tickets #38072
closedtickets #70264: Deprecate community.infra.opensuse.org
can't git pull on gate.opensuse.org because of TLS error
0%
Description
For the openSUSE release notes page, I need to pull a git repo from GitHub that contains a config file and it does not work. (For the moment, I worked around making the changes locally but that is not ideal.)
Trying to git pull give me an error:
relsync@community:~/release-notes-openSUSE> git pull
error: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version while accessing https://github.com/openSUSE/release-notes-openSUSE.git/info/refs?service=git-upload-pack
fatal: HTTP request failed
The following software is installed:
relsync@community:~/release-notes-openSUSE> zypper if git | grep -i 'version'
Version: 1.7.12.4-0.18.6.1
relsync@community:~/release-notes-openSUSE> zypper if openssl | grep -i 'version'
Version: 0.9.8j-0.106.9.1
Is it possible that these versions are too outdated for GitHub to cooperate?
Updated by cboltz almost 6 years ago
- Private changed from Yes to No
Yes, community.infra.o.o is one of the old SLE 11 machines, and indeed have a too old ssl/tls stack to git pull from github.
The obvious fix is to move everything to a Leap VM. We have that on our TODO list, but won't stop you if you are faster ;-)
Updated by stfnknorr almost 6 years ago
I don't think I have root access to the machine. Unless you endorse me putting random binaries into the user's home, I don't think I can do much. We'd probably want git pull functionality enabled by the time the Leap 15.2 development cycle starts though.
Updated by tampakrap over 5 years ago
- Category set to Servers hosted in NBG
- Assignee set to cboltz
Updated by hellcp over 3 years ago
- Assignee changed from cboltz to hellcp
I think we should move release notes and doc-o-o to jekyll server. I suggest we build release notes as a package in obs (sadly Documentation:Auto only builds for the target distributions), and after https://github.com/openSUSE/doc-o-o/pull/5 is merged, we add it to jekyll server, with /release-notes/ in nginx pointing to /usr/share/doc/release-notes/openSUSE (which might have to be versioned for this to work).
Updated by cboltz over 3 years ago
/release-notes/ is a bit special because the current server does language autodetection based on the Accept-Language header, and delivers the localized file. This is easy with Apache (MultiViews), but AFAIK "a bit" complicated with nginx. The easiest way is probably to server /release-notes/ from an Apache server (the Apache on pinot.i.o.o is bored with only hosting countdown.o.o ;-) and map that directory into doc.o.o with haproxy.
BTW: we had a discussion about doc.o.o on the heroes ML in November and December, https://lists.opensuse.org/heroes/2019-12/msg00000.html (and the mails around it) should help to understand some of the technical details.
Updated by hellcp over 3 years ago
cboltz wrote:
/release-notes/is a bit special because the current server does language autodetection based on theAccept-Languageheader, and delivers the localized file. This is easy with Apache (MultiViews), but AFAIK "a bit" complicated with nginx. The easiest way is probably to server/release-notes/from an Apache server (the Apache on pinot.i.o.o is bored with only hosting countdown.o.o ;-) and map that directory into doc.o.o with haproxy.
I forgot about pinot, we have way too many static servers at this point ;) It is a perfect place for most of the documentation hosting for what it's worth, we should probably salt it (although I stand by that we should do doc.o.o on jekyll.i.o.o)
BTW: we had a discussion about doc.o.o on the heroes ML in November and December, https://lists.opensuse.org/heroes/2019-12/msg00000.html (and the mails around it) should help to understand some of the technical details.
Familiarized myself with it now, I will have a look at the current scripts and start migrating them then
Updated by cboltz over 3 years ago
For the records - since some days, the tumbleweed release notes can no longer be unpacked on community.i.o.o (rpm zstd compression), therefore I adjusted the haproxy config to serve (only) the tumbleweed release notes from pinot.
TODO list before we can switch over all release notes to pinot:
- create/copy overview page (
/release-notes/) - copy over historical release notes (starting with 12.1)
- check that everything works
Updated by hellcp over 3 years ago
cboltz wrote:
TODO list before we can switch over all release notes to pinot:
- create/copy overview page (
/release-notes/)
That's a part of https://github.com/openSUSE/doc-o-o, so we either build it on pinot now using the perl script, or we wait for the jekyll pr to be merged and host it on jekyll
- copy over historical release notes (starting with 12.1)
Done, also just in case we ever lose those things, I created a repo to keep them
Updated by hellcp about 3 years ago
At this point since now it's jekyll based, what do we do about this:
- Build the website on jekyll.i.o.o and host it from there
- Build the website on jekyll.i.o.o and copy over the contents to pinot.i.o.o
- Build the website on pinot.i.o.o
- Build the website in OBS and install that on pinot.i.o.o