Closed cantsin closed 1 year ago
Merging #1661 (53c0635) into main (ec76c42) will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## main #1661 +/- ##
=======================================
Coverage 94.17% 94.17%
=======================================
Files 66 66
Lines 4158 4158
=======================================
Hits 3916 3916
Misses 242 242
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
Description
As part of our deployment process, we record the deploy for New Relic:
Unfortunately, it looks like we're getting SSL errors when we use the built-in New Relic certificate located at
/home/vcap/deps/0/python/lib/python3.10/site-packages/newrelic/common/cacert.pem
. I am not sure why this is happening now, but it might be related to New Relic endpoints changing to different IP addresses. Plus, we're already at the latest New Relic version, as far as i can tell. (Although 8.10.1 just came out two days ago). This SSL error blocks staging from deploying.Anyway, we can work around this by setting the
NEW_RELIC_CA_BUNDLE_PATH
(documentation) to the cloud.gov certificates and this seems to work.To replicate the error,
cf ssh
staging and run:newrelic-admin record-deploy newrelic.ini "testing"
This will fail with:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)
To confirm the fix works:
NEW_RELIC_CA_BUNDLE_PATH=/etc/ssl/certs/ newrelic-admin record-deploy newrelic.ini "testing"