Failure to deploy oVirt node with security profile (PCIDSS)
Hi oVirt community I tried with el8 & el9 oVirt Node 4.5.4 isos, But in both cases, the installation failed when selecting the PCI-DSS security profile. Please see screenshots attached According to 4.5.0 release note this is a supported feature : *BZ 2030226 [RFE] oVirt hypervisors should support running on hosts with the PCI-DSS security profile applied* *The oVirt Hypervisor is now capable of running on machine with PCI-DSS security profile.* https://bugzilla.redhat.com/show_bug.cgi?id=2030226 As the RFE says that deployment works, I guess this is a regression somewhere between 4.5.0 & 4.5.4 Is there a chance that this bug gets fixed? Is it up to the community? In the meantime, what can we do to deploy hosts with a PCI-DSS profile? Best regards, Guillaume Pavese Ingénieur Système et Réseau Interactiv-Group -- Ce message et toutes les pièces jointes (ci-après le “message”) sont établis à l’intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d’en avertir immédiatement l’expéditeur. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L’internet ne permettant pas d’assurer l’intégrité de ce message . Interactiv-group (et ses filiales) décline(nt) toute responsabilité au titre de ce message, dans l’hypothèse ou il aurait été modifié. IT, ES, UK. <https://interactiv-group.com/disclaimer.html>
Il giorno gio 6 apr 2023 alle ore 09:30 Guillaume Pavese < guillaume.pavese@interactiv-group.com> ha scritto:
Hi oVirt community
I tried with el8 & el9 oVirt Node 4.5.4 isos, But in both cases, the installation failed when selecting the PCI-DSS security profile. Please see screenshots attached
In the screenshot I see ssg-onn4-ds being selected, I would have expected it to be ssg-onn45-ds.xml as that's the one being created in https://github.com/oVirt/ovirt-node-ng-image
According to 4.5.0 release note this is a supported feature :
*BZ 2030226 [RFE] oVirt hypervisors should support running on hosts with the PCI-DSS security profile applied*
*The oVirt Hypervisor is now capable of running on machine with PCI-DSS security profile.*
https://bugzilla.redhat.com/show_bug.cgi?id=2030226
As the RFE says that deployment works, I guess this is a regression somewhere between 4.5.0 & 4.5.4
Is there a chance that this bug gets fixed? Is it up to the community?
Yes, it's up to the community but this one should be an easy fix, just changing the name of the file to match what's expected by anaconda.
In the meantime, what can we do to deploy hosts with a PCI-DSS profile?
I would try installing 4.5.0 with PCI-DSS and then upgrade to 4.5.4
Best regards,
Guillaume Pavese Ingénieur Système et Réseau Interactiv-Group
Ce message et toutes les pièces jointes (ci-après le “message”) sont établis à l’intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d’en avertir immédiatement l’expéditeur. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L’internet ne permettant pas d’assurer l’intégrité de ce message . Interactiv-group (et ses filiales) décline(nt) toute responsabilité au titre de ce message, dans l’hypothèse ou il aurait été modifié. IT, ES, UK. <https://interactiv-group.com/disclaimer.html> _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/34N4ODT2FRVQOM...
-- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING - Red Hat In-Vehicle Operating System Red Hat EMEA <https://www.redhat.com/> sbonazzo@redhat.com <https://www.redhat.com/> *Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.*
participants (2)
-
Guillaume Pavese -
Sandro Bonazzola