Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 9. Enabling FIPS mode with RHEL image builder
You can create a customized image and boot a FIPS-enabled RHEL image. Before you compose the image, you must change the value of the fips
directive in your blueprint.
Prerequisites
-
You are logged in as the root user or a user who is a member of the
weldr
group.
Procedure
Create a plain text file in the Tom’s Obvious, Minimal Language (TOML) format with the following content:
name = "system-fips-mode-enabled" description = "blueprint with FIPS enabled " version = "0.0.1" [customizations] fips = true [[customizations.user]] name = "admin" password = "admin" groups = ["users", "wheel"]
Import the blueprint to the RHEL image builder server:
# composer-cli blueprints push <blueprint-name>.toml
List the existing blueprints to check whether the created blueprint is successfully imported and exists:
# composer-cli blueprints show <blueprint-name>
Check whether the components and versions listed in the blueprint and their dependencies are valid:
# composer-cli blueprints depsolve <blueprint-name>
Build the customized RHEL image:
# composer-cli compose start \ <blueprint-name> \ <image-type> \
Review the image status:
# composer-cli compose status … $ <UUID> FINISHED <date> <blueprint-name> <blueprint-version> <image-type> …
Download the image:
# composer-cli compose image <UUID>
RHEL image builder downloads the image to the current directory path. The UUID number and the image size are displayed alongside:
$ <UUID-image-name.type>: <size> MB
Verification
- Log in to the system image with the username and password that you configured in your blueprint.
Check if FIPS mode is enabled:
$ fips-mode-setup --check FIPS mode is enabled.