Merge pull request #272 from cybozu-go/enable-vTPM

re-enable vTPM

mtest/Makefile

@@ -11,7 +11,7 @@ PLACEMAT = /usr/bin/placemat2
 GINKGO = $(GOPATH)/bin/ginkgo
 ETCD_VERSION = 3.5.7
 PLACEMAT_DATADIR = /var/scratch/placemat
-COREOS_VERSION := 3374.2.4
+COREOS_VERSION := current
 COREOS_KERNEL := $(abspath .)/flatcar_production_pxe.vmlinuz
 COREOS_INITRD := $(abspath .)/flatcar_production_pxe_image.cpio.gz
 # The latest CT is 0.9.4, but it is not distributed as a pre-built binary.

mtest/cluster.yml

@@ -91,4 +91,4 @@ cpu: 1
 memory: 3G
 smbios:
   serial: "00000005"
-# tpm: true # Disable virtual TPM temporarily because vTPM does not work in current environment (placemant + flatcar).
+tpm: true

mtest/netboot_test.go

@@ -95,35 +95,32 @@ func testNetboot() {
 			}, 6*time.Minute).Should(Succeed())
 		}
 
-		// disable vTPM temporarily (see cluster.yaml)
-		if false {
-			By("Copying readnvram binary")
-			remoteFilename := filepath.Join("/var/tmp", filepath.Base(readNVRAM))
-			copyReadNVRAM(worker2, remoteFilename)
-
-			By("Reading encryption key from NVRAM")
-			ekHexBefore, stderr, err := execAt(worker2, "sudo", remoteFilename)
-			Expect(err).NotTo(HaveOccurred(), "stdout=%s, stderr=%s", ekHexBefore, stderr)
-
-			By("Checking encryption key is kept after reboot")
-			// Exit code is 255 when ssh is disconnected
-			execAt(worker2, "sudo", "reboot")
-			Expect(prepareSSHClients(worker2)).NotTo(HaveOccurred())
-			copyReadNVRAM(worker2, remoteFilename)
-
-			ekHexAfter, stderr, err := execAt(worker2, "sudo", remoteFilename)
-			Expect(err).NotTo(HaveOccurred(), "stdout=%s, stderr=%s", ekHexAfter, stderr)
-			Expect(ekHexAfter).To(Equal(ekHexBefore))
+		By("Copying readnvram binary")
+		remoteFilename := filepath.Join("/var/tmp", filepath.Base(readNVRAM))
+		copyReadNVRAM(worker2, remoteFilename)
 
-			By("Checking encrypted disks")
-			Eventually(func() error {
-				_, stderr, err := execAt(worker2, "ls", "/dev/mapper/crypt-*")
-				if err != nil {
-					return fmt.Errorf("%v: stderr=%s", err, stderr)
-				}
-				return nil
-			}, 6*time.Minute).Should(Succeed())
-		}
+		By("Reading encryption key from NVRAM")
+		ekHexBefore, stderr, err := execAt(worker2, "sudo", remoteFilename)
+		Expect(err).NotTo(HaveOccurred(), "stdout=%s, stderr=%s", ekHexBefore, stderr)
+
+		By("Checking encryption key is kept after reboot")
+		// Exit code is 255 when ssh is disconnected
+		execAt(worker2, "sudo", "reboot")
+		Expect(prepareSSHClients(worker2)).NotTo(HaveOccurred())
+		copyReadNVRAM(worker2, remoteFilename)
+
+		ekHexAfter, stderr, err := execAt(worker2, "sudo", remoteFilename)
+		Expect(err).NotTo(HaveOccurred(), "stdout=%s, stderr=%s", ekHexAfter, stderr)
+		Expect(ekHexAfter).To(Equal(ekHexBefore))
+
+		By("Checking encrypted disks")
+		Eventually(func() error {
+			_, stderr, err := execAt(worker2, "ls", "/dev/mapper/crypt-*")
+			if err != nil {
+				return fmt.Errorf("%v: stderr=%s", err, stderr)
+			}
+			return nil
+		}, 6*time.Minute).Should(Succeed())
 
 		By("Removing the image from the index")
 		sabactlSafe("images", "delete", coreosVersion)