Gitlab Omnibus reconfigure with FIPS mode

I updated my Gitlab CE to 8.11 from 8.10 and when i try to reconfigure i get the following error:

/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/chef-config-12.12.15/lib/chef-config/config.rb:1012:in `fips_mode=’: This version of OpenSSL does not support FIPS mode (OpenSSL::OpenSSLError)

Omnibus is running OpenSSL 1.0.2h. I am not very familiar with FIPS other than it is required on this system. Is there anything I can do to gte Gitlab omnibus to use a FIPS compliant OpenSSL?

Or any other solution?

Thank you,

R

I tried replacing /opt/gitlab/embededed/openssl with a link to /user/bin/openssl but that did not work.

Just to get the thing running again i commented out the line:

           !ENV("CHEF_FIPS"}.nil? || chefconfig.fips

In the Ruby 2.3 config.rb file.

I’m affected by the same FIPS-related issue here. I can run “CHEF_FIPS= gitlab-ctl reconfigure” and have it complete successfully, but I’m trying to get a configuration in place so that the omnibus package can be updated non-interactively.

I’ve tried adding the following to /etc/gitlab/gitlab.rb:

gitlab_rails['env'] = {
  "CHEF_FIPS" => "",
}

reconfiguring and restarting gitlab prior to the package update, but it has no affect, the same openssl error as the original poster (updated):

/opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/chef-config-13.6.4/lib/chef-config/config.rb:1079:in `fips_mode=': This version of OpenSSL does not support FIPS mode (OpenSSL::OpenSSLError)

Are there any other methods than can be applied here to enable unattended upgrades?

Anyone have any clues? Been almost 3 years and I am having the same issues upon reconfiguring.

I had it working many months ago but I don’t recall what I did.