By default ansible uses MD5 for all the modules. I should run ansible on a node where MD5 is not allowed. I could find a way for “copy” and “stat” by giving get_md5=no, but there’s no alternative or workaround for “template” module. Please suggest a way to use template without md5 or in general how to make sensible not use md5.
Thanks,
-Veena
I’ll check that template uses the same rules as the copy and start modules not in general if md5 is disallowed on a not do (for instance, fips mode), the module simply won’t return an md5 hash. Are you seeing an error? What’s your use case?
-Toshio
Just confirmed that template uses the copy module under the covers.
That means if md5 is disabled on the remote machine, then it will not
return an md5 hash.
-Toshio
Thanks for the reply Toshio.
I have replaced copy with “synchronize”. But there is no alternative for “template”. The use case is to run ansible tasks with FIPS enabled mode.
Template and copy will work just fine in FIPS mode. The md5 return
value will just be empty. Try it 
-Toshio
The copy task fails and I get below error
fips_md.c(147): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored\n
Thanks,
-Veena
Okay, that's a bug that needs to be fixed. I need this information:
* On what system? It looks like the way it fails is now different
than on the system that we first made this work with FIPS mode on.
* How do you get that system into FIPS mode? (IIRC, we tested on
RHEL5 or 6 and had to pass a kernel commandline parameter to enable
FIPS mode)
* What's the complete traceback?
-Toshio
I've just tested FIPS mode on both centos6 and centos7 and copy works
on both. Here's the output from one of my tests:
ansible -m copy -a 'src=/etc/passwd dest=/tmp/test' rhel7-test -v
rhel7-test | SUCCESS => {
"changed": true,
"checksum": "e71a984d8559a386e52c0ef954f368513c398eee",
"dest": "/tmp/test",
"diff": ,
"gid": 1000,
"group": "badger",
"invocation": {
"module_args": {
"attributes": null,
"backup": false,
"content": null,
"delimiter": null,
"dest": "/tmp/test",
"directory_mode": null,
"follow": false,
"force": true,
"group": null,
"local_follow": null,
"mode": null,
"original_basename": "passwd",
"owner": null,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src":
"/home/badger/.ansible/tmp/ansible-tmp-1512499612.07-236714811611664/source",
"unsafe_writes": null,
"validate": null
}
},
"md5sum": null,
"mode": "0664",
"owner": "badger",
"secontext": "unconfined_u:object_r:user_home_t:s0",
"size": 5664,
"src": "/home/badger/.ansible/tmp/ansible-tmp-1512499612.07-236714811611664/source",
"state": "file",
"uid": 1000
}
No error and the md5sum field is null.
So I will need the details I asked for to figure out how to reproduce
this and how to fix it.
Thanks,
-Toshio