openstack
/
openstack-zuul-jobs
Code Issues Proposed changes
openstack-zuul-jobs/playbooks/fips
History
Ade Lee fa4d1e7e9a Fix playbook to enable fips 
Change-Id: If986f85b961f081296328392beb3836f96b5b80e
 		2023-02-13 14:01:13 +01:00
..
README.rst FIPS changes to allow FIPS to run on multinode Ubuntu jobs 2023-01-30 22:35:16 +01:00
enable-fips.yaml Fix playbook to enable fips 2023-02-13 14:01:13 +01:00

README.rst

The enable-fips playbook can be invoked to enable FIPS mode on jobs.

This playbook will call the enable-fips role in zuul-jobs, which will turn FIPS mode on and then reboot the node. To get consistent results, this role should be run very early in the node setup process, so that resources set up later are not affected by the reboot.

In practice, this means that the playbook is invoked as part of a base job like openstack-multinode-fips for example. In order to avoid duplicating complex inheritance trees, we expect to use this base job for most jobs.

As most jobs will not require fips, a playbook variable enable_fips - which defaults to False - is provided. To enable FIPS mode, a job will simply need to set enable_fips to True as a job variable.

Job Variables