99711abf23
The enable-fips role has been refactored to support both centos/rhel and Ubuntu. In addition, for the Ubuntu tasks, a small role is added to enable a Ubuntu Advantage subscription. This is required because Ubuntu requires a subscription to enable FIPS. This role takes a subscription key as a parameter (ubuntu_ua_token.token). In Openstack, this is provided by the openstack-fips job in openstack/project-config, which will be the base job for OpenStack jobs. This job will provide the ubuntu_ua_token.token. Change-Id: I47a31f680172b47584510adb672b68498a85bd32
19 lines
583 B
ReStructuredText
19 lines
583 B
ReStructuredText
The enable-fips playbook can be invoked to enable FIPS mode on jobs.
|
|
|
|
This playbook will call the enable-fips role, which will turn FIPS mode on
|
|
and then reboot the node. To get consistent results, this role should
|
|
be run very early in the node setup process, so that resources set up
|
|
later are not affected by the reboot.
|
|
|
|
A playbook variable enable_fips - which defaults to True - is provided.
|
|
This variable can be used to skip this playbook.
|
|
|
|
**Job Variables**
|
|
|
|
.. zuul:jobvar:: enable_fips
|
|
:default: True
|
|
|
|
Whether to run the playbook and enable fips. Defaults to True.
|
|
|
|
|