particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test: add test for fdo interface in simplified installer

Browse source
This commit is contained in:
Mario Cattamo 2023-11-14 16:29:36 +01:00 committed by Achilleas Koutsou
parent 4870a836f3
commit a4ebf53ad8
2 changed files with 55 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

32
test/cases/ostree-simplified-installer.sh
View file

@ -26,6 +26,11 @@ do
done done
# Prepare service api server config filef # Prepare service api server config filef
sudo /usr/local/bin/yq -iy '.service_info.diskencryption_clevis |= [{disk_label: "/dev/vda4", reencrypt: true, binding: {pin: "tpm2", config: "{}"}}]' /etc/fdo/aio/configs/serviceinfo_api_server.yml sudo /usr/local/bin/yq -iy '.service_info.diskencryption_clevis |= [{disk_label: "/dev/vda4", reencrypt: true, binding: {pin: "tpm2", config: "{}"}}]' /etc/fdo/aio/configs/serviceinfo_api_server.yml
if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then
# Modify manufacturing server config to process fdo
# guest interface during onboarding
sudo sed -i 's/SerialNumber/MACAddress/g' /etc/fdo/aio/configs/manufacturing_server.yml
fi
sudo systemctl restart fdo-aio sudo systemctl restart fdo-aio
# workaround for bug https://bugzilla.redhat.com/show_bug.cgi?id=2213660 # workaround for bug https://bugzilla.redhat.com/show_bug.cgi?id=2213660
@ -538,6 +543,9 @@ done
# Check image installation result # Check image installation result
check_result check_result
# Get VM interface name in advance
MFG_GUEST_INT_NAME=$(sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "simple@${EDGE_GUEST_ADDRESS}" "nmcli device status | grep ethernet & exit" | awk '{print $1}')
greenprint "🕹 Get ostree install commit value" greenprint "🕹 Get ostree install commit value"
INSTALL_HASH=$(curl "${PROD_REPO_URL}/refs/heads/${OSTREE_REF}") INSTALL_HASH=$(curl "${PROD_REPO_URL}/refs/heads/${OSTREE_REF}")
@ -610,6 +618,12 @@ manufacturing_server_url="http://${FDO_SERVER_ADDRESS}:8080"
diun_pub_key_insecure="true" diun_pub_key_insecure="true"
EOF EOF
if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then
tee -a "$BLUEPRINT_FILE" > /dev/null << EOF
di_mfg_string_type_mac_iface="${MFG_GUEST_INT_NAME}"
EOF
fi
# workaround selinux bug https://bugzilla.redhat.com/show_bug.cgi?id=2026795 # workaround selinux bug https://bugzilla.redhat.com/show_bug.cgi?id=2026795
if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then
tee -a "$BLUEPRINT_FILE" > /dev/null << EOF tee -a "$BLUEPRINT_FILE" > /dev/null << EOF
@ -618,6 +632,7 @@ append = "enforcing=0"
EOF EOF
fi fi
greenprint "📄 installer blueprint" greenprint "📄 installer blueprint"
cat "$BLUEPRINT_FILE" cat "$BLUEPRINT_FILE"
@ -743,6 +758,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \
-e edge_type=edge-simplified-installer \ -e edge_type=edge-simplified-installer \
-e fdo_credential="true" \ -e fdo_credential="true" \
-e sysroot_ro="$SYSROOT_RO" \ -e sysroot_ro="$SYSROOT_RO" \
-e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \
-e fips="${FIPS}" \ -e fips="${FIPS}" \
/usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0
check_result check_result
@ -787,6 +803,12 @@ manufacturing_server_url="http://${FDO_SERVER_ADDRESS}:8080"
diun_pub_key_hash="${DIUN_PUB_KEY_HASH}" diun_pub_key_hash="${DIUN_PUB_KEY_HASH}"
EOF EOF
if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then
tee -a "$BLUEPRINT_FILE" > /dev/null << EOF
di_mfg_string_type_mac_iface="${MFG_GUEST_INT_NAME}"
EOF
fi
# workaround selinux bug https://bugzilla.redhat.com/show_bug.cgi?id=2026795 # workaround selinux bug https://bugzilla.redhat.com/show_bug.cgi?id=2026795
if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then
