Bug 920524

Summary: Failed to register a system which in the FIPS mode.
Product: Red Hat Enterprise Linux 6 Reporter: xingge <gxing>
Component: subscription-managerAssignee: Bryan Kearney <bkearney>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.4CC: bkearney, jesusr, jgalipea, ldai, liliu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
No description necessary
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-21 21:25:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 862910, 960054    
Attachments:
Description Flags
error log in the CLI
none
log in /var/log/rhsm/rhsm.log none

Description xingge 2013-03-12 10:16:00 UTC 
Created attachment 708888 [details]
error log in the CLI

Description of problem:
Failed to register a system which in the FIPS mode

Version-Release number of selected component (if applicable):
dracut-fips-004-303.el6.noarch
fipscheck-lib-1.2.0-7.el6.x86_64
subscription-manager-1.1.23-1.el6.x86_64
subscription-manager-gui-1.1.23-1.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.Install dracut-fips
    yum install dracut-fips

2.Enable FIPS
[root@dhcp-66-78-39 ~]# dracut -f -v

3.Modify the kernel command line of the current kernel in the 
#cat /etc/grub/grub.conf
title Red Hat Enterprise Linux (2.6.32-358.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-358.el6.x86_64 ro root=/dev/mapper/vg_rhel64-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_rhel64/lv_swap rd_NO_MD rd_LVM_LV=vg_rhel64/lv_root SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM fips=1 boot=/dev/vda1 console=ttyS0
        initrd /initramfs-2.6.32-358.el6.x86_64.img

4.Run subscription-manager to register
[root@dhcp-66-78-39 ~]#subscription-manager register

Actual results:
Get a traceback like the attachment "error.log"

Expected results:
No traceback would show,and the register should succeed.

Additional info:
subscription-manager-gui command will fail too and get traceback.
Comment 1 xingge 2013-03-12 10:16:38 UTC 
Created attachment 708889 [details]
log in /var/log/rhsm/rhsm.log
Comment 3 RHEL Program Management 2013-03-16 05:47:11 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 Bryan Kearney 2013-04-12 13:29:04 UTC 
I do not know FIPS, that well. I followed your instructions but I updatedthre machine to he latest of all the packages. So, I did the following:

1) set up a minimal rhel 6.4 machine
2) yum update
3) install dracut-fips.

At this point I have:

fipscheck-lib-1.2.0-7.el6.x86_64
fipscheck-1.2.0-7.el6.x86_64
dracut-fips-004-303.el6.noarch
kernel-2.6.32-358.el6.x86_64
kernel-firmware-2.6.32-358.2.1.el6.noarch
kernel-2.6.32-358.2.1.el6.x86_64 

I am using the 2.1 kernel

4) dracut -f -v
5) Set the following as my grub line in /etc/grub.conf

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/mapper/vg_rhel64base-lv_root
#          initrd /initrd-[generic-]version.img
#boot=/dev/vda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.32-358.2.1.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=/dev/mapper/vg_rhel64base-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=vg_rhel64base/lv_root SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=vg_rhel64base/lv_swap  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb  fips=1 quiet
        initrd /initramfs-2.6.32-358.2.1.el6.x86_64.img
title Red Hat Enterprise Linux (2.6.32-358.el6.x86_64)
        root (hd0,0)


6) rebooted
7) subscription manager runs fine


Have I done any step incorrectly?
Comment 6 xingge 2013-04-17 01:17:09 UTC 
Hi Bryan,

I'v done the same steps as you did, and the subscription-manager works fine at the FIPS mode. This bug fixed I think.
Comment 7 Bryan Kearney 2013-05-01 18:16:39 UTC 
Per comment 6, I am moving this to ON_QA.
Comment 8 xingge 2013-05-02 07:10:51 UTC 
In the kernel 2.6.32-358.el6.x86_64 the FIPS mode will cause a kernel panic, but this bug is fixed on kernel 2.6.32-358.2.1.el6.x86_64. so close it as VERIFIED.
Comment 10 errata-xmlrpc 2013-11-21 21:25:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1659.html