Bug 2092524

Summary: many community based modules failing in FIPS mode
Product: Red Hat OpenStack Reporter: Ade Lee <alee>
Component: ansible-tripleo-ipaAssignee: Andre <afariasa>
Status: CLOSED ERRATA QA Contact: Jeremy Agee <jagee>
Severity: high Docs Contact:
Priority: high    
Version: 17.0 (Wallaby)CC: afariasa, dwilde, ggrasza, jschluet, stchen
Target Milestone: gaKeywords: Triaged
Target Release: 17.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ansible-tripleo-ipa-0.2.3-0.20220301190452.6b0ed82.el9ost openstack-tripleo-heat-templates-14.3.1-0.20220719171722.feca772.el9ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-21 12:22:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ade Lee 2022-06-01 18:21:34 UTC 
Description of problem:

When the undercloud is in FIPS mode, many of the community modules (ipa_host, ipa_service etc.) fail with some unspecified crypto library error on rhel 9.  On the other hand, modules from ansible-freeipa (ipahost, ipaservice etc).  do in fact work correctly.

It makes sense to switch now to using ansible-freeipa.  It may even make sense switching in earlier branches (train, 16.x) to solve BZs for support for multiple ipa servers (ie. replicas)


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. TLS-E deployment with FIPS enabled.
2.
3.

Actual results:
deployment fails.

Expected results:


Additional info:
Comment 12 errata-xmlrpc 2022-09-21 12:22:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543