ec2_ami: Add support for params BootMode, TpmSupport, UefiData #1037
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
ansibullbot
added
WIP
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
|
recheck |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
|
recheck |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
mandar242
force-pushed
the
ec2_ami-add-boot_mode-tpm-support
branch
from
279e82d to
b001320
Compare
This comment was marked as outdated.
This comment was marked as outdated.
|
recheck |
This comment was marked as outdated.
This comment was marked as outdated.
| - "result.image_id.startswith('ami-')" | ||
| - ami_facts_result_boot_tpm.images[0].image_id | length != 0 | ||
| - ami_facts_result_boot_tpm.images[0].boot_mode == 'uefi' | ||
| - ami_facts_result_boot_tpm.images[0].tpm_support == 'v2.0' |
There was a problem hiding this comment.
trying to figure out what a valid uefi_data_file would look like, currently boto is throwing error on below task
- name: AMI Creation with boot_mode and tpm_support
amazon.aws.ec2_ami:
name: newtest-uefi-file-data
state: present
architecture: x86_64
virtualization_type: hvm
root_device_name: /dev/sda1
device_mapping:
- device_name: /dev/sda1
snapshot_id: snap-0f00cba7123456
wait: yes
region: us-east-2
boot_mode: uefi
uefi_data: "{{ lookup('file', 'uefi_data_file') | b64encode }}"
tpm_support: v2.0
tags:
name: test-ami
botocore.exceptions.ClientError: An error occurred (InvalidParameterValue)
when calling the RegisterImage operation: Invalid uefiData.
There was a problem hiding this comment.
I would suggest to use get_instance_uefi_data() https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.get_instance_uefi_data to get a working uefidata file and you can send it back later in the tests.
There was a problem hiding this comment.
tried that but turns out it throws unauthorized error for the operator GetInstanceUefiData.
Would need to open a PR to get the permissions added to terminator repository.
There was a problem hiding this comment.
@goneri opened PR to add required permission.
mattclay/aws-terminator#229
Task to get uefi data in integration tests: https://github.com/ansible-collections/amazon.aws/pull/1037/files#diff-ceba09bf3546fc4c878b0ae63333fa702ef39a1c13fb206f78333031fd67dc07R77-R86
There was a problem hiding this comment.
the permission issue has been resolved, currently trying to solve error
An error occurred (InvalidInstanceID.NotFound) when calling the GetInstanceUefiData operation:
Unknown virtIds for owner 'xxxxxxx': [ i-xxxxxxxxxx ]"
There was a problem hiding this comment.
@goneri, it appears that there are currently no provided AMIs with uefi boot mode support for linux, also none of our currently supported instance types for integration tests support uefi boot mode.
I can test the code for UEFI boot mode and UEFI data manually but not sure if it's possible to add to integration tests.
Relevant links:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launch-instance-with-uefi-sb.html
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/enable-nitrotpm-prerequisites.html
https://aws.amazon.com/blogs/aws/amazon-ec2-now-supports-nitrotpm-and-uefi-secure-boot/
There was a problem hiding this comment.
This will be a good candidate for an unit-test.
There was a problem hiding this comment.
Added a unit test, review would be helpful.
https://github.com/ansible-collections/amazon.aws/pull/1037/files#diff-e73e5db91a3de8db23f7c80c49a50b547462a582d68095d4580d2170c90b30f8
This comment was marked as outdated.
This comment was marked as outdated.
mandar242
force-pushed
the
ec2_ami-add-boot_mode-tpm-support
branch
from
545fd82 to
51260c5
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
we don't really care about the whole string.
mandar242
force-pushed
the
ec2_ami-add-boot_mode-tpm-support
branch
from
cd2fef3 to
2d1759e
Compare
This comment was marked as outdated.
This comment was marked as outdated.
…le-collections#1037) ec2_ami: Add support for params BootMode, TpmSupport, UefiData SUMMARY Depends-On: ansible-collections#1066 Added support for params BootMode, TpmSupport, UefiData in ec2_ami. Fixes ansible-collections#944 ISSUE TYPE Feature Pull Request COMPONENT NAME ec2_ami ADDITIONAL INFORMATION Example playbook - name: abc hosts: localhost gather_facts: false tasks: - name: AMI Creation with boot_mode and tpm_support amazon.aws.ec2_ami: name: ami-create-test_legacy-bios state: present architecture: x86_64 virtualization_type: hvm root_device_name: /dev/sda1 device_mapping: - device_name: /dev/sda1 snapshot_id: snap-xxxxxxxxx wait: yes region: us-east-2 boot_mode: legacy-bios tpm_support: v2.0 tags: name: ami-create-test Reviewed-by: Gonéri Le Bouder <[email protected]> Reviewed-by: Mandar Kulkarni <[email protected]> Reviewed-by: Mike Graves <[email protected]>
#1487) [manual backport stable-5] ec2_ami: Add support for params BootMode, TpmSupport, UefiData (#1037) ec2_ami: Add support for params BootMode, TpmSupport, UefiData SUMMARY Depends-On: #1066 Added support for params BootMode, TpmSupport, UefiData in ec2_ami. Fixes #944 ISSUE TYPE Feature Pull Request COMPONENT NAME ec2_ami ADDITIONAL INFORMATION Example playbook name: abc hosts: localhost gather_facts: false tasks: - name: AMI Creation with boot_mode and tpm_support amazon.aws.ec2_ami: name: ami-create-test_legacy-bios state: present architecture: x86_64 virtualization_type: hvm root_device_name: /dev/sda1 device_mapping: - device_name: /dev/sda1 snapshot_id: snap-xxxxxxxxx wait: yes region: us-east-2 boot_mode: legacy-bios tpm_support: v2.0 tags: name: ami-create-test Reviewed-by: Gonéri Le Bouder [email protected] Reviewed-by: Mandar Kulkarni [email protected] Reviewed-by: Mike Graves [email protected] SUMMARY ISSUE TYPE Bugfix Pull Request Docs Pull Request Feature Pull Request New Module Pull Request COMPONENT NAME ADDITIONAL INFORMATION
…-collections#1037) networkfirewall_rule_group: Add support for "wait" parameter SUMMARY Add support for 'wait' to networkfirewall_rule_group to speed up the integration tests a little. Note: Module not available in a release yet, so no changelog required. ISSUE TYPE Feature Pull Request COMPONENT NAME networkfirewall_rule_group ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis <None>
…-collections#1037) networkfirewall_rule_group: Add support for "wait" parameter SUMMARY Add support for 'wait' to networkfirewall_rule_group to speed up the integration tests a little. Note: Module not available in a release yet, so no changelog required. ISSUE TYPE Feature Pull Request COMPONENT NAME networkfirewall_rule_group ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis <None>
…-collections#1037) networkfirewall_rule_group: Add support for "wait" parameter SUMMARY Add support for 'wait' to networkfirewall_rule_group to speed up the integration tests a little. Note: Module not available in a release yet, so no changelog required. ISSUE TYPE Feature Pull Request COMPONENT NAME networkfirewall_rule_group ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis <None>
SUMMARY
Depends-On: #1066
Added support for params BootMode, TpmSupport, UefiData in
ec2_ami.Fixes #944
ISSUE TYPE
COMPONENT NAME
ec2_ami
ADDITIONAL INFORMATION
Example playbook