HI
AWX operator :1.2.0
k8s version: v1.25.6
AWX installation fails on FIPS enabled k8s cluster system.
logs:
TASK [Update admin password status] ********************************
fatal: [localhost]: FAILED! => {“changed”: false, “error”: “[digital envelope routines: EVP_DigestInit_ex] disabled for FIPS”, “msg”: “Failed to get client due to %s”}
Any one faced similar issue? pls advise.
Regards
Prabhu
Hi
After updating the operator from V1.2.0 to V1.3.0 seeing following error.
TASK [Apply deployment resources] ********************************
fatal: [localhost]: FAILED! => {“msg”: “An unhandled exception occurred while running the lookup plugin ‘template’. Error was a <class ‘ValueError’>, original message: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS”}
what is FQCN for the lookup plugin template? wanted to adjust the plays with FQCN and see if it works…
Regards
Prabhu
Hi,
Your issue is already addressed and will be fixed in the next release.
https://github.com/ansible/awx-operator/pull/1260
It’s not FQCN-related issue but “md5” is used in the playbook.
Regards,
Have you confirmed SHA1 is still acceptable in FIPS? I think not.
https://csrc.nist.gov/Projects/hash-functions
Walter
Hi
Thanks for the reply…
I tried to install v22.0.0 and v22.1.0 , however installation is failing with following errors.
fatal: [localhost]: FAILED! => {“msg”: “An unhandled exception occurred while running the lookup plugin ‘template’. Error was a <class ‘ValueError’>, original message: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS”}
Regards
Prabho
Hi Prabho, do you mind opening an awx-operator github issue for this? seems like a legitimate bug
AWX Team
Hi
Thanks for the reply
I have logged in github issue.
AWX installation not successful on FIPS enabled systems #1381
Regard
Prabhu