iPXE discussion forum / iPXE user forums / General v / Chainloading linux in AWS EC2 HVM

Post Reply 
 
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Chainloading linux in AWS EC2 HVM
2016-01-15, 08:24
Post: #2
mcb30 Offline
Lead Developer
*******
 		Posts: 543
Joined: 2011-Apr
Reputation: 30
RE: Chainloading linux in AWS EC2 HVM
(2016-01-14 21:37)plachance Wrote:  Anyone succeeded to chainload any operating system on AWS EC2 HVM instances?

According to this post, it is not possible because it requires low-level access to hypervisor but there is not much information why. Any developer could comment on limitations with AWS EC2 PV instance?

That post is incorrect. iPXE does (as you discovered) have native support for the Xen netfront NIC as used in EC2 HVM.

There is no support for PV. The netfront NIC is the same, but PV is effectively a different firmware platform: the differences between HVM and PV are similar to the differences between BIOS and UEFI as far as iPXE is concerned. We just don't support PV as a platform.

Quote:To summarize the tests:
1/ compiled latest version of iPXE (ipxe.lkrn) with an embedded script to boot from a network server
2/ created an HVM instance
3/ configured Grub to boot from ipxe.lkrn
4/ created an ipxe script on the network server to control chainloading
5/ reboot the EC2 instance

That's similar to what I've used. The only real difference is that there was no GRUB in my setup (just bin/ipxe.usb written directly to a 1GB EBS root disk).

Also, I usually build bin/ipxe.usb with an embedded script that does:

Code:
#!ipxe
echo Amazon EC2 - iPXE boot via user-data
ifstat ||
dhcp ||
route ||
chain -ar http://169.254.169.254/latest/user-data

This allows me to control the boot process by configuring the EC2 instance "user-data", without needing to rebuild with a new embedded script.

I also tend to enable CONSOLE_SYSLOG and CONSOLE_INT13, both of which are useful for getting hold of output in EC2. (The EC2 "system log" which theoretically shows the serial port output has been unreliable for me.)

Quote:What is working:
- iPXE load and can find network (netfront)
- iPXE can connect to my network server and download various stuff (kernel, initrd, other iPXE scripts, etc.)
- imgtrust compiled and enforcing (chainloading fails as expected if downloaded content signature don't match)
- kernel loads and find initrd
- kernel can find disk device
- kernel *seems* to find a network device but not working

I tried CentOS 7.0, 7.1, 7.2 (and RHEL 7.2), CoreOS, RancherOS but none of them can bring up the network device.

I did encounter some issues with the booted OS correctly initialising the netfront NIC after it had been used by iPXE. This was with older versions of CentOS, where the netfront driver did not gracefully handle finding the NIC in an unexpected state.

You probably need to start hacking the initrd and/or kernel to print out extra debug information about the state of the netfront NIC, to find out what's going wrong in your setup. Unfortunately it's almost impossible to interact with an EC2 VM until the network is up, so you're limited to adding debug prints. (Alternatively, you could try to reproduce the problem in a local Xen instance, where you would have console access.)

Good luck!

Michael
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Chainloading linux in AWS EC2 HVM - mcb30 - 2016-01-15 08:24



User(s) browsing this thread: 2 Guest(s)

Contact Us | iPXE home page | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication