zuul-jobs/playbooks/enable-fips/README.rst
Ade Lee 99711abf23 Add ubuntu to enable-fips role
The enable-fips role has been refactored to support both centos/rhel and
Ubuntu.

In addition, for the Ubuntu tasks, a small role is added to enable a
Ubuntu Advantage subscription.  This is required because Ubuntu requires
a subscription to enable FIPS.  This role takes a subscription key as a
parameter (ubuntu_ua_token.token).

In Openstack, this is provided by the openstack-fips job in
openstack/project-config, which will be the base job for OpenStack jobs.
This job will provide the ubuntu_ua_token.token.

Change-Id: I47a31f680172b47584510adb672b68498a85bd32
2023-02-09 19:02:00 +00:00

583 B

The enable-fips playbook can be invoked to enable FIPS mode on jobs.

This playbook will call the enable-fips role, which will turn FIPS mode on and then reboot the node. To get consistent results, this role should be run very early in the node setup process, so that resources set up later are not affected by the reboot.

A playbook variable enable_fips - which defaults to True - is provided. This variable can be used to skip this playbook.

Job Variables