[Windows] Move adding KMS server task at the beginning of deploy_vm.y…

…ml (#458)

Signed-off-by: Diane Wang <[email protected]>

common/vcenter_add_key_provider.yml

@@ -0,0 +1,40 @@
+# Copyright 2023 VMware, Inc.
+# SPDX-License-Identifier: BSD-2-Clause
+---
+# The prerequsite of adding virtual TPM device to VM is key provider
+# configured on vCenter server.
+# When 'key_provider_type' parameter is set, add a new key provider with
+# specified type firstly, now only support Standard key provider configuration.
+#
+# Parameters:
+#   key_provider_type: valid values are 'standard', 'native', now only 'standard'
+#     is supported.
+#   vc_cert_path: the file path on local machine for saving vCenter certificate.
+#
+- name: "Set fact of default key provider type"
+  ansible.builtin.set_fact:
+    key_provider_type: 'standard'
+  when: key_provider_type is undefined or not key_provider_type
+
+- name: "Check configured key provider type"
+  ansible.builtin.assert:
+    that:
+      - key_provider_type | lower == 'standard'
+    fail_msg: "Now the valid value of parameter 'key_provider_type' is 'standard', while configured value is '{{ key_provider_type }}'."
+
+- name: "Check required parameter"
+  ansible.builtin.assert:
+    that:
+      - vc_cert_path is defined
+      - vc_cert_path
+    fail_msg: "Parameter 'vc_cert_path' is required to be set to a valid path in local machine."
+
+- name: "Set fact of new key provider name"
+  ansible.builtin.set_fact:
+    new_kp_name: "{{ key_provider_type | lower }}{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}"
+
+- name: "Add key provider on vCenter server"
+  include_tasks: vcenter_add_standard_kp.yml
+  vars:
+    standard_kp_name: "{{ new_kp_name }}"
+    vc_cert_download_path: "{{ vc_cert_path }}"

common/vcenter_add_standard_kp.yml

@@ -16,14 +16,18 @@
 #   kms_username (optional): the username to authenticate to KMS server.
 #   kms_password (optional): the user password to authenticate to KMS server.
 #
-- name: Check KMS server info list is set
+- name: "Check KMS server info list is set"
   ansible.builtin.assert:
     that:
       - kms_info_list is defined
-      - kms_info_list | length != 0
-    fail_msg: "'kms_info_list' parameter is required when adding new standard key provider."
+      - kms_info_list | length > 0
+      - kms_info_list[0].kms_name is defined
+      - kms_info_list[0].kms_name
+      - kms_info_list[0].kms_ip is defined
+      - kms_info_list[0].kms_ip
+    fail_msg: "Parameter 'kms_info_list' is required and set to the list of dict with keys 'kms_name', 'kms_ip' when adding new Standard key provider."
 
-- name: Add Standard key provider to vCenter
+- name: "Add Standard key provider to vCenter"
   community.vmware.vcenter_standard_key_provider:
     hostname: "{{ vsphere_host_name }}"
     username: "{{ vsphere_host_user }}"
@@ -43,6 +47,6 @@
       download_self_signed_cert: "{{ vc_cert_download_path | default('/tmp/') }}"
   register: add_standard_kms_result
 
-- name: Display the result of adding Standard key provider
+- name: "Display the result of adding Standard key provider"
   ansible.builtin.debug: var=add_standard_kms_result
   when: enable_debug

common/vm_add_vtpm_device.yml

@@ -1,46 +1,21 @@
 # Copyright 2022-2023 VMware, Inc.
 # SPDX-License-Identifier: BSD-2-Clause
 ---
-# The prerequsite of adding virtual TPM device to VM is
-# key provider configured on vCenter.
+# Add new vTPM device to VM and check device exists.
 #
-# When 'key_provider_type' parameter is set, add a new key
-# provider with specified type firstly, now only support
-# Standard key provider configuration.
-#
-- block:
-    - name: Check key provider type value
-      ansible.builtin.assert:
-        that:
-          - key_provider_type | lower == 'standard'
-        fail_msg: "Parameter 'key_provider_type' valid value is 'standard', but configured '{{ key_provider_type }}'."
-
-    - name: Set fact of new key provider name
-      ansible.builtin.set_fact:
-        new_kp_name: "{{ key_provider_type | lower }}{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}"
-
-    - include_tasks: vcenter_add_standard_kp.yml
-      vars:
-        standard_kp_name: "{{ new_kp_name }}"
-        vc_cert_download_path: "{{ vc_cert_path }}"
-      when: key_provider_type | lower == 'standard'
-  when:
-    - key_provider_type is defined
-    - key_provider_type
-
-# When key provider type is not configured, means use the existing configured one.
-# Will add get existing configured key provider info after new community.vmware module added
-# TBD: add a new task to check key provider status when key_provider_type is not defined.
-
-- include_tasks: vm_add_remove_vtpm.yml
+- name: "Add new vTPM device to VM"
+  include_tasks: vm_add_remove_vtpm.yml
   vars:
     vtpm_operation: 'present'
-- include_tasks: vm_get_device_with_label.yml
+
+- name: "Get vTPM device on VM"
+  include_tasks: vm_get_device_with_label.yml
   vars:
     device_label: 'Virtual TPM'
-- name: Check Virtual TPM device on VM
+
+- name: "Check vTPM device exists on VM"
   ansible.builtin.assert:
     that:
       - device_info_with_label is defined
       - device_info_with_label != ""
-    fail_msg: "Can not get Virtual TPM device on VM."
+    fail_msg: "Not get vTPM device on VM after adding vTPM device."

windows/deploy_vm/deploy_vm.yml

@@ -23,6 +23,12 @@
         skip_reason: "Skipped"
       when: new_vm is undefined or not new_vm | bool
 
+    - name: "Add key provider on vCenter server"
+      include_tasks: ../../common/vcenter_add_key_provider.yml
+      vars:
+        vc_cert_path: "{{ current_test_log_folder }}"
+      when: virtual_tpm is defined and virtual_tpm | bool
+
     - name: "Deploy VM"
       block:
         - name: "Deploy VM by creating a new VM and install OS from ISO image on it"

windows/deploy_vm/deploy_vm_from_iso.yml

@@ -17,29 +17,34 @@
   ansible.builtin.set_fact:
     current_testcase_name: "deploy_vm_{{ firmware }}_{{ boot_disk_controller }}_{{ network_adapter_type }}"
 
-# Check configured VM CPU number and cores per socket number
-- include_tasks: check_cpu_socket.yml
+- name: "Check configured VM CPU number and cores per socket number"
+  include_tasks: check_cpu_socket.yml
 
-# Get or check configured ISO file list
-- include_tasks: ../../common/get_iso_file_list.yml
+- name: "Get configured ISO file list"
+  include_tasks: ../../common/get_iso_file_list.yml
 
-# Generate unattend install iso file
-- include_tasks: create_unattend_install_iso.yml
+- name: "Generate unattend install ISO file"
+  include_tasks: create_unattend_install_iso.yml
   when: unattend_install_conf is defined and unattend_install_conf
-- ansible.builtin.debug:
-    msg: "unattend_install_conf is not defined or set to a file path, will not generate unattend iso file"
+- name: "Not Generate unattend install ISO file"
+  ansible.builtin.debug:
+    msg: "[WARNING] Parameter 'unattend_install_conf' is not configured in vars/test.yml."
   when: unattend_install_conf is undefined or not unattend_install_conf
 
-# Compose VM CDROMs with ISO file list
-- include_tasks: ../../common/compose_vm_cdroms.yml
+- name: "Compose VM CDROMs with ISO file list"
+  include_tasks: ../../common/compose_vm_cdroms.yml
 
-# Create new VM
-- include_tasks: ../../common/vm_create.yml
+- name: "Create new VM"
+  include_tasks: ../../common/vm_create.yml
   when: boot_disk_controller != 'ide'
-- include_tasks: ../../common/vm_create_with_ide_disk.yml
+
+- name: "Create new VM with IDE boot disk controller"
+  include_tasks: ../../common/vm_create_with_ide_disk.yml
   when: boot_disk_controller == 'ide'
 
-- include_tasks: ../../common/vm_get_vm_info.yml
+- name: "Get new VM info"
+  include_tasks: ../../common/vm_get_vm_info.yml
+
 - name: "Set fact of vm_exists to True"
   ansible.builtin.set_fact:
     vm_exists: true
@@ -49,26 +54,26 @@
   block:
     - name: "Set features on 64bit VM"
       block:
-        # Add virtual TPM device
-        - include_tasks: ../../common/vm_add_vtpm_device.yml
-          vars:
-            vc_cert_path: "{{ current_test_log_folder }}"
+        - name: "Add virtual TPM device"
+          include_tasks: ../../common/vm_add_vtpm_device.yml
           when: virtual_tpm is defined and virtual_tpm | bool
-        # Enable secureboot
-        - include_tasks: ../../common/vm_set_boot_options.yml
+        - name: "Enable secure boot"
+          include_tasks: ../../common/vm_set_boot_options.yml
           vars:
             secure_boot_enabled_set: "{{ secureboot_enabled | default(false) }}"
             enter_bios_setup: true
-        # Enable VBS
-        - include_tasks: ../utils/win_enable_vbs_vm.yml
+        - name: "Enable VM VBS"
+          include_tasks: ../utils/win_enable_vbs_vm.yml
           vars:
             win_enable_vbs: true
           when: enable_vbs is defined and enable_vbs | bool
       when: guest_id is defined and "'64' in guest_id"
-    - include_tasks: ../../common/vm_set_power_state.yml
+    - name: "Power on VM"
+      include_tasks: ../../common/vm_set_power_state.yml
       vars:
         vm_power_state_set: "powered-on"
-    - include_tasks: ../../common/vm_guest_send_key.yml
+    - name: "Send key strokes to VM console"
+      include_tasks: ../../common/vm_guest_send_key.yml
       vars:
         keys_send:
           - DOWNARROW
@@ -77,17 +82,18 @@
           - ENTER
   when: firmware is defined and firmware | lower == "efi"
 
-# Power on VM directly when VM firmware is BIOS
-- include_tasks: ../../common/vm_set_power_state.yml
+- name: "Power on VM"
+  include_tasks: ../../common/vm_set_power_state.yml
   vars:
     vm_power_state_set: "powered-on"
   when: firmware is defined and firmware | lower == "bios"
+
 - name: "Wait 3 minutes while OS install"
   ansible.builtin.pause:
     minutes: 3
 
-# Check Image APPROVED in vmware.log when VM secureboot is enabled
-- include_tasks: ../../common/vm_wait_log_msg.yml
+- name: "Check Image APPROVED in vmware.log when VM secureboot is enabled"
+  include_tasks: ../../common/vm_wait_log_msg.yml
   vars:
     vm_wait_log_name: "vmware.log"
     vm_wait_log_msg: "SECUREBOOT: Image APPROVED"
@@ -98,29 +104,37 @@
     - firmware is defined and firmware | lower == 'efi'
     - secureboot_enabled is defined and secureboot_enabled
 
-- include_tasks: ../../common/vm_wait_network_connected.yml
-- include_tasks: ../../common/vm_get_ip.yml
+- name: "Wait for VM network adapter is connected"
+  include_tasks: ../../common/vm_wait_network_connected.yml
+
+- name: "Get VM IP address"
+  include_tasks: ../../common/vm_get_ip.yml
   vars:
     vm_get_ip_timeout: 3600
-- include_tasks: ../utils/win_check_winrm.yml
+
+- name: "Check WinRM is connectable"
+  include_tasks: ../utils/win_check_winrm.yml
   vars:
     win_check_winrm_timeout: 1800
 - name: "Wait another 1 minute after OS becomes connectable"
   ansible.builtin.pause:
     minutes: 1
-- include_tasks: ../utils/add_windows_host.yml
+- name: "Add Windows host to in-memory inventory"
+  include_tasks: ../utils/add_windows_host.yml
 
-- name: "Enable VBS in guest OS"
+- name: "Enable VBS"
   block:
-    - include_tasks: ../utils/win_enable_vbs_guest.yml
-    # Get VBS status in guest OS
-    - include_tasks: ../utils/win_get_vbs_guest.yml
-    - name: "Check VBS and running security service status"
+    - name: "Enable VBS in guest OS"
+      include_tasks: ../utils/win_enable_vbs_guest.yml
+    - name: "Get VBS status in guest OS"
+      include_tasks: ../utils/win_get_vbs_guest.yml
+    - name: "Check VBS and HVCI are running"
       ansible.builtin.assert:
         that:
           - win_vbs_status_guest | int == 2
           - "'2' in win_vbs_running_service"
         fail_msg: "VBS is not running '{{ win_vbs_status_guest }}', or HVCI is not running '{{ win_vbs_running_service }}'."
   when: enable_vbs is defined and enable_vbs | bool
 
-- include_tasks: detach_cdrom_iso.yml
+- name: "Detach ISO image from VM CDROMs"
+  include_tasks: detach_cdrom_iso.yml