Bug 2274453

Summary: With FIPS enabled on RHEL9, satellite-installer failed on starting Foreman Proxy
Product: Red Hat Satellite Reporter: matt jia <mjia>
Component: InstallationAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.16.0CC: rlavi
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-04-11 09:09:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description matt jia 2024-04-11 06:58:21 UTC 
Description of problem:

A fresh Satellite 6.16 installation on RHEL9 with FIPS enabled failed with:

~~~
2024-04-11 02:17:42 [ERROR ] [configure] Apr 11 02:17:41 sat616-rhel9.xxx.xxx.xx.xx.com systemd[1]: Starting Foreman Proxy...
2024-04-11 02:17:42 [ERROR ] [configure] Apr 11 02:17:42 sat616-rhel9.xxx.xx.xx.xx.xx smart-proxy[27075]: Errors detected on startup, see log for details. Exiting: Could not parse PKey
2024-04-11 02:17:42 [ERROR ] [configure] Apr 11 02:17:42 sat616-rhel9.x.x.x.x.x systemd[1]: foreman-proxy.service: Main process exited, code=exited, status=1/FAILURE
2024-04-11 02:17:42 [ERROR ] [configure] Apr 11 02:17:42 sat616-rhel9.x.x.x.x.x systemd[1]: foreman-proxy.service: Failed with result 'exit-code'.
2024-04-11 02:17:42 [ERROR ] [configure] Apr 11 02:17:42 sat616-rhel9.x.x.x.x.com systemd[1]: Failed to start Foreman Proxy.
~~~

Checking the foreman-proxy log, it has:

~~~
2024-04-11T02:17:42  [E] Unable to load private SSL key. Are the values correct in settings.yml and do permissions allow reading?
2024-04-11T02:17:42  [W] Error details for Unable to load private SSL key. Are the values correct in settings.yml and do permissions allow reading?: <OpenSSL::PKey::PKeyError>: Could not parse PKey
/usr/share/foreman-proxy/lib/launcher.rb:106:in `read'
/usr/share/foreman-proxy/lib/launcher.rb:106:in `load_ssl_private_key'
/usr/share/foreman-proxy/lib/launcher.rb:96:in `https_app'
/usr/share/foreman-proxy/lib/launcher.rb:132:in `launch'
/usr/share/foreman-proxy/bin/smart-proxy:6:in `<main>'
2024-04-11T02:17:42  [E] Error during startup, terminating
2024-04-11T02:17:42  [W] Error details for Error during startup, terminating: <OpenSSL::PKey::PKeyError>: Could not parse PKey
~~~

The private key seems alright:

~~~
ls -lrt /etc/foreman-proxy
total 52
-rw-r--r--. 1 root root             0 Apr  3 12:57 migration_state
-r--r-----. 1 root foreman-proxy 2529 Apr 11 02:08 ssl_ca.pem
-r--r-----. 1 root foreman-proxy 2529 Apr 11 02:08 foreman_ssl_ca.pem
-rw-r-----. 1 root foreman-proxy  771 Apr 11 02:08 ansible.env
-rw-r-----. 1 root foreman-proxy 3438 Apr 11 02:08 settings.yml
-r--r-----. 1 root foreman-proxy 3272 Apr 11 02:08 ssl_key.pem
-r--r--r--. 1 root foreman-proxy 8477 Apr 11 02:08 ssl_cert.pem
-r--r-----. 1 root foreman-proxy 3272 Apr 11 02:08 foreman_ssl_key.pem
-r--r--r--. 1 root foreman-proxy 8483 Apr 11 02:08 foreman_ssl_cert.pem
drwxr-xr-x. 2 root root          4096 Apr 11 02:17 settings.d
~~~

Version-Release number of selected component (if applicable):

6.16

How reproducible:

Easy

Steps to Reproduce:

Install Satellite 6.16 on RHEL9 with FIPS enabled

Actual results:

The installer failed


Expected results:

the installer should complete successfully.



Additional info:
Comment 3 Ron Lavi 2024-04-11 09:09:09 UTC 

*** This bug has been marked as a duplicate of bug 2274258 ***