| Puppet changes the default values for some settings like Puppet[:digest_algorithm] when fips is enabled. Puppet used to rely on the fips_enabled fact, but that caused problems when puppetserver attempts to load puppet code. See PUP-8356. So we changed puppet to reimplement what facter does to detect fips mode, however, that logic (checking for /proc/sys/crypto/fips_enabled) doesn't work on Windows. As a result the following tests fail on windows fips:
$ git checkout 254e7776c4b8c505f6d388ef7978dee1fc7b9db3 |
$ cd acceptance |
$ bundle update |
$ bundle exec rake ci:test:aio BEAKER_HOSTS=redhat7-64m-windowsfips2012r2-64a SHA=6c226109bc3298552ac86944c7412362b9731f87 SERVER_VRESION=6.7.2.SNAPSHOT.2019.10.14T2201 TESTS=tests/parser_functions/calling_all_functions.rb,tests/puppet_apply_a_file_should_create_a_file_and_report_the_md5.rb,tests/resource/file/content_attribute.rb,tests/ticket_6541_invalid_filebucket_files.rb,tests/ticket_1334_clientbucket_corrupted.rb OPTIONS='--preserve-hosts=always'
|
We could update Puppet::Util::Platform.fips? to take Windows into account? Try to figure out how to resolve the puppetserver issue so puppet can use facter to resolve fips mode? |
