURE@
+guest.nvram.path=@GUESTNVRAMPATH@
diff --git a/debian/cloudstack-agent.install b/debian/cloudstack-agent.install
index 58715e0746b..0b9e874cb42 100644
--- a/debian/cloudstack-agent.install
+++ b/debian/cloudstack-agent.install
@@ -16,6 +16,7 @@
# under the License.
/etc/cloudstack/agent/agent.properties
+/etc/cloudstack/agent/uefi.properties
/etc/cloudstack/agent/environment.properties
/etc/cloudstack/agent/log4j-cloud.xml
/etc/default/cloudstack-agent
diff --git a/debian/cloudstack-agent.postinst b/debian/cloudstack-agent.postinst
index 758af6e068f..cd070c2f785 100755
--- a/debian/cloudstack-agent.postinst
+++ b/debian/cloudstack-agent.postinst
@@ -23,7 +23,7 @@ case "$1" in
configure)
OLDCONFDIR="/etc/cloud/agent"
NEWCONFDIR="/etc/cloudstack/agent"
- CONFFILES="agent.properties log4j.xml log4j-cloud.xml"
+ CONFFILES="agent.properties uefi.properties log4j.xml log4j-cloud.xml"
mkdir -m 0755 -p /usr/share/cloudstack-agent/tmp
diff --git a/debian/control b/debian/control
index 1292639ef30..78842e38ed2 100644
--- a/debian/control
+++ b/debian/control
@@ -24,7 +24,7 @@ Description: CloudStack server library
Package: cloudstack-agent
Architecture: all
-Depends: ${python:Depends}, ${python3:Depends}, openjdk-17-jre-headless |
java17-runtime-headless | java17-runtime | zulu-17, cloudstack-common (=
${source:Version}), lsb-base (>= 9), openssh-client, qemu-kvm (>= 2.5) |
qemu-system-x86 (>= 5.2), libvirt-bin (>= 1.3) | libvirt-daemon-system (>=
3.0), iproute2, ebtables, vlan, ipset, python3-libvirt, ethtool, iptables,
cryptsetup, rng-tools, rsync, lsb-release, ufw, apparmor, cpu-checker,
libvirt-daemon-driver-storage-rbd, sysstat
+Depends: ${python:Depends}, ${python3:Depends}, openjdk-17-jre-headless |
java17-runtime-headless | java17-runtime | zulu-17, cloudstack-common (=
${source:Version}), lsb-base (>= 9), openssh-client, qemu-kvm (>= 2.5) |
qemu-system-x86 (>= 5.2), libvirt-bin (>= 1.3) | libvirt-daemon-system (>=
3.0), iproute2, ebtables, vlan, ipset, python3-libvirt, ethtool, iptables,
cryptsetup, rng-tools, rsync, ovmf, swtpm, lsb-release, ufw, apparmor,
cpu-checker, libvirt-daemon-driver-storage-rbd, sysstat
Recommends: init-system-helpers
Conflicts: cloud-agent, cloud-agent-libs, cloud-agent-deps, cloud-agent-scripts
Description: CloudStack agent
diff --git a/packaging/debian/replace.properties
b/packaging/debian/replace.properties
index 5ea4a03b275..bd0c1488959 100644
--- a/packaging/debian/replace.properties
+++ b/packaging/debian/replace.properties
@@ -59,3 +59,8 @@ USAGELOG=/var/log/cloudstack/usage/usage.log
USAGESYSCONFDIR=/etc/cloudstack/usage
PACKAGE=cloudstack
EXTENSIONSDEPLOYMENTMODE=production
+GUESTNVRAMTEMPLATELEGACY=/usr/share/OVMF/OVMF_VARS_4M.fd
+GUESTLOADERLEGACY=/usr/share/OVMF/OVMF_CODE_4M.fd
+GUESTNVRAMTEMPLATESECURE=/usr/share/OVMF/OVMF_VARS_4M.ms.fd
+GUESTLOADERSECURE=/usr/share/OVMF/OVMF_CODE_4M.secboot.fd
+GUESTNVRAMPATH=/var/lib/libvirt/qemu/nvram/
diff --git a/packaging/el8/cloud.spec b/packaging/el8/cloud.spec
index 7e97957473c..abfab23f705 100644
--- a/packaging/el8/cloud.spec
+++ b/packaging/el8/cloud.spec
@@ -115,6 +115,8 @@ Requires: ipset
