06c5997267
In order to enable ironic's conductor to execute on nodes set for FIPS 140-2 compliance, we need to not explicitly choose MD5. In the case of forcing images to raw, we were calculating the checksum at least once, if not twice. Now we will honor the original algorithm unless it is MD5, at which point we will default to SHA3-256, and only recalculate the checksum once. Change-Id: I408a2e461bebf1f6d9fa3e350eb7ab1a3544adad Story: 2007306 Task: 38791
11 lines
402 B
YAML
11 lines
402 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
If ``[DEFAULT]force_raw_images`` is set to ``true``, then MD5 will not be
|
|
utilized to recalculate the image checksum. This requires the
|
|
``ironic-python-agent`` ramdisk to be at least version 3.4.0.
|
|
security:
|
|
- |
|
|
Image checksum recalculation when images are forced to raw images, are now
|
|
calculated using SHA3-256 if MD5 was selected. This is now unconditional.
|