Foreman 3.14 (rhel 9/alma 9) /w katello 4.16 - Unable to install/upgrade with FIPS enabled

tyler.wilson · March 31, 2025, 10:50pm

Problem:
I am unable to either fresh install foreman 3.14 w/ katello 4.16 or upgrade to it from 3.13/4.15. (I can successfully install 3.13/4.15 with FIPS enabled.) I get errors on the “db:migrate” rake task. I originally tried on AlmaLinux 9, it was successful without fips enabled, same goes for RHEL 9 that I tried afterwards to validate.

Expected outcome:
Successful installation with FIPS enabled.

Foreman and Proxy versions:
rpm -qa |egrep ‘katello-|foreman-’
foreman-release-3.14.0-1.el9.noarch
katello-repos-4.16.0-1.el9.noarch
foreman-installer-3.14.0-1.el9.noarch
katello-certs-tools-2.10.0-1.el9.noarch
foreman-installer-katello-3.14.0-1.el9.noarch
foreman-selinux-3.14.0-1.el9.noarch
katello-selinux-5.2.0-1.el9.noarch
foreman-fapolicyd-1.0.1-3.el9.noarch
foreman-3.14.0-1.el9.noarch
foreman-postgresql-3.14.0-1.el9.noarch
foreman-service-3.14.0-1.el9.noarch
foreman-dynflow-sidekiq-3.14.0-1.el9.noarch
foreman-redis-3.14.0-1.el9.noarch
katello-common-4.16.0-1.el9.noarch
rubygem-foreman-tasks-10.0.2-1.fm3_14.el9.noarch
rubygem-katello-4.16.0-1.el9.noarch
katello-4.16.0-1.el9.noarch
foreman-proxy-fapolicyd-1.0.1-3.el9.noarch
foreman-proxy-3.14.0-1.el9.noarch
katello-client-bootstrap-1.7.9-2.el9.noarch
rubygem-hammer_cli_foreman-3.14.0-1.el9.noarch
foreman-cli-3.14.0-1.el9.noarch
rubygem-hammer_cli_katello-1.16.0-1.el9.noarch

