Skip to content

Commit

Permalink
Add test for baremetal secureboot provisioning
Browse files Browse the repository at this point in the history
Signed-off-by: Gaurav Talreja <[email protected]>
  • Loading branch information
Gauravtalreja1 committed Sep 19, 2024
1 parent 48c081e commit dac5106
Show file tree
Hide file tree
Showing 2 changed files with 113 additions and 0 deletions.
1 change: 1 addition & 0 deletions pytest_fixtures/component/provision_pxe.py
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,7 @@ def pxe_loader(request):
'uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI'},
'ipxe': {'vm_firmware': 'bios', 'pxe_loader': 'iPXE Embedded'},
'http_uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI HTTP'},
'secureboot': {'vm_firmware': 'uefi_secureboot', 'pxe_loader': 'Grub2 UEFI SecureBoot'},
}
return Box(PXE_LOADER_MAP[getattr(request, 'param', 'bios')])

Expand Down
112 changes: 112 additions & 0 deletions tests/foreman/api/test_provisioning.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
from wait_for import TimedOutError, wait_for

from robottelo.config import settings
from robottelo.hosts import get_sat_rhel_version
from robottelo.logging import logger
from robottelo.utils.installer import InstallerCommand
from robottelo.utils.issue_handlers import is_open
Expand Down Expand Up @@ -592,6 +593,117 @@ def test_rhel_pxe_provisioning_fips_enabled(
assert provisioning_host.subscribed, 'Host is not subscribed'


@pytest.mark.e2e
@pytest.mark.upgrade
@pytest.mark.on_premises_provisioning
@pytest.mark.parametrize('pxe_loader', ['secureboot'], indirect=True)
@pytest.mark.rhel_ver_match([get_sat_rhel_version().major])
def test_rhel_pxe_provisioning_secureboot_enabled(
request,
module_provisioning_sat,
provisioning_host,
pxe_loader,
module_sca_manifest_org,
module_location,
module_provisioning_rhel_content,
provisioning_hostgroup,
):
"""Simulate Secureboot baremetal provisioning of a RHEL system via PXE on RHV provider
:id: 8b33f545-c4a8-428d-8fd8-a5e402c8cd23
:steps:
1. Provision RHEL system via PXE on RHV
2. Check that resulting host is registered to Satellite
3. Check host is subscribed to Satellite
:expectedresults:
1. Host installs right version of RHEL
2. Host is registered to Satellite and subscription status is 'Success'
3. Secureboot is enabled on the host
:Verifies: SAT-23035
:customerscenario: true
:parametrized: yes
"""
host_mac_addr = provisioning_host._broker_args['provisioning_nic_mac_addr']
sat = module_provisioning_sat.sat
host = sat.api.Host(
hostgroup=provisioning_hostgroup,
organization=module_sca_manifest_org,
location=module_location,
name=gen_string('alpha').lower(),
mac=host_mac_addr,
operatingsystem=module_provisioning_rhel_content.os,
subnet=module_provisioning_sat.subnet,
host_parameters_attributes=[
{'name': 'remote_execution_connect_by_ip', 'value': 'true', 'parameter_type': 'boolean'}
],
build=True, # put the host in build mode
).create(create_missing=False)
# Clean up the host to free IP leases on Satellite.
# broker should do that as a part of the teardown, putting here just to make sure.
request.addfinalizer(lambda: sat.provisioning_cleanup(host.name))

# Start the VM, do not ensure that we can connect to SSHD
provisioning_host.power_control(ensure=False)

# TODO: Implement Satellite log capturing logic to verify that
# all the events are captured in the logs.

# Host should do call back to the Satellite reporting
# the result of the installation. Wait until Satellite reports that the host is installed.
wait_for(
lambda: host.read().build_status_label != 'Pending installation',
timeout=1500,
delay=10,
)
host = host.read()
assert host.build_status_label == 'Installed'

# Change the hostname of the host as we know it already.
# In the current infra environment we do not support
# addressing hosts using FQDNs, falling back to IP.
provisioning_host.hostname = host.ip
# Host is not blank anymore
provisioning_host.blank = False

import time

time.sleep(20000)
# Wait for the host to be rebooted and SSH daemon to be started.
provisioning_host.wait_for_connection()

# Perform version check and check if root password is properly updated
host_os = host.operatingsystem.read()
expected_rhel_version = f'{host_os.major}.{host_os.minor}'

if int(host_os.major) >= 9:
assert (
provisioning_host.execute(
'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
).status
== 0
)
host_ssh_os = sat.execute(
f'sshpass -p {settings.provisioning.host_root_password} '
'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
f'-o UserKnownHostsFile=/dev/null root@{provisioning_host.hostname} cat /etc/redhat-release'
)
assert host_ssh_os.status == 0
assert (
expected_rhel_version in host_ssh_os.stdout
), 'Different than the expected OS version was installed'

# Verify host is subscribed and consumes subsctiption provided by the activation key
assert provisioning_host.subscribed, 'Host is not subscribed'

# Verify SecureBoot is enabled on host after provisioning is completed sucessfully
assert 'SecureBoot enabled' in provisioning_host.execute('mokutil --sb-state').stdout


@pytest.mark.e2e
@pytest.mark.parametrize('pxe_loader', ['bios', 'uefi'], indirect=True)
@pytest.mark.skip(reason='Skipping till we have destructive support')
Expand Down

0 comments on commit dac5106

Please sign in to comment.