Requires: perl
Requires: rsync
Requires: cifs-utils
+Requires: edk2-ovmf
+Requires: swtpm
Requires: (python3-libvirt or python3-libvirt-python)
Requires: (qemu-img or qemu-tools)
Requires: qemu-kvm
@@ -356,6 +358,7 @@ install -D packaging/systemd/cloudstack-agent.service
${RPM_BUILD_ROOT}%{_unitdi
install -D packaging/systemd/[email protected]
${RPM_BUILD_ROOT}%{_unitdir}/%{name}[email protected]
install -D packaging/systemd/cloudstack-agent.default
${RPM_BUILD_ROOT}%{_sysconfdir}/default/%{name}-agent
install -D agent/target/transformed/agent.properties
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/agent/agent.properties
+install -D agent/target/transformed/uefi.properties
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/agent/uefi.properties
install -D agent/target/transformed/environment.properties
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/agent/environment.properties
install -D agent/target/transformed/log4j-cloud.xml
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/agent/log4j-cloud.xml
install -D agent/target/transformed/cloud-setup-agent
${RPM_BUILD_ROOT}%{_bindir}/%{name}-setup-agent
@@ -523,7 +526,7 @@ mkdir -m 0755 -p /usr/share/cloudstack-agent/tmp
/usr/bin/systemctl enable cloudstack-rolling-maintenance@p > /dev/null 2>&1 ||
true
/usr/bin/systemctl enable --now rngd > /dev/null 2>&1 || true
-# if saved configs from upgrade exist, copy them over
+# if saved agent.properties from upgrade exist, copy them over
if [ -f "%{_sysconfdir}/cloud.rpmsave/agent/agent.properties" ]; then
mv %{_sysconfdir}/%{name}/agent/agent.properties
%{_sysconfdir}/%{name}/agent/agent.properties.rpmnew
cp -p %{_sysconfdir}/cloud.rpmsave/agent/agent.properties
%{_sysconfdir}/%{name}/agent
@@ -531,6 +534,14 @@ if [ -f
"%{_sysconfdir}/cloud.rpmsave/agent/agent.properties" ]; then
mv %{_sysconfdir}/cloud.rpmsave/agent/agent.properties
%{_sysconfdir}/cloud.rpmsave/agent/agent.properties.rpmsave
fi
+# if saved uefi.properties from upgrade exist, copy them over
+if [ -f "%{_sysconfdir}/cloud.rpmsave/agent/uefi.properties" ]; then
+ mv %{_sysconfdir}/%{name}/agent/uefi.properties
%{_sysconfdir}/%{name}/agent/uefi.properties.rpmnew
+ cp -p %{_sysconfdir}/cloud.rpmsave/agent/uefi.properties
%{_sysconfdir}/%{name}/agent
+ # make sure we only do this on the first install of this RPM, don't want
to overwrite on a reinstall
+ mv %{_sysconfdir}/cloud.rpmsave/agent/uefi.properties
%{_sysconfdir}/cloud.rpmsave/agent/uefi.properties.rpmsave
+fi
+
systemctl daemon-reload
# Print help message
diff --git a/packaging/el8/replace.properties b/packaging/el8/replace.properties
index a6094b59c73..a5afab94ff2 100644
--- a/packaging/el8/replace.properties
+++ b/packaging/el8/replace.properties
@@ -58,3 +58,8 @@ USAGECLASSPATH=
USAGELOG=/var/log/cloudstack/usage/usage.log
USAGESYSCONFDIR=/etc/sysconfig
EXTENSIONSDEPLOYMENTMODE=production
+GUESTNVRAMTEMPLATELEGACY=/usr/share/edk2/ovmf/OVMF_VARS.fd
+GUESTLOADERLEGACY=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd
+GUESTNVRAMTEMPLATESECURE=/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd
