Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

data/data: update rhcos to 410.8.20190412.1 #1612

Merged
merged 1 commit into from Apr 13, 2019

Conversation

Projects
None yet
7 participants
@yuqi-zhang
Copy link
Contributor

yuqi-zhang commented Apr 12, 2019

Update RHCOS to include cri-o 1.13.6, which has fixes for the
"Manifest does not match provided manifest digest" error. Also
change the baseURI to ART's artifacts, as they now have public
accessible storage.

Signed-off-by: Yu Qi Zhang jerzhang@redhat.com

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Apr 12, 2019

Note that the ART build does not have vmdk as an artifact (although we were never explicitly shipping it before). Is that directly used anywhere? I didn't find any references so I thought it would be safe to remove.

}
},
"baseURI": "https://releases-rhcos.svc.ci.openshift.org/storage/releases/ootpa/410.8.20190410.0/",
"buildid": "410.8.20190410.0",
"baseURI": "https://releases-art-jenkins.cloud.paas.upshift.redhat.com/storage/releases/ootpa/410.8.20190412.1/",

This comment has been minimized.

Copy link
@abhinavdahiya

abhinavdahiya Apr 12, 2019

Member

this is behind VPN. cannot accept it in installer.

@abhinavdahiya

This comment has been minimized.

Copy link
Member

abhinavdahiya commented Apr 12, 2019

Note that the ART build does not have vmdk as an artifact (although we were never explicitly shipping it before). Is that directly used anywhere? I didn't find any references so I thought it would be safe to remove.

that's fine.

#1612 (comment)

/hold

@yuqi-zhang yuqi-zhang force-pushed the yuqi-zhang:pin-rhcos-apr-12 branch from 6d2ba11 to 37226e4 Apr 12, 2019

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Apr 12, 2019

Sorry, wrong link

@abhinavdahiya this one should be accessible outside VPN

@ashcrow

This comment has been minimized.

Copy link
Member

ashcrow commented Apr 12, 2019

With @yuqi-zhang's latest update LGTM

@darkmuggle

This comment has been minimized.

Copy link

darkmuggle commented Apr 12, 2019

I concur on the last update, 👍

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Apr 12, 2019

/test e2e-aws

@cgwalters

This comment has been minimized.

Copy link
Contributor

cgwalters commented Apr 12, 2019

I would strongly prefer not to hardcode a S3 URL in the installer. I'm looking at standing up another redirector for the art bucket.

@ashcrow

This comment has been minimized.

Copy link
Member

ashcrow commented Apr 12, 2019

I'm 👍 to @cgwalters request.

Please wait to merge until the json is updated once more.

data/data: update rhcos to 410.8.20190412.1
Update RHCOS to include cri-o 1.13.6, which has fixes for the
"Manifest does not match provided manifest digest" error. Also
change the baseURI to ART's artifacts, as they now have public
accessible storage.

Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>

@yuqi-zhang yuqi-zhang force-pushed the yuqi-zhang:pin-rhcos-apr-12 branch from 37226e4 to 8599867 Apr 12, 2019

}
},
"baseURI": "https://releases-rhcos.svc.ci.openshift.org/storage/releases/ootpa/410.8.20190410.0/",
"buildid": "410.8.20190410.0",
"baseURI": "https://releases-art-rhcos.svc.ci.openshift.org/art/storage/releases/ootpa/410.8.20190412.1/",

This comment has been minimized.

Copy link
@ashcrow
@ashcrow

This comment has been minimized.

Copy link
Member

ashcrow commented Apr 12, 2019

LGTM with the update. @cgwalters 👍 / 👎?

@cgwalters

This comment has been minimized.

Copy link
Contributor

cgwalters commented Apr 12, 2019

LGTM, assuming we can now
/hold cancel
Also I
/approve

@abhinavdahiya

This comment has been minimized.

