Merge pull request #377 from redhatci/ovmf_path

Refactor OVMF path logic
redhatci · Jul 11, 2024 · d21f250 · d21f250
2 parents b629311 + 4cd8eb0
commit d21f250
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 61 deletions.
diff --git a/roles/create_vms/defaults/main.yml b/roles/create_vms/defaults/main.yml
@@ -23,6 +23,10 @@ create_vms_network_mode: bridge
 # disable secure boot, false by default
 create_vms_disable_secure_boot: false
 
+# Default OVMF_CODE path.
+# This should be a symlink to `/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd`
+create_vms_x86_64_ovmf_code_path: "/usr/share/OVMF/OVMF_CODE.secboot.fd"
+
 # Path to default OVMF_VARS.fd file used for non secure boot
 create_vms_non_secure_ovmf_vars_path: /usr/share/edk2/ovmf/OVMF_VARS.fd
 

diff --git a/roles/create_vms/tasks/provision_vms.yml b/roles/create_vms/tasks/provision_vms.yml
@@ -14,37 +14,6 @@
         state: directory
         recurse: yes
 
-    # `create_vms_x86_64_ovmf_code_path` variable is used in
-    # `create_vm.sh.j2` script
-    # Using the same logic that we have in setup_sushy_tools
-    # to be aligned
-    # Default behavior
-    - name: Set X86_64 OVMF code path (secure boot enabled)
-      when: not create_vms_disable_secure_boot | bool
-      block:
-        - name: Set X86_64 OVMF code path
-          ansible.builtin.set_fact:
-            create_vms_x86_64_ovmf_code_path: "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd"
-
-        - name: Check x86_64 OVMF code path
-          ansible.builtin.stat:
-            path: "/usr/share/OVMF/OVMF_CODE.secboot.fd"
-          register: _cv_ovmf_x86_64_code_stat
-
-        - name: Set x86_64 OVMF code path (legacy)
-          ansible.builtin.set_fact:
-            create_vms_x86_64_ovmf_code_path: "/usr/share/OVMF/OVMF_CODE.secboot.fd"
-          when:
-            - _cv_ovmf_x86_64_code_stat.stat.exists
-            - not _cv_ovmf_x86_64_code_stat.stat.islnk
-
-    # In case secure boot is disabled, OVMF code path must be
-    # "/usr/share/OVMF/OVMF_CODE.secboot.fd"
-    - name: Set X86_64 OVMF code path (secure boot disabled)
-      ansible.builtin.set_fact:
-        create_vms_x86_64_ovmf_code_path: "/usr/share/OVMF/OVMF_CODE.secboot.fd"
-      when: create_vms_disable_secure_boot | bool
-
     - name: Create vm creation_scripts
       vars:
         create_vms_ovmf_vars_path: "/var/lib/libvirt/qemu/nvram/{{ item.name }}_VARS.fd"

diff --git a/roles/setup_sushy_tools/defaults/main.yml b/roles/setup_sushy_tools/defaults/main.yml
@@ -31,7 +31,8 @@ sushy_fqdn: "{{ ansible_fqdn }}"
 
 is_on_rhel9: "{{ (ansible_distribution_major_version == '9' and ansible_distribution == 'RedHat') | bool }}"
 
-# disable secure boot, false by default
-setup_sushy_tools_disable_secure_boot: false
+# Default OVMF_CODE path.
+# This should be a symlink to `/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd`
+setup_sushy_tools_x86_64_ovmf_code_path: "/usr/share/OVMF/OVMF_CODE.secboot.fd"
 
 ...
diff --git a/roles/setup_sushy_tools/tasks/main.yml b/roles/setup_sushy_tools/tasks/main.yml
@@ -82,33 +82,6 @@
             privatekey_path: "{{ sushy_cert_dir }}/sushy_tools.key"
             cert_common_name: "{{ sushy_fqdn }}"
 
-    # Default behavior
-    - name: Set X86_64 OVMF code path (secure boot enabled)
-      when: not setup_sushy_tools_disable_secure_boot | bool
-      block:
-        - name: Set X86_64 OVMF code path
-          ansible.builtin.set_fact:
-            sst_sushy_x86_64_ovmf_code_path: "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd"
-
-        - name: Check x86_64 OVMF code path
-          ansible.builtin.stat:
-            path: "/usr/share/OVMF/OVMF_CODE.secboot.fd"
-          register: OVMF_X86_64_CODE_STAT
-
-        - name: Set x86_64 OVMF code path (legacy)
-          ansible.builtin.set_fact:
-            sst_sushy_x86_64_ovmf_code_path: "/usr/share/OVMF/OVMF_CODE.secboot.fd"
-          when:
-            - OVMF_X86_64_CODE_STAT.stat.exists
-            - not OVMF_X86_64_CODE_STAT.stat.islnk
-
-    # In case secure boot is disabled, OVMF code path must be
-    # "/usr/share/OVMF/OVMF_CODE.secboot.fd"
-    - name: Set X86_64 OVMF code path (secure boot disabled)
-      ansible.builtin.set_fact:
-        sst_sushy_x86_64_ovmf_code_path: "/usr/share/OVMF/OVMF_CODE.secboot.fd"
-      when: setup_sushy_tools_disable_secure_boot | bool
-
     - name: Create sushy-tools conf
       template:
         src: sushy-emulator.conf.j2

diff --git a/roles/setup_sushy_tools/templates/sushy-emulator.conf.j2 b/roles/setup_sushy_tools/templates/sushy-emulator.conf.j2
@@ -49,7 +49,7 @@ SUSHY_EMULATOR_IGNORE_BOOT_DEVICE = {{ (sushy_ignore_boot_device | bool) | terna
 # system architecture
 SUSHY_EMULATOR_BOOT_LOADER_MAP = {
     u'UEFI': {
-        u'x86_64': u'{{ sst_sushy_x86_64_ovmf_code_path }}',
+        u'x86_64': u'{{ setup_sushy_tools_x86_64_ovmf_code_path }}',
         u'aarch64': u'/usr/share/AAVMF/AAVMF_CODE.fd'
     },
     u'Legacy': {