[JIRA] (OVIRT-1692) GetBadges notification broken
by Evgheni Dereveanchin (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-1692?page=com.atlassian.jir... ]
Evgheni Dereveanchin reassigned OVIRT-1692:
-------------------------------------------
Assignee: Evgheni Dereveanchin (was: infra)
> GetBadges notification broken
> -----------------------------
>
> Key: OVIRT-1692
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1692
> Project: oVirt - virtualization made easy
> Issue Type: Bug
> Components: oVirt CI
> Reporter: Evgheni Dereveanchin
> Assignee: Evgheni Dereveanchin
> Priority: High
>
> getbadges.io changed their certificate yesterday. This is causing webhook to fail as Java does not trust this cert:
> 10:14:15 Failed to notify endpoint with url 'https://ovirt-ovirt-engine.getbadges.io/api/app/webhook/66f43bb2-6b98-4aa...' - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> Jenkins was updated yesterday as well so Java is the latest version. We may need to disable this webhook in order not to confuse users with irrelevant stack traces
> Sample jobs:
> http://jenkins.ovirt.org/job/jenkins_master_check-patch-el7-x86_64/2798/c...
> http://jenkins.ovirt.org/job/jenkins_master_check-patch-fcraw-x86_64/12/c...
> Both of them failed for other reasons, but the stack trace at the end is misleading and confusing.
> More info on the certificate:
> Issued To
> Common Name (CN) *.getbadges.io
> Organizational Unit (OU) Domain Control Validated
> Issued By
> Common Name (CN) AlphaSSL CA - SHA256 - G2
> Organization (O) GlobalSign nv-sa
> Organizational Unit (OU) <Not Part Of Certificate>
> Validity Period
> Issued On Wednesday, October 11, 2017 at 2:31:02 PM
> Expires On Friday, October 12, 2018 at 2:31:02 PM
> Fingerprints
> SHA-256 Fingerprint C4 06 EB 35 C4 CF CB FB 6E 0B CF 2D E3 39 5E E8 94 03 2F 7C 5D E6 8A B6 F7 EE C6 1E 05 89 C8 7D
> SHA-1 Fingerprint DF 87 99 7E 0A E7 98 21 D4 13 9A 49 BE 86 1C 87 6B A0 BA 5B
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100065)
7 years, 3 months
[JIRA] (OVIRT-1692) GetBadges notification broken
by Evgheni Dereveanchin (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-1692?page=com.atlassian.jir... ]
Evgheni Dereveanchin commented on OVIRT-1692:
---------------------------------------------
Just some more info on where I expect this error to come from:
- java should use $JAVA_HOME/lib/security/cacerts file as its trust store
- in our case, this is a symlink:
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el7_4.x86_64/jre/lib/security/cacerts -> ../../../../../../../etc/pki/java/cacerts
- this file is owned by ca-certificates
rpm -qf /etc/pki/java/cacerts
ca-certificates-2017.2.14-71.el7.noarch
- this file does not contain the intermediate CA, just the top one:
keytool -v -list -keystore /etc/pki/java/cacerts | grep -e "52:A4:1D:82:9C" -e "58:94:9C:F9:EC"
Enter keystore password: changeit
SHA1: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
This means that the web server does not send the full trust chain, and Jenkins cannot reconstruct it. It is a web server misconfiguration, as confirmed by SSL tests:
https://www.ssllabs.com/ssltest/analyze.html?d=ovirt-ovirt-engine.getbadg...
Will send this info to GetBadges as it should be fixed on their side.
> GetBadges notification broken
> -----------------------------
>
> Key: OVIRT-1692
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1692
> Project: oVirt - virtualization made easy
> Issue Type: Bug
> Components: oVirt CI
> Reporter: Evgheni Dereveanchin
> Assignee: infra
> Priority: High
>
> getbadges.io changed their certificate yesterday. This is causing webhook to fail as Java does not trust this cert:
> 10:14:15 Failed to notify endpoint with url 'https://ovirt-ovirt-engine.getbadges.io/api/app/webhook/66f43bb2-6b98-4aa...' - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> Jenkins was updated yesterday as well so Java is the latest version. We may need to disable this webhook in order not to confuse users with irrelevant stack traces
> Sample jobs:
> http://jenkins.ovirt.org/job/jenkins_master_check-patch-el7-x86_64/2798/c...
> http://jenkins.ovirt.org/job/jenkins_master_check-patch-fcraw-x86_64/12/c...
> Both of them failed for other reasons, but the stack trace at the end is misleading and confusing.
