Bug 1743621
Summary: | rhel worker could not be enabled fips by MCO | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Chuan Yu <chuyu> |
Component: | Machine Config Operator | Assignee: | Antonio Murdaca <amurdaca> |
Status: | CLOSED NOTABUG | QA Contact: | Micah Abbott <miabbott> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.2.0 | CC: | bbreard, knewcome |
Target Milestone: | --- | Keywords: | TestBlocker |
Target Release: | 4.2.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-20 14:31:39 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chuan Yu
2019-08-20 10:43:41 UTC
FIPS mode isn't a target for rhel workers afaict, but we should play nicer in case we can't enable it I guess. Created a patch to make it clear that FIPS isn't supported on RHEL. To reconcile the cluster, just delete the MachineConfig that you've created with FIPS enabled. This is absolutely outside the scope of the MCO. RHEL customers are responsible for "managing" their servers, and configuring FIPs and other things like crypto policies definitely falls into the space that the end user should be setting on their RHEL nodes. |