The DX NetOps Performance Management Data Repository cluster, running the Vertica database, is enabled for FIPS.
Attempts to start the dadaemon fail. In the Data Aggregator shutdown.log file, found in the (default path) /opt/IMDataAggregator/apache-karaf-<version> we see the following error.
Vertica VJDBC 6429 Error: The sending password for dauser, encryption algorithm NONE does not match the effective server configured encryption algorithm NONE
All supported DX NetOps Performance Management releases.
The Data Repository cluster was migrated from old hosts to new hosts.
The old cluster hosts were not enabled for FIPS. It's database save was loaded via restore to the new cluster hosts where FIPS was enabled.
As a result the database entry for the dauser was not configured properly to use SHA512 encryption, a requirement of FIPS. Instead it was using MD5 encryption which isn't supported by FIPS.
The error is the result of FIPS rejecting the attempt to connect to the database using a database user with MD5 encryption instead of the supported SHA512 encryption.
We can see the problem running the following command in a Vsql prompt on the Data Repository Vertica database. Note how the dauser is using MD5 encryption.
Run this command to obtain that output:
select * from password_auditor;
The key problem here is transferring a DB from a cluster without FIPS enabled to a cluster with FIPS enabled. When migrating a Vertica cluster ensure the source and destination clusters are configured the same for FIPS before the migration. If the source cluster is not FIPS enabled, ensure the destination cluster is also not enabled for FIPS. After the migration the new destination cluster can then be FIPS enabled.
To resolve this take the following steps:
After making this change the dadaemon service should start and successfully connect to the Data Repository Vertica database cluster.