Actions
action #152008
closeds390zl13 redirecting http to https because of .wget-hsts but we don't install ca-certificates-suse on all salt-controlled machines
Start date:
2023-12-04
Due date:
% Done:
0%
Estimated time:
Tags:
Description
Motivation¶
https://suse.slack.com/archives/C02CANHLANP/p1701670062570439
(Richard Fan) Hello folks, did you hit the same issue? http://openqa.suse.de/tests/12958521#step/bootloader_start/24
…
Steps to reproduce¶
wget http://openqa.suse.de/assets/repo/SLE-15-SP6-Full-s390x-Build41.1-Media1/boot/s390x/initrd -O /dev/null
Only on s390zl13. The problem is /root/.wget-hsts on s390zl13.oqa.prg2.suse.org but many production jobs use FTP hence are not affected.
Suggestions¶
- We already install ca-certificates-suse for webui+worker but not for other roles
Alternatives to consider¶
- Use FTP instead of HTTP/HTTPS
- In the test code
curl
instead ofwget
- Use
wget
with--no-hsts
Updated by okurz about 1 year ago
Updated by okurz about 1 year ago
- Status changed from In Progress to Resolved
MR merged. Original tests already passed as they had been retriggered until they ran on s390zl12. Now also
s390zl13:~ # wget http://openqa.suse.de/assets/repo/SLE-15-SP6-Full-s390x-Build41.1-Media1/boot/s390x/initrd -O /dev/null
URL transformed to HTTPS due to an HSTS policy
--2023-12-04 13:47:35-- https://openqa.suse.de/assets/repo/SLE-15-SP6-Full-s390x-Build41.1-Media1/boot/s390x/initrd
Resolving openqa.suse.de (openqa.suse.de)... 2a07:de40:b203:12:0:ff:fe4f:7c2b, 10.145.10.207
Connecting to openqa.suse.de (openqa.suse.de)|2a07:de40:b203:12:0:ff:fe4f:7c2b|:443... connected.
HTTP request sent, awaiting response... 200 OK
…
Updated by okurz about 1 year ago
- Status changed from Resolved to In Progress
https://gitlab.suse.de/openqa/salt-states-openqa/-/jobs/2033151#L289
Result: False
Comment: Failed to configure repo 'SUSE_CA': refresh_db() got multiple values for keyword argument 'root'
Updated by okurz about 1 year ago
- Status changed from In Progress to Resolved
I did
sudo salt -L 'openqa-piworker.qe.nue2.suse.org,unreal6.qe.nue2.suse.org,baremetal-support.qe.nue2.suse.org,jenkins.qe.nue2.suse.org' cmd.run 'zypper rr SUSE_CA'
sudo salt -L 'openqa-piworker.qe.nue2.suse.org,unreal6.qe.nue2.suse.org,baremetal-support.qe.nue2.suse.org,jenkins.qe.nue2.suse.org' state.apply
and that looks better. https://gitlab.suse.de/openqa/salt-states-openqa/-/pipelines green again.
Actions