> More info on the certificate:
> Issued To
> Common Name (CN) *.getbadges.io
> Organizational Unit (OU) Domain Control Validated
> Issued By
> Common Name (CN) AlphaSSL CA - SHA256 - G2
> Organization (O) GlobalSign nv-sa
> Organizational Unit (OU) <Not Part Of Certificate>
> Validity Period
> Issued On Wednesday, October 11, 2017 at 2:31:02 PM
> Expires On Friday, October 12, 2018 at 2:31:02 PM
> Fingerprints
> SHA-256 Fingerprint C4 06 EB 35 C4 CF CB FB 6E 0B CF 2D E3 39 5E E8 94 03 2F 7C 5D E6 8A B6 F7 EE C6 1E 05 89 C8 7D
> SHA-1 Fingerprint DF 87 99 7E 0A E7 98 21 D4 13 9A 49 BE 86 1C 87 6B A0 BA 5B
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100065)
7 years, 3 months
[JIRA] (OVIRT-1692) GetBadges notification broken
by eyal edri (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-1692?page=com.atlassian.jir... ]
eyal edri commented on OVIRT-1692:
----------------------------------
I merged https://gerrit.ovirt.org/#/c/82795/ to fix the error for now, but please folllow up with GetBadges and see if they can fix it, I'll add you as Game admin as well.
> GetBadges notification broken
> -----------------------------
>
> Key: OVIRT-1692
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1692
> Project: oVirt - virtualization made easy
> Issue Type: Bug
> Components: oVirt CI
> Reporter: Evgheni Dereveanchin
> Assignee: infra
> Priority: High
>
> getbadges.io changed their certificate yesterday. This is causing webhook to fail as Java does not trust this cert:
> 10:14:15 Failed to notify endpoint with url 'https://ovirt-ovirt-engine.getbadges.io/api/app/webhook/66f43bb2-6b98-4aa...' - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> Jenkins was updated yesterday as well so Java is the latest version. We may need to disable this webhook in order not to confuse users with irrelevant stack traces
> Sample jobs:
> http://jenkins.ovirt.org/job/jenkins_master_check-patch-el7-x86_64/2798/c...
> http://jenkins.ovirt.org/job/jenkins_master_check-patch-fcraw-x86_64/12/c...
> Both of them failed for other reasons, but the stack trace at the end is misleading and confusing.
> More info on the certificate:
> Issued To
> Common Name (CN) *.getbadges.io
> Organizational Unit (OU) Domain Control Validated
> Issued By
> Common Name (CN) AlphaSSL CA - SHA256 - G2
> Organization (O) GlobalSign nv-sa
> Organizational Unit (OU) <Not Part Of Certificate>
> Validity Period
> Issued On Wednesday, October 11, 2017 at 2:31:02 PM
> Expires On Friday, October 12, 2018 at 2:31:02 PM
> Fingerprints
> SHA-256 Fingerprint C4 06 EB 35 C4 CF CB FB 6E 0B CF 2D E3 39 5E E8 94 03 2F 7C 5D E6 8A B6 F7 EE C6 1E 05 89 C8 7D
> SHA-1 Fingerprint DF 87 99 7E 0A E7 98 21 D4 13 9A 49 BE 86 1C 87 6B A0 BA 5B
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100065)
7 years, 3 months
[JIRA] (OVIRT-1699) Add a 4.2 CQ flow
by eyal edri (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-1699?page=com.atlassian.jir... ]
eyal edri updated OVIRT-1699:
-----------------------------
Epic Link: OVIRT-400
> Add a 4.2 CQ flow
> ------------------
>
> Key: OVIRT-1699
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1699
> Project: oVirt - virtualization made easy
> Issue Type: Task
> Components: oVirt CI
> Reporter: eyal edri
> Assignee: infra
>
> As discussed, we need to start preparing a 4.2 flow for CQ so projects which branched for 4.2 will be able to publish their artifacts and also to start preparing the work for the stable branch of 4.2 due in the coming months.
> Initial work for running OST On 4.2 is done via: https://gerrit.ovirt.org/#/c/81969/
> Which is basically a clone of 4.1, with empty 4.2 tested repo for now ( disabled for now ).
> Once we start getting more and more projects into the 4.2 branch, we can also move to run 4.2 tests ( which will fail now because they need code from master )
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100065)
7 years, 3 months
[JIRA] (OVIRT-1699) Add a 4.2 CQ flow
by eyal edri (oVirt JIRA)
eyal edri created OVIRT-1699:
--------------------------------
Summary: Add a 4.2 CQ flow
Key: OVIRT-1699
URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1699
Project: oVirt - virtualization made easy
Issue Type: Task
Components: oVirt CI
Reporter: eyal edri
Assignee: infra
As discussed, we need to start preparing a 4.2 flow for CQ so projects which branched for 4.2 will be able to publish their artifacts and also to start preparing the work for the stable branch of 4.2 due in the coming months.
Initial work for running OST On 4.2 is done via: https://gerrit.ovirt.org/#/c/81969/
Which is basically a clone of 4.1, with empty 4.2 tested repo for now ( disabled for now ).
