1839200 – [ansible-freeipa] Vault password salt can change without password in vault module.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1839200 - [ansible-freeipa] Vault password salt can change without password in vault module.

Summary: [ansible-freeipa] Vault password salt can change without password in vault mo...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	ansible-freeipa
Sub Component:
Version:	8.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Rafael Jeffman
QA Contact:	ipa-qe
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-05-22 17:52 UTC by Varun Mylaraiah
Modified:	2020-11-04 02:47 UTC (History)
CC List:	2 users (show)
Fixed In Version:	ansible-freeipa-0.1.11-1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-11-04 02:46:35 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	pm-rhel: mirror+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2020:4663	0	None	None	None	2020-11-04 02:46:46 UTC

Description Varun Mylaraiah 2020-05-22 17:52:38 UTC

Description of problem:
Vault password salt can change without password in ansible-freeipa vault module


Version-Release number of selected component (if applicable):
ansible-freeipa-0.1.9-1

Steps to Reproduce:
[root@master ~]# ipa vault-show test_salt
  Vault name: test_salt
  Description: Testing vault password salt
  Type: symmetric
  Salt: JONdUPQI2V9WqBYDI5v9gB+/6G7nSdymAuTBGoVIr1M=
  Owner users: admin
  Vault user: admin

[root@ansible ~]# cat g_01.yaml
---
- name: Test vault
  hosts: ipaserver

  tasks:
  - name: vault module testing
    ipavault:
      ipaadmin_password: <xxxxxxx>
      name: test_salt
      salt: dGVzdGluZ192YXVsdF9zYWx0Cg==

[root@ansible ~]# ansible-playbook -vv -i inventory/server.hosts g_01.yaml 
ansible-playbook 2.9.7
  config file = /root/ansible.cfg
  configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 3.6.8 (default, Apr  3 2020, 16:09:51) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /root/ansible.cfg as config file

PLAYBOOK: g_01.yaml ************************************************************************************************************
1 plays in g_01.yaml

PLAY [Test vault] **************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************
task path: /root/g_01.yaml:2
ok: [master.ipadomain.test]
META: ran handlers

TASK [vault module testing] ****************************************************************************************************
task path: /root/g_01.yaml:6
changed: [master.ipadomain.test] => {"changed": true}
META: ran handlers
META: ran handlers

PLAY RECAP *********************************************************************************************************************
master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  


Actual results:
[root@master ~]# ipa vault-show test_salt
  Vault name: test_salt
  Description: Testing vault password salt
  Type: symmetric
  Salt: dGVzdGluZ192YXVsdF9zYWx0Cg==
  Owner users: admin
  Vault user: admin


Expected results:
Should ask for a password.

Additional Info:
CLI-Console-output
===================
[root@master ~]# ipa vault-mod sy_vault_test_salt --salt=dGVzdGluZ192YXVsdF9zYWx0Cg==
Password: 
New password: 
Enter New password again to verify: 
-----------------------------------
Modified vault "sy_vault_test_salt"
-----------------------------------
  Vault name: sy_vault_test_salt
  Description: Salt test
  Type: symmetric
  Salt: dGVzdGluZ192YXVsdF9zYWx0Cg==
  Owner users: admin
  Vault user: admin

Comment 1 Rafael Jeffman 2020-05-29 14:28:20 UTC

There is an upstream PR with a fix: https://github.com/freeipa/ansible-freeipa/pull/263

Comment 3 Rafael Jeffman 2020-06-05 19:27:32 UTC

Upstream PR was merged.

Comment 6 Varun Mylaraiah 2020-08-03 14:53:47 UTC

Verification failed

ansible-freeipa-0.1.12-5.el8.noarch

Automation test result:

ansible-freeipa-tests/ansible_freeipa_tests/vault_module.py::TestSymmetricVault::()::test_symmetric_vault_update_salt_without_password
-------------------------------------------------------------------------------
self = <ansible_freeipa_tests.vault_module.TestSymmetricVault object at 0x7f344d199e50>
multihost = <pytest_multihost.plugin.MultihostFixture object at 0x7f344fec2d30>

    def test_symmetric_vault_update_salt_without_password(self, multihost):  # noqa: F811
        '''TC-30: Update vault password salt without providing password. Bug#1839200'''
        check_details(multihost, ["Salt: "], 'vault-show', [vault29])
        local_vault_inv = 'inventories/master.hosts.j2'
        local_vault_playbook = 'playbooks/vault_symmetric_vault_update_salt_without_password.yaml'
        # upload inventory and playbook to the runner
        upload_inv_playbook(multihost, local_vault_inv,
                            local_vault_playbook)
        # update vault
        exp_error = "Symmetric vault requires password or password_file to store data or change `salt`."
>       run_playbook_with_exp_msg(
            multihost, runner_vault_inv, runner_vault_playbook, exp_error)

