action #160883: salt-states-openqa CI complains about "Authentication failed for 'https://gitlab.suse.de/openqa/salt-pillars-openqa.git/'" size:S - openQA Infrastructure (public) - openSUSE Project Management Tool

Custom queries

openQA Infrastructure Project
openqa-review - Closed tickets last updated by openqa-review, last 30 days
QA roadmap long-term
QA SLE functional
QA SLE Functional - closed in last 14 days
QA SLE Functional - High, need to be refined
QA SLE Functional - over cycle time median
QA SLE u
QA SLE y
QA tools (tag not necessary in openQA and subprojects)
QA tools tag (tag not necessary in openQA and subprojects; excluding tickets in "Ready" version as they are already on the backlog)
QAC - Backlog
QE tools team - backlog (dev)
QE tools team - backlog (ready issues)
QE tools team - backlog SLA high
QE tools team - backlog SLA immediate
QE tools team - backlog SLA no immediate/urgent in feedback/blocked
QE tools team - backlog SLA normal
QE tools team - backlog SLA urgent
QE tools team - backlog SLO high
QE tools team - backlog SLO normal
QE tools team - backlog SLO urgent
QE tools team - backlog, high-level view (epics and higher)
QE tools team - backlog, non-reactive work, needs parent
QE tools team - backlog, top-level view (all sagas)
QE tools team - closed within last 14 days
QE tools team - closed within last 60 days
QE tools team - closed yesterday
QE Tools Team - Collaborative Session
QE tools team - due date forecast
QE tools team - exceeding due-date
QE tools team - infrastructure backlog
QE tools team - next - sorted by update time
QE tools team - next issues
QE tools team - non-estimated (unblocked) issues (dev)
QE tools team - non-estimated (unblocked) issues (infra)
QE tools team - ready issues - Workable
QE tools team - ready, not assigned/blocked/low
QE tools team - SLO high forecast
QE tools team - update forecast
QE tools team - updated by priority
QE tools team - what members of the team are working on - Feedback (not-low)
QE Tools Team Backlog By Assignee
Tools Team Retrospective
Tools Team Retrospective (not estimated or assigned)

Actions

Copy link

action #160883

closed

salt-states-openqa CI complains about "Authentication failed for 'https://gitlab.suse.de/openqa/salt-pillars-openqa.git/'" size:S

Added by jbaier_cz 7 months ago. Updated 6 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

dheidler

Category:

Target version:

openQA Project (public) - Ready

Start date:

Due date:

2024-06-13

% Done:

Estimated time:

Tags:

alert, infra, reactive work

Description

Observation¶

CI jobs like https://gitlab.suse.de/openqa/salt-states-openqa/-/jobs/2650180 complain with

+ git fetch origin
remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.suse.de/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'https://gitlab.suse.de/openqa/salt-pillars-openqa.git/'

Acceptance criteria¶

AC1: We are receiving reminders about expired GitLab tokens

Suggestions¶

DONE: Renew token
Check whether we got a reminder e-mail from GitLab and if not how to enable it

Files

Download all files

clipboard-202405291116-ysqbd.png (37.3 KB) clipboard-202405291116-ysqbd.png		dheidler, 2024-05-29 09:16
clipboard-202405311130-kfnwv.png (47.5 KB) clipboard-202405311130-kfnwv.png		dheidler, 2024-05-31 09:30

Related issues 1 (0 open — 1 closed)

Copied from openQA Infrastructure (public) - action #116845: salt-states-openqa CI complains about "fatal: Authentication failed for 'https://gitlab.suse.de/openqa/salt-pillars-openqa/'" but no useful hint size:M

Resolved

mkittler

2022-09-20

Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by jbaier_cz 7 months ago

Copied from action #116845: salt-states-openqa CI complains about "fatal: Authentication failed for 'https://gitlab.suse.de/openqa/salt-pillars-openqa/'" but no useful hint size:M added

Actions

Copy link

Updated by nicksinger 7 months ago

Priority changed from High to Normal

So what we're seeing here is the impact of https://about.gitlab.com/blog/2023/10/25/access-token-lifetime-limits/ .
I mitigated the urgency by generating two new tokens (could be reduced to one if we create a group scoped token), updating the pipeline variables (are they actually used?) and setting the remotes on OSD. This gives us 1y of time to come up with a proper automated solution.

