fix: update RHDP wrappers to use unified reference value collection

butler54 · claude · butler54 · commit 1fa76b7df0e5 · 2026-06-02T10:41:31.000+08:00
Replace get-pcr.sh call with collect-firmware-refvals.sh --platform azure
in wrapper.sh. Add missing reference value collection step to
wrapper-multicluster.sh (was never collecting PCR values for Vault).
Update RHDP README with prerequisites, env vars, and all deployment modes.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/rhdp/README.md b/rhdp/README.md
@@ -3,6 +3,27 @@
 Red Hat demo platform is a system for employees and red hat partners to generate test infrastructure.
 The scripts in this directory help users of that platform automate deployments.
 
+## Prerequisites
+
+- `podman` installed and running (used for reference value collection)
+- `yq`, `jq` installed
+- OpenShift pull secret at `~/pull-secret.json`
+- SSH key at `~/.ssh/id_rsa` (RSA)
+- RHDP environment variables loaded (see below)
+
+## Environment variables
+
+Provided by your RHDP Azure Open Environment:
+
+```shell
+export GUID=
+export CLIENT_ID=
+export PASSWORD=
+export TENANT=
+export SUBSCRIPTION=
+export RESOURCEGROUP=
+```
+
 ## To deploy
 
 1. Stand up the 'Azure Subscription Based Blank Open Environment'
@@ -12,13 +33,23 @@ The scripts in this directory help users of that platform automate deployments.
 
 ### Single Cluster Deployment
 
-   1. `bash ./rhdp/wrapper.sh eastasia`
-   2. The wrapper script **requires** an azure region code this code SHOULD be the same as what was selected in RHDP.
+   1. Set `main.clusterGroupName: simple` in `values-global.yaml`
+   2. `bash ./rhdp/wrapper.sh eastasia`
+   3. The wrapper script **requires** an azure region code. This code SHOULD be the same as what was selected in RHDP.
+   4. Optionally use `--prefix` for custom cluster naming: `bash ./rhdp/wrapper.sh --prefix dev1 eastasia`
+
+The wrapper handles: cluster provisioning, secret generation, PCR reference value collection (via veritas), and pattern installation.
 
 ### Multi-Cluster Deployment (Hub and Spoke)
 
-   1. `bash ./rhdp/wrapper-multicluster.sh eastasia`
-   2. This creates two clusters: `coco-hub` and `coco-spoke` in the same region
-   3. The pattern is deployed only on the hub cluster
-   4. Hub cluster kubeconfig: `./openshift-install-hub/auth/kubeconfig`
-   5. Spoke cluster kubeconfig: `./openshift-install-spoke/auth/kubeconfig`
+   1. Set `main.clusterGroupName: trusted-hub` in `values-global.yaml`
+   2. `bash ./rhdp/wrapper-multicluster.sh eastasia`
+   3. This creates two clusters: `coco-hub` and `coco-spoke` in the same region
+   4. The pattern is deployed on the hub cluster; the spoke is imported into ACM
+   5. Hub cluster kubeconfig: `./openshift-install-hub/auth/kubeconfig`
+   6. Spoke cluster kubeconfig: `./openshift-install-spoke/auth/kubeconfig`
+
+### Cluster Only (no pattern install)
+
+   1. `bash ./rhdp/wrapper-cluster-only.sh eastasia`
+   2. Provisions the cluster without installing secrets or the pattern
diff --git a/rhdp/wrapper-multicluster.sh b/rhdp/wrapper-multicluster.sh
@@ -144,6 +144,11 @@ echo "---------------------"
 echo "setting up secrets"
 bash ./scripts/gen-secrets.sh
 
+echo "---------------------"
+echo "retrieving PCR measurements"
+echo "---------------------"
+bash ./scripts/collect-firmware-refvals.sh --platform azure
+
 echo "---------------------"
 echo "starting pattern install on hub cluster"
 echo "---------------------"
diff --git a/rhdp/wrapper.sh b/rhdp/wrapper.sh
@@ -189,7 +189,7 @@ bash ./scripts/gen-secrets.sh
 echo "---------------------"
 echo "retrieving PCR measurements"
 echo "---------------------"
-bash ./scripts/get-pcr.sh
+bash ./scripts/collect-firmware-refvals.sh --platform azure
 
 sleep 60
 echo "---------------------"
