Added support for secure boot and storage policies to UPI pwsh.

Author: vr4manta

upi/vsphere/powercli/upi-functions.ps1

@@ -17,6 +17,8 @@ function New-OpenShiftVM {
         $NumCpu,
         $ReferenceSnapshot,
         $ResourcePool,
+        $SecureBoot,
+        $StoragePolicy,
         [Parameter(Mandatory=$true)]
         $Tag,
         [Parameter(Mandatory=$true)]
@@ -35,6 +37,7 @@ function New-OpenShiftVM {
     $args.Remove('Network') > $null
     $args.Remove('MemoryMB') > $null
     $args.Remove('NumCpu') > $null
+    $args.Remove('SecureBoot') > $null
     foreach ($key in $args.Keys){
         if ($NULL -eq $($args.Item($key)) -or $($args.Item($key)) -eq "") {
             $args.Remove($key) > $null
@@ -76,6 +79,12 @@ function New-OpenShiftVM {
         New-AdvancedSetting -Entity $vm -name "guestinfo.afterburn.initrd.network-kargs" -value $kargs -Confirm:$false -Force > $null
     }
 
+    # Enable secure boot if needed
+    if ($true -eq $SecureBoot)
+    {
+        Set-SecureBoot -VM $vm
+    }
+
     return $vm
 }
 
@@ -289,7 +298,7 @@ function New-OpenshiftVMs {
 
             # Clone the virtual machine from the imported template
             #$vm = New-OpenShiftVM -Template $template -Name $name -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -LinkedClone -ReferenceSnapshot $snapshot -IgnitionData $ignition -Tag $tag -Networking $network -NumCPU $numCPU -MemoryMB $memory
-            $vm = New-OpenShiftVM -Template $template -Name $name -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -IgnitionData $ignition -Tag $tag -Networking $network -Network $node.network -NumCPU $numCPU -MemoryMB $memory
+            $vm = New-OpenShiftVM -Template $template -Name $name -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -IgnitionData $ignition -Tag $tag -Networking $network -Network $node.network -SecureBoot $secureboot -StoragePolicy $storagepolicy -NumCPU $numCPU -MemoryMB $memory
 
             # Assign tag so we can later clean up
             # New-TagAssignment -Entity $vm -Tag $tag
@@ -321,4 +330,21 @@ function New-OpenshiftVMs {
     foreach ($job in $jobs) {
         Receive-Job -Job $job
     }
+}
+
+# This function is used to set secure boot.
+function Set-SecureBoot {
+    param(
+        $VM
+    )
+
+    $spec = New-Object VMware.Vim.VirtualMachineConfigSpec
+    $spec.Firmware = [VMware.Vim.GuestOsDescriptorFirmwareType]::efi
+
+    $boot = New-Object VMware.Vim.VirtualMachineBootOptions
+    $boot.EfiSecureBootEnabled = $true
+
+    $spec.BootOptions = $boot
+
+    $VM.ExtensionData.ReconfigVM($spec)
 }

upi/vsphere/powercli/upi.ps1

@@ -240,7 +240,7 @@ $template = Get-VM -Name $vm_template -Location $fds[0].datacenter
 # Create LB for Cluster
 $ignition = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((New-LoadBalancerIgnition $sshKey)))
 $network = New-VMNetworkConfig -Hostname "$($metadata.infraID)-lb" -IPAddress $lb_ip_address -Netmask $netmask -Gateway $gateway -DNS $dns -Network $failure_domains[0].network
-$vm = New-OpenShiftVM -IgnitionData $ignition -Name "$($metadata.infraID)-lb" -Template $template -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -Tag $tag -Networking $network -Network $($fds[0].network) -MemoryMB 8192 -NumCpu 4
+$vm = New-OpenShiftVM -IgnitionData $ignition -Name "$($metadata.infraID)-lb" -Template $template -ResourcePool $rp -Datastore $datastoreInfo -Location $folder -Tag $tag -Networking $network -Network $($fds[0].network) -SecureBoot $secureboot -StoragePolicy $storagepolicy -MemoryMB 8192 -NumCpu 4
 $vm | Start-VM
 
 # Take the $virtualmachines defined in upi-variables and convert to a powershell object

upi/vsphere/variables.ps1.example

@@ -29,6 +29,8 @@ $datastore = "workload_share_vcs8eworkload_lrFsW"
 $datacenter = "IBMCloud"
 $cluster = "vcs-8e-workload"
 $vcentercredpath = "secrets/vcenter-creds.xml"
+$storagepolicy = ""
+$secureboot = $false
 
 $pullsecret = @"
 {"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}}