Bug 1374916 - Ceph installation fails if RHEL is configured in FIPS mode
Summary: Ceph installation fails if RHEL is configured in FIPS mode
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: Calamari
Version: 1.3.2
Hardware: Unspecified
OS: Linux
unspecified
high
Target Milestone: rc
: 3.1
Assignee: Boris Ranto
QA Contact: ceph-qe-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-10 11:04 UTC by Terry Bowling
Modified: 2020-10-22 14:35 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-02 19:04:21 UTC
Target Upstream Version:

Attachments (Terms of Use)
error logs of installation (72 bytes, text/plain)
2016-09-10 11:04 UTC, Terry Bowling 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Terry Bowling 2016-09-10 11:04:18 UTC 
Created attachment 1199757 [details]
error logs of installation

Description of problem:

Error when installing Ceph 1.3 [ERROR] (OperationalError) FATAL: password authentication failed for user "calamari"

Version-Release number of selected component (if applicable):


How reproducible:

Clean install of RHEL 7.2 with FIPS mode enabled.


Steps to Reproduce:
1.  Enable FIPS
https://access.redhat.com/solutions/137833

2.  Install instructions from here: https://access.redhat.com/documentation/en/red-hat-ceph-storage/1.3/single/installation-guide-for-rhel-x86-64/. Here is the error message we are getting:


Actual results:

# sudo calamari-ctl initialize
[INFO] Loading configuration..
[INFO] Starting/enabling salt...
[INFO] Starting/enabling postgres...
[ERROR] (OperationalError) FATAL:  password authentication failed for user "calamari"
 None None
[ERROR] We are sorry, an unexpected error occurred.  Debugging information has
been written to a file at '/tmp/2016-08-30_1620.txt', please include this when seeking technical
support.

/tmp/2016-08-30_1620.txt is attached.


Expected results:
Install to complete succesfully.

Additional info:
Comment 4 Christina Meno 2016-09-20 19:38:44 UTC 
The attached logs suggest that the problem is related to https://access.redhat.com/articles/2548661

the problem is happening some time after 
https://github.com/ceph/calamari/blob/1.3/cthulhu/cthulhu/calamari_ctl.py#L219
Comment 7 Christina Meno 2017-04-04 17:45:37 UTC 
Boris,

Would you please see what we can do about this issue?
Comment 8 Boris Ranto 2017-04-05 11:02:00 UTC 
I have retested with the latest calamari (2.2) and it worked fine for me.

There might be several things that come to mind that could fix this:

- we switched a cipher and so we are no longer seeing this issue
- one of the underlying libraries got fixed (switched its defaults) and so we are no longer seeing this issue

We can nominate this as a Test Only bz for 2.3.


btw: I have had much more problems with ceph itself in FIPS mode -- ceph cli did not work because fips prevented it from reading the client config file, osd did not get up & in, ...
Comment 11 Boris Ranto 2017-08-02 19:04:21 UTC 
We don't ship calamari in 3.x. Also, this was already fixed in 2.x and was supposed to be a test only bugzilla -> closing.
Note You need to log in before you can comment on or make changes to this bug.