Actions
Issue #3156
closedpulp-manage-db fails to run on FIPS enabled system.
Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
Installing pulp 2.14.3 on a FIPS enabled system fails on pulp-manage-db
rpm -qa |grep pulp
python-isodate-0.5.0-4.pulp.el7.noarch
python-pulp-docker-common-3.0.2-1.el7.noarch
python-pulp-repoauth-2.14.3-1.el7.noarch
pulp-puppet-plugins-2.14.3-1.el7.noarch
python-pulp-bindings-2.14.3-1.el7.noarch
pulp-rpm-admin-extensions-2.14.3-1.el7.noarch
python-pulp-python-common-2.0.2-1.el7.noarch
pulp-python-plugins-2.0.2-1.el7.noarch
python-pulp-common-2.14.3-1.el7.noarch
python-kombu-3.0.33-8.pulp.el7.noarch
python-pulp-rpm-common-2.14.3-1.el7.noarch
python-pulp-puppet-common-2.14.3-1.el7.noarch
pulp-selinux-2.14.3-1.el7.noarch
python-pulp-oid_validation-2.14.3-1.el7.noarch
pulp-docker-plugins-3.0.2-1.el7.noarch
pulp-rpm-plugins-2.14.3-1.el7.noarch
pulp-admin-client-2.14.3-1.el7.noarch
pulp-docker-admin-extensions-3.0.2-1.el7.noarch
python-pulp-ostree-common-1.3.0-1.el7.noarch
pulp-ostree-admin-extensions-1.3.0-1.el7.noarch
pulp-python-admin-extensions-2.0.2-1.el7.noarch
pulp-server-2.14.3-1.el7.noarch
python-pulp-client-lib-2.14.3-1.el7.noarch
pulp-puppet-admin-extensions-2.14.3-1.el7.noarch
pulp-ostree-plugins-1.3.0-1.el7.noarch
Steps
1. On a FIPS enabled system, Install pulp 2.14.3 (latest stable)
2. Follow the installation steps
3. Run sudo -u apache pulp-manage-db
Actual Result
sudo -u apache pulp-manage-db
Traceback (most recent call last):
File "/bin/pulp-manage-db", line 9, in <module>
load_entry_point('pulp-server==2.14.3', 'console_scripts', 'pulp-manage-db')()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 378, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2566, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
entry = __import__(self.module_name, globals(),globals(), ['__name__'])
File "/usr/lib/python2.7/site-packages/pulp/server/db/manage.py", line 14, in <module>
from pulp.plugins.loader.api import load_content_types
File "/usr/lib/python2.7/site-packages/pulp/plugins/loader/api.py", line 7, in <module>
from pulp.plugins.loader.manager import PluginManager
File "/usr/lib/python2.7/site-packages/pulp/plugins/loader/manager.py", line 9, in <module>
from pulp.server.db.model import ContentUnit
File "/usr/lib/python2.7/site-packages/pulp/server/db/model/__init__.py", line 12, in <module>
from mongoengine import (BooleanField, DictField, Document, DynamicField, IntField,
File "/usr/lib/python2.7/site-packages/mongoengine/__init__.py", line 1, in <module>
import document
File "/usr/lib/python2.7/site-packages/mongoengine/document.py", line 2, in <module>
import pymongo
File "/usr/lib64/python2.7/site-packages/pymongo/__init__.py", line 83, in <module>
from pymongo.collection import ReturnDocument
File "/usr/lib64/python2.7/site-packages/pymongo/collection.py", line 21, in <module>
from bson.code import Code
File "/usr/lib64/python2.7/site-packages/bson/__init__.py", line 43, in <module>
from bson.objectid import ObjectId
File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 55, in <module>
class ObjectId(object):
File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 62, in ObjectId
_machine_bytes = _machine_bytes()
File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 38, in _machine_bytes
machine_hash = hashlib.md5()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
Updated by mhrivnak about 7 years ago
The problem appears to be that pymongo cannot run on a FIPS-enabled machine. It hard fails just by importing it. There will need to be an investigation into whether there is some option for making pymongo work.
The MongoDB docs are not very promising either: "Only MongoDB Enterprise edition supports FIPS mode."
https://docs.mongodb.com/manual/tutorial/configure-fips/#prerequisites
Python 2.7.5 (default, May 3 2017, 07:55:04)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pymongo
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/site-packages/pymongo/__init__.py", line 83, in <module>
from pymongo.collection import ReturnDocument
File "/usr/lib64/python2.7/site-packages/pymongo/collection.py", line 21, in <module>
from bson.code import Code
File "/usr/lib64/python2.7/site-packages/bson/__init__.py", line 43, in <module>
from bson.objectid import ObjectId
File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 55, in <module>
class ObjectId(object):
File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 62, in ObjectId
_machine_bytes = _machine_bytes()
File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 38, in _machine_bytes
machine_hash = hashlib.md5()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
Updated by dalley about 7 years ago
- Status changed from NEW to CLOSED - WONTFIX
- Triaged changed from No to Yes
Actions