diff options
author | Matt Wrock <matt@mattwrock.com> | 2016-04-22 22:57:44 -0700 |
---|---|---|
committer | Matt Wrock <matt@mattwrock.com> | 2016-04-22 22:57:44 -0700 |
commit | 2c7c981fcd1b0a0b9291dbaf022fcc8836ad38ac (patch) | |
tree | 8533b9db978c33f0b67d80785238b451dd1a1c4e /chef-config/lib/chef-config | |
parent | 32fbc8908cc41c218951d5e2c9413e7efc6df5f1 (diff) | |
download | chef-fipfop.tar.gz |
run in fips mode if node is fips enabledfipfop
Diffstat (limited to 'chef-config/lib/chef-config')
-rw-r--r-- | chef-config/lib/chef-config/config.rb | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index bea357dad6..1bd6077f60 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -513,7 +513,32 @@ module ChefConfig default :recipe_url, nil # Set to true if Chef is to set OpenSSL to run in FIPS mode - default(:fips) { ENV["CHEF_FIPS"] == "1" } + default(:fips) do + !ENV["CHEF_FIPS"].nil? || check_fips_via_ohai + end + + # we want to synchronize this ohai call because ohai is not thread safe + # if this gets called in a mulithreaded context, each thread's ohai instance + # will call reset_system while other threads are loading plugins + # the destructive power of reset_system is scoped to the module and not to the instance + def self.check_fips_via_ohai + @@sync ||= Mutex.new + return @@sync_value if defined?(@@sync_value) + + @@sync.synchronize do + return @@sync_value if defined?(@@sync_value) + require "ohai" + o = Ohai::System.new + o.load_plugins + begin + o.require_plugin "fips" + @@sync_value = o[:fips][:kernel][:enabled] + rescue Ohai::Exceptions::DependencyNotFound + @@sync_value = false + end + end + @@sync_value + end # Initialize openssl def self.init_openssl @@ -962,6 +987,7 @@ module ChefConfig require "digest/md5" Digest.const_set("SHA1", OpenSSL::Digest::SHA1) OpenSSL::Digest.const_set("MD5", Digest::MD5) + ChefConfig.logger.debug "FIPS mode is enabled." end end end |