action #82067
closedUnable to use openqa-clone-custom-git-refspec - Returns 403 Not authorized
Description
When I try to use openqa-clone-custom-git-refspec, I get the following error:
openqa-clone-custom-git-refspec https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/11715 https://openqa.opensuse.org/tests/1561242
Github oauth token provided, peforming authenticated requests
Failed to create job: "{\"error\":\"Not authorized\",\"error_status\":403}" at /usr/share/openqa/script/../lib/OpenQA/Script/CloneJob.pm line 288.
Updated by ggardet_arm over 3 years ago
- Priority changed from High to Normal
If I try when my corporate VPN is enabled, it works... My IP is blacklisted or something like that?
Updated by okurz over 3 years ago
- Project changed from openQA Infrastructure to openQA Project
- Category set to Regressions/Crashes
- Status changed from New to Feedback
- Assignee set to okurz
- Target version set to Ready
As DimStar correctly stated in chat openQA does not do any IP filtering :) And
Failed to create job: "{\"error\":\"Not authorized\",\"error_status\":403}" at /usr/share/openqa/script/../lib/OpenQA/Script/CloneJob.pm line 288.
certainly shows a response from openQA directly. Maybe you can privately share the key you used, not the secret! And at best also the exact timestamp of a reproduction and the output from the command:
bash -ex $(which openqa-clone-custom-git-refspec) https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/11715 https://openqa.opensuse.org/tests/1561242
Updated by okurz over 3 years ago
I could confirm that your API key and secret are valid. I could also successfully execute the command line you gave and the last "openqa-clone-job" line with your key+secret.
Your next best step could be to debug
openqa-clone-job --skip-chained-deps --within-instance https://openqa.opensuse.org 1561242 _GROUP=0 TEST=jeos@ggardet/os-autoinst-distri-opensuse#fix_ssh BUILD=ggardet/os-autoinst-distri-opensuse#11715 CASEDIR=https://github.com/ggardet/os-autoinst-distri-opensuse.git#fix_ssh PRODUCTDIR=os-autoinst-distri-opensuse/products/opensuse NEEDLES_DIR=/var/lib/openqa/share/tests/opensuse/products/opensuse/needles
can you try to call it once again explicitly to reproduce the error and then specify the --apikey $your_key --apisecret $your_secret parameters additionally as first parameters.
Updated by ggardet_arm over 3 years ago
okurz wrote:
I could confirm that your API key and secret are valid. I could also successfully execute the command line you gave and the last "openqa-clone-job" line with your key+secret.
Your next best step could be to debug
openqa-clone-job --skip-chained-deps --within-instance https://openqa.opensuse.org 1561242 _GROUP=0 TEST=jeos@ggardet/os-autoinst-distri-opensuse#fix_ssh BUILD=ggardet/os-autoinst-distri-opensuse#11715 CASEDIR=https://github.com/ggardet/os-autoinst-distri-opensuse.git#fix_ssh PRODUCTDIR=os-autoinst-distri-opensuse/products/opensuse NEEDLES_DIR=/var/lib/openqa/share/tests/opensuse/products/opensuse/needlescan you try to call it once again explicitly to reproduce the error and then specify the
--apikey $your_key --apisecret $your_secretparameters additionally as first parameters.
If I specify --apikey $your_key --apisecret $your_secret for openqa-clone-job, then it worked!
But without, it still fails...
Updated by okurz over 3 years ago
ok, can you try to call the above commands with strace -eopen -f … to see which openQA config file is read? Maybe an unexpected config file is read.
Updated by ggardet_arm over 3 years ago
okurz wrote:
ok, can you try to call the above commands with
strace -eopen -f …to see which openQA config file is read? Maybe an unexpected config file is read.
strace -eopen -f … returns nothing, so I tried strace -e read -f... and /etc/openqa/client.conf is not read...
Updated by okurz over 3 years ago
I would have assumed that ~/.config/openqa/client.conf is read, see help text of openqa-client: https://github.com/os-autoinst/openQA/blob/e8470f0ab1b197c8dac5914645350d1412b62a2d/script/client#L69
Updated by ggardet_arm over 3 years ago
- Status changed from Feedback to Resolved
okurz wrote:
I would have assumed that ~/.config/openqa/client.conf is read, see help text of openqa-client: https://github.com/os-autoinst/openQA/blob/e8470f0ab1b197c8dac5914645350d1412b62a2d/script/client#L69
Ok, So, I fixed ~/.config/openqa/client.conf and it worked. My mistake was to update /etc/openqa/client.conf only. The funny part is updating /etc/openqa/client.conf changed the error message displayed.
Updated by okurz over 3 years ago
great that we could fix it. I am always looking for ways to improve the software we develop to prevent similar problems in the future. In this case though I am not sure what we could improve. Do you have an idea?
Updated by livdywan about 3 years ago
okurz wrote:
great that we could fix it. I am always looking for ways to improve the software we develop to prevent similar problems in the future. In this case though I am not sure what we could improve. Do you have an idea?
We could log where we read the config from when verbose: https://github.com/os-autoinst/openQA/pull/3679/files
salt for examples does that, and I found that very useful when trying to see if it found my overrides the other day.
Updated by tinita about 3 years ago
- Related to action #88053: Improve logging in scripts (was: openQA in openQA test fails with cryptic error enumerating jobs) added