From 65858eeb3d859023e1f068bfdb4aa855e925f540 Mon Sep 17 00:00:00 2001 From: Gaurav Talreja Date: Tue, 22 Oct 2024 04:16:06 +0530 Subject: [PATCH] Add tests for Libvirt secureboot provisioning Signed-off-by: Gaurav Talreja --- pytest_fixtures/component/provision_pxe.py | 2 +- pytest_fixtures/component/provision_vmware.py | 2 +- .../api/test_computeresource_libvirt.py | 103 ++++++++++++++++++ .../cli/test_computeresource_libvirt.py | 19 +++- .../ui/test_computeresource_libvirt.py | 43 ++++++-- 5 files changed, 154 insertions(+), 15 deletions(-) diff --git a/pytest_fixtures/component/provision_pxe.py b/pytest_fixtures/component/provision_pxe.py index edc5e7f254..ee036bef99 100644 --- a/pytest_fixtures/component/provision_pxe.py +++ b/pytest_fixtures/component/provision_pxe.py @@ -299,7 +299,7 @@ def pxe_loader(request): 'uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI'}, 'ipxe': {'vm_firmware': 'bios', 'pxe_loader': 'iPXE Embedded'}, 'http_uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI HTTP'}, - 'secureboot': {'vm_firmware': 'uefi_secureboot', 'pxe_loader': 'Grub2 UEFI SecureBoot'}, + 'secureboot': {'vm_firmware': 'uefi_secure_boot', 'pxe_loader': 'Grub2 UEFI SecureBoot'}, } return Box(PXE_LOADER_MAP[getattr(request, 'param', 'uefi')]) diff --git a/pytest_fixtures/component/provision_vmware.py b/pytest_fixtures/component/provision_vmware.py index 4ba5b4cf27..716e37bc95 100644 --- a/pytest_fixtures/component/provision_vmware.py +++ b/pytest_fixtures/component/provision_vmware.py @@ -116,7 +116,7 @@ def module_vmware_image( def provisioning_vmware_host(pxe_loader, vmwareclient, module_ssh_key_file): """Fixture to check out blank VM on VMware""" vm_boot_firmware = 'efi' if pxe_loader.vm_firmware.startswith('uefi') else 'bios' - vm_secure_boot = 'true' if pxe_loader.vm_firmware == 'uefi_secureboot' else 'false' + vm_secure_boot = 'true' if pxe_loader.vm_firmware == 'uefi_secure_boot' else 'false' vlan_id = settings.provisioning.vlan_id with Broker( workflow='deploy-blank-vm-vcenter', diff --git a/tests/foreman/api/test_computeresource_libvirt.py b/tests/foreman/api/test_computeresource_libvirt.py index ce0c0ff0b9..b258c5b2c4 100644 --- a/tests/foreman/api/test_computeresource_libvirt.py +++ b/tests/foreman/api/test_computeresource_libvirt.py @@ -19,9 +19,11 @@ from fauxfactory import gen_string import pytest from requests.exceptions import HTTPError +from wait_for import wait_for from robottelo.config import settings from robottelo.constants import FOREMAN_PROVIDERS, LIBVIRT_RESOURCE_URL +from robottelo.hosts import ContentHost from robottelo.utils.datafactory import ( invalid_values_list, parametrized, @@ -278,3 +280,104 @@ def test_negative_update_url(url, request, module_target_sat, module_org, module with pytest.raises(HTTPError): compresource.update(['url']) assert compresource.read().url != url + + +@pytest.mark.e2e +@pytest.mark.on_premises_provisioning +@pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True) +@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True) +@pytest.mark.rhel_ver_match('[7]') +def test_positive_provision_end_to_end( + request, + setting_update, + module_provisioning_rhel_content, + module_libvirt_provisioning_sat, + module_sca_manifest_org, + module_location, + pxe_loader, + provisioning_hostgroup, +): + """Provision a host on Libvirt compute resource with the help of hostgroup. + + :id: 6985e7c0-d258-4fc4-833b-e680804b55e9 + + :steps: + 1. Configure provisioning setup. + 2. Create Libvirt CR + 3. Configure host group setup. + 4. Create a host on Libvirt compute resource using the Hostgroup + 5. Verify created host on Libvirt. + + :expectedresults: Host is provisioned succesfully with hostgroup + + :Verifies: SAT-25808 + """ + sat = module_libvirt_provisioning_sat.sat + cr_name = gen_string('alpha') + host_name = gen_string('alpha').lower() + libvirt_cr = sat.api.LibvirtComputeResource( + name=cr_name, + provider=FOREMAN_PROVIDERS['libvirt'], + display_type='VNC', + organization=[module_sca_manifest_org], + location=[module_location], + url=LIBVIRT_URL, + ).create() + request.addfinalizer(libvirt_cr.delete) + assert libvirt_cr.name == cr_name + + host = sat.api.Host( + hostgroup=provisioning_hostgroup, + organization=module_sca_manifest_org, + location=module_location, + name=host_name, + compute_resource=libvirt_cr, + compute_attributes={ + 'cpus': 1, + 'memory': 6442450944, + 'firmware': pxe_loader.vm_firmware, + 'start': '1', + 'volumes_attributes': { + '0': { + 'capacity': '10G', + }, + }, + }, + interfaces_attributes={ + '0': { + 'type': 'interface', + 'primary': True, + 'managed': True, + 'compute_attributes': { + 'compute_type': 'bridge', + 'bridge': f'br-{settings.provisioning.vlan_id}', + }, + } + }, + provision_method='build', + host_parameters_attributes=[ + {'name': 'remote_execution_connect_by_ip', 'value': 'true', 'parameter_type': 'boolean'} + ], + build=True, + ).create(create_missing=False) + request.addfinalizer(lambda: sat.provisioning_cleanup(host.name)) + assert host.name == f'{host_name}.{module_libvirt_provisioning_sat.domain.name}' + # Check on Libvirt, if VM exists + result = sat.execute( + f'su foreman -s /bin/bash -c "virsh -c {LIBVIRT_URL} list --state-running"' + ) + assert host_name in result.stdout + # check the build status + wait_for( + lambda: host.read().build_status_label != 'Pending installation', + timeout=1500, + delay=10, + ) + assert host.read().build_status_label == 'Installed' + + # Verify SecureBoot is enabled on host after provisioning is completed sucessfully + if pxe_loader.vm_firmware == 'uefi_secure_boot': + provisioning_host = ContentHost(host.ip) + # Wait for the host to be rebooted and SSH daemon to be started. + provisioning_host.wait_for_connection() + assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout diff --git a/tests/foreman/cli/test_computeresource_libvirt.py b/tests/foreman/cli/test_computeresource_libvirt.py index fb9c29fd6c..e5982813ea 100644 --- a/tests/foreman/cli/test_computeresource_libvirt.py +++ b/tests/foreman/cli/test_computeresource_libvirt.py @@ -38,6 +38,7 @@ from robottelo.config import settings from robottelo.constants import FOREMAN_PROVIDERS, LIBVIRT_RESOURCE_URL from robottelo.exceptions import CLIReturnCodeError +from robottelo.hosts import ContentHost from robottelo.utils.datafactory import parametrized LIBVIRT_URL = LIBVIRT_RESOURCE_URL % settings.libvirt.libvirt_hostname @@ -379,11 +380,12 @@ def test_positive_update_console_password(libvirt_url, set_console_password, mod @pytest.mark.e2e @pytest.mark.on_premises_provisioning -@pytest.mark.tier3 -@pytest.mark.rhel_ver_match(r'^(?!.*fips).*$') +@pytest.mark.rhel_ver_match('[8]') +@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True) @pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True) def test_positive_provision_end_to_end( request, + pxe_loader, setting_update, module_libvirt_provisioning_sat, module_sca_manifest_org, @@ -410,7 +412,7 @@ def test_positive_provision_end_to_end( :BZ: 2236693 - :Verifies: SAT-22491 + :Verifies: SAT-22491, SAT-25808 :customerscenario: true """ @@ -427,6 +429,7 @@ def test_positive_provision_end_to_end( } ) assert libvirt_cr['name'] == cr_name + host = sat.cli.Host.create( { 'name': hostname, @@ -436,9 +439,10 @@ def test_positive_provision_end_to_end( 'compute-resource-id': libvirt_cr['id'], 'ip': None, 'mac': None, - 'compute-attributes': 'cpus=1, memory=6442450944, start=1', + 'compute-attributes': f'cpus=1, memory=6442450944, start=1, firmware={pxe_loader.vm_firmware}', 'interface': f'compute_type=bridge,compute_bridge=br-{settings.provisioning.vlan_id}', 'volume': 'capacity=10', + 'parameters': 'name=remote_execution_connect_by_ip,' 'type=boolean,' 'value=true', 'provision-method': 