Bug 1738861
Summary: | can't start VM that was cloned from snapshot when FIPS enabled | ||
---|---|---|---|
Product: | [oVirt] ovirt-engine | Reporter: | Lucie Leistnerova <lleistne> |
Component: | General | Assignee: | Tomasz BaraĆski <tbaransk> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Beni Pelled <bpelled> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.3.5.4 | CC: | bugs, michal.skrivanek, rbarry |
Target Milestone: | ovirt-4.4.0 | Flags: | pm-rhel:
ovirt-4.4+
|
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | rhv-4.4.0-29 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-20 20:00:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Virt | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lucie Leistnerova
2019-08-08 10:10:41 UTC
Likely to be vdsm/lib/vdsm/mkimage.py#L99 using hashlib.md5() instead of hashlib.sha256() it has nothing to do with snapshot, you're using cloud-init payload during the run that fails. That doesn't match what you described as reproduction steps, can you doublecheck what exactly it is doing? any vm run with cloud-init or sysprep floppy would fail well, three bugs... - FIPS forbids md5 which we use for mkIsoFs a mkFloppyFs. IMO can be just dropped entirely. - md5 is used also in hooks. Needs to be removed/replaced, we can keep the reported key as md5 to not change api - clonevm from snapshot automatically enables cloudinit/sysprep, probably a frontend problem. I've tested it again with Michal and steps did reproduce it, but because there is other problem in engine. When new VM is created, clound-init is not checked. But then when cloning from snapshot it is checked and should not. I've created new BZ 1739377 for that. Thanks Michal! Verified with: - RHV 4.4.0-0.32.master.el8ev - Host with Red Hat Enterprise Linux 8.2 (Ootpa) - libvirt-6.0.0-17.module+el8.2.0+6257+0d066c28.x86_64 - vdsm-4.40.13-1.el8ev.x86_64 Verification steps: 1. Enable FIPS on a host and connect the host to RHV-M 2. Create a VM with console type = SPICE and make sure the VM can start 3. Create a snapshot 4. Clone a new VM from the snapshot 5. Start the cloned VM Result: - Cloned VM runs successfully on the FIPS host. PS> The clound-init wasn't checked on the new VM cloned from the snapshot. This bugzilla is included in oVirt 4.4.0 release, published on May 20th 2020. Since the problem described in this bug report should be resolved in oVirt 4.4.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |