fix: when in fips mode and in a disconnected environment, remove the non fips openshift-install

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

Author: prb112

playbooks/roles/ocp-config/tasks/extract.yaml

@@ -31,6 +31,13 @@
   args:
     chdir: "{{ tools_dir }}"
 
+- name: Extract OCP4 tools from release image ( local-registry )
+  when: enable_local_registry
+  shell: |
+    oc adm release extract --tools {{ release_image_override }} --registry-config='{{ ansible_env.HOME }}/.openshift/pull-secret-updated'
+  args:
+    chdir: "{{ tools_dir }}"
+
 - name: Create pull-secret file
   when: not enable_local_registry
   copy:
@@ -57,6 +64,28 @@
     remote_src: yes
   with_items: "{{ find_result.files }}"
 
+- name: Check if openshift-install binary exists
+  ansible.builtin.stat:
+    path: "/usr/local/bin/openshift-install"
+  register: binary_check
+  
+- name: Remove openshift-install binary when FIPS is enabled
+  ansible.builtin.file:
+    path: "/usr/local/bin/openshift-install"
+    state: absent
+  when: 
+    - fips_compliant
+    - binary_check.stat.exists
+
+- name: Link openshift-install-fips to openshift-install
+  file:
+    src: "/usr/local/bin/openshift-install-fips"
+    dest: "/usr/local/bin/openshift-install"
+    state: link
+  when: 
+    - fips_compliant  # FIPS is enabled
+    - binary_check.stat.exists
+
 - name: Remove tools directory
   file:
     path: "{{ tools_dir }}"