As a follow-up to THREESCALE-8509, we need to upgrade to a more recent RHEL version.

Issues are:

• ImageMagic
• mysql connection ciphersuite incompatibilities with older mysql server
• ruby version supported by base image may require upgrading Rails

ImageMagic

It is not part og RHEL8/9.

if a product needs it they will need to set up an SST to maintain it for the lifetime of their product line. Due to the fact that ImageMagick is usually a CVE nightmare.. most groups have dropped any need for the product.

If we go that route, we will probably have to use strict security policy for it.

We can alternatively try to remove usage of imageMagic from porta somehow. Although paperclip requires it so it can be tricky without removing paperclip, which is evem more tricky.

reproduce mysql connection issue issue

• launch a 3scale cluster (need to understand whether it only affect FIPS or also non-FIPS clusters)
• launch a pod in same project with image quay.io/akostadinov/shell:stream8

  apiVersion: v1
  kind: Pod
  metadata: 
    name: shell
    labels: 
      app: httpd
    namespace: akostadi
  spec: 
    containers: 
      - name: shell
        image: 'quay.io/akostadinov/shell:stream8'
        command: 
          - bash
          - '-c'
          - sleep 100000
  

• dnf install mysql-devel && gem install pry && gem install mysql2
• pry> require 'mysql2'
• pry> Mysql2::Client.new(host: "system-mysql", username: "mysql", password: "seefromsecret")
• pry> Mysql2::Client.new(host: "system-mysql", username: "mysql", password: "seefromsecret", sslcipher: "AES256-GCM-SHA384")