Bug 2126483

Summary: Setup on a separate machine fails in FIPS mode
Product: [oVirt] ovirt-engine Reporter: Yedidyah Bar David <didi>
Component: Setup.EngineCommonAssignee: Yedidyah Bar David <didi>
Status: CLOSED NEXTRELEASE QA Contact: Qin Yuan <qiyuan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.5.0.6CC: bugs, dfodor, mperina
Target Milestone: ovirt-4.5.3Flags: mperina: ovirt-4.5+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-10-03 19:00:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yedidyah Bar David 2022-09-13 14:27:58 UTC 
Description of problem:

Setup on a separate machine fails in FIPS mode, with:

  File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine-dwh/core/remote_engine.py", line 83, in _remote_engine_customization
    oenginecons.ConfigEnv.ENGINE_FQDN
  File "/usr/share/ovirt-engine/setup/ovirt_engine_setup/remote_engine.py", line 146, in configure
    self._style.configure(fqdn=fqdn)
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-common/base/remote_engine/remote_engine_root_ssh.py", line 177, in configure
    self._ssh_connect()
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-common/base/remote_engine/remote_engine_root_ssh.py", line 153, in _ssh_connect
    osetupcons.ConfigEnv.REMOTE_ENGINE_HOST_CLIENT_KEY
  File "/usr/lib/python3.6/site-packages/paramiko/client.py", line 416, in connect
    self, server_hostkey_name, server_key
  File "/usr/lib/python3.6/site-packages/paramiko/client.py", line 837, in missing_host_key
    key.get_name(), hostname, hexlify(key.get_fingerprint())
  File "/usr/lib/python3.6/site-packages/paramiko/pkey.py", line 180, in get_fingerprint
    return md5(self.asbytes()).digest()

Version-Release number of selected component (if applicable):
current master, probably for a long time

How reproducible:
Always, I think

Steps to Reproduce:
1. Setup an engine on machine A
2. Install machine B in fips mode (or convert it to that)
3. Install e.g. dwh
4. Run engine-setup choosing to configure stuff with the engine on machine A

Actual results:
Fails as above

Expected results:
Succeeds

Additional info:
This is due to a bug in paramiko [1]. Fixing it in engine-setup code without fixing [1] might not be possible or easy in all cases.

[1] https://github.com/paramiko/paramiko/issues/396
Comment 1 Casper (RHV QE bot) 2022-09-13 14:30:59 UTC 
This bug has low overall severity and is not going to be further verified by QE. If you believe special care is required, feel free to properly align relevant severity, flags and keywords to raise PM_Score or use one of the Bumps ('PrioBumpField', 'PrioBumpGSS', 'PrioBumpPM', 'PrioBumpQA') in Keywords to raise it's PM_Score above verification threashold (1000).
Comment 2 Yedidyah Bar David 2022-09-20 08:13:05 UTC 
Moving to MODIFIED, despite not covering all possible cases. A complete fix is to fix paramiko, see comment 0.
Comment 3 Casper (RHV QE bot) 2022-10-03 19:00:49 UTC 
This bug has low overall severity and passed an automated regression suite, and is not going to be further verified by QE. If you believe special care is required, feel free to re-open to ON_QA status.