search

metal3-io / ironic-image

Container image to run OpenStack Ironic as part of Metal³
Apache License 2.0
56 stars 116 forks source link

:sparkles: Enable FIPS mode for IPA if system is in FIPS mode #535

Closed elfosardo closed 3 weeks ago

elfosardo commented 1 month ago

If FIPS is enabled in the hosts we should also run IPA in FIPS mode. It is possible to enable FIPS directly at kernel level using the fips option, determining the FIPS status for example from the cryptographic module and specifically the /proc/sys/crypto/fips_enabled file; if the file contains 1 then the system is in FIPS mode, if it contains 0 the FIPS algorithms are disabled. Therefore the value of the fips kernel option is 0 (default) if FIPS is disabled, or 1 if enabled.

elfosardo commented 1 month ago

/test metal3-centos-e2e-integration-test-main metal3-ubuntu-e2e-integration-test-main

elfosardo commented 1 month ago 
/test metal3-ubuntu-e2e-integration-test-main
elfosardo commented 1 month ago

/test metal3-ubuntu-e2e-integration-test-main

zaneb commented 1 month ago

/lgtm

elfosardo commented 1 month ago

/test metal3-centos-e2e-integration-test-main metal3-ubuntu-e2e-integration-test-main some issue with CI?

elfosardo commented 1 month ago

/test metal3-centos-e2e-integration-test-main metal3-ubuntu-e2e-integration-test-main

zaneb commented 3 weeks ago

/lgtm

dtantsur commented 3 weeks ago

/approve

metal3-io-bot commented 3 weeks ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dtantsur

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/metal3-io/ironic-image/blob/main/OWNERS)~~ [dtantsur] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment