Merge "Modify devstack-base to allow for fips"

.zuul.yaml

@@ -370,7 +370,7 @@
 
 - job:
     name: devstack-base
-    parent: multinode
+    parent: openstack-multinode-fips
     abstract: true
     description: |
       Base abstract Devstack job.

functions-common

@@ -2498,6 +2498,11 @@ function clean_pyc_files {
     fi
 }
 
+function is_fips_enabled {
+    fips=`cat /proc/sys/crypto/fips_enabled`
+    [ "$fips" == "1" ]
+}
+
 # Restore xtrace
 $_XTRACE_FUNCTIONS_COMMON
 

lib/databases/mysql

@@ -63,7 +63,7 @@ function recreate_database_mysql {
 }
 
 function configure_database_mysql {
-    local my_conf mysql slow_log
+    local my_conf mysql slow_log my_client_conf
     echo_summary "Configuring and starting MySQL"
 
     if is_ubuntu; then
@@ -80,6 +80,15 @@ function configure_database_mysql {
         exit_distro_not_supported "mysql configuration"
     fi
 
+    # Set fips mode on
+    if is_ubuntu; then
+        if is_fips_enabled; then
+            my_client_conf=/etc/mysql/mysql.conf.d/mysql.cnf
+            iniset -sudo $my_client_conf mysql ssl-fips-mode "on"
+            iniset -sudo $my_conf mysqld ssl-fips-mode "on"
+        fi
+    fi
+
     # Change bind-address from localhost (127.0.0.1) to any (::)
     iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"