Bug 1552142 - Installation on FIPS enabled rhel7 fails with '/usr/bin/pulp-gen-ca-certificate' returned 1 instead of one of [0]
Summary: Installation on FIPS enabled rhel7 fails with '/usr/bin/pulp-gen-ca-certifica...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Pulp
Version: Nightly
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: Released
Assignee: satellite6-bugs
QA Contact: Peter Ondrejka
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-06 15:14 UTC by Peter Ondrejka
Modified: 2019-10-07 17:18 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-14 12:37:00 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1222 None None None 2019-05-14 12:37:15 UTC
Pulp Redmine 3646 Normal CLOSED - CURRENTRELEASE Get scripts (e.g. pulp-gen-ca-certificate) working on FIPS enabled environment 2018-07-09 15:06:30 UTC

Description Peter Ondrejka 2018-03-06 15:14:04 UTC
Description of problem:

Installation of katello from upstream repos on rhel7 in FIPS mode, foreman-installer --scenario katello fails on executing 

'/usr/bin/pulp-gen-ca-certificate' returned 1 instead of one of [0]

When running the command directly on the machine, it executes without providing any output with exitcode 1.

This problem does not occur when installing nightly on non-FIPS rhel

Version-Release number of selected component (if applicable):

foreman-1.18.0-0.develop.201802231059git8bd79a1.el7.noarch
katello-3.7.0-1.nightly.el7.noarch

How reproducible:
always

Comment 5 pulp-infra@redhat.com 2018-05-01 16:32:10 UTC
The Pulp upstream bug status is at NEW. Updating the external tracker on this bug.

Comment 6 pulp-infra@redhat.com 2018-05-01 16:32:14 UTC
The Pulp upstream bug priority is at Normal. Updating the external tracker on this bug.

Comment 7 pulp-infra@redhat.com 2018-05-23 15:32:46 UTC
The Pulp upstream bug status is at ASSIGNED. Updating the external tracker on this bug.

Comment 9 Daniel Alley 2018-06-06 14:55:37 UTC
I haven't been able to reproduce this locally thus far on FIPS-enabled CentOS 7, using the "centos7-fips-katello-nightly" box provided by Forklift.

Likewise, during the normal installation of Pulp on our own development infrastructure for FIPS, `pulp-gen-ca-certificate` returns 0.

If we could run this job again, I suspect it would pass, but I'd like to be sure before I mark the issue closed. It's possible there is something different about the Jenkins environment that causes it to fail.

Comment 11 pulp-infra@redhat.com 2018-06-11 17:32:47 UTC
The Pulp upstream bug status is at POST. Updating the external tracker on this bug.

Comment 12 pulp-infra@redhat.com 2018-06-11 21:52:23 UTC
The Pulp upstream bug status is at MODIFIED. Updating the external tracker on this bug.

Comment 13 pulp-infra@redhat.com 2018-06-11 23:07:55 UTC
All upstream Pulp bugs are at MODIFIED+. Moving this bug to POST.

Comment 14 pulp-infra@redhat.com 2018-07-09 15:06:31 UTC
The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug.

Comment 16 Peter Ondrejka 2018-10-30 13:08:28 UTC
Verified on Satellite 6.5 snap 1 on fips-enabled rhel 7.5, installation proceeds as expected:

/Stage[main]/Pulp::Config/Exec[run pulp-gen-ca]/returns: executed successfully

Comment 20 errata-xmlrpc 2019-05-14 12:37:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222


Note You need to log in before you can comment on or make changes to this bug.