Closed
Bug 991093
Opened 11 years ago
Closed 10 years ago
spot instances trying to use revoked puppet certs
Categories
(Release Engineering :: General, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: catlee, Unassigned)
Details
(Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/2410] )
Attachments
(1 file)
|
4.03 KB,
text/plain
|
Details |
At least the following machines are failing to come up because of certificate revocation:
try-linux64-spot-137.try.releng.use1.mozilla.com
try-linux64-spot-036.try.releng.use1.mozilla.com
try-linux64-spot-183.try.releng.use1.mozilla.com
|
Reporter | |
Comment 1•11 years ago
|
||
There are 300 revoked certs. I've moved them out of the way into ~/revoked on aws-manager.
|
|
Reporter | |
Comment 2•11 years ago
|
||
I found revoked certs with this command (in /builds/aws_manager/secrets/cached_certs)
for f in *; do if ( ! echo "" | openssl s_client -host releng-puppet2.srv.releng.scl3.mozilla.com -port 8140 -quiet -no_ign_eof -cert $f > ~/$f.log 2>&1 ); then echo $f bad; else rm ~/$f.log; fi; done
then I double checked that the log files indicated the revocation as opposed to some other error
|
|
||
Comment 3•11 years ago
|
||
Boo, bug 986477 will help here a lot.
|
|
||
Updated•11 years ago
|
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/2404]
|
|
||
Updated•11 years ago
|
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/2404] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/2410]
|
|
||
Comment 4•10 years ago
|
||
No more puppet on spot instances
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
|
Assignee | |
Updated•7 years ago
|
Component: General Automation → General
You need to log in
before you can comment on or make changes to this bug.
Description
•