fips_setup: do nothing by default

Turning FIPS off is not supported so don't enable it by default.

roles/fips_setup/README.md

@@ -16,7 +16,7 @@ Below are the role default values from defaults/main.yml:
 
 # Enable & check or not FIPS mode
 # Disabling FIPS mode is unsupported
-fips_setup_enable: true
+fips_setup_enable: false
 </pre>
 
 ## License

roles/fips_setup/defaults/main.yml

@@ -5,4 +5,4 @@
 
 # Enable & check or not FIPS mode
 # Disabling FIPS mode is unsupported
-fips_setup_enable: true
+fips_setup_enable: false

roles/fips_setup/tasks/enable.yml

@@ -7,19 +7,6 @@
 - name: Gather package facts
   package_facts:
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=2154804
-- name: Disable rngd service
-  service:
-    name: rngd
-    enabled: false
-  when: "'rng-tools' in ansible_facts.packages"
-
-- name: Stop rngd service
-  service:
-    name: rngd
-    state: stopped
-  when: "'rng-tools' in ansible_facts.packages"
-
 - name: Check FIPS mode
   command: fips-mode-setup --is-enabled
   check_mode: false
@@ -30,6 +17,7 @@
 
 - name: Configure FIPS mode
   command: fips-mode-setup --enable
+  changed_when: true
   when: fips_mode.rc != 0
 
 - name: Reboot system

roles/fips_setup/tasks/main.yml

@@ -10,5 +10,5 @@
 - name: Enable FIPS mode
   include_tasks: enable.yml
   when:
-    - ansible_facts.distribution_major_version|int >= 8
+    - ansible_facts.distribution_major_version | int >= 8
     - fips_setup_enable | bool