d322181322
A new job openstack-fips is created. This job is expected to be a base job for most OpenStack jobs, so that FIPS testing can be easily enabled throughout OpenStack CI. A base job is required here because, for Ubuntu nodes, we need to enable an Ubuntu Advantage subscription, as Ubuntu considers FIPS to be a UA feature. The subscription key is stored here in project-config. Depends-On: I47a31f680172b47584510adb672b68498a85bd32 Change-Id: I8a88d6a9bcf5725986b00b063e03686d3225b48e
23 lines
807 B
ReStructuredText
23 lines
807 B
ReStructuredText
This pre.yaml playbook is called as part of the openstack-fips job.
|
|
Its primary purpose is enable an Ubuntu Advantage subscription using
|
|
a subscription key that is stored in project-config.
|
|
|
|
Enabling FIPS requires a reboot, and so we need the FIPS playbook to
|
|
run very early in the node setup, so that resources set up by
|
|
subsequent pre-scripts are not affected by the reboot.
|
|
|
|
Therefore, the openstack-fips job must be definied as a base job for
|
|
most OpenStack jobs. As most jobs will not require fips, a playbook
|
|
variable enable_fips - which defaults to False - is provided.
|
|
|
|
To enable FIPS mode, a job will simply need to set enable_fips to
|
|
True as a job variable.
|
|
|
|
**Job Variables**
|
|
|
|
.. zuul:jobvar:: enable_fips
|
|
:default: False
|
|
|
|
Whether to run the playbook and enable fips. Defaults to False.
|
|
|