'build', } ) @@ -463,3 +467,10 @@ def test_positive_provision_end_to_end( ) host_info = sat.cli.Host.info({'id': host['id']}) assert host_info['status']['build-status'] == 'Installed' + + # Verify SecureBoot is enabled on host after provisioning is completed sucessfully + if pxe_loader.vm_firmware == 'uefi_secure_boot': + provisioning_host = ContentHost(host_info['network']['ipv4-address']) + # Wait for the host to be rebooted and SSH daemon to be started. + provisioning_host.wait_for_connection() + assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout diff --git a/tests/foreman/ui/test_computeresource_libvirt.py b/tests/foreman/ui/test_computeresource_libvirt.py index 7047682c6a..27fb407c4b 100644 --- a/tests/foreman/ui/test_computeresource_libvirt.py +++ b/tests/foreman/ui/test_computeresource_libvirt.py @@ -24,6 +24,7 @@ FOREMAN_PROVIDERS, LIBVIRT_RESOURCE_URL, ) +from robottelo.hosts import ContentHost pytestmark = [pytest.mark.skip_if_not_set('libvirt')] @@ -119,17 +120,19 @@ def test_positive_end_to_end(session, module_target_sat, module_org, module_loca @pytest.mark.e2e @pytest.mark.on_premises_provisioning -@pytest.mark.tier4 -@pytest.mark.rhel_ver_match(r'^(?!.*fips).*$') +@pytest.mark.rhel_ver_match('[9]') @pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True) +@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True) def test_positive_provision_end_to_end( request, + pxe_loader, setting_update, module_sca_manifest_org, module_location, provisioning_hostgroup, module_libvirt_provisioning_sat, module_provisioning_rhel_content, + module_ssh_key_file, ): """Provision Host on libvirt compute resource, and delete it afterwards @@ -141,7 +144,7 @@ def test_positive_provision_end_to_end( :BZ: 1243223, 2236693 - :Verifies: SAT-22491 + :Verifies: SAT-22491, SAT-25808 :parametrized: yes """ @@ -154,6 +157,13 @@ def test_positive_provision_end_to_end( location=[module_location], organization=[module_sca_manifest_org], ).create() + + existing_params = provisioning_hostgroup.group_parameters_attributes + provisioning_hostgroup.group_parameters_attributes = [ + {'name': 'remote_execution_connect_by_ip', 'value': 'true', 'parameter_type': 'boolean'}, + ] + existing_params + provisioning_hostgroup.update(['group_parameters_attributes']) + with sat.ui_session() as session: session.organization.select(module_sca_manifest_org.name) session.location.select(module_location.name) @@ -182,17 +192,32 @@ def test_positive_provision_end_to_end( assert hostname in result.stdout # Wait for provisioning to complete and report status back to Satellite wait_for( - lambda: session.host.get_details(name)['properties']['properties_table']['Build'] - != 'Pending installation clear', + lambda: session.host_new.get_host_statuses(name)['Build']['Status'] + != 'Pending installation', timeout=1800, delay=30, fail_func=session.browser.refresh, silent_failure=True, handle_exception=True, ) - assert ( - session.host.get_details(name)['properties']['properties_table']['Build'] - == 'Installed clear' - ) + values = session.host_new.get_host_statuses(name) + assert values['Build']['Status'] == 'Installed' + + # Verify SecureBoot is enabled on host after provisioning is completed sucessfully + if pxe_loader.vm_firmware == 'uefi_secure_boot': + host = sat.api.Host().search(query={'host': hostname})[0].read() + provisioning_host = ContentHost(host.ip, auth=module_ssh_key_file) + # Wait for the host to be rebooted and SSH daemon to be started. + provisioning_host.wait_for_connection() + # Enable Root Login + if int(host.operatingsystem.read().major) >= 9: + assert ( + provisioning_host.execute( + 'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd' + ).status + == 0 + ) + assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout + session.host.delete(name) assert not sat.api.Host().search(query={'search': f'name="{name}"'})