Project

General

Profile

tickets #38072

tickets #70264: Deprecate community.infra.opensuse.org

can't git pull on gate.opensuse.org because of TLS error

Added by stfnknorr over 3 years ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
Servers hosted in NBG
Target version:
-
Start date:
2018-07-02
Due date:
% Done:

0%

Estimated time:

Description

For the openSUSE release notes page, I need to pull a git repo from GitHub that contains a config file and it does not work. (For the moment, I worked around making the changes locally but that is not ideal.)

Trying to git pull give me an error:

relsync@community:~/release-notes-openSUSE> git pull
error: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version while accessing https://github.com/openSUSE/release-notes-openSUSE.git/info/refs?service=git-upload-pack
fatal: HTTP request failed

The following software is installed:

relsync@community:~/release-notes-openSUSE> zypper if git | grep -i 'version'
Version: 1.7.12.4-0.18.6.1

relsync@community:~/release-notes-openSUSE> zypper if openssl | grep -i 'version'
Version: 0.9.8j-0.106.9.1

Is it possible that these versions are too outdated for GitHub to cooperate?

History

#1 Updated by cboltz over 3 years ago

  • Private changed from Yes to No

Yes, community.infra.o.o is one of the old SLE 11 machines, and indeed have a too old ssl/tls stack to git pull from github.

The obvious fix is to move everything to a Leap VM. We have that on our TODO list, but won't stop you if you are faster ;-)

#2 Updated by stfnknorr over 3 years ago

I don't think I have root access to the machine. Unless you endorse me putting random binaries into the user's home, I don't think I can do much. We'd probably want git pull functionality enabled by the time the Leap 15.2 development cycle starts though.

#3 Updated by tampakrap almost 3 years ago

  • Category set to Servers hosted in NBG
  • Assignee set to cboltz

#4 Updated by hellcp about 1 year ago

  • Assignee changed from cboltz to hellcp

I think we should move release notes and doc-o-o to jekyll server. I suggest we build release notes as a package in obs (sadly Documentation:Auto only builds for the target distributions), and after https://github.com/openSUSE/doc-o-o/pull/5 is merged, we add it to jekyll server, with /release-notes/ in nginx pointing to /usr/share/doc/release-notes/openSUSE (which might have to be versioned for this to work).

#5 Updated by cboltz about 1 year ago

/release-notes/ is a bit special because the current server does language autodetection based on the Accept-Language header, and delivers the localized file. This is easy with Apache (MultiViews), but AFAIK "a bit" complicated with nginx. The easiest way is probably to server /release-notes/ from an Apache server (the Apache on pinot.i.o.o is bored with only hosting countdown.o.o ;-) and map that directory into doc.o.o with haproxy.

BTW: we had a discussion about doc.o.o on the heroes ML in November and December, https://lists.opensuse.org/heroes/2019-12/msg00000.html (and the mails around it) should help to understand some of the technical details.

#6 Updated by hellcp about 1 year ago

cboltz wrote:

/release-notes/ is a bit special because the current server does language autodetection based on the Accept-Language header, and delivers the localized file. This is easy with Apache (MultiViews), but AFAIK "a bit" complicated with nginx. The easiest way is probably to server /release-notes/ from an Apache server (the Apache on pinot.i.o.o is bored with only hosting countdown.o.o ;-) and map that directory into doc.o.o with haproxy.

I forgot about pinot, we have way too many static servers at this point ;) It is a perfect place for most of the documentation hosting for what it's worth, we should probably salt it (although I stand by that we should do doc.o.o on jekyll.i.o.o)

BTW: we had a discussion about doc.o.o on the heroes ML in November and December, https://lists.opensuse.org/heroes/2019-12/msg00000.html (and the mails around it) should help to understand some of the technical details.

Familiarized myself with it now, I will have a look at the current scripts and start migrating them then

#7 Updated by hellcp about 1 year ago

  • Parent task set to #70264

#8 Updated by cboltz about 1 year ago

For the records - since some days, the tumbleweed release notes can no longer be unpacked on community.i.o.o (rpm zstd compression), therefore I adjusted the haproxy config to serve (only) the tumbleweed release notes from pinot.

TODO list before we can switch over all release notes to pinot:

  • create/copy overview page (/release-notes/)
  • copy over historical release notes (starting with 12.1)
  • check that everything works

#9 Updated by hellcp about 1 year ago

cboltz wrote:

TODO list before we can switch over all release notes to pinot:

  • create/copy overview page (/release-notes/)

That's a part of https://github.com/openSUSE/doc-o-o, so we either build it on pinot now using the perl script, or we wait for the jekyll pr to be merged and host it on jekyll

  • copy over historical release notes (starting with 12.1)

Done, also just in case we ever lose those things, I created a repo to keep them

#10 Updated by hellcp 7 months ago

At this point since now it's jekyll based, what do we do about this:

  • Build the website on jekyll.i.o.o and host it from there
  • Build the website on jekyll.i.o.o and copy over the contents to pinot.i.o.o
  • Build the website on pinot.i.o.o
  • Build the website in OBS and install that on pinot.i.o.o

Also available in: Atom PDF