Determining if a Host Is in FIPS Mode

Explains how to use the CLI, REST commands, or the Control System to determine if a host is in FIPS mode.

Determining if a Host Is in FIPS Mode Using the CLI and REST API

About this task

FIPS is a host-specific property, not a cluster-wide property. It is possible to have a mix of FIPS-compliant and non-FIPS compliant nodes in the same cluster.

Release 7.0.0 enhanced the output of the maprcli node list command to include a new isFips field name. When the value of isFips is 1, the data-fabric core platform is in FIPS mode on the specified host. If the value is 0, the core platform is in non-FIPS mode.

CLI

Run the maprcli node list -json command to determine if a node is in FIPS or non-FIPS mode:

$ maprcli node list -json 
{ 
  "timestamp":1629755217258, 
  "timeofday":"2021-08-23 02:46:57.258 GMT-0700 PM", 
  "status":"OK", 
  "total":1, 
  "data":[ 
    { 
      "id":"3229336703213394432", 
      "ip":"10.163.166.250", 
      "hostname":"fips0.storage.hpecorp.net", 
      "racktopo":"/data/default-rack/fips0.storage.hpecorp.net", 
      "labels":[ 
        "default" 
      ], 
      "isFips":1, 
      "health":0, 
      ... 
Another option is to run the sysctl crypto.fips_enabled command. This is the command that the configure.sh script uses to determine if the operating system is FIPS-enabled:
sudo sysctl crypto.fips_enabled
crypto.fips_enabled = 1
Another option is to run the following command:
fips-mode-setup --check
FIPS mode is enabled.
REST
Use the REST equivalent of the maprcli node list command, which returns the isFips value for each node:
curl -u <username>:<password> -X GET -k "https://host:8443/rest/node/list"
Control System
On the Nodes page, double-click a Hostname to display node-detail information that includes the FIPS status:

You can also customize the Nodes pane on the Nodes page to include the FIPS status. See Viewing the list of Nodes and Customizing the List of Columns/Fields.