After installing 3scale via Operator on Openshift, system-master returns an empty response to "http://token@system-maste/master/api/proxy/configs/production.json"
In the logs:
[c3a40a01-96e5-4ae1-9dd1-dabd1db6f7f0] [system-master] [10.179.12.244] Started GET "/master/api/proxy/configs/production.json" for 10.179.12.244 at 2020-07-28 16:09:34 +0000 [c3a40a01-96e5-4ae1-9dd1-dabd1db6f7f0] [system-master] [10.179.12.244] Processing by Master::Api::Proxy::ConfigsController#index as JSON [c3a40a01-96e5-4ae1-9dd1-dabd1db6f7f0] [system-master] [10.179.12.244] Parameters: {"environment"=>"production"} [c3a40a01-96e5-4ae1-9dd1-dabd1db6f7f0] [system-master] [10.179.12.244] PermissionEnforcer: level = ro [c3a40a01-96e5-4ae1-9dd1-dabd1db6f7f0] [system-master] [10.179.12.244] 'master/api/proxy/configs/index' file doesn't exist, so no dependencies [c3a40a01-96e5-4ae1-9dd1-dabd1db6f7f0] [system-master] [10.179.12.244] Couldn't find template for digesting: master/api/proxy/configs/index md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode! E, [2020-07-28T16:09:35.838647 #1] ERROR -- : reaped #<Process::Status: pid 599 SIGABRT (signal 6) (core dumped)> worker=1 [e493e56b-b19d-4b19-96da-0a9f6a64c4fe] [system-master] [10.179.12.244] Started GET "/master/api/proxy/configs/admin/api/services.json" for 10.179.12.244 at 2020-07-28 16:09:35 +0000 I, [2020-07-28T16:09:35.852982 #616] INFO -- : worker=1 ready [e493e56b-b19d-4b19-96da-0a9f6a64c4fe] [system-master] [10.179.12.244] [e493e56b-b19d-4b19-96da-0a9f6a64c4fe] [system-master] [10.179.12.244] ActionController::RoutingError (No route matches [GET] "/master/api/proxy/configs/admin/api/services.json"): [e493e56b-b19d-4b19-96da-0a9f6a64c4fe] [system-master] [10.179.12.244]
The requirement is to be able to use 3scale with FIPS mode enabled.
Notes
In the past Java was an opt-in model, so they had to configure to run in FIPS. Now with RHEL 8, and OS is in FIPS mode, OpenJDK will swap the providers it is using. You have to specifically opt out. https://github.com/RedHatGov/fips-openjdk-rhel. FAQ for Engineering FAQs on FIPS
For an explanation of why THREESCALE-6316 is a requirement for this issue, please see this comment. The following statement is part of that comment.
It’s worth mentioning that nobody in the team is familiar with FIPS so there is a lot of uncertainty. It’s quite likely that other matters will arise.
It's important to understand this uncertainty. In other words, we know that an upgrade to 5.2 is necessary to run 3scale on OCP with FIPS mode enabled. However, we cannot be sure of what else is necessary until we finish the upgrade.
Other resource:
https://github.com/rails/rails/issues/31203#issuecomment-381449887
See also the description of this PR https://github.com/3scale/porta/pull/2601
- is blocked by
-
THREESCALE-8610 Zync does not create routes on FIPS enabled cluster
- Closed
-
THREESCALE-6316 Upgrade to rails 5.2.z
- Closed
- links to
- mentioned on