search

delphix / appliance-build

This repository contains the code used to build the Ubuntu-based Delphix Appliance, leