zuul-jobs/roles/enable-fips/tasks/ubuntu.yaml

- name: Install ua-tools
  become: true
  package:
    name: ubuntu-advantage-tools
    state: present

- name: Enable fips
  become: true
  command: ua enable fips

- name: Verify fips is enabled
  become: true
  command: ua status

- name: Reboot server for FIPS mode
  become: true
  reboot:
    reboot_timeout: 1800

- name: Run post-boot tasks
  include_role:
    name: post-reboot-tasks

- name: Ensure FIPS mode is enabled
  become: true
  command: cat /proc/sys/crypto/fips_enabled
  register: _result

- name: Assert FIPS is enabled
  assert:
    that: _result.stdout == "1"