[PR #1551/03c1923b backport][2.18] Pass certs and tls config when checking for signsture extentions during #1558
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![patchback[bot]](https://avatars.githubusercontent.com/in/21488?s=60&v=4){kind=small}
…ions API during sync closes #1552 In sync we are checking whether the remot registry implrementations signsture extentions API. We need to pass respective remote tls and certs config if they were provided, hence no need to override core's ``_make_aiohttp_session_from_remote`` and use it directly from core. We do not need to pass auth since we care only about response headers that we check. (cherry picked from commit 03c1923)
lubosmj
approved these changes
Mar 15, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a backport of PR #1551 as merged into main (03c1923).
sync
[noissue]
In sync we are checking whether the remot registry implrementations signsture extentions API. We need to pass respective remote tls and certs config if they were provided, hence no need to override core's
_make_aiohttp_session_from_remoteand use it directly from core.We do not need to pass auth since we care only about response headers that we check.
{"traceback": " File "/usr/lib/python3.9/site-packages/pulpcore/tasking/pulpcore_worker.py", line 450, in _perform_task result = func(*args, **kwargs) File "/usr/lib/python3.9/site-packages/pulp_container/app/tasks/synchronize.py", line 41, in synchronize return dv.create() File "/usr/lib/python3.9/site-packages/pulpcore/plugin/stages/declarative_version.py", line 161, in create loop.run_until_complete(pipeline) File "/usr/lib64/python3.9/asyncio/base_events.py", line 647, in run_until_complete return future.result() File "/usr/lib/python3.9/site-packages/pulpcore/plugin/stages/api.py", line 225, in create_pipeline await asyncio.gather(*futures) File "/usr/lib/python3.9/site-packages/pulpcore/plugin/stages/api.py", line 43, in __call__ await self.run() File "/usr/lib/python3.9/site-packages/pulp_container/app/tasks/sync_stages.py", line 81, in run signature_source = await self.get_signature_source() File "/usr/lib/python3.9/site-packages/pulp_container/app/tasks/sync_stages.py", line 221, in get_signature_source result = await extension_check_downloader.run() File "/usr/lib/python3.9/site-packages/pulpcore/download/http.py", line 273, in run return await download_wrapper() File "/usr/lib/python3.9/site-packages/backoff/_async.py", line 151, in retry ret = await target(*args, **kwargs) File "/usr/lib/python3.9/site-packages/pulpcore/download/http.py", line 258, in download_wrapper return await self._run(extra_data=extra_data) File "/usr/lib/python3.9/site-packages/pulpcore/download/http.py", line 291, in _run async with self.session.get( File "/usr/lib64/python3.9/site-packages/aiohttp/client.py", line 1141, in __aenter__ self._resp = await self._coro File "/usr/lib64/python3.9/site-packages/aiohttp/client.py", line 536, in _request conn = await self._connector.connect( File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 540, in connect proto = await self._create_connection(req, traces, timeout) File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 901, in _create_connection _, proto = await self._create_direct_connection(req, traces, timeout) File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 1206, in _create_direct_connection raise last_exc File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 1175, in _create_direct_connection transp, proto = await self._wrap_create_connection( File "/usr/lib64/python3.9/site-packages/aiohttp/connector.py", line 982, in _wrap_create_connection raise ClientConnectorCertificateError(req.connection_key, exc) from exc ", "description": "Cannot connect to host registry.tts-trax.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')]"}