Bug 2053913
Summary: | Installation of foreman-discovery-image package fails with error "does not verify: no digest" in Satellite 7.0 on top of FIPS enabled RHEL 8 | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Sayan Das <saydas> |
Component: | Documentation | Assignee: | Marie Hornickova <mdolezel> |
Documentation sub component: | default | QA Contact: | |
Status: | CLOSED CURRENTRELEASE | Docs Contact: | |
Severity: | high | ||
Priority: | unspecified | CC: | gsulliva, jbhatia, lzap, mdolezel, rabajaj, rlavi, sabuchan |
Version: | 6.11.0 | ||
Target Milestone: | 6.11.0 | ||
Target Release: | Unused | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Release Note | |
Doc Text: |
*RHEL 8 FIPS mode installation failure*
When installing the `foreman-discovery-package` on RHEL 8 with FIPS mode enabled, the package installation fails with an error message stating `does not verify: no digest`. As a workaround, extract the ISO manually using `rpm2cpio foreman-discovery-image-XYZ.rpm | cpio -idmv`, then convert the ISO to PXE files using the following commands:
[start=1]
. `ln -snf foreman-discovery-image-XYZ.iso fdi.iso`
. `discovery-iso-to-pxe fdi.iso`
. `mkdir -p /var/lib/tftpboot/boot/fdi-image`
. `cp ./tftpboot/vmlinuz0 /var/lib/tftpboot/boot/fdi-image/vmlinuz`
. `cp ./tftpboot/initrd0.img /var/lib/tftpboot/boot/fdi-image/initrd0.img`
. `chown -R foreman-proxy:root /var/lib/tftpboot/boot/fdi-image`
. `restorecon -RFv /var/lib/tftpboot/boot/fdi-image`
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-07-25 13:18:28 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sayan Das
2022-02-13 06:28:32 UTC
RELEASE NOTES (please verify Sayan thank you): Known issue doc: When installing foreman-discovery-package on FIPS mode in RHEL8, RPM package installation will fail with "does not verify: no digest". Solution: Extract the ISO manually: rpm2cpio foreman-discovery-image-XYZ.rpm | cpio -idmv Convert the ISO to the PXE files: ln -snf foreman-discovery-image-XYZ.iso fdi.iso discovery-iso-to-pxe fdi.iso cp ./tftpboot/vmlinuz0 /var/lib/tftpboot/fdi-image/vmlinuz cp ./tftpboot/initrd0.img /var/lib/tftpboot/fdi-image/initrd0.img Verified Release Notes: Issue: Installing foreman-discovery-image package on FIPS mode in RHEL8, RPM package installation fails with "does not verify: no digest". Solution: 1. If you do not have the foreman-discovery-image iso, try downloading from package manager at https://access.redhat.com/downloads/content/foreman-discovery-image/3.8.0-1.el7sat/noarch/fd431d51/package 2. Else, continue with steps as follows: A. rpm2cpio foreman-discovery-image-XYZ.rpm | cpio -idmv B. ln -snf usr/share/foreman-discovery-image/foreman-discovery-image-3.8.0-1.iso fdi.iso C. ./usr/bin/discovery-iso-to-pxe fdi.iso D. mkdir /var/lib/tftpboot/fdi-image E. cp ./tftpboot/vmlinuz0 /var/lib/tftpboot/fdi-image/vmlinuz F. cp ./tftpboot/initrd0.img /var/lib/tftpboot/fdi-image/initrd0.img (In reply to Griffin Sullivan from comment #9) > Verified Release Notes: > > Issue: > > Installing foreman-discovery-image package on FIPS mode in RHEL8, RPM > package installation fails with "does not verify: no digest". > > Solution: > > 1. If you do not have the foreman-discovery-image iso, try downloading from > package manager at > https://access.redhat.com/downloads/content/foreman-discovery-image/3.8.0-1. > el7sat/noarch/fd431d51/package > > 2. Else, continue