diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 9041515ad4..689d3c42c6 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -549,9 +549,6 @@ Topics: - Name: Troubleshooting installation issues File: installing-troubleshooting Distros: openshift-origin,openshift-enterprise -- Name: Support for FIPS cryptography - File: installing-fips - Distros: openshift-enterprise,openshift-online --- Name: Post-installation configuration Dir: post_installation_configuration diff --git a/installing/install_config/installing-customizing.adoc b/installing/install_config/installing-customizing.adoc index aa3b85b5b2..f83ad75f62 100644 --- a/installing/install_config/installing-customizing.adoc +++ b/installing/install_config/installing-customizing.adoc @@ -48,6 +48,9 @@ include::modules/installation-special-config-chrony.adoc[leveloffset=+1] * For information on Butane, see xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-butane_installing-customizing[Creating machine configs with Butane]. +//// ifndef::openshift-origin[] * For information on FIPS support, see xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography]. endif::[] + +//// diff --git a/installing/installing-preparing.adoc b/installing/installing-preparing.adoc index b1f72c1b9e..03e8eb9fde 100644 --- a/installing/installing-preparing.adoc +++ b/installing/installing-preparing.adoc @@ -32,7 +32,7 @@ endif::openshift-origin[] * {ibmzProductName} or {linuxoneProductName} * {ibmzProductName} or {linuxoneProductName} for {op-system-base-full} KVM * {ibmpowerProductName} -* {ibmpowerProductName} Virtual Server +* {ibmpowerProductName} Virtual Server * Nutanix * VMware vSphere * VMware Cloud (VMC) on AWS @@ -80,6 +80,7 @@ If you need to install your cluster that has limited access to the internet, suc If you need to deploy your cluster to an xref:../installing/installing_aws/installing-aws-government-region.adoc#installing-aws-government-region[AWS GovCloud region], xref:../installing/installing_aws/installing-aws-china.adoc#installing-aws-china-region[AWS China region], or xref:../installing/installing_azure/installing-azure-government-region.adoc#installing-azure-government-region[Azure government region], you can configure those custom regions during an installer-provisioned infrastructure installation. +//// ifndef::openshift-origin[] You can also configure the cluster machines to use xref:../installing/installing-fips.adoc#installing-fips[FIPS Validated / Modules in Process cryptographic libraries] during installation. @@ -89,6 +90,7 @@ The use of FIPS Validated / Modules in Process cryptographic libraries is only s ==== endif::[] +//// //// [id="installing-preparing-single-node"] @@ -129,7 +131,7 @@ Not all installation options are supported for all platforms, as shown in the fo //This table is for all flavors of OpenShift, except OKD. A separate table is required because OKD does not support multiple AWS architecture types. Trying to maintain one table using conditions, while convenient, is very fragile and prone to publishing errors. ifndef::openshift-origin[] |=== -||Alibaba |AWS (64-bit x86) |AWS (64-bit ARM) |Azure (64-bit x86) |Azure (64-bit ARM)|Azure Stack Hub |GCP |Nutanix |{rh-openstack} |RHV |Bare metal (64-bit x86) |Bare metal (64-bit ARM) |vSphere |VMC |IBM Cloud VPC |{ibmzProductName} |{ibmpowerProductName} |{ibmpowerProductName} Virtual Server +||Alibaba |AWS (64-bit x86) |AWS (64-bit ARM) |Azure (64-bit x86) |Azure (64-bit ARM)|Azure Stack Hub |GCP |Nutanix |{rh-openstack} |RHV |Bare metal (64-bit x86) |Bare metal (64-bit ARM) |vSphere |VMC |IBM Cloud VPC |{ibmzProductName} |{ibmpowerProductName} |{ibmpowerProductName} Virtual Server |Default |xref:../installing/installing_alibaba/installing-alibaba-default.adoc#installing-alibaba-default[✓] diff --git a/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc b/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc index 2b5fa657f8..3b9160d331 100644 --- a/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc +++ b/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc @@ -28,7 +28,9 @@ include::modules/agent-installer-configuring-fips-compliance.adoc[leveloffset=+1 * link:https://access.redhat.com/articles/5059881[OpenShift Security Guide Book] +//// * xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography] +//// include::modules/agent-install-networking.adoc[leveloffset=+1] diff --git a/operators/operator_sdk/osdk-generating-csvs.adoc b/operators/operator_sdk/osdk-generating-csvs.adoc index c9e4d289c5..64c88ceba3 100644 --- a/operators/operator_sdk/osdk-generating-csvs.adoc +++ b/operators/operator_sdk/osdk-generating-csvs.adoc @@ -41,7 +41,9 @@ include::modules/osdk-csv-manual-annotations.adoc[leveloffset=+2] * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-suggested-namespace-default-node_osdk-generating-csvs[Setting a suggested namespace with default node selector] * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#olm-enabling-operator-for-restricted-network_osdk-generating-csvs[Enabling your Operator for restricted network environments] (disconnected mode) * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-hiding-internal-objects_osdk-generating-csvs[Hiding internal objects] +//// * xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS crytography] +//// include::modules/olm-enabling-operator-restricted-network.adoc[leveloffset=+1] include::modules/olm-enabling-operator-for-multi-arch.adoc[leveloffset=+1] diff --git a/security/container_security/security-compliance.adoc b/security/container_security/security-compliance.adoc index 2340473156..9f0516a931 100644 --- a/security/container_security/security-compliance.adoc +++ b/security/container_security/security-compliance.adoc @@ -13,9 +13,12 @@ standards or the organization's corporate governance framework. // Compliance and the NIST risk management model include::modules/security-compliance-nist.adoc[leveloffset=+1] + +//// ifndef::openshift-origin[] [role="_additional-resources"] .Additional resources * xref:../../installing/installing-fips.adoc#installing-fips-mode_installing-fips[Installing a cluster in FIPS mode] endif::[] +//// diff --git a/security/container_security/security-hardening.adoc b/security/container_security/security-hardening.adoc index e1a192a7b1..ffc6c3a3bf 100644 --- a/security/container_security/security-hardening.adoc +++ b/security/container_security/security-hardening.adoc @@ -44,6 +44,8 @@ include::modules/security-hardening-how.adoc[leveloffset=+1] * xref:../../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-kernel-arguments_nodes-nodes-managing[Adding kernel arguments to Nodes] ifndef::openshift-origin[] * xref:../../installing/installing_aws/installing-aws-customizations.adoc#installation-configuration-parameters_installing-aws-customizations[Installation configuration parameters] - see `fips` -* xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography] * link:https://access.redhat.com/articles/3359851[{op-system-base} core crypto components] +//// + * xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography] +//// endif::[] diff --git a/security/container_security/security-hosts-vms.adoc b/security/container_security/security-hosts-vms.adoc index 6410688d61..5e008aa64a 100644 --- a/security/container_security/security-hosts-vms.adoc +++ b/security/container_security/security-hosts-vms.adoc @@ -26,12 +26,14 @@ include::modules/security-hosts-vms-rhcos.adoc[leveloffset=+1] * xref:../../architecture/architecture-rhcos.adoc#rhcos-about-ignition_architecture-rhcos[Ignition] * xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-kargs_installing-customizing[Kernel arguments] * xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-kmod_installing-customizing[Kernel modules] -ifndef::openshift-origin[] -* xref:../../installing/installing-fips.adoc#installing-fips[FIPS cryptography] -endif::[] * xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-encrypt-disk_installing-customizing[Disk encryption] * xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-chrony_installing-customizing[Chrony time service] * xref:../../updating/understanding-openshift-updates.adoc#update-service-about_understanding-openshift-updates[About the OpenShift Update Service] +//// +ifndef::openshift-origin[] +* xref:../../installing/installing-fips.adoc#installing-fips[FIPS cryptography] +endif::[] +//// // Virtualization versus containers include::modules/security-hosts-vms-vs-containers.adoc[leveloffset=+1] diff --git a/virt/install/preparing-cluster-for-virt.adoc b/virt/install/preparing-cluster-for-virt.adoc index 9a4c053f86..7679edee7e 100644 --- a/virt/install/preparing-cluster-for-virt.adoc +++ b/virt/install/preparing-cluster-for-virt.adoc @@ -13,9 +13,11 @@ Review this section before you install {VirtProductName} to ensure that your clu You can use any installation method, including user-provisioned, installer-provisioned, or assisted installer, to deploy {product-title}. However, the installation method and the cluster topology might affect {VirtProductName} functionality, such as snapshots or live migration. ==== +//// .FIPS mode If you install your cluster in xref:../../installing/installing-fips.adoc#installing-fips-mode_installing-fips[FIPS mode], no additional setup is required for {VirtProductName}. +//// .IPv6