Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PR #1551/03c1923b backport][2.14] Pass certs and tls config when checking for signsture extentions during #1555

Conversation

patchback[bot]
Copy link

@patchback patchback bot commented Mar 15, 2024

This is a backport of PR #1551 as merged into main (03c1923).

sync

[noissue]

In sync we are checking whether the remot registry implrementations signsture extentions API. We need to pass respective remote tls and certs config if they were provided, hence no need to override core's _make_aiohttp_session_from_remote and use it directly from core.

We do not need to pass auth since we care only about response headers that we check.

{"traceback": "  File "/usr/lib/python3.9/site-packages/pulpcore/tasking/pulpcore_worker.py", line 450, in _perform_task
    result = func(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/pulp_container/app/tasks/synchronize.py", line 41, in synchronize
    return dv.create()
  File "/usr/lib/python3.9/site-packages/pulpcore/plugin/stages/declarative_version.py", line 161, in create
    loop.run_until_complete(pipeline)
  File "/usr/lib64/python3.9/asyncio/base_events.py", line 647, in run_until_complete
    return future.result()
  File "/usr/lib/python3.9/site-packages/pulpcore/plugin/stages/api.py", line 225, in create_pipeline
    await asyncio.gather(*futures)
  File "/usr/lib/python3.9/site-packages/pulpcore/plugin/stages/api.py", line 43, in __call__
    await self.run()
  File "/usr/lib/python3.9/site-packages/pulp_container/app/tasks/sync_stages.py", line 81, in run
    signature_source = await self.get_signature_source()
  File "/usr/lib/python3.9/site-packages/pulp_container/app/tasks/sync_stages.py", line 221, in get_signature_source
    result = await extension_check_downloader.run()
  File "/usr/lib/python3.9/site-packages/pulpcore/download/http.py", line 273, in run
    return await download_wrapper()
  File "/usr/lib/python3.9/site-packages/backoff/_async.py", line 151, in retry
    ret = await target(*args, **kwargs)
  File "/usr/lib/python3.9/site-packages/pulpcore/download/http.py", line 258, in download_wrapper
    return await self._run(extra_data=extra_data)
  File "/usr/lib/python3.9/site-packages/pulpcore/download/http.py", line 291, in _run
    async with self.session.get(
  File "/usr/lib64/python3.9/site-packages/aiohttp/client.py", line 1141, in __aenter__
    self._resp = await self._coro
  File "/usr/lib64/python3.9/site-packages/aiohttp/client.py", line 536, in _request
    conn = await self._connector.connect(
  File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 540, in connect
    proto = await self._create_connection(req, traces, timeout)
  File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 901, in _create_connection
    _, proto = await self._create_direct_connection(req, traces, timeout)
  File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 1206, in _create_direct_connection
    raise last_exc
  File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 1175, in _create_direct_connection
    transp, proto = await self._wrap_create_connection(
  File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 982, in _wrap_create_connection
    raise ClientConnectorCertificateError(req.connection_key, exc) from exc
", "description": "Cannot connect to host registry.tts-trax.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')]"}

…ions API during

sync

closes #1552

In sync we are checking whether the remot registry implrementations
signsture extentions API. We need to pass respective remote tls and
certs config if they were provided, hence no need to override core's
``_make_aiohttp_session_from_remote`` and use it directly from core.

We do not need to pass auth since we care only about response headers
that we check.

(cherry picked from commit 03c1923)
@lubosmj lubosmj merged commit 3a237a5 into 2.14 Mar 15, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants