starlingx/ansible-playbooks
Code Issues Proposed changes
ansible-playbooks/playbookconfig/src/playbooks/host_vars/update-secure-boot-certificate/default.yml
Rodrigo Tavares 511746493d Ansible Playbook to add cert to UEFI Secure Boot 
This commit adds an Ansible Playbook that installs a new certificate to
UEFI secure boot trusted certificates DB in all available hosts and,
optionally, in all subclouds.

Test Plan:
PASS: Build playbookconfig package and image.
PASS: Run playbook in an AIO-SX and check that it added the certificate.
PASS: Run playbook in an AIO-DX and check that it added the certificate
      to both controllers.
PASS: Run playbook in a DC and check it added the cert to subcloud
      controllers.
PASS: Run playbook in a DC with a subcloud containing a worker node and
      check that it added the certificate to all hosts, including
      subcloud worker node.
PASS: Run playbook in a DC containing a host with secure boot disabled
      and check that it skips that host without failing.
PASS: Run playbook with an expired certificate as input and see it fail.

Story: 2011352
Task: 51687

Change-Id: Ie72fb67059addbe3f0fa341c81d0143c035e3e3d
Signed-off-by: Rodrigo Tavares <Rodrigo.DosSantosTavares@windriver.com>
2025-03-18 16:02:18 -03:00

3 lines
91 B
YAML
Raw Blame History

---
ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
View Git Blame Copy Permalink