Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-2001

Elasticsearch pods fails to start with ‘keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available’ error on a FIPS enabled cluster

    XMLWordPrintable

Details

    • False
    • False
    • NEW
    • VERIFIED
    • Logging (LogExp) - Sprint 211, Logging (LogExp) - Sprint 212, Logging (LogExp) - Sprint 213

    Description

      Description of problem:
      On a FIPS enabled cluster, the elasticsearch pods are failing with error:

      [2021-11-18 03:36:29,968][INFO ][container.run            ] Building required p12 files and truststore
keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available

      Version-Release number of selected component (if applicable):
      Server Version: 4.8.0-0.nightly-2021-11-19-050313
      Kubernetes Version: v1.21.5+fb294cb
      elasticsearch-operator.5.1.4-17

      Enable FIPS on the Cluster

      How reproducible:
      Always

      Steps to Reproduce:

      *Deploy a FIPS enabled cluster.
      *Install the cluster logging, elasticsearch operation and create a cluster logging instance.
      *Check the elasticsearch pods, the pods are in CrashLoopBackOff with below error in the pod.

      oc logs elasticsearch-cdm-16gx0d7n-3-74dc7f9877-6nmnm -c elasticsearch
[2021-11-19 09:06:27,652][INFO ][container.run            ] Begin Elasticsearch startup script
[2021-11-19 09:06:27,661][INFO ][container.run            ] Comparing the specified RAM to the maximum recommended for Elasticsearch...
[2021-11-19 09:06:27,663][INFO ][container.run            ] Inspecting cgroup version...
[2021-11-19 09:06:27,666][INFO ][container.run            ] Detected cgroup v1
[2021-11-19 09:06:27,673][INFO ][container.run            ] Inspecting the maximum RAM available...
[2021-11-19 09:06:27,678][INFO ][container.run            ] ES_JAVA_OPTS: ' -Xms512m -Xmx512m'
[2021-11-19 09:06:27,681][INFO ][container.run            ] Copying certs from /etc/openshift/elasticsearch/secret to /etc/elasticsearch//secret
[2021-11-19 09:06:27,690][INFO ][container.run            ] Building required p12 files and truststore
keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available

       

          Image:          registry.redhat.io/openshift-logging/elasticsearch6-rhel8@sha256:c0d9de490b092e144c273a6af31e0d377271a05d5d669dac18f2dc5f7db9ed90
    Image ID:       registry.redhat.io/openshift-logging/elasticsearch6-rhel8@sha256:9d5939f90c1292f783d65e9b83ed2c60268c2bdfed44e7fc2b0298ce222de87d

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. LOG-1974 Elasticsearch pods fails to start with ‘keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available’ error on a FIPS enabled cluster

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          Web Link Elasticsearch from openshift-logging does not start anymore when FIPS is enabled

          Activity

            People

              spad09 Shweta Padubidri
              rhn-support-ikanse Ishwar Kanse
              Qiaoling Tang Qiaoling Tang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 weeks
                  2w