with steps as follows: > > A. rpm2cpio foreman-discovery-image-XYZ.rpm | cpio -idmv > > B. ln -snf > usr/share/foreman-discovery-image/foreman-discovery-image-3.8.0-1.iso fdi.iso > > C. ./usr/bin/discovery-iso-to-pxe fdi.iso > > D. mkdir /var/lib/tftpboot/fdi-image > > E. cp ./tftpboot/vmlinuz0 /var/lib/tftpboot/fdi-image/vmlinuz > > F. cp ./tftpboot/initrd0.img /var/lib/tftpboot/fdi-image/initrd0.img Hello, For some reason, I never had a notification in my mailbox about Comment 8 and hence I missed the notes from lzap completely. Theoretically, the steps are looking good except for these i.e. D. mkdir /var/lib/tftpboot/fdi-image E. cp ./tftpboot/vmlinuz0 /var/lib/tftpboot/fdi-image/vmlinuz F. cp ./tftpboot/initrd0.img /var/lib/tftpboot/fdi-image/initrd0.img The /var/lib/tftpboot/fdi-image/ should be /var/lib/tftpboot/boot/fdi-image/ if i am correct. And also "/var/lib/tftpboot/boot" and anything inside the same should have the ownership of foreman-proxy user Now, Practically, To verify whether the manual approach works and allows me to discover a host via PXE or not, I will need to install the latest snap of 6.11 on a FIPS-enabled system which will take some time. -- Sayan RN draft: *Installation of foreman-discovery-package fails on RHEL 8 with FIPS enabled* When installing the foreman-discovery-package on RHEL 8 with FIPS mode enabled, RPM package installation fails with the following error message: `does not verify: no digest`. To work around this issue, extract the ISO manually by running `rpm2cpio foreman-discovery-image-XYZ.rpm | cpio -idmv` in your Terminal, then convert the ISO to the PXE files by running `ln -snf foreman-discovery-image-XYZ.iso fdi.iso discovery-iso-to-pxe fdi.iso mkdir -p /var/lib/tftpboot/boot/fdi-image cp ./tftpboot/vmlinuz0 /var/lib/tftpboot/boot/fdi-image/vmlinuz cp ./tftpboot/initrd0.img /var/lib/tftpboot/boot/fdi-image/initrd0.img chown -R foreman-proxy:root /var/lib/tftpboot/boot/fdi-image restorecon -RFv /var/lib/tftpboot/boot/fdi-image` in your Terminal. Doc: https://docs.google.com/document/d/1xMkjPbkwF9ZJ95tEcWYmRRqVdusIZENHZsL3-B3YvJw/edit Tagging @lzap for sanity check here and in doc. Yeah correct. These are all separate commands, 7 in total, just to be clear: ln -snf foreman-discovery-image-XYZ.iso fdi.iso discovery-iso-to-pxe fdi.iso mkdir -p /var/lib/tftpboot/boot/fdi-image cp ./tftpboot/vmlinuz0 /var/lib/tftpboot/boot/fdi-image/vmlinuz cp ./tftpboot/initrd0.img /var/lib/tftpboot/boot/fdi-image/initrd0.img chown -R foreman-proxy:root /var/lib/tftpboot/boot/fdi-image restorecon -RFv /var/lib/tftpboot/boot/fdi-image Final RN: *RHEL 8 FIPS mode installation failure* When installing the `foreman-discovery-package` on RHEL 8 with FIPS mode enabled, the package installation fails with an error message stating `does not verify: no digest`. As a workaround, extract the ISO manually using `rpm2cpio foreman-discovery-image-XYZ.rpm | cpio -idmv`, then convert the ISO to PXE files using the following commands: [start=1] . `ln -snf foreman-discovery-image-XYZ.iso fdi.iso` . `discovery-iso-to-pxe fdi.iso` . `mkdir -p /var/lib/tftpboot/boot/fdi-image` . `cp ./tftpboot/vmlinuz0 /var/lib/tftpboot/boot/fdi-image/vmlinuz` . `cp ./tftpboot/initrd0.img /var/lib/tftpboot/boot/fdi-image/initrd0.img` . `chown -R foreman-proxy:root /var/lib/tftpboot/boot/fdi-image` . `restorecon -RFv /var/lib/tftpboot/boot/fdi-image` |