Bug 920524 – Failed to register a system which in the FIPS mode.

Bug 920524 - Failed to register a system which in the FIPS mode.

Summary:	Failed to register a system which in the FIPS mode.

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	subscription-manager (Show other bugs)
Sub Component:
Version:	6.4
Hardware:	Unspecified Unspecified

Priority	high Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Bryan Kearney
QA Contact:	IDM QE LIST
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	960054 rhsm-rhel65
	Show dependency tree / graph

Reported:	2013-03-12 06:16 EDT by xingge
Modified:	2016-09-19 22:27 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	No description necessary
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-11-21 16:25:00 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
error log in the CLI (764 bytes, text/x-log) 2013-03-12 06:16 EDT, xingge	no flags	Details
log in /var/log/rhsm/rhsm.log (170.65 KB, text/x-log) 2013-03-12 06:16 EDT, xingge	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description xingge 2013-03-12 06:16:00 EDT

Created attachment 708888 [details]
error log in the CLI

Description of problem:
Failed to register a system which in the FIPS mode

Version-Release number of selected component (if applicable):
dracut-fips-004-303.el6.noarch
fipscheck-lib-1.2.0-7.el6.x86_64
subscription-manager-1.1.23-1.el6.x86_64
subscription-manager-gui-1.1.23-1.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.Install dracut-fips
    yum install dracut-fips

2.Enable FIPS
[root@dhcp-66-78-39 ~]# dracut -f -v

3.Modify the kernel command line of the current kernel in the 
#cat /etc/grub/grub.conf
title Red Hat Enterprise Linux (2.6.32-358.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-358.el6.x86_64 ro root=/dev/mapper/vg_rhel64-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_rhel64/lv_swap rd_NO_MD rd_LVM_LV=vg_rhel64/lv_root SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM fips=1 boot=/dev/vda1 console=ttyS0
        initrd /initramfs-2.6.32-358.el6.x86_64.img

4.Run subscription-manager to register
[root@dhcp-66-78-39 ~]#subscription-manager register

Actual results:
Get a traceback like the attachment "error.log"

Expected results:
No traceback would show,and the register should succeed.

Additional info:
subscription-manager-gui command will fail too and get traceback.

Comment 1 xingge 2013-03-12 06:16:38 EDT

Created attachment 708889 [details]
log in /var/log/rhsm/rhsm.log

Comment 3 RHEL Product and Program Management 2013-03-16 01:47:11 EDT

This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 5 Bryan Kearney 2013-04-12 09:29:04 EDT

I do not know FIPS, that well. I followed your instructions but I updatedthre machine to he latest of all the packages. So, I did the following:

1) set up a minimal rhel 6.4 machine
2) yum update
3) install dracut-fips.

At this point I have:

fipscheck-lib-1.2.0-7.el6.x86_64
fipscheck-1.2.0-7.el6.x86_64
dracut-fips-004-303.el6.noarch
kernel-2.6.32-358.el6.x86_64
kernel-firmware-2.6.32-358.2.1.el6.noarch
kernel-2.6.32-358.2.1.el6.x86_64 

I am using the 2.1 kernel

4) dracut -f -v
5) Set the following as my grub line in /etc/grub.conf

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/mapper/vg_rhel64base-lv_root
#          initrd /initrd-[generic-]version.img
#boot=/dev/vda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.32-358.2.1.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=/dev/mapper/vg_rhel64base-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=vg_rhel64base/lv_root SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=vg_rhel64base/lv_swap  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb  fips=1 quiet
        initrd /initramfs-2.6.32-358.2.1.el6.x86_64.img
title Red Hat Enterprise Linux (2.6.32-358.el6.x86_64)
        root (hd0,0)


6) rebooted
7) subscription manager runs fine


Have I done any step incorrectly?

Comment 6 xingge 2013-04-16 21:17:09 EDT

Hi Bryan,

I'v done the same steps as you did, and the subscription-manager works fine at the FIPS mode. This bug fixed I think.

Comment 7 Bryan Kearney 2013-05-01 14:16:39 EDT

Per comment 6, I am moving this to ON_QA.

Comment 8 xingge 2013-05-02 03:10:51 EDT

In the kernel 2.6.32-358.el6.x86_64 the FIPS mode will cause a kernel panic, but this bug is fixed on kernel 2.6.32-358.2.1.el6.x86_64. so close it as VERIFIED.

Comment 10 errata-xmlrpc 2013-11-21 16:25:00 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1659.html

Note You need to log in before you can comment on or make changes to this bug.