Merge "Secure boot support for irmc-virtual-media driver"
This commit is contained in:
commit
333eae274f
@ -214,6 +214,8 @@ Node configuration
|
|||||||
irmc_username.
|
irmc_username.
|
||||||
- ``properties/capabilities`` property to be ``boot_mode:uefi`` if
|
- ``properties/capabilities`` property to be ``boot_mode:uefi`` if
|
||||||
UEFI boot is required.
|
UEFI boot is required.
|
||||||
|
- ``properties/capabilities`` property to be ``secure_boot:true`` if
|
||||||
|
Secure Boot is required.
|
||||||
- ``driver_info/irmc_deploy_iso`` property to be either ``deploy iso
|
- ``driver_info/irmc_deploy_iso`` property to be either ``deploy iso
|
||||||
file name``, ``Glance UUID``, ``Glance URL`` or ``Image Service
|
file name``, ``Glance UUID``, ``Glance URL`` or ``Image Service
|
||||||
URL``.
|
URL``.
|
||||||
@ -296,6 +298,8 @@ Node configuration
|
|||||||
irmc_username.
|
irmc_username.
|
||||||
- ``properties/capabilities`` property to be ``boot_mode:uefi`` if
|
- ``properties/capabilities`` property to be ``boot_mode:uefi`` if
|
||||||
UEFI boot is required.
|
UEFI boot is required.
|
||||||
|
- ``properties/capabilities`` property to be ``secure_boot:true`` if
|
||||||
|
Secure Boot is required.
|
||||||
- ``driver_info/irmc_deploy_iso`` property to be either ``deploy iso
|
- ``driver_info/irmc_deploy_iso`` property to be either ``deploy iso
|
||||||
file name``, ``Glance UUID``, ``Glance URL`` or ``Image Service
|
file name``, ``Glance UUID``, ``Glance URL`` or ``Image Service
|
||||||
URL``.
|
URL``.
|
||||||
|
@ -995,6 +995,10 @@ class IRMCVirtualMediaBoot(base.BootInterface, IRMCVolumeBootMixIn):
|
|||||||
root_uuid_or_disk_id = driver_internal_info['root_uuid_or_disk_id']
|
root_uuid_or_disk_id = driver_internal_info['root_uuid_or_disk_id']
|
||||||
self._configure_vmedia_boot(task, root_uuid_or_disk_id)
|
self._configure_vmedia_boot(task, root_uuid_or_disk_id)
|
||||||
|
|
||||||
|
# Enable secure boot, if being requested
|
||||||
|
if deploy_utils.is_secure_boot_requested(node):
|
||||||
|
irmc_common.set_secure_boot_mode(node, enable=True)
|
||||||
|
|
||||||
@METRICS.timer('IRMCVirtualMediaBoot.clean_up_instance')
|
@METRICS.timer('IRMCVirtualMediaBoot.clean_up_instance')
|
||||||
def clean_up_instance(self, task):
|
def clean_up_instance(self, task):
|
||||||
"""Cleans up the boot of instance.
|
"""Cleans up the boot of instance.
|
||||||
@ -1010,6 +1014,10 @@ class IRMCVirtualMediaBoot(base.BootInterface, IRMCVolumeBootMixIn):
|
|||||||
self._cleanup_boot_from_volume(task)
|
self._cleanup_boot_from_volume(task)
|
||||||
return
|
return
|
||||||
|
|
||||||
|
# Disable secure boot, if enabled secure boot
|
||||||
|
if deploy_utils.is_secure_boot_requested(task.node):
|
||||||
|
irmc_common.set_secure_boot_mode(task.node, enable=False)
|
||||||
|
|
||||||
_remove_share_file(_get_boot_iso_name(task.node))
|
_remove_share_file(_get_boot_iso_name(task.node))
|
||||||
driver_internal_info = task.node.driver_internal_info
|
driver_internal_info = task.node.driver_internal_info
|
||||||
driver_internal_info.pop('irmc_boot_iso', None)
|
driver_internal_info.pop('irmc_boot_iso', None)
|
||||||
|
@ -1075,6 +1075,139 @@ class IRMCVirtualMediaBootTestCase(db_base.DbTestCase):
|
|||||||
self.assertRaises(ValueError, cfg.CONF.set_override,
|
self.assertRaises(ValueError, cfg.CONF.set_override,
|
||||||
'remote_image_share_type', 'fake', 'irmc')
|
'remote_image_share_type', 'fake', 'irmc')
|
||||||
|
|
||||||
|
@mock.patch.object(irmc_common, 'set_secure_boot_mode', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
@mock.patch.object(irmc_boot.IRMCVirtualMediaBoot,
|
||||||
|
'_configure_vmedia_boot', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
@mock.patch.object(irmc_boot, '_cleanup_vmedia_boot', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
def test_prepare_instance_with_secure_boot(self, mock_cleanup_vmedia_boot,
|
||||||
|
mock_configure_vmedia_boot,
|
||||||
|
mock_set_secure_boot_mode):
|
||||||
|
self.node.driver_internal_info = {'root_uuid_or_disk_id': "12312642"}
|
||||||
|
self.node.provision_state = states.DEPLOYING
|
||||||
|
self.node.target_provision_state = states.ACTIVE
|
||||||
|
self.node.instance_info = {
|
||||||
|
'capabilities': {
|
||||||
|
"secure_boot": "true"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
self.node.save()
|
||||||
|
with task_manager.acquire(self.context, self.node.uuid,
|
||||||
|
shared=False) as task:
|
||||||
|
task.driver.boot.prepare_instance(task)
|
||||||
|
mock_cleanup_vmedia_boot.assert_called_once_with(task)
|
||||||
|
mock_set_secure_boot_mode.assert_called_once_with(task.node,
|
||||||
|
enable=True)
|
||||||
|
mock_configure_vmedia_boot.assert_called_once_with(mock.ANY, task,
|
||||||
|
"12312642")
|
||||||
|
|
||||||
|
@mock.patch.object(irmc_common, 'set_secure_boot_mode', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
@mock.patch.object(irmc_boot.IRMCVirtualMediaBoot,
|
||||||
|
'_configure_vmedia_boot', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
@mock.patch.object(irmc_boot, '_cleanup_vmedia_boot', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
def test_prepare_instance_with_secure_boot_false(
|
||||||
|
self, mock_cleanup_vmedia_boot, mock_configure_vmedia_boot,
|
||||||
|
mock_set_secure_boot_mode):
|
||||||
|
self.node.driver_internal_info = {'root_uuid_or_disk_id': "12312642"}
|
||||||
|
self.node.provision_state = states.DEPLOYING
|
||||||
|
self.node.target_provision_state = states.ACTIVE
|
||||||
|
self.node.instance_info = {
|
||||||
|
'capabilities': {
|
||||||
|
"secure_boot": "false"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
self.node.save()
|
||||||
|
with task_manager.acquire(self.context, self.node.uuid,
|
||||||
|
shared=False) as task:
|
||||||
|
task.driver.boot.prepare_instance(task)
|
||||||
|
mock_cleanup_vmedia_boot.assert_called_once_with(task)
|
||||||
|
self.assertFalse(mock_set_secure_boot_mode.called)
|
||||||
|
mock_configure_vmedia_boot.assert_called_once_with(mock.ANY, task,
|
||||||
|
"12312642")
|
||||||
|
|
||||||
|
@mock.patch.object(irmc_common, 'set_secure_boot_mode', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
@mock.patch.object(irmc_boot.IRMCVirtualMediaBoot,
|
||||||
|
'_configure_vmedia_boot', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
