RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 920524 - Failed to register a system which in the FIPS mode.
Summary: Failed to register a system which in the FIPS mode.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: subscription-manager
Version: 6.4
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Bryan Kearney
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks: rhsm-rhel65 960054
TreeView+ depends on / blocked
 
Reported: 2013-03-12 10:16 UTC by xingge
Modified: 2016-09-20 02:27 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
No description necessary
Clone Of:
Environment:
Last Closed: 2013-11-21 21:25:00 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
error log in the CLI (764 bytes, text/x-log)
2013-03-12 10:16 UTC, xingge 		no flags Details
log in /var/log/rhsm/rhsm.log (170.65 KB, text/x-log)
2013-03-12 10:16 UTC, xingge 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1659 0 normal SHIPPED_LIVE subscription-manager and python-rhsm bug fix and enhancement update 2013-11-20 21:53:10 UTC

Description xingge 2013-03-12 10:16:00 UTC 
Created attachment 708888 [details]
error log in the CLI

Description of problem:
Failed to register a system which in the FIPS mode

Version-Release number of selected component (if applicable):
dracut-fips-004-303.el6.noarch
fipscheck-lib-1.2.0-7.el6.x86_64
subscription-manager-1.1.23-1.el6.x86_64
subscription-manager-gui-1.1.23-1.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.Install dracut-fips
    yum install dracut-fips

2.Enable FIPS
[root@dhcp-66-78-39 ~]# dracut -f -v

3.Modify the kernel command line of the current kernel in the 
#cat /etc/grub/grub.conf
title Red Hat Enterprise Linux (2.6.32-358.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-358.el6.x86_64 ro root=/dev/mapper/vg_rhel64-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_rhel64/lv_swap rd_NO_MD rd_LVM_LV=vg_rhel64/lv_root SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM fips=1 boot=/dev/vda1 console=ttyS0
        initrd /initramfs-2.6.32-358.el6.x86_64.img

4.Run subscription-manager to register
[root@dhcp-66-78-39 ~]#subscription-manager register

Actual results:
Get a traceback like the attachment "error.log"

Expected results:
No traceback would show,and the register should succeed.

Additional info:
subscription-manager-gui command will fail too and get traceback.
Comment 1 xingge 2013-03-12 10:16:38 UTC 
Created attachment 708889 [details]
log in /var/log/rhsm/rhsm.log
Comment 3 RHEL Program Management 2013-03-16 05:47:11 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 Bryan Kearney 2013-04-12 13:29:04 UTC 
I do not know FIPS, that well. I followed your instructions but I updatedthre machine to he latest of all the packages. So, I did the following:

1) set up a minimal rhel 6.4 machine
2) yum update
3) install dracut-fips.

At this point I have:

fipscheck-lib-1.2.0-7.el6.x86_64
fipscheck-1.2.0-7.el6.x86_64
dracut-fips-004-303.el6.noarch
kernel-2.6.32-358.el6.x86_64
kernel-firmware-2.6.32-358.2.1.el6.noarch
kernel-2.6.32-358.2.1.el6.x86_64 

I am using the 2.1 kernel

4) dracut -f -v
5) Set the following as my grub line in /etc/grub.conf

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/mapper/vg_rhel64base-lv_root
#          initrd /initrd-[generic-]version.img
#boot=/dev/vda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.32-358.2.1.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=/dev/mapper/vg_rhel64base-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=vg_rhel64base/lv_root SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=vg_rhel64base/lv_swap  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb  fips=1 quiet
        initrd /initramfs-2.6.32-358.2.1.el6.x86_64.img
title Red Hat Enterprise Linux (2.6.32-358.el6.x86_64)
        root (hd0,0)


6) rebooted
7) subscription manager runs fine


Have I done any step incorrectly?
Comment 6 xingge 2013-04-17 01:17:09 UTC 
Hi Bryan,

I'v done the same steps as you did, and the subscription-manager works fine at the FIPS mode. This bug fixed I think.
Comment 7 Bryan Kearney 2013-05-01 18:16:39 UTC 
Per comment 6, I am moving this to ON_QA.
Comment 8 xingge 2013-05-02 07:10:51 UTC 
In the kernel 2.6.32-358.el6.x86_64 the FIPS mode will cause a kernel panic, but this bug is fixed on kernel 2.6.32-358.2.1.el6.x86_64. so close it as VERIFIED.
Comment 10 errata-xmlrpc 2013-11-21 21:25:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1659.html
Note You need to log in before you can comment on or make changes to this bug.