Gluster not FIPS-Compatible?
Probably a silly question, especially since I just went through an exercise that makes the answer seem self-evident, but....
Is Gluster (supposed to be) incompatible with running RHEL 7.3 in FIPS mode?
With FIPS:
# gluster volume status
Volume gv0 is not started
# gluster peer status
Number of Peers: 1
Hostname: glus01
Uuid: c499131f-1f2a-4392-8111-79102335ca98
State: Peer in Cluster (Connected)
# systemctl status glusterd
● glusterd.service - GlusterFS, a clustered file-system server
Loaded: loaded (/usr/lib/systemd/system/glusterd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2017-06-08 20:50:18 UTC; 21s ago
Process: 2695 ExecStart=/usr/sbin/glusterd -p /var/run/glusterd.pid --log-level $LOG_LEVEL $GLUSTERD_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2696 (glusterd)
CGroup: /system.slice/glusterd.service
└─2696 /usr/sbin/glusterd -p /var/run/glusterd.pid --log-level INFO
# gluster volume start gv0
Connection failed. Please check if gluster daemon is operational.
# systemctl status glusterd
● glusterd.service - GlusterFS, a clustered file-system server
Loaded: loaded (/usr/lib/systemd/system/glusterd.service; enabled; vendor preset: disabled)
Active: failed (Result: signal) since Thu 2017-06-08 20:50:45 UTC; 3s ago
Process: 2695 ExecStart=/usr/sbin/glusterd -p /var/run/glusterd.pid --log-level $LOG_LEVEL $GLUSTERD_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2696 (code=killed, signal=ABRT)
# gluster peer status
Connection failed. Please check if gluster daemon is operational.
#
Same host/cluster with FIPS disabled:
# gluster volume status
Volume gv0 is not started
# gluster volume start gv0
volume start: gv0: success
#
Responses
Hi Thomas,
From what I've read, Gluster is not yet FIPS capable - but it is close and I believe it will be part of the Gluster 4.0 release.
See also:
Ok, I've joined the party on this thread late... however, please see this thread https://access.redhat.com/discussions/3508811
A slightly different focus, a discussion for just the CAT I items that are currently not able to be resolved with specific server roles. Example (not limited to this example), Satellite, Gluster, Samba servers can not endure FIPS being active. For anyone interested in CAT I items (the most severe of a given STIG) being resolved, please see this thread https://access.redhat.com/discussions/3508811
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
