Problems with iPXE pxe-virtio.rom and https

[phenomax]

Hi,

following this script https://gist.github.com/papamoose/e0b18d002f8686aaf767 and defining DOWNLOAD_PROTO_HTTPS in the general.h, I've update my proxmox installation's pxe-virtio.rom.

I am passing the following .ipxe file to my KVM via dhcp:

#!ipxe


set base-url http://ftp.de.debian.org/debian/dists/stretch


kernel ${base-url}/main/installer-amd64/current/images/netboot/debian-installer/amd64/linux initrd=initrd.gz

initrd ${base-url}/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz

initrd https://pxeboot.myhost.net/preseed.cfg

boot

Here is my issue: iPXE keeps telling me http://ipxe.org/err/3c0920, as long as i don't change my initrd url to http. Can someone tell me, if I configured/replaced the virtio rom correctly?

Thanks in advance

Max

 

[Alwin]

Is the HTTPS protocol shown in the iPXE boot banner? If not, did the build produce a new binary?

 

[phenomax]

Sadly, HTTPS does not show up. Do I have to reload any proxmox daemon for the rom changes to take effect?

 

[Alwin]

Did you stop the VM and start it again?

 

[phenomax]

Yes. I've even created a new VM

 

[Alwin]

Did it produce a new binary after the compile and are you using the latest version?

 

[phenomax]

Following this script, I've cloned the current git and built fresh roms:

# clone iPXE
git clone git://git.ipxe.org/ipxe.git
cd ipxe/src

# define DOWNLOAD_PROTO_HTTPS in config/general.h

# build ipxe rom
make bin/8086100e.rom    # e1000
make bin/virtio-net.rom  # virtio
make bin/10ec8139.rom    # rtl8139

# now copy into /usr/share/kvm. Backup the old copies first.
cp bin/8086100e.rom /usr/share/kvm/pxe-e1000.rom
cp bin/virtio-net.rom /usr/share/kvm/pxe-virtio.rom
cp bin/10ec8139.rom /usr/share/kvm/pxe-rtl8139.rom

 

[phenomax]

I've just checked, that enabling https does change the pxe-virtio.rom filesize (as expected), which means that proxmox is not using the new rom at all.

KVM config

bootdisk: scsi0
cores: 1
ide2: none,media=cdrom
memory: 512
name: 545323
net0: virtio=66:80:D0:88:D9:4E,bridge=vmbr0,firewall=1
numa: 0
ostype: l26
scsi0: local:114/vm-114-disk-0.qcow2,size=32G
scsihw: virtio-scsi-pci
smbios1: uuid=88e35871-81a0-488f-a357-aa8f0a356aab
sockets: 1
vmgenid: 95f00d21-054a-43c0-8dd1-d80d6d222532

pveversion

proxmox-ve: 5.4-2 (running kernel: 4.15.18-14-pve)
pve-manager: 5.4-13 (running version: 5.4-13/aee6f0ec)
pve-kernel-4.15: 5.4-8
pve-kernel-4.15.18-20-pve: 4.15.18-46
pve-kernel-4.15.18-14-pve: 4.15.18-39
corosync: 2.4.4-pve1
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: not correctly installed
libjs-extjs: 6.0.1-2
libpve-access-control: 5.1-12
libpve-apiclient-perl: 2.0-5
libpve-common-perl: 5.0-54
libpve-guest-common-perl: 2.0-20
libpve-http-server-perl: 2.0-14
libpve-storage-perl: 5.0-44
libqb0: 1.0.3-1~bpo9
lvm2: 2.02.168-pve6
lxc-pve: 3.1.0-6
lxcfs: 3.0.3-pve1
novnc-pve: 1.0.0-3
proxmox-widget-toolkit: 1.0-28
pve-cluster: 5.0-38
pve-container: 2.0-40
pve-docs: 5.4-2
pve-edk2-firmware: 1.20190312-1
pve-firewall: 3.0-22
pve-firmware: 2.0-7
pve-ha-manager: 2.0-9
pve-i18n: 1.1-4
pve-libspice-server1: 0.14.1-2
pve-qemu-kvm: 3.0.1-4
pve-xtermjs: 3.12.0-1
qemu-server: 5.0-54
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3

 

[Alwin]

The vmid.conf misses the 'machine: pc.pxe' type to start with the rom file. You can see with the qm showcmd <vmid> --pretty that it has added the romfile.

 

[phenomax]

Which pc.pxe file are you referring to?

 

[Alwin]

The vmid.conf misses the 'machine: pc.pxe' type to start with the rom file.

/etc/pve/qemu-server/114.conf, add it to the config.

 

[phenomax]

Did that and VM does not boot iPXE. What's the pc.pxe file?

 

[Alwin]

Did that and VM does not boot iPXE. What's the pc.pxe file?

It's not a file, it's a config setting. Run qm set 114 -machine pc-i440fx-4.0.pxe and you will see what I mean.

Spoiler: kvm -machine help

#~: kvm -machine help
Supported machines are:
pc Standard PC (i440FX + PIIX, 1996) (alias of pc-i440fx-4.0)
pc-i440fx-4.0 Standard PC (i440FX + PIIX, 1996) (default)
pc-i440fx-3.1 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-3.0 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.9 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.8 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.7 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.6 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.5 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.4 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.3 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.2 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.12 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.11 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.10 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.1 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.0 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.7 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.6 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.5 Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.4 Standard PC (i440FX + PIIX, 1996)
pc-1.3 Standard PC (i440FX + PIIX, 1996)
pc-1.2 Standard PC (i440FX + PIIX, 1996)
pc-1.1 Standard PC (i440FX + PIIX, 1996)
pc-1.0 Standard PC (i440FX + PIIX, 1996)
pc-0.15 Standard PC (i440FX + PIIX, 1996) (deprecated)
pc-0.14 Standard PC (i440FX + PIIX, 1996) (deprecated)
pc-0.13 Standard PC (i440FX + PIIX, 1996) (deprecated)
pc-0.12 Standard PC (i440FX + PIIX, 1996) (deprecated)
q35 Standard PC (Q35 + ICH9, 2009) (alias of pc-q35-4.0)
pc-q35-4.0 Standard PC (Q35 + ICH9, 2009)
pc-q35-3.1 Standard PC (Q35 + ICH9, 2009)
pc-q35-3.0 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.9 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.8 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.7 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.6 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.5 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.4 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.12 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.11 Standard PC (Q35 + ICH9, 2009)
pc-q35-2.10 Standard PC (Q35 + ICH9, 2009)
isapc ISA-only PC
none empty machine

Though remember, the regex in our code doesn't allow all of them to be set.

qm help set
  -machine 
         (pc|pc(-i440fx)?-\d+\.\d+(\.pxe)?|q35|pc-q35-\d+\.\d+(\.pxe)?|
         virt(?:-\d+\.\d+)?)

 

[phenomax]

I ran qm set 114 -machine pc-i440fx-3.0.pxe, because pc-1440fx-4.0 is not present on my installation:

# kvm -machine help
Supported machines are:
pc                   Standard PC (i440FX + PIIX, 1996) (alias of pc-i440fx-3.0)
pc-i440fx-3.0        Standard PC (i440FX + PIIX, 1996) (default)
pc-i440fx-2.9        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.8        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.7        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.6        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.5        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.4        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.3        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.2        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.12       Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.11       Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.10       Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.1        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-2.0        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.7        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.6        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.5        Standard PC (i440FX + PIIX, 1996)
pc-i440fx-1.4        Standard PC (i440FX + PIIX, 1996)
pc-1.3               Standard PC (i440FX + PIIX, 1996)
pc-1.2               Standard PC (i440FX + PIIX, 1996)
pc-1.1               Standard PC (i440FX + PIIX, 1996)
pc-1.0               Standard PC (i440FX + PIIX, 1996)
pc-0.15              Standard PC (i440FX + PIIX, 1996)
pc-0.14              Standard PC (i440FX + PIIX, 1996)
pc-0.13              Standard PC (i440FX + PIIX, 1996)
pc-0.12              Standard PC (i440FX + PIIX, 1996)
pc-0.11              Standard PC (i440FX + PIIX, 1996) (deprecated)
pc-0.10              Standard PC (i440FX + PIIX, 1996) (deprecated)
q35                  Standard PC (Q35 + ICH9, 2009) (alias of pc-q35-3.0)
pc-q35-3.0           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.9           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.8           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.7           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.6           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.5           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.4           Standard PC (Q35 + ICH9, 2009)
pc-q35-2.12          Standard PC (Q35 + ICH9, 2009)
pc-q35-2.11          Standard PC (Q35 + ICH9, 2009)
pc-q35-2.10          Standard PC (Q35 + ICH9, 2009)
isapc                ISA-only PC
none                 empty machine

Is the v4 only a Proxmox v6.x thing?

 

[Alwin]

Is the v4 only a Proxmox v6.x thing?

Yes, in PVE 6.x there is a new kvm-qemu.

 

[phenomax]

Any chance to get the iPXE rom running on my current v5.4?

 

[Alwin]

Any chance to get the iPXE rom running on my current v5.4?

What's the error message?

 

[phenomax]

Please see the screenshot in post #14

 

[Alwin]

Please see the screenshot in post #14

That's not an error, the boot order needs to have the network selected to load the rom file.

 

[phenomax]

Hi,
I adjusted the boot order to #1 network booting, yet the #14 scenario occurs (does not boot at all).
However without setting qm set 114 -machine pc-i440fx-3.0.pxe iPXE boots without HTTPS support (I suppose my custom ROM is not loaded)