Distribution and version:
RHEL 9 & AlmaLinux 9

Other relevant data:
Error in log from failed install:
Error 1: Puppet Exec resource ‘foreman-rake-db:migrate’ failed. Logs:
/Stage[main]/Foreman::Database/Foreman::Rake[db:migrate]/Exec[foreman-rake-db:migrate]
Adding autorequire relationship with User[foreman]
Starting to evaluate the resource (1115 of 1371)
Failed to call refresh: ‘/usr/sbin/foreman-rake db:migrate’ returned 1 instead of one of [0]
‘/usr/sbin/foreman-rake db:migrate’ returned 1 instead of one of [0]
Evaluated in 26.82 seconds
Execforeman-rake-db:migrate
Executing check ‘/usr/sbin/foreman-rake db:abort_if_pending_migrations’
Executing ‘/usr/sbin/foreman-rake db:migrate’
Executing check ‘/usr/sbin/foreman-rake db:abort_if_pending_migrations’
Executing ‘/usr/sbin/foreman-rake db:migrate’
/Stage[main]/Foreman::Database/Foreman::Rake[db:migrate]/Exec[foreman-rake-db:migrate]/unless
rake aborted!
OpenSSL::Digest::DigestError: Digest initialization failed: initialization error
/usr/share/gems/gems/activesupport-7.0.8.7/lib/active_support/digest.rb:18:in hexdigest' /usr/share/gems/gems/angular-rails-templates-1.2.2/lib/angular-rails-templates/engine.rb:44:in block in class:Engine’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:32:in instance_exec' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:32:in run’
/usr/share/foreman/config/initializers/0_print_time_spent.rb:45:in block in run' /usr/share/foreman/config/initializers/0_print_time_spent.rb:17:in benchmark’
/usr/share/foreman/config/initializers/0_print_time_spent.rb:45:in run' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:61:in block in run_initializers’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:60:in run_initializers' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:372:in initialize!’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/railtie.rb:226:in public_send' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/railtie.rb:226:in method_missing’
/usr/share/foreman/config/environment.rb:5:in <top (required)>' <internal:/usr/share/rubygems/rubygems/core_ext/kernel_require.rb>:85:in require’
internal:/usr/share/rubygems/rubygems/core_ext/kernel_require.rb:85:in require' /usr/share/gems/gems/polyglot-0.3.5/lib/polyglot.rb:65:in require’
/usr/share/gems/gems/zeitwerk-2.6.18/lib/zeitwerk/kernel.rb:34:in require' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:348:in require_environment!’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:506:in block in run_tasks_blocks' /usr/share/gems/gems/rake-13.0.3/exe/rake:27:in <top (required)>’
Tasks: TOP => db:abort_if_pending_migrations => db:load_config => environment
(See full trace by running task with --trace)
rake aborted!
OpenSSL::Digest::DigestError: Digest initialization failed: initialization error
/usr/share/gems/gems/activesupport-7.0.8.7/lib/active_support/digest.rb:18:in hexdigest' /usr/share/gems/gems/angular-rails-templates-1.2.2/lib/angular-rails-templates/engine.rb:44:in block in class:Engine’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:32:in instance_exec' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:32:in run’
/usr/share/foreman/config/initializers/0_print_time_spent.rb:45:in block in run' /usr/share/foreman/config/initializers/0_print_time_spent.rb:17:in benchmark’
/usr/share/foreman/config/initializers/0_print_time_spent.rb:45:in run' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:61:in block in run_initializers’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:60:in run_initializers' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:372:in initialize!’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/railtie.rb:226:in public_send' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/railtie.rb:226:in method_missing’
/usr/share/foreman/config/environment.rb:5:in <top (required)>' <internal:/usr/share/rubygems/rubygems/core_ext/kernel_require.rb>:85:in require’
internal:/usr/share/rubygems/rubygems/core_ext/kernel_require.rb:85:in require' /usr/share/gems/gems/polyglot-0.3.5/lib/polyglot.rb:65:in require’
/usr/share/gems/gems/zeitwerk-2.6.18/lib/zeitwerk/kernel.rb:34:in require' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:348:in require_environment!’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:506:in block in run_tasks_blocks' /usr/share/gems/gems/rake-13.0.3/exe/rake:27:in <top (required)>’
Tasks: TOP => db:abort_if_pending_migrations => db:load_config => environment
(See full trace by running task with --trace)
/Stage[main]/Foreman::Database/Foreman::Rake[db:migrate]/Exec[foreman-rake-db:migrate]/returns
rake aborted!
OpenSSL::Digest::DigestError: Digest initialization failed: initialization error
/usr/share/gems/gems/activesupport-7.0.8.7/lib/active_support/digest.rb:18:in hexdigest' /usr/share/gems/gems/angular-rails-templates-1.2.2/lib/angular-rails-templates/engine.rb:44:in block in class:Engine’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:32:in instance_exec' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:32:in run’
/usr/share/foreman/config/initializers/0_print_time_spent.rb:45:in block in run' /usr/share/foreman/config/initializers/0_print_time_spent.rb:17:in benchmark’
/usr/share/foreman/config/initializers/0_print_time_spent.rb:45:in run' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:61:in block in run_initializers’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:60:in run_initializers' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:372:in initialize!’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/railtie.rb:226:in public_send' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/railtie.rb:226:in method_missing’
/usr/share/foreman/config/environment.rb:5:in <top (required)>' <internal:/usr/share/rubygems/rubygems/core_ext/kernel_require.rb>:85:in require’
internal:/usr/share/rubygems/rubygems/core_ext/kernel_require.rb:85:in require' /usr/share/gems/gems/polyglot-0.3.5/lib/polyglot.rb:65:in require’
/usr/share/gems/gems/zeitwerk-2.6.18/lib/zeitwerk/kernel.rb:34:in require' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:348:in require_environment!’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:506:in block in run_tasks_blocks' /usr/share/gems/gems/rake-13.0.3/exe/rake:27:in <top (required)>’
Tasks: TOP => db:migrate => db:load_config => environment
(See full trace by running task with --trace)
change from ‘notrun’ to [‘0’] failed: ‘/usr/sbin/foreman-rake db:migrate’ returned 1 instead of one of [0]
rake aborted!
OpenSSL::Digest::DigestError: Digest initialization failed: initialization error
/usr/share/gems/gems/activesupport-7.0.8.7/lib/active_support/digest.rb:18:in hexdigest' /usr/share/gems/gems/angular-rails-templates-1.2.2/lib/angular-rails-templates/engine.rb:44:in block in class:Engine’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:32:in instance_exec' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:32:in run’
/usr/share/foreman/config/initializers/0_print_time_spent.rb:45:in block in run' /usr/share/foreman/config/initializers/0_print_time_spent.rb:17:in benchmark’
/usr/share/foreman/config/initializers/0_print_time_spent.rb:45:in run' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:61:in block in run_initializers’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/initializable.rb:60:in run_initializers' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:372:in initialize!’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/railtie.rb:226:in public_send' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/railtie.rb:226:in method_missing’
/usr/share/foreman/config/environment.rb:5:in <top (required)>' <internal:/usr/share/rubygems/rubygems/core_ext/kernel_require.rb>:85:in require’
internal:/usr/share/rubygems/rubygems/core_ext/kernel_require.rb:85:in require' /usr/share/gems/gems/polyglot-0.3.5/lib/polyglot.rb:65:in require’
/usr/share/gems/gems/zeitwerk-2.6.18/lib/zeitwerk/kernel.rb:34:in require' /usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:348:in require_environment!’
/usr/share/gems/gems/railties-7.0.8.7/lib/rails/application.rb:506:in block in run_tasks_blocks' /usr/share/gems/gems/rake-13.0.3/exe/rake:27:in <top (required)>’
Tasks: TOP => db:migrate => db:load_config => environment
katello.log (2.2 MB)

evgeni · April 1, 2025, 9:43am

This is Bug #38118: FIPS-enabled deployment fails with Rails 7 - Katello - Foreman and fixed in nightly.

@katello do you want to backport this fix to 4.16.1?

iballou · April 1, 2025, 2:29pm

cc @qcjames53

@evgeni I’m marking it for Katello 4.16.1. It looks like it should only need a packaging backport, gem.add_dependency "angular-rails-templates", "~> 1.1" (in Katello’s gemspec) should cover angular-rails-templates (1.3.1)

evgeni · April 1, 2025, 2:43pm

Correct, just picking that one package should do it.

iballou · April 1, 2025, 3:28pm

Here we are Update rubygem-angular-rails-templates to 1.3.1 by ianballou · Pull Request #11903 · theforeman/foreman-packaging · GitHub

tyler.wilson · April 1, 2025, 3:44pm

I wasn’t expecting such a fast response on this. (fips is a weird one as is) I’ll follow the github issue.
Thanks all, for what you do!