Remove AWS TLS fingerprint from hgrc

RESOLVED FIXED

Status

Release Engineering
General Automation
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: dustin, Assigned: aselagea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

MozReview Requests

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
https://github.com/mozilla/build-puppet/blob/master/modules/mercurial/templates/hgrc.erb#L32

is no longer accurate for at least one AWS endpoint.  Likely they are swapping in a new certificate for all endpoints.  For the moment, since we can't support fingerprints for multiple certificates, we should remove this line from the configuration and re-deploy the image.

Once the certificates have stabilized, we can add a fingerprint back in.
(Reporter)

Updated

2 years ago
Assignee: nobody → dustin
(Reporter)

Comment 1

2 years ago
Created attachment 8734374 [details]
MozReview Request: Bug 1259457: remove no-longer-current host fingerprint; r?aselagea

Review commit: https://reviewboard.mozilla.org/r/42187/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/42187/
Attachment #8734374 - Flags: review?(alin.selagea)
(Assignee)

Comment 2

2 years ago
Comment on attachment 8734374 [details]
MozReview Request: Bug 1259457: remove no-longer-current host fingerprint; r?aselagea

Looks good.
Attachment #8734374 - Flags: review?(alin.selagea) → review+
just as sheriffs info this is causing the  abort: certificate for s3-us-west-2.amazonaws.com has unexpected fingerprint 1a:0e:4a:64:90:c1:d0:2f:79:46:95:b5:17:dc:63:45:cf:19:37:bd retry on various trees
(Reporter)

Comment 4

2 years ago
remote:   https://hg.mozilla.org/build/puppet/rev/fffb152c9df5
remote:   https://hg.mozilla.org/build/puppet/rev/2c5fe06f11c5

Alin is deploying.
Assignee: dustin → alin.selagea
(Assignee)

Comment 5

2 years ago
Started the scripts for regenerating the following AMIs:
    - aws_manager-av-linux64-ec2-golden
    - aws_manager-y-2008-ec2-golden
    - aws_manager-b-2008-ec2-golden
    - aws_manager-b-2008-ec2-golden
    - aws_manager-try-linux64-ec2-golden
(Assignee)

Comment 6

2 years ago
av-linux64, y-2008, bld-linux64 and try-linux64 have completed successfully, b-2008 is still in progress.
(Assignee)

Comment 7

2 years ago
All the five AMIs mentioned above have been regenerated.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
(Reporter)

Updated

2 years ago
See Also: → bug 1261202
You need to log in before you can comment on or make changes to this bug.