packer-maas icon indicating copy to clipboard operation
packer-maas copied to clipboard
verified publisher icon canonical

Packer Rocky 9 image deploys but fails to boot - Blue Screen Could not install security protocol

Open sho1sho1sho1 opened this issue 3 years ago • 5 comments

I am new to Maas Custom Images. I followed the Maas custom image guide using the Rocky 9 packer template and created a Rocky 9 custom image. I see the baremetal machine deploys, but after first reboot, it gets a blue screen error "Could not install security protocol: (0x2) Invalid Parameter."

Is this a bug? Or did I miss a step in creating the Rocky 9 custom image?

sho1sho1sho1 avatar Apr 08 '23 03:04 sho1sho1sho1

I did more testing and it looks like when MAAS tries to chainload the bootloader, it looks for /efi/ubuntu, /efi/centos, /efi/redhat, /efi/rhel, /efi/red, /efi/Microsoft. On the custom Rocky9 image, the directory is /boot/efi/EFI/rocky which does not match any of the default MAAS fallback.

I added "cp -vr /boot/efi/EFI/rocky /boot/efi/EFI/rhel" to the post installation section in the rock.ks and the custom image is able to boot and successfully deploy.

I am not sure if this is a valid workaround or if there's anything else that I am missing. Any comment or suggestion would be truly appreciated.

%post --erroronfail
# workaround anaconda requirements and clear root password
passwd -d root
passwd -l root

# Clean up install config not applicable to deployed environments.
for f in resolv.conf fstab; do
    rm -f /etc/$f
    touch /etc/$f
    chown root:root /etc/$f
    chmod 644 /etc/$f
done

rm -f /etc/sysconfig/network-scripts/ifcfg-[^lo]*

# Kickstart copies install boot options. Serial is turned on for logging with
# Packer which disables console output. Disable it so console output is shown
# during deployments
sed -i 's/^GRUB_TERMINAL=.*/GRUB_TERMINAL_OUTPUT="console"/g' /etc/default/grub
sed -i '/GRUB_SERIAL_COMMAND="serial"/d' /etc/default/grub
sed -ri 's/(GRUB_CMDLINE_LINUX=".*)\s+console=ttyS0(.*")/\1\2/' /etc/default/grub

yum clean all

# Passwordless sudo for the user 'rocky'
echo "rocky ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/rocky
chmod 440 /etc/sudoers.d/rocky

cp -vr /boot/efi/EFI/rocky /boot/efi/EFI/rhel

#---- Optional - Install your SSH key ----
# mkdir -m0700 /home/rocky/.ssh/
#
# cat <<EOF >/home/rocky/.ssh/authorized_keys
# ssh-rsa <your_public_key_here> [email protected]
# EOF
#
### set permissions
# chmod 0600 /home/rocky/.ssh/authorized_keys
#
#### fix up selinux context
# restorecon -R /home/rocky/.ssh/

%end

sho1sho1sho1 avatar Apr 10 '23 15:04 sho1sho1sho1

Hey @sho1sho1sho1, could you create a PR for your fix?

SK1Y101 avatar Aug 21 '23 16:08 SK1Y101

Hi,

I had the same issue on rocky8 and tried to apply your proposed fix by adding the line cp -vr /boot/efi/EFI/rocky /boot/efi/EFI/rhel to the http/rocky.ks.in %post section but it didn't work. I get the blue screen nevertheless:

image

BR

joaofeteira avatar Dec 15 '23 16:12 joaofeteira

Is this with grub, or with iPXE? There's a known issue with iPXE that breaks nested boot setup: https://github.com/rhboot/shim/issues/549

jurekh avatar Aug 08 '24 07:08 jurekh