Story #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS
Create a pair of pulp 2 + pulp 3 FIPS boxes
To test FIPS with migration, we need a CentOS7 box with Pulp2 and Pulp3, where Pulp2 is installed from nightlies and Pulp3 is from source, and FIPS needs to be enabled.
Exactly like the pulp2-nightly-pulp3-source-centos7 box, just with FIPS enabled.
This actually needs to be 2 boxes. Pulp2 can only be installed on Centos7. However, CentOS7 isn't patched in a way that supports what we need in a FIPS context, so we need CentOS8 for pulp3. Therefore, this task is really "we need a 2-box setup for testing 2to3 minration in a FIPS context".
#7 Updated by daviddavis 26 days ago
Here was the issue with testing Pulp 3 against python 3.6 on CentOS 7: https://bugzilla.redhat.com/show_bug.cgi?id=1811170
#11 Updated by email@example.com 6 days ago
As mentioned at the FIPS check-in meeting:
- I decided not to go with the 2 VMs with NFS approach.
- Instead, I am going with a CentOS 8 VM (Pulp 3) + a CentOS 7 container (Pulp 2) on top of it.
- I am trying to get the Vagrant docker provider (plugin) to run the container on top of the VM. So that the container is provisioned via Ansible. This is a stated feature of it. If not, I could work around it probably, but still.
- This approach does not support SELinux in the Centos 7 Pulp 2 container. I need to verify with Brian or Tanya that this is OK.
Please register to edit this issue