Closed Bug 1612382 Opened 5 years ago Closed 5 years ago

Extraneous collection main-preview/cfr-ml-models has failing certificate

Categories

(Cloud Services :: Server: Remote Settings, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: leplatrem, Assigned: sven)

References

Details

On STAGE and PROD, the main-preview/cfr-ml-models collection has a certificate that is about to expire.

This is because the refresh signature lambda skips it.

The refresh signature lambda skips the preview collection because it is unused.

The preview collection for cfr-ml-models is not used, because review was disabled after the 3 collections were created (main-workspace/cfr-ml-models, main-preview/cfr-ml-models, main/cfr-ml-models).

I would suggest to delete this unused collection.

export AUTH=admin:s3cr3t
export SERVER=https://settings-writer.stage.mozaws.net/v1

http DELETE $SERVER/buckets/main-preview/collections/cfr-ml-models -a $AUTH
export SERVER=https://settings-writer.prod.mozaws.net/v1
http DELETE $SERVER/buckets/main-preview/collections/cfr-ml-models -a $AUTH

See also https://github.com/mozilla-services/cloudops-deployment/pull/3571 and https://bugzilla.mozilla.org/show_bug.cgi?id=1601303#c3

Also, in the past, we had issues when deleting preview collections. This should be fixed by now (see https://bugzilla.mozilla.org/show_bug.cgi?id=1575182)

I deleted the collection in both stage and prod.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED

Deleting the collection on prod resulted in the validate_signature lambda failing on AWS. Is Poucave already validating the signatures? Can we decommission the lambda?

Flags: needinfo?(mathieu)

Poucave is also sad about the absence of the collection: https://sentry.prod.mozaws.net/operations/poucave-prod/issues/7190679/

Do we need to tell it it's gone? I didn't find it mentioned anywhere in the config or the codebase, so I'm not sure how it knows to check that collection.

Both Poucave and the lambda stopped looking at the deleted collection by themselves, so everything is working fine now.

We discussed this briefly in the Kinto meeting, and it is currently unclear why Poucave and the lambda continued verifying the deleted collection.

Flags: needinfo?(mathieu)
See Also: → 1632136
You need to log in before you can comment on or make changes to this bug.