Re: Error starting any Debian installation (on an AMD SEV enabled KVM)

2021-08-17 Thread Office onFocus
Yes, unfortunately, this is necessary to use SEV. Please take a look at these 
instructions.

https://libvirt.org/kbase/launch_security_sev.html
https://developer.amd.com/sev/

The settings memtune, uefi, iommu are required to use launchSecurity = sev

The use for secured KVM using AMD Secure Encrypted Virtualization (SEV) is 
unfortunately not mentioned in your link.

I showed you how to create a KVM and boot it to an Ubuntu or Centos image. It 
works that way but not with Debian. The question that arises is what is 
different about the other images than Debian Images. If you want I can of 
course also test other OS.

with --location http://deb.debian.org/debian/dists/buster/main/installer-amd64/ 
I cannot boot with sev on 
— this only works without launchSecurity sev

virsh destroy buster-amd64 ; virsh undefine buster-amd64 --nvram
virt-install --virt-type kvm --name buster-amd64 \
--boot uefi \
--location http://deb.debian.org/debian/dists/buster/main/installer-amd64/ \
--network network=ovs-test,model=virtio,driver.iommu=on  \
--os-variant debian10 \
--graphics vnc,keymap=de,password='testing passwd'  \
--video=cirrus  \
--disk size=20 --memory 4096 \
--memtune hard_limit=4563402 \
--launchSecurity sev

Best, Daniel

> There is no need to PM me. I am subscribed to the mailinglist.
> 
> 
> On Tue, Aug 10, 2021 at 02:06:04PM +0200, Office onFocus wrote:
>> these are my iso files:
>> 
> [...]
> 
>> wget 
>> https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.10.0-amd64-netinst.iso
>> wget 
>> https://get.debian.org/cdimage/weekly-builds/amd64/iso-cd/debian-testing-amd64-netinst.iso
>> 
> Those should do.
> 
> [...]
> 
> 
>> 
>> 
>> ## Testing DEBIAN
>> 
>> This Debian 10 test is NOT successful. You can boot the ISO and select any OS
>> from the GRUB menu. For example "Debian Installer". 
>> 
>>  Debian GNU/Linux Live (kernel 4.19.0-17-amd64)
>>  Debian Live with Localisation Support
>>  Graphical Debian Installer
>>  *Debian Installer
>>  Debian Installer with Speech Synthesis
>> 
>> The kernel should be loaded, but the KVM reboots and you are back in the 
>> GRUB menu :( 
>> 
>> 
>> 
>> The KVM creation is identical to Ubuntu except for the iso file and the 
>> os-variant parameter,
>> but the setting of the os-variant parameter has no effect. 
>> 
>> ---
>> root@server:/var/lib/libvirt/images# virsh destroy sev-test; virsh undefine 
>> sev-test --nvram
>> s  \
>> --launchSecurity sev
>> 
>> 
>> Domain 'sev-test' destroyed
>> 
>> Domain 'sev-test' has been undefined
>> 
>> root@server:/var/lib/libvirt/images# rm /var/lib/libvirt/images/sev-test* 
>> /var/lib/libvirt/qemu/nvram/sev-test_VARS.fd
>> rm: cannot remove '/var/lib/libvirt/qemu/nvram/sev-test_VARS.fd': No such 
>> file or directory
>> root@server:/var/lib/libvirt/images# qemu-img create -f qcow2 
>> /var/lib/libvirt/images/sev-test.qcow2 20G
>> Formatting '/var/lib/libvirt/images/sev-test.qcow2', fmt=qcow2 
>> cluster_size=65536 extended_l2=off compression_type=zlib size=21474836480 
>> lazy_refcounts=off refcount_bits=16
>> root@server:/var/lib/libvirt/images#
>> root@server:/var/lib/libvirt/images# virt-install \
>>> --name sev-test \
>>> --memory 4096 \
>>> --memtune hard_limit=4563402 \
>>> --boot uefi \
>>> --disk 
>>> /var/lib/libvirt/images/debian-live-10.10.0-amd64-standard.iso,device=cdrom 
>>> \
>>> --disk /var/lib/libvirt/images/sev-test.qcow2,device=disk,bus=scsi \
>>> --os-type linux \
>>> --os-variant debian10 \
>>> --import \
>>> --controller type=scsi,model=virtio-scsi,driver.iommu=on \
>>> --controller type=virtio-serial,driver.iommu=on \
>>> --memballoon driver.iommu=on \
>>> --graphics vnc,keymap=de,password='test passwd'  \
>>> --network network=ovs-test,model=virtio,driver.iommu=on  \
>>> --video=cirrus  \
>>> --launchSecurity sev
>> WARNING  Graphics requested but DISPLAY is not set. Not running virt-viewer.
>> WARNING  No console to launch for the guest, defaulting to --wait -1
>> 
>> Starting install...
>> 
>> Domain is still running. Installation may be in progress.
>> Waiting for the installation to complete.
>> ---
>> 
> 
> Is there a reason why you do it this way and you use all these
> options? Or is this just something you found on google?
> 
> Please try a much simpler approach for testing debian:
> 
> virt-install --virt-type kvm --name buster-amd64 \
> --location http://deb.debian.org/debian/dists/buster/main/installer-amd64/ \
> --os-variant debian10 \
> --disk size=20 --memory 4096
> 
> This is btw. from the debian wiki (https://wiki.debian.org/KVM)
> 
> -H
> 
> 
> -- 
> Henning Follmann   | hfollm...@itcfollmann.com
> 



Error starting any Debian installation (on an AMD SEV enabled KVM)

2021-08-09 Thread Office onFocus
I cannot start an installation of a debian * .iso (install, live, ..) from any 
installation medium.

