Doug, I have such a list put together (my various installation documents for getting these clouds working in FIPS mode) but it's hardly ready for public consumption. I planned on releasing each bit as a code change and/or bug ticket and letting the community consume it as it figures some of these things out.
I agree that some changes may break backwards compatibility (such as Glance's image checksumming), but one approach I think could ease the transition would be the approach I took for SSH key pair fingerprinting (also MD5-based, as is Glance image checksums) found here - https://review.openstack.org/#/c/615460/ . This allows administrators to choose, hopefully at deployment time, the hashing algorithm with the default of being the existing MD5 algorithm. Another approach would be to make the projects "FIPS aware" where we choose the hashing algorithm based on the system's FIPS-enforcing state. An example of doing so is what I'm proposing for Django (another FIPS-related patch that was needed for OSP 13) - https://github.com/django/django/pull/10605 __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev