Description of problem (please be detailed as possible and provide log snippests): So it looks like there is currently an approved pull request for nooba-core to be used with fips enabled systems: FIPS compliance for sha by jeniawhite · Pull Request #5943 · noobaa/noobaa-core · GitHub URL: https://github.com/noobaa/noobaa-core/pull/5943 I am opening this bug to make sure that all channels are aware of this issue with NooBaa/ the NooBaa pod associated with the Openshift Container Storage Operator Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? Customer is unable to use NooBaa on a cluster with FIPS enabled. Is there any workaround available to the best of your knowledge? Not for a cluster with FIPS enabled. Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? Can this issue reproducible? Yes Can this issue reproduce from the UI? Yes Steps to Reproduce: 1. Enable FIPS on a 4.x openshift cluster 2. Install the Openshift Container Storage operator 3. View errors: CONSOLE:: PANIC: process uncaughtException Error: error:060800C8:digital envelope routines:EVP_DigestInit_ex:disabled for FIPS at new Hash (internal/crypto/hash.js:48:19) at Object.createHash (crypto.js:109:10) at new SensitiveString (/root/node_modules/noobaa-core/src/util/sensitive_string.js:15:31) at Object.<anonymous> (/root/node_modules/noobaa-core/src/server/system_services/account_server.js:37:17) at Module._compile (internal/modules/cjs/loader.js:1158:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:1178:10) at Module.load (internal/modules/cjs/loader.js:1002:32) at Function.Module._load (internal/modules/cjs/loader.js:901:14) at Module.require (internal/modules/cjs/loader.js:1044:19) at require (internal/modules/cjs/helpers.js:77:18) at Object.<anonymous> (/root/node_modules/noobaa-core/src/server/web_server.js:33:24) at Module._compile (internal/modules/cjs/loader.js:1158:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:1178:10) at Module.load (internal/modules/cjs/loader.js:1002:32) at Function.Module._load (internal/modules/cjs/loader.js:901:14) at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:74:12) Actual results: Backtrace and application failure. Expected results: Functional NooBaa application Additional info: Case number is 02665197, let me know if there is anything else you need from me and I will be happy to get that for you.
@Bipin FIPS is part of 4.5
Verifying based on tier1 testing results with FIPS enabled. All MCG tests passed, including Noobaa health validation. Done here https://ocs4-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/qe-deploy-ocs-cluster/10099/ OCS operator - v4.5.0-493.ci
I don't think this issue is valuable to the customer. In general we say in the docs that FIPS is supported, this BZ is part of that. Don't see the need for additional text :)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenShift Container Storage 4.5.0 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3754