Add FIPS enable multinode job definition

This patch adds a new multinode job definition that enables FIPS mode prior to multinode configuration. In order to enable FIPS mode, the OS boot procedure need to be changed to enable the appropriate kernel flag. This modification has effect only after system reboot. The default behavior of this job is to always enable FIPS mode. Change-Id: I6f1365837d9ed2ba82c391a20f9094c9ef0e6c4e Signed-off-by: Douglas Viroel <dviroel@redhat.com>
2021-10-08 17:20:04 -03:00 · 2021-10-08 17:20:04 -03:00 · 9107f3ee7d
parent d5e4d55c15
commit 9107f3ee7d
3 changed files with 20 additions and 0 deletions
--- a/doc/source/general-jobs.rst
+++ b/doc/source/general-jobs.rst
@ -6,6 +6,7 @@ General Purpose Jobs
 .. zuul:autojob:: unittests
 .. zuul:autojob:: markdownlint
 .. zuul:autojob:: multinode
+.. zuul:autojob:: multinode-fips
 .. zuul:autojob:: run-test-command
 .. zuul:autojob:: shake-build
 .. zuul:autojob:: upload-git-mirror
--- a/playbooks/enable-fips/pre.yaml
+++ b/playbooks/enable-fips/pre.yaml
@ -0,0 +1,9 @@
+- name: Enable FIPS mode
+  hosts: all
+  tasks:
+    # Enabling FIPS mode requires changes in boot procedure to provide the
+    # appropriate kernel flag. The change has effect only after system reboot.
+    - name: Enable FIPS mode and reboot node
+      include_role:
+        name: enable-fips
+      when: enable_fips | default(true)
--- a/zuul.d/general-jobs.yaml
+++ b/zuul.d/general-jobs.yaml
@ -25,6 +25,16 @@
      overlay networks and setting up known-hosts and ssh keys
    pre-run: playbooks/multinode/pre.yaml

+- job:
+    name: multinode-fips
+    abstract: true
+    description: |
+      Enable fips and do the setup needed for multi-node jobs such as setting
+      up overlay networks and setting up known-hosts and ssh keys
+    pre-run:
+      - playbooks/enable-fips/pre.yaml
+      - playbooks/multinode/pre.yaml
+
 - job:
    name: run-test-command
    parent: unittests