Bug 1853302
Summary: | Installation in FIPS mode fails on BareMetal IPI with error: "disabled for FIPS" | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Raviv Bar-Tal <rbartal> |
Component: | Bare Metal Hardware Provisioning | Assignee: | Dmitry Tantsur <dtantsur> |
Bare Metal Hardware Provisioning sub component: | ironic | QA Contact: | Ori Michaeli <omichael> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | low | ||
Priority: | medium | CC: | beth.white, bfournie, rpittau, tsedovic |
Version: | 4.5 | Keywords: | Triaged |
Target Milestone: | --- | ||
Target Release: | 4.6.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: ironic was using MD5 to build its hash ring. This hash function is not available in the FIPS 140-2 mode.
Consequence: installation would fail because ironic would not be able to build a hash ring.
Fix: the ironic image now defaults to SHA256 as a hash function for the hash ring.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-27 16:11:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1869183 | ||
Bug Blocks: | 1804232 |
Description
Raviv Bar-Tal
2020-07-02 11:47:46 UTC
All the pull requests have been merged. Setting to POST, but we need to tag the RPMs at which point we'll move this to MODIFIED. Ready for testing. Tested with 4.6.0-0.nightly-2020-08-26-064537: Installation completed successfully and install-config was updated with fips: true Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |