Bug 1967533
Summary: | [RFE] allow enabling fips on the engine VM | ||
---|---|---|---|
Product: | [oVirt] ovirt-hosted-engine-setup | Reporter: | Yedidyah Bar David <didi> |
Component: | Plugins.General | Assignee: | Asaf Rachmani <arachman> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Qin Yuan <qiyuan> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | --- | CC: | bugs, mperina |
Target Milestone: | ovirt-4.4.8 | Keywords: | FutureFeature, ZStream |
Target Release: | --- | Flags: | sbonazzo:
ovirt-4.4+
pm-rhel: planning_ack? pm-rhel: devel_ack+ pm-rhel: testing_ack? |
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ovirt-hosted-engine-setup-2.5.3-1.el8ev, ovirt-ansible-collection-1.5.4-1.el8ev | Doc Type: | Enhancement |
Doc Text: |
Support enabling FIPS on the Self Hosted Engine VM via command line
`hosted-engine --deploy` now also asks `'Do you want to enable FIPS?`
The answer to this question is passed to the ansible code which now supports enabling FIPS without requiring an OpenSCAP profile (bug #1967530)
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-08-19 06:23:01 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Yedidyah Bar David
2021-06-03 10:22:19 UTC
Verified with: ovirt-hosted-engine-setup-2.5.3-1.el8ev.noarch ovirt-ansible-collection-1.6.0-1.el8ev.noarch Steps: 1. Run `hosted-engine --deploy` 2. Don't apply OpenSCAP security profile, check if there is an independent question asking for enabling FIPS mode on engine VM. 3. Choose to enable FIPS, check if hosted engine deployment could succeed. 4. Check if FIPS mode is enabled on engine VM after deployment finished. Results: 1. There is an independent question asking for enabling FIPS mode on engine VM when OpenSCAP security profile is not applied. Do you want to apply a default OpenSCAP security profile? (Yes, No) [No]: Do you want to enable FIPS? (Yes, No) [No]: 2. Hosted engine deployment succeeds when enabling FIPS mode but not applying OpenSCAP security profile. 3. FIPS mode is enabled on engine VM after deployment finished: # fips-mode-setup --check FIPS mode is enabled. This bugzilla is included in oVirt 4.4.8 release, published on August 19th 2021. Since the problem described in this bug report should be resolved in oVirt 4.4.8 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |