Project

Profile

Help

Send by e-mail

Task #8097

Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS

Create a pair of pulp 2 + pulp 3 FIPS boxes

Added by ttereshc 8 months ago. Updated 5 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
mdepaulo@redhat.com
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Dev Environment
Sprint:
Sprint 92
Quarter:

Description

To test FIPS with migration, we need a CentOS7 box with Pulp2 and Pulp3, where Pulp2 is installed from nightlies and Pulp3 is from source, and FIPS needs to be enabled.

Exactly like the pulp2-nightly-pulp3-source-centos7 box, just with FIPS enabled.

Associated revisions

Revision fe77fd50 View on GitHub
Added by Mike DePaulo 6 months ago

Create a pair of pulp 2 + pulp 3 FIPS boxes

Implemented the Pulp 2 box (CentOS 7, no SELinux) as a container on top of the Pulp 3 box (CentOS 8, can run SELinux.)

fixes: #8097

Revision fe77fd50 View on GitHub
Added by Mike DePaulo 6 months ago

Create a pair of pulp 2 + pulp 3 FIPS boxes

Implemented the Pulp 2 box (CentOS 7, no SELinux) as a container on top of the Pulp 3 box (CentOS 8, can run SELinux.)

fixes: #8097

History

#1 Updated by ttereshc 8 months ago

  • Subject changed from Create a pulp2-nightly-pulp3-source-centos8_fips box to Create a pulp2-nightly-pulp3-source-centos8-fips box

#2 Updated by daviddavis 8 months ago

  • Sprint set to Sprint 88

#3 Updated by ttereshc 8 months ago

  • Subject changed from Create a pulp2-nightly-pulp3-source-centos8-fips box to Create a pulp2-nightly-pulp3-source-centos7-fips box
  • Description updated (diff)

#4 Updated by rchan 8 months ago

  • Sprint changed from Sprint 88 to Sprint 89

#5 Updated by rchan 8 months ago

  • Sprint changed from Sprint 89 to Sprint 90

#6 Updated by ggainey 7 months ago

This actually needs to be 2 boxes. Pulp2 can only be installed on Centos7. However, CentOS7 isn't patched in a way that supports what we need in a FIPS context, so we need CentOS8 for pulp3. Therefore, this task is really "we need a 2-box setup for testing 2to3 minration in a FIPS context".

#7 Updated by daviddavis 7 months ago

Here was the issue with testing Pulp 3 against python 3.6 on CentOS 7: https://bugzilla.redhat.com/show_bug.cgi?id=1811170

#8 Updated by mdepaulo@redhat.com 7 months ago

  • Assignee set to mdepaulo@redhat.com

#9 Updated by daviddavis 7 months ago

  • Status changed from NEW to ASSIGNED

#10 Updated by rchan 7 months ago

  • Sprint changed from Sprint 90 to Sprint 91

#11 Updated by mdepaulo@redhat.com 7 months ago

As mentioned at the FIPS check-in meeting:

  1. I decided not to go with the 2 VMs with NFS approach.
  2. Instead, I am going with a CentOS 8 VM (Pulp 3) + a CentOS 7 container (Pulp 2) on top of it.
  3. I am trying to get the Vagrant docker provider (plugin) to run the container on top of the VM. So that the container is provisioned via Ansible. This is a stated feature of it. If not, I could work around it probably, but still.
  4. This approach does not support SELinux in the Centos 7 Pulp 2 container. I need to verify with Brian or Tanya that this is OK.

#12 Updated by mdepaulo@redhat.com 7 months ago

  • Subject changed from Create a pulp2-nightly-pulp3-source-centos7-fips box to Create a pair of pulp 2 + pulp 3 FIPS boxes

#13 Updated by rchan 7 months ago

  • Sprint changed from Sprint 91 to Sprint 92

#14 Updated by Anonymous 6 months ago

  • Status changed from ASSIGNED to MODIFIED
  • % Done changed from 0 to 100

#15 Updated by mdellweg 5 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Send by e-mail

Also available in: Atom PDF