Reviewed: https://review.opendev.org/348394 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=363710b655434a15b6b85d9ca65343210b104e56 Submitter: Zuul Branch: master
commit 363710b655434a15b6b85d9ca65343210b104e56 Author: Dirk Mueller <[email protected]> Date: Thu Jul 28 16:39:19 2016 +0200 libvirt: Handle alternative UEFI firmware binary paths The OVMF binary paths differ based on the Linux distribution: - Debian and Ubuntu: - /usr/share/OVMF/OVMF_CODE.fd - Fedora: - /usr/share/edk2/ovmf/OVMF_CODE.fd (`symlink`s to /usr/share/OVMF/OVMF_CODE.fd) - /usr/share/edk2/ovmf/OVMF_CODE.secboot.fd (`symlink`s to /usr/share/OVMF/OVMF_CODE.secboot.fd) - CentOS and RHEL: - /usr/share/OVMF/OVMF_CODE.secboot.fd - SUSE: - /usr/share/qemu/ovmf-x86_64-opensuse-code.bin Currently, Nova only checks for one location OVMF_CODE.fd. Let's also check for the other two common distributions, SUSE and CentOS OVMF binary paths. This is a short-term solution to fix two bugs. In the long run: - We will get rid of the "DEFAULT_UEFI_LOADER_PATH", which is used to probe for firmware file paths. Instead, we'll use the more robust approach of the recently introduced[1] get_domain_capabilities()[1] to query for the firmware binary paths (as reported in the 'loader' attribute). - Use libvirt's (>=5.3) firmware auto-selection feature. Which is a more robust way to decide UEFI boot (secure or otherwise). More details of it in the spec here[2]. [1] https://opendev.org/openstack/nova/commit/297f3ba687 -- Add infrastructure for invoking libvirt's getDomainCapabilities API [2] http://specs.openstack.org/openstack/nova-specs/specs/train/approved/allow-secure-boot-for-qemu-kvm-guests.html Co-Authored-By: Kashyap Chamarthy <[email protected]> Closes-Bug: 1607400 Closes-Bug: 1825386 blueprint: allow-secure-boot-for-qemu-kvm-guests Signed-off-by: Kashyap Chamarthy <[email protected]> Change-Id: I28afdb09d300be39981606d5234fd837ea738e1d ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1825386 Title: Nova is looking for OVMF file no longer provided by CentOS 7.6 Status in OpenStack Compute (nova): Fix Released Status in openstack-ansible: Fix Released Bug description: In nova/virt/libvirt/driver.py the code looks for a hardcoded path "/usr/share/OVMF/OVMF_CODE.fd". It appears that centos 7.6 has modified the OVMF-20180508-3 rpm to no longer contain this file. Instead it now seems to be named /usr/share/OVMF/OVMF_CODE.secboot.fd This will break the ability to boot guests using UEFI. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1825386/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
