#9162 Errata's Test Gating says Failed to talk to Greenwave.
Opened 14 days ago by adelton. Modified 3 hours ago

My errata https://bodhi.fedoraproject.org/updates/FEDORA-2020-cfbed9c9ff shows in the right column in Test Gating section

Failed to talk to Greenwave.

in red.

That seems not expected and I don't see any explanation about what it means, what it breaks, and how to fix it.


curl -I https://greenwave-web-greenwave.app.os.fedoraproject.org/api/v1.0/policies
curl: (60) SSL certificate problem: certificate has expired

I think we should just tell bodhi to use the new URL for greenwave, it's been using this legacy one for a while now...

Looking around, it looks like we'll need to update that certificate. Nagios, waiverdb, bodhi, greenwave are all relying on this domain.

So the symptoms have been fixed by migrating bodhi and greenwave to the newer URL format but the underlying issue (cert expired) has not been fixed.

We may still have to do it. Especially considering it is in the redirect_uris field of the client_secrets.json for waiverdb, so this may impact user's capabilities to login against waiverdb.

Thanks, https://bodhi.fedoraproject.org/updates/FEDORA-2020-cfbed9c9ff now shows that fedora-ci.koji-build.rpminspect.static-analysis was run.

Metadata Update from @smooge:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: groomed, high-trouble, medium-gain

14 days ago

We should setup cert-manager in our openshift and get all these endpoints to use letsencrypt and then it would auto renew them, etc.

Metadata Update from @kevin:
- Issue untagged with: groomed, high-trouble, medium-gain
- Issue priority set to: Needs Review (was: Waiting on Assignee)

14 days ago

Metadata Update from @kevin:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: groomed, high-gain, medium-trouble

14 days ago

For the record, @pingou 's similar change to the checkcompose group vars was fine and appropriate. I've also updated the default in check-compose's own code. check-compose asks Greenwave for the gating status of a Rawhide compose when it's checking it, and includes that in the report; this was intended as a precursor to actually turning on compose gating (which we still haven't done), the idea being the compose check reports let us see at a glance how often composes are passing or failing the planned gating requirements.

So the symptoms have been fixed by migrating bodhi and greenwave

This still breaks sending waivers with waiverdb-cli:

requests.exceptions.SSLError: HTTPSConnectionPool(host='waiverdb-web-waiverdb.app.os.fedoraproject.org', port=443): Max retries exceeded with url: /api/v1.0/waivers/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1108)')))

This still breaks sending waivers with waiverdb-cli:

This may work via bodhi (bodhi updates waive) but I would not be surprised if it does not either.

@pingou : Interesting, bodhi updates waive did indeed work. Thanks for the hint, I wasn't aware of that command yet.

As soon as I can stand up the staging openshift cluster, we can install cert-manager and have it handle these... then roll to prod.

We sent several bodhi updates yesterday where tests were triggered fine, and talking to greenwave worked. Sounds like this got resolved?

Login to comment on this ticket.

Metadata