Extraneous collection main-preview/cfr-ml-models has failing certificate
Categories
(Cloud Services :: Server: Remote Settings, defect)
Tracking
(Not tracked)
People
(Reporter: leplatrem, Assigned: sven)
References
Details
On STAGE and PROD, the main-preview/cfr-ml-models
collection has a certificate that is about to expire.
This is because the refresh signature lambda skips it.
The refresh signature lambda skips the preview collection because it is unused.
The preview collection for cfr-ml-models
is not used, because review was disabled after the 3 collections were created (main-workspace/cfr-ml-models, main-preview/cfr-ml-models, main/cfr-ml-models).
I would suggest to delete this unused collection.
export AUTH=admin:s3cr3t
export SERVER=https://settings-writer.stage.mozaws.net/v1
http DELETE $SERVER/buckets/main-preview/collections/cfr-ml-models -a $AUTH
export SERVER=https://settings-writer.prod.mozaws.net/v1
http DELETE $SERVER/buckets/main-preview/collections/cfr-ml-models -a $AUTH
See also https://github.com/mozilla-services/cloudops-deployment/pull/3571 and https://bugzilla.mozilla.org/show_bug.cgi?id=1601303#c3
Also, in the past, we had issues when deleting preview collections. This should be fixed by now (see https://bugzilla.mozilla.org/show_bug.cgi?id=1575182)
Assignee | ||
Comment 1•5 years ago
|
||
I deleted the collection in both stage and prod.
Assignee | ||
Comment 2•5 years ago
|
||
Deleting the collection on prod resulted in the validate_signature lambda failing on AWS. Is Poucave already validating the signatures? Can we decommission the lambda?
Assignee | ||
Comment 3•5 years ago
|
||
Poucave is also sad about the absence of the collection: https://sentry.prod.mozaws.net/operations/poucave-prod/issues/7190679/
Do we need to tell it it's gone? I didn't find it mentioned anywhere in the config or the codebase, so I'm not sure how it knows to check that collection.
Assignee | ||
Comment 4•5 years ago
|
||
Both Poucave and the lambda stopped looking at the deleted collection by themselves, so everything is working fine now.
We discussed this briefly in the Kinto meeting, and it is currently unclear why Poucave and the lambda continued verifying the deleted collection.
Description
•