Skip to content

Commit 347c149

Browse files
authored
Merge pull request #2087 from stackhpc/rhel9cis-crypto-policy-ci-antelope
CI: Set RL9 crypto policy to DEFAULT (Antelope)
2 parents 7a8dd83 + 6245b85 commit 347c149

3 files changed

Lines changed: 19 additions & 1 deletion

File tree

  • etc/kayobe
    • ansible
    • environments
      • ci-aio/inventory/group_vars/cis-hardening
      • ci-multinode/inventory/group_vars/cis-hardening

etc/kayobe/ansible/cis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
that:
1414
- ssh_key_type != 'ed25519'
1515
fail_msg: FIPS policy does not currently support ed25519 SSH keys on RHEL family systems
16-
when: ansible_facts.os_family == 'RedHat'
16+
when: ansible_facts.os_family == 'RedHat' and rhel9cis_crypto_policy == 'FIPS'
1717

1818
- name: Ensure the cron package is installed on ubuntu
1919
package:
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
##############################################################################
3+
# Rocky 9 CIS Hardening Configuration
4+
5+
# NOTE: Using DEFAULT crypto policy in CI. FIPS breaks ed25519 SSH keys, and
6+
# FUTURE breaks wazuh agent repo metadata download.
7+
rhel9cis_crypto_policy: DEFAULT
8+
9+
##############################################################################
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
##############################################################################
3+
# Rocky 9 CIS Hardening Configuration
4+
5+
# NOTE: Using DEFAULT crypto policy in CI. FIPS breaks ed25519 SSH keys, and
6+
# FUTURE breaks wazuh agent repo metadata download.
7+
rhel9cis_crypto_policy: DEFAULT
8+
9+
##############################################################################

0 commit comments

Comments
 (0)