FIPS deployment within portal deployment on Openshift
search cancel

FIPS deployment within portal deployment on Openshift

book

Article ID: 374352

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

The filename “system-fips” contains a hyphen, which is an illegal character in a Linux environment variable. Another issue there is a filename that has an illegal character for /opt/druid-entry.sh (dash is illegal).

This leads to the coordinator container not being able to start up on a FIPS compliant environment.

Environment

API Portal 5.x

Resolution

The present product does not claim FIPS compliance. For the current portal deployment, file /etc/system-fips is part of the container version of Red Hat 9, which is used ion pssg/ingress. File druid-entry.sh is used for analytics data. 

There are two options:

1. Disable analytics - this will not start the analytics stack which includes the coordinator  

OR 

2. Build a custom image and then update helm to use it instead

Possibility 

You can extend the docker image we have and do something like that:

FROM

RUN mv /opt/druid-entry.sh /opt/druidentry.sh

USER 1010

ENTRYPOINT ["/opt/druidentry.sh"]