Troubleshooting
Problem
A failure in the installation of IBM SLS, a prerequisite of Maximo Application Suite, fails in a FIPS-enabled Red Hat OpenShift cluster. An error in the sls-api-licensing pod occurs:
com.ibm.ws.channel.ssl.internal.SSLHandshakeErrorTracker E CWWKO0801E: The SSL connection cannot be initialized from the xxxxxxx host and 47,892 port on the remote client to the xxxxx host and 9,443 port on the local server. Exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
This error prevents the LicenseService custom resource from getting ready.
Symptom
MAS installation fails due to ibm-sls failure.
Cause
The failure occurs because the TLS profiles of the ingress controller and the kube apiserver were not configured to include Semeru ciphers for FIPS support. This configuration is included in the latest version of the MAS DevOps collection (starting in v.17.0.0, released August 2023).
Resolving The Problem
Use the latest version of the MAS DevOps Collection or the MAS CLI Utility for installing MAS. Otherwise, run the ocp_config role with `
OCP_UPDATE_CIPHERS_FOR_SEMERU` set to `True`
to configure the FIPS-enabled cluster's ingress controller and apiserver, ensuring that the latest version of the MAS DevOps collection is used.$ exportOCP_UPDATE_CIPHERS_FOR_SEMERU=True
$ ROLE_NAME=ocp_config ansible-playbook ibm.mas_devops.run_role
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m50000000CbKNAA0","label":"Install"}],"ARM Case Number":"TS015023965","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.11.0"}]
Was this topic helpful?
Document Information
Modified date:
04 January 2024
UID
ibm17104553