[3/4] Upgrade GitLab to Amazon Linux 2023 (#6160)

Enable FIPS and associated reboot dependencies

Author: achave11-ucsc

terraform/gitlab/gitlab.tf.json.template.py

@@ -1615,7 +1615,8 @@ def merge(sets: Iterable[Iterable[str]]) -> Iterable[str]:
                         'docker',
                         'amazon-cloudwatch-agent',
                         'amazon-ecr-credential-helper',
-                        'dracut-fips',
+                        'crypto-policies',
+                        'crypto-policies-scripts',
                         (
                             'https://s3.amazonaws.com'
                             '/ec2-downloads-windows/SSMAgent/latest/linux_amd64'
@@ -2162,8 +2163,7 @@ def merge(sets: Iterable[Iterable[str]]) -> Iterable[str]:
                     ],
                     'runcmd': [
                         ['systemctl', 'daemon-reload'],
-                        ['dracut', '-f'],
-                        ['/sbin/grubby', '--update-kernel=ALL', '--args="fips=1"'],
+                        ['fips-mode-setup', '--enable'],
                         [
                             'sed',
                             '--in-place',
@@ -2193,9 +2193,11 @@ def merge(sets: Iterable[Iterable[str]]) -> Iterable[str]:
                             '-c', 'file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json',
                             '-s'  # restart agent afterwards
                         ],
-                        ['yum', '-y', 'update'],
                         ['systemctl', 'enable', '--now', 'amazon-ssm-agent.service']
                     ],
+                    'package_update': True,
+                    'package_upgrade': True,
+                    'package_reboot_if_required': True,
                     # Reboot to realize the added kernel parameter the changed sshd configuration
                     'power_state': {
                         'mode': 'reboot'