Create mkosi image build pipeline

cli/internal/terraform/terraform/qemu/main.tf

@@ -59,6 +59,8 @@ module "control_plane" {
   pool            = libvirt_pool.cluster.name
   boot_volume_id  = libvirt_volume.constellation_coreos_image.id
   machine         = var.machine
+  firmware        = var.firmware
+  nvram           = var.nvram
   name            = var.name
 }
 
@@ -74,6 +76,8 @@ module "worker" {
   pool            = libvirt_pool.cluster.name
   boot_volume_id  = libvirt_volume.constellation_coreos_image.id
   machine         = var.machine
+  firmware        = var.firmware
+  nvram           = var.nvram
   name            = var.name
 }
 

cli/internal/terraform/terraform/qemu/modules/instance_group/domain.xsl

@@ -6,10 +6,31 @@
         </xsl:copy>
     </xsl:template>
     <xsl:template match="os">
-        <os firmware="efi">
+        <os>
             <xsl:apply-templates select="@*|node()"/>
         </os>
     </xsl:template>
+    <xsl:template match="/domain/os/loader">
+        <xsl:copy>
+            <!--<xsl:apply-templates select="node()|@*"/>-->
+            <xsl:attribute name="secure">
+                <xsl:value-of select="'yes'"/>
+            </xsl:attribute>
+            <xsl:attribute name="readonly">
+                <xsl:value-of select="'yes'"/>
+            </xsl:attribute>
+            <xsl:attribute name="type">
+                <xsl:value-of select="'pflash'"/>
+            </xsl:attribute>
+            <xsl:value-of select="."/>
+        </xsl:copy>
+    </xsl:template>
+    <xsl:template match="/domain/features">
+        <xsl:copy>
+            <xsl:apply-templates select="node()|@*"/>
+            <xsl:element name ="smm" />
+        </xsl:copy>
+    </xsl:template>
     <xsl:template match="/domain/devices/tpm/backend">
     <xsl:copy>
         <xsl:apply-templates select="node()|@*"/>

cli/internal/terraform/terraform/qemu/modules/instance_group/main.tf

@@ -13,11 +13,16 @@ locals {
 }
 
 resource "libvirt_domain" "instance_group" {
-  name    = "${var.name}-${var.role}-${count.index}"
-  count   = var.amount
-  memory  = var.memory
-  vcpu    = var.vcpus
-  machine = var.machine
+  name     = "${var.name}-${var.role}-${count.index}"
+  count    = var.amount
+  memory   = var.memory
+  vcpu     = var.vcpus
+  machine  = var.machine
+  firmware = var.firmware
+  nvram {
+    file     = "/var/lib/libvirt/qemu/nvram/${var.role}-${count.index}_VARS.fd"
+    template = var.nvram
+  }
   tpm {
     backend_type    = "emulator"
     backend_version = "2.0"

cli/internal/terraform/terraform/qemu/modules/instance_group/variables.tf

@@ -48,7 +48,18 @@ variable "machine" {
   description = "machine type. use 'q35' for secure boot and 'pc' for non secure boot. See 'qemu-system-x86_64 -machine help'"
 }
 
+variable "firmware" {
+  type        = string
+  description = "path to UEFI firmware file."
+}
+
+variable "nvram" {
+  type        = string
+  description = "path to UEFI NVRAM template file. Used for secure boot."
+}
+
 variable "name" {
   type        = string
   description = "name prefix of the cluster VMs"
 }
+

cli/internal/terraform/terraform/qemu/variables.tf

@@ -45,6 +45,17 @@ variable "machine" {
   description = "machine type. use 'q35' for secure boot and 'pc' for non secure boot. See 'qemu-system-x86_64 -machine help'"
 }
 
+variable "firmware" {
+  type        = string
+  default     = "/usr/share/OVMF/OVMF_CODE.secboot.fd"
+  description = "path to UEFI firmware file. Use \"OVMF_CODE_4M.ms.fd\" on Ubuntu and \"OVMF_CODE.secboot.fd\" on Fedora."
+}
+
+variable "nvram" {
+  type        = string
+  description = "path to UEFI NVRAM template file. Used for secure boot."
+}
+
 variable "metadata_api_image" {
   type        = string
   description = "container image of the QEMU metadata api server"