Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: rhos-18.0.0
Affects Version/s: rhos-18.0.0
Component/s: edpm-ansible
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Dev Approval:
?
Docs Approval:
?
PM Approval:
?
QE Approval:
?
Intelligence Requested:
Market:

Sprint:
DFG Security: UC Sprint 97
Severity:
Important

Workstream:

Security

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

https://github.com/openstack-k8s-operators/edpm-ansible/blob/c0f3080c2c862547029c29aad8686d75e26397b1/roles/edpm_bootstrap/tasks/fips.yml#L62-L66

the fips task in the edpm_bootsrap role

forces a reboot if the fips status changes

While this is not inteded to be support after the intiall deployment

if the fips mode is changes as part of a minor update this will force reboot all the
edpm hosts regardless of the reboot stragey choosen in the deployment.

this task should not override the reboot strategy, and instead delegate the reboot to a explicit invocation of the os-reboot data plane service.

links to

openstack-k8s-operators/edpm-ansible#646: Add edpm_reboot_strategy to reboot role

openstack-k8s-operators/edpm-ansible#672: FIPS task should not change reboot policy

mentioned on

Merge request - Updated US source to: 21d906f Merge pull request #672 from vakwetu/fix-fips-reboot

Merge request - Updated US source to: 769cd89 Merge pull request #674 from bshephar/fix-dport-iteration

Assignee:: Ade Lee

Reporter:: Sean Mooney

Team:: rhos-dfg-security

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/05/27 2:30 PM

Updated:: 2024/06/18 2:38 PM

Resolved:: 2024/06/18 2:38 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

PagerDuty