diff --git a/conftest.py b/conftest.py index 3c176a49..d6a595b8 100644 --- a/conftest.py +++ b/conftest.py @@ -263,6 +263,12 @@ def local_sr_on_hostB1(hostB1): logging.info(">> local SR on hostB1 present : %s" % sr.uuid) yield sr +@pytest.fixture(scope='session') +def existing_shared_sr(host): + sr = host.pool.first_shared_sr() + assert sr is not None, "A shared SR on the pool is required" + return sr + @pytest.fixture(scope='session') def sr_disk(pytestconfig, host): disks = pytestconfig.getoption("sr_disk") diff --git a/tests/misc/test_basic_without_ssh.py b/tests/misc/test_basic_without_ssh.py index de291561..33799a59 100644 --- a/tests/misc/test_basic_without_ssh.py +++ b/tests/misc/test_basic_without_ssh.py @@ -18,12 +18,6 @@ # the local SR or shared SR: the test will adapt itself. # Note however that an existing VM will be left on a different SR after the tests. -@pytest.fixture(scope='session') -def existing_shared_sr(host): - sr = host.pool.first_shared_sr() - assert sr is not None, "A shared SR on the pool is required" - return sr - @pytest.mark.multi_vms # run them on a variety of VMs @pytest.mark.big_vm # and also on a really big VM ideally def test_vm_start_stop(imported_vm): diff --git a/tests/uefi_sb/test_uefistored_sb.py b/tests/uefi_sb/test_uefistored_sb.py index 459d1437..60e5df8c 100644 --- a/tests/uefi_sb/test_uefistored_sb.py +++ b/tests/uefi_sb/test_uefistored_sb.py @@ -5,7 +5,8 @@ from lib.common import wait_for from .utils import test_key_exchanges, boot_and_check_no_sb_errors, boot_and_check_sb_failed, \ - boot_and_check_sb_succeeded, generate_keys, revert_vm_state, sign_efi_bins, VM_SECURE_BOOT_FAILED + boot_and_check_sb_succeeded, generate_keys, revert_vm_state, sign_efi_bins, VM_SECURE_BOOT_FAILED, \ + test_uefi_var_migrate # These tests check the behaviour of XAPI and uefistored as they are in XCP-ng 8.2 # For XCP-ng 8.3 or later, see test_varstored_sb.py @@ -217,3 +218,16 @@ def test_key_exchanges(self, uefi_vm): vm = uefi_vm test_key_exchanges(vm) + +@pytest.mark.small_vm +@pytest.mark.usefixtures("host_less_than_8_3", "existing_shared_sr") +@pytest.mark.usefixtures("pool_without_uefi_certs") +class TestUEFIVarMigrate: + @pytest.fixture(autouse=True) + def setup_and_cleanup(self, uefi_vm_and_snapshot): + vm, snapshot = uefi_vm_and_snapshot + yield + revert_vm_state(vm, snapshot) + + def test_uefi_var_migrate(self, host, hostA2, uefi_vm): + test_uefi_var_migrate(uefi_vm, host, hostA2) diff --git a/tests/uefi_sb/test_varstored_sb.py b/tests/uefi_sb/test_varstored_sb.py index 406f9e16..d610f040 100644 --- a/tests/uefi_sb/test_varstored_sb.py +++ b/tests/uefi_sb/test_varstored_sb.py @@ -2,7 +2,7 @@ import pytest from .utils import test_key_exchanges, boot_and_check_no_sb_errors, boot_and_check_sb_failed, \ - boot_and_check_sb_succeeded, generate_keys, revert_vm_state, sign_efi_bins + boot_and_check_sb_succeeded, generate_keys, revert_vm_state, sign_efi_bins, test_uefi_var_migrate # These tests check the behaviour of XAPI and varstored as they are in XCP-ng 8.3 # For XCP-ng 8.2, see test_uefistored_sb.py @@ -153,3 +153,15 @@ def test_key_exchanges(self, uefi_vm): vm.set_uefi_setup_mode() test_key_exchanges(vm) + +@pytest.mark.small_vm +@pytest.mark.usefixtures("host_at_least_8_3", "existing_shared_sr") +class TestUEFIVarMigrate: + @pytest.fixture(autouse=True) + def setup_and_cleanup(self, uefi_vm_and_snapshot): + vm, snapshot = uefi_vm_and_snapshot + yield + revert_vm_state(vm, snapshot) + + def test_uefi_var_migrate(self, host, hostA2, uefi_vm): + test_uefi_var_migrate(uefi_vm, host, hostA2) diff --git a/tests/uefi_sb/utils.py b/tests/uefi_sb/utils.py index c8d89079..7ff10fba 100644 --- a/tests/uefi_sb/utils.py +++ b/tests/uefi_sb/utils.py @@ -173,3 +173,20 @@ def check_vm_cert_md5sum(vm, key, reference_file): assert res.returncode == 0, f"Cert {key} must be present" reference_md5 = get_md5sum_from_auth(reference_file) assert hashlib.md5(res.stdout).hexdigest() == reference_md5 + +def test_uefi_var_migrate(vm, source_host, dest_host): + shared_sr = source_host.pool.first_shared_sr() + vm.clear_uefi_variables() + pool_auths = generate_keys(as_dict=True) + vm.host.pool.install_custom_uefi_certs([pool_auths[key] for key in ['PK', 'KEK', 'db', 'dbx']]) + vm.start(on=source_host.uuid) + vm.wait_for_os_booted() + logging.info("Check that the VM certs were kept before live migration: PK, KEK, db, dbx") + for key in ['PK', 'KEK', 'db', 'dbx']: + check_vm_cert_md5sum(vm, key, pool_auths[key].auth) + vm.migrate(dest_host, shared_sr) + + # Check UEFI var kept upon live migration + logging.info("Check that the VM certs were kept after live migration: PK, KEK, db, dbx") + for key in ['PK', 'KEK', 'db', 'dbx']: + check_vm_cert_md5sum(vm, key, pool_auths[key].auth)