From 11185552054084b9b83f6bc3db656a5b544cf87c Mon Sep 17 00:00:00 2001
From: "Eric D. Helms" <ericdhelms@gmail.com>
Date: Wed, 6 Mar 2024 21:06:18 -0500
Subject: [PATCH] Add EL9 to FIPS role

---
 roles/fips/tasks/el7.yml  | 20 --------------------
 roles/fips/tasks/el8.yml  |  8 --------
 roles/fips/tasks/main.yml | 16 +++++++++++-----
 3 files changed, 11 insertions(+), 33 deletions(-)
 delete mode 100644 roles/fips/tasks/el7.yml
 delete mode 100644 roles/fips/tasks/el8.yml

diff --git a/roles/fips/tasks/el7.yml b/roles/fips/tasks/el7.yml
deleted file mode 100644
index fc9cd1ca8..000000000
--- a/roles/fips/tasks/el7.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-- name: 'Install dracut-fips'
-  package:
-    name: dracut-fips
-    state: present
-
-- name: 'Run dracut to rebuild initramfs'
-  command: dracut --force
-
-- name: 'Find /boot mount'
-  set_fact:
-    boot_mount: "{{ ansible_facts.mounts | selectattr('mount', '==', '/boot') | list }}"
-
-- name: 'Generate boot=UUID=XXXX kernel command'
-  set_fact:
-    boot_cmd: "boot=UUID={{ boot_mount[0]['uuid'] }}"
-  when: boot_mount|length > 0
-
-- name: 'Edit kernel command-line to include the fips=1 and boot=UUID=XXXX argument'
-  shell: 'grubby --update-kernel=DEFAULT --args="fips=1 {{ boot_cmd | default() }}"'
diff --git a/roles/fips/tasks/el8.yml b/roles/fips/tasks/el8.yml
deleted file mode 100644
index 1debbafa5..000000000
--- a/roles/fips/tasks/el8.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- name: Install FIPS package
-  package:
-    name: crypto-policies-scripts
-    state: present
-
-- name: enable fips mode
-  command: /usr/bin/fips-mode-setup --enable
diff --git a/roles/fips/tasks/main.yml b/roles/fips/tasks/main.yml
index 8bbad6d8f..c60c8ae28 100644
--- a/roles/fips/tasks/main.yml
+++ b/roles/fips/tasks/main.yml
@@ -1,10 +1,16 @@
 ---
-- include_tasks: 'el{{ ansible_distribution_major_version }}.yml'
-  when: not ansible_fips
+- when: not ansible_fips
+  block:
+    - name: Install FIPS package
+      package:
+        name: crypto-policies-scripts
+        state: present
 
-- name: reboot vm
-  reboot:
-  when: not ansible_fips
+    - name: enable fips mode
+      command: /usr/bin/fips-mode-setup --enable
+
+    - name: reboot vm
+      reboot:
 
 - name: 'Verify FIPS enabled - If failed means the machine is not FIPS enabled'
   # not using `ansible_fips` here, as that has not been refreshed yet