+GUESTLOADERSECURE=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd
+GUESTNVRAMPATH=/var/lib/libvirt/qemu/nvram/
diff --git a/pom.xml b/pom.xml
index cc2cb759b1c..97d0d2645da 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1038,15 +1038,19 @@
<exclude>dist/console-proxy/js/jquery.js</exclude>
<exclude>engine/schema/dist/**</exclude>
<exclude>plugins/hypervisors/hyperv/conf/agent.properties</exclude>
+
<exclude>plugins/hypervisors/hyperv/conf/uefi.properties</exclude>
<exclude>plugins/hypervisors/hyperv/DotNet/ServerResource/**</exclude>
<exclude>scripts/installer/windows/acs_license.rtf</exclude>
<exclude>scripts/vm/systemvm/id_rsa.cloud</exclude>
<exclude>services/console-proxy/server/conf/agent.properties</exclude>
+
<exclude>services/console-proxy/server/conf/uefi.properties</exclude>
<exclude>services/console-proxy/server/conf/environment.properties</exclude>
<exclude>services/console-proxy/server/js/jquery.js</exclude>
<exclude>services/secondary-storage/conf/agent.properties</exclude>
+
<exclude>services/secondary-storage/conf/uefi.properties</exclude>
<exclude>services/secondary-storage/conf/environment.properties</exclude>
<exclude>systemvm/agent/conf/agent.properties</exclude>
+
<exclude>systemvm/agent/conf/uefi.properties</exclude>
<exclude>systemvm/agent/conf/environment.properties</exclude>
<exclude>systemvm/agent/js/jquery.js</exclude>
<exclude>systemvm/agent/js/jquery.flot.navigate.js</exclude>
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
index 3f811c152f0..9e8fdb60694 100644
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -1410,7 +1410,7 @@ public class ManagementServerImpl extends ManagerBase
implements ManagementServe
if (vmInstanceDetailVO != null &&
(ApiConstants.BootMode.LEGACY.toString().equalsIgnoreCase(vmInstanceDetailVO.getValue())
||
ApiConstants.BootMode.SECURE.toString().equalsIgnoreCase(vmInstanceDetailVO.getValue())))
{
- logger.info(" Live Migration of UEFI enabled VM : " +
vm.getInstanceName() + " is not supported");
+ logger.debug("{} VM is UEFI enabled, Checking for other UEFI
enabled hosts as it can be live migrated to UEFI enabled host only.",
vm.getInstanceName());
if (CollectionUtils.isEmpty(filteredHosts)) {
filteredHosts = new ArrayList<>(allHosts);
}
@@ -1420,6 +1420,9 @@ public class ManagementServerImpl extends ManagerBase
implements ManagementServe
return new Pair<>(false, null);
}
filteredHosts.removeIf(host ->
!uefiEnabledHosts.contains(host.getId()));
+ if (filteredHosts.isEmpty()) {
+ logger.warn("No UEFI enabled hosts are available for the live
migration of VM {}", vm.getInstanceName());
+ }
return new Pair<>(!filteredHosts.isEmpty(), filteredHosts);
}
return new Pair<>(true, filteredHosts);
diff --git a/systemvm/systemvm-agent-descriptor.xml
b/systemvm/systemvm-agent-descriptor.xml
index 8cf40a16276..1d6e338eb23 100644
--- a/systemvm/systemvm-agent-descriptor.xml
+++ b/systemvm/systemvm-agent-descriptor.xml
@@ -60,6 +60,7 @@
<include>log4j-cloud.xml</include>
<include>consoleproxy.properties</include>
<include>agent.properties</include>
+ <include>uefi.properties</include>
</includes>
</fileSet>
<fileSet>
