Switch puppet to use https for pypi

RESOLVED INCOMPLETE

Status

Infrastructure & Operations
RelOps: Puppet
RESOLVED INCOMPLETE
11 months ago
22 days ago

People

(Reporter: dhouse, Assigned: dhouse)

Tracking

Details

Attachments

(2 attachments)

(Assignee)

Description

11 months ago
We can switch to using https for all pypi index use from puppet:

pypi.pvt.build.mozilla.org

maybe also for the pypi index use from the puppet masters?
(Assignee)

Updated

11 months ago
See Also: → bug 1220826
(Assignee)

Comment 1

11 months ago
Created attachment 8897917 [details] [diff] [review]
bug_1390946-switch-to-https-pypi.patch
Assignee: relops → dhouse
Attachment #8897917 - Flags: review?(jwatkins)
Attachment #8897917 - Flags: review?(dcrisan)
(Assignee)

Comment 2

11 months ago
Created attachment 8897918 [details] [diff] [review]
bug_1390946-switch-to-https-pypi-from-puppetmasters.patch
Attachment #8897918 - Flags: review?(jwatkins)
Attachment #8897918 - Flags: review?(dcrisan)
(Assignee)

Updated

11 months ago
Attachment #8897917 - Flags: review?(jwatkins)
Attachment #8897917 - Flags: review?(dcrisan)
(Assignee)

Updated

11 months ago
Attachment #8897918 - Flags: review?(jwatkins)
Attachment #8897918 - Flags: review?(dcrisan)
(Assignee)

Comment 3

11 months ago
I tested a pip install with these changes and it does not work:
```
  Getting page https://pypi.pvt.build.mozilla.org/pub
  Could not fetch URL https://pypi.pvt.build.mozilla.org/pub: connection error: HTTPSConnectionPool(host='pypi.pvt.build.mozilla.org', port=443): Max retries exceeded with url: /pub (Caused by <class 'socket.error'>: [Errno 61] Connection refused)
  Will skip URL https://pypi.pvt.build.mozilla.org/pub when looking for download links for gevent==0.13.6
  Getting page https://pypi.pub.build.mozilla.org/pub
  Could not fetch URL https://pypi.pub.build.mozilla.org/pub: connection error: hostname 'pypi.pub.build.mozilla.org' doesn't match 'secure.pub.build.mozilla.org'
  Will skip URL https://pypi.pub.build.mozilla.org/pub when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet1.srv.releng.mdc1.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet1.srv.releng.mdc1.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet1.srv.releng.mdc1.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet2.srv.releng.mdc1.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet2.srv.releng.mdc1.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet2.srv.releng.mdc1.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet2.srv.releng.scl3.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet2.srv.releng.scl3.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet2.srv.releng.scl3.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet1.srv.releng.use1.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet1.srv.releng.use1.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet1.srv.releng.use1.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet1.srv.releng.scl3.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet1.srv.releng.scl3.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet1.srv.releng.scl3.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet1.srv.releng.usw2.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet1.srv.releng.usw2.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet1.srv.releng.usw2.mozilla.com/python/packages when looking for download links for gevent==0.13.6
```
(Assignee)

Updated

11 months ago
Attachment #8897917 - Flags: review-
(Assignee)

Updated

11 months ago
Attachment #8897918 - Flags: review-

Updated

10 months ago
Depends on: 1399926
See Also: → bug 1399926

Updated

9 months ago
Blocks: 1412342
(Assignee)

Comment 4

22 days ago
This was fixed instead through bug 1463592
```
diff --git a/manifests/moco-config.pp b/manifests/moco-config.pp
index 7ec0f6d9..ed51ad76 100644
--- a/manifests/moco-config.pp
+++ b/manifests/moco-config.pp
@@ -127,7 +127,7 @@ class config inherits config::base {
     # connection
     $puppetmaster_cert_extra_names = [$apt_repo_server]
 
-    $user_python_repositories      = [ 'http://pypi.pvt.build.mozilla.org/pub', 'http://pypi.pub.build.mozilla.org/pub' ]
+    $user_python_repositories      = [ 'https://pypi.pvt.build.mozilla.org/pub', 'https://pypi.pub.build.mozilla.org/pub' ]
 
     # Releng hosts are 'medium' by default.  Slaves are specifically overridden
     # with the 'low' level, and some others are flagged as 'high' or 'maximum'.
```
Status: NEW → RESOLVED
Last Resolved: 22 days ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.