60acea0da6
We bump the Ansible version to the version that Zuul runs. We then set ansible-lint to the current latest version. This results in a number of new linter violations which we fix. These violations include: * Needing to name plays * Needing to start names with a capital letter * Using fully qualified names for action modules * Quoting permissions strings to avoid octal conversion errors * Using explicit yaml structures for tasks We also tell ansible-lint to mock zuul_return so that we don't get errors from it complaining that this module is not defined. Change-Id: Ic881313fea58f4482f70e493f3d256541d31860a |
||
|---|---|---|
| .. | ||
| enable-fips.yaml | ||
| README.rst | ||
The enable-fips playbook can be invoked to enable FIPS mode on jobs.
This playbook will call the enable-fips role in zuul-jobs, which will turn FIPS mode on and then reboot the node. To get consistent results, this role should be run very early in the node setup process, so that resources set up later are not affected by the reboot.
In practice, this means that the playbook is invoked as part of a base job like openstack-multinode-fips for example. In order to avoid duplicating complex inheritance trees, we expect to use this base job for most jobs.
As most jobs will not require fips, a playbook variable enable_fips - which defaults to False - is provided. To enable FIPS mode, a job will simply need to set enable_fips to True as a job variable.
Job Variables