Skip to content

Commit

Permalink
Add tests for Libvirt secureboot provisioning
Browse files Browse the repository at this point in the history
Signed-off-by: Gaurav Talreja <[email protected]>
  • Loading branch information
Gauravtalreja1 committed Dec 23, 2024
1 parent c506e68 commit 885ff7d
Show file tree
Hide file tree
Showing 5 changed files with 154 additions and 15 deletions.
2 changes: 1 addition & 1 deletion pytest_fixtures/component/provision_pxe.py
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,7 @@ def pxe_loader(request):
'uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI'},
'ipxe': {'vm_firmware': 'bios', 'pxe_loader': 'iPXE Embedded'},
'http_uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI HTTP'},
'secureboot': {'vm_firmware': 'uefi_secureboot', 'pxe_loader': 'Grub2 UEFI SecureBoot'},
'secureboot': {'vm_firmware': 'uefi_secure_boot', 'pxe_loader': 'Grub2 UEFI SecureBoot'},
}
return Box(PXE_LOADER_MAP[getattr(request, 'param', 'uefi')])

Expand Down
2 changes: 1 addition & 1 deletion pytest_fixtures/component/provision_vmware.py
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ def module_vmware_image(
def provisioning_vmware_host(pxe_loader, vmwareclient, module_ssh_key_file):
"""Fixture to check out blank VM on VMware"""
vm_boot_firmware = 'efi' if pxe_loader.vm_firmware.startswith('uefi') else 'bios'
vm_secure_boot = 'true' if pxe_loader.vm_firmware == 'uefi_secureboot' else 'false'
vm_secure_boot = 'true' if pxe_loader.vm_firmware == 'uefi_secure_boot' else 'false'
vlan_id = settings.provisioning.vlan_id
with Broker(
workflow='deploy-blank-vm-vcenter',
Expand Down
103 changes: 103 additions & 0 deletions tests/foreman/api/test_computeresource_libvirt.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,11 @@
from fauxfactory import gen_string
import pytest
from requests.exceptions import HTTPError
from wait_for import wait_for

from robottelo.config import settings
from robottelo.constants import FOREMAN_PROVIDERS, LIBVIRT_RESOURCE_URL
from robottelo.hosts import ContentHost
from robottelo.utils.datafactory import (
invalid_values_list,
parametrized,
Expand Down Expand Up @@ -278,3 +280,104 @@ def test_negative_update_url(url, request, module_target_sat, module_org, module
with pytest.raises(HTTPError):
compresource.update(['url'])
assert compresource.read().url != url


@pytest.mark.e2e
@pytest.mark.on_premises_provisioning
@pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True)
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True)
@pytest.mark.rhel_ver_match('[7]')
def test_positive_provision_end_to_end(
request,
setting_update,
module_provisioning_rhel_content,
module_libvirt_provisioning_sat,
module_sca_manifest_org,
module_location,
pxe_loader,
provisioning_hostgroup,
):
"""Provision a host on Libvirt compute resource with the help of hostgroup.
:id: 6985e7c0-d258-4fc4-833b-e680804b55e9
:steps:
1. Configure provisioning setup.
2. Create Libvirt CR
3. Configure host group setup.
4. Create a host on Libvirt compute resource using the Hostgroup
5. Verify created host on Libvirt.
:expectedresults: Host is provisioned succesfully with hostgroup
:Verifies: SAT-25808
"""
sat = module_libvirt_provisioning_sat.sat
cr_name = gen_string('alpha')
host_name = gen_string('alpha').lower()
libvirt_cr = sat.api.LibvirtComputeResource(
name=cr_name,
provider=FOREMAN_PROVIDERS['libvirt'],
display_type='VNC',
organization=[module_sca_manifest_org],
location=[module_location],
url=LIBVIRT_URL,
).create()
request.addfinalizer(libvirt_cr.delete)
assert libvirt_cr.name == cr_name

host = sat.api.Host(
hostgroup=provisioning_hostgroup,
organization=module_sca_manifest_org,
location=module_location,
name=host_name,
compute_resource=libvirt_cr,
compute_attributes={
'cpus': 1,
'memory': 6442450944,
'firmware': pxe_loader.vm_firmware,
'start': '1',
'volumes_attributes': {
'0': {
'capacity': '10G',
},
},
},
interfaces_attributes={
'0': {
'type': 'interface',
'primary': True,
'managed': True,
'compute_attributes': {
'compute_type': 'bridge',
'bridge': f'br-{settings.provisioning.vlan_id}',
},
}
},
provision_method='build',
host_parameters_attributes=[
{'name': 'remote_execution_connect_by_ip', 'value': 'true', 'parameter_type': 'boolean'}
],
build=True,
).create(create_missing=False)
request.addfinalizer(lambda: sat.provisioning_cleanup(host.name))
assert host.name == f'{host_name}.{module_libvirt_provisioning_sat.domain.name}'
# Check on Libvirt, if VM exists
result = sat.execute(
f'su foreman -s /bin/bash -c "virsh -c {LIBVIRT_URL} list --state-running"'
)
assert host_name in result.stdout
# check the build status
wait_for(
lambda: host.read().build_status_label != 'Pending installation',
timeout=1500,
delay=10,
)
assert host.read().build_status_label == 'Installed'

# Verify SecureBoot is enabled on host after provisioning is completed sucessfully
if pxe_loader.vm_firmware == 'uefi_secure_boot':
provisioning_host = ContentHost(host.ip)
# Wait for the host to be rebooted and SSH daemon to be started.
provisioning_host.wait_for_connection()
assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout
19 changes: 15 additions & 4 deletions tests/foreman/cli/test_computeresource_libvirt.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
from robottelo.config import settings
from robottelo.constants import FOREMAN_PROVIDERS, LIBVIRT_RESOURCE_URL
from robottelo.exceptions import CLIReturnCodeError
from robottelo.hosts import ContentHost
from robottelo.utils.datafactory import parametrized

LIBVIRT_URL = LIBVIRT_RESOURCE_URL % settings.libvirt.libvirt_hostname
Expand Down Expand Up @@ -379,11 +380,12 @@ def test_positive_update_console_password(libvirt_url, set_console_password, mod

@pytest.mark.e2e
@pytest.mark.on_premises_provisioning
@pytest.mark.tier3
@pytest.mark.rhel_ver_match('[^6]')
@pytest.mark.rhel_ver_match('[8]')
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True)
@pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True)
def test_positive_provision_end_to_end(
request,
pxe_loader,
setting_update,
module_libvirt_provisioning_sat,
module_sca_manifest_org,
Expand All @@ -410,7 +412,7 @@ def test_positive_provision_end_to_end(
:BZ: 2236693
:Verifies: SAT-22491
:Verifies: SAT-22491, SAT-25808
:customerscenario: true
"""
Expand All @@ -427,6 +429,7 @@ def test_positive_provision_end_to_end(
}
)
assert libvirt_cr['name'] == cr_name

host = sat.cli.Host.create(
{
'name': hostname,
Expand All @@ -436,9 +439,10 @@ def test_positive_provision_end_to_end(
'compute-resource-id': libvirt_cr['id'],
'ip': None,
'mac': None,
'compute-attributes': 'cpus=1, memory=6442450944, start=1',
'compute-attributes': f'cpus=1, memory=6442450944, start=1, firmware={pxe_loader.vm_firmware}',
'interface': f'compute_type=bridge,compute_bridge=br-{settings.provisioning.vlan_id}',
'volume': 'capacity=10',
'parameters': 'name=remote_execution_connect_by_ip,' 'type=boolean,' 'value=true',
'provision-method': 'build',
}
)
Expand All @@ -463,3 +467,10 @@ def test_positive_provision_end_to_end(
)
host_info = sat.cli.Host.info({'id': host['id']})
assert host_info['status']['build-status'] == 'Installed'

