Bug 1742933

Summary: undercloud install fails using fips.
Product: Red Hat OpenStack Reporter: Siggy Sigwald <ssigwald>
Component: instack-undercloudAssignee: James Slagle <jslagle>
Status: CLOSED DUPLICATE QA Contact: Arik Chernetsky <achernet>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 13.0 (Queens)CC: hrybacki, lbragsta, mburns
Target Milestone: ---Flags: hrybacki: needinfo? (ssigwald)
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-09-18 13:43:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Siggy Sigwald 2019-08-17 19:13:01 UTC 
Description of problem:
Followed [1] to setup fips. Then attempt to deploy undercloud and it fails with :

WARNING tripleoclient.v1.tripleo_deploy.Deploy [  ]         "md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!"


[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations


Version-Release number of selected component (if applicable):
RHOSP13

How reproducible:
100%

Steps to Reproduce:
1. setup fips
2. install undercloud
3.

Actual results:
install fails

Expected results:
As per this[2] document in "2.1.4. TLS libraries": "The TLS and HTTP services within OpenStack are typically implemented using
OpenSSL, which has a module that has been validated for FIPS 140-2." 
We expect for the installation process to work with FIPS.

[2]https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/pdf/security_and_hardening_guide/Red_Hat_OpenStack_Platform-13-Security_and_Hardening_Guide-en-US.pdf
Comment 4 Harry Rybacki 2019-09-18 13:43:58 UTC 
I am closing this RHBZ as a duplicate of RHBZ#1741229. Please re-open this bug if you feel it was marked as a duplicate incorrectly or merits further discussion here.

*** This bug has been marked as a duplicate of bug 1741229 ***