[PRODENG-3471] Fix Windows MCR install failing on FIPS channels

.github/workflows/smoke-tests.yaml

@@ -69,6 +69,23 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         run: make smoke-windows
 
+  smoke-fips:
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'push' ||
+      contains(github.event.pull_request.labels.*.name, 'smoke-test') ||
+      contains(github.event.pull_request.labels.*.name, 'smoke-fips')
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Run FIPS smoke test
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: make smoke-fips
+
   smoke-upgrade:
     runs-on: ubuntu-latest
     if: |

Makefile

@@ -63,6 +63,9 @@ smoke-legacy:
 .PHONY: smoke-windows
 smoke-windows:
 	go test -count=1 -v ./test/smoke/... -run TestWindowsCluster -timeout 60m
+.PHONY: smoke-fips
+smoke-fips:
+	go test -count=1 -v ./test/smoke/... -run TestFIPSCluster -timeout 60m
 .PHONY: smoke-upgrade
 smoke-upgrade:
 	go test -count=1 -v ./test/smoke/... -run TestUpgrade -timeout 90m

examples/terraform/aws-simple/platform.tf

@@ -18,6 +18,17 @@ locals {
       ssh_user   = "ubuntu"
       ssh_port   = 22
     }
+    // TODO: remove once terraform-mirantis-modules/terraform-mirantis-provision-aws v0.1.6
+    // is picked up by the Terraform Registry and the module source is updated to >= v0.1.6.
+    // ubuntu_22.04_fips was added upstream in PR #21 (released in v0.1.6).
+    "ubuntu_22.04_fips" = {
+      ami_name   = "ubuntu-pro-fips-updates-server/images/hvm-ssd/ubuntu-jammy-22.04-amd64-pro-fips-updates-server-*"
+      owner      = "099720109477"
+      interface  = "ens5"
+      connection = "ssh"
+      ssh_user   = "ubuntu"
+      ssh_port   = 22
+    }
     "windows_2025" = {
       ami_name       = "Windows_Server-2025-English-Core-Base-*"
       owner          = "801119661308"

pkg/configurer/windows.go

@@ -60,7 +60,6 @@ func (c WindowsConfigurer) InstallMCRLicense(h os.Host, lic string) error {
 
 // InstallMCR install MCR on Windows.
 func (c WindowsConfigurer) InstallMCR(h os.Host, engineConfig commonconfig.MCRConfig) error {
-	version := "latest"
 
 	installerPath, getInstallerErr := GetInstaller(engineConfig.InstallURLWindows)
 	if getInstallerErr != nil {
@@ -79,7 +78,7 @@ func (c WindowsConfigurer) InstallMCR(h os.Host, engineConfig commonconfig.MCRCo
 		}
 	}()
 
-	installCommand := fmt.Sprintf("set DOWNLOAD_URL=%s && set DOCKER_VERSION=%s && set CHANNEL=%s && powershell -ExecutionPolicy Bypass -NoProfile -NonInteractive -File %s -Verbose", engineConfig.RepoURL, version, engineConfig.Channel, ps.DoubleQuote(installer))
+	installCommand := fmt.Sprintf("set DOWNLOAD_URL=%s && set CHANNEL=%s && powershell -ExecutionPolicy Bypass -NoProfile -NonInteractive -File %s -Verbose", engineConfig.RepoURL, engineConfig.Channel, ps.DoubleQuote(installer))
 
 	log.Infof("%s: running installer", h)
 

test/platforms.go

@@ -145,4 +145,12 @@ var Platforms = map[string]Platform{
 		Public:     true,
 		UserData:   "",
 	},
+	"Ubuntu22FIPS": {
+		Name:       "ubuntu_22.04_fips",
+		Count:      1,
+		VolumeSize: "100",
+		Public:     true,
+		UserData:   "sudo ufw allow 2377,7946,10250/tcp; sudo ufw allow 7946,4789/udp",
+	},
 }
+

test/smoke/smoke_test.go

@@ -225,3 +225,21 @@ func TestWindowsCluster(t *testing.T) {
 	})
 }
 
+// TestFIPSCluster exercises an ubuntu_22.04_fips manager and a windows_2022 worker
+// with MCR stable-29.2.1/fips and MKE 3.9.2. Validates that the Windows
+// installer correctly resolves a versioned FIPS artifact from the channel
+// index rather than attempting the non-existent docker-latest+fips.zip.
+// Uses RSA keypair (required for Windows password retrieval).
+func TestFIPSCluster(t *testing.T) {
+	runSmokeTest(t, smokeConfig{
+		Name:            "fips",
+		MCRChannel:      "stable-29.2.1/fips",
+		MKEVersion:      "3.9.2",
+		MSRVersion:      "3.1.18",
+		SSHKeyAlgorithm: "rsa",
+		Nodegroups: map[string]interface{}{
+			"MngrUbuntu22FIPS": test.Platforms["Ubuntu22FIPS"].GetManager(),
+			"WrkWin2025":   test.Platforms["Windows2025"].GetWorker(),
+		},
+	})
+}