Closed Akasurde closed 1 year ago
From @ansibullbot on Apr 17, 2020 14:44
cc @Dorn- @amenonsen @andytom @kostiantyn-nemchenko @matburt @nerzhul @sebasmannem @tcraxs click here for bot help
From @avidspartan1 on Sep 04, 2020 18:47
Would love to see this issue worked. Running into this when trying to deploy Pulp on a FIPS-enabled system.
how do I check that postgresql is fips enabled or how do i install fips enabled postgresql ?
how do I check that postgresql is fips enabled or how do i install fips enabled postgresql ?
PG isn't 'FIPS-enabled'. The OS that PG runs on is (or isn't). On RHEL-based systems, you can cat /proc/sys/crypto/fips_enabled
, sysctl crypto.fips_enabled
, or fips-mode-setup --check
closing this to keep the tracker clean, thanks everyone!
From @Andersson007 on Apr 06, 2020 11:27
Copied from https://github.com/ansible/ansible/issues/41787 Initially reported by @jbscalia
Postgresql_user needs to support AES-256 encryption.
SUMMARY
If a server is FIPS-140-2 enabled, md5 is not permitted as an "encryption/hashing" algorithm. PostgreSQL version 10 supports AES-256 encryption, but postgresql_user does not support that option, and is unusable on a FIPS enabled server.
ISSUE TYPE
COMPONENT NAME
postgresql_user
ANSIBLE VERSION
ansible --version ansible 2.4.2.0 config file = /home/419635/.ansible.cfg configured module search path = [u'/home/419635/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]
EXPECTED RESULTS
Expected the user to be created in the specified PostgreSQL cluster.
ACTUAL RESULTS
The module failed.
Copied from original issue: ansible/ansible#119