Merge branch 'master' into convert_bookmarks_scenario_to_new_format

SatelliteQE · Nov 5, 2024 · 1771cbf · 1771cbf
2 parents 860ffc3 + 3430887
commit 1771cbf
Show file tree

Hide file tree

Showing 11 changed files with 184 additions and 54 deletions.
diff --git a/conf/ipa.yaml.template b/conf/ipa.yaml.template
@@ -9,10 +9,10 @@ IPA:
   OTP_USER: otp_user
   TIME_BASED_SECRET:  # update the time based token secret
   DISABLED_IPA_USER: disabled_user
-  GROUP_USERS:
-    - satadmin_01
-    - satuser_01
+  USERS:
+    USER: satuser_01
+    ADMIN: satadmin_01
   GROUPS:
-    - satadmins
-    - satusers
+    USERS: satusers
+    ADMINS: satadmins
   KEYTAB_URL:
diff --git a/pytest_fixtures/component/provision_pxe.py b/pytest_fixtures/component/provision_pxe.py
@@ -287,6 +287,7 @@ def pxe_loader(request):
         'uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI'},
         'ipxe': {'vm_firmware': 'bios', 'pxe_loader': 'iPXE Embedded'},
         'http_uefi': {'vm_firmware': 'uefi', 'pxe_loader': 'Grub2 UEFI HTTP'},
+        'secureboot': {'vm_firmware': 'uefi_secureboot', 'pxe_loader': 'Grub2 UEFI SecureBoot'},
     }
     return Box(PXE_LOADER_MAP[getattr(request, 'param', 'bios')])
 

diff --git a/pytest_fixtures/component/provision_vmware.py b/pytest_fixtures/component/provision_vmware.py
@@ -5,6 +5,7 @@
 from wrapanapi.systems.virtualcenter import VMWareVirtualMachine
 
 from robottelo.config import settings
+from robottelo.hosts import ContentHost
 
 
 @pytest.fixture(scope='module')
@@ -112,18 +113,24 @@ def module_vmware_image(
 
 
 @pytest.fixture
-def provisioning_vmware_host(pxe_loader, vmwareclient):
+def provisioning_vmware_host(pxe_loader, vmwareclient, module_ssh_key_file):
     """Fixture to check out blank VM on VMware"""
-    vm_boot_firmware = 'efi' if pxe_loader.vm_firmware == 'uefi' else 'bios'
-    provisioning_host = Broker(
+    vm_boot_firmware = 'efi' if pxe_loader.vm_firmware.startswith('uefi') else 'bios'
+    vm_secure_boot = 'true' if pxe_loader.vm_firmware == 'uefi_secureboot' else 'false'
+    vlan_id = settings.provisioning.vlan_id
+    with Broker(
         workflow='deploy-blank-vm-vcenter',
-        artifacts='last',
-        vm_network=settings.provisioning.vlan_id,
+        host_class=ContentHost,
+        vm_network=vlan_id,
         vm_boot_firmware=vm_boot_firmware,
-    ).execute()
-    yield provisioning_host
-    # delete the host
-    vmware_host = VMWareVirtualMachine(vmwareclient, name=provisioning_host['name'])
-    vmware_host.delete()
-    # check if vm is deleted from VMware
-    assert vmwareclient.does_vm_exist(provisioning_host['name']) is False
+        vm_secure_boot=vm_secure_boot,
+        auth=module_ssh_key_file,
+        blank=True,
+        _skip_context_checkin=True,
+    ) as provisioning_host:
+        yield provisioning_host
+        # Delete the host
+        vmware_host = VMWareVirtualMachine(vmwareclient, name=provisioning_host.name)
+        vmware_host.delete()
+        # Verify host is deleted from VMware
+        assert vmwareclient.does_vm_exist(provisioning_host.name) is False
diff --git a/pytest_fixtures/component/satellite_auth.py b/pytest_fixtures/component/satellite_auth.py
@@ -87,7 +87,7 @@ def ipa_data():
         'ldap_hostname': settings.ipa.hostname,
         'time_based_secret': settings.ipa.time_based_secret,
         'disabled_user_ipa': settings.ipa.disabled_ipa_user,
-        'group_users': settings.ipa.group_users,
+        'users': settings.ipa.users,
         'groups': settings.ipa.groups,
     }
 

diff --git a/requirements.txt b/requirements.txt
@@ -10,7 +10,7 @@ fauxfactory==3.1.1
 jinja2==3.1.4
 manifester==0.2.8
 navmazing==1.2.2
-productmd==1.40
+productmd==1.41
 pyotp==2.9.0
 python-box==7.2.0
 pytest==8.3.3

diff --git a/robottelo/config/validators.py b/robottelo/config/validators.py
@@ -172,8 +172,12 @@
             'ipa.user',
             'ipa.otp_user',
             'ipa.disabled_ipa_user',
-            'ipa.group_users',
+            'ipa.users',
+            'ipa.users.user',
+            'ipa.users.admin',
             'ipa.groups',
+            'ipa.groups.users',
+            'ipa.groups.admins',
             'ipa.keytab_url',
             'ipa.time_based_secret',
             must_exist=True,

diff --git a/robottelo/hosts.py b/robottelo/hosts.py
@@ -2581,7 +2581,7 @@ def __init__(self, sat_obj, **kwargs):
                 'base_dn': settings.ipa.basedn,
                 'disabled_user_ipa': settings.ipa.disabled_ipa_user,
                 'group_base_dn': settings.ipa.grpbasedn,
-                'group_users': settings.ipa.group_users,
+                'users': settings.ipa.users,
                 'groups': settings.ipa.groups,
                 'ipa_otp_username': settings.ipa.otp_user,
                 'ldap_user_cn': settings.ipa.username,

diff --git a/tests/foreman/api/test_computeresource_vmware.py b/tests/foreman/api/test_computeresource_vmware.py
@@ -154,12 +154,13 @@ def test_positive_provision_vmware_pxe_discovery(
         2. Provision the host
 
     :expectedresults: Host should be provisioned successfully
-
     """
-    mac = provisioning_vmware_host['provisioning_nic_mac_addr']
+    mac = provisioning_vmware_host._broker_args['provisioning_nic_mac_addr']
     sat = module_discovery_sat.sat
     # start the provisioning host
-    vmware_host = VMWareVirtualMachine(vmwareclient, name=provisioning_vmware_host['name'])
+    vmware_host = VMWareVirtualMachine(
+        vmwareclient, name=provisioning_vmware_host._broker_args['name']
+    )
     vmware_host.start()
     wait_for(
         lambda: sat.api.DiscoveredHost().search(query={'mac': mac}) != [],

diff --git a/tests/foreman/api/test_provisioning.py b/tests/foreman/api/test_provisioning.py
@@ -17,8 +17,10 @@
 from fauxfactory import gen_string
 import pytest
 from wait_for import TimedOutError, wait_for
+from wrapanapi.systems.virtualcenter import VMWareVirtualMachine
 
 from robottelo.config import settings
+from robottelo.hosts import get_sat_rhel_version
 from robottelo.logging import logger
 from robottelo.utils.installer import InstallerCommand
 from robottelo.utils.issue_handlers import is_open
@@ -592,6 +594,112 @@ def test_rhel_pxe_provisioning_fips_enabled(
     assert provisioning_host.subscribed, 'Host is not subscribed'
 
 
+@pytest.mark.e2e
+@pytest.mark.upgrade
+@pytest.mark.on_premises_provisioning
+@pytest.mark.parametrize('pxe_loader', ['secureboot'], indirect=True)
+@pytest.mark.rhel_ver_match([get_sat_rhel_version().major])
+def test_rhel_pxe_provisioning_secureboot_enabled(
+    request,
+    module_provisioning_sat,
+    vmwareclient,
+    provisioning_vmware_host,
+    pxe_loader,
+    module_sca_manifest_org,
+    module_location,
+    module_provisioning_rhel_content,
+    provisioning_hostgroup,
+):
+    """Simulate Secureboot baremetal provisioning of a RHEL system via PXE on vCenter provider
+
+    :id: 8b33f545-c4a8-428d-8fd8-a5e402c8cd23
+
+    :steps:
+        1. Provision RHEL system via PXE on vCenter provider
+        2. Check that resulting host is registered to Satellite
+        3. Check host is subscribed to Satellite
+
+    :expectedresults:
+        1. Host installs right version of RHEL
+        2. Host is registered to Satellite and subscription status is 'Success'
+        3. Secureboot is enabled on the host
+
+    :Verifies: SAT-25809
+
+    :customerscenario: true
+
+    :parametrized: yes
+    """
+    host_mac_addr = provisioning_vmware_host._broker_args['provisioning_nic_mac_addr']
+    sat = module_provisioning_sat.sat
+    host = sat.api.Host(
+        hostgroup=provisioning_hostgroup,
+        organization=module_sca_manifest_org,
+        location=module_location,
+        name=gen_string('alpha').lower(),
+        mac=host_mac_addr,
+        build=True,  # put the host in build mode
+    ).create(create_missing=False)
+    # Clean up the host to free IP leases on Satellite.
+    # broker should do that as a part of the teardown, putting here just to make sure.
+    request.addfinalizer(lambda: sat.provisioning_cleanup(host.name))
+
+    # start the provisioning host on VMware, do not ensure that we can connect to SSHD
+    vmware_host = VMWareVirtualMachine(
+        vmwareclient, name=provisioning_vmware_host._broker_args['name']
+    )
+    vmware_host.start()
+
+    # TODO: Implement Satellite log capturing logic to verify that
+    # all the events are captured in the logs.
+    # Host should do call back to the Satellite reporting
+    # the result of the installation. Wait until Satellite reports that the host is installed.
+    wait_for(
+        lambda: host.read().build_status_label != 'Pending installation',
+        timeout=1500,
+        delay=10,
+    )
+    host = host.read()
+    assert host.build_status_label == 'Installed'
+
+    # Change the hostname of the host as we know it already.
+    # In the current infra environment we do not support
+    # addressing hosts using FQDNs, falling back to IP.
+    provisioning_vmware_host.hostname = host.ip
+    # Host is not blank anymore
+    provisioning_vmware_host.blank = False
+
+    # Wait for the host to be rebooted and SSH daemon to be started.
+    provisioning_vmware_host.wait_for_connection()
+
+    # Perform version check and check if root password is properly updated
+    host_os = host.operatingsystem.read()
+    expected_rhel_version = f'{host_os.major}.{host_os.minor}'
+
+    if int(host_os.major) >= 9:
+        assert (
+            provisioning_vmware_host.execute(
+                'echo -e "\nPermitRootLogin yes" >> /etc/ssh/sshd_config; systemctl restart sshd'
+            ).status
+            == 0
+        )
+    host_ssh_os = sat.execute(
+        f'sshpass -p {settings.provisioning.host_root_password} '
+        'ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o PasswordAuthentication=yes '
+        f'-o UserKnownHostsFile=/dev/null root@{provisioning_vmware_host.hostname} cat /etc/redhat-release'
+    )
+    assert host_ssh_os.status == 0
+    assert (
+        expected_rhel_version in host_ssh_os.stdout
+    ), 'Different than the expected OS version was installed'
+
+    # Verify host is subscribed and consumes subsctiption provided by the activation key
+    assert provisioning_vmware_host.subscribed, 'Host is not subscribed'
+
+    # Verify SecureBoot is enabled on host after provisioning is completed sucessfully
+    assert 'SecureBoot enabled' in provisioning_vmware_host.execute('mokutil --sb-state').stdout
+
+
 @pytest.mark.e2e
 @pytest.mark.parametrize('pxe_loader', ['bios', 'uefi'], indirect=True)
 @pytest.mark.skip(reason='Skipping till we have destructive support')

diff --git a/tests/foreman/destructive/test_installer.py b/tests/foreman/destructive/test_installer.py
@@ -28,10 +28,15 @@ def set_random_fqdn(target_sat):
     shortname = gen_string('alpha')
     new_domain = gen_domain()
     target_sat.execute(
-        f'echo "search {new_domain}" >> /etc/resolv.conf; hostnamectl set-hostname {shortname}'
+        'mv -f /etc/resolv.conf /etc/resolv.conf.bak; '
+        f'echo "search {new_domain}" > /etc/resolv.conf; '
+        f'hostnamectl set-hostname {shortname}'
     )
     yield shortname, new_domain
-    target_sat.execute(f'hostnamectl set-hostname {target_sat.hostname}')
+    target_sat.execute(
+        'mv -f /etc/resolv.conf.bak /etc/resolv.conf; '
+        f'hostnamectl set-hostname {target_sat.hostname}'
+    )
 
 
 def test_installer_sat_pub_directory_accessibility(target_sat):