@mock.patch.object(irmc_boot, '_cleanup_vmedia_boot', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
def test_prepare_instance_without_secure_boot(
|
||||||
|
self, mock_cleanup_vmedia_boot, mock_configure_vmedia_boot,
|
||||||
|
mock_set_secure_boot_mode):
|
||||||
|
self.node.driver_internal_info = {'root_uuid_or_disk_id': "12312642"}
|
||||||
|
self.node.provision_state = states.DEPLOYING
|
||||||
|
self.node.target_provision_state = states.ACTIVE
|
||||||
|
self.node.save()
|
||||||
|
with task_manager.acquire(self.context, self.node.uuid,
|
||||||
|
shared=False) as task:
|
||||||
|
task.driver.boot.prepare_instance(task)
|
||||||
|
mock_cleanup_vmedia_boot.assert_called_once_with(task)
|
||||||
|
self.assertFalse(mock_set_secure_boot_mode.called)
|
||||||
|
mock_configure_vmedia_boot.assert_called_once_with(mock.ANY, task,
|
||||||
|
"12312642")
|
||||||
|
|
||||||
|
@mock.patch.object(irmc_common, 'set_secure_boot_mode', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
@mock.patch.object(irmc_boot, '_cleanup_vmedia_boot', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
def test_clean_up_instance_with_secure_boot(self, mock_cleanup_vmedia_boot,
|
||||||
|
mock_set_secure_boot_mode):
|
||||||
|
self.node.provision_state = states.CLEANING
|
||||||
|
self.node.target_provision_state = states.AVAILABLE
|
||||||
|
self.node.instance_info = {
|
||||||
|
'capabilities': {
|
||||||
|
"secure_boot": "true"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
self.node.save()
|
||||||
|
with task_manager.acquire(self.context, self.node.uuid,
|
||||||
|
shared=False) as task:
|
||||||
|
task.driver.boot.clean_up_instance(task)
|
||||||
|
mock_set_secure_boot_mode.assert_called_once_with(task.node,
|
||||||
|
enable=False)
|
||||||
|
mock_cleanup_vmedia_boot.assert_called_once_with(task)
|
||||||
|
|
||||||
|
@mock.patch.object(irmc_common, 'set_secure_boot_mode', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
@mock.patch.object(irmc_boot, '_cleanup_vmedia_boot', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
def test_clean_up_instance_with_secure_boot_false(
|
||||||
|
self, mock_cleanup_vmedia_boot, mock_set_secure_boot_mode):
|
||||||
|
self.node.provision_state = states.CLEANING
|
||||||
|
self.node.target_provision_state = states.AVAILABLE
|
||||||
|
self.node.instance_info = {
|
||||||
|
'capabilities': {
|
||||||
|
"secure_boot": "false"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
self.node.save()
|
||||||
|
with task_manager.acquire(self.context, self.node.uuid,
|
||||||
|
shared=False) as task:
|
||||||
|
task.driver.boot.clean_up_instance(task)
|
||||||
|
self.assertFalse(mock_set_secure_boot_mode.called)
|
||||||
|
mock_cleanup_vmedia_boot.assert_called_once_with(task)
|
||||||
|
|
||||||
|
@mock.patch.object(irmc_common, 'set_secure_boot_mode', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
@mock.patch.object(irmc_boot, '_cleanup_vmedia_boot', spec_set=True,
|
||||||
|
autospec=True)
|
||||||
|
def test_clean_up_instance_without_secure_boot(
|
||||||
|
self, mock_cleanup_vmedia_boot, mock_set_secure_boot_mode):
|
||||||
|
self.node.provision_state = states.CLEANING
|
||||||
|
self.node.target_provision_state = states.AVAILABLE
|
||||||
|
self.node.save()
|
||||||
|
with task_manager.acquire(self.context, self.node.uuid,
|
||||||
|
shared=False) as task:
|
||||||
|
task.driver.boot.clean_up_instance(task)
|
||||||
|
self.assertFalse(mock_set_secure_boot_mode.called)
|
||||||
|
mock_cleanup_vmedia_boot.assert_called_once_with(task)
|
||||||
|
|
||||||
|
|
||||||
class IRMCPXEBootTestCase(db_base.DbTestCase):
|
class IRMCPXEBootTestCase(db_base.DbTestCase):
|
||||||
|
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds support to provision an instance in secure boot mode for
|
||||||
|
``irmc-virtual-media`` boot interface.
|
Loading…
x
Reference in New Issue
Block a user