From 170a2c835c7be3de94462f93efa28e2b91f28124 Mon Sep 17 00:00:00 2001 From: Gaurav Talreja Date: Tue, 22 Oct 2024 04:16:06 +0530 Subject: [PATCH] Add tests for Libvirt secureboot provisioning Signed-off-by: Gaurav Talreja --- pytest_fixtures/component/provision_pxe.py | 2 +- pytest_fixtures/component/provision_vmware.py | 2 +- .../api/test_computeresource_libvirt.py | 98 +++++++++++++++++++ .../cli/test_computeresource_libvirt.py | 16 ++- .../ui/test_computeresource_libvirt.py | 32 ++++-- 5 files changed, 135 insertions(+), 15 deletions(-) diff --git a/pytest_fixtures/component/provision_pxe.py b/pytest_fixtures/component/provision_pxe.py index ebacc9702df..761541d4989 100644 --- a/pytest_fixtures/component/provision_pxe.py +++ b/pytest_fixtures/component/provision_pxe.py @@ -288,7 +288,7 @@ def pxe_loader(request): 'uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI'}, 'ipxe': {'vm_firmware': 'bios', 'pxe_loader': 'iPXE Embedded'}, 'http_uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI HTTP'}, - 'secureboot': {'vm_firmware': 'uefi_secureboot', 'pxe_loader': 'Grub2 UEFI SecureBoot'}, + 'secureboot': {'vm_firmware': 'uefi_secure_boot', 'pxe_loader': 'Grub2 UEFI SecureBoot'}, } return Box(PXE_LOADER_MAP[getattr(request, 'param', 'uefi')]) diff --git a/pytest_fixtures/component/provision_vmware.py b/pytest_fixtures/component/provision_vmware.py index 4ba5b4cf27e..716e37bc951 100644 --- a/pytest_fixtures/component/provision_vmware.py +++ b/pytest_fixtures/component/provision_vmware.py @@ -116,7 +116,7 @@ def module_vmware_image( def provisioning_vmware_host(pxe_loader, vmwareclient, module_ssh_key_file): """Fixture to check out blank VM on VMware""" vm_boot_firmware = 'efi' if pxe_loader.vm_firmware.startswith('uefi') else 'bios' - vm_secure_boot = 'true' if pxe_loader.vm_firmware == 'uefi_secureboot' else 'false' + vm_secure_boot = 'true' if pxe_loader.vm_firmware == 'uefi_secure_boot' else 'false' vlan_id = settings.provisioning.vlan_id with Broker( workflow='deploy-blank-vm-vcenter', diff --git a/tests/foreman/api/test_computeresource_libvirt.py b/tests/foreman/api/test_computeresource_libvirt.py index ce0c0ff0b9b..145eb271ba6 100644 --- a/tests/foreman/api/test_computeresource_libvirt.py +++ b/tests/foreman/api/test_computeresource_libvirt.py @@ -19,9 +19,11 @@ from fauxfactory import gen_string import pytest from requests.exceptions import HTTPError +from wait_for import wait_for from robottelo.config import settings from robottelo.constants import FOREMAN_PROVIDERS, LIBVIRT_RESOURCE_URL +from robottelo.hosts import ContentHost from robottelo.utils.datafactory import ( invalid_values_list, parametrized, @@ -278,3 +280,99 @@ def test_negative_update_url(url, request, module_target_sat, module_org, module with pytest.raises(HTTPError): compresource.update(['url']) assert compresource.read().url != url + + +@pytest.mark.e2e +@pytest.mark.on_premises_provisioning +@pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True) +@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True) +@pytest.mark.rhel_ver_match('[7]') +def test_positive_provision_end_to_end( + request, + setting_update, + module_provisioning_rhel_content, + module_libvirt_provisioning_sat, + module_sca_manifest_org, + module_location, + pxe_loader, + provisioning_hostgroup, +): + """Provision a host on Libvirt compute resource with the help of hostgroup. + + :id: 6985e7c0-d258-4fc4-833b-e680804b55e9 + + :steps: + 1. Configure provisioning setup. + 2. Create Libvirt CR + 3. Configure host group setup. + 4. Create a host on Libvirt compute resource using the Hostgroup + 5. Verify created host on Libvirt. + + :expectedresults: Host is provisioned succesfully with hostgroup + + :Verifies: SAT-25808 + """ + sat = module_libvirt_provisioning_sat.sat + cr_name = gen_string('alpha') + host_name = gen_string('alpha').lower() + libvirt_cr = sat.api.LibvirtComputeResource( + name=cr_name, + provider=FOREMAN_PROVIDERS['libvirt'], + display_type='VNC', + organization=[module_sca_manifest_org], + location=[module_location], + url=LIBVIRT_URL, + ).create() + request.addfinalizer(libvirt_cr.delete) + assert libvirt_cr.name == cr_name + + host = sat.api.Host( + hostgroup=provisioning_hostgroup, + organization=module_sca_manifest_org, + location=module_location, + name=host_name, + compute_resource=libvirt_cr, + compute_attributes={ + 'cpus': 1, + 'memory': 6442450944, + 'firmware': pxe_loader.vm_firmware, + 'start': '1', + 'volumes_attributes': { + '0': { + 'capacity': '10G', + }, + }, + }, + interfaces_attributes={ + '0': { + 'type': 'interface', + 'primary': True, + 'managed': True, + 'compute_attributes': { + 'compute_type': 'bridge', + 'bridge': f'br-{settings.provisioning.vlan_id}', + }, + } + }, + provision_method='build', + build=True, + ).create(create_missing=False) + request.addfinalizer(lambda: sat.provisioning_cleanup(host.name)) + assert host.name == f'{host_name}.