Spent some additional time digging into this and we discovered an issue specific to the VM we were migrating. Restarting and attempting to go into safe mode failed on the first try, but worked on the second try. Thank you to everyone for the assistance and ideas. We learn a little more each day. :)
On Mon, Mar 31, 2025 at 11:26 PM Nux <n...@li.nux.ro> wrote: > Do a 'virsh dumpxml $vmname' on both Cloudstack and vanilla libvirt > hypervisor and note the differences. > > > > On 31 March 2025 18:30:24 WEST, "S.Fuller" <steveful...@gmail.com> wrote: > >> Some sort of progress. >> >> - Restored the backup to a VMware cluster and made sure it worked. >> - Exported that as an OVA and manually converted using virt-v2v. The VM >> booted as expected on the system I used to perform the export, running just >> libvirt and qemu-kvm >> - Took that QCOW file, uploaded as a template to my cluster. Deployed a >> VM from that template. Back to only booting to the recovery console. >> - Verified that libvirt, qemu-kvm and edk2 packages are the same >> >> I did do some additional backup / restore testing that leads me to >> believe that we have an issue that is specific to this VM. Curious. :) >> >> Steve >> >> On Wed, Mar 26, 2025 at 6:36 PM Nux <n...@li.nux.ro> wrote: >> >>> Hello, >>> >>> Ah, when restoring backups from VMWare.. Ok, this kind of makes sense, >>> although I do not know exactly what is going on. >>> so I think there could be a mismatch between VMWare UEFI implementation >>> and/or secure boot keys and KVM's. That's a possible topic you could >>> follow further. >>> Additionally, I would also try to import the VM straight from VMWare >>> using CloudStack's import tool. >>> If you are not using a CloudStack version that has that you can try to >>> convert VMWare VMs manually by means of virt-v2v (which is also what >>> CloudStack uses btw). >>> >>> HTH >>> >>> On 2025-03-26 19:22, S.Fuller wrote: >>> > Currently using Rocky Linux 8 >>> > >>> > guest.nvram.template.secure=/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd >>> > guest.nvram.template.legacy=/usr/share/edk2/ovmf/OVMF_VARS.fd >>> > guest.loader.secure=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd >>> > guest.loader.legacy=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd >>> > guest.nvram.path=/var/lib/libvirt/qemu/nvram/ >>> > >>> > We are not having any issues deploying new VMs via the API or UEFI >>> > enabled >>> > templates. Only when restoring backups from VMware based VMs into our >>> > system. >>> > >>> > On Wed, Mar 26, 2025 at 9:45 AM Nux <n...@li.nux.ro> wrote: >>> > >>> >> What Linux distro are you using and can you share your >>> >> agent.properties, >>> >> particularly the UEFI lines? >>> >> >>> >> For reference, on EL it should look something like this (make sure the >>> >> files exist!) >>> >> >>> >> guest.nvram.template.secure=/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd >>> >> guest.nvram.template.legacy=/usr/share/edk2/ovmf/OVMF_VARS.fd >>> >> guest.nvram.path=/var/lib/libvirt/qemu/nvram/ >>> >> guest.loader.secure=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd >>> >> guest.loader.legacy=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd >>> >> >>> >> On Debian/Ubuntu: >>> >> >>> >> guest.nvram.template.secure=/usr/share/OVMF/OVMF_VARS_4M.ms.fd >>> >> guest.nvram.template.legacy=/usr/share/OVMF/OVMF_VARS_4M.fd >>> >> guest.nvram.path=/var/lib/libvirt/qemu/nvram/ >>> >> guest.loader.secure=/usr/share/OVMF/OVMF_CODE_4M.secboot.fd >>> >> guest.loader.legacy=/usr/share/OVMF/OVMF_CODE_4M.fd >>> >> >>> >> AFAIK Windows Server does not require a TPM btw. >>> >> >>> >> >>> >> On 2025-03-26 14:09, S.Fuller wrote: >>> >> > Wei, >>> >> > >>> >> > Thanks for the reply. In this particular case, we have added that >>> >> > setting, >>> >> > along with the extraconfig settings for the tpm device and back >>> end. In >>> >> > this case, it's a Windows server, and while it will boot to recovery >>> >> > mode, >>> >> > it will not boot to the OS. I'm trying to figure out if there may be >>> >> > something we're missing in our restore process, or something other >>> >> > steps >>> >> > that we may need to follow to get this to work. >>> >> > >>> >> > - Steve >>> >> > >>> >> > On Wed, Mar 26, 2025 at 8:18 AM Wei ZHOU <ustcweiz...@gmail.com> >>> wrote: >>> >> > >>> >> >> Hi, >>> >> >> >>> >> >> You can stop the VM, add a vm setting UEFI=SECURE, then start the >>> vm >>> >> >> >>> >> >> >>> >> >> -Wei >>> >> >> >>> >> >> On Wed, Mar 26, 2025 at 1:00 PM S.Fuller <steveful...@gmail.com> >>> >> >> wrote: >>> >> >> >>> >> >> > Is there anything to look out for or a process to follow when >>> >> migrating >>> >> >> > Secure boot VMs from other platforms to cloudstack? Having no >>> issues >>> >> >> > starting up new VMs within my environment, but for VMs moved from >>> >> other >>> >> >> > systems they start, but in the case of WIndows VMs, they fail to >>> boot >>> >> and >>> >> >> > then end up booting into the recovery system. >>> >> >> > >>> >> >> > -- >>> >> >> > Steve Fuller >>> >> >> > steveful...@gmail.com >>> >> >> > >>> >> >> >>> >> >>> >> >> >> -- Steve Fuller steveful...@gmail.com
