Bug 1444449 (oVirt_Engine_FIPS_Support)
| Summary: | [RFE] Need FIPS support for Ovirt-Engine | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Virgiantara Armanda Sintalana <vasintalana> | ||||
| Component: | General | Assignee: | Yuval Turgeman <yturgema> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Petr Kubica <pkubica> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 4.1.1.8 | CC: | bbenson, bugs, didi, mavital, pelauter, tjelinek | ||||
| Target Milestone: | ovirt-4.3.2 | Keywords: | FutureFeature | ||||
| Target Release: | --- | Flags: | pm-rhel:
ovirt-4.3+
ylavi: planning_ack+ pm-rhel: devel_ack+ lleistne: testing_ack+ |
||||
| Hardware: | x86_64 | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ovirt-engine-4.3.2.1 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-04-16 13:56:26 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1613219, 1660378 | ||||||
| Bug Blocks: | 1466047 | ||||||
| Attachments: |
|
||||||
Why is this high severity? (In reply to Yaniv Dary from comment #1) > Why is this high severity? I think the description is clear: Execution of setup failed when fips mode is on. This is a duplicate of bug 1466047. Keeping open for now, as current is on oVirt and 1466047 is on RHV. comment from onsite RH employee: The customer POC still is experiencing problems related to this and is very interested in a fix. I have good familiarity with FIPS from my most recent site as well. If you need any more information or need testing done onsite let me know. Thanks! re-targeting to 4.3.1 since this BZ has not been proposed as blocker for 4.3.0. If you think this bug should block 4.3.0 please re-target and set blocker flag. Moving to 4.3.2 not being identified as blocker for 4.3.1. Verified. version: 4.3.3.2-0.1.el7 Engine and hosts were sucessfully installed on fips=1 enabled system. Did sanity check on this environment. for deploying hosted-engine, there is a new option with default option set to no: Do you want to apply a default OpenSCAP security profile (Yes, No) [No] which also enable FIPS on appliance For hardening and ensuring security, please see bug 1392051 which covers also FIPS This bugzilla is included in oVirt 4.3.2 release, published on March 19th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.2 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |
Created attachment 1273301 [details] ovirt-engine-setup log Description of problem: Execution of setup failed when fips mode is on. How reproducible: Steps to Reproduce: 1. Use engine-setup Actual results: [ INFO ] Stage: Clean up Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20170421130530-ykgtmg.log [ ERROR ] Failed to execute stage 'Clean up': error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips [ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20170421133051-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ ERROR ] Execution of setup failed Expected results: [ INFO ] Execution of setup completed successfully