{module_libvirt_provisioning_sat.domain.name}' + # Check on Libvirt, if VM exists + result = sat.execute( + f'su foreman -s /bin/bash -c "virsh -c {LIBVIRT_URL} list --state-running"' + ) + assert host_name in result.stdout + # check the build status + wait_for( + lambda: host.read().build_status_label != 'Pending installation', + timeout=1500, + delay=10, + ) + assert host.read().build_status_label == 'Installed' + + # Verify SecureBoot is enabled on host after provisioning is completed sucessfully + if pxe_loader.vm_firmware == 'uefi_secure_boot': + provisioning_host = ContentHost(host.ip) + assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout diff --git a/tests/foreman/cli/test_computeresource_libvirt.py b/tests/foreman/cli/test_computeresource_libvirt.py index 3e50461b7a1..aaebf55ca6a 100644 --- a/tests/foreman/cli/test_computeresource_libvirt.py +++ b/tests/foreman/cli/test_computeresource_libvirt.py @@ -38,6 +38,7 @@ from robottelo.config import settings from robottelo.constants import FOREMAN_PROVIDERS, LIBVIRT_RESOURCE_URL from robottelo.exceptions import CLIReturnCodeError +from robottelo.hosts import ContentHost from robottelo.utils.datafactory import parametrized LIBVIRT_URL = LIBVIRT_RESOURCE_URL % settings.libvirt.libvirt_hostname @@ -379,11 +380,12 @@ def test_positive_update_console_password(libvirt_url, set_console_password, mod @pytest.mark.e2e @pytest.mark.on_premises_provisioning -@pytest.mark.tier3 -@pytest.mark.rhel_ver_match('[^6]') +@pytest.mark.rhel_ver_match('[8]') +@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True) @pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True) def test_positive_provision_end_to_end( request, + pxe_loader, setting_update, module_libvirt_provisioning_sat, module_sca_manifest_org, @@ -410,7 +412,7 @@ def test_positive_provision_end_to_end( :BZ: 2236693 - :Verifies: SAT-22491 + :Verifies: SAT-22491, SAT-25808 :customerscenario: true """ @@ -427,6 +429,7 @@ def test_positive_provision_end_to_end( } ) assert libvirt_cr['name'] == cr_name + host = sat.cli.Host.create( { 'name': hostname, @@ -436,7 +439,7 @@ def test_positive_provision_end_to_end( 'compute-resource-id': libvirt_cr['id'], 'ip': None, 'mac': None, - 'compute-attributes': 'cpus=1, memory=6442450944, start=1', + 'compute-attributes': f'cpus=1, memory=6442450944, start=1, firmware={pxe_loader.vm_firmware}', 'interface': f'compute_type=bridge,compute_bridge=br-{settings.provisioning.vlan_id}', 'volume': 'capacity=10', 'provision-method': 'build', @@ -463,3 +466,8 @@ def test_positive_provision_end_to_end( ) host_info = sat.cli.Host.info({'id': host['id']}) assert host_info['status']['build-status'] == 'Installed' + + # Verify SecureBoot is enabled on host after provisioning is completed sucessfully + if pxe_loader.vm_firmware == 'uefi_secure_boot': + provisioning_host = ContentHost(host_info['network']['ipv4-address']) + assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout diff --git a/tests/foreman/ui/test_computeresource_libvirt.py b/tests/foreman/ui/test_computeresource_libvirt.py index d5d8cbcb0d3..0389f4fd140 100644 --- a/tests/foreman/ui/test_computeresource_libvirt.py +++ b/tests/foreman/ui/test_computeresource_libvirt.py @@ -24,6 +24,7 @@ FOREMAN_PROVIDERS, LIBVIRT_RESOURCE_URL, ) +from robottelo.hosts import ContentHost pytestmark = [pytest.mark.skip_if_not_set('libvirt')] @@ -119,11 +120,12 @@ def test_positive_end_to_end(session, module_target_sat, module_org, module_loca @pytest.mark.e2e @pytest.mark.on_premises_provisioning -@pytest.mark.tier4 -@pytest.mark.rhel_ver_match('[^6]') +@pytest.mark.rhel_ver_match('[9]') @pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True) +@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True) def test_positive_provision_end_to_end( request, + pxe_loader, setting_update, module_sca_manifest_org, module_location, @@ -141,7 +143,7 @@ def test_positive_provision_end_to_end( :BZ: 1243223, 2236693 - :Verifies: SAT-22491 + :Verifies: SAT-22491, SAT-25808 :parametrized: yes """ @@ -182,17 +184,29 @@ def test_positive_provision_end_to_end( assert hostname in result.stdout # Wait for provisioning to complete and report status back to Satellite wait_for( - lambda: session.host.get_details(name)['properties']['properties_table']['Build'] - != 'Pending installation clear', + lambda: session.host_new.get_host_statuses(name)['Build']['Status'] + != 'Pending installation', timeout=1800, delay=30, fail_func=session.browser.refresh, silent_failure=True, handle_exception=True, ) - assert ( - session.host.get_details(name)['properties']['properties_table']['Build'] - == 'Installed clear' - ) + values = session.host_new.get_host_statuses(name) + assert values['Build']['Status'] == 'Installed' + + # Verify SecureBoot is enabled on host after provisioning is completed sucessfully + if pxe_loader.vm_firmware == 'uefi_secure_boot': + host = sat.api.Host().search(query={'host': hostname})[0].read() + provisioning_host = ContentHost(host.ip) + if int(host.operatingsystem.read().major) >= 9: + assert ( + provisioning_host.execute( + 'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd' + ).status + == 0 + ) + assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout + session.host.delete(name) assert not sat.api.Host().search(query={'search': f'name="{name}"'})