graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

Unable to install Graylog-server on RHEL8 + FIPS

Open willscavforlabkeys opened this issue 3 years ago • 1 comments

There is a digest mismatch with Graylog's RPM that's preventing me from installing it. Not 100% sure if FIPS matters here, but it's part of my environment.

Expected Behavior

yum install graylog-server works

Current Behavior

When attempting to install graylog-server via yum, the install fails. When you attempt to install the RPM directly, the follow error is returned:

# rpm -ivh graylog-server-4.3.6-1.noarch.rpm 
warning: graylog-server-4.3.6-1.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID b1606f22: NOKEY
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:graylog-server-4.3.6-1           ################################# [100%]
error: unpacking of archive failed on file /etc/graylog/server/log4j2.xml;63235a12: cpio: Digest mismatch
error: graylog-server-4.3.6-1.noarch: install failed

Steps to Reproduce (for bugs)

  1. Have a RHEL8 machine with FIPS enabled.
  2. Download latest Graylog-server - https://packages.graylog2.org/repo/el/stable/4.3/x86_64/graylog-server-4.3.6-1.noarch.rpm
  3. rpm -ivh graylog-server-4.3.6-1.noarch.rpm

Your Environment

  • Graylog Version: 4.3.6-1
  • Java Version: N/A
  • Elasticsearch Version: N/A
  • MongoDB Version: N/A
  • Operating System: RHEL 8 + FIPS enabled
  • Browser version: N/A

Please let me know if there's anything else I can provide :)

willscavforlabkeys avatar Sep 15 '22 17:09 willscavforlabkeys

I am able to install it with --nofiledigest --nodigest added, but this isn't great.

# rpm -ivh --nofiledigest --nodigest graylog-server-4.3.6-1.noarch.rpm 
warning: graylog-server-4.3.6-1.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID b1606f22: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:graylog-server-4.3.6-1           ################################# [100%]
################################################################################
Graylog does NOT start automatically!

Please run the following commands if you want to start Graylog automatically on system boot:

    sudo systemctl enable graylog-server.service

    sudo systemctl start graylog-server.service

################################################################################

willscavforlabkeys avatar Sep 15 '22 17:09 willscavforlabkeys

Graylog 5.0 can be installed on FIPS-enabled systems. I am closing this issue. Please create a new one if you still see related issues. Thank you!

bernd avatar Mar 13 '23 15:03 bernd