Actions

Copy link

Updated by mkittler 7 months ago

Tags changed from alert, reactive work to alert, reactive work, infra
Subject changed from salt-states-openqa CI complains about "Authentication failed for 'https://gitlab.suse.de/openqa/salt-pillars-openqa.git/'" to salt-states-openqa CI complains about "Authentication failed for 'https://gitlab.suse.de/openqa/salt-pillars-openqa.git/'" size:S
Description updated (diff)
Status changed from New to Workable

Actions

Copy link

Updated by dheidler 7 months ago

Status changed from Workable to In Progress
Assignee set to dheidler

Actions

Copy link

Updated by dheidler 7 months ago

https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#when-personal-access-tokens-expire

GitLab runs a check at 01:00 AM UTC every day to identify personal access tokens that expire in the next seven days. The owners of these tokens are notified by email.

GitLab runs a check at 02:00 AM UTC every day to identify personal access tokens that expire on the current date. The owners of these tokens are notified by email.

Actions

Copy link

Updated by dheidler 7 months ago

File clipboard-202405291116-ysqbd.png clipboard-202405291116-ysqbd.png added

Let's see if and what notifications I get in the coming night:

Actions

Copy link

Updated by openqa_review 7 months ago

Due date set to 2024-06-13

Setting due date based on mean cycle time of SUSE QE Tools

Actions

Copy link

Updated by dheidler 7 months ago

File clipboard-202405311130-kfnwv.png clipboard-202405311130-kfnwv.png added

Actions

Copy link

Updated by okurz 7 months ago

please try to login as qe-admins-bot in private browser window to gitlab, see https://gitlab.suse.de/openqa/password/-/blob/main/password?ref_type=heads#L22 , create token valid as long as possible and use that in the salt states pipeline that failed

Actions

Copy link

#10

Updated by dheidler 7 months ago

Status changed from In Progress to Blocked

As this account doesn't exist, I created a new one and opened https://sd.suse.com/servicedesk/customer/portal/1/SD-158524 to allow it to access gitlab.

Actions

Copy link

#11

Updated by dheidler 7 months ago

https://gitlab.suse.de/openqa/password/-/merge_requests/13

Actions

Copy link

#12

Updated by dheidler 6 months ago

Status changed from Blocked to In Progress

Actions

Copy link

#13

Updated by dheidler 6 months ago

I guess all of the notifications that I expected were actually sent.
Most of them found their way into my spam folder, though.
I opened https://sd.suse.com/servicedesk/customer/portal/1/SD-159090 for that.

In the meantime https://sd.suse.com/servicedesk/customer/portal/1/SD-158524 was completed and I can login to gitlab with that account.

Actions

Copy link

#14

Updated by dheidler 6 months ago

Status changed from In Progress to Resolved

Replaced the token.
We will get a notification to the osd-admins mailing list,
when the token expires the next time.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

QA (public) » openQA Project (public) » openQA Infrastructure (public)

Tags

Custom queries

action #160883

salt-states-openqa CI complains about "Authentication failed for 'https://gitlab.suse.de/openqa/salt-pillars-openqa.git/'" size:S

Observation¶

Acceptance criteria¶

Suggestions¶

Updated by jbaier_cz 7 months ago

Updated by nicksinger 7 months ago

Updated by mkittler 7 months ago

Updated by dheidler 7 months ago

Updated by dheidler 7 months ago

Updated by dheidler 7 months ago

Updated by openqa_review 7 months ago

Updated by dheidler 7 months ago

Updated by okurz 7 months ago

Updated by dheidler 7 months ago

Updated by dheidler 7 months ago

Updated by dheidler 6 months ago

Updated by dheidler 6 months ago

Updated by dheidler 6 months ago