enable tpm simulation for virtual machines

This commit:
 - Appends the libvirt VM definition xml templates to include tpm simulation.

This commit is needed to enable the testing of use-cases where tpm features
e.g. disk encryption, remote secure boot attestation, random hash generation,
measured boot etc are used.

Signed-off-by: Adam Rozman <[email protected]>

Author: Rozzii

tests/roles/run_tests/files/manifests/v1beta1_cluster_centos.yaml

@@ -0,0 +1,59 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: test1
+  namespace: metal3
+spec:
+  clusterNetwork:
+    pods:
+      cidrBlocks:
+      - 192.168.0.0/18
+    services:
+      cidrBlocks:
+      - 10.96.0.0/12
+  controlPlaneRef:
+    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+    kind: KubeadmControlPlane
+    name: test1
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: Metal3Cluster
+    name: test1
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: Metal3Cluster
+metadata:
+  name: test1
+  namespace: metal3
+spec:
+  controlPlaneEndpoint:
+    host: 192.168.111.249
+    port: 6443
+  noCloudProvider: true
+---
+apiVersion: ipam.metal3.io/v1alpha1
+kind: IPPool
+metadata:
+  name: provisioning-pool
+  namespace: metal3
+spec:
+  clusterName: test1
+  namePrefix: test1-prov
+  pools:
+  - end: 172.22.0.200
+    start: 172.22.0.100
+  prefix: 24
+---
+apiVersion: ipam.metal3.io/v1alpha1
+kind: IPPool
+metadata:
+  name: externalv4-pool
+  namespace: metal3
+spec:
+  clusterName: test1
+  gateway: 192.168.111.1
+  namePrefix: test1-bmv4
+  pools:
+  - end: 192.168.111.200
+    start: 192.168.111.100
+  prefix: 24

tests/roles/run_tests/files/manifests/v1beta1_controlplane_centos.yaml

@@ -0,0 +1,217 @@
+apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+kind: KubeadmControlPlane
+metadata:
+  name: test1
+  namespace: metal3
+spec:
+  kubeadmConfigSpec:
+    clusterConfiguration: {}
+    files:
+    - content: |
+        #!/bin/bash
+        set -e
+        url="$1"
+        dst="$2"
+        filename="$(basename $url)"
+        tmpfile="/tmp/$filename"
+        curl -sSL -w "%{http_code}" "$url" | sed "s:/usr/bin:/usr/local/bin:g" > /tmp/"$filename"
+        http_status=$(cat "$tmpfile" | tail -n 1)
+        if [ "$http_status" != "200" ]; then
+          echo "Error: unable to retrieve $filename file";
+          exit 1;
+        else
+          cat "$tmpfile"| sed '$d' > "$dst";
+        fi
+      owner: root:root
+      path: /usr/local/bin/retrieve.configuration.files.sh
+      permissions: "0755"
+    - content: |
+        ! Configuration File for keepalived
+
+        script k8s_api_check {
+            script "curl -sk https://127.0.0.1:6443/healthz"
+            interval 5
+            timeout 5
+            rise 3
+            fall 3
+        }
+
+        vrrp_instance VI_1 {
+            state MASTER
+            interface eth1
+            virtual_router_id 1
+            priority 101
+            advert_int 1
+            virtual_ipaddress {
+                192.168.111.249
+            }
+            track_script {
+                k8s_api_check
+            }
+        }
+      path: /etc/keepalived/keepalived.conf
+    - content: |
+        [connection]
+        id=eth0
+        type=ethernet
+        interface-name=eth0
+        master=ironicendpoint
+        slave-type=bridge
+      owner: root:root
+      path: /etc/NetworkManager/system-connections/eth0.nmconnection
+      permissions: "0600"
+    - content: |
+        [connection]
+        id=ironicendpoint
+        interface-name=ironicendpoint
+        type=bridge
+        autoconnect=yes
+        autoconnect-priority=1
+        [bridge]
+        interface-name=ironicendpoint
+        stp=false
+        [ipv4]
+        address1={{ ds.meta_data.provisioningIP }}/{{ ds.meta_data.provisioningCIDR }}
+        method=manual
+        [ipv6]
+        addr-gen-mode=eui64
+        method=ignore
+      owner: root:root
+      path: /etc/NetworkManager/system-connections/ironicendpoint.nmconnection
+      permissions: "0600"
+    - content: |
+        [kubernetes]
+        name=Kubernetes
+        baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+        enabled=1
+        gpgcheck=1
+        repo_gpgcheck=0
+        gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+      owner: root:root
+      path: /etc/yum.repos.d/kubernetes.repo
+      permissions: "0644"
+    - content: |
+        [registries.search]
+        registries = ['docker.io']
+
+        [registries.insecure]
+        registries = ['192.168.111.1:5000']
+      path: /etc/containers/registries.conf
+    initConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          cgroup-driver: systemd
+          container-runtime-endpoint: unix:///var/run/crio/crio.sock
+          feature-gates: AllAlpha=false
+          node-labels: metal3.io/uuid={{ ds.meta_data.uuid }}
+          provider-id: metal3://{{ ds.meta_data.providerid }}
+          runtime-request-timeout: 5m
+        name: '{{ ds.meta_data.name }}'
+    joinConfiguration:
+      controlPlane: {}
+      nodeRegistration:
+        kubeletExtraArgs:
+          cgroup-driver: systemd
+          container-runtime-endpoint: unix:///var/run/crio/crio.sock
+          feature-gates: AllAlpha=false
+          node-labels: metal3.io/uuid={{ ds.meta_data.uuid }}
+          provider-id: metal3://{{ ds.meta_data.providerid }}
+          runtime-request-timeout: 5m
+        name: '{{ ds.meta_data.name }}'
+    postKubeadmCommands:
+    - mkdir -p /home/metal3/.kube
+    - chown metal3:metal3 /home/metal3/.kube
+    - cp /etc/kubernetes/admin.conf /home/metal3/.kube/config
+    - chown metal3:metal3 /home/metal3/.kube/config
+    preKubeadmCommands:
+    - systemctl restart NetworkManager.service
+    - nmcli connection load /etc/NetworkManager/system-connections/ironicendpoint.nmconnection
+    - nmcli connection up ironicendpoint
+    - nmcli connection load /etc/NetworkManager/system-connections/eth0.nmconnection
+    - nmcli connection up eth0
+    - rm /etc/cni/net.d/*
+    - systemctl enable --now keepalived
+    - sleep 30
+    - systemctl enable --now crio
+    - sleep 30
+    - systemctl enable --now kubelet
+    - sleep 120
+    users:
+    - name: metal3
+      sshAuthorizedKeys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/Xee3UwIcrrlYv9AR2fg++HYS8HhUqSVlOMY7Z44PH/2afG5eNgJy2n/5KhUBUSC6c/QnrduNAhnGcaa0tn6OYNEe+LPFIK9EJBTR2Ps7jY2CYuVcEVAo0OsfH6z4lwXx7Z7v2+4i0Azk1eICJKCJwu2QnkKiH2VQyR1h6/s88z1vPsk2I0LYHzCxDIc1tl279v9c0ytOQ+ZX2sbBQ1jBZChlijlPcwcvXozQJRb0Nn4J21m2spY0tRq9HRY4oUeCqig8SvXp4CwZcBLO3yFwR2EYQWWGKF/zEpvgp0QZA6ujpOddNP7fHjYk4Ct8/9f2SkZvvqZRiI/ZVhsryBC0mBhLibOX66qIZaNSO5qSnr/WUmuNeCEOUxlBBMSeBdHoJHpKXkMvB/LzkjFza6RzhNxBa3wiX07LIa4euR5eoObMiCFmgJYHA12/Lfn+GtszssomYvJjHuww8lPvBs1CtLky3GKWuWTQMOTt+p+Vd1HGMYD6bRZ7w5OJXvoL70U=
+        erozada@adam-ubi
+      sudo: ALL=(ALL) NOPASSWD:ALL
+  machineTemplate:
+    infrastructureRef:
+      apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+      kind: Metal3MachineTemplate
+      name: test1-controlplane
+    nodeDrainTimeout: 0s
+  replicas: 1
+  rolloutStrategy:
+    rollingUpdate:
+      maxSurge: 1
+  version: v1.32.0
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: Metal3MachineTemplate
+metadata:
+  name: test1-controlplane
+  namespace: metal3
+spec:
+  template:
+    spec:
+      dataTemplate:
+        name: test1-controlplane-template
+      image:
+        checksum: http://172.22.0.1/images/CENTOS_9_NODE_IMAGE_K8S_v1.32.0-raw.img.sha256sum
+        checksumType: sha256
+        format: raw
+        url: http://172.22.0.1/images/CENTOS_9_NODE_IMAGE_K8S_v1.32.0-raw.img
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: Metal3DataTemplate
+metadata:
+  name: test1-controlplane-template
+  namespace: metal3
+spec:
+  clusterName: test1
+  metaData:
+    ipAddressesFromIPPool:
+    - key: provisioningIP
+      name: provisioning-pool
+    objectNames:
+    - key: name
+      object: machine
+    - key: local-hostname
+      object: machine
+    - key: local_hostname
+      object: machine
+    prefixesFromIPPool:
+    - key: provisioningCIDR
+      name: provisioning-pool
+  networkData:
+    links:
+      ethernets:
+      - id: enp1s0
+        macAddress:
+          fromHostInterface: enp1s0
+        type: phy
+      - id: enp2s0
+        macAddress:
+          fromHostInterface: enp2s0
+        type: phy
+    networks:
+      ipv4:
+      - id: externalv4
+        ipAddressFromIPPool: externalv4-pool
+        link: enp2s0
+        routes:
+        - gateway:
+            fromIPPool: externalv4-pool
+          network: 0.0.0.0
+          prefix: 0
+    services:
+      dns:
+      - 8.8.8.8