Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-2551

Enable Vector to use OpenSSL

XMLWordPrintable

    • Enable Vector to use OpenSSL
    • False
    • None
    • False
    • Green
    • NEW
    • To Do
    • OBSDA-111 - Provide GA Support for Vector Collector with OpenShift Logging
    • Impediment
    • OBSDA-111Provide GA Support for Vector Collector with OpenShift Logging
    • VERIFIED
    • 0% To Do, 0% In Progress, 100% Done

      Goals

      Modify Vector and/or its dependencies to fully rely upon OpenSSL in lieu of the alternatives (e.g. ring)

      Non-Goals

      Motivation

      Product requirements dictate we deliver a product that is both export and FIPS compliant. OpenSSL meets these requirements

      Alternatives

      Acceptance Criteria

      • Vector functions on a FIPS enabled cluster
      • Vector is export compliant
      • Vector with default feature sets supports architectures: x86_64, s390x, ppc64, arm
      • PR are submitted (or accepted) with the proposed changes to any upstream communities
      • Able to build vector on x86_64s390xppc64, and arm with default feature set

      Risk and Assumptions

      We assume the upstream community ultimately has these same goal of being FIPS compliant. The biggest risk is it is not a priority for the community and they may not accept contributions for the changes required. We may need to carry patches of Vector and/or its dependencies

      Documentation Considerations

      • Update documentation to state the collector runs on FIPS enabled clusters. There should be no need to additional document export compliance given this is an implied legal requirement for any product delivered by RH
      • Qualify our FIPS and export compliance until we can satisfy the requirement

      Open Questions

      • How extensive are the changes required to Vector?
      • How extensive are the change required to Vector dependencies?
      • Can we design a ring to OpenSSL adapter library to make the runtime swappable?
      • Are we blocked from going GA without these changes or can we qualify with documentation.

      Additional Notes

          There are no Sub-Tasks for this issue.

              syedriko_sub@redhat.com Sergey Yedrikov
              jcantril@redhat.com Jeffrey Cantrill
              Ishwar Kanse Ishwar Kanse
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: