Remove AWS TLS fingerprint from hgrc

RESOLVED FIXED

Status

RESOLVED FIXED
3 years ago
9 months ago

People

(Reporter: dustin, Assigned: aselagea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

https://github.com/mozilla/build-puppet/blob/master/modules/mercurial/templates/hgrc.erb#L32

is no longer accurate for at least one AWS endpoint.  Likely they are swapping in a new certificate for all endpoints.  For the moment, since we can't support fingerprints for multiple certificates, we should remove this line from the configuration and re-deploy the image.

Once the certificates have stabilized, we can add a fingerprint back in.
Assignee: nobody → dustin
Created attachment 8734374 [details]
MozReview Request: Bug 1259457: remove no-longer-current host fingerprint; r?aselagea

Review commit: https://reviewboard.mozilla.org/r/42187/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/42187/
Attachment #8734374 - Flags: review?(alin.selagea)
(Assignee)

Comment 2

3 years ago
Comment on attachment 8734374 [details]
MozReview Request: Bug 1259457: remove no-longer-current host fingerprint; r?aselagea

Looks good.
Attachment #8734374 - Flags: review?(alin.selagea) → review+
just as sheriffs info this is causing the  abort: certificate for s3-us-west-2.amazonaws.com has unexpected fingerprint 1a:0e:4a:64:90:c1:d0:2f:79:46:95:b5:17:dc:63:45:cf:19:37:bd retry on various trees
(Assignee)

Comment 5

3 years ago
Started the scripts for regenerating the following AMIs:
    - aws_manager-av-linux64-ec2-golden
    - aws_manager-y-2008-ec2-golden
    - aws_manager-b-2008-ec2-golden
    - aws_manager-b-2008-ec2-golden
    - aws_manager-try-linux64-ec2-golden
(Assignee)

Comment 6

3 years ago
av-linux64, y-2008, bld-linux64 and try-linux64 have completed successfully, b-2008 is still in progress.
(Assignee)

Comment 7

3 years ago
All the five AMIs mentioned above have been regenerated.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
See Also: → bug 1261202
Component: General Automation → General
Product: Release Engineering → Release Engineering
You need to log in before you can comment on or make changes to this bug.