Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-1196

FIPS support on EDPM nodes

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Critical Critical
    • rhos-18.0.0
    • None
    • edpm-ansible
    • None
    • FIPS by default on EDPM compute nodes
    • False
    • False
    • OSPRH-787FIPS Support in OSO 18.0
    • Committed
    • No Docs Impact
    • To Do
    • OSPRH-787 - FIPS Support in OSO 18.0
    • Committed
    • Committed
    • 0% To Do, 0% In Progress, 100% Done
    • Release Note Not Required
    • Rejected
    • 2024Q2
    • Approved

      Make the edpm-hardened-uefi FIPS by default and also add an ansible role to optionally enforce the FIPS state on initial deployment.

      There are 3 parts that need to be supported by the operators and the ansible roles:

      • Deploy the right image (FIPS or non-FIPS) base don the OCP FIPS mode for greenfield deployments were the openstack baremetal operator is used.
      • Configuring FIPS state on nodes. This is needed for for greenfield pre-provisioned hosts and adopted clouds that were fips enabled in 17.1 to enable scaling out or node replacement as required.
      • Configure iscsid to not use MD5 when FIPS is enabled.

          1.
          		 FIPS by default on EDPM compute nodes Sub-task Closed Critical Unassigned

              rhn-engineering-sbaker Steve Baker
              rhn-engineering-sbaker Steve Baker
              James LaBarre James LaBarre (Inactive)
              rhos-dfg-hardprov
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: