07-12-2019 01:53 AM
Hi,
I've been playing with the anisble viptela workshop in VIRL (https://github.com/ciscops/viptela-workshop), but this appears to be broken in release 19.1.0
I get the following error on the vEdge devices:
<172.16.1.58> SSH: EXEC sshpass -d10 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="admin"' -o ConnectTimeout=10 -o ControlPath=/home/woodr/.ansible/cp/fd4e0240c8 -tt 172.16.1.58 '/bin/sh -c '"'"'/usr/bin/python /tmp/ansible/admin/ansible-tmp-1562759112.88-161906205160738/AnsiballZ_copy.py && sleep 0'"'"''
<172.16.1.58> (134, 'fips_md.c(147): \r\n/bin/sh: line 1: 10436 Aborted (core dumped) /usr/bin/python /tmp/ansible/admin/ansible-tmp-1562759112.88-161906205160738/AnsiballZ_copy.py\r\n', 'OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 23580\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 134\r\nShared connection to 172.16.1.58 closed.\r\n')
<172.16.1.58> Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
The installation works fine on vEdge release 18.4.1, so what changed in release 19.1.0 to break this?
The relavant error message is: OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored.
This occurs during the execution of the script AnsiballZ_copy.py on the vEdge device, when the python script is unzipping the file.
Is this a change in behaviour for 19.1.0 to enforce some additional security? e.g FIPS mode. If so, can it be disabled?
Thanks.
Solved! Go to Solution.
07-12-2019 03:48 AM
07-12-2019 03:48 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide