Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIPS: Add common/ocp module #448

Merged
merged 1 commit into from
Mar 6, 2024
Merged

FIPS: Add common/ocp module #448

merged 1 commit into from
Mar 6, 2024

Conversation

Akrog
Copy link
Contributor

@Akrog Akrog commented Feb 7, 2024
edited
Loading

For FIPS support we need to be able to tell when an OCP cluster has been deployed in FIPS mode (it's a day one operation).

This patch adds the IsFipsCluster function that checks if FIPS is enabled or not.

The way to do that is checking the install-config YAML that is stored in the cluster-config-v1 Config Map.

If we find the fips key, and it has the true value, then it's deployed in FIPS mode, otherwise it isn't.

Related patch: openstack-k8s-operators/openstack-operator#657

Jira: #OSPRH-4666

Akrog added a commit to Akrog/openstack-operator that referenced this pull request Feb 7, 2024
@Akrog
WIP: FIPS support for RabbitMQ
7952814 
When the OCP cluster is deployed in FIPS mode RabbitMQ needs to be
deployed with specific parameters to also enable its FIPS mode.

This patch checks when OCP is running in FIPS mode using lib-common and
changes the environmental variables used to deploy RabbitMQ just like we
did in TripleO [1].

[1]: https://opendev.org/openstack/puppet-tripleo/src/commit/019ec495180d2065a172861554df2ba2a76b5b17/manifests/profile/base/rabbitmq.pp#L176

Depends-On: openstack-k8s-operators/lib-common#448
Akrog added a commit to Akrog/openstack-operator that referenced this pull request Feb 7, 2024
@Akrog
FIPS support for RabbitMQ
7b1ddfb 
When the OCP cluster is deployed in FIPS mode RabbitMQ needs to be
deployed with specific parameters to also enable its FIPS mode.

This patch checks when OCP is running in FIPS mode using lib-common and
changes the environmental variables used to deploy RabbitMQ just like we
did in TripleO [1].

[1]: https://opendev.org/openstack/puppet-tripleo/src/commit/019ec495180d2065a172861554df2ba2a76b5b17/manifests/profile/base/rabbitmq.pp#L176

Depends-On: openstack-k8s-operators/lib-common#448
@Akrog Akrog mentioned this pull request Feb 7, 2024
Merged
@Akrog
Add common/ocp module
b77a325 
For FIPS support we need to be able to tell when an OCP cluster has been
deployed in FIPS mode (it's a day one operation).

This patch adds the `IsFipsCluster` function that checks if FIPS is
enabled or not.

The way to do that is checking the install-config YAML that is stored in
the cluster-config-v1 Config Map.

If we find the fips key, and it has the true value, then it's deployed
in FIPS mode, otherwise it isn't.
@Akrog Akrog changed the title WIP: Add common/ocp module FIPS: Add common/ocp module Mar 6, 2024
@Akrog Akrog requested review from abays and stuggi March 6, 2024 14:45
Akrog added a commit to Akrog/openstack-operator that referenced this pull request Mar 6, 2024
@Akrog
FIPS support for RabbitMQ
a8a3534 
When the OCP cluster is deployed in FIPS mode RabbitMQ needs to be
deployed with specific parameters to also enable its FIPS mode.

This patch checks when OCP is running in FIPS mode using lib-common and
changes the environmental variables used to deploy RabbitMQ just like we
did in TripleO [1].

[1]: https://opendev.org/openstack/puppet-tripleo/src/commit/019ec495180d2065a172861554df2ba2a76b5b17/manifests/profile/base/rabbitmq.pp#L176

Depends-On: openstack-k8s-operators/lib-common#448
stuggi
stuggi approved these changes Mar 6, 2024
View reviewed changes
Copy link
Contributor

@stuggi stuggi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@stuggi stuggi merged commit dc65ab4 into openstack-k8s-operators:main Mar 6, 2024
2 checks passed
Akrog added a commit to Akrog/openstack-operator that referenced this pull request Mar 7, 2024
@Akrog
FIPS support for RabbitMQ
4f9d111 
When the OCP cluster is deployed in FIPS mode RabbitMQ needs to be
deployed with specific parameters to also enable its FIPS mode.

This patch checks when OCP is running in FIPS mode using lib-common and
changes the environmental variables used to deploy RabbitMQ just like we
did in TripleO [1].

[1]: https://opendev.org/openstack/puppet-tripleo/src/commit/019ec495180d2065a172861554df2ba2a76b5b17/manifests/profile/base/rabbitmq.pp#L176

Jira: #OSPRH-4668
Depends-On: openstack-k8s-operators/lib-common#448
Akrog added a commit to Akrog/openstack-operator that referenced this pull request Mar 7, 2024
@Akrog
FIPS support for RabbitMQ
b049d5d 
When the OCP cluster is deployed in FIPS mode RabbitMQ needs to be
deployed with specific parameters to also enable its FIPS mode.

This patch checks when OCP is running in FIPS mode using lib-common and
changes the environmental variables used to deploy RabbitMQ just like we
did in TripleO [1].

[1]: https://opendev.org/openstack/puppet-tripleo/src/commit/019ec495180d2065a172861554df2ba2a76b5b17/manifests/profile/base/rabbitmq.pp#L176

Jira: #OSPRH-4668
Depends-On: openstack-k8s-operators/lib-common#448
Akrog added a commit to Akrog/openstack-operator that referenced this pull request Mar 11, 2024
@Akrog
FIPS support for RabbitMQ
adbc5fa 
When the OCP cluster is deployed in FIPS mode RabbitMQ needs to be
deployed with specific parameters to also enable its FIPS mode.

This patch checks when OCP is running in FIPS mode using lib-common and
changes the environmental variables used to deploy RabbitMQ just like we
did in TripleO [1].

[1]: https://opendev.org/openstack/puppet-tripleo/src/commit/019ec495180d2065a172861554df2ba2a76b5b17/manifests/profile/base/rabbitmq.pp#L176

Jira: #OSPRH-4668
Depends-On: openstack-k8s-operators/lib-common#448
Akrog added a commit to Akrog/openstack-operator that referenced this pull request Mar 13, 2024
@Akrog
FIPS support for RabbitMQ
539eea5 
When the OCP cluster is deployed in FIPS mode RabbitMQ needs to be
deployed with specific parameters to also enable its FIPS mode.

This patch checks when OCP is running in FIPS mode using lib-common and
changes the environmental variables used to deploy RabbitMQ just like we
did in TripleO [1].

[1]: https://opendev.org/openstack/puppet-tripleo/src/commit/019ec495180d2065a172861554df2ba2a76b5b17/manifests/profile/base/rabbitmq.pp#L176

Jira: #OSPRH-4668
Depends-On: openstack-k8s-operators/lib-common#448
stuggi pushed a commit to stuggi/openstack-operator that referenced this pull request Apr 9, 2024
@Akrog @stuggi
FIPS support for RabbitMQ
10cf0ed 
When the OCP cluster is deployed in FIPS mode RabbitMQ needs to be
deployed with specific parameters to also enable its FIPS mode.

This patch checks when OCP is running in FIPS mode using lib-common and
changes the environmental variables used to deploy RabbitMQ just like we
did in TripleO [1].

[1]: https://opendev.org/openstack/puppet-tripleo/src/commit/019ec495180d2065a172861554df2ba2a76b5b17/manifests/profile/base/rabbitmq.pp#L176

Jira: #OSPRH-4668
Depends-On: openstack-k8s-operators/lib-common#448
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stuggi stuggi stuggi approved these changes

@abays abays Awaiting requested review from abays

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Akrog @stuggi