From a4ebf53ad861a07384d1f637e01a69e556c2129d Mon Sep 17 00:00:00 2001 From: Mario Cattamo Date: Tue, 14 Nov 2023 16:29:36 +0100 Subject: [PATCH] test: add test for fdo interface in simplified installer --- test/cases/ostree-simplified-installer.sh | 32 +++++++++++++++++++++++ test/data/ansible/check_ostree.yaml | 23 ++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/test/cases/ostree-simplified-installer.sh b/test/cases/ostree-simplified-installer.sh index 815bcffef..025596cc9 100755 --- a/test/cases/ostree-simplified-installer.sh +++ b/test/cases/ostree-simplified-installer.sh @@ -26,6 +26,11 @@ do done # Prepare service api server config filef sudo /usr/local/bin/yq -iy '.service_info.diskencryption_clevis |= [{disk_label: "/dev/vda4", reencrypt: true, binding: {pin: "tpm2", config: "{}"}}]' /etc/fdo/aio/configs/serviceinfo_api_server.yml +if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then + # Modify manufacturing server config to process fdo + # guest interface during onboarding + sudo sed -i 's/SerialNumber/MACAddress/g' /etc/fdo/aio/configs/manufacturing_server.yml +fi sudo systemctl restart fdo-aio # workaround for bug https://bugzilla.redhat.com/show_bug.cgi?id=2213660 @@ -538,6 +543,9 @@ done # Check image installation result check_result +# Get VM interface name in advance +MFG_GUEST_INT_NAME=$(sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "simple@${EDGE_GUEST_ADDRESS}" "nmcli device status | grep ethernet & exit" | awk '{print $1}') + greenprint "🕹 Get ostree install commit value" INSTALL_HASH=$(curl "${PROD_REPO_URL}/refs/heads/${OSTREE_REF}") @@ -610,6 +618,12 @@ manufacturing_server_url="http://${FDO_SERVER_ADDRESS}:8080" diun_pub_key_insecure="true" EOF +if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then + tee -a "$BLUEPRINT_FILE" > /dev/null << EOF +di_mfg_string_type_mac_iface="${MFG_GUEST_INT_NAME}" +EOF +fi + # workaround selinux bug https://bugzilla.redhat.com/show_bug.cgi?id=2026795 if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then tee -a "$BLUEPRINT_FILE" > /dev/null << EOF @@ -618,6 +632,7 @@ append = "enforcing=0" EOF fi + greenprint "📄 installer blueprint" cat "$BLUEPRINT_FILE" @@ -743,6 +758,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e edge_type=edge-simplified-installer \ -e fdo_credential="true" \ -e sysroot_ro="$SYSROOT_RO" \ + -e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \ -e fips="${FIPS}" \ /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 check_result @@ -787,6 +803,12 @@ manufacturing_server_url="http://${FDO_SERVER_ADDRESS}:8080" diun_pub_key_hash="${DIUN_PUB_KEY_HASH}" EOF +if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then + tee -a "$BLUEPRINT_FILE" > /dev/null << EOF +di_mfg_string_type_mac_iface="${MFG_GUEST_INT_NAME}" +EOF +fi + # workaround selinux bug https://bugzilla.redhat.com/show_bug.cgi?id=2026795 if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then tee -a "$BLUEPRINT_FILE" > /dev/null << EOF @@ -922,6 +944,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e edge_type=edge-simplified-installer \ -e fdo_credential="true" \ -e sysroot_ro="$SYSROOT_RO" \ + -e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \ -e fips="${FIPS}" \ /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 check_result @@ -1060,6 +1083,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e edge_type=edge-simplified-installer \ -e fdo_credential="true" \ -e sysroot_ro="$SYSROOT_RO" \ + -e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \ -e fips="${FIPS}" \ /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 @@ -1112,6 +1136,12 @@ diun_pub_key_root_certs=""" ${DIUN_PUB_KEY_ROOT_CERTS}""" EOF +if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then + tee -a "$BLUEPRINT_FILE" > /dev/null << EOF +di_mfg_string_type_mac_iface="${MFG_GUEST_INT_NAME}" +EOF +fi + # workaround selinux bug https://bugzilla.redhat.com/show_bug.cgi?id=2026795 if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then tee -a "$BLUEPRINT_FILE" > /dev/null << EOF @@ -1228,6 +1258,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e edge_type=edge-simplified-installer \ -e fdo_credential="true" \ -e sysroot_ro="$SYSROOT_RO" \ + -e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \ -e fips="${FIPS}" \ /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 check_result @@ -1370,6 +1401,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e edge_type=edge-simplified-installer \ -e fdo_credential="true" \ -e sysroot_ro="$SYSROOT_RO" \ + -e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \ -e fips="${FIPS}" \ /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 diff --git a/test/data/ansible/check_ostree.yaml b/test/data/ansible/check_ostree.yaml index 2d2106e1f..f7cd00b11 100644 --- a/test/data/ansible/check_ostree.yaml +++ b/test/data/ansible/check_ostree.yaml @@ -1007,6 +1007,29 @@ - debug: var: result_fdo_client_linuxapp_journalctl + # case: check fdo device mac in device info field within device credentials + - name: Check mac address within device credentials + block: + - name: Check MAC address of interface taken from fdo customization + shell: "cat /sys/class/net/{{ mfg_guest_int_name }}/address" + register: fdo_cust_mac_add + - name: Check mac within fdo device credentials + shell: fdo-owner-tool dump-device-credential /etc/device-credentials | grep -E 'Device Info' | awk '{print $3}' + register: dev_credentials_mac_add + - assert: + that: + - dev_credentials_mac_add.stdout == fdo_cust_mac_add.stdout + fail_msg: "Wrong device info within device credentials" + success_msg: "Device onboarded successfully via network interface" + always: + - set_fact: + total_counter: "{{ total_counter | int + 1 }}" + rescue: + - name: failed count + 1 + set_fact: + failed_counter: "{{ failed_counter | int + 1 }}" + when: fdo_credential == "true" + # case: checking firewall customizations - name: Check applied firewall customizations block: