Ok, Pavo has told me he has exceptions in place for everything related to Kolla. He says as long as we don’t use MD5, he is good to go for a 232 node deploy with more to follow (assuming Kolla works out of the box at that scale - we have only tested 123 node scale).
We do some basic PRNG to generate passwords, and some PKCS#11 (iirc) algos to generate passwords, and we also generate some ssh public/private keys. Hope the security context helps. Thanks everyone on his thread for providing guidance. RobC++ on article. Regards -steve On 11/8/16, 1:46 PM, "Clint Byrum" <[email protected]> wrote: >Excerpts from Ian Cordasco's message of 2016-11-08 16:11:26 -0500: >> Can I ask why FIPS compliance is a requirement for Kolla? This seems >> like an odd request for a deployment project. >> > >Guessing it's for the modules that need to communicate securely with >OpenStack itself. > >__________________________________________________________________________ >OpenStack Development Mailing List (not for usage questions) >Unsubscribe: [email protected]?subject:unsubscribe >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
