Merge pull request #8328 from vr4manta/SPLAT-1599

SPLAT-1599: Added support for secure boot and storage policies to UPI pwsh.
openshift · Apr 30, 2024 · f3d9c1f · f3d9c1f
2 parents e6b59d5 + 1b22f93
commit f3d9c1f
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 19 deletions.
diff --git a/upi/vsphere/powercli/upi-destroy.ps1 b/upi/vsphere/powercli/upi-destroy.ps1
@@ -36,7 +36,21 @@ foreach ($template in $templates) {
     Remove-Template -Template $($template.Entity) -DeletePermanently -confirm:$false
 }
 
-# Clean up storage policy
+# Clean up all resource pools
+$rps = Get-TagAssignment -Tag $tag -Entity (Get-ResourcePool)
+foreach ($rp in $rps) {
+    Write-Output "Removing resource pool $($rp.Entity)"
+    Remove-ResourcePool -ResourcePool $($rp.Entity) -confirm:$false
+}
+
+# Clean up all folders
+$folders = Get-TagAssignment -Tag $tag -Entity (Get-Folder)
+foreach ($folder in $folders) {
+    Write-Output "Removing folder $($folder.Entity)"
+    Remove-Folder -Folder $($folder.Entity) -DeletePermanently -confirm:$false
+}
+
+# Clean up storage policy.  Must be done after all other object cleanup except tag/tagCategory
 $storagePolicies = Get-SpbmStoragePolicy -Tag $tag
 
 foreach ($policy in $storagePolicies) {
@@ -47,7 +61,7 @@ foreach ($policy in $storagePolicies) {
     if ($splitResults.Count -eq 2) {
         $clusterId = $splitResults[1]
         if ($clusterId -ne "") {
-            Write-Host $clusterId
+            Write-Host "Checking for storage policies for "$clusterId
             $clusterInventory = @(Get-Inventory -Name "$($clusterId)*" -ErrorAction Continue)
 
             if ($clusterInventory.Count -eq 0) {
@@ -61,20 +75,8 @@ foreach ($policy in $storagePolicies) {
     }
 }
 
-# Clean up all resource pools
-$rps = Get-TagAssignment -Tag $tag -Entity (Get-ResourcePool)
-foreach ($rp in $rps) {
-    Write-Output "Removing resource pool $($rp.Entity)"
-    Remove-ResourcePool -ResourcePool $($rp.Entity) -confirm:$false
-}
-
-# Clean up all folders
-$folders = Get-TagAssignment -Tag $tag -Entity (Get-Folder)
-foreach ($folder in $folders) {
-    Write-Output "Removing folder $($folder.Entity)"
-    Remove-Folder -Folder $($folder.Entity) -DeletePermanently -confirm:$false
-}
-
 # Clean up tags
 Remove-Tag -Tag $tag -confirm:$false
-Remove-TagCategory -Category $tagCategory -confirm:$false
+Remove-TagCategory -Category $tagCategory -confirm:$false
+
+Disconnect-VIServer -Server $vcenter -Force:$true -Confirm:$false
diff --git a/upi/vsphere/powercli/upi-functions.ps1 b/upi/vsphere/powercli/upi-functions.ps1
@@ -17,6 +17,8 @@ function New-OpenShiftVM {
         $NumCpu,
         $ReferenceSnapshot,
         $ResourcePool,
+        $SecureBoot,
+        $StoragePolicy,
         [Parameter(Mandatory=$true)]
         $Tag,
         [Parameter(Mandatory=$true)]
@@ -35,6 +37,7 @@ function New-OpenShiftVM {
     $args.Remove('Network') > $null
     $args.Remove('MemoryMB') > $null
     $args.Remove('NumCpu') > $null
+    $args.Remove('SecureBoot') > $null
     foreach ($key in $args.Keys){
         if ($NULL -eq $($args.Item($key)) -or $($args.Item($key)) -eq "") {
             $args.Remove($key) > $null
@@ -76,6 +79,12 @@ function New-OpenShiftVM {
         New-AdvancedSetting -Entity $vm -name "guestinfo.afterburn.initrd.network-kargs" -value $kargs -Confirm:$false -Force > $null
     }
 
+    # Enable secure boot if needed
+    if ($true -eq $SecureBoot)
+    {
+        Set-SecureBoot -VM $vm
+    }
+
     return $vm
 }
 
@@ -289,7 +298,7 @@ function New-OpenshiftVMs {
 
             # Clone the virtual machine from the imported template
             #$vm = New-OpenShiftVM -Template $template -Name $name -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -LinkedClone -ReferenceSnapshot $snapshot -IgnitionData $ignition -Tag $tag -Networking $network -NumCPU $numCPU -MemoryMB $memory
-            $vm = New-OpenShiftVM -Template $template -Name $name -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -IgnitionData $ignition -Tag $tag -Networking $network -Network $node.network -NumCPU $numCPU -MemoryMB $memory
+            $vm = New-OpenShiftVM -Template $template -Name $name -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -IgnitionData $ignition -Tag $tag -Networking $network -Network $node.network -SecureBoot $secureboot -StoragePolicy $storagepolicy -NumCPU $numCPU -MemoryMB $memory
 
             # Assign tag so we can later clean up
             # New-TagAssignment -Entity $vm -Tag $tag
@@ -321,4 +330,21 @@ function New-OpenshiftVMs {
     foreach ($job in $jobs) {
         Receive-Job -Job $job
     }
+}
+
+# This function is used to set secure boot.
+function Set-SecureBoot {
+    param(
+        $VM
+    )
+
+    $spec = New-Object VMware.Vim.VirtualMachineConfigSpec
+    $spec.Firmware = [VMware.Vim.GuestOsDescriptorFirmwareType]::efi
+
+    $boot = New-Object VMware.Vim.VirtualMachineBootOptions
+    $boot.EfiSecureBootEnabled = $true
+
+    $spec.BootOptions = $boot
+
+    $VM.ExtensionData.ReconfigVM($spec)
 }
diff --git a/upi/vsphere/powercli/upi.ps1 b/upi/vsphere/powercli/upi.ps1
@@ -240,7 +240,7 @@ $template = Get-VM -Name $vm_template -Location $fds[0].datacenter
 # Create LB for Cluster
 $ignition = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((New-LoadBalancerIgnition $sshKey)))
 $network = New-VMNetworkConfig -Hostname "$($metadata.infraID)-lb" -IPAddress $lb_ip_address -Netmask $netmask -Gateway $gateway -DNS $dns -Network $failure_domains[0].network
-$vm = New-OpenShiftVM -IgnitionData $ignition -Name "$($metadata.infraID)-lb" -Template $template -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -Tag $tag -Networking $network -Network $($fds[0].network) -MemoryMB 8192 -NumCpu 4
+$vm = New-OpenShiftVM -IgnitionData $ignition -Name "$($metadata.infraID)-lb" -Template $template -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -Tag $tag -Networking $network -Network $($fds[0].network) -SecureBoot $secureboot -StoragePolicy $storagepolicy -MemoryMB 8192 -NumCpu 4
 $vm | Start-VM
 
 # Take the $virtualmachines defined in upi-variables and convert to a powershell object
@@ -517,5 +517,6 @@ if ($waitForComplete)
 
 Get-Job | Remove-Job
 
+Disconnect-VIServer -Server $vcenter -Force:$true -Confirm:$false
 
 Write-Output "Install Complete!"
diff --git a/upi/vsphere/variables.ps1.example b/upi/vsphere/variables.ps1.example
@@ -29,6 +29,8 @@ $datastore = "workload_share_vcs8eworkload_lrFsW"
 $datacenter = "IBMCloud"
 $cluster = "vcs-8e-workload"
 $vcentercredpath = "secrets/vcenter-creds.xml"
+$storagepolicy = ""
+$secureboot = $false
 
 $pullsecret = @"
 {"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}}