Closed
Bug 1345879
Opened 8 years ago
Closed 8 years ago
Failed o fetch data from Ubuntu16 repository using https
Categories
(Infrastructure & Operations :: RelOps: Puppet, task)
Infrastructure & Operations
RelOps: Puppet
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dragrom, Assigned: dividehex)
References
Details
Attachments
(2 files)
743 bytes,
patch
|
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
1.97 KB,
patch
|
dhouse
:
review+
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
Failed o fetch data from Ubuntu16 repository using https, I received the following error when run apt-get update:
"W: The repository 'https://puppetagain-apt.pvt.build.mozilla.org/repos/apt/Ubuntu-16.04 xenial Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch https://puppetagain-apt.pvt.build.mozilla.org/repos/apt/Ubuntu-16.04/dists/xenial/main/binary-amd64/Packages
E: Some index files failed to download. They have been ignored, or old ones used instead."
To unlock me, I changed from https to http, into modules/packages/manifests/aptrepo.pp. I'll revert changes after we will fix the https access
Assignee | ||
Comment 1•8 years ago
|
||
Lets start by making sure the apt-transport-https package is installed during kickstart and before puppet changes the apt source lists to https.
Assignee: relops → jwatkins
Attachment #8853156 -
Flags: checked-in+
Assignee | ||
Comment 2•8 years ago
|
||
This issue seems to stem from apt-get not being able to read the /var/lib/puppet/ssl/certs/ca.pem. I suspect it is dropping privilege somewhere during an apt-get update and since the /var/lib/puppet dir is 'o-rwx', it fails to access the file. I'm hesitant to change the file permissions anywhere in the down that path so I'm opting to simply copy the CA cert to a more appropriate location (such as /etc/ssl/certs) and ensure it is world readable.
Enabling debugging in /etc/apt/apt.conf.d/99mozilla:
Debug::Acquire::https "true";
'apt-get update' now spits more interesting errors:
* Trying 10.134.48.16...
Ign:21 https://puppetagain-apt.pvt.build.mozilla.org/repos/apt/Ubuntu-16.04 xenial/main Translation-en_US
96% [Working]* Connected to puppetagain-apt.pvt.build.mozilla.org (10.134.48.16) port 443 (#21)
* error reading ca cert file /var/lib/puppet/ssl/certs/ca.pem (Error while reading file.)
* Closing connection 21
Once apt-get can read the CA, it https apt sources works fine.
Assignee | ||
Comment 3•8 years ago
|
||
Attachment #8853163 -
Flags: review?(dhouse)
Attachment #8853163 -
Flags: review?(dhouse) → review+
Assignee | ||
Comment 4•8 years ago
|
||
Comment on attachment 8853163 [details] [diff] [review]
Copy ca.pem to a better location and point apt at it
https://hg.mozilla.org/build/puppet/rev/98b351800c18e16361b1161f3f2d9b9cca8329bf
https://hg.mozilla.org/build/puppet/rev/06caf2fae7344aaa878e565ddf8fe20b62a2a6c2
Attachment #8853163 -
Flags: checked-in+
Assignee | ||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•