[lxc-devel] [lxd/master] lxd/vm: Make OVMF path configurable
stgraber on Github
lxc-bot at linuxcontainers.org
Tue Nov 19 03:44:42 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191118/42a99779/attachment.bin>
-------------- next part --------------
From 17ae468f373961681efec373745a97227e8fe12e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 18 Nov 2019 22:43:36 -0500
Subject: [PATCH] lxd/vm: Make OVMF path configurable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/environment.md | 1 +
lxd/vm_qemu.go | 14 +++++++++++---
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/doc/environment.md b/doc/environment.md
index 8269d2b434..2925711467 100644
--- a/doc/environment.md
+++ b/doc/environment.md
@@ -27,3 +27,4 @@ Name | Description
`LXD_LXC_TEMPLATE_CONFIG` | Path to the LXC template configuration directory
`LXD_SECURITY_APPARMOR` | If set to `false`, forces AppArmor off
`LXD_UNPRIVILEGED_ONLY` | If set to `true`, enforces that only unprivileged containers can be created. Note that any privileged containers that have been created before setting LXD_UNPRIVILEGED_ONLY will continue to be privileged. To use this option effectively it should be set when the LXD daemon is first setup.
+`LXD_OVMF_PATH` | Path to an OVMF build including `OVMF_CODE.fd` and `OVMF_VARS.ms.fd`
diff --git a/lxd/vm_qemu.go b/lxd/vm_qemu.go
index 8d41c72629..3b99e0f170 100644
--- a/lxd/vm_qemu.go
+++ b/lxd/vm_qemu.go
@@ -392,6 +392,14 @@ func (vm *vmQemu) Shutdown(timeout time.Duration) error {
return nil
}
+func (vm *vmQemu) ovmfPath() string {
+ if os.Getenv("LXD_OVMF_PATH") != "" {
+ return os.Getenv("LXD_OVMF_PATH")
+ }
+
+ return "/usr/share/OVMF"
+}
+
func (vm *vmQemu) Start(stateful bool) error {
// Ensure the correct vhost_vsock kernel module is loaded before establishing the vsock.
err := util.LoadModule("vhost_vsock")
@@ -433,7 +441,7 @@ func (vm *vmQemu) Start(stateful bool) error {
// Copy OVMF settings firmware to nvram file.
// This firmware file can be modified by the VM so it must be copied from the defaults.
if !shared.PathExists(vm.getNvramPath()) {
- srcOvmfFile := "/usr/share/OVMF/OVMF_VARS.ms.fd"
+ srcOvmfFile := filepath.Join(vm.ovmfPath(), "OVMF_VARS.ms.fd")
if !shared.PathExists(srcOvmfFile) {
return fmt.Errorf("Required secure boot EFI firmware settings file missing: %s", srcOvmfFile)
}
@@ -1024,7 +1032,7 @@ func (vm *vmQemu) addFirmwareConfig(sb *strings.Builder) {
sb.WriteString(fmt.Sprintf(`
# Firmware (read only)
[drive]
-file = "/usr/share/OVMF/OVMF_CODE.fd"
+file = "%s"
if = "pflash"
format = "raw"
unit = "0"
@@ -1036,7 +1044,7 @@ file = "%s"
if = "pflash"
format = "raw"
unit = "1"
-`, nvramPath))
+`, filepath.Join(vm.ovmfPath(), "OVMF_CODE.fd"), nvramPath))
return
}
More information about the lxc-devel
mailing list