This problem affects all Debian images. There are no problems with Ubuntu or 
CentOS! As soon as you 
boot the ISO and click Install, there is no error message and the boot process 
begins again (loop).

This problem has been around for a long time, and it only occurred to me now 
that it only affects Debian. For testing I recommend the tutorial 
https://docs.ovh.com/asia/en/dedicated/enable-and-use-amd-sme-sev/

Server: buster / sid
Libvirt: 7.0.0-3
qemu: 1: 5.2 + dfsg-11

I hope you can help me soon so that I can install a KVM (sev) with Debian.




relocation error: /lib/x86_64-linux-gnu/libnss_files.so.2: symbol __libc_readline_unlocked version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference

2018-12-03 Thread Office onFocus
Hi!

How can I correctly report the following error?

"relocation error: /lib/x86_64-linux-gnu/libnss_files.so.2: symbol 
__libc_readline_unlocked version GLIBC_PRIVATE not defined in file libc.so.6 
with link time reference"


After the libc6:amd64 (2.27-8, 2.28-1) update, I can no longer start databases 
on different servers. 
.. I neet libc6 >= 2.27 for apache2, ...

For testing you can install stretch with mariadb 10-1 and then upgrade libc6 to 
2.28-1 == sid 


root@rs33073:~# dpkg -l | grep mariadb-server
ii  mariadb-server-10.110.1.37-0+deb9u1 
  amd64MariaDB database server binaries
ii  mariadb-server-core-10.1   10.1.37-0+deb9u1 
  amd64MariaDB database core server files

root@rs33073:~# /etc/init.d/mysql restart
[] Restarting mysql (via systemctl): mysql.serviceJob for mariadb.service 
failed because the control process exited with error code.
See "systemctl status mariadb.service" and "journalctl -xe" for details.
 failed!


Dec  3 09:24:26 rs33073 systemd[9747]: (systemd): relocation error: 
/lib/x86_64-linux-gnu/libnss_files.so.2: symbol __libc_readline_unlocked 
version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference

root@rs33073:~# /lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Debian GLIBC 2.28-1) stable release version 2.28.
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 8.2.0.
libc ABIs: UNIQUE IFUNC ABSOLUTE
For bug reporting instructions, please see:
.




root@mysql57a:~# dpkg -l | grep mysql-server
ii  mysql-server   5.7.24-1debian8  
  amd64MySQL Server meta package depending on latest version

E not defined in file libc.so.6 with link time reference
Nov 30 09:10:44 mysql57a mysql-systemd-start[12394]: (md-start): relocation 
error: /lib/x86_64-linux-gnu/libnss_files.so.2: symbol __libc_readline_unlocked 
version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference


root@mysql57a:~# cat /etc/apt/preferences
Package: *
Pin: release a=old-stable
Pin-Priority: 500

Package: *
Pin: release a=testing
Pin-Priority: 50

Package: *
Pin: release a=unstable
Pin-Priority: 50

Package: *
Pin: release a=stable
Pin-Priority: 50

Package: apache2 apache2-bin apache2-data apache2-utils curl fontconfig-config 
libapache2-mod-php7.2 libapache2-mod-php7.3 libapr1 libaprutil1 
libaprutil1-dbd-sqlite3 libaprutil1-ldap libargon2-0 libargon2-1 libbrotli1 
libc-bin libc-l10n libc6 libcom-err2 libcomerr2 libcurl4 libfontconfig1 
libgcrypt20 libgd3 libgdbm5 libgdbm6 libgpg-error0 libgssapi-krb5-2 libidn2-0 
libjansson4 libk5crypto3 libkrb5-3 libkrb5support0 libncurses6 libnghttp2-14 
libpcre2-8-0 libpng16-16 libpsl5 libsodium23 libssh2-1 libssl1.1 libtinfo6 
libunistring2 libwebp6 libzip4 linux-base locales os-prober php php-bz2 
php-common php-curl php-gd php-mbstring php-mysql php-phpseclib php-xml php-zip 
php7.2 php7.2-bz2 php7.2-cli php7.2-common php7.2-curl php7.2-gd php7.2-json 
php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-readline php7.2-xml 
php7.2-zip php7.3 php7.3-bz2 php7.3-cli php7.3-common php7.3-curl php7.3-gd 
php7.3-json php7.3-mbstring php7.3-mysql php7.3-opcache php7.3-readline 
php7.3-xml php7.3-zip phpmyadmin publicsuffix zlib1g libgpg-error-l10n 
libncurses5 libncursesw5 libtinfo5
Pin: release a=unstable
Pin-Priority: 600






best,

Daniel

-- 
onFocus.at e.U. 

off...@onfocus.at