Enforced FIPS LUKS; Unable to View Stored Documents


We have two separate clusters of three nodes. It has been working well for awhile, but recently we needed to enforce FIPS LUKS on the disks for CLUSTER_1. This meant moving the data off of the partition, encrypting the disk, moving the data back. And enforcing the use of FIPS approved ciphers on the system.

Issue 1
Now, I can connect to port 8091 well enough. The buckets are there. But the documents are not. The data appears to be there on the file system - there’s several hundred items within the bucket. But in the web console on port 8091, when I look at the bucket, the item count is 0.

Issue 2
Additionally, we are no longer able to continue using cbbackup and cbrestore from CLUSTER_2 (nonfips) to CLUSTER_1 (fips). Appears to be related to encryption keys. Result of cbrestore is:

Exception in thread s3:

Traceback (most recent call last):
File “/usr/lib64/python2.6/threading.py”,
line 532, in __bootstrap_inner
File “/usr/lib64/python2.6/threading.py”,
line 484, in run
"/opt/couchbase/lib/python/pump_mc.py", line 90, in run
rv, batch, need_backoff =
self.scatter_gather(mconns, batch)
File “/opt/couchbase/lib/python/pump_cb.py”,
line 71, in scatter_gather
rv, conn = self.find_conn(mconns,
vbucket_id, msgs)
"/opt/couchbase/lib/python/pump_cb.py", line 326, in find_conn
rv, conn = CBSink.connect_mc(host, port,
user, pswd)
File “/opt/couchbase/lib/python/pump_mc.py”,
line 331, in connect_mc
"/opt/couchbase/lib/python/cb_bin_client.py", line 261, in
dig = hmac.HMAC(password,
File “/usr/lib64/python2.6/hmac.py”, line
49, in init
self.outer = self.digest_cons()
error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips