From a7761b63a46f7faa621faa93c3c3463432c551f0 Mon Sep 17 00:00:00 2001 From: Martin Necas Date: Wed, 11 Dec 2024 14:19:42 +0100 Subject: [PATCH] MTV-1632 | Add secureboot to vsphere Issue: When creating the VM from vSphere on kubevirt the MTV always defaulted the secureboot to false. Fix: Add the secureboot to the inventory and to main controller to pass it to the KubeVirt. Ref: https://issues.redhat.com/browse/MTV-1632 Signed-off-by: Martin Necas --- pkg/controller/plan/adapter/vsphere/builder.go | 8 +------- pkg/controller/provider/container/vsphere/collector.go | 2 ++ pkg/controller/provider/container/vsphere/model.go | 4 ++++ pkg/controller/provider/model/vsphere/model.go | 1 + pkg/controller/provider/web/vsphere/vm.go | 2 ++ 5 files changed, 10 insertions(+), 7 deletions(-) diff --git a/pkg/controller/plan/adapter/vsphere/builder.go b/pkg/controller/plan/adapter/vsphere/builder.go index 8b8e77610..e46081aaf 100644 --- a/pkg/controller/plan/adapter/vsphere/builder.go +++ b/pkg/controller/plan/adapter/vsphere/builder.go @@ -668,15 +668,9 @@ func (r *Builder) mapFirmware(vm *model.VM, object *cnv.VirtualMachineSpec) { } switch vm.Firmware { case Efi: - // We don't distinguish between UEFI and UEFI with secure boot, but we anyway would have - // disabled secure boot, even if we knew it was enabled on the source, because the guest - // OS won't be able to boot without getting the NVRAM data. By starting the VM without - // secure boot we ease the procedure users need to do in order to make a guest OS that - // was previously configured with secure boot bootable. - secureBootEnabled := false firmware.Bootloader = &cnv.Bootloader{ EFI: &cnv.EFI{ - SecureBoot: &secureBootEnabled, + SecureBoot: &vm.SecureBoot, }} default: firmware.Bootloader = &cnv.Bootloader{BIOS: &cnv.BIOS{}} diff --git a/pkg/controller/provider/container/vsphere/collector.go b/pkg/controller/provider/container/vsphere/collector.go index fdacbc83c..5dd2ad4f4 100644 --- a/pkg/controller/provider/container/vsphere/collector.go +++ b/pkg/controller/provider/container/vsphere/collector.go @@ -101,6 +101,7 @@ const ( fUUID = "config.uuid" fFirmware = "config.firmware" fFtInfo = "config.ftInfo" + fBootOptions = "config.bootOptions" fCpuAffinity = "config.cpuAffinity" fCpuHotAddEnabled = "config.cpuHotAddEnabled" fCpuHotRemoveEnabled = "config.cpuHotRemoveEnabled" @@ -729,6 +730,7 @@ func (r *Collector) vmPathSet() []string { fFirmware, fFtInfo, fCpuAffinity, + fBootOptions, fCpuHotAddEnabled, fCpuHotRemoveEnabled, fMemoryHotAddEnabled, diff --git a/pkg/controller/provider/container/vsphere/model.go b/pkg/controller/provider/container/vsphere/model.go index 11f9a70c1..bdd996a5d 100644 --- a/pkg/controller/provider/container/vsphere/model.go +++ b/pkg/controller/provider/container/vsphere/model.go @@ -565,6 +565,10 @@ func (v *VmAdapter) Apply(u types.ObjectUpdate) { if a, cast := p.Val.(types.VirtualMachineAffinityInfo); cast { v.model.CpuAffinity = a.AffinitySet } + case fBootOptions: + if a, cast := p.Val.(types.VirtualMachineBootOptions); cast { + v.model.SecureBoot = *a.EfiSecureBootEnabled + } case fCpuHotAddEnabled: if b, cast := p.Val.(bool); cast { v.model.CpuHotAddEnabled = b diff --git a/pkg/controller/provider/model/vsphere/model.go b/pkg/controller/provider/model/vsphere/model.go index 9e6bf7ad6..1069ce68c 100644 --- a/pkg/controller/provider/model/vsphere/model.go +++ b/pkg/controller/provider/model/vsphere/model.go @@ -268,6 +268,7 @@ type VM struct { Concerns []Concern `sql:""` GuestNetworks []GuestNetwork `sql:""` GuestIpStacks []GuestIpStack `sql:""` + SecureBoot bool `sql:""` } // Determine if current revision has been validated. diff --git a/pkg/controller/provider/web/vsphere/vm.go b/pkg/controller/provider/web/vsphere/vm.go index b019c4595..097b900a7 100644 --- a/pkg/controller/provider/web/vsphere/vm.go +++ b/pkg/controller/provider/web/vsphere/vm.go @@ -235,6 +235,7 @@ type VM struct { NICs []model.NIC `json:"nics"` GuestNetworks []model.GuestNetwork `json:"guestNetworks"` GuestIpStacks []model.GuestIpStack `json:"guestIpStacks"` + SecureBoot bool `json:"secureBoot"` } // Build the resource using the model. @@ -265,6 +266,7 @@ func (r *VM) With(m *model.VM) { r.NICs = m.NICs r.GuestNetworks = m.GuestNetworks r.GuestIpStacks = m.GuestIpStacks + r.SecureBoot = m.SecureBoot } // Build self link (URI).