99711abf23
The enable-fips role has been refactored to support both centos/rhel and Ubuntu. In addition, for the Ubuntu tasks, a small role is added to enable a Ubuntu Advantage subscription. This is required because Ubuntu requires a subscription to enable FIPS. This role takes a subscription key as a parameter (ubuntu_ua_token.token). In Openstack, this is provided by the openstack-fips job in openstack/project-config, which will be the base job for OpenStack jobs. This job will provide the ubuntu_ua_token.token. Change-Id: I47a31f680172b47584510adb672b68498a85bd32
527 B
527 B
Enable FIPS on a node.
Set a node into FIPS mode, to test functionality when crypto policies are set to FIPS in RHEL/Centos >=8 or Ubuntu.
For Ubuntu nodes, the node is assumed to already have an Ubuntu Advantage subscription activated, as this is required to enable FIPS mode. The enable-ua-subscription role in this repo can be used to activate the subscription.
The role will set the node into FIPS mode, reboot the node, and then call the post-reboot-tasks role. This role requires a role parameter - nslookup_target.