4:53 a.m.
Hello,
my Fedora update
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b727e91aa8
has one passed automated test fedora-ci.koji-build.tier0.functional
with link pointing to
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/je...
However, access to that URL from Fedora 33's Firefox
firefox-84.0.2-1.fc33.x86_64 results in
Secure Connection Failed
An error occurred during a connection to
jenkins-continuous-infra.apps.ci.centos.org.
PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because
the authenticity of the received data could not be
verified.
Please contact the website owners to inform them of this problem.
Even accessing it via curl fails:
$ curl -k
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/je...
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
jenkins-continuous-infra.apps.ci.centos.org:443
Checking with openssl shows that there is not certificate / encryption
offered (?):
$ openssl s_client -connect jenkins-continuous-infra.apps.ci.centos.org:443
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 337 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Could the Jenkins instance used for Fedora CI have its certificates
fixed or have some frontend proxy in from of them so that access from
contemporary Fedora versions works?
--
Jan Pazdziora
Product Owner, Platform Security Readiness, Red Hat
7:05 a.m.
Hi there,
This update is ~5 months old. We moved to a different cluster in the
meantime. The old cluster has been (afaik) decommissioned.
The new cluster is: https://osci-jenkins-1.ci.fedoraproject.org
I can rerun the tests for you so you get a new URL in Bodhi.
Thanks,
Michal
On Mon, Mar 1, 2021 at 12:01 PM Jan Pazdziora <jpazdziora(a)redhat.com> wrote:
Hello,
my Fedora update
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b727e91aa8
has one passed automated test fedora-ci.koji-build.tier0.functional
with link pointing to
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/je...
However, access to that URL from Fedora 33's Firefox
firefox-84.0.2-1.fc33.x86_64 results in
Secure Connection Failed
An error occurred during a connection to
jenkins-continuous-infra.apps.ci.centos.org.
PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because
the authenticity of the received data could not be
verified.
Please contact the website owners to inform them of this
problem.
Even accessing it via curl fails:
$ curl -k
https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/je...
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
jenkins-continuous-infra.apps.ci.centos.org:443
Checking with openssl shows that there is not certificate / encryption
offered (?):
$ openssl s_client -connect
jenkins-continuous-infra.apps.ci.centos.org:443
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 337 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Could the Jenkins instance used for Fedora CI have its certificates
fixed or have some frontend proxy in from of them so that access from
contemporary Fedora versions works?
--
Jan Pazdziora
Product Owner, Platform Security Readiness, Red Hat
_______________________________________________
CI mailing list -- ci(a)lists.fedoraproject.org
To unsubscribe send an email to ci-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
9:36 a.m.
On Mon, Mar 01, 2021 at 02:05:42PM +0100, Michal Srb wrote:
Hi there,
This update is ~5 months old. We moved to a different cluster in the
meantime. The old cluster has been (afaik) decommissioned.
The new cluster is: https://osci-jenkins-1.ci.fedoraproject.org
Were the old runs migrated to the new cluster, or have they just
gotten lost? In the first case, could the links shown by Bodhi be fixed?
In the second case, could Bodhi just say something like "results are
no longer available but we believe they were pass", instead of having
the user land on known broken URL?
I can rerun the tests for you so you get a new URL in Bodhi.
That's not necessary, I was actually after the original results.
Thank you,
--
Jan Pazdziora
Product Owner, Platform Security Readiness, Red Hat
12:58 p.m.
On Mon, 2021-03-01 at 16:36 +0100, Jan Pazdziora wrote:
On Mon, Mar 01, 2021 at 02:05:42PM +0100, Michal Srb wrote:
> Hi there,
>
> This update is ~5 months old. We moved to a different cluster in the
> meantime. The old cluster has been (afaik) decommissioned.
>
> The new cluster is: https://osci-jenkins-1.ci.fedoraproject.org
Were the old runs migrated to the new cluster, or have they just
gotten lost? In the first case, could the links shown by Bodhi be fixed?
In the second case, could Bodhi just say something like "results are
no longer available but we believe they were pass", instead of having
the user land on known broken URL?
The Bodhi URLs are taken/generated from ResultsDB data, I believe, and
I don't think anyone did a mass update on that.
--
Adam Williamson
Fedora QA
IRC: adamw | Twitter: adamw_ha
https://www.happyassassin.net
1:54 p.m.
Hi there,
On Mon, Mar 1, 2021 at 4:44 PM Jan Pazdziora <jpazdziora(a)redhat.com> wrote:
On Mon, Mar 01, 2021 at 02:05:42PM +0100, Michal Srb wrote:
> Hi there,
>
> This update is ~5 months old. We moved to a different cluster in the
> meantime. The old cluster has been (afaik) decommissioned.
>
> The new cluster is: https://osci-jenkins-1.ci.fedoraproject.org
Were the old runs migrated to the new cluster, or have they just
gotten lost? In the first case, could the links shown by Bodhi be fixed?
In the second case, could Bodhi just say something like "results are
no longer available but we believe they were pass", instead of having
the user land on known broken URL?
I don't know how the old cluster was configured, but we only keep logs for
45 days on the new cluster. I think it was pretty much the same on the old
cluster as well, so we did not bother migrating anything (the old and new
clusters were running simultaneously for couple of months). If you need
results for some older Bodhi update, you can do "bodhi updates
trigger-tests <update-id>".
Fixing URLs in Bodhi would be tricky... I am going into technical details
here, but the way all this works is that CI pretends that it doesn't know
about Bodhi -- it just tests Bodhi updates and then it broadcasts messages
with URLs and results. Whoever is interested can then intercept the
messages and process them. One such service that listens and processes the
CI messages is ResultsDB, which then remembers a few things from them (like
the overall result and the URLs). Bodhi then only talks to ResultsDB.
So fixing any URLs would mean either testing and broadcasting new messages,
or kinda lying and re-sending the old messages again, with fixed URLs...
meh.
And since Bodhi and CI don't talk to each other, there is currently on way
how CI could share information about its retention policies.
Thanks,
Michal
> I can rerun the tests for you so you get a new URL in Bodhi.
That's not necessary, I was actually after the original results.
Thank you,
--
Jan Pazdziora
Product Owner, Platform Security Readiness, Red Hat
_______________________________________________
CI mailing list -- ci(a)lists.fedoraproject.org
To unsubscribe send an email to ci-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
1164
days inactive
1164
days old
4 comments
3 participants
participants (3)
-
Adam Williamson -
Jan Pazdziora -
Michal Srb