Merge "Modify devstack-base to allow for fips"
diff --git a/.zuul.yaml b/.zuul.yaml
index fa7f180..37625f3 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -370,7 +370,7 @@
- job:
name: devstack-base
- parent: multinode
+ parent: openstack-multinode-fips
abstract: true
description: |
Base abstract Devstack job.
diff --git a/functions-common b/functions-common
index c7a1c6e..fa7e4f2 100644
--- a/functions-common
+++ b/functions-common
@@ -2498,6 +2498,11 @@
fi
}
+function is_fips_enabled {
+ fips=`cat /proc/sys/crypto/fips_enabled`
+ [ "$fips" == "1" ]
+}
+
# Restore xtrace
$_XTRACE_FUNCTIONS_COMMON
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 00b02b3..27d1ec6 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -63,7 +63,7 @@
}
function configure_database_mysql {
- local my_conf mysql slow_log
+ local my_conf mysql slow_log my_client_conf
echo_summary "Configuring and starting MySQL"
if is_ubuntu; then
@@ -80,6 +80,15 @@
exit_distro_not_supported "mysql configuration"
fi
+ # Set fips mode on
+ if is_ubuntu; then
+ if is_fips_enabled; then
+ my_client_conf=/etc/mysql/mysql.conf.d/mysql.cnf
+ iniset -sudo $my_client_conf mysql ssl-fips-mode "on"
+ iniset -sudo $my_conf mysqld ssl-fips-mode "on"
+ fi
+ fi
+
# Change bind-address from localhost (127.0.0.1) to any (::)
iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"