Closed Bug 1390946 Opened 7 years ago Closed 6 years ago

Switch puppet to use https for pypi

Categories

(Infrastructure & Operations :: RelOps: Puppet, task)

Product:
Infrastructure & Operations
Component:
RelOps: Puppet
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: dhouse, Assigned: dhouse)

References

Details

Attachments

(2 files)

bug_1390946-switch-to-https-pypi.patch
1.23 KB, patch
dhouse
: review-
Details | Diff | Splinter Review
bug_1390946-switch-to-https-pypi-from-puppetmasters.patch
633 bytes, patch
dhouse
: review-
Details | Diff | Splinter Review 
We can switch to using https for all pypi index use from puppet:

pypi.pvt.build.mozilla.org

maybe also for the pypi index use from the puppet masters?
Assignee: relops → dhouse

        Attachment #8897917 -
        Flags: review?(jwatkins)

        Attachment #8897917 -
        Flags: review?(dcrisan)

    
    

    
  


  

        Attachment #8897918 -
        Flags: review?(jwatkins)

        Attachment #8897918 -
        Flags: review?(dcrisan)

    
  

        Attachment #8897917 -
        Flags: review?(jwatkins)

        Attachment #8897917 -
        Flags: review?(dcrisan)

    
  

        Attachment #8897918 -
        Flags: review?(jwatkins)

        Attachment #8897918 -
        Flags: review?(dcrisan)

    
    

    
  
I tested a pip install with these changes and it does not work:
```
  Getting page https://pypi.pvt.build.mozilla.org/pub
  Could not fetch URL https://pypi.pvt.build.mozilla.org/pub: connection error: HTTPSConnectionPool(host='pypi.pvt.build.mozilla.org', port=443): Max retries exceeded with url: /pub (Caused by <class 'socket.error'>: [Errno 61] Connection refused)
  Will skip URL https://pypi.pvt.build.mozilla.org/pub when looking for download links for gevent==0.13.6
  Getting page https://pypi.pub.build.mozilla.org/pub
  Could not fetch URL https://pypi.pub.build.mozilla.org/pub: connection error: hostname 'pypi.pub.build.mozilla.org' doesn't match 'secure.pub.build.mozilla.org'
  Will skip URL https://pypi.pub.build.mozilla.org/pub when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet1.srv.releng.mdc1.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet1.srv.releng.mdc1.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet1.srv.releng.mdc1.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet2.srv.releng.mdc1.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet2.srv.releng.mdc1.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet2.srv.releng.mdc1.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet2.srv.releng.scl3.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet2.srv.releng.scl3.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet2.srv.releng.scl3.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet1.srv.releng.use1.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet1.srv.releng.use1.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet1.srv.releng.use1.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet1.srv.releng.scl3.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet1.srv.releng.scl3.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet1.srv.releng.scl3.mozilla.com/python/packages when looking for download links for gevent==0.13.6
  Getting page https://releng-puppet1.srv.releng.usw2.mozilla.com/python/packages
  Could not fetch URL https://releng-puppet1.srv.releng.usw2.mozilla.com/python/packages: connection error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://releng-puppet1.srv.releng.usw2.mozilla.com/python/packages when looking for download links for gevent==0.13.6
```

    
  

        Attachment #8897917 -
        Flags: review-

    
  

        Attachment #8897918 -
        Flags: review-
Depends on: 1399926
See Also:  → 1399926
Blocks: 1412342

    
    

    
  
This was fixed instead through bug 1463592
```
diff --git a/manifests/moco-config.pp b/manifests/moco-config.pp
index 7ec0f6d9..ed51ad76 100644
--- a/manifests/moco-config.pp
+++ b/manifests/moco-config.pp
@@ -127,7 +127,7 @@ class config inherits config::base {
     # connection
     $puppetmaster_cert_extra_names = [$apt_repo_server]
 
-    $user_python_repositories      = [ 'http://pypi.pvt.build.mozilla.org/pub', 'http://pypi.pub.build.mozilla.org/pub' ]
+    $user_python_repositories      = [ 'https://pypi.pvt.build.mozilla.org/pub', 'https://pypi.pub.build.mozilla.org/pub' ]
 
     # Releng hosts are 'medium' by default.  Slaves are specifically overridden
     # with the 'low' level, and some others are flagged as 'high' or 'maximum'.
```
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INCOMPLETE

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: