Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: Logging 5.1.8
Affects Version/s: Logging 5.1.4
Component/s: Log Storage
Labels:
- devel_ack+
- no-rn

Blocked:
False
Ready:
False
Docs QE Status:
NEW
QE Status:
VERIFIED
Market:

Sprint:
Logging (LogExp) - Sprint 211, Logging (LogExp) - Sprint 212, Logging (LogExp) - Sprint 213

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Description of problem:
On a FIPS enabled cluster, the elasticsearch pods are failing with error:

[2021-11-18 03:36:29,968][INFO ][container.run            ] Building required p12 files and truststore
keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available

Version-Release number of selected component (if applicable):
Server Version: 4.8.0-0.nightly-2021-11-19-050313
Kubernetes Version: v1.21.5+fb294cb
elasticsearch-operator.5.1.4-17

Enable FIPS on the Cluster

How reproducible:
Always

Steps to Reproduce:

*Deploy a FIPS enabled cluster.
*Install the cluster logging, elasticsearch operation and create a cluster logging instance.
*Check the elasticsearch pods, the pods are in CrashLoopBackOff with below error in the pod.

oc logs elasticsearch-cdm-16gx0d7n-3-74dc7f9877-6nmnm -c elasticsearch
[2021-11-19 09:06:27,652][INFO ][container.run            ] Begin Elasticsearch startup script
[2021-11-19 09:06:27,661][INFO ][container.run            ] Comparing the specified RAM to the maximum recommended for Elasticsearch...
[2021-11-19 09:06:27,663][INFO ][container.run            ] Inspecting cgroup version...
[2021-11-19 09:06:27,666][INFO ][container.run            ] Detected cgroup v1
[2021-11-19 09:06:27,673][INFO ][container.run            ] Inspecting the maximum RAM available...
[2021-11-19 09:06:27,678][INFO ][container.run            ] ES_JAVA_OPTS: ' -Xms512m -Xmx512m'
[2021-11-19 09:06:27,681][INFO ][container.run            ] Copying certs from /etc/openshift/elasticsearch/secret to /etc/elasticsearch//secret
[2021-11-19 09:06:27,690][INFO ][container.run            ] Building required p12 files and truststore
keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available

    Image:          registry.redhat.io/openshift-logging/elasticsearch6-rhel8@sha256:c0d9de490b092e144c273a6af31e0d377271a05d5d669dac18f2dc5f7db9ed90
    Image ID:       registry.redhat.io/openshift-logging/elasticsearch6-rhel8@sha256:9d5939f90c1292f783d65e9b83ed2c60268c2bdfed44e7fc2b0298ce222de87d

clones

LOG-1974 Elasticsearch pods fails to start with ‘keytool error: java.io.IOException: parseAlgParameters failed: PBE AlgorithmParameters not available’ error on a FIPS enabled cluster

Closed

links to

Elasticsearch from openshift-logging does not start anymore when FIPS is enabled

Assignee:: Shweta Padubidri

Reporter:: Ishwar Kanse

QA Contact:: Qiaoling Tang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021/11/19 9:08 AM

Updated:: 2023/01/23 9:36 AM

Resolved:: 2022/01/28 2:57 PM

Estimated:

Not Specified

Remaining:

Logged:

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Time Tracking