qemu: Create OVMF vars copy in instance dir

and cleanup on shutdown. Signed-off-by: Jeremi Piotrowski <[email protected]>
flatcar · Sep 6, 2024 · be81954 · be81954
1 parent dbe965b
commit be81954
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 32 deletions.
diff --git a/platform/machine/qemu/cluster.go b/platform/machine/qemu/cluster.go
@@ -17,6 +17,7 @@ package qemu
 import (
 	"fmt"
 	"os"
+	"path"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -137,11 +138,22 @@ ExecStartPost=/usr/bin/ln -fs /run/metadata/flatcar /run/metadata/coreos
 	if err != nil {
 		return nil, fmt.Errorf("failed to canonicalize firmware path: %v", err)
 	}
-	ovmfVars, err := filepath.Abs(qc.flight.opts.OVMFVars)
-	if err != nil {
-		return nil, fmt.Errorf("failed to canonicalize ovmf vars path: %v", err)
+	ovmfVars := ""
+	if qc.flight.opts.OVMFVars != "" {
+		plog.Warningf("before create")
+		ovmfVars, err = platform.CreateOvmfVarsCopy(qm.subDir, qc.flight.opts.OVMFVars)
+		if err != nil {
+			return nil, err
+		}
+		defer func() {
+			if ovmfVars != "" {
+				plog.Warningf("deleting")
+				os.Remove(ovmfVars)
+			}
+		}()
 	}
-	qmCmd, extraFiles, err := platform.CreateQEMUCommand(qc.flight.opts.Board, qm.id, firmware, ovmfVars, qm.consolePath, confPath, qc.flight.diskImagePath, qc.flight.opts.EnableSecureboot, conf.IsIgnition(), options)
+
+	qmCmd, extraFiles, err := platform.CreateQEMUCommand(qc.flight.opts.Board, qm.id, firmware, path.Base(ovmfVars), qm.consolePath, confPath, qc.flight.diskImagePath, qc.flight.opts.EnableSecureboot, conf.IsIgnition(), options)
 	if err != nil {
 		return nil, err
 	}
@@ -185,7 +197,7 @@ ExecStartPost=/usr/bin/ln -fs /run/metadata/flatcar /run/metadata/coreos
 
 	// from this point on Destroy() is responsible for cleaning up swtpm
 	qm.swtpm, swtpm = swtpm, nil
-
+	qm.ovmfVars, ovmfVars = ovmfVars, ""
 	plog.Debugf("qemu PID (manual cleanup needed if --remove=false): %v", qm.qemu.Pid())
 
 	if err := platform.StartMachine(qm, qm.journal); err != nil {

diff --git a/platform/machine/qemu/machine.go b/platform/machine/qemu/machine.go
@@ -16,6 +16,7 @@ package qemu
 
 import (
 	"io/ioutil"
+	"os"
 	"path/filepath"
 
 	"golang.org/x/crypto/ssh"
@@ -33,6 +34,7 @@ type machine struct {
 	journal     *platform.Journal
 	consolePath string
 	console     string
+	ovmfVars    string
 	subDir      string
 	swtpm       *local.SoftwareTPM
 }
@@ -76,6 +78,12 @@ func (m *machine) Destroy() {
 	if m.swtpm != nil {
 		m.swtpm.Stop()
 	}
+	if m.ovmfVars != "" {
+		err := os.Remove(m.ovmfVars)
+		if err != nil {
+			plog.Errorf("Error removing OVMF vars: %v", err)
+		}
+	}
 	m.journal.Destroy()
 
 	if buf, err := ioutil.ReadFile(filepath.Join(m.subDir, m.consolePath)); err == nil {

diff --git a/platform/machine/unprivqemu/cluster.go b/platform/machine/unprivqemu/cluster.go
@@ -20,6 +20,7 @@ import (
 	"io/ioutil"
 	"net"
 	"os"
+	"path"
 	"path/filepath"
 	"regexp"
 	"strconv"
@@ -143,17 +144,26 @@ LinkLocalAddressing=no
 			}
 		}()
 	}
+
+	ovmfVars := ""
+	if qc.flight.opts.OVMFVars != "" {
+		ovmfVars, err = platform.CreateOvmfVarsCopy(qm.subDir, qc.flight.opts.OVMFVars)
+		if err != nil {
+			return nil, err
+		}
+		defer func() {
+			if ovmfVars != "" {
+				os.Remove(ovmfVars)
+			}
+		}()
+	}
 	// This uses path arguments with path values being
 	// relative to the folder created for this machine
 	firmware, err := filepath.Abs(qc.flight.opts.Firmware)
 	if err != nil {
 		return nil, fmt.Errorf("failed to canonicalize firmware path: %v", err)
 	}
-	ovmfVars, err := filepath.Abs(qc.flight.opts.OVMFVars)
-	if err != nil {
-		return nil, fmt.Errorf("failed to canonicalize ovmf vars path: %v", err)
-	}
-	qmCmd, extraFiles, err := platform.CreateQEMUCommand(qc.flight.opts.Board, qm.id, firmware, ovmfVars, qm.consolePath, confPath, qc.flight.diskImagePath, qc.flight.opts.EnableSecureboot, conf.IsIgnition(), options)
+	qmCmd, extraFiles, err := platform.CreateQEMUCommand(qc.flight.opts.Board, qm.id, firmware, path.Base(ovmfVars), qm.consolePath, confPath, qc.flight.diskImagePath, qc.flight.opts.EnableSecureboot, conf.IsIgnition(), options)
 	if err != nil {
 		return nil, err
 	}
@@ -186,6 +196,7 @@ LinkLocalAddressing=no
 
