Merge "Modify devstack-base to allow for fips"

2023-04-20 23:55:40 +00:00 · 2023-04-20 23:55:40 +00:00 · 2e607b0cbd
parent b33ec4bf1b 15b2e42968
commit 2e607b0cbd
3 changed files with 16 additions and 2 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -370,7 +370,7 @@

 - job:
    name: devstack-base
-    parent: multinode
+    parent: openstack-multinode-fips
    abstract: true
    description: |
      Base abstract Devstack job.
--- a/5
+++ b/5
@ -2498,6 +2498,11 @@ function clean_pyc_files {
    fi
 }

+function is_fips_enabled {
+    fips=`cat /proc/sys/crypto/fips_enabled`
+    [ "$fips" == "1" ]
+}
+
 # Restore xtrace
 $_XTRACE_FUNCTIONS_COMMON

--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@ -63,7 +63,7 @@ function recreate_database_mysql {
 }

 function configure_database_mysql {
-    local my_conf mysql slow_log
+    local my_conf mysql slow_log my_client_conf
    echo_summary "Configuring and starting MySQL"

    if is_ubuntu; then
@ -80,6 +80,15 @@ function configure_database_mysql {
        exit_distro_not_supported "mysql configuration"
    fi

+    # Set fips mode on
+    if is_ubuntu; then
+        if is_fips_enabled; then
+            my_client_conf=/etc/mysql/mysql.conf.d/mysql.cnf
+            iniset -sudo $my_client_conf mysql ssl-fips-mode "on"
+            iniset -sudo $my_conf mysqld ssl-fips-mode "on"
+        fi
+    fi
+
    # Change bind-address from localhost (127.0.0.1) to any (::)
    iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"