Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 9. Enabling FIPS mode with RHEL image builder


You can create a customized image and boot a FIPS-enabled RHEL image. Before you compose the image, you must change the value of the fips directive in your blueprint.

Prerequisites

  • You are logged in as the root user or a user who is a member of the weldr group.

Procedure

  1. Create a plain text file in the Tom’s Obvious, Minimal Language (TOML) format with the following content:

    name = "system-fips-mode-enabled"
    description = "blueprint with FIPS enabled "
    version = "0.0.1"
    
    [customizations]
    fips = true
    
    [[customizations.user]]
    name = "admin"
    password = "admin"
    groups = ["users", "wheel"]
  2. Import the blueprint to the RHEL image builder server:

    # composer-cli blueprints push <blueprint-name>.toml
  3. List the existing blueprints to check whether the created blueprint is successfully imported and exists:

    # composer-cli blueprints show <blueprint-name>
  4. Check whether the components and versions listed in the blueprint and their dependencies are valid:

    # composer-cli blueprints depsolve <blueprint-name>
  5. Build the customized RHEL image:

    # composer-cli compose start \ <blueprint-name> \ <image-type> \
  6. Review the image status:

    # composer-cli compose status
    …
    $ <UUID> FINISHED <date> <blueprint-name> <blueprint-version> <image-type>
  7. Download the image:

    # composer-cli compose image <UUID>

    RHEL image builder downloads the image to the current directory path. The UUID number and the image size are displayed alongside:

    $ <UUID-image-name.type>: <size> MB

Verification

  1. Log in to the system image with the username and password that you configured in your blueprint.
  2. Check if FIPS mode is enabled:

    $ fips-mode-setup --check
    FIPS mode is enabled.
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.