[FIPS][master] Manila CephFSDriver failing to create a share with FIPS enabled

Bug #1987323 reported by Douglas Viroel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Critical
Unassigned

Bug Description

tripleo-ci-centos-9-scenario004-standalone-fips is failing to create a share when running under FIPS[1] with the following error[2]:

  File "/usr/share/ceph/mgr/volumes/fs/operations/versions/subvolume_base.py", line 134, in load_config
    self.fs.stat(self.legacy_config_path)
  File "/usr/share/ceph/mgr/volumes/fs/operations/versions/subvolume_base.py", line 79, in legacy_config_path
    m = md5()
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS

Note that last SUCCESS was using Ceph Pacific[3], while these new failing jobs are using Ceph Quincy[4]

[1] https://zuul.opendev.org/t/openstack/builds?job_name=tripleo-ci-centos-9-scenario004-standalone-fips&project=openstack/tripleo-ci
[2] https://2dc96497c2ccf70a128b-4f9d8814b5757ae609c9c9a4c385ce18.ssl.cf1.rackcdn.com/periodic/opendev.org/openstack/tripleo-ci/master/tripleo-ci-centos-9-scenario004-standalone-fips/2f78dc0/logs/undercloud/var/log/containers/manila/manila-share.log
[3] https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_9f2/periodic/opendev.org/openstack/tripleo-ci/master/tripleo-ci-centos-9-scenario004-standalone-fips/9f2b227/logs/undercloud/var/log/ceph/cephadm.log
[4] https://2dc96497c2ccf70a128b-4f9d8814b5757ae609c9c9a4c385ce18.ssl.cf1.rackcdn.com/periodic/opendev.org/openstack/tripleo-ci/master/tripleo-ci-centos-9-scenario004-standalone-fips/2f78dc0/logs/undercloud/var/log/ceph/cephadm.log

Revision history for this message
Goutham Pacha Ravi (gouthamr) wrote :

Hi,

Ceph's mgr daemon has a bug in the 17.2.3 release:

   https://tracker.ceph.com/issues/56727

The fix for this has merged in the Quincy branch:

  https://github.com/ceph/ceph/pull/47368

It should be part of the 17.2.4 release.

Revision history for this message
Francesco Pantano (fmount) wrote :

Looks like this is a known issue on the ceph side, tracked here [1] and already merged in master/quincy [2].

17.2.4 should solve this issue, so we'll check during the next promotion.

[1] https://tracker.ceph.com/issues/56727
[2] https://github.com/ceph/ceph/pull/47368

Revision history for this message
Rabi Mishra (rabi) wrote :
Changed in tripleo:
status: Triaged → Fix Released
Douglas Viroel (dviroel)
tags: added: fips
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.