Description of problem: When a system is running in FIPS mode, attempting to start volume will cause glusterd to crash and coredump. This is the backtrace that was obtained when I tried this on FIPS enabled rhel-6.5 machine. (gdb) bt #0 0x00007f8741f2a925 in raise () from /lib64/libc.so.6 #1 0x00007f8741f2c105 in abort () from /lib64/libc.so.6 #2 0x00007f87422f3ebf in OpenSSLDie () from /usr/lib64/libcrypto.so.10 #3 0x00007f87422fa619 in MD5_Init () from /usr/lib64/libcrypto.so.10 #4 0x00007f87422fa9ea in MD5 () from /usr/lib64/libcrypto.so.10 #5 0x00007f874391c91c in md5_wrapper (data=<value optimized out>, len=<value optimized out>, md5=0x23057d0 "") at common-utils.c:68 #6 0x00007f873e8beb72 in glusterd_set_socket_filepath (sock_filepath=0x2306860 "/var/lib/glusterd/vols/test/run/10.70.42.171-export-test", sockpath=0x230c9d0 "", len=4096) at glusterd-utils.c:1222 #7 0x00007f873e8bedf8 in glusterd_set_brick_socket_filepath (volinfo=0xfffffffffdcf87a1, brickinfo=0x7f8728003400, sockpath=0x230c9d0 "", len=4096) at glusterd-utils.c:1251 #8 0x00007f873e8c54a9 in glusterd_volume_start_glusterfs (volinfo=0x7f8728000f70, brickinfo=0x7f870000c000, wait=_gf_true) at glusterd-utils.c:1417 #9 0x00007f873e8c6f29 in glusterd_brick_start (volinfo=0x7f8728000f70, brickinfo=0x7f8728003400, wait=_gf_true) at glusterd-utils.c:4698 #10 0x00007f873e901a8d in glusterd_op_start_volume (dict=<value optimized out>, op_errstr=<value optimized out>) at glusterd-volume-ops.c:1746 #11 0x00007f873e8b071b in glusterd_op_commit_perform (op=GD_OP_START_VOLUME, dict=0x7f8740b3025c, op_errstr=0x2311868, rsp_dict=0x7f8740b3048c) at glusterd-op-sm.c:4170 #12 0x00007f873e90d93e in gd_commit_op_phase (peers=0x210e6e0, op=GD_OP_START_VOLUME, op_ctx=0x7f8740b301d0, req_dict=0x7f8740b3025c, op_errstr=0x2311868, npeers=0) at glusterd-syncop.c:980 #13 0x00007f873e90f632 in gd_sync_task_begin (op_ctx=0x7f8740b301d0, req=0x2101c6c) at glusterd-syncop.c:1260 #14 0x00007f873e90f76b in glusterd_op_begin_synctask (req=0x2101c6c, op=<value optimized out>, dict=0x7f8740b301d0) at glusterd-syncop.c:1294 #15 0x00007f873e902cc6 in __glusterd_handle_cli_start_volume (req=0x2101c6c) at glusterd-volume-ops.c:255 #16 0x00007f873e896f7f in glusterd_big_locked_handler (req=0x2101c6c, actor_fn=0x7f873e902b10 <__glusterd_handle_cli_start_volume>) at glusterd-handler.c:77 #17 0x00007f874393d8e2 in synctask_wrap (old_task=<value optimized out>) at syncop.c:293 #18 0x00007f8741f3bbf0 in ?? () from /lib64/libc.so.6 #19 0x0000000000000000 in ?? () Version-Release number of selected component (if applicable): glusterfs-v3.5.0 How reproducible: Always. Steps to Reproduce: 1. Start up the system in FIPS mode 2. Create and try to start a volume. Actual results: Glusterd crashes with the above backtrace. Expected results: Glusterd shouldn't be crashing. Additional info: This is happening because glusterd is using MD5 to calculate a hash when building brick socket file path. MD5 is not a FIPS compliant hash algorithm, and openssl will die when an attempt to use MD5 is made in FIPS mode. This was originally observed and reported on the gluster-users mailing list. The mail thread can be viewed at http://supercolony.gluster.org/pipermail/gluster-users/2014-April/040060.html.
That code should have been removed by: commit 5aca4cf569f19d235662c4fbaa04df21e5fd46c2 Author: Kotresh HR <khiremat> Date: Tue Dec 19 00:05:05 2017 -0500 fips: Replace md5sum usage to enable fips support md5sum is not fips compliant. Using xxhash64 instead of md5sum for socket file generation in glusterd and changelog to enable fips support. NOTE: md5sum is 128 bit hash. xxhash used is 64 bit. Updates: #230 Change-Id: I1bf2ea05905b9151cd29fa951f903685ab0dc84c Signed-off-by: Kotresh HR <khiremat> Is it still an issue?
I believe Glusterd no-longer crashes with FIPS mode turned on, however, there are a couple of bugs with the implementation we're working through to solve. I am going to close this bug in the belief that all is well now. This was tracked as a Github issue and the patches are all in this issue: https://github.com/gluster/glusterfs/issues/230