Gluster not FIPS-Compatible?

Latest response

Probably a silly question, especially since I just went through an exercise that makes the answer seem self-evident, but....

Is Gluster (supposed to be) incompatible with running RHEL 7.3 in FIPS mode?

With FIPS:

# gluster volume status
Volume gv0 is not started

# gluster peer status
Number of Peers: 1

Hostname: glus01
Uuid: c499131f-1f2a-4392-8111-79102335ca98
State: Peer in Cluster (Connected)
# systemctl status glusterd
● glusterd.service - GlusterFS, a clustered file-system server
   Loaded: loaded (/usr/lib/systemd/system/glusterd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-06-08 20:50:18 UTC; 21s ago
  Process: 2695 ExecStart=/usr/sbin/glusterd -p /var/run/glusterd.pid --log-level $LOG_LEVEL $GLUSTERD_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 2696 (glusterd)
   CGroup: /system.slice/glusterd.service
           └─2696 /usr/sbin/glusterd -p /var/run/glusterd.pid --log-level INFO
# gluster volume start gv0
Connection failed. Please check if gluster daemon is operational.
# systemctl status glusterd
● glusterd.service - GlusterFS, a clustered file-system server
   Loaded: loaded (/usr/lib/systemd/system/glusterd.service; enabled; vendor preset: disabled)
   Active: failed (Result: signal) since Thu 2017-06-08 20:50:45 UTC; 3s ago
  Process: 2695 ExecStart=/usr/sbin/glusterd -p /var/run/glusterd.pid --log-level $LOG_LEVEL $GLUSTERD_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 2696 (code=killed, signal=ABRT)
# gluster peer status
Connection failed. Please check if gluster daemon is operational.
#

Same host/cluster with FIPS disabled:

# gluster volume status
Volume gv0 is not started

# gluster volume start gv0
volume start: gv0: success
#

Responses

Hi Thomas,

From what I've read, Gluster is not yet FIPS capable - but it is close and I believe it will be part of the Gluster 4.0 release.

See also:

Ok, I've joined the party on this thread late... however, please see this thread https://access.redhat.com/discussions/3508811

A slightly different focus, a discussion for just the CAT I items that are currently not able to be resolved with specific server roles. Example (not limited to this example), Satellite, Gluster, Samba servers can not endure FIPS being active. For anyone interested in CAT I items (the most severe of a given STIG) being resolved, please see this thread https://access.redhat.com/discussions/3508811