Bug 2105941
| Summary: | After 6.10 to 6.11 upgrade on FIPS setup, repository sync operations fail with an error "[digital envelope routines: EVP_DigestInit_ex] disabled for fips" | |||
|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Ashish Humbe <ahumbe> | |
| Component: | Pulp | Assignee: | satellite6-bugs <satellite6-bugs> | |
| Status: | CLOSED ERRATA | QA Contact: | Cole Higgins <chiggins> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.11.0 | CC: | benjamin.watts.ctr, chiggins, george, glangdin, osousa, risantam, ryan.kimbrell, sajha, saydas, sean.halpin, thomas.brown, wclark, zhunting | |
| Target Milestone: | 6.12.0 | Keywords: | Regression, Triaged | |
| Target Release: | Unused | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2110770 (view as bug list) | Environment: | ||
| Last Closed: | 2022-11-16 13:34:16 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
I have also experienced this bug when the server is running RHEL8 with FIPS enabled. My submitted Bug (ID 2110578) was closed as a duplicate of this, but just wanted to add to this one that it's not only related to upgrade installations from Red Hat Satellite 6.10.z to Red Hat Satellite 6.11.0.. Clean installs experience this issue as well. Also applies to RHEL 8 hosts (this ticket explicitly mentions RHEL 7.9). Likely same fix as Bug ID 2012826. (In reply to Sean Halpin from comment #11) > My submitted Bug (ID 2110578) was closed as a duplicate of this, but just > wanted to add to this one that it's not only related to upgrade > installations from Red Hat Satellite 6.10.z to Red Hat Satellite 6.11.0.. > Clean installs experience this issue as well. Also applies to RHEL 8 hosts > (this ticket explicitly mentions RHEL 7.9). Likely same fix as Bug ID > 2012826. Hi Sean, this was BZ https://bugzilla.redhat.com/show_bug.cgi?id=2110770 that tracked the same subject for 6.11, it was closed yesterday after https://access.redhat.com/errata/RHBA-2022:5868 release. This Errata provides the fix for both RHEL7 and RHEL8 installations, and also for clean installs. Regards, Odilon Sousa Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.12 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8506 |
Description of problem: After the satellite 6.10 to 6.11 upgrade on FIPS enabled system, the customer is not able to sync repositories. Repo Sync task fails with error: error: traceback: !ruby/string:Sequel::SQL::Blob |2 File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/tasking/pulpcore_worker.py", line 380, in _perform_task result = func(*args, **kwargs) File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 464, in synchronize remote_url = fetch_remote_url(remote, url) File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 285, in fetch_remote_url get_repomd_file(remote, normalized_remote_url) File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 241, in get_repomd_file return downloader.fetch() File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/base.py", line 180, in fetch return done.pop().result() File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/http.py", line 271, in run return await download_wrapper() File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/backoff/_async.py", line 133, in retry ret = await target(*args, **kwargs) File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/http.py", line 256, in download_wrapper return await self._run(extra_data=extra_data) File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/downloaders.py", line 118, in _run to_return = await self._handle_response(response) File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/http.py", line 209, in _handle_response await self.handle_data(chunk) File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/base.py", line 142, in handle_data self._ensure_writer_has_open_file() File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/base.py", line 127, in _ensure_writer_has_open_file self._digests = {n: pulp_hashlib.new(n) for n in Artifact.DIGEST_FIELDS} File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/base.py", line 127, in self._digests = {n: pulp_hashlib.new(n) for n in Artifact.DIGEST_FIELDS} File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/app/pulp_hashlib.py", line 36, in new return the_real_hashlib.new(name, *args, **kwargs) File "/opt/rh/rh-python38/root/usr/lib64/python3.8/hashlib.py", line 169, in __hash_new return _hashlib.new(name, data, **kwargs) description: "[digital envelope routines: EVP_DigestInit_ex] disabled for fips" Version-Release number of selected component (if applicable): Satellite 6.11 + FIPS On RHEL 7.9 Steps to Reproduce: 1. Upgrade FIPS enabled Satelltie 6.10 to 6.11 2. Try to sync repositories 3. Additional info: Issue was fixed in Sat6.10 + FIPS as per the bz : https://bugzilla.redhat.com/show_bug.cgi?id=2012826