At the time of writing this guide, Ubuntu currently only supports NIST-certified FIPS on version 20.04 LTS.
They are in the process of certifying FIPS for 22.04 LTS, but it is currently only available for testing purposes.
Ubuntu 22.04 FIPS does not require these steps, and installs correctly with no configuration changes.
We are aware of a bug with the version of MySQL shipped with the standard Ubuntu 20.04 LTS repositories which prevents it from being installed on FIPS-certified systems.
There is also an outdated version of Ansible in the default Ubuntu repositories.
These issues will prevent the OPC from installing through normal means, and requires some configuration BEFORE enabling FIPS for the OPC to work.
Run the following commands as root.
Pin the Ansible PPA as the priority option for installing Ansible. This will ensure the latest Ansible version is enabled.
cat >> /etc/apt/preferences.d/opc_ansible_ppa << 'END'
Package: ansible
Pin: origin ppa.launchpad.net
Pin-Priority: 1001
END copyDownload and install the official MySQL APT repository to get the latest MYSQL version.
wget https://dev.mysql.com/get/mysql-apt-config_0.8.32-1_all.deb
dpkg -i mysql-apt-config_0.8.32-1_all.deb copyInstall the OPC using the standard installer.
curl https://get.deskpro.com/installer.sh -o /tmp/installer.sh && bash /tmp/installer.sh copyEnable
ssl_fips_modein MySQL.
cat >> /etc/mysql/conf.d/fips.cnf << 'END'
[mysqld]
ssl_fips_mode = ON
END copyEnable FIPS in Ubuntu Pro.
pro enable fips copyReboot your helpdesk server to apply the FIPS configuration.
reboot copyThis should bypass any of the known issues with FIPS and dependencies for Deskpro, and should allow Deskpro to run on a FIPS-certified Ubuntu server.
Mewngofnodwch neu cofrestrwch i gyflwyno sylw.