Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1702303

Summary: Enable enable fips-mode-rchecksum for new volumes by default
Product: [Community] GlusterFS Reporter: Ravishankar N <ravishankar>
Component: glusterdAssignee: Ravishankar N <ravishankar>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: mainlineCC: bugs
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1706683 (view as bug list) Environment:
Last Closed: 2019-04-26 08:23:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1706683    

Description Ravishankar N 2019-04-23 12:52:39 UTC 
Description of problem:

fips-mode-rchecksum option was provided in GD_OP_VERSION_4_0_0 to maintain backward compatibility with older AFR so that a cluster operating at an op version of less than GD_OP_VERSION_4_0_0 used MD5SUM instead of the SHA256 that would be used if this option was enabled.

But in a freshly created setup with cluster op-version >=GD_OP_VERSION_4_0_0, we can directly go ahead and use SHA256 without asking the admin to explicitly set the volume option 'on'. 

In fact in downstream, this created quite a bit of confusion when QE would created a new glusterfs setup on a FIPS enabled machine and would try out self-heal test cases (without setting 'fips-mode-rchecksum'  on), leading to crashes due to non-compliance. Ideally this fix should have been done as a part of the original commit: "6daa65356 - posix/afr: handle backward compatibility for rchecksum fop" but I guess it is better late than never.
Comment 1 Worker Ant 2019-04-23 12:56:14 UTC 
REVIEW: https://review.gluster.org/22609 (glusterd: enable fips-mode-rchecksum for new volumes) posted (#1) for review on master by Ravishankar N
Comment 2 Worker Ant 2019-04-26 08:23:27 UTC 
REVIEW: https://review.gluster.org/22609 (glusterd: enable fips-mode-rchecksum for new volumes) merged (#4) on master by Atin Mukherjee