[Bugs] [Bug 1706683] New: Enable enable fips-mode-rchecksum for new volumes by default
bugzilla at redhat.com
bugzilla at redhat.com
Mon May 6 04:08:46 UTC 2019
https://bugzilla.redhat.com/show_bug.cgi?id=1706683
Bug ID: 1706683
Summary: Enable enable fips-mode-rchecksum for new volumes by
default
Product: Red Hat Gluster Storage
Version: rhgs-3.5
Status: NEW
Component: glusterd
Keywords: Triaged
Assignee: amukherj at redhat.com
Reporter: ravishankar at redhat.com
QA Contact: bmekala at redhat.com
CC: bugs at gluster.org, rhs-bugs at redhat.com,
sankarshan at redhat.com, storage-qa-internal at redhat.com,
vbellur at redhat.com
Depends On: 1702303
Target Milestone: ---
Classification: Red Hat
+++ This bug was initially created as a clone of Bug #1702303 +++
Description of problem:
fips-mode-rchecksum option was provided in GD_OP_VERSION_4_0_0 to maintain
backward compatibility with older AFR so that a cluster operating at an op
version of less than GD_OP_VERSION_4_0_0 used MD5SUM instead of the SHA256 that
would be used if this option was enabled.
But in a freshly created setup with cluster op-version >=GD_OP_VERSION_4_0_0,
we can directly go ahead and use SHA256 without asking the admin to explicitly
set the volume option 'on'.
In fact in downstream, this created quite a bit of confusion when QE would
created a new glusterfs setup on a FIPS enabled machine and would try out
self-heal test cases (without setting 'fips-mode-rchecksum' on), leading to
crashes due to non-compliance. Ideally this fix should have been done as a part
of the original commit: "6daa65356 - posix/afr: handle backward compatibility
for rchecksum fop" but I guess it is better late than never.
--- Additional comment from Worker Ant on 2019-04-26 08:23:27 UTC ---
REVIEW: https://review.gluster.org/22609 (glusterd: enable fips-mode-rchecksum
for new volumes) merged (#4) on master by Atin Mukherjee
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1702303
[Bug 1702303] Enable enable fips-mode-rchecksum for new volumes by default
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Bugs
mailing list