From 9107f3ee7d82fefeadfb00c4d39946be35e046f8 Mon Sep 17 00:00:00 2001
From: Douglas Viroel <dviroel@redhat.com>
Date: Fri, 8 Oct 2021 17:20:04 -0300
Subject: [PATCH] Add FIPS enable multinode job definition

This patch adds a new multinode job definition that enables
FIPS mode prior to multinode configuration.
In order to enable FIPS mode, the OS boot procedure need to be
changed to enable the appropriate kernel flag. This modification
has effect only after system reboot.
The default behavior of this job is to always enable FIPS mode.

Change-Id: I6f1365837d9ed2ba82c391a20f9094c9ef0e6c4e
Signed-off-by: Douglas Viroel <dviroel@redhat.com>
---
 doc/source/general-jobs.rst    |  1 +
 playbooks/enable-fips/pre.yaml |  9 +++++++++
 zuul.d/general-jobs.yaml       | 10 ++++++++++
 3 files changed, 20 insertions(+)
 create mode 100644 playbooks/enable-fips/pre.yaml

diff --git a/doc/source/general-jobs.rst b/doc/source/general-jobs.rst
index 5d75b50cf..47b67186f 100644
--- a/doc/source/general-jobs.rst
+++ b/doc/source/general-jobs.rst
@@ -6,6 +6,7 @@ General Purpose Jobs
 .. zuul:autojob:: unittests
 .. zuul:autojob:: markdownlint
 .. zuul:autojob:: multinode
+.. zuul:autojob:: multinode-fips
 .. zuul:autojob:: run-test-command
 .. zuul:autojob:: shake-build
 .. zuul:autojob:: upload-git-mirror
diff --git a/playbooks/enable-fips/pre.yaml b/playbooks/enable-fips/pre.yaml
new file mode 100644
index 000000000..6082c468e
--- /dev/null
+++ b/playbooks/enable-fips/pre.yaml
@@ -0,0 +1,9 @@
+- name: Enable FIPS mode
+  hosts: all
+  tasks:
+    # Enabling FIPS mode requires changes in boot procedure to provide the
+    # appropriate kernel flag. The change has effect only after system reboot.
+    - name: Enable FIPS mode and reboot node
+      include_role:
+        name: enable-fips
+      when: enable_fips | default(true)
diff --git a/zuul.d/general-jobs.yaml b/zuul.d/general-jobs.yaml
index 0c2c9231a..fbc4a6b73 100644
--- a/zuul.d/general-jobs.yaml
+++ b/zuul.d/general-jobs.yaml
@@ -25,6 +25,16 @@
       overlay networks and setting up known-hosts and ssh keys
     pre-run: playbooks/multinode/pre.yaml
 
+- job:
+    name: multinode-fips
+    abstract: true
+    description: |
+      Enable fips and do the setup needed for multi-node jobs such as setting
+      up overlay networks and setting up known-hosts and ssh keys
+    pre-run:
+      - playbooks/enable-fips/pre.yaml
+      - playbooks/multinode/pre.yaml
+
 - job:
     name: run-test-command
     parent: unittests