Copy link
Member

abhinavdahiya commented Apr 12, 2019

the installer builds the URL for a image baseURL+"/"+path_of_image :

$  curl -k -L -v -s https://releases-art-rhcos.svc.ci.openshift.org/art/storage/releases/ootpa/410.8.20190412.1/rhcos-410.8.20190412.1-qemu.qcow2
*   Trying 35.196.103.194...
* TCP_NODELAY set
* Connected to releases-art-rhcos.svc.ci.openshift.org (35.196.103.194) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* ignoring certificate verify locations due to disabled peer verification
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=North Carolina; L=Raleigh; O=Red Hat, Inc.; OU=RHC Cloud Operations; CN=*.svc.ci.openshift.org
*  start date: Dec  6 00:00:00 2018 GMT
*  expire date: Dec 11 12:00:00 2019 GMT
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /art/storage/releases/ootpa/410.8.20190412.1/rhcos-410.8.20190412.1-qemu.qcow2 HTTP/1.1
> Host: releases-art-rhcos.svc.ci.openshift.org
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.12.1
< Date: Fri, 12 Apr 2019 20:46:47 GMT
< Content-Type: text/html
< Content-Length: 161
< Location: https://art-rhcos-ci.s3.amazonaws.com
< Set-Cookie: e864b3c9d0a263df2fa2591326969fb0=f9583fb2164e69d65d99cdf19ff51b44; path=/; HttpOnly; Secure
<
* Ignoring the response-body
* Connection #0 to host releases-art-rhcos.svc.ci.openshift.org left intact
* Issue another request to this URL: 'https://art-rhcos-ci.s3.amazonaws.com'
* Rebuilt URL to: https://art-rhcos-ci.s3.amazonaws.com/
*   Trying 52.216.170.211...
* TCP_NODELAY set
* Connected to art-rhcos-ci.s3.amazonaws.com (52.216.170.211) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* ignoring certificate verify locations due to disabled peer verification
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=Washington; L=Seattle; O=Amazon.com Inc.; CN=*.s3.amazonaws.com
*  start date: Nov  7 00:00:00 2018 GMT
*  expire date: Feb  7 12:00:00 2020 GMT
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> Host: art-rhcos-ci.s3.amazonaws.com
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< x-amz-bucket-region: us-east-1
< x-amz-request-id: 7497FD01637A49D1
< x-amz-id-2: mFV16BE6zAzvIT/pOB0PjvDqo6nA45UMC1mSWWSINSAza1Mp2QGo0ZsPme3voYXpqRCcfWrfEQY=
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Fri, 12 Apr 2019 20:46:46 GMT
< Server: AmazonS3
<
<?xml version="1.0" encoding="UTF-8"?>
* Connection #1 to host art-rhcos-ci.s3.amazonaws.com left intact
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7497FD01637A49D1</RequestId><HostId>mFV16BE6zAzvIT/pOB0PjvDqo6nA45UMC1mSWWSINSAza1Mp2QGo0ZsPme3voYXpqRCcfWrfEQY=</HostId></Error>%

can't get the libvirt QCOW...

/hold

@cgwalters

This comment has been minimized.

Copy link
Contributor

cgwalters commented Apr 12, 2019

Should be fixed so
/hold cancel

@abhinavdahiya

This comment has been minimized.

Copy link
Member

abhinavdahiya commented Apr 12, 2019

/lgtm

@openshift-ci-robot

This comment has been minimized.

Copy link

openshift-ci-robot commented Apr 12, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya, cgwalters, yuqi-zhang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit 19f88ee into openshift:master Apr 13, 2019

11 checks passed

ci/prow/e2e-aws Job succeeded.
Details
ci/prow/gofmt Job succeeded.
Details
ci/prow/golint Job succeeded.
Details
ci/prow/govet Job succeeded.
Details
ci/prow/images Job succeeded.
Details
ci/prow/shellcheck Job succeeded.
Details
ci/prow/tf-fmt Job succeeded.
Details
ci/prow/tf-lint Job succeeded.
Details
ci/prow/unit Job succeeded.
Details
ci/prow/yaml-lint Job succeeded.
Details
tide In merge pool.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.