migration: Update external tpm case (#6351)

Running chcon on a read-only system will fail. So update case.

Signed-off-by: lcheng <[email protected]>

Author: cliping

libvirt/tests/cfg/migration/migration_with_vtpm/migration_with_external_tpm.cfg

@@ -4,7 +4,6 @@
     storage_type = 'nfs'
     setup_local_nfs = 'yes'
     disk_type = "file"
-    disk_source_protocol = "netfs"
     mnt_path_name = ${nfs_mount_dir}
     # Console output can only be monitored via virsh console output
     only_pty = True
@@ -26,6 +25,7 @@
     client_pwd = "${migrate_source_pwd}"
     status_error = "no"
     transport_type = "ssh"
+    migrate_desturi_type = "ssh"
     virsh_migrate_desturi = "qemu+ssh://${migrate_dest_host}/system"
     # vtpm setting
     func_supported_since_libvirt_ver = (9, 0, 0)
@@ -35,11 +35,8 @@
     aarch64:
         tpm_dict = {'tpm_model': 'tpm-tis', 'backend': {'backend_type': 'external', 'source': {'type': 'unix', 'mode': 'connect', 'path': '/var/tmp/guest-swtpm.sock'}}}
     statedir = "/var/tmp/mytpm"
-    swtpm_setup_path = '/usr/bin/swtpm_setup'
-    swtpm_path = '/usr/bin/swtpm'
     tpm_cmd = "tpm2_getrandom --hex 16"
     tpm_security_contexts= "user_tmp_t"
-
     variants:
         - persistent_and_p2p:
             virsh_migrate_options = "--live --p2p --verbose --undefinesource --persistent"

libvirt/tests/src/migration/migration_with_vtpm/migration_with_external_tpm.py

@@ -11,7 +11,6 @@
 
 from virttest.libvirt_xml import vm_xml
 from virttest.utils_libvirt import libvirt_vmxml
-from virttest.utils_test import libvirt
 
 from provider.migration import base_steps
 
@@ -84,41 +83,35 @@ def launch_external_swtpm(params, test, skip_setup=False, on_remote=False):
     tpm_dict = eval(params.get('tpm_dict', '{}'))
     source_socket = tpm_dict['backend']['source']['path']
     statedir = params.get("statedir")
-    swtpm_setup_path = params.get("swtpm_setup_path")
-    swtpm_path = params.get("swtpm_path")
 
     test.log.info("Launch external swtpm process: (on_remote: %s)",  on_remote)
     if not skip_setup:
-        cmd1 = 'chcon -t virtd_exec_t %s' % swtpm_setup_path
-        cmd2 = 'chcon -t virtd_exec_t %s' % swtpm_path
         if on_remote:
             remote.run_remote_cmd("rm -rf %s" % statedir, params)
             remote.run_remote_cmd("mkdir %s" % statedir, params)
-            remote.run_remote_cmd(cmd1, params)
-            remote.run_remote_cmd(cmd2, params)
         else:
             if os.path.exists(statedir):
                 shutil.rmtree(statedir)
             os.mkdir(statedir)
             process.run("ls -lZd %s" % statedir)
-            process.run(cmd1, ignore_status=False, shell=True)
-            process.run(cmd2, ignore_status=False, shell=True)
-        cmd3 = "systemd-run %s --tpm2 --tpmstate %s --create-ek-cert --create-platform-cert --overwrite" % (swtpm_setup_path, statedir)
-    cmd4 = "systemd-run %s socket --ctrl type=unixio,path=%s,mode=0600 --tpmstate dir=%s,mode=0600 --tpm2 --terminate" % (swtpm_path, source_socket, statedir)
+        cmd1 = "swtpm_setup --tpm2 --tpmstate %s --create-ek-cert --create-platform-cert --overwrite" % statedir
     try:
         if not skip_setup:
             if on_remote:
-                remote.run_remote_cmd(cmd3, params)
+                remote.run_remote_cmd(cmd1, params)
             else:
-                process.run(cmd3, ignore_status=False, shell=True)
+                process.run(cmd1, ignore_status=False, shell=True)
         if on_remote:
-            remote.run_remote_cmd(cmd4, params)
+            cmd2 = "nohup swtpm socket --ctrl type=unixio,path=%s,mode=0600 --tpmstate dir=%s,mode=0600 --tpm2 --terminate > /dev/null 2>&1 &" % (source_socket, statedir)
+            remote.run_remote_cmd(cmd2, params)
             remote.run_remote_cmd('chcon -t svirt_image_t %s' % source_socket, params)
             remote.run_remote_cmd('chown qemu:qemu %s' % source_socket, params)
         else:
-            process.run(cmd4, ignore_status=False, shell=True)
+            cmd2 = "swtpm socket --ctrl type=unixio,path=%s,mode=0600 --tpmstate dir=%s,mode=0600 --tpm2 --terminate &" % (source_socket, statedir)
+            process.run(cmd2, ignore_status=False, shell=True, ignore_bg_processes=True)
+            process.run("ps aux|grep 'swtpm socket'|grep -v avocado-runner-avocado-vt|grep -v grep", ignore_status=True, shell=True)
             # Make sure the socket is created
-            utils_misc.wait_for(lambda: os.path.isdir(source_socket), timeout=3)
+            utils_misc.wait_for(lambda: os.path.exists(source_socket), timeout=3)
             process.run('chcon -t svirt_image_t %s' % source_socket, ignore_status=False, shell=True)
             process.run('chown qemu:qemu %s' % source_socket, ignore_status=False, shell=True)
     except Exception as err:
@@ -177,7 +170,8 @@ def setup_test():
         """
         tpm_security_contexts = params.get("tpm_security_contexts")
 
-        libvirt.set_vm_disk(vm, params)
+        test.log.debug("Setup steps.")
+        migration_obj.setup_connection()
         launch_external_swtpm(params, test)
         launch_external_swtpm(params, test, skip_setup=False, on_remote=True)
         setup_vtpm(params, test, vm)
@@ -211,18 +205,14 @@ def cleanup_test():
         Cleanup steps
 
         """
-        swtpm_setup_path = params.get("swtpm_setup_path")
-        swtpm_path = params.get("swtpm_path")
         statedir = params.get("statedir")
 
-        cmd1 = "restorecon %s" % swtpm_setup_path
-        cmd2 = "restorecon %s" % swtpm_path
-        process.run(cmd1, ignore_status=False, shell=True)
-        process.run(cmd2, ignore_status=False, shell=True)
+        remote.run_remote_cmd('pkill swtpm', params, ignore_status=True)
+        remote.run_remote_cmd("rm -rf /var/lib/swtpm-localca/*", params, ignore_status=True)
+        process.run("pkill swtpm", shell=True, ignore_status=True)
+        process.run("rm -rf /var/lib/swtpm-localca/*", shell=True, ignore_status=True)
         if os.path.exists(statedir):
             shutil.rmtree(statedir)
-        remote.run_remote_cmd(cmd1, params)
-        remote.run_remote_cmd(cmd2, params)
         remote.run_remote_cmd("rm -rf %s" % statedir, params)
         migration_obj.cleanup_connection()