Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs/cosa/run: Add PXE with Shim and UEFI Secure Boot example #3806

Merged
merged 1 commit into from
May 22, 2024

Conversation

travier
Copy link
Member

@travier travier commented May 16, 2024

Fixes: #3804

@travier travier force-pushed the docs-pxe-eufi-secure-boot branch 2 times, most recently from 2bf428c to 5de93ac Compare May 16, 2024 10:10
jbtrystram
jbtrystram previously approved these changes May 16, 2024
Copy link
Contributor

@jbtrystram jbtrystram left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small typo otherwise LGTM
I did not replicate though

docs/cosa/run.md Outdated Show resolved Hide resolved
Copy link
Member

@jlebon jlebon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Thanks for looking at this.

docs/cosa/run.md Outdated

1. Download a kernel, initramfs, rootfs and shim binary
2. Combine initramfs + roots into a single file: `cat kernel.img initramfs.img > combined.img`
3. Create an empty disk image (bug in kola): `touch disk.img`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What did you hit?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kola asks for a disk image:

$ cosa run -c --netboot pxe/shimx64.efi -m 4096 --qemu-firmware uefi-secure
COREOS_ASSEMBLER_ADD_CERTS=y
+cosa:16> podman run --rm -ti --security-opt 'label=disable' --privileged '--uidmap=1000:0:1' '--uidmap=0:1:1000' --uidmap 1001:1001:64536 -v /var/home/tim/projects/rhcos.images:/srv/ --device /dev/kvm --device /dev/fuse --tmpfs /tmp -v /var/tmp:/var/tmp '--volume=/etc/pki/ca-trust:/etc/pki/ca-trust:ro' quay.io/coreos-assembler/coreos-assembler:latest run -c --netboot pxe/shimx64.efi -m 4096 --qemu-firmware uefi-secure
Error: No disk image provided
2024-05-16T15:41:40Z cli: No disk image provided

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why, have not dig into this yet

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#3807 thanks to @jbtrystram

docs/cosa/run.md Outdated Show resolved Hide resolved
docs/cosa/run.md Outdated Show resolved Hide resolved
docs/cosa/run.md Outdated Show resolved Hide resolved
docs/cosa/run.md Outdated Show resolved Hide resolved
docs/cosa/run.md Outdated Show resolved Hide resolved
@travier travier force-pushed the docs-pxe-eufi-secure-boot branch 2 times, most recently from f2afb02 to c242445 Compare May 16, 2024 16:03
jlebon
jlebon previously approved these changes May 16, 2024
docs/cosa/run.md Outdated
1. Download a kernel, initramfs, rootfs, shim and GRUB binary
3. Create an empty disk image (bug in kola): `touch disk.img`
4. Setup `grub.cfg`
5. Netboot the result. Be patient as TFTP is slow.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
5. Netboot the result. Be patient as TFTP is slow.
5. Netboot the result. Be patient as TFTP is slow. Alternatively, use `coreos.live.rootfs_url` to fetch the rootfs over HTTP (see previous example) and remove it from the `initrd` line below.

I guess I should've mentioned that kola http-server is a thing in these instructions.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I didn't know that existed :). Will take a look.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jlebon for the pointer,

  • run cosa shell, then run kola http-server to start http server.
  • run podman exec -it cosa bash, then run command using coreos.live.rootfs_url=http://10.0.2.2:8000/live-rootfs.x86_64.img works.

@travier travier force-pushed the docs-pxe-eufi-secure-boot branch from 38b025e to 0b53c4e Compare May 22, 2024 09:01
@travier
Copy link
Member Author

travier commented May 22, 2024

OK, this is now updated with the latest suggestions from #3806 (comment) and this boots quickly!

Copy link
Member

@HuijingHei HuijingHei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

# multiple instances of cosa (see https://coreos.github.io/coreos-assembler/building-fcos/#running-multiple-instances)
$ podman ps | grep quay.io/coreos-assembler/coreos-assembler
7fedc84484a6 quay.io/coreos-assembler/coreos-assembler:latest kola http-server 5 minutes ago Up 5 minutes hopeful_haibt
$ podman exec -ti 7fedc84484a6 bash
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI there is podman exec -l to target the last created container :)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds like a good idea but I'm not fully aware of the semantics thus not confident in replacing those "manual" instructions.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will have to give it a try.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah 100%. Your instructions are safer here. I learned about it recently so I thought I'd share the tip

@travier
Copy link
Member Author

travier commented May 22, 2024

/override rhcos
As this is a docs only PR.

Copy link

openshift-ci bot commented May 22, 2024

@travier: /override requires failed status contexts, check run or a prowjob name to operate on.
The following unknown contexts/checkruns were given:

  • rhcos

Only the following failed contexts/checkruns were expected:

  • ShellCheck
  • ci/prow/rhcos
  • continuous-integration/jenkins/pr-merge
  • golangci-lint

If you are trying to override a checkrun that has a space in it, you must put a double quote on the context.

In response to this:

/override rhcos
As this is a docs only PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@travier
Copy link
Member Author

travier commented May 22, 2024

/override ci/prow/rhcos

Copy link

openshift-ci bot commented May 22, 2024

@travier: Overrode contexts on behalf of travier: ci/prow/rhcos

In response to this:

/override ci/prow/rhcos

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@travier travier merged commit cfb6d37 into coreos:main May 22, 2024
4 checks passed
@travier travier deleted the docs-pxe-eufi-secure-boot branch May 22, 2024 15:49
echo "Loading kernel"
linux /rhcos-4.14.0-x86_64-live-kernel-x86_64 ignition.firstboot ignition.platform.id=metal console=ttyS0 coreos.live.rootfs_url=http://10.0.2.2:8000/pxe/rhcos-4.14.0-x86_64-live-rootfs.x86_64.img ignition.config.url=http://10.0.2.2:8000/pxe/config.ign
echo "Loading initrd"
initrd rhcos-4.14.0-x86_64-live-initramfs.x86_64.img rhcos-4.14.0-x86_64-live-rootfs.x86_64.img
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should only list the initramfs here now that we're serving the rootfs over HTTP.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah good point. I'll make a followup

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

travier added a commit to travier/coreos-assembler that referenced this pull request May 23, 2024
See: coreos#3806 (comment)
Fixes: 0b53c4e docs/cosa/run: Add PXE with Shim and UEFI Secure Boot example
travier added a commit to travier/coreos-assembler that referenced this pull request May 23, 2024
See: coreos#3806 (comment)
Fixes: 0b53c4e docs/cosa/run: Add PXE with Shim and UEFI Secure Boot example
jlebon pushed a commit that referenced this pull request May 23, 2024
See: #3806 (comment)
Fixes: 0b53c4e docs/cosa/run: Add PXE with Shim and UEFI Secure Boot example
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

kola qemuexec fails on PXE with uefi-secure qemu-firmware
4 participants