Bug 1907358

Summary: In FIPS mode, RHVH cannot enter the new layer after upgrade
Product: Red Hat Enterprise Virtualization Manager Reporter: peyu
Component: imgbasedAssignee: Asaf Rachmani <arachman>
Status: CLOSED ERRATA QA Contact: peyu
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.4.3CC: cshao, dfediuck, lsvaty, mavital, peyu, qiyuan, sbonazzo, shlei, weiwang, yaniwang
Target Milestone: ovirt-4.4.5Keywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: imgbased-1.2.17-0.1.el8ev Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-14 11:44:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
/var/log none

Description peyu 2020-12-14 10:35:39 UTC 
Created attachment 1738917 [details]
/var/log

Description of problem:
Install RHVH and set FIPS mode, then upgrade the host to the latest build. The host upgrade looks successful. But when the system reboots and enters the new layer, the system will halt.

Version-Release number of selected component (if applicable):
rhvh: redhat-virtualization-host-4.4.3-20201116.0.el8_3
      redhat-virtualization-host-4.4.3-20201210.0.el8_3


How reproducible:
100%

Steps to Reproduce:
1. Install RHVH-4.4-20201117.0-RHVH-x86_64-dvd1.iso
2. Set the host to FIPS mode
   # fips-mode-setup --enable
   # reboot
   # fips-mode-setup --check
   ~~~~~~
   FIPS mode is enabled.
   ~~~~~~
3. Set up local repo and point to "redhat-virtualization-host-4.4.3-20201210.0.el8_3"
4. Upgrade the host
   # yum update
5. Reboot and enter the new layer
   # reboot

Actual results:
The system cannot enter the new layer, the message is as follows:
...
[  11.963611] megaraid_sas 0000:03:00.0 megasas_disable_intr_fusion is called outbound_intr_mask:0x40000009
[  11.989673] reboot: System halted.

Expected results:
The host upgrade is successful, the system enters the new layer.


Additional info:
~~~~~~
# yum update
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

Red Hat update to latest                                                                                            268 kB/s | 1.1 kB     00:00    
Dependencies resolved.
====================================================================================================================================================
 Package                                                 Architecture           Version                                Repository              Size
====================================================================================================================================================
Installing:
 redhat-virtualization-host-image-update                 noarch                 4.4.3-20201210.0.el8_3                 update                 821 M
     replacing  redhat-virtualization-host-image-update-placeholder.noarch 4.4.3-1.el8ev

Transaction Summary
====================================================================================================================================================
Install  1 Package

Total download size: 821 M
Is this ok [y/N]: y
Downloading Packages:
redhat-virtualization-host-image-update-latest.rpm                                                                   82 MB/s | 821 MB     00:09    
----------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                82 MB/s | 821 MB     00:09     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                            1/1 
  Running scriptlet: redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                      1/2 
  Installing       : redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                      1/2 
  Running scriptlet: redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                      1/2 
  Obsoleting       : redhat-virtualization-host-image-update-placeholder-4.4.3-1.el8ev.noarch                                                   2/2 
  Verifying        : redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                      1/2 
  Verifying        : redhat-virtualization-host-image-update-placeholder-4.4.3-1.el8ev.noarch                                                   2/2 
Unpersisting: redhat-virtualization-host-image-update-placeholder-4.4.3-1.el8ev.noarch.rpm
Installed products updated.

Installed:
  redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                                             

Complete!

~~~~~~
Comment 1 Asaf Rachmani 2021-02-01 12:13:26 UTC 
Seems like a duplicate of bug 1907746, keeping it open in order to verify both scenarios.
Comment 3 peyu 2021-02-18 09:04:13 UTC 
QE verified this issue on "redhat-virtualization-host-4.4.5-20210215.0.el8_3"

Test Steps:
1. Install RHVH-4.4-20210202.0-RHVH-x86_64-dvd1.iso
2. Set the host to FIPS mode
   # fips-mode-setup --enable
   # reboot
   # fips-mode-setup --check
   ~~~~~~
   FIPS mode is enabled.
   ~~~~~~
3. Set up local repo and point to "redhat-virtualization-host-4.4.5-20210215.0.el8_3"
4. Upgrade the host
   # yum update
5. Reboot and enter the new layer
   # reboot
6. Check FIPS mode after upgrade
   # fips-mode-setup --check

Actual results:
RHVH upgrade is successful, and FIPS mode is enabled after upgrade.
~~~~~~
# imgbase w
You are on rhvh-4.4.5.3-0.20210215.0+1

# imgbase layout
rhvh-4.4.4.1-0.20210201.0
 +- rhvh-4.4.4.1-0.20210201.0+1
rhvh-4.4.5.3-0.20210215.0
 +- rhvh-4.4.5.3-0.20210215.0+1

# fips-mode-setup --check
FIPS mode is enabled.
~~~~~~

Move the bug Status to "VERIFIED".
Comment 12 errata-xmlrpc 2021-04-14 11:44:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Virtualization security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1189
Comment 13 errata-xmlrpc 2021-04-14 11:48:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Virtualization security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1189