Description of problem: Right now, we enable fips on the engine VM only if the user wants to apply an OpenSCAP profile. Add an independent question for this and pass as a new ansible var, to be added in bug 1967530.
Verified with: ovirt-hosted-engine-setup-2.5.3-1.el8ev.noarch ovirt-ansible-collection-1.6.0-1.el8ev.noarch Steps: 1. Run `hosted-engine --deploy` 2. Don't apply OpenSCAP security profile, check if there is an independent question asking for enabling FIPS mode on engine VM. 3. Choose to enable FIPS, check if hosted engine deployment could succeed. 4. Check if FIPS mode is enabled on engine VM after deployment finished. Results: 1. There is an independent question asking for enabling FIPS mode on engine VM when OpenSCAP security profile is not applied. Do you want to apply a default OpenSCAP security profile? (Yes, No) [No]: Do you want to enable FIPS? (Yes, No) [No]: 2. Hosted engine deployment succeeds when enabling FIPS mode but not applying OpenSCAP security profile. 3. FIPS mode is enabled on engine VM after deployment finished: # fips-mode-setup --check FIPS mode is enabled.
This bugzilla is included in oVirt 4.4.8 release, published on August 19th 2021. Since the problem described in this bug report should be resolved in oVirt 4.4.8 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.