Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10109

Don't assume redhat is only FIPS platform

    XMLWordPrintable

Details

    • Task
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • PUP 6.11.0
    • None
    • None
    • Not Needed
    • Needs Assessment

    Description

      Puppet changes the default values for some settings like Puppet[:digest_algorithm] when fips is enabled. Puppet used to rely on the fips_enabled fact, but that caused problems when puppetserver attempts to load puppet code. See PUP-8356. So we changed puppet to reimplement what facter does to detect fips mode, however, that logic (checking for /proc/sys/crypto/fips_enabled) doesn't work on Windows.

      As a result the following tests fail on windows fips:

      $ git checkout 254e7776c4b8c505f6d388ef7978dee1fc7b9db3
      $ cd acceptance
      $ bundle update
      $ bundle exec rake ci:test:aio BEAKER_HOSTS=redhat7-64m-windowsfips2012r2-64a SHA=6c226109bc3298552ac86944c7412362b9731f87 SERVER_VRESION=6.7.2.SNAPSHOT.2019.10.14T2201 TESTS=tests/parser_functions/calling_all_functions.rb,tests/puppet_apply_a_file_should_create_a_file_and_report_the_md5.rb,tests/resource/file/content_attribute.rb,tests/ticket_6541_invalid_filebucket_files.rb,tests/ticket_1334_clientbucket_corrupted.rb OPTIONS='--preserve-hosts=always'
      

      We could update Puppet::Util::Platform.fips? to take Windows into account? Try to figure out how to resolve the puppetserver issue so puppet can use facter to resolve fips mode?

      Attachments

        Issue Links

          Activity

            People

              gheorghe.popescu Gheorghe Popescu
              josh Josh Cooper
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support