Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenShift CI testing fails due to unexpected status codes #1663

Open
michael-valdron opened this issue Dec 18, 2024 · 2 comments · May be fixed by devfile/registry#531
Open

OpenShift CI testing fails due to unexpected status codes #1663

michael-valdron opened this issue Dec 18, 2024 · 2 comments · May be fixed by devfile/registry#531
Assignees
@michael-valdron
Labels
area/ci area/integration-tests Enhancement or issue related to the devfile integration tests area/registry Devfile registry for stacks and infrastructure kind/bug Something isn't working

Comments

@michael-valdron
Copy link
Member

/kind bug

Which area is this bug related to?

/area ci
/area registry
/area integration-tests

What versions of software are you using?

Go project

Operating System and version: N/A (OpenShift 4.15)

Go Pkg Version: 1.21

Bug Summary

Describe the bug:

The OpenShift CI testing environment is currently producing failures due to the checks on the URL return code not being 200. From the logs, it appears to be caused by a SSL certification or lack of one expected.

To Reproduce:

Any time the ci/prow/v4.15-*-test PR checks are run.

Expected behavior

Integration testing checks for the returned status code should return 200.

Any logs, error output, screenshots etc? Provide the devfile that sees this bug, if applicable

Checking if https://https-go-c2dd0bfa-go-102.apps.ci-op-ffks8v5w-a073e.devfile-ci.com/ is returning HTTP 200
+ echo ''
+ grep -q -E 'HTTP/[0-9.]+ 200'
+ ret_val=1
+ '[' 1 -ne 0 ']'
+ echo 'ERROR: not HTTP 200'
ERROR: not HTTP 200
+ echo ''
+ sleep 10
+ for i in '$(seq 1 10)'
+ echo 'try: 2'
try: 2
++ curl -i https://https-go-c2dd0bfa-go-102.apps.ci-op-ffks8v5w-a073e.devfile-ci.com/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Additional context

Any workaround?

Set the --insecure flag here.

Suggestion on how to fix the bug

Begin an investigation to find the culprit to these errors. If nothing can be found or a change requires a different setup, we can consider the workaround.
@openshift-ci openshift-ci bot added kind/bug Something isn't working area/ci area/registry Devfile registry for stacks and infrastructure area/integration-tests Enhancement or issue related to the devfile integration tests labels Dec 18, 2024
@michael-valdron michael-valdron moved this to Refinement in Devfile Project Dec 18, 2024
@michael-valdron michael-valdron mentioned this issue Dec 18, 2024
Merged
@michael-valdron michael-valdron self-assigned this Dec 18, 2024
@michael-valdron michael-valdron moved this from Refinement to In Progress 🚧 in Devfile Project Dec 18, 2024
@michael-valdron
Copy link
Member Author

Priority set to be blocker as this is currently blocking all required PR checks from passing.

@michael-valdron michael-valdron linked a pull request Dec 24, 2024 that will close this issue
Open
4 tasks
@michael-valdron michael-valdron moved this from In Progress 🚧 to In Review 👀 in Devfile Project Dec 24, 2024
@michael-valdron
Copy link
Member Author

Failing tests seem to be caused by curl not accepting the self signed cert used in the test cases when a stack is using HTTPS rather than HTTP. How this is failing now is still unknown but is expected to be from an update to curl. In any case, it is so far looking like the workaround is the best option for a fix however I am holding my PR until a discussion is had: devfile/registry#531 (comment)

Sized to 2 days based on time spent on investigation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michael-valdron michael-valdron

Labels
area/ci area/integration-tests Enhancement or issue related to the devfile integration tests area/registry Devfile registry for stacks and infrastructure kind/bug Something isn't working
Projects
Devfile Project
Status: In Review 👀
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

TLS enablement for check_odov2.sh and openshift_integration.sh michael-valdron/devfile-registry
1 participant
@michael-valdron