 	// from this point on Destroy() is responsible for cleaning up swtpm
 	qm.swtpm, swtpm = swtpm, nil
+	qm.ovmfVars, ovmfVars = ovmfVars, ""
 	plog.Debugf("qemu PID (manual cleanup needed if --remove=false): %v", qm.qemu.Pid())
 
 	pid := strconv.Itoa(qm.qemu.Pid())

diff --git a/platform/machine/unprivqemu/machine.go b/platform/machine/unprivqemu/machine.go
@@ -16,6 +16,7 @@ package unprivqemu
 
 import (
 	"io/ioutil"
+	"os"
 	"path/filepath"
 
 	"golang.org/x/crypto/ssh"
@@ -32,6 +33,7 @@ type machine struct {
 	journal     *platform.Journal
 	consolePath string
 	console     string
+	ovmfVars    string
 	subDir      string
 	swtpm       *local.SoftwareTPM
 	ip          string
@@ -78,6 +80,12 @@ func (m *machine) Destroy() {
 	if m.swtpm != nil {
 		m.swtpm.Stop()
 	}
+	if m.ovmfVars != "" {
+		err := os.Remove(m.ovmfVars)
+		if err != nil {
+			plog.Errorf("Error removing OVMF vars: %v", err)
+		}
+	}
 	m.journal.Destroy()
 
 	if buf, err := ioutil.ReadFile(filepath.Join(m.subDir, m.consolePath)); err == nil {

diff --git a/platform/qemu.go b/platform/qemu.go
@@ -21,6 +21,7 @@ import (
 	"io/ioutil"
 	"os"
 	origExec "os/exec"
+	"path"
 	"path/filepath"
 	"regexp"
 	"runtime"
@@ -295,6 +296,27 @@ func mkpath(basedir string) (string, error) {
 	return f.Name(), nil
 }
 
+func CreateOvmfVarsCopy(dir, ovmfVars string) (string, error) {
+	ovmfVarsDst := path.Join(dir, path.Base(ovmfVars))
+	ovmfVarsSrc, err := os.Open(ovmfVars)
+	if err != nil {
+		return "", err
+	}
+	defer ovmfVarsSrc.Close()
+
+	ovmfVarsCopy, err := os.Create(ovmfVarsDst)
+	if err != nil {
+		return "", err
+	}
+	defer ovmfVarsCopy.Close()
+
+	if _, err := io.Copy(ovmfVarsCopy, ovmfVarsSrc); err != nil {
+		os.Remove(ovmfVarsCopy.Name())
+		return "", err
+	}
+	return ovmfVarsDst, nil
+}
+
 func CreateQEMUCommand(board, uuid, firmware, ovmfVars, consolePath, confPath, diskImagePath string, enableSecureboot, isIgnition bool, options MachineOptions) ([]string, []*os.File, error) {
 	var qmCmd []string
 
@@ -366,35 +388,14 @@ func CreateQEMUCommand(board, uuid, firmware, ovmfVars, consolePath, confPath, d
 	}
 
 	if ovmfVars != "" {
-		// Create a copy of the OVMF Vars
-		ovmfVarsSrc, err := os.Open(ovmfVars)
-		if err != nil {
-			return nil, nil, err
-		}
-		defer ovmfVarsSrc.Close()
-
-		ovmfVarsCopy, err := ioutil.TempFile("/var/tmp/", "mantle-qemu")
-		if err != nil {
-			return nil, nil, err
-		}
-
-		if _, err := io.Copy(ovmfVarsCopy, ovmfVarsSrc); err != nil {
-			return nil, nil, err
-		}
-
-		_, err = ovmfVarsCopy.Seek(0, 0)
-		if err != nil {
-			return nil, nil, err
-		}
-
 		if enableSecureboot {
 			qmCmd = append(qmCmd,
 				"-global", "ICH9-LPC.disable_s3=1",
 				"-global", "driver=cfi.pflash01,property=secure,value=on",
 			)
 		}
 		qmCmd = append(qmCmd,
-			"-drive", fmt.Sprintf("if=pflash,unit=1,file=%v,format=raw", ovmfVarsCopy.Name()),
+			"-drive", fmt.Sprintf("if=pflash,unit=1,file=%v,format=raw", ovmfVars),
 		)
 	}