Check UEFI var are kept when a VM changes host

conftest.py

@@ -263,6 +263,12 @@ def local_sr_on_hostB1(hostB1):
     logging.info(">> local SR on hostB1 present : %s" % sr.uuid)
     yield sr
 
+@pytest.fixture(scope='session')
+def existing_shared_sr(host):
+    sr = host.pool.first_shared_sr()
+    assert sr is not None, "A shared SR on the pool is required"
+    yield sr
+
 @pytest.fixture(scope='session')
 def sr_disk(pytestconfig, host):
     disks = pytestconfig.getoption("sr_disk")
@@ -375,6 +381,12 @@ def imported_vm(host, vm_ref):
         logging.info("<< Destroy VM")
         vm.destroy(verify=True)
 
+@pytest.fixture(scope='module')
+def vm_on_shared_sr(imported_vm, existing_shared_sr):
+    vm = imported_vm
+    vm.migrate(vm.host, existing_shared_sr)
+    yield vm
+
 @pytest.fixture(scope="module")
 def started_vm(imported_vm):
     vm = imported_vm

tests/misc/test_basic_without_ssh.py

@@ -18,12 +18,6 @@
 #   the local SR or shared SR: the test will adapt itself.
 #   Note however that an existing VM will be left on a different SR after the tests.
 
-@pytest.fixture(scope='session')
-def existing_shared_sr(host):
-    sr = host.pool.first_shared_sr()
-    assert sr is not None, "A shared SR on the pool is required"
-    return sr
-
 @pytest.mark.multi_vms # run them on a variety of VMs
 @pytest.mark.big_vm # and also on a really big VM ideally
 def test_vm_start_stop(imported_vm):

tests/uefi_sb/test_uefistored_sb.py

@@ -5,7 +5,8 @@
 from lib.common import wait_for
 
 from .utils import _test_key_exchanges, boot_and_check_no_sb_errors, boot_and_check_sb_failed, \
-    boot_and_check_sb_succeeded, generate_keys, revert_vm_state, sign_efi_bins, VM_SECURE_BOOT_FAILED
+    boot_and_check_sb_succeeded, generate_keys, revert_vm_state, sign_efi_bins, VM_SECURE_BOOT_FAILED, \
+    _test_uefi_var_lifecycle
 
 # These tests check the behaviour of XAPI and uefistored as they are in XCP-ng 8.2
 # For XCP-ng 8.3 or later, see test_varstored_sb.py
@@ -217,3 +218,16 @@ def test_key_exchanges(self, uefi_vm):
         vm = uefi_vm
 
         _test_key_exchanges(vm)
+
+@pytest.mark.small_vm
+@pytest.mark.usefixtures("host_less_than_8_3", "vm_on_shared_sr")
+@pytest.mark.usefixtures("pool_without_uefi_certs")
+class TestUEFIVarMigrate:
+    @pytest.fixture(autouse=True)
+    def setup_and_cleanup(self, uefi_vm_and_snapshot):
+        vm, snapshot = uefi_vm_and_snapshot
+        yield
+        revert_vm_state(vm, snapshot)
+
+    def test_uefi_var_migrate(self, host, hostA2, uefi_vm):
+        _test_uefi_var_lifecycle(uefi_vm, host, hostA2)

tests/uefi_sb/test_varstored_sb.py

@@ -2,7 +2,7 @@
 import pytest
 
 from .utils import _test_key_exchanges, boot_and_check_no_sb_errors, boot_and_check_sb_failed, \
-    boot_and_check_sb_succeeded, generate_keys, revert_vm_state, sign_efi_bins
+    boot_and_check_sb_succeeded, generate_keys, revert_vm_state, sign_efi_bins, _test_uefi_var_lifecycle
 
 # These tests check the behaviour of XAPI and varstored as they are in XCP-ng 8.3
 # For XCP-ng 8.2, see test_uefistored_sb.py
@@ -153,3 +153,15 @@ def test_key_exchanges(self, uefi_vm):
         vm.set_uefi_setup_mode()
 
         _test_key_exchanges(vm)
+
+@pytest.mark.small_vm
+@pytest.mark.usefixtures("host_at_least_8_3", "vm_on_shared_sr")
+class TestUEFIVarMigrate:
+    @pytest.fixture(autouse=True)
+    def setup_and_cleanup(self, uefi_vm_and_snapshot):
+        vm, snapshot = uefi_vm_and_snapshot
+        yield
+        revert_vm_state(vm, snapshot)
+
+    def test_uefi_var_migrate(self, host, hostA2, uefi_vm):
+        _test_uefi_var_lifecycle(uefi_vm, host, hostA2)

tests/uefi_sb/utils.py

@@ -173,3 +173,30 @@ def check_vm_cert_md5sum(vm, key, reference_file):
     assert res.returncode == 0, f"Cert {key} must be present"
     reference_md5 = get_md5sum_from_auth(reference_file)
     assert hashlib.md5(res.stdout).hexdigest() == reference_md5
+
+def _test_uefi_var_lifecycle(vm, source_host, dest_host):
+    shared_sr = source_host.pool.first_shared_sr()
+    vm.start(on=source_host.uuid)
+    vm.wait_for_os_booted()
+
+    res = vm.host.ssh(['varstore-ls', vm.uuid], simple_output=False)
+    reference = {}
+    for line in res.stdout.splitlines():
+        splitted_line = line.split(' ')
+        assert len(splitted_line) == 2
+        guid, name = splitted_line[0], splitted_line[1]
+        returned_res = vm.host.ssh(['varstore-get', vm.uuid, guid, name],
+                                   simple_output=False, decode=False)
+        md5 = hashlib.md5(returned_res.stdout).hexdigest()
+        reference[(guid, name)] = md5
+
+    vm.shutdown(verify=True)
+    vm.start(on=dest_host.uuid)
+
+    # Check UEFI var are kept
+    for key, value in reference.items():
+        guid, name = key[0], key[1]
+        returned_res = vm.host.ssh(['varstore-get', vm.uuid, guid, name],
+                                   simple_output=False, decode=False)
+        md5 = hashlib.md5(returned_res.stdout).hexdigest()
+        assert md5 == value