OpenStack-Ansible

setup-hosts.yaml fails at check if FIPS enabled

Bug #1659001 reported by Arslan Qadeer on 2017-01-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	High	Major Hayden

Bug Description

openstack-ansible(master) is failing on CentOS 7. The playbook "setup-hosts.yml" fails at task "Check if FIPS is enabled". Logs are shown below:

TASK [openstack-ansible-security : Check if FIPS is enabled] *******************
fatal: [controller]: FAILED! => {"changed": false, "cmd": ["cat", "/proc/sys/crypto/fips_enabled"], "delta": "0:00:00.004229", "end": "2017-01-23 09:13:54.797138", "failed": true$
"rc": 1, "start": "2017-01-23 09:13:54.792909", "stderr": "cat: /proc/sys/crypto/fips_enabled: No such file or directory", "stdout": "", "stdout_lines": [], "warnings": []}
fatal: [compute]: FAILED! => {"changed": false, "cmd": ["cat", "/proc/sys/crypto/fips_enabled"], "delta": "0:00:00.003615", "end": "2017-01-23 09:13:54.826789", "failed": true, "r
c": 1, "start": "2017-01-23 09:13:54.823174", "stderr": "cat: /proc/sys/crypto/fips_enabled: No such file or directory", "stdout": "", "stdout_lines": [], "warnings": []}
fatal: [deploy]: FAILED! => {"changed": false, "cmd": ["cat", "/proc/sys/crypto/fips_enabled"], "delta": "0:00:00.005079", "end": "2017-01-23 09:13:54.832406", "failed": true, "rc
": 1, "start": "2017-01-23 09:13:54.827327", "stderr": "cat: /proc/sys/crypto/fips_enabled: No such file or directory", "stdout": "", "stdout_lines": [], "warnings": []}

Revision history for this message

Major Hayden (rackerhacker) wrote on 2017-01-24:

https://review.openstack.org/#/c/424660/

Changed in openstack-ansible:
assignee:	nobody → Major Hayden (rackerhacker)
status:	New → Confirmed
importance:	Undecided → High

OpenStack Infra (hudson-openstack) on 2017-01-24

Changed in openstack-ansible:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-26: Fix merged to openstack-ansible-security (master)

Reviewed: https://review.openstack.org/424660
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=b14056ee44fad250900a0b44fc2436ae509daca4
Submitter: Jenkins
Branch: master

commit b14056ee44fad250900a0b44fc2436ae509daca4
Author: Major Hayden <email address hidden>
Date: Tue Jan 24 10:03:48 2017 -0600

Don't fail when checking for FIPS

    The check for FIPS in the proc filesystem causes the playbook to halt
    if the path doesn't exist. This shouldn't happen because the next
    task is the one that explains to the deployer that FIPS isn't enabled.

This patch allows the playbook to keep running so the appropriate
debug message can be printed.

Closes-Bug: 1659001
Change-Id: I4023b8e85e61a8e9883045ef488c75e65790035a

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-27: Fix included in openstack/openstack-ansible-security 15.0.0.0b3

This issue was fixed in the openstack/openstack-ansible-security 15.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.