OpenShift etcd backup fails with 'FIPS mode is enabled, but the required OpenSSL library is not available'
Environment
- Red Hat OpenShift Container Platform
- 4.13
- 4.14
- 4.15
Issue
The etcd-backup script fails with the error message 'FIPS mode is enabled, but the required OpenSSL library is not available' when executed on a FIPS-enabled OCP cluster prior to version 4.13.12.
This article provides guidance on resolving the etcd-backup failure in FIPS-enabled environments and outlines the specific OpenShift Container Platform releases where the issue has been resolved.
Resolution
This issue has been addressed in the following OpenShift Container Platform releases:
- OCP 4.13.12
- OCP 4.14.0
- OCP 4.15.0
Root Cause
The failure of the etcd-backup script in FIPS-enabled environments is due to a mismatch between the OpenSSL library version required by FIPS mode and the available library version.
Diagnostic Steps
To confirm if your cluster is affected by this issue, follow these steps:
- Attempt to run the etcd-backup script on a FIPS-enabled OCP cluster.
- Observe the error message indicating the absence of the required OpenSSL library.
If you encounter the error message mentioned above, it is likely that your cluster is affected by this issue. To resolve it, consider upgrading to one of the fixed versions listed under the Resolution section.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.