Journey so Far
The first two weeks of my Red Hat journey was a roller coaster ride with lots of takeaways, which I have covered in my first blog. Now, here I am in the third week of my internship and I have started writing my second blog post on my experience with Pulp. So buckle in …
FIPS stands for Federal Information Processing Standards. As the name suggests, it has something to do with the federal government in the United States (duh!). Basically, it provides a set of standards, which any machine that wants to be FIPS compliant, has to follow. These standards establish system security and interoperability.
As one of the core goals of my internship is to install and test Pulp in a FIPS enabled RHEL machine, I started gathering information on enabling FIPS on VMs. Then I enabled FIPS in a CentOS machine. Have documented the steps and hiccups that I faced in an internal blog as well. Once I got it setup in CentOS, I moved on to check the same in a RHEL VM with an “Employee subscription” and it worked like a charm.
Running Pulp Smash on FIPS enabled machine
Once I got a FIPS enabled RHEL machine (ran it in a Virtual Machine), the next step was installing Pulp in it by running an Ansible Playbook. This, however, threw some unexpected errors and it got resolved by using Pulp 2.17 nightly build. After this, it was time for me to test, which I carried out by running Pulp-smash against the aforementioned machine. Again I faced some issues, which took some time for me to figure out that it was happening due to the SSL connections with the VM. Finally, I decided to run Pulp-smash locally on the VM where Pulp is installed, and it worked.
The actual testing is done in a “compare and report” fashion, where I had another Pulp-installed- non-FIPS-RHEL-VM. I made sure, it had all the configurations of its FIPS counterpart (of course except the FIPS switch being turned off). Then using the power of tmux synchronize panes, I was able to execute tests simultaneously on the two VMs (one with FIPS enabled and the other without FIPS) and drew conclusions based on the logs generated by my test runner (Used Pytests for running those tests). Based on my observations, I even raised a couple of bugs (cheers!!!).
One of the things which helped me in analyzing the issue is using the python debugger, that allowed me to set breakpoints in the test execution and analyze step by step. some trace of using the debugger is briefed in the bug, that I raised.
Jenkins and Ansible
One of the coolest things that I got to do in these two weeks was learning extensively about the CI used in the Pulp project. I enrolled myself in the Ansible certification course in Red Hat University and completed few modules as well. With this knowledge, I was able to write my own playbook that enables FIPS in any VMs. I also started reading extensively about Jenkins jobs Builder and Yaml files and was able to integrate my ansible playbooks into jenkins job builders. More information about JJBs is found here.
I am also continuing with my RHCSA certifications and completed around 5 modules. This has some pretty good course materials with lots of hands-on exercises. I am learning new things on Linux each and every day. In the following weeks, I will be writing my own automation scripts for the FIPS milestone issues. I will also be involved in writing more unittests for Pulp-smash increasing code coverage. Happy coding times ahead …