Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: 4.16.0
Affects Version/s: 4.13, 4.12, 4.11, 4.10
Component/s: Installer / openshift-installer
Labels:
- triaged

Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Links:

Because the installer generates some of the keys that will remain present in the cluster (e.g. the signing key for the admin kubeconfig), it should also run in an environment where FIPS is enabled.

Because it is very easy to fail to notice that the keys were generated in a non-FIPS-certified environment, we should enforce this by checking that fips_enabled is true if the target cluster is to have FIPS enabled.

walters@redhat.com has a patch for this.

is related to

OCPBUGS-15861 openshift-baremetal-installer should not link against libvirt

Verified

relates to

CORS-3418 Ship static build of openshift-installer

Closed

links to

openshift-metal3/dev-scripts#1591: Skip host FIPS validation in installer by default

openshift/installer#7566: OCPBUGS-15845: Check host for compatibility with target cluster config

openshift/release#44188: Skip host FIPS validation in installer

openshift/release#51009: Skip host FIPS validation in installer

RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

(2 links to)

Assignee:: Zane Bitter

Reporter:: Zane Bitter

QA Contact:: Gaoyun Pei

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Created:: 2023/07/06 3:20 AM

Updated:: 2024/05/06 4:57 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates