Allow plugin download to use an insecure repository by akram · Pull Request #866 · openshift/jenkins

akram · 2019-06-04T21:31:51Z

No description provided.

akram · 2019-06-04T23:26:34Z

hi @adambkaplan , can you PTAL ?

adambkaplan · 2019-06-05T13:15:57Z

@akram I assume this is to address https://jira.coreos.com/browse/DEVEXP-367 and https://bugzilla.redhat.com/show_bug.cgi?id=1693533 ?

gabemontero · 2019-06-05T13:49:15Z

@akram @adambkaplan I'm taking a look

gabemontero

@akram since this is a RH subscription customer support case calling for this we should expose this tuning option:

update the README's env var section to explain it
update the templates under https://github.com/openshift/jenkins/tree/master/openshift/templates
update the docs under https://github.com/openshift/openshift-docs ... as those are still in a bit of flux, reach out to @bmcelvee to nail down the right branch/location

gabemontero · 2019-06-05T14:02:46Z

Also, to help @akram on the e2e-aws-jenkins failure, I took a peek for him. It failed in the client plugin test becase of an apparent expired certificate. From https://openshift-gce-devel.appspot.com/build/origin-ci-test/pr-logs/pull/openshift_jenkins/866/pull-ci-openshift-jenkins-master-e2e-aws-jenkins/288:

[Pipeline] End of Pipeline
hudson.AbortException: rsh returned an error;
{reference={}, err=Error from server: error dialing backend: x509: certificate signed by unknown authority
, verb=rsh, cmd=oc --server=https://172.30.0.1:443 --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt --namespace=e2e-test-jenkins-pipeline-xskb5 --token=XXXXX rsh mongodb-1-4qrs7 ps ax , out=, status=1}

	at com.openshift.jenkins.plugins.OpenShiftDSL$Result.failIf(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1030)
	at com.openshift.jenkins.plugins.OpenShiftDSL.simplePassthrough(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:980)
	at com.openshift.jenkins.plugins.OpenShiftDSL.rsh(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:985)
	at WorkflowScript.run(WorkflowScript:185)
	at com.openshift.jenkins.plugins.OpenShiftDSL$OpenShiftResourceSelector.untilEach(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1353)
	at com.openshift.jenkins.plugins.OpenShiftDSL$OpenShiftResourceSelector.withEach(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1629)
	at com.openshift.jenkins.plugins.OpenShiftDSL$OpenShiftResourceSelector.untilEach(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1352)
	at com.openshift.jenkins.plugins.OpenShiftDSL$OpenShiftResourceSelector.watch(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1321)
	at ___cps.transform___(Native Method)

On the surface that feels like a api.ci / openshift CICD flake. I saw similar ones in unrelated networking e2es in the e2e-aws run:

StdErr: "Error from server: error dialing backend: x509: certificate signed by unknown authority",

gabemontero · 2019-06-05T14:03:02Z

/retest

akram · 2019-06-06T10:31:54Z

https://bugzilla.redhat.com/show_bug.cgi?id=1693533

@akram I assume this is to address https://jira.coreos.com/browse/DEVEXP-367 and https://bugzilla.redhat.com/show_bug.cgi?id=1693533 ?

Hi @adambkaplan
I didn't know about the BZ and the JIRA. My initial PR was done maybe in last December and the BZ has been reported on march.
Reading the BZ, it looks like they are asking to expose CURL_OPTIONS which may have more impacts and would require more input filtering.

akram · 2019-06-06T10:33:32Z

@akram since this is a RH subscription customer support case calling for this we should expose this tuning option:

update the README's env var section to explain it

update the templates under https://github.com/openshift/jenkins/tree/master/openshift/templates

update the docs under https://github.com/openshift/openshift-docs ... as those are still in a bit of flux, reach out to @bmcelvee to nail down the right branch/location

Hi @gabemontero , thank you for reviewing.
Definitely, I was thinking about updating the README. And OK, I will update the template also. I will do it in separate commits and squash when all validated.

gabemontero

a couple of additional req's @akram while waiting on the template update

akram

It looks like my editor did some clean up of whitespaces that I didn't notice when doing my git diff.

akram · 2019-06-07T09:41:14Z

@akram since this is a RH subscription customer support case calling for this we should expose this tuning option:

update the README's env var section to explain it

update the templates under https://github.com/openshift/jenkins/tree/master/openshift/templates

update the docs under https://github.com/openshift/openshift-docs ... as those are still in a bit of flux, reach out to @bmcelvee to nail down the right branch/location

Documentation update is in this branch:
https://github.com/akram/openshift-docs/tree/allow-plugin-download-to-use-an-insecure-repository which I based on enterprise-3.11 .

I contacted @bmcelvee to know which branch to rely on to create the PR. I am waiting for her reply.

akram · 2019-06-07T15:17:08Z

PRs for documentation:
openshift/openshift-docs#15258
openshift/openshift-docs#14227
bmcelvee/openshift-docs#2

Adds JENKINS_UC_INSECURE documentation in README.md Adds JENKINS_UC_INSECURE param and env to the openshift templates

gabemontero

Some minor changes on the new README hits

gabemontero · 2019-06-10T14:43:48Z

/approve

…lates

gabemontero · 2019-06-11T17:54:42Z

/lgtm

openshift-ci-robot · 2019-06-11T17:54:53Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: akram, gabemontero

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [gabemontero]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jun 4, 2019

openshift-ci-robot requested review from adambkaplan and gabemontero June 4, 2019 21:32

gabemontero self-assigned this Jun 5, 2019

gabemontero suggested changes Jun 5, 2019

View reviewed changes

openshift-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 6, 2019

gabemontero suggested changes Jun 6, 2019

View reviewed changes

Comment thread README.md Outdated

Comment thread 2/contrib/jenkins/install-plugins.sh Outdated

akram force-pushed the allow-plugin-download-to-use-an-insecure-repository branch from 34d24b9 to b2a99df Compare June 7, 2019 07:02

akram commented Jun 7, 2019

View reviewed changes

akram mentioned this pull request Jun 7, 2019

Adds documentation for JENKINS_UC_INSECURE variable openshift/openshift-docs#15258

Merged

Allow plugin download to use an insecure repository

d7d4f47

Adds JENKINS_UC_INSECURE documentation in README.md Adds JENKINS_UC_INSECURE param and env to the openshift templates

akram force-pushed the allow-plugin-download-to-use-an-insecure-repository branch from 5b121e4 to d7d4f47 Compare June 7, 2019 15:25

gabemontero suggested changes Jun 10, 2019

View reviewed changes

Comment thread README.md Outdated

Comment thread openshift/templates/jenkins-ephemeral.json Outdated

Comment thread openshift/templates/jenkins-persistent.json Outdated

openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 10, 2019

README grammatical error fixes. Add doc about defaut behavior in temp…

ec4c14e

…lates

gabemontero approved these changes Jun 11, 2019

View reviewed changes

openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 11, 2019

openshift-merge-robot merged commit ba053b3 into openshift:master Jun 11, 2019

akram deleted the allow-plugin-download-to-use-an-insecure-repository branch March 12, 2020 21:44

Uh oh!

Conversation

akram commented Jun 4, 2019

Uh oh!

akram commented Jun 4, 2019

Uh oh!

adambkaplan commented Jun 5, 2019

Uh oh!

gabemontero commented Jun 5, 2019

Uh oh!

gabemontero left a comment

Choose a reason for hiding this comment

Uh oh!

gabemontero commented Jun 5, 2019

Uh oh!

gabemontero commented Jun 5, 2019

Uh oh!

akram commented Jun 6, 2019

Uh oh!

akram commented Jun 6, 2019

Uh oh!

gabemontero left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

akram left a comment

Choose a reason for hiding this comment

Uh oh!

akram commented Jun 7, 2019

Uh oh!

akram commented Jun 7, 2019

Uh oh!

gabemontero left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

gabemontero commented Jun 10, 2019

Uh oh!

gabemontero commented Jun 11, 2019

Uh oh!

openshift-ci-robot commented Jun 11, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants