For CPUs with the AES New Instructions add dracut-fips-aesni to turn …

…kernel space into FIPS mode. Do not transfer file for smoke tests since all the pedant tests are run. Signed-off-by: Prajakta Purohit <[email protected]>
chef · Mar 25, 2020 · 01fe504 · 01fe504
1 parent 6a878d4
commit 01fe504
Showing 1 changed file with 1 addition and 6 deletions.
diff --git a/terraform/aws/scenarios/omnibus-fips/main.tf b/terraform/aws/scenarios/omnibus-fips/main.tf
@@ -28,7 +28,7 @@ resource "null_resource" "chef_server_fips" {
       "echo -e '\nFIPS STATUS:\n'",
       "sudo sysctl crypto.fips_enabled",
       "echo -e '\nBEGIN ENABLING FIPS MODE\n'",
-      "sudo yum install -y dracut-fips",
+      "sudo yum install -y dracut-fips dracut-fips-aesni",
       "sudo dracut -f",
       "if [ -f /etc/default/grub ]; then sudo sed -i '/GRUB_CMDLINE_LINUX/{s/=\"/=\"fips=1 /;}' /etc/default/grub; sudo grub2-mkconfig -o /boot/grub2/grub.cfg; else sudo sed -i '/^\t.*kernel.*boot/{s/$/ fips=1/;}' /boot/grub/grub.conf; fi",
       "echo -e '\nEND ENABLING FIPS MODE\n'",
@@ -95,11 +95,6 @@ resource "null_resource" "chef_server_test" {
   }
 
   # upload test scripts
-  provisioner "file" {
-    source      = "${path.module}/../../../common/files/test_chef_server-smoke.sh"
-    destination = "/tmp/test_chef_server-smoke.sh"
-  }
-
   provisioner "file" {
     source      = "${path.module}/../../../common/files/test_chef_server-pedant.sh"
     destination = "/tmp/test_chef_server-pedant.sh"