Once we start getting more and more projects into the 4.2 branch, we can also move to run 4.2 tests ( which will fail now because they need code from master )
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100065)
7 years, 3 months
Build failed in Jenkins: system-sync_mirrors-centos-updates-el7-x86_64 #887
by jenkins@jenkins.phx.ovirt.org
See <http://jenkins.ovirt.org/job/system-sync_mirrors-centos-updates-el7-x86_6...>
Changes:
[Barak Korren] Capture head commit info from GitHub events
[Barak Korren] Added submission of GitHub changes to CQ
[Barak Korren] Generalized CQ tester pipeline code
------------------------------------------
Started by timer
[EnvInject] - Loading node environment variables.
Building remotely on mirrors.phx.ovirt.org (mirrors) in workspace <http://jenkins.ovirt.org/job/system-sync_mirrors-centos-updates-el7-x86_6...>
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url http://gerrit.ovirt.org/jenkins.git # timeout=10
Cleaning workspace
> git rev-parse --verify HEAD # timeout=10
Resetting working tree
> git reset --hard # timeout=10
> git clean -fdx # timeout=10
Pruning obsolete local branches
Fetching upstream changes from http://gerrit.ovirt.org/jenkins.git
> git --version # timeout=10
> git fetch --tags --progress http://gerrit.ovirt.org/jenkins.git +refs/heads/*:refs/remotes/origin/* --prune
> git rev-parse origin/master^{commit} # timeout=10
Checking out Revision de777d4ec72b2ec19eb51ba6ee87aa33c9dccbea (origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f de777d4ec72b2ec19eb51ba6ee87aa33c9dccbea
Commit message: "Generalized CQ tester pipeline code"
> git rev-list 8b9e9badf566bd609f8a400475fae5e86991cff1 # timeout=10
[system-sync_mirrors-centos-updates-el7-x86_64] $ /bin/bash -xe /tmp/jenkins4057933738137789501.sh
+ jenkins/scripts/mirror_mgr.sh resync_yum_mirror centos-updates-el7 x86_64 jenkins/data/mirrors-reposync.conf
Checking if mirror needs a resync
Traceback (most recent call last):
File "/usr/bin/reposync", line 343, in <module>
main()
File "/usr/bin/reposync", line 175, in main
my.doRepoSetup()
File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 681, in doRepoSetup
return self._getRepos(thisrepo, True)
File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 721, in _getRepos
self._repos.doSetup(thisrepo)
File "/usr/lib/python2.7/site-packages/yum/repos.py", line 157, in doSetup
self.retrieveAllMD()
File "/usr/lib/python2.7/site-packages/yum/repos.py", line 88, in retrieveAllMD
dl = repo._async and repo._commonLoadRepoXML(repo)
File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1478, in _commonLoadRepoXML
self._revertOldRepoXML()
File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 1323, in _revertOldRepoXML
os.rename(old_data['old_local'], old_data['local'])
OSError: [Errno 2] No such file or directory
Build step 'Execute shell' marked build as failure
7 years, 3 months
oVirt infra daily report - unstable production jobs - 475
by jenkins@jenkins.phx.ovirt.org
------=_Part_18_923305106.1508108401800
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Good morning!
Attached is the HTML page with the jenkins status report. You can see it also here:
- http://jenkins.ovirt.org/job/system_jenkins-report/475//artifact/exported...
Cheers,
Jenkins
------=_Part_18_923305106.1508108401800
Content-Type: text/html; charset=us-ascii; name=upstream_report.html
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=upstream_report.html
Content-ID: <upstream_report.html>
<!DOCTYPE html><head><style type="text/css">
table.gridtable {
border-collapse: collapse;
table-layout:fixed;
width:1600px;
font-family: monospace;
font-size:13px;
}
.head {
font-size:20px;
font-family: arial;
}
.sub {
font-size:18px;
background-color:#e5e5e5;
font-family: arial;
}
pre {
font-family: monospace;
display: inline;
white-space: pre-wrap;
white-space: -moz-pre-wrap !important;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word;
}
</style>
</head>
<body>
<table class="gridtable" border=2>
<tr><th colspan=2 class=head>
RHEVM CI Jenkins Daily Report - 15/10/2017
</th></tr><tr><th colspan=2 class=sub>
<font color="blue"><a href="http://jenkins.ovirt.org/">00 Unstable Critical</a></font>
</th></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/ovirt-master_change-queue-tester/">ovirt-master_change-queue-tester</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/ovirt-system-tests_ansible-suite-master/">ovirt-system-tests_ansible-suite-master</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/ovirt-system-tests_hc-basic-suite-master/">ovirt-system-tests_hc-basic-suite-master</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/ovirt-system-tests_he-basic-suite-master/">ovirt-system-tests_he-basic-suite-master</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/system-sync_mirrors-centos-updates-el7-x86_64/">system-sync_mirrors-centos-updates-el7-x86_64</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
------=_Part_18_923305106.1508108401800--
7 years, 3 months
