Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Bug 1844990: pkg/server: default to TLS 1.3" #1812

Merged
merged 1 commit into from Jun 11, 2020
Merged

Revert "Bug 1844990: pkg/server: default to TLS 1.3" #1812

merged 1 commit into from Jun 11, 2020

Conversation

abhinavdahiya
Copy link
Contributor

Reverts #1793

[core@ci-op-1155yj38-94601-74fmj-bootstrap ~]$ sudo crictl logs 1c601dc2cab8e
I0610 18:43:07.189725       1 bootstrap.go:37] Version: machine-config-daemon-4.6.0-202006101417-2-g65817154-dirty (65817154799c286cacc45bd2724f560784c7748b)
I0610 18:43:07.189866       1 api.go:56] Launching server on :22624
I0610 18:43:07.189872       1 api.go:56] Launching server on :22623
2020/06/10 18:43:07 http: TLS handshake error from 168.63.129.16:53505: tls: client offered only unsupported versions: [303 302 301 300]
2020/06/10 18:43:07 http: TLS handshake error from 168.63.129.16:53506: tls: client offered only unsupported versions: [302 301 300]
2020/06/10 18:43:07 http: TLS handshake error from 168.63.129.16:53507: tls: client offered only unsupported versions: [301 300]
2020/06/10 18:43:07 http: TLS handshake error from 168.63.129.16:53508: EOF

bootstrap is failing because the health checks for azure lb don't go green

@openshift-ci-robot openshift-ci-robot added the bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. label Jun 10, 2020
@abhinavdahiya
Copy link
Contributor Author

/test e2e-azure

@openshift-ci-robot openshift-ci-robot added the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Jun 10, 2020
@openshift-ci-robot
Copy link
Contributor

@abhinavdahiya: This pull request references Bugzilla bug 1844990, which is invalid:

  • expected the bug to be in one of the following states: NEW, ASSIGNED, ON_DEV, POST, POST, but it is MODIFIED instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Revert "Bug 1844990: pkg/server: default to TLS 1.3"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@cgwalters
Copy link
Member

/approve
but...this will reintroduce the weak ciphersuites that motivated the original PR. So we'll have to investigate configuring the server with specific stronger suites.

@kikisdeliveryservice
Copy link
Contributor

we can revert temporarily to unblock azure and then figure out what to do

@ashcrow ashcrow removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Jun 10, 2020
@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 10, 2020
@openshift-ci-robot
Copy link
Contributor

@abhinavdahiya: The specified target(s) for /test were not found.
The following commands are available to trigger jobs:

  • /test e2e-aws
  • /test e2e-aws-disruptive
  • /test e2e-aws-scaleup-rhel7
  • /test e2e-gcp-op
  • /test e2e-gcp-upgrade
  • /test e2e-metal-ipi
  • /test e2e-openstack
  • /test e2e-ovirt
  • /test e2e-vsphere
  • /test images
  • /test unit
  • /test verify

Use /test all to run the following jobs:

  • pull-ci-openshift-machine-config-operator-master-e2e-aws
  • pull-ci-openshift-machine-config-operator-master-e2e-aws-scaleup-rhel7
  • pull-ci-openshift-machine-config-operator-master-e2e-gcp-op
  • pull-ci-openshift-machine-config-operator-master-e2e-gcp-upgrade
  • pull-ci-openshift-machine-config-operator-master-e2e-metal-ipi
  • pull-ci-openshift-machine-config-operator-master-images
  • pull-ci-openshift-machine-config-operator-master-unit
  • pull-ci-openshift-machine-config-operator-master-verify

In response to this:

/test e2e-azure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@kikisdeliveryservice
Copy link
Contributor

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 10, 2020
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@runcom
Copy link
Member

runcom commented Jun 10, 2020

Thanks @abhinavdahiya for catching and reverting so quickly 👍
/approve

@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya, ashcrow, cgwalters, kikisdeliveryservice, runcom

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [ashcrow,cgwalters,kikisdeliveryservice,runcom]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jun 10, 2020
edited

@abhinavdahiya: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/e2e-aws-scaleup-rhel7 1239bbc link /test e2e-aws-scaleup-rhel7

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@cgwalters
Copy link
Member

One thing we could do I guess is keep TLS 1.2 only for Azure.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit 769cf7e into master Jun 11, 2020
@openshift-ci-robot
Copy link
Contributor

@abhinavdahiya: All pull requests linked via external trackers have merged: openshift/machine-config-operator#1793. Bugzilla bug 1844990 has been moved to the MODIFIED state.

In response to this:

Revert "Bug 1844990: pkg/server: default to TLS 1.3"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ravisantoshgudimetla ravisantoshgudimetla mentioned this pull request Jun 16, 2020
Closed
@abhinavdahiya abhinavdahiya deleted the revert-1793-tls13-mcs branch July 28, 2020 06:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashcrow ashcrow ashcrow approved these changes

@ericavonb ericavonb Awaiting requested review from ericavonb

@sinnykumari sinnykumari Awaiting requested review from sinnykumari

Assignees

@kikisdeliveryservice kikisdeliveryservice

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@abhinavdahiya @openshift-ci-robot @cgwalters @kikisdeliveryservice @openshift-bot @runcom @ashcrow @openshift-merge-robot