Closed
Bug 1345879
Opened 7 years ago
Closed 7 years ago
Failed o fetch data from Ubuntu16 repository using https
Categories
(Infrastructure & Operations :: RelOps: Puppet, task)
Infrastructure & Operations
RelOps: Puppet
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dragrom, Assigned: dividehex)
References
Details
Attachments
(2 files)
|
743 bytes,
patch
|
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
|
1.97 KB,
patch
|
dhouse
:
review+
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
Failed o fetch data from Ubuntu16 repository using https, I received the following error when run apt-get update: "W: The repository 'https://puppetagain-apt.pvt.build.mozilla.org/repos/apt/Ubuntu-16.04 xenial Release' does not have a Release file. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch https://puppetagain-apt.pvt.build.mozilla.org/repos/apt/Ubuntu-16.04/dists/xenial/main/binary-amd64/Packages E: Some index files failed to download. They have been ignored, or old ones used instead." To unlock me, I changed from https to http, into modules/packages/manifests/aptrepo.pp. I'll revert changes after we will fix the https access
|
Assignee | |
Comment 1•7 years ago
|
||
Lets start by making sure the apt-transport-https package is installed during kickstart and before puppet changes the apt source lists to https.
Assignee: relops → jwatkins
Attachment #8853156 -
Flags: checked-in+
|
|
Assignee | |
Comment 2•7 years ago
|
||
This issue seems to stem from apt-get not being able to read the /var/lib/puppet/ssl/certs/ca.pem. I suspect it is dropping privilege somewhere during an apt-get update and since the /var/lib/puppet dir is 'o-rwx', it fails to access the file. I'm hesitant to change the file permissions anywhere in the down that path so I'm opting to simply copy the CA cert to a more appropriate location (such as /etc/ssl/certs) and ensure it is world readable. Enabling debugging in /etc/apt/apt.conf.d/99mozilla: Debug::Acquire::https "true"; 'apt-get update' now spits more interesting errors: * Trying 10.134.48.16... Ign:21 https://puppetagain-apt.pvt.build.mozilla.org/repos/apt/Ubuntu-16.04 xenial/main Translation-en_US 96% [Working]* Connected to puppetagain-apt.pvt.build.mozilla.org (10.134.48.16) port 443 (#21) * error reading ca cert file /var/lib/puppet/ssl/certs/ca.pem (Error while reading file.) * Closing connection 21 Once apt-get can read the CA, it https apt sources works fine.
|
|
Assignee | |
Comment 3•7 years ago
|
||
Attachment #8853163 -
Flags: review?(dhouse)
Attachment #8853163 -
Flags: review?(dhouse) → review+
|
|
Assignee | |
Comment 4•7 years ago
|
||
Comment on attachment 8853163 [details] [diff] [review] Copy ca.pem to a better location and point apt at it https://hg.mozilla.org/build/puppet/rev/98b351800c18e16361b1161f3f2d9b9cca8329bf https://hg.mozilla.org/build/puppet/rev/06caf2fae7344aaa878e565ddf8fe20b62a2a6c2
Attachment #8853163 -
Flags: checked-in+
|
|
Assignee | |
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•