Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2160
Views
0
Helpful
1
Replies

Ansible copy broken for release 19.1.0

Go to solution
richwood
Level 1
Level 1

‎07-12-2019 01:53 AM

Hi,

 

I've been playing with the anisble viptela workshop in VIRL (https://github.com/ciscops/viptela-workshop), but this appears to be broken in release 19.1.0

 

I get the following error on the vEdge devices:

 

<172.16.1.58> SSH: EXEC sshpass -d10 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="admin"' -o ConnectTimeout=10 -o ControlPath=/home/woodr/.ansible/cp/fd4e0240c8 -tt 172.16.1.58 '/bin/sh -c '"'"'/usr/bin/python /tmp/ansible/admin/ansible-tmp-1562759112.88-161906205160738/AnsiballZ_copy.py && sleep 0'"'"''
<172.16.1.58> (134, 'fips_md.c(147): \r\n/bin/sh: line 1: 10436 Aborted (core dumped) /usr/bin/python /tmp/ansible/admin/ansible-tmp-1562759112.88-161906205160738/AnsiballZ_copy.py\r\n', 'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 23580\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 134\r\nShared connection to 172.16.1.58 closed.\r\n')
<172.16.1.58> Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017

 

The installation works fine on vEdge release 18.4.1, so what changed in release 19.1.0 to break this?

 

The relavant error message is: OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored.

 

This occurs during the execution of the script AnsiballZ_copy.py on the vEdge device, when the python script is unzipping the file.

 

Is this a change in behaviour for 19.1.0 to enforce some additional security? e.g FIPS mode. If so, can it be disabled? 

 

Thanks.

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ekhabaro
Cisco Employee
Cisco Employee

‎07-12-2019 03:48 AM

Hi there,

You're right, OpenSSL library was updated and that led to some issues like for example CSCvp67373.
I advise opening TAC case to investigate on this further, probably it will end up with another bug related to that OpenSSL library upgrade.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ekhabaro
Cisco Employee
Cisco Employee

‎07-12-2019 03:48 AM

Hi there,

You're right, OpenSSL library was updated and that led to some issues like for example CSCvp67373.
I advise opening TAC case to investigate on this further, probably it will end up with another bug related to that OpenSSL library upgrade.
0 Helpful
Customers Also Viewed These Support Documents