Bug 1746565
| Summary: | [fips] knet transport fails to initialize with OS in fips mode [rhel-8.0.0.z] | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Oneata Mircea Teodor <toneata> | ||||
| Component: | pcs | Assignee: | Tomas Jelinek <tojeline> | ||||
| Status: | CLOSED ERRATA | QA Contact: | cluster-qe <cluster-qe> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 8.1 | CC: | aherr, cfeist, cluster-maint, fdinitto, idevat, jfriesse, mjuricek, mlisik, mmazoure, omular, tojeline | ||||
| Target Milestone: | rc | Keywords: | ZStream | ||||
| Target Release: | 8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | pcs-0.10.1-4.el8_0.4 | Doc Type: | Bug Fix | ||||
| Doc Text: |
Cause:
Pcs creates 384 bytes long corosync authkey.
Consequence:
Corosync does not start when FIPS mode is enabled.
Fix:
Make pcs create 256 bytes long corosync authkey.
Result:
Corosync starts even when FIPS mode is enabled.
|
Story Points: | --- | ||||
| Clone Of: | 1740218 | Environment: | |||||
| Last Closed: | 2019-09-10 13:13:20 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1740218 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
After Fix ========= [ant8 ~] $ rpm -q pcs pcs-0.10.1-4.el8_0.4.x86_64 [ant8 ~] $ fips-mode-setup --check FIPS mode is enabled. [ant8 ~] $ pcs cluster setup zoo ant8 bee8 No addresses specified for host 'ant8', using 'ant8' No addresses specified for host 'bee8', using 'bee8' Destroying cluster on hosts: 'ant8', 'bee8'... bee8: Successfully destroyed cluster ant8: Successfully destroyed cluster Requesting remove 'pcsd settings' from 'ant8', 'bee8' ant8: successful removal of the file 'pcsd settings' bee8: successful removal of the file 'pcsd settings' Sending 'corosync authkey', 'pacemaker authkey' to 'ant8', 'bee8' ant8: successful distribution of the file 'corosync authkey' ant8: successful distribution of the file 'pacemaker authkey' bee8: successful distribution of the file 'corosync authkey' bee8: successful distribution of the file 'pacemaker authkey' Synchronizing pcsd SSL certificates on nodes 'ant8', 'bee8'... bee8: Success ant8: Success Sending 'corosync.conf' to 'ant8', 'bee8' ant8: successful distribution of the file 'corosync.conf' bee8: successful distribution of the file 'corosync.conf' Cluster has been successfully set up. [ant8 ~] $ ls -l /etc/corosync/authkey -r--------. 1 root root 256 Aug 29 13:23 /etc/corosync/authkey [ant8 ~] $ pcs cluster start --all --wait ant8: Starting Cluster... bee8: Starting Cluster... Waiting for node(s) to start... ant8: Started bee8: Started [ant8 ~] $ systemctl status corosync ● corosync.service - Corosync Cluster Engine Loaded: loaded (/usr/lib/systemd/system/corosync.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2019-08-29 13:24:05 CEST; 28s ago ... Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2701 |
Created attachment 1609327 [details] proposed fix