Set gcomm_cipher to an appropriate value if FIPS is enabled

The default cipher set via puppet-tripleo is AES128-SHA256 for mysql and this is not allowed in FIPS. This commit overrides this value to be 'ECDHE-RSA-AES256-GCM-SHA384' if FIPS is enabled. Depends-on: I7f47741d4b2a5a3473d24439689cc358bf7738f0 Change-Id: I386ce0d7459cc9750172849215440cd532fb2618
2022-10-17 08:05:10 +02:00 · 2022-10-17 08:05:10 +02:00 · 070bc335b6
parent 5fb9d7ecb6
commit 070bc335b6
1 changed files with 3 additions and 0 deletions
--- a/environments/fips.yaml
+++ b/environments/fips.yaml
@ -7,3 +7,6 @@ parameter_defaults:

  # Add RabbitAdditionalErlArgs for FIPS
  RabbitFIPS: true
+
+  # Override gcomm_cipher for FIPS
+  MysqlGaleraSSLCipher: 'ECDHE-RSA-AES256-GCM-SHA384'