Bug 1811166

Summary: REX job failed when you enable FIPS on RHEL 8 hosts
Product: Red Hat Satellite Reporter: Ganesh Payelkar <gpayelka>
Component: Remote ExecutionAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Peter Ondrejka <pondrejk>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.7.0CC: aruzicka, casmith, dsynk, inecas, mkalyat, pcreech, phess, sussen
Target Milestone: 6.11.0Keywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-05 14:27:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ganesh Payelkar 2020-03-06 18:22:37 UTC 
Description of problem:

REX job failed when you enable FIPS on RHEL 8 hosts

Version-Release number of selected component (if applicable):
satellite-6.7.0-5.beta.el7sat.noarch

How reproducible:
New installation of 6.7 Beta 

Steps to Reproduce:

1. Register a client to your satellite server 

2. Check that does your connected system has applicable errata to apply.

2. Enable FIPS on your RHEL 8 system. 

3. Attempt to execute the remote command


Actual results:

Error initializing command: Net::SSH::HostKeyMismatch - fingerprint (could not generate fingerprint: Digest initialization failed: disabled for fips) does not match for "client.example.com,1.7.1.5"

Exit status: EXCEPTION


Expected results:

The remote command should work even if you have FIPS enabled host


Additional info:
Comment 12 Danny Synk 2020-06-04 20:15:27 UTC 
A customer has reported that a workaround is to change the job category of REX jobs from "Commands" to "Ansible Commands." I have just confirmed that a REX job executed by Satellite 6.7 on a FIPS-enabled RHEL 8 content host fails using the Commands job category, but the same job succeeds when the job category is changed to Ansible Commands.
Comment 16 Peter Ondrejka 2022-01-14 11:57:14 UTC 
Verified on Satellite 7 snap 4, ssh type rex job is executed successfully against FIPS enabled RHEL8 host
Comment 19 errata-xmlrpc 2022-07-05 14:27:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5498