tee -a "$BLUEPRINT_FILE" > /dev/null << EOF tee -a "$BLUEPRINT_FILE" > /dev/null << EOF
@ -922,6 +944,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \
-e edge_type=edge-simplified-installer \ -e edge_type=edge-simplified-installer \
-e fdo_credential="true" \ -e fdo_credential="true" \
-e sysroot_ro="$SYSROOT_RO" \ -e sysroot_ro="$SYSROOT_RO" \
-e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \
-e fips="${FIPS}" \ -e fips="${FIPS}" \
/usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0
check_result check_result
@ -1060,6 +1083,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \
-e edge_type=edge-simplified-installer \ -e edge_type=edge-simplified-installer \
-e fdo_credential="true" \ -e fdo_credential="true" \
-e sysroot_ro="$SYSROOT_RO" \ -e sysroot_ro="$SYSROOT_RO" \
-e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \
-e fips="${FIPS}" \ -e fips="${FIPS}" \
/usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0
@ -1112,6 +1136,12 @@ diun_pub_key_root_certs="""
${DIUN_PUB_KEY_ROOT_CERTS}""" ${DIUN_PUB_KEY_ROOT_CERTS}"""
EOF EOF
if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then
tee -a "$BLUEPRINT_FILE" > /dev/null << EOF
di_mfg_string_type_mac_iface="${MFG_GUEST_INT_NAME}"
EOF
fi
# workaround selinux bug https://bugzilla.redhat.com/show_bug.cgi?id=2026795 # workaround selinux bug https://bugzilla.redhat.com/show_bug.cgi?id=2026795
if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then if [[ "$VERSION_ID" == "9.3" || "$VERSION_ID" == "9" ]]; then
tee -a "$BLUEPRINT_FILE" > /dev/null << EOF tee -a "$BLUEPRINT_FILE" > /dev/null << EOF
@ -1228,6 +1258,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \
-e edge_type=edge-simplified-installer \ -e edge_type=edge-simplified-installer \
-e fdo_credential="true" \ -e fdo_credential="true" \
-e sysroot_ro="$SYSROOT_RO" \ -e sysroot_ro="$SYSROOT_RO" \
-e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \
-e fips="${FIPS}" \ -e fips="${FIPS}" \
/usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0
check_result check_result
@ -1370,6 +1401,7 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \
-e edge_type=edge-simplified-installer \ -e edge_type=edge-simplified-installer \
-e fdo_credential="true" \ -e fdo_credential="true" \
-e sysroot_ro="$SYSROOT_RO" \ -e sysroot_ro="$SYSROOT_RO" \
-e mfg_guest_int_name="${MFG_GUEST_INT_NAME}" \
-e fips="${FIPS}" \ -e fips="${FIPS}" \
/usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0

23
test/data/ansible/check_ostree.yaml
View file

@ -1007,6 +1007,29 @@
- debug: - debug:
var: result_fdo_client_linuxapp_journalctl var: result_fdo_client_linuxapp_journalctl
# case: check fdo device mac in device info field within device credentials
- name: Check mac address within device credentials
block:
- name: Check MAC address of interface taken from fdo customization
shell: "cat /sys/class/net/{{ mfg_guest_int_name }}/address"
register: fdo_cust_mac_add
- name: Check mac within fdo device credentials
shell: fdo-owner-tool dump-device-credential /etc/device-credentials | grep -E 'Device Info' | awk '{print $3}'
register: dev_credentials_mac_add
- assert:
that:
- dev_credentials_mac_add.stdout == fdo_cust_mac_add.stdout
fail_msg: "Wrong device info within device credentials"
success_msg: "Device onboarded successfully via network interface"
always:
- set_fact:
total_counter: "{{ total_counter | int + 1 }}"
rescue:
- name: failed count + 1
set_fact:
failed_counter: "{{ failed_counter | int + 1 }}"
when: fdo_credential == "true"
# case: checking firewall customizations # case: checking firewall customizations
- name: Check applied firewall customizations - name: Check applied firewall customizations
block: block: