centos-infra

#340 lookaside_upload fails
Closed: Fixed by carlwgeorge. Opened by carlwgeorge.

Closed: Fixed
Reopen Issue

I'm trying to upload a new centos-logos tarball to the lookaside cache, but getting this error.

$ lookaside_upload -f SOURCES/centos-logos-85.4.tar.xz -n centos-logos -b c8
[+] CentOS Lookaside upload tool -> Checking if file already uploaded
[+] CentOS Lookaside upload tool -> Initialing new upload to lookaside
[+] CentOS Lookaside upload tool -> URL : https://git.centos.org
[+] CentOS Lookaside upload tool -> Source to upload : SOURCES/centos-logos-85.4.tar.xz 
[+] CentOS Lookaside upload tool -> Package name: centos-logos
[+] CentOS Lookaside upload tool -> sha1sum: e4fbc0f0f19e7883c8dd9c717759f2b7b091ff8d
[+] CentOS Lookaside upload tool -> Remote branch: c8
[+] CentOS Lookaside upload tool ->  ====== Trying to upload =======

curl: (35) error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca                                                                                                                                                               

[+] CentOS Lookaside upload tool -> [ERROR] Something didn't work to push to https://git.centos.org/sources/centos-logos/c8/e4fbc0f0f19e7883c8dd9c717759f2b7b091ff8d
[+] CentOS Lookaside upload tool -> [ERROR] Verify at the server side

I don't believe my ~/.centos.cert file has changed since the last time I was able to successfully upload a tarball.

the part that seems strange : 

curl: (35) error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca

rpm -q centos-packager fedora-json-client please ?
and so then (per wiki documentation https://wiki.centos.org/Authentication#TLS_certificate) centos-cert -v

Had you renewed you TLS cert after the Auth migration to new IPA setup (and so new CA) ?

Metadata Update from @arrfab:
- Issue assigned to arrfab
- Issue tagged with: authentication, centos-common-infra, need-more-info

I didn't have either of those installed and hadn't reissued my cert with the new accounts system yet. @hughesjr had mentioned something about not all systems using the new account system yet, so I wasn't sure if I needed to do that yet. I installed centos-packager, but I don't see fedora-json-client available. I tried to issue a new cert but it failed.

gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529638919): Server krbtgt/FEDORAPROJECT.ORG@REDHAT.COM not found in Kerberos database

I had tickets for both FEDORAPROJECT.ORG and REDHAT.COM when that failure happened. I cleared them out with kdestroy -A, got a new FEDORAPROJECT.ORG ticket, and was able to successfully run centos-cert, which allowed me to successfully run lookaside_upload. Thanks for the guidance.

Metadata Update from @carlwgeorge:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

And now my builds in koji.mbox.centos.org don't work, which is probably what @hughesjr was referring to.

FWIW, yes, and to reflect new auth/CA/TLS in koji.mbox, it has to be moved first, for infra and releng to have access ;-)
So should be done when #285 will be done

Log in to comment on this ticket.

Metadata

authentication centos-common-infra need-more-info

None
None
High
Powered by Pagure 1.0.0
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.