This may or may not help you, but for RHEL7 compatible systems I just have a manually written yum config file like following that I put on one machine (htcondorFIPS.repo) in /etc/yum.repos.d/: ============================================================================ ================= [htcondor-fips] name=HTCondor Stable fips RPM Repository for Redhat Enterprise Linux 7 enabled=1 gpgcheck=0 priority=90 baseurl=https://research.cs.wisc.edu/htcondor/yum/stable/8.8/rhel7/ ============================================================================ =================== Then I do a yum update to refresh all my repos, then I run: "reposync /path/to/directory/with/lots/of/space" (you can also disable your other repos first if you don't want to waste all the disk space with a centos mirror) Following that I use rsync to copy that directory (/path/to/directory/with/lots/of/space) to my NFS Share where I keep all my RHEL7 repos. Then I run "createrepo /path/to/htcondor/on/NFS/Share" Then I can put the following htcondor.repo file in /etc/yum.repos.d/ on all the machines I want to install HTCondor on. ============================================================================ ================= [htcondor-fips] name=HTCondor Stable fips RPM Repository for Redhat Enterprise Linux 7 enabled=1 gpgcheck=0 priority=90 baseurl=file:///path/to/htcondor/on/NFS/Share ============================================================================ =================== Then on the machines I want to install HTCondor on I run "yum clean all && yum update --nogpg && yum install condor --nogpg" (you can get around the nogpg if you sign the repomd.xml with literally any gpg key, I am just always too lazy to do so) Personally I always have rotten luck with manually installing software from tarball like you have, so that's how I do it with yum. I know that doesn't answer your question, but if the goal is to get HTCondor FIPS installed and working, I hope that helps! -Wes Public Content -----Original Message----- From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of Vechinski, Douglas Sent: Friday, July 31, 2020 7:44 AM To: htcondor-users@xxxxxxxxxxx Subject: [External] - Re: [HTCondor-users] Condor_master aborting because of FIPS mode CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. So I've finally had some time to get around to trying this. I downloaded many of the 8.8.9 RPMs from your link and extracted the files from them. After extraction I noticed that there /lib, /lib64, and /libexec subdirectories under the "usr" subdirectory. However, on the tarball from the non-FIPS version that I initially began with, there were just /lib and /libexec subdirectories. Anyway, I copied the files under the "usr" subdirectory over to the NFS share location. Before attempting to start condor_master I thought I'd give condor_config_val a test to see if the config files were being located and such. However, when I attempted to run condor_config_val it complained that it couldn't find some shared libraries (libclassadd.so & libcondor_utils_8_8_9.so). (I assume this would be true for most of the other executables as well). I looked and these libraries are present under the "NFS_path/condor-8.8.9_fips/lib64" directory. Comparing with the non-FIPS layout, these libraries are located under the /lib subdirectory (in the associated location where the tarball was extracted). If I do an ldd on the non-FIPS executable, it seems to located these libraries with a path something like "NFS_path/condor-8.8.9/bin/../lib/libclassadd.so". However, on the corresponding FIPS executable, when I do an ldd, it simply is unable to locate it. I'm guessing that is it trying to find in under /lib64 (or /usr/lib64) relative to the system root directory and n! ot something like "NFS_path/condor-8.8.9_fips/bin/../lib64". (Note, I tried making symbolic links for those files in lib64 to lib in this NFS location but that didn't work.) As a test, I set my LD_LIBRARY_PATH environment variable to include "NFS_path/condor-8.8.9_fips/lib64" and then was able to run condor_config_val. I don't really want to do this as every user and root would have to set this. I assume something could be done with /etc/ld.so.conf but I assume I would have to do this on each system that is added to the pool. Any other solutions? And, why does the non-FIPS version from the tarball know to look in a lib directory this is relative to executable location and the FIPS version does not? _______________________________________________ HTCondor-users mailing list To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You can also unsubscribe by visiting https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Flists.cs. wisc.edu%2Fmailman%2Flistinfo%2Fhtcondor-users&data=02%7C01%7C%7Cff03c8a e99e44dc9dd2708d8355804c0%7Cfae7a2aedf1d444e91bebabb0900b9c2%7C0%7C0%7C63731 7999835236653&sdata=KARL34W290kyottPydSwxEYG0HvO9qlM4%2BU5gkJ5mWg%3D& ;reserved=0 The archives can be found at: https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Flists.cs. wisc.edu%2Farchive%2Fhtcondor-users%2F&data=02%7C01%7C%7Cff03c8ae99e44dc 9dd2708d8355804c0%7Cfae7a2aedf1d444e91bebabb0900b9c2%7C0%7C0%7C6373179998352 36653&sdata=WFGf%2FQwbBSv0zt4hQS913A2Xu08TsD4cYWoeSaM02tU%3D&reserve d=0
Attachment:
smime.p7s
Description: S/MIME cryptographic signature