Description of problem: It looks like facter is linked against an older version of openssl. When you run "puppet apply" or "factor", you get the following error: crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE That failure comes from an older version of openssl, for instance: https://github.com/openssl/openssl/blob/OpenSSL-fips-2_0-stable/fips/fips.c#L136-L142 whereas this file does not exist in latest versions of openssl. We should note that: 1. puppet from upstream puppet works under fips mode, so we should consider updating here. 2. in centos-9 stream upstream, things appear to be working just fine. see https://zuul.opendev.org/t/openstack/build/2d083f6b87a041d58466d11d303b948f/log/logs/undercloud/var/log/dnf.rpm.log for instance. Version-Release number of selected component (if applicable): Red Hat Enterprise Linux release 9.0 Beta (Plow) How reproducible: Steps to Reproduce: 1. set RHEL 9 instance in FIPS mode 2. puppet apply or facter Actual results: Expected results: Additional info:
FYI - this is holding up downstream testing for FIPS in OSP 17
I was able to get facter 3.14.19 rebuilt and run it in FIPS mode with Ruby enabled (ruby-facter) and not. If all of its dependencies are not built in a particular order, it seems to cause issues.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2022:6543