Bug 1907358 - In FIPS mode, RHVH cannot enter the new layer after upgrade
Summary: In FIPS mode, RHVH cannot enter the new layer after upgrade
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: imgbased
Version: 4.4.3
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ovirt-4.4.5
: ---
Assignee: Asaf Rachmani
QA Contact: peyu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-12-14 10:35 UTC by peyu
Modified: 2021-04-14 11:48 UTC (History)
10 users (show)

Fixed In Version: imgbased-1.2.17-0.1.el8ev
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-04-14 11:44:48 UTC
oVirt Team: Node
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
/var/log (2.32 MB, application/gzip)
2020-12-14 10:35 UTC, peyu 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:1189 0 None None None 2021-04-14 11:48:55 UTC
oVirt gerrit 113306 0 None MERGED bootsetup: copy kernel to boot partition. 2021-02-18 01:39:57 UTC

Description peyu 2020-12-14 10:35:39 UTC 
Created attachment 1738917 [details]
/var/log

Description of problem:
Install RHVH and set FIPS mode, then upgrade the host to the latest build. The host upgrade looks successful. But when the system reboots and enters the new layer, the system will halt.

Version-Release number of selected component (if applicable):
rhvh: redhat-virtualization-host-4.4.3-20201116.0.el8_3
      redhat-virtualization-host-4.4.3-20201210.0.el8_3


How reproducible:
100%

Steps to Reproduce:
1. Install RHVH-4.4-20201117.0-RHVH-x86_64-dvd1.iso
2. Set the host to FIPS mode
   # fips-mode-setup --enable
   # reboot
   # fips-mode-setup --check
   ~~~~~~
   FIPS mode is enabled.
   ~~~~~~
3. Set up local repo and point to "redhat-virtualization-host-4.4.3-20201210.0.el8_3"
4. Upgrade the host
   # yum update
5. Reboot and enter the new layer
   # reboot

Actual results:
The system cannot enter the new layer, the message is as follows:
...
[  11.963611] megaraid_sas 0000:03:00.0 megasas_disable_intr_fusion is called outbound_intr_mask:0x40000009
[  11.989673] reboot: System halted.

Expected results:
The host upgrade is successful, the system enters the new layer.


Additional info:
~~~~~~
# yum update
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

Red Hat update to latest                                                                                            268 kB/s | 1.1 kB     00:00    
Dependencies resolved.
====================================================================================================================================================
 Package                                                 Architecture           Version                                Repository              Size
====================================================================================================================================================
Installing:
 redhat-virtualization-host-image-update                 noarch                 4.4.3-20201210.0.el8_3                 update                 821 M
     replacing  redhat-virtualization-host-image-update-placeholder.noarch 4.4.3-1.el8ev

Transaction Summary
====================================================================================================================================================
Install  1 Package

Total download size: 821 M
Is this ok [y/N]: y
Downloading Packages:
redhat-virtualization-host-image-update-latest.rpm                                                                   82 MB/s | 821 MB     00:09    
----------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                82 MB/s | 821 MB     00:09     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                            1/1 
  Running scriptlet: redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                      1/2 
  Installing       : redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                      1/2 
  Running scriptlet: redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                      1/2 
  Obsoleting       : redhat-virtualization-host-image-update-placeholder-4.4.3-1.el8ev.noarch                                                   2/2 
  Verifying        : redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                      1/2 
  Verifying        : redhat-virtualization-host-image-update-placeholder-4.4.3-1.el8ev.noarch                                                   2/2 
Unpersisting: redhat-virtualization-host-image-update-placeholder-4.4.3-1.el8ev.noarch.rpm
Installed products updated.

Installed:
  redhat-virtualization-host-image-update-4.4.3-20201210.0.el8_3.noarch                                                                             

Complete!

~~~~~~
Comment 1 Asaf Rachmani 2021-02-01 12:13:26 UTC 
Seems like a duplicate of bug 1907746, keeping it open in order to verify both scenarios.
Comment 3 peyu 2021-02-18 09:04:13 UTC 
QE verified this issue on "redhat-virtualization-host-4.4.5-20210215.0.el8_3"

Test Steps:
1. Install RHVH-4.4-20210202.0-RHVH-x86_64-dvd1.iso
2. Set the host to FIPS mode
   # fips-mode-setup --enable
   # reboot
   # fips-mode-setup --check
   ~~~~~~
   FIPS mode is enabled.
   ~~~~~~
3. Set up local repo and point to "redhat-virtualization-host-4.4.5-20210215.0.el8_3"
4. Upgrade the host
   # yum update
5. Reboot and enter the new layer
   # reboot
6. Check FIPS mode after upgrade
   # fips-mode-setup --check

Actual results:
RHVH upgrade is successful, and FIPS mode is enabled after upgrade.
~~~~~~
# imgbase w
You are on rhvh-4.4.5.3-0.20210215.0+1

# imgbase layout
rhvh-4.4.4.1-0.20210201.0
 +- rhvh-4.4.4.1-0.20210201.0+1
rhvh-4.4.5.3-0.20210215.0
 +- rhvh-4.4.5.3-0.20210215.0+1

# fips-mode-setup --check
FIPS mode is enabled.
~~~~~~

Move the bug Status to "VERIFIED".
Comment 12 errata-xmlrpc 2021-04-14 11:44:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Virtualization security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1189
Comment 13 errata-xmlrpc 2021-04-14 11:48:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Virtualization security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1189
Note You need to log in before you can comment on or make changes to this bug.