Skip to content

Commit

Permalink
Add tests for VMware secureboot provisioning
Browse files Browse the repository at this point in the history
Signed-off-by: Gaurav Talreja <[email protected]>
  • Loading branch information
Gauravtalreja1 committed Dec 22, 2024
1 parent 4c08b39 commit c3b2c63
Show file tree
Hide file tree
Showing 5 changed files with 55 additions and 29 deletions.
2 changes: 1 addition & 1 deletion pytest_fixtures/component/provision_pxe.py
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,7 @@ def pxe_loader(request):
'uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI'},
'ipxe': {'vm_firmware': 'bios', 'pxe_loader': 'iPXE Embedded'},
'http_uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI HTTP'},
'secureboot': {'vm_firmware': 'uefi_secureboot', 'pxe_loader': 'Grub2 UEFI SecureBoot'},
'secureboot': {'vm_firmware': 'uefi_secure_boot', 'pxe_loader': 'Grub2 UEFI SecureBoot'},
}
return Box(PXE_LOADER_MAP[getattr(request, 'param', 'uefi')])

Expand Down
7 changes: 6 additions & 1 deletion pytest_fixtures/component/provision_vmware.py
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,11 @@ def module_vmware_hostgroup(
subnet=module_provisioning_sat.subnet,
pxe_loader=pxe_loader.pxe_loader,
group_parameters_attributes=[
{
'name': 'remote_execution_connect_by_ip',
'parameter_type': 'boolean',
'value': 'true',
},
# assign AK in order the hosts to be subscribed
{
'name': 'kt_activation_keys',
Expand Down Expand Up @@ -116,7 +121,7 @@ def module_vmware_image(
def provisioning_vmware_host(pxe_loader, vmwareclient, module_ssh_key_file):
"""Fixture to check out blank VM on VMware"""
vm_boot_firmware = 'efi' if pxe_loader.vm_firmware.startswith('uefi') else 'bios'
vm_secure_boot = 'true' if pxe_loader.vm_firmware == 'uefi_secureboot' else 'false'
vm_secure_boot = 'true' if pxe_loader.vm_firmware == 'uefi_secure_boot' else 'false'
vlan_id = settings.provisioning.vlan_id
with Broker(
workflow='deploy-blank-vm-vcenter',
Expand Down
22 changes: 14 additions & 8 deletions tests/foreman/api/test_computeresource_vmware.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,16 @@
from wrapanapi.systems.virtualcenter import VMWareVirtualMachine

from robottelo.config import settings
from robottelo.hosts import ContentHost


@pytest.mark.e2e
@pytest.mark.on_premises_provisioning
@pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True)
@pytest.mark.parametrize('vmware', ['vmware7', 'vmware8'], indirect=True)
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi'], indirect=True)
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True)
@pytest.mark.parametrize('provision_method', ['build', 'bootdisk'])
@pytest.mark.rhel_ver_match('[8]')
@pytest.mark.rhel_ver_match('[7]')
def test_positive_provision_end_to_end(
request,
setting_update,
Expand Down Expand Up @@ -57,13 +58,11 @@ def test_positive_provision_end_to_end(
:CaseImportance: Critical
:Verifies: SAT-23417, SAT-23558
:Verifies: SAT-18721, SAT-23558, SAT-25810
:customerscenario: true
:BZ: 2186114
:verifies: SAT-18721
"""
sat = module_provisioning_sat.sat
name = gen_string('alpha').lower()
Expand All @@ -78,10 +77,10 @@ def test_positive_provision_end_to_end(
'path': '/Datacenters/SatQE-Datacenter/vm/',
'cpus': 2,
'memory_mb': 6000,
'firmware': 'bios' if pxe_loader.vm_firmware == 'bios' else 'efi',
'cluster': f'{settings.vmware.cluster}',
'firmware': pxe_loader.vm_firmware,
'cluster': settings.vmware.cluster,
'start': '1',
'guest_id': 'rhel8_64Guest',
'guest_id': 'rhel7_64Guest',
'scsi_controllers': [{'type': 'ParaVirtualSCSIController', 'key': 1001}],
'nvme_controllers': [{'type': 'VirtualNVMEController', 'key': 2001}],
'volumes_attributes': {
Expand Down Expand Up @@ -126,6 +125,13 @@ def test_positive_provision_end_to_end(
)
assert host.read().build_status_label == 'Installed'

# Verify SecureBoot is enabled on host after provisioning is completed sucessfully
if pxe_loader.vm_firmware == 'uefi_secure_boot':
provisioning_host = ContentHost(host.ip)
# Wait for the host to be rebooted and SSH daemon to be started.
provisioning_host.wait_for_connection()
assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout


@pytest.mark.on_premises_provisioning
@pytest.mark.parametrize('module_provisioning_sat', ['discovery'], indirect=True)
Expand Down
21 changes: 12 additions & 9 deletions tests/foreman/cli/test_computeresource_vmware.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@

from robottelo.config import settings
from robottelo.constants import FOREMAN_PROVIDERS
from robottelo.hosts import ContentHost


@pytest.mark.tier1
Expand Down Expand Up @@ -78,9 +79,9 @@ def test_positive_vmware_cr_end_to_end(target_sat, module_org, module_location,
@pytest.mark.on_premises_provisioning
@pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True)
@pytest.mark.parametrize('vmware', ['vmware7', 'vmware8'], indirect=True)
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi'], indirect=True)
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True)
@pytest.mark.parametrize('provision_method', ['build', 'bootdisk'])
@pytest.mark.rhel_ver_match('[^6]')
@pytest.mark.rhel_ver_match('[8]')
@pytest.mark.tier3
def test_positive_provision_end_to_end(
request,
Expand All @@ -101,7 +102,6 @@ def test_positive_provision_end_to_end(
:id: ff9963fc-a2a7-4392-aa9a-190d5d1c8357
:steps:
1. Configure provisioning setup.
2. Create VMware CR
3. Configure host group setup.
Expand All @@ -110,7 +110,7 @@ def test_positive_provision_end_to_end(
:expectedresults: Host is provisioned succesfully with hostgroup
:CaseAutomation: Automated
:Verifies: SAT-25810
"""
sat = module_provisioning_sat.sat
hostname = gen_string('alpha').lower()
Expand All @@ -126,7 +126,7 @@ def test_positive_provision_end_to_end(
'compute-attributes': f'cluster={settings.vmware.cluster},'
f'path=/Datacenters/{settings.vmware.datacenter}/vm/,'
'scsi_controller_type=VirtualLsiLogicController,'
'guest_id=rhel8_64Guest,firmware=automatic,'
f'guest_id=rhel8_64Guest,firmware={pxe_loader.vm_firmware},'
'cpus=1,memory_mb=6000, start=1',
'interface': f'compute_type=VirtualVmxnet3,'
f'compute_network=VLAN {settings.provisioning.vlan_id}',
Expand All @@ -150,6 +150,13 @@ def test_positive_provision_end_to_end(
host_info = sat.cli.Host.info({'id': host['id']})
assert host_info['status']['build-status'] == 'Installed'

# Verify SecureBoot is enabled on host after provisioning is completed sucessfully
if pxe_loader.vm_firmware == 'uefi_secure_boot':
provisioning_host = ContentHost(host_info['network']['ipv4-address'])
# Wait for the host to be rebooted and SSH daemon to be started.
provisioning_host.wait_for_connection()
assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout


@pytest.mark.e2e
@pytest.mark.on_premises_provisioning
Expand Down Expand Up @@ -190,10 +197,6 @@ def test_positive_image_provision_end_to_end(
"""
sat = module_provisioning_sat.sat
hostname = gen_string('alpha').lower()
module_vmware_hostgroup.group_parameters_attributes = [
{'name': 'package_upgrade', 'value': 'false', 'parameter_type': 'boolean'}
]
module_vmware_hostgroup.update(['group_parameters_attributes'])
host = sat.cli.Host.create(
{
'name': hostname,
Expand Down
32 changes: 22 additions & 10 deletions tests/foreman/ui/test_computeresource_vmware.py
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@ def test_positive_vmware_custom_profile_end_to_end(
cpus = ['2', '4', '6']
vm_memory = ['4000', '6000', '8000']
annotation_notes = gen_string('alpha')
firmware_type = ['Automatic', 'BIOS', 'EFI']
firmware_type = ['Automatic', 'BIOS', 'UEFI', 'UEFI Secure Boot']
resource_pool = VMWARE_CONSTANTS['pool']
folder = VMWARE_CONSTANTS['folder']
virtual_hw_version = VMWARE_CONSTANTS['virtualhw_version']
Expand Down Expand Up @@ -554,14 +554,10 @@ def test_positive_virt_card(session, target_sat, module_location, module_org, vm

@pytest.mark.e2e
@pytest.mark.on_premises_provisioning
@pytest.mark.parametrize(
'setting_update',
['remote_execution_connect_by_ip=True', 'destroy_vm_on_host_delete=True'],
indirect=True,
)
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi'], indirect=True)
@pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True)
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True)
@pytest.mark.parametrize('provision_method', ['build'])
@pytest.mark.rhel_ver_match('[8]')
@pytest.mark.rhel_ver_match('[9]')
@pytest.mark.tier3
def test_positive_provision_end_to_end(
request,
Expand Down Expand Up @@ -593,13 +589,13 @@ def test_positive_provision_end_to_end(
:BZ: 2025523
:Verifies: SAT-24780
:Verifies: SAT-24780, SAT-25810
:customerscenario: true
"""
SELECTED_ROLE = 'theforeman.foreman_scap_client'
host_name = gen_string('alpha').lower()
guest_os_names = 'Red Hat Enterprise Linux 8 (64 bit)'
guest_os_names = 'Red Hat Enterprise Linux 9 (64 bit)'
storage_data = {'storage': {'disks': [{'data_store': get_vmware_datastore_summary_string}]}}
network_data = {
'network_interfaces': {
Expand Down Expand Up @@ -653,6 +649,22 @@ def test_positive_provision_end_to_end(
assert values['Build']['Status'] == 'Installed'
assert values['Execution']['Status'] == 'Last execution succeeded'

# Verify SecureBoot is enabled on host after provisioning is completed sucessfully
if pxe_loader.vm_firmware == 'uefi_secure_boot':
host = target_sat.api.Host().search(query={'host': host_name})[0].read()
provisioning_host = ContentHost(host.ip)
# Wait for the host to be rebooted and SSH daemon to be started.
provisioning_host.wait_for_connection()
# Enable Root Login
if int(host.operatingsystem.read().major) >= 9:
assert (
provisioning_host.execute(
'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
).status
== 0
)
assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout

# Verify if assigned role is executed on the host, and correct host passwd is set
host = ContentHost(target_sat.api.Host().search(query={'host': host_name})[0].read().ip)
assert host.execute('yum list installed rubygem-foreman_scap_client').status == 0

0 comments on commit c3b2c63

Please sign in to comment.