diff --git a/.zuul.yaml b/.zuul.yaml
index 80d690c3e9..e600925f85 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -256,16 +256,25 @@
               output_format: raw
 
 - job:
-    name: glance-multistore-cinder-import
+    name: glance-multistore-cinder-import-fips
     parent: tempest-integrated-storage-import
     description: |
-      The regular import workflow job to test with multiple cinder stores
+      The regular import workflow job to test with multiple cinder stores with
+      fips enabled
+    nodeset: devstack-single-node-centos-8-stream
+    pre-run: playbooks/enable-fips.yaml
     vars:
+      configure_swap_size: 4096
       devstack_localrc:
         USE_CINDER_FOR_GLANCE: True
         GLANCE_ENABLE_MULTIPLE_STORES: True
         CINDER_ENABLED_BACKENDS: lvm:lvmdriver-1,lvm:lvmdriver-2
         GLANCE_CINDER_DEFAULT_BACKEND: lvmdriver-1
+      devstack_local_conf:
+        test-config:
+          "$TEMPEST_CONFIG":
+            validation:
+              ssh_key_type: 'ecdsa'
 
 - job:
     name: tempest-integrated-storage-import-standalone
@@ -303,7 +312,7 @@
       - release-notes-jobs-python3
     check:
       jobs:
-        - openstack-tox-functional-py36
+        - openstack-tox-functional-py36-fips
         - openstack-tox-functional-py39
         - glance-tox-functional-py39-rbac-defaults
         - glance-code-constants-check
@@ -327,7 +336,7 @@
             irrelevant-files: *tempest-irrelevant-files
         - tempest-integrated-storage-import-standalone:
             irrelevant-files: *tempest-irrelevant-files
-        - glance-multistore-cinder-import:
+        - glance-multistore-cinder-import-fips:
             irrelevant-files: *tempest-irrelevant-files
         - grenade:
             irrelevant-files: *tempest-irrelevant-files
diff --git a/playbooks/enable-fips.yaml b/playbooks/enable-fips.yaml
new file mode 100644
index 0000000000..bc1dc04ea8
--- /dev/null
+++ b/playbooks/enable-fips.yaml
@@ -0,0 +1,3 @@
+- hosts: all
+  roles:
+    - enable-fips
diff --git a/tools/test-setup.sh b/tools/test-setup.sh
index 505a58cb70..2d8ed73c10 100755
--- a/tools/test-setup.sh
+++ b/tools/test-setup.sh
@@ -15,6 +15,34 @@ DB_ROOT_PW=${MYSQL_ROOT_PW:-insecure_slave}
 DB_USER=openstack_citest
 DB_PW=openstack_citest
 
+function set_conf_line {
+    # parameters: file regex value
+    # check if the regex occurs in the file
+    # If so, replace with the value.
+    # If not, append the value to the end of the file.
+    sudo sh -c "grep -q -e '$2' $1 && \
+            sed -i 's|$2|$3|g' $1 || \
+            echo '$3' >> $1"
+}
+
+if $(egrep -q "^.*(centos:centos:|cloudlinux:cloudlinux:|redhat:enterprise_linux:)[78].*$" /etc/*release); then
+    # mysql needs to be started on centos/rhel
+    sudo systemctl restart mariadb.service
+
+    # postgres setup for centos
+    # make sure to use scram-sha-256 instead of md5 for fips!
+    sudo postgresql-setup --initdb
+    PG_CONF=/var/lib/pgsql/data/postgresql.conf
+    set_conf_line $PG_CONF '^password_encryption =.*' 'password_encryption = scram-sha-256'
+
+    PG_HBA=/var/lib/pgsql/data/pg_hba.conf
+    set_conf_line $PG_HBA '^local[ \t]*all[ \t]*all.*' 'local all all peer'
+    set_conf_line $PG_HBA '^host[ \t]*all[ \t]*all[ \t]*127.0.0.1\/32.*' 'host all all 127.0.0.1/32 scram-sha-256'
+    set_conf_line $PG_HBA '^host[ \t]*all[ \t]*all[ \t]*::1\/128.*' 'host all all ::1/128 scram-sha-256'
+
+    sudo systemctl restart postgresql.service
+fi
+
 sudo -H mysqladmin -u root password $DB_ROOT_PW
 
 # It's best practice to remove anonymous users from the database.  If