99711abf23
The enable-fips role has been refactored to support both centos/rhel and Ubuntu. In addition, for the Ubuntu tasks, a small role is added to enable a Ubuntu Advantage subscription. This is required because Ubuntu requires a subscription to enable FIPS. This role takes a subscription key as a parameter (ubuntu_ua_token.token). In Openstack, this is provided by the openstack-fips job in openstack/project-config, which will be the base job for OpenStack jobs. This job will provide the ubuntu_ua_token.token. Change-Id: I47a31f680172b47584510adb672b68498a85bd32
14 lines
527 B
ReStructuredText
14 lines
527 B
ReStructuredText
Enable FIPS on a node.
|
|
|
|
Set a node into FIPS mode, to test functionality when crypto
|
|
policies are set to FIPS in RHEL/Centos >=8 or Ubuntu.
|
|
|
|
For Ubuntu nodes, the node is assumed to already have an Ubuntu
|
|
Advantage subscription activated, as this is required to enable
|
|
FIPS mode. The enable-ua-subscription role in this repo can be
|
|
used to activate the subscription.
|
|
|
|
The role will set the node into FIPS mode, reboot the node, and
|
|
then call the post-reboot-tasks role. This role requires a role
|
|
parameter - nslookup_target.
|