exp_error  = 'Symmetric vault requires password or password_file to store data or change `salt`.'
local_vault_inv = 'inventories/master.hosts.j2'
local_vault_playbook = 'playbooks/vault_symmetric_vault_update_salt_without_password.yaml'
multihost  = <pytest_multihost.plugin.MultihostFixture object at 0x7f344fec2d30>
self       = <ansible_freeipa_tests.vault_module.TestSymmetricVault object at 0x7f344d199e50>

ansible_freeipa_tests/vault_module.py:252: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

multihost = <pytest_multihost.plugin.MultihostFixture object at 0x7f344fec2d30>
inventory_path = 'inventory/vault.hosts', playbook_path = 'vault_module.yml'
expected_msg = 'Symmetric vault requires password or password_file to store data or change `salt`.'

    def run_playbook_with_exp_msg(multihost, inventory_path, playbook_path, expected_msg=None):
        args = [
            ANS_PLAYBOOK,
            '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv',
            '-i', inventory_path, playbook_path]
    
        result = multihost.runner.run_command(args, raiseonerr=False)
>       assert expected_msg in result.stdout_text
E       AssertionError

args       = ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
expected_msg = 'Symmetric vault requires password or password_file to store data or change `salt`.'
inventory_path = 'inventory/vault.hosts'
multihost  = <pytest_multihost.plugin.MultihostFixture object at 0x7f344fec2d30>
playbook_path = 'vault_module.yml'
result     = <pytest_multihost.transport.SSHCommand object at 0x7f344d199c10>

ansible_freeipa_tests/util.py:127: AssertionError
------------------------------ Captured log call -------------------------------
channel.py                1212 DEBUG    [chan 69] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 69] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 69 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 69] Sesch channel 69 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin: 
channel.py                1212 DEBUG    [chan 69] EOF received (69)
channel.py                1212 DEBUG    [chan 69] EOF sent (69)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 70] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 70] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 70 opened.
transport.py               318 INFO     RUN ['ipa', 'vault-show', '29syvault']
transport.py               519 DEBUG    RUN ['ipa', 'vault-show', '29syvault']
channel.py                1212 DEBUG    [chan 70] Sesch channel 70 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Vault name: 29syvault
transport.py               563 DEBUG      Type: symmetric
transport.py               563 DEBUG      Salt: dYUXCs6PZGzMswnCbKtz1Did2uiS/lzReIG9TTau8Mg=
transport.py               563 DEBUG      Owner users: admin
transport.py               563 DEBUG      Vault user: admin
channel.py                1212 DEBUG    [chan 70] EOF received (70)
channel.py                1212 DEBUG    [chan 70] EOF sent (70)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 71] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 71] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 71 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 71] Sesch channel 71 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 71] EOF received (71)
channel.py                1212 DEBUG    [chan 71] EOF sent (71)
transport.py               217 DEBUG    Exit code: 0
transport.py               293 INFO     WRITE inventory/vault.hosts
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/vault.hosts', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/vault.hosts', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
transport.py               329 INFO     PUT vault_module.yml
sftp.py                    158 DEBUG    [chan 0] open(b'vault_module.yml', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'vault_module.yml', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
sftp.py                    158 DEBUG    [chan 0] stat(b'vault_module.yml')
channel.py                1212 DEBUG    [chan 17] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 17] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 17 opened.
transport.py               318 INFO     RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
transport.py               519 DEBUG    RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
channel.py                1212 DEBUG    [chan 17] Sesch channel 17 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    ansible-playbook 2.9.11
transport.py               563 DEBUG      config file = /root/ansible.cfg
transport.py               563 DEBUG      configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
transport.py               563 DEBUG      ansible python module location = /usr/lib/python3.6/site-packages/ansible
transport.py               563 DEBUG      executable location = /usr/bin/ansible-playbook
transport.py               563 DEBUG      python version = 3.6.8 (default, Jun 26 2020, 12:10:09) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
transport.py               563 DEBUG    Using /root/ansible.cfg as config file
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAYBOOK: vault_module.yml *****************************************************
transport.py               563 DEBUG    1 plays in vault_module.yml
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY [Playbook to ensure, not able to change password salt without password] ***
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [Gathering Facts] *********************************************************
transport.py               563 DEBUG    task path: /root/vault_module.yml:2
transport.py               563 DEBUG    ok: [master.ipadomain.test]
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [vault module testing] ****************************************************
transport.py               563 DEBUG    task path: /root/vault_module.yml:6
transport.py               563 DEBUG    changed: [master.ipadomain.test] => {"changed": true}
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY RECAP *********************************************************************
transport.py               563 DEBUG    master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
transport.py               563 DEBUG    
channel.py                1212 DEBUG    [chan 17] EOF received (17)
channel.py                1212 DEBUG    [chan 17] EOF sent (17)
transport.py               217 DEBUG    Exit code: 0

Comment 7 Rafael Jeffman 2020-08-06 19:14:30 UTC

The correct upstream PR is https://github.com/freeipa/ansible-freeipa/pull/334

Comment 8 Thomas Woerner 2020-08-18 07:11:56 UTC

The upstream PR has been merged.

Comment 9 Varun Mylaraiah 2020-08-19 07:15:56 UTC

Verified

ansible-freeipa-0.1.12-6.el8.noarch

Passed	ansible_freeipa_tests/vault_module.py::TestSymmetricVault::()::test_symmetric_vault_update_salt_without_password
------------------------------ Captured log call -------------------------------
channel.py                1212 DEBUG    [chan 18] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 18] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 18 opened.
transport.py               318 INFO     RUN ['/usr/bin/rpm', '-q', 'ansible-freeipa']
transport.py               519 DEBUG    RUN ['/usr/bin/rpm', '-q', 'ansible-freeipa']
channel.py                1212 DEBUG    [chan 18] Sesch channel 18 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    ansible-freeipa-0.1.12-6.el8.noarch
channel.py                1212 DEBUG    [chan 18] EOF received (18)
channel.py                1212 DEBUG    [chan 18] EOF sent (18)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 75] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 75] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 75 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 75] Sesch channel 75 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin: 
channel.py                1212 DEBUG    [chan 75] EOF received (75)
channel.py                1212 DEBUG    [chan 75] EOF sent (75)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 76] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 76] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 76 opened.
transport.py               318 INFO     RUN ['ipa', 'vault-show', '29syvault']
transport.py               519 DEBUG    RUN ['ipa', 'vault-show', '29syvault']
channel.py                1212 DEBUG    [chan 76] Sesch channel 76 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Vault name: 29syvault
transport.py               563 DEBUG      Type: symmetric
transport.py               563 DEBUG      Salt: RtWq6ij8P7OoTBCRiu6u0xBv/ooGOZeEPx9F9pROF1s=
transport.py               563 DEBUG      Owner users: admin
transport.py               563 DEBUG      Vault user: admin
channel.py                1212 DEBUG    [chan 76] EOF received (76)
channel.py                1212 DEBUG    [chan 76] EOF sent (76)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 77] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 77] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 77 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 77] Sesch channel 77 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 77] EOF received (77)
channel.py                1212 DEBUG    [chan 77] EOF sent (77)
transport.py               217 DEBUG    Exit code: 0
transport.py               293 INFO     WRITE inventory/vault.hosts
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/vault.hosts', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/vault.hosts', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
transport.py               329 INFO     PUT vault_module.yml
sftp.py                    158 DEBUG    [chan 0] open(b'vault_module.yml', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'vault_module.yml', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
sftp.py                    158 DEBUG    [chan 0] stat(b'vault_module.yml')
channel.py                1212 DEBUG    [chan 19] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 19] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 19 opened.
transport.py               318 INFO     RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
transport.py               519 DEBUG    RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
channel.py                1212 DEBUG    [chan 19] Sesch channel 19 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    ansible-playbook 2.9.12
transport.py               563 DEBUG      config file = /root/ansible.cfg
transport.py               563 DEBUG      configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
transport.py               563 DEBUG      ansible python module location = /usr/lib/python3.6/site-packages/ansible
transport.py               563 DEBUG      executable location = /usr/bin/ansible-playbook
transport.py               563 DEBUG      python version = 3.6.8 (default, Jun 26 2020, 12:10:09) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
transport.py               563 DEBUG    Using /root/ansible.cfg as config file
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAYBOOK: vault_module.yml *****************************************************
transport.py               563 DEBUG    1 plays in vault_module.yml
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY [Playbook to ensure, not able to change password salt without password] ***
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [Gathering Facts] *********************************************************
transport.py               563 DEBUG    task path: /root/vault_module.yml:2
transport.py               563 DEBUG    ok: [master.ipadomain.test]
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [vault module testing] ****************************************************
transport.py               563 DEBUG    task path: /root/vault_module.yml:6
transport.py               563 DEBUG    fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "Symmetric vault requires password or password_file to store data or change `salt`."}
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY RECAP *********************************************************************
transport.py               563 DEBUG    master.ipadomain.test      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   
transport.py               563 DEBUG    
channel.py                1212 DEBUG    [chan 19] EOF received (19)
channel.py                1212 DEBUG    [chan 19] EOF sent (19)
transport.py               217 DEBUG    Exit code: 2

Comment 12 errata-xmlrpc 2020-11-04 02:46:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4663

Note You need to log in before you can comment on or make changes to this bug.