# Verify SecureBoot is enabled on host after provisioning is completed sucessfully
if pxe_loader.vm_firmware == 'uefi_secure_boot':
provisioning_host = ContentHost(host_info['network']['ipv4-address'])
# Wait for the host to be rebooted and SSH daemon to be started.
provisioning_host.wait_for_connection()
assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout
43 changes: 34 additions & 9 deletions tests/foreman/ui/test_computeresource_libvirt.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
FOREMAN_PROVIDERS,
LIBVIRT_RESOURCE_URL,
)
from robottelo.hosts import ContentHost

pytestmark = [pytest.mark.skip_if_not_set('libvirt')]

Expand Down Expand Up @@ -119,17 +120,19 @@ def test_positive_end_to_end(session, module_target_sat, module_org, module_loca

@pytest.mark.e2e
@pytest.mark.on_premises_provisioning
@pytest.mark.tier4
@pytest.mark.rhel_ver_match('[^6]')
@pytest.mark.rhel_ver_match('[9]')
@pytest.mark.parametrize('setting_update', ['destroy_vm_on_host_delete=True'], indirect=True)
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi', 'secureboot'], indirect=True)
def test_positive_provision_end_to_end(
request,
pxe_loader,
setting_update,
module_sca_manifest_org,
module_location,
provisioning_hostgroup,
module_libvirt_provisioning_sat,
module_provisioning_rhel_content,
module_ssh_key_file,
):
"""Provision Host on libvirt compute resource, and delete it afterwards
Expand All @@ -141,7 +144,7 @@ def test_positive_provision_end_to_end(
:BZ: 1243223, 2236693
:Verifies: SAT-22491
:Verifies: SAT-22491, SAT-25808
:parametrized: yes
"""
Expand All @@ -154,6 +157,13 @@ def test_positive_provision_end_to_end(
location=[module_location],
organization=[module_sca_manifest_org],
).create()

existing_params = provisioning_hostgroup.group_parameters_attributes
provisioning_hostgroup.group_parameters_attributes = [
{'name': 'remote_execution_connect_by_ip', 'value': 'true', 'parameter_type': 'boolean'},
] + existing_params
provisioning_hostgroup.update(['group_parameters_attributes'])

with sat.ui_session() as session:
session.organization.select(module_sca_manifest_org.name)
session.location.select(module_location.name)
Expand Down Expand Up @@ -182,17 +192,32 @@ def test_positive_provision_end_to_end(
assert hostname in result.stdout
# Wait for provisioning to complete and report status back to Satellite
wait_for(
lambda: session.host.get_details(name)['properties']['properties_table']['Build']
!= 'Pending installation clear',
lambda: session.host_new.get_host_statuses(name)['Build']['Status']
!= 'Pending installation',
timeout=1800,
delay=30,
fail_func=session.browser.refresh,
silent_failure=True,
handle_exception=True,
)
assert (
session.host.get_details(name)['properties']['properties_table']['Build']
== 'Installed clear'
)
values = session.host_new.get_host_statuses(name)
assert values['Build']['Status'] == 'Installed'

# Verify SecureBoot is enabled on host after provisioning is completed sucessfully
if pxe_loader.vm_firmware == 'uefi_secure_boot':
host = sat.api.Host().search(query={'host': hostname})[0].read()
provisioning_host = ContentHost(host.ip, auth=module_ssh_key_file)
# Wait for the host to be rebooted and SSH daemon to be started.
provisioning_host.wait_for_connection()
# Enable Root Login
if int(host.operatingsystem.read().major) >= 9:
assert (
provisioning_host.execute(
'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
).status
== 0
)
assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout

session.host.delete(name)
assert not sat.api.Host().search(query={'search': f'name="{name}"'})

0 comments on commit 885ff7d

Please sign in to comment.