99711abf23
The enable-fips role has been refactored to support both centos/rhel and Ubuntu. In addition, for the Ubuntu tasks, a small role is added to enable a Ubuntu Advantage subscription. This is required because Ubuntu requires a subscription to enable FIPS. This role takes a subscription key as a parameter (ubuntu_ua_token.token). In Openstack, this is provided by the openstack-fips job in openstack/project-config, which will be the base job for OpenStack jobs. This job will provide the ubuntu_ua_token.token. Change-Id: I47a31f680172b47584510adb672b68498a85bd32 |
||
---|---|---|
.. | ||
pre.yaml | ||
README.rst |
The enable-fips playbook can be invoked to enable FIPS mode on jobs.
This playbook will call the enable-fips role, which will turn FIPS mode on and then reboot the node. To get consistent results, this role should be run very early in the node setup process, so that resources set up later are not affected by the reboot.
A playbook variable enable_fips - which defaults to True - is provided. This variable can be used to skip this playbook.
Job Variables