Closed Bug 1479137 Opened 7 years ago Closed 7 years ago

Can't connect to gecko-t-linux-medium workers

Categories

(Taskcluster :: General, defect)

Product:
Taskcluster
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: glandium, Unassigned)

Details

I edited some tasks to have them run on gecko-t-linux-medium instead of gecko-t-linux-large, and I couldn't see their live log, and in the case of one-click-loaners, couldn't connect to their terminal or display. It worked with tasks on gecko-t-linux-large.
Any ideas Wander?
Flags: needinfo?(wcosta)
Do you have a link to the tasks?
Flags: needinfo?(wcosta) → needinfo?(mh+mozilla)
We had this issue with another worker-type, and it was due to setting the wrong security groups in the provisioner config (the worker-type had been copied from another worker-type).
(In reply to Dustin J. Mitchell [:dustin] pronoun: he from comment #4) > We had this issue with another worker-type, and it was due to setting the > wrong security groups in the provisioner config (the worker-type had been > copied from another worker-type). John: is this something you can check and/or fix?
Flags: needinfo?(jhford)
Summary: Can't connecto to gecko-t-linux-medium workers → Can't connect to gecko-t-linux-medium workers
(In reply to Chris Cooper [:coop] pronoun: he from comment #5) > John: is this something you can check and/or fix? I am not familiar with the security groups which are required by this worker type. If the change to the worker type was just changing the instance type, the security groups wouldn't have been affected.
Flags: needinfo?(jhford)
Sorry, glandium, we missed the boat on this one, and the logs from comment #3 have expired now. :( We are actively trying to move Linux talos jobs to generic-worker (bug 1474570). If that doesn't fix this issue, or you have new logs to share, we will gladly re-open.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Here's another: https://tools.taskcluster.net/groups/XHHxwDIHSu-h-8fQuSsyYw/ And the same on -large, which proves there's nothing wrong with the task definition: https://tools.taskcluster.net/groups/Xp6geNcZSyOqVxAtJg2jPQ/ FWIW, I just took a random test task on inbound, and edited it as interactive task, changing the schedulerId from gecko-level-3 to gecko-level-1, if you want to reproduce at any time.
Status: RESOLVED → REOPENED
Resolution: INCOMPLETE → ---
(In reply to Mike Hommey [:glandium] from comment #8) > Here's another: > > https://tools.taskcluster.net/groups/XHHxwDIHSu-h-8fQuSsyYw/ > > And the same on -large, which proves there's nothing wrong with the task > definition: > > https://tools.taskcluster.net/groups/Xp6geNcZSyOqVxAtJg2jPQ/ > > FWIW, I just took a random test task on inbound, and edited it as > interactive task, changing the schedulerId from gecko-level-3 to > gecko-level-1, if you want to reproduce at any time. So, sadly those logs have now expired too. :( Dustin: could the issue here be related to the change from level 3 to level 1?
Flags: needinfo?(dustin)
Testers aren't lvel-specific. That said, I don't think inbound access to our hardware systems is allowed. The websocket tunnel proxy was supposed to fix that, but has never been finished.
Flags: needinfo?(dustin)
It seems from comment 9 and 10 that maybe the nature of the bug isn't clear. Let me try again: - Choose a linux test job on inbound treeherder, and follow the links leading to the corresponding taskcluster task. - Check whether the task ran on a gecko-t-linux-large worker. If not, pick another job until you find one. - Select Edit as interactive task under Actions - change the schedulerId from gecko-level-3 to gecko-level-1 - click Create the task. This creates an interactive task for which, once it's running, you can see the live logs, and can go to the artifacts to open shell.html and get an interactive shell. Now, when editing the task, if you also change workerType from gecko-t-linux-large to gecko-t-linux-medium, you can't see the live logs and can't open the interactive shell.
Thanks, I should not have commented only having read half the bug. The workerTypes for both gecko-t-linux-{large,medium} specify the same security groups and subnets, so commen 4 is not the issue. dustin@jemison ~ $ curl -k https://g23qcoaaaaawoq3vlpwoquhepsq7tfqdbelsjkuetgqliw3b.taskcluster-worker.net:32768/log/3sQL9RRbRjyASEi3vdlnag [taskcluster 2018-11-24 01:03:43.984Z] Task ID: FjsCuT7jQRycX8gRrjTQ6w [taskcluster 2018-11-24 01:03:43.985Z] Worker ID: i-0d28a0f1d23d73e2f [taskcluster 2018-11-24 01:03:43.985Z] Worker Group: us-west-1 [taskcluster 2018-11-24 01:03:43.985Z] Worker Node Type: m1.medium [taskcluster 2018-11-24 01:03:43.985Z] Worker Type: gecko-t-linux-medium [taskcluster 2018-11-24 01:03:43.985Z] Public IP: 54.183.1.56 d6341e30912f - Started downloading 087a57faf949 - Started downloading 54f7e8ac135a - Started downloading 087a57faf949 - Downloaded in 0.49 seconds d6341e30912f - Downloaded in 0.649 seconds 0c1db9598990 - Started downloading 5d71636fb824 - Started downloading 54f7e8ac135a - Downloaded in 2.105 seconds 2eeb5ce9b924 - Started downloading 5d71636fb824 - Downloaded in 6.457 seconds 2eeb5ce9b924 - Downloaded in 1.081 seconds a8c530378055 - Started downloading 687ed2fb2a0d - Started downloading 687ed2fb2a0d - Downloaded in 0.071 seconds a8c530378055 - Downloaded in 1.091 seconds 620aea26e853 - Started downloading 620aea26e853 - Downloaded in 0.052 seconds 0c1db9598990 - Downloaded in 20.51 seconds Digest: sha256:fc34d5b6cf5d00a6139a74370dc27ddc9ce18303e2210d0f199a6050cc29aa45 Status: Downloaded newer image for python:3.6 [taskcluster 2018-11-24 01:05:23.735Z] === Task Starting === hello but https://tools.taskcluster.net/groups/FjsCuT7jQRycX8gRrjTQ6w/tasks/FjsCuT7jQRycX8gRrjTQ6w/runs/0/logs/public%2Flogs%2Flive.log fails So the network flows are fine. Running that curl command without `-k` gives an exception. Openssl shows: dustin@jemison ~ $ openssl s_client -connect g23qcoaaaaawoq3vlpwoquhepsq7tfqdbelsjkuetgqliw3b.taskcluster-worker.net:32768 CONNECTED(00000004) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Mozilla Corporation, OU = IT, CN = *.taskcluster-worker.net verify error:num=10:certificate has expired notAfter=Mar 27 12:00:00 2018 GMT verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Mozilla Corporation, OU = IT, CN = *.taskcluster-worker.net notAfter=Mar 27 12:00:00 2018 GMT verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Mozilla Corporation/OU=IT/CN=*.taskcluster-worker.net i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA 1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIFWTCCBEGgAwIBAgIQDisuA2lgs3r3+KjFLEpo+jANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTcwMzIwMDAwMDAwWhcN MTgwMzI3MTIwMDAwWjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju aWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29y cG9yYXRpb24xCzAJBgNVBAsTAklUMSEwHwYDVQQDDBgqLnRhc2tjbHVzdGVyLXdv cmtlci5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi5w2Hfb91 inQ7cnnn1pHLr5Cpi/XLElwBnrdSVAIGkpANlmtqobLJDL4yOE/cqYeSQ1+tOjNF 5IbVnpXRfy+gscpT1/a1UTmcOJf2/pcdPvHISz0VM5k9AU18secYDCNFsCHDXhE6 vaYoeoRNipUXcdlvHHBfaY4NJTBuzTaZtBNYCExl1R2Q1NoWtJWygJj0pCh3cV9R ziO9QkeGP+WCO2jKdrxJsUyIeC6gDPRzblBZHCL0V56NZ3XqZaPRm50YpdsTmJMH Z0K6SImAfAnjJ3u5EUvx9Q2mL7OhcgIPOEmtQcj+fwhEzb6mJsIWE9o1Mdxur2Nv NDNiWRv8bIM7AgMBAAGjggH3MIIB8zAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541G OLQs4cbZ4jAdBgNVHQ4EFgQUJWSCq50JEMVw5SR0L7lN2ua8ybgwOwYDVR0RBDQw MoIYKi50YXNrY2x1c3Rlci13b3JrZXIubmV0ghZ0YXNrY2x1c3Rlci13b3JrZXIu bmV0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3Nz Y2Etc2hhMi1nNS5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9z c2NhLXNoYTItZzUuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYB BQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu Y29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln aUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZI hvcNAQELBQADggEBADEUocb9Kfm6jO5VdbGbDG3fLOXiSxb3Ba550wN9uLeA77eJ H200u5nCKA3tBSttzKHXkpL+n5BS7IyTnl3t+n5A7sSq+VYStnWgbN+FDg4ncevd v34b+KyIEGPvwD7utOoeiQQwpD9rSOsPrI4z9A57wNym7DUNpeYRfel4lJzLr71m gnVbmq+FZ+oSm8MA4CxWtHj9fryfWajjXCU+EJaqZmVZ5aawK55S0cHuTzuNg0IK KJB6ek6Z54HDzKzOpwNaP0fH1HOet8v5a5o8aB6J58iY1aSDS5WDf4RXCQSmyslm pHI2x6Z/IqQDx4svekEhmk5VWnr8lSsb7ujsQYk= -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Mozilla Corporation/OU=IT/CN=*.taskcluster-worker.net issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA --- No client certificate CA names sent Peer signing digest: SHA384 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3158 bytes and written 327 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: F46AA6F30483090C090BE5CA8499FD95E967647D214027C0E3BF5DA57E6F2EBF Session-ID-ctx: Master-Key: B7AEA2912402F1AF0D055511666393D6588E19CCA86E8BC6DD27A895F25F8C481742FDF4EDF03ACD92EB6124CA6B2751 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - c1 7c e5 d3 28 cb 31 03-3e 8f 32 65 5e 70 9c 04 .|..(.1.>.2e^p.. 0010 - b4 21 6e 95 51 43 fa 51-40 18 1d 52 b0 f0 ee 5c .!n.QC.Q@..R...\ 0020 - 84 5e 07 ed 0d 38 48 12-57 c9 d8 3f 90 b5 81 93 .^...8H.W..?.... 0030 - 0a 5e 88 89 c6 9e 03 75-c4 d5 5c 06 c2 40 25 db .^.....u..\..@%. 0040 - a9 a0 88 2b 20 3e c0 87-7a b1 ed 2e b7 75 69 1c ...+ >..z....ui. 0050 - 6c 75 d0 10 c5 71 de 29-09 31 26 e5 4f 8f cc f1 lu...q.).1&.O... 0060 - cd 04 1b 1c 54 7c 9c 27-a1 5d 71 5a 97 2d c6 57 ....T|.'.]qZ.-.W 0070 - ae 33 00 24 d7 6d 00 f5- .3.$.m.. Start Time: 1543021757 Timeout : 300 (sec) Verify return code: 10 (certificate has expired) --- and running that through `openssl x509` gives: Validity Not Before: Mar 20 00:00:00 2017 GMT Not After : Mar 27 12:00:00 2018 GMT I think that SSL key is baked into the workers? The workers do have different ami id's -- wander, did -medium not get an update for some reason?
Flags: needinfo?(wcosta)
(In reply to Dustin J. Mitchell [:dustin] pronoun: he from comment #12) > Thanks, I should not have commented only having read half the bug. > > The workerTypes for both gecko-t-linux-{large,medium} specify the same > security groups and subnets, so commen 4 is not the issue. > > dustin@jemison ~ $ curl -k > https://g23qcoaaaaawoq3vlpwoquhepsq7tfqdbelsjkuetgqliw3b.taskcluster-worker. > net:32768/log/3sQL9RRbRjyASEi3vdlnag > [taskcluster 2018-11-24 01:03:43.984Z] Task ID: FjsCuT7jQRycX8gRrjTQ6w > [taskcluster 2018-11-24 01:03:43.985Z] Worker ID: i-0d28a0f1d23d73e2f > [taskcluster 2018-11-24 01:03:43.985Z] Worker Group: us-west-1 > [taskcluster 2018-11-24 01:03:43.985Z] Worker Node Type: m1.medium > [taskcluster 2018-11-24 01:03:43.985Z] Worker Type: gecko-t-linux-medium > [taskcluster 2018-11-24 01:03:43.985Z] Public IP: 54.183.1.56 > > d6341e30912f - Started downloading > 087a57faf949 - Started downloading > 54f7e8ac135a - Started downloading > 087a57faf949 - Downloaded in 0.49 seconds > d6341e30912f - Downloaded in 0.649 seconds > 0c1db9598990 - Started downloading > 5d71636fb824 - Started downloading > 54f7e8ac135a - Downloaded in 2.105 seconds > 2eeb5ce9b924 - Started downloading > 5d71636fb824 - Downloaded in 6.457 seconds > 2eeb5ce9b924 - Downloaded in 1.081 seconds > a8c530378055 - Started downloading > 687ed2fb2a0d - Started downloading > 687ed2fb2a0d - Downloaded in 0.071 seconds > a8c530378055 - Downloaded in 1.091 seconds > 620aea26e853 - Started downloading > 620aea26e853 - Downloaded in 0.052 seconds > 0c1db9598990 - Downloaded in 20.51 seconds > Digest: > sha256:fc34d5b6cf5d00a6139a74370dc27ddc9ce18303e2210d0f199a6050cc29aa45 > Status: Downloaded newer image for python:3.6 > [taskcluster 2018-11-24 01:05:23.735Z] === Task Starting === > hello > > > but > https://tools.taskcluster.net/groups/FjsCuT7jQRycX8gRrjTQ6w/tasks/ > FjsCuT7jQRycX8gRrjTQ6w/runs/0/logs/public%2Flogs%2Flive.log fails > > So the network flows are fine. > > Running that curl command without `-k` gives an exception. Openssl shows: > > dustin@jemison ~ $ openssl s_client -connect > g23qcoaaaaawoq3vlpwoquhepsq7tfqdbelsjkuetgqliw3b.taskcluster-worker.net:32768 > CONNECTED(00000004) > depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert > Global Root CA > verify return:1 > depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA > verify return:1 > depth=0 C = US, ST = California, L = Mountain View, O = Mozilla Corporation, > OU = IT, CN = *.taskcluster-worker.net > verify error:num=10:certificate has expired > notAfter=Mar 27 12:00:00 2018 GMT > verify return:1 > depth=0 C = US, ST = California, L = Mountain View, O = Mozilla Corporation, > OU = IT, CN = *.taskcluster-worker.net > notAfter=Mar 27 12:00:00 2018 GMT > verify return:1 > --- > Certificate chain > 0 s:/C=US/ST=California/L=Mountain View/O=Mozilla > Corporation/OU=IT/CN=*.taskcluster-worker.net > i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA > 1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA > i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIFWTCCBEGgAwIBAgIQDisuA2lgs3r3+KjFLEpo+jANBgkqhkiG9w0BAQsFADBN > MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E > aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTcwMzIwMDAwMDAwWhcN > MTgwMzI3MTIwMDAwWjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju > aWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29y > cG9yYXRpb24xCzAJBgNVBAsTAklUMSEwHwYDVQQDDBgqLnRhc2tjbHVzdGVyLXdv > cmtlci5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi5w2Hfb91 > inQ7cnnn1pHLr5Cpi/XLElwBnrdSVAIGkpANlmtqobLJDL4yOE/cqYeSQ1+tOjNF > 5IbVnpXRfy+gscpT1/a1UTmcOJf2/pcdPvHISz0VM5k9AU18secYDCNFsCHDXhE6 > vaYoeoRNipUXcdlvHHBfaY4NJTBuzTaZtBNYCExl1R2Q1NoWtJWygJj0pCh3cV9R > ziO9QkeGP+WCO2jKdrxJsUyIeC6gDPRzblBZHCL0V56NZ3XqZaPRm50YpdsTmJMH > Z0K6SImAfAnjJ3u5EUvx9Q2mL7OhcgIPOEmtQcj+fwhEzb6mJsIWE9o1Mdxur2Nv > NDNiWRv8bIM7AgMBAAGjggH3MIIB8zAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541G > OLQs4cbZ4jAdBgNVHQ4EFgQUJWSCq50JEMVw5SR0L7lN2ua8ybgwOwYDVR0RBDQw > MoIYKi50YXNrY2x1c3Rlci13b3JrZXIubmV0ghZ0YXNrY2x1c3Rlci13b3JrZXIu > bmV0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH > AwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3Nz > Y2Etc2hhMi1nNS5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9z > c2NhLXNoYTItZzUuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYB > BQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG > CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu > Y29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln > aUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZI > hvcNAQELBQADggEBADEUocb9Kfm6jO5VdbGbDG3fLOXiSxb3Ba550wN9uLeA77eJ > H200u5nCKA3tBSttzKHXkpL+n5BS7IyTnl3t+n5A7sSq+VYStnWgbN+FDg4ncevd > v34b+KyIEGPvwD7utOoeiQQwpD9rSOsPrI4z9A57wNym7DUNpeYRfel4lJzLr71m > gnVbmq+FZ+oSm8MA4CxWtHj9fryfWajjXCU+EJaqZmVZ5aawK55S0cHuTzuNg0IK > KJB6ek6Z54HDzKzOpwNaP0fH1HOet8v5a5o8aB6J58iY1aSDS5WDf4RXCQSmyslm > pHI2x6Z/IqQDx4svekEhmk5VWnr8lSsb7ujsQYk= > -----END CERTIFICATE----- > subject=/C=US/ST=California/L=Mountain View/O=Mozilla > Corporation/OU=IT/CN=*.taskcluster-worker.net > issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA > --- > No client certificate CA names sent > Peer signing digest: SHA384 > Server Temp Key: ECDH, P-256, 256 bits > --- > SSL handshake has read 3158 bytes and written 327 bytes > --- > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES128-GCM-SHA256 > Session-ID: > F46AA6F30483090C090BE5CA8499FD95E967647D214027C0E3BF5DA57E6F2EBF > Session-ID-ctx: > Master-Key: > B7AEA2912402F1AF0D055511666393D6588E19CCA86E8BC6DD27A895F25F8C481742FDF4EDF03 > ACD92EB6124CA6B2751 > Key-Arg : None > Krb5 Principal: None > PSK identity: None > PSK identity hint: None > TLS session ticket: > 0000 - c1 7c e5 d3 28 cb 31 03-3e 8f 32 65 5e 70 9c 04 .|..(.1.>.2e^p.. > 0010 - b4 21 6e 95 51 43 fa 51-40 18 1d 52 b0 f0 ee 5c .!n.QC.Q@..R...\ > 0020 - 84 5e 07 ed 0d 38 48 12-57 c9 d8 3f 90 b5 81 93 .^...8H.W..?.... > 0030 - 0a 5e 88 89 c6 9e 03 75-c4 d5 5c 06 c2 40 25 db .^.....u..\..@%. > 0040 - a9 a0 88 2b 20 3e c0 87-7a b1 ed 2e b7 75 69 1c ...+ >..z....ui. > 0050 - 6c 75 d0 10 c5 71 de 29-09 31 26 e5 4f 8f cc f1 lu...q.).1&.O... > 0060 - cd 04 1b 1c 54 7c 9c 27-a1 5d 71 5a 97 2d c6 57 ....T|.'.]qZ.-.W > 0070 - ae 33 00 24 d7 6d 00 f5- .3.$.m.. > > Start Time: 1543021757 > Timeout : 300 (sec) > Verify return code: 10 (certificate has expired) > --- > > and running that through `openssl x509` gives: > > Validity > Not Before: Mar 20 00:00:00 2017 GMT > Not After : Mar 27 12:00:00 2018 GMT > > I think that SSL key is baked into the workers? The workers do have > different ami id's -- wander, did -medium not get an update for some reason? Ah, iirc, medium is a PV worker-type, and since PV is no longer needed, it was retired. I think it was not deleted at the time because of ESR.
Flags: needinfo?(wcosta)
(In reply to Wander Lairson Costa [:wcosta] from comment #13) > Ah, iirc, medium is a PV worker-type, and since PV is no longer needed, it > was retired. I think it was not deleted at the time because of ESR. So is the solution to retire the -medium worker type?
I think the answer is "you can't connect to gecko-t-medium instances, sorry". If they are truly unused, then we can also delete the worker type configuration, but this issue doesn't force the deletion. Glandium, how big an inconvenience is this, given that this workerType is slated to go away?
Bug 1411344 removed the last use of gecko-t-linux-medium (although for some reason, it's stayed defined in taskcluster/taskgraph/util/workertypes.py), and that landed in Firefox 58. Now that esr52 is EOLed, it seems we're good to actually remove the worker type entirely. Please go ahead.
The worker-type has been removed.
Status: REOPENED → RESOLVED
Closed: 7 years ago7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.