Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-15845

FIPS install should fail if installer is not FIPS capable

XMLWordPrintable

    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the installation program did not enforce the requirement that FIPS-enabled clusters were installed from FIPS-enabled RHEL hosts. With this update, the installation program enforces the FIPS requirement. (link:https://issues.redhat.com/browse/OCPBUGS-15845[*OCPBUGS-15845*])
      Show
      * Previously, the installation program did not enforce the requirement that FIPS-enabled clusters were installed from FIPS-enabled RHEL hosts. With this update, the installation program enforces the FIPS requirement. (link: https://issues.redhat.com/browse/OCPBUGS-15845 [* OCPBUGS-15845 *])
    • Bug Fix
    • Done

      Because the installer generates some of the keys that will remain present in the cluster (e.g. the signing key for the admin kubeconfig), it should also run in an environment where FIPS is enabled.

      Because it is very easy to fail to notice that the keys were generated in a non-FIPS-certified environment, we should enforce this by checking that fips_enabled is true if the target cluster is to have FIPS enabled.

      walters@redhat.com has a patch for this.

              zabitter Zane Bitter
              zabitter Zane Bitter
              Gaoyun Pei Gaoyun Pei
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: