-
Bug
-
Resolution: Done
-
Critical
-
Logging 5.3.0
-
False
-
False
-
NEW
-
NEW
-
Before this update, Elasticsearch pods failed to start after updating with FIPS enabled. With this update, Elasticsearch pods start successfully.
-
-
Logging (LogExp) - Sprint 211, Logging (LogExp) - Sprint 212, Logging (LogExp) - Sprint 213
Description of problem:
On a FIPS enabled cluster, the elasticsearch pods are failing with error:
[2021-11-18 03:36:29,968][INFO ][container.run ] Building required p12 files and truststore keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available
Version-Release number of selected component (if applicable):
Client Version: 4.9.0-202109210853.p0.git.96e95ce.assembly.stream-96e95ce
Server Version: 4.9.7
Kubernetes Version: v1.22.2+5e38c72
elasticsearch-operator.5.3.0-67
Enable FIPS on the Cluster
How reproducible:
Always
Steps to Reproduce:
*Deploy a FIPS enabled cluster.
*Install the cluster logging, elasticsearch operation and create a cluster logging instance.
*Check the elasticsearch pods, the pods are in CrashLoopBackOff with below error in the pod.
oc logs -f elasticsearch-cdm-8hv2dgdn-2-b8488b954-f4k7r -c elasticsearch [2021-11-18 03:36:29,943][INFO ][container.run ] Begin Elasticsearch startup script [2021-11-18 03:36:29,948][INFO ][container.run ] Comparing the specified RAM to the maximum recommended for Elasticsearch... [2021-11-18 03:36:29,951][INFO ][container.run ] Inspecting cgroup version... [2021-11-18 03:36:29,954][INFO ][container.run ] Detected cgroup v1 [2021-11-18 03:36:29,956][INFO ][container.run ] Inspecting the maximum RAM available... [2021-11-18 03:36:29,960][INFO ][container.run ] ES_JAVA_OPTS: ' -Xms512m -Xmx512m' [2021-11-18 03:36:29,962][INFO ][container.run ] Copying certs from /etc/openshift/elasticsearch/secret to /etc/elasticsearch//secret [2021-11-18 03:36:29,968][INFO ][container.run ] Building required p12 files and truststore keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available
Image: "https://access.redhat.com/containers/#/registry.access.redhat.com/openshift-logging/elasticsearch6-rhel8/images/v6.8.1-42"
Image ID: registry.redhat.io/openshift-logging/elasticsearch6-rhel8@sha256:73472de60c6e962c44b1e57f424d133a25822828e6daa2bfa5854467c8f9c2e9
- is cloned by
-
LOG-2000 Elasticsearch pods fails to start with ‘keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available’ error on a FIPS enabled cluster
- Closed
-
LOG-2001 Elasticsearch pods fails to start with ‘keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available’ error on a FIPS enabled cluster
- Closed
- links to