From 6ece6ab4bba6a82eb205709425985d0104e585af Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Mon, 22 Jul 2024 14:05:30 +0200 Subject: [PATCH 1/5] Add information about enabling FIPS --- .../assembly_planning-the-new-deployment.adoc | 2 ++ docs_user/modules/con_fips-support.adoc | 11 +++++++++++ 2 files changed, 13 insertions(+) create mode 100644 docs_user/modules/con_fips-support.adoc diff --git a/docs_user/assemblies/assembly_planning-the-new-deployment.adoc b/docs_user/assemblies/assembly_planning-the-new-deployment.adoc index 54bd03841..7204a7436 100644 --- a/docs_user/assemblies/assembly_planning-the-new-deployment.adoc +++ b/docs_user/assemblies/assembly_planning-the-new-deployment.adoc @@ -25,6 +25,8 @@ include::../modules/con_about-node-selector.adoc[leveloffset=+1] include::../modules/con_about-machine-configs.adoc[leveloffset=+1] +include::../modules/con_fips-support.adoc[leveloffset=+1] + include::../modules/con_key-manager-service-support-for-crypto-plugins.adoc[leveloffset=+1] //include::../modules/con_identity-service-authentication.adoc[leveloffset=+1] diff --git a/docs_user/modules/con_fips-support.adoc b/docs_user/modules/con_fips-support.adoc new file mode 100644 index 000000000..079335934 --- /dev/null +++ b/docs_user/modules/con_fips-support.adoc @@ -0,0 +1,11 @@ +[id="fips-support_{context}"] + += FIPS support + +If you are adopting an {OpenStackShort} {rhos_prev_ver} FIPS environment to {OpenStackShort} {rhos_curr_ver}, your adopted cluster will remain a FIPS cluster. There is no option to change FIPS status during adoption. + +There is a major difference with how FIPS was configured in {OpenStackPreviousInstaller} and how it is enabled and enforced in operator deployments. In {OpenStackPreviousInstaller} FIPS is enabled as part of its configuration, whereas in operator deployments, there is no specific FIPS configuration at the operator level. + +If your cluster is FIPS enabled, you must deploy a FIPS {OpenShiftShort} cluster to adopt your {OpenStackShort} {rhos_prev_ver} FIPS control plane. + +Enabling FIPS in {OpenShiftShort} is out of scope for this guide. Please refer to the link:https://docs.openshift.com/container-platform/latest/installing/installing-fips.html[Support for FIPS cryptography] in _OpenShift Container Platform Documentation_. From 68039bbe08d4ce514756d96de65fda073424e837 Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Tue, 3 Sep 2024 14:55:51 +0200 Subject: [PATCH 2/5] Update docs_user/modules/con_fips-support.adoc Co-authored-by: klgill <97464556+klgill@users.noreply.github.com> --- docs_user/modules/con_fips-support.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs_user/modules/con_fips-support.adoc b/docs_user/modules/con_fips-support.adoc index 079335934..6717fe4fe 100644 --- a/docs_user/modules/con_fips-support.adoc +++ b/docs_user/modules/con_fips-support.adoc @@ -2,7 +2,7 @@ = FIPS support -If you are adopting an {OpenStackShort} {rhos_prev_ver} FIPS environment to {OpenStackShort} {rhos_curr_ver}, your adopted cluster will remain a FIPS cluster. There is no option to change FIPS status during adoption. +If you are adopting a {rhos_prev_long} ({OpenStackShort}) {rhos_prev_ver} FIPS environment to {rhos_long} {rhos_curr_ver}, your adopted cluster remains a FIPS cluster. There is no option to change FIPS status during adoption. There is a major difference with how FIPS was configured in {OpenStackPreviousInstaller} and how it is enabled and enforced in operator deployments. In {OpenStackPreviousInstaller} FIPS is enabled as part of its configuration, whereas in operator deployments, there is no specific FIPS configuration at the operator level. From 34af5aeff2a06babdfe974d22ceb2b2152c01ad9 Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Tue, 3 Sep 2024 14:56:23 +0200 Subject: [PATCH 3/5] Update docs_user/modules/con_fips-support.adoc Co-authored-by: klgill <97464556+klgill@users.noreply.github.com> --- docs_user/modules/con_fips-support.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs_user/modules/con_fips-support.adoc b/docs_user/modules/con_fips-support.adoc index 6717fe4fe..14e5f10b6 100644 --- a/docs_user/modules/con_fips-support.adoc +++ b/docs_user/modules/con_fips-support.adoc @@ -4,7 +4,7 @@ If you are adopting a {rhos_prev_long} ({OpenStackShort}) {rhos_prev_ver} FIPS environment to {rhos_long} {rhos_curr_ver}, your adopted cluster remains a FIPS cluster. There is no option to change FIPS status during adoption. -There is a major difference with how FIPS was configured in {OpenStackPreviousInstaller} and how it is enabled and enforced in operator deployments. In {OpenStackPreviousInstaller} FIPS is enabled as part of its configuration, whereas in operator deployments, there is no specific FIPS configuration at the operator level. +There is a major difference with how FIPS was configured in {OpenStackPreviousInstaller} and how it is enabled and enforced in operator deployments. In {OpenStackPreviousInstaller}, FIPS is enabled as part of its configuration, whereas in operator deployments, there is no specific FIPS configuration. If your cluster is FIPS enabled, you must deploy a FIPS {OpenShiftShort} cluster to adopt your {OpenStackShort} {rhos_prev_ver} FIPS control plane. From 6cab39c78701c9be645502e2c1f1073fe9dfbefe Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Tue, 3 Sep 2024 14:56:40 +0200 Subject: [PATCH 4/5] Update docs_user/modules/con_fips-support.adoc Co-authored-by: klgill <97464556+klgill@users.noreply.github.com> --- docs_user/modules/con_fips-support.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs_user/modules/con_fips-support.adoc b/docs_user/modules/con_fips-support.adoc index 14e5f10b6..7df8da302 100644 --- a/docs_user/modules/con_fips-support.adoc +++ b/docs_user/modules/con_fips-support.adoc @@ -6,6 +6,6 @@ If you are adopting a {rhos_prev_long} ({OpenStackShort}) {rhos_prev_ver} FIPS e There is a major difference with how FIPS was configured in {OpenStackPreviousInstaller} and how it is enabled and enforced in operator deployments. In {OpenStackPreviousInstaller}, FIPS is enabled as part of its configuration, whereas in operator deployments, there is no specific FIPS configuration. -If your cluster is FIPS enabled, you must deploy a FIPS {OpenShiftShort} cluster to adopt your {OpenStackShort} {rhos_prev_ver} FIPS control plane. +If your cluster is FIPS enabled, you must deploy a FIPS {OpenShift} ({OpenShiftShort}) cluster to adopt your {OpenStackShort} {rhos_prev_ver} FIPS control plane. Enabling FIPS in {OpenShiftShort} is out of scope for this guide. Please refer to the link:https://docs.openshift.com/container-platform/latest/installing/installing-fips.html[Support for FIPS cryptography] in _OpenShift Container Platform Documentation_. From 1333c1bbefe08a70737527341e503cc81c0b07de Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Tue, 3 Sep 2024 14:56:52 +0200 Subject: [PATCH 5/5] Update docs_user/modules/con_fips-support.adoc Co-authored-by: klgill <97464556+klgill@users.noreply.github.com> --- docs_user/modules/con_fips-support.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs_user/modules/con_fips-support.adoc b/docs_user/modules/con_fips-support.adoc index 7df8da302..8f01a58bd 100644 --- a/docs_user/modules/con_fips-support.adoc +++ b/docs_user/modules/con_fips-support.adoc @@ -8,4 +8,4 @@ There is a major difference with how FIPS was configured in {OpenStackPreviousIn If your cluster is FIPS enabled, you must deploy a FIPS {OpenShift} ({OpenShiftShort}) cluster to adopt your {OpenStackShort} {rhos_prev_ver} FIPS control plane. -Enabling FIPS in {OpenShiftShort} is out of scope for this guide. Please refer to the link:https://docs.openshift.com/container-platform/latest/installing/installing-fips.html[Support for FIPS cryptography] in _OpenShift Container Platform Documentation_. +For more information about enabling FIPS in {OpenShiftShort}, see link:https://docs.openshift.com/container-platform/latest/installing/installing-fips.html[Support for FIPS cryptography] in _OpenShift Container Platform Documentation_.