Project

Profile

Help

Issue #3156

closed

pulp-manage-db fails to run on FIPS enabled system.

Added by pthomas@redhat.com about 7 years ago. Updated over 4 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Installing pulp 2.14.3 on a FIPS enabled system fails on pulp-manage-db

 rpm -qa |grep pulp
python-isodate-0.5.0-4.pulp.el7.noarch
python-pulp-docker-common-3.0.2-1.el7.noarch
python-pulp-repoauth-2.14.3-1.el7.noarch
pulp-puppet-plugins-2.14.3-1.el7.noarch
python-pulp-bindings-2.14.3-1.el7.noarch
pulp-rpm-admin-extensions-2.14.3-1.el7.noarch
python-pulp-python-common-2.0.2-1.el7.noarch
pulp-python-plugins-2.0.2-1.el7.noarch
python-pulp-common-2.14.3-1.el7.noarch
python-kombu-3.0.33-8.pulp.el7.noarch
python-pulp-rpm-common-2.14.3-1.el7.noarch
python-pulp-puppet-common-2.14.3-1.el7.noarch
pulp-selinux-2.14.3-1.el7.noarch
python-pulp-oid_validation-2.14.3-1.el7.noarch
pulp-docker-plugins-3.0.2-1.el7.noarch
pulp-rpm-plugins-2.14.3-1.el7.noarch
pulp-admin-client-2.14.3-1.el7.noarch
pulp-docker-admin-extensions-3.0.2-1.el7.noarch
python-pulp-ostree-common-1.3.0-1.el7.noarch
pulp-ostree-admin-extensions-1.3.0-1.el7.noarch
pulp-python-admin-extensions-2.0.2-1.el7.noarch
pulp-server-2.14.3-1.el7.noarch
python-pulp-client-lib-2.14.3-1.el7.noarch
pulp-puppet-admin-extensions-2.14.3-1.el7.noarch
pulp-ostree-plugins-1.3.0-1.el7.noarch

Steps

1.  On a FIPS enabled system, Install pulp 2.14.3 (latest stable)
2. Follow the installation steps
3. Run sudo -u apache pulp-manage-db

Actual Result

sudo -u apache pulp-manage-db
Traceback (most recent call last):
  File "/bin/pulp-manage-db", line 9, in <module>
    load_entry_point('pulp-server==2.14.3', 'console_scripts', 'pulp-manage-db')()
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 378, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2566, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
  File "/usr/lib/python2.7/site-packages/pulp/server/db/manage.py", line 14, in <module>
    from pulp.plugins.loader.api import load_content_types
  File "/usr/lib/python2.7/site-packages/pulp/plugins/loader/api.py", line 7, in <module>
    from pulp.plugins.loader.manager import PluginManager
  File "/usr/lib/python2.7/site-packages/pulp/plugins/loader/manager.py", line 9, in <module>
    from pulp.server.db.model import ContentUnit
  File "/usr/lib/python2.7/site-packages/pulp/server/db/model/__init__.py", line 12, in <module>
    from mongoengine import (BooleanField, DictField, Document, DynamicField, IntField,
  File "/usr/lib/python2.7/site-packages/mongoengine/__init__.py", line 1, in <module>
    import document
  File "/usr/lib/python2.7/site-packages/mongoengine/document.py", line 2, in <module>
    import pymongo
  File "/usr/lib64/python2.7/site-packages/pymongo/__init__.py", line 83, in <module>
    from pymongo.collection import ReturnDocument
  File "/usr/lib64/python2.7/site-packages/pymongo/collection.py", line 21, in <module>
    from bson.code import Code
  File "/usr/lib64/python2.7/site-packages/bson/__init__.py", line 43, in <module>
    from bson.objectid import ObjectId
  File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 55, in <module>
    class ObjectId(object):
  File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 62, in ObjectId
    _machine_bytes = _machine_bytes()
  File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 38, in _machine_bytes
    machine_hash = hashlib.md5()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
Actions #2

Updated by mhrivnak about 7 years ago

The problem appears to be that pymongo cannot run on a FIPS-enabled machine. It hard fails just by importing it. There will need to be an investigation into whether there is some option for making pymongo work.

The MongoDB docs are not very promising either: "Only MongoDB Enterprise edition supports FIPS mode."

https://docs.mongodb.com/manual/tutorial/configure-fips/#prerequisites

Python 2.7.5 (default, May  3 2017, 07:55:04) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pymongo
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/pymongo/__init__.py", line 83, in <module>
    from pymongo.collection import ReturnDocument
  File "/usr/lib64/python2.7/site-packages/pymongo/collection.py", line 21, in <module>
    from bson.code import Code
  File "/usr/lib64/python2.7/site-packages/bson/__init__.py", line 43, in <module>
    from bson.objectid import ObjectId
  File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 55, in <module>
    class ObjectId(object):
  File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 62, in ObjectId
    _machine_bytes = _machine_bytes()
  File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 38, in _machine_bytes
    machine_hash = hashlib.md5()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
Actions #3

Updated by dalley about 7 years ago

  • Status changed from NEW to CLOSED - WONTFIX
  • Triaged changed from No to Yes
Actions #4

Updated by bmbouter over 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF