Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packer Rocky 9 image deploys but fails to boot - Blue Screen Could not install security protocol #108

Open
sho1sho1sho1 opened this issue Apr 8, 2023 · 3 comments
Open

Packer Rocky 9 image deploys but fails to boot - Blue Screen Could not install security protocol #108

sho1sho1sho1 opened this issue Apr 8, 2023 · 3 comments
Labels
bug Something isn't working Rocky triaged Triaged to be addressed in a given cycle

Comments

@sho1sho1sho1
Copy link

I am new to Maas Custom Images. I followed the Maas custom image guide using the Rocky 9 packer template and created a Rocky 9 custom image. I see the baremetal machine deploys, but after first reboot, it gets a blue screen error "Could not install security protocol: (0x2) Invalid Parameter."

Is this a bug? Or did I miss a step in creating the Rocky 9 custom image?
@sho1sho1sho1
Copy link
Author

I did more testing and it looks like when MAAS tries to chainload the bootloader, it looks for /efi/ubuntu, /efi/centos, /efi/redhat, /efi/rhel, /efi/red, /efi/Microsoft. On the custom Rocky9 image, the directory is /boot/efi/EFI/rocky which does not match any of the default MAAS fallback.

I added "cp -vr /boot/efi/EFI/rocky /boot/efi/EFI/rhel" to the post installation section in the rock.ks and the custom image is able to boot and successfully deploy.

I am not sure if this is a valid workaround or if there's anything else that I am missing. Any comment or suggestion would be truly appreciated.

%post --erroronfail
# workaround anaconda requirements and clear root password
passwd -d root
passwd -l root

# Clean up install config not applicable to deployed environments.
for f in resolv.conf fstab; do
    rm -f /etc/$f
    touch /etc/$f
    chown root:root /etc/$f
    chmod 644 /etc/$f
done

rm -f /etc/sysconfig/network-scripts/ifcfg-[^lo]*

# Kickstart copies install boot options. Serial is turned on for logging with
# Packer which disables console output. Disable it so console output is shown
# during deployments
sed -i 's/^GRUB_TERMINAL=.*/GRUB_TERMINAL_OUTPUT="console"/g' /etc/default/grub
sed -i '/GRUB_SERIAL_COMMAND="serial"/d' /etc/default/grub
sed -ri 's/(GRUB_CMDLINE_LINUX=".*)\s+console=ttyS0(.*")/\1\2/' /etc/default/grub

yum clean all

# Passwordless sudo for the user 'rocky'
echo "rocky ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/rocky
chmod 440 /etc/sudoers.d/rocky

cp -vr /boot/efi/EFI/rocky /boot/efi/EFI/rhel

#---- Optional - Install your SSH key ----
# mkdir -m0700 /home/rocky/.ssh/
#
# cat <<EOF >/home/rocky/.ssh/authorized_keys
# ssh-rsa <your_public_key_here> you@your.domain
# EOF
#
### set permissions
# chmod 0600 /home/rocky/.ssh/authorized_keys
#
#### fix up selinux context
# restorecon -R /home/rocky/.ssh/

%end

@alexsander-souza alexsander-souza added bug Something isn't working Rocky labels Apr 14, 2023
@SK1Y101
Copy link
Member

SK1Y101 commented Aug 21, 2023

Hey @sho1sho1sho1, could you create a PR for your fix?

@SK1Y101 SK1Y101 added the triaged Triaged to be addressed in a given cycle label Aug 21, 2023
@joaofeteira
Copy link

Hi,

I had the same issue on rocky8 and tried to apply your proposed fix by adding the line cp -vr /boot/efi/EFI/rocky /boot/efi/EFI/rhel to the http/rocky.ks.in %post section but it didn't work.
I get the blue screen nevertheless:

image

BR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Rocky triaged Triaged to be addressed in a given cycle
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@SK1Y101 @sho1sho1sho1 @joaofeteira @alexsander-souza