Score:0

RHEL 8 Ansible playbooks not working with FIPS enabled

cn flag

I have two sets of Linux VMs in a GCP (Google cloud) environment: Debian9 and RHEL8. The RHEL8 environment is FIPS-140 enabled, due to security/compliance requirements. None of our Ansible playbooks work with the FIPS-enabled RHEL VMs, but still work fine on the Debian VMs. The Linux control host is Debian9 as well.

For the failed RHEL8 playbooks , seeing this log in the Ansible playbook -vvvv output:

ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS

What are some things I can look at to get these Playbooks working withe RHEL8/FIPS VMs?

flowerysong avatar
th flag
You really need to share more context for the error. This line on its own does not tell us what Ansible is doing when the error occurs.
U880D avatar
ca flag
You should have a look into the Debian Stretch (9) control node, the Python implementation there, search for the term `ssh EVP_DigestInit_ex disabled for FIPS`, [SSH command execution failing ...](https://stackoverflow.com/questions/67559170/), [Red Hat Solution #176633](https://access.redhat.com/solutions/176633) and https://github.com/aws/aws-sdk-js/issues/3496.
us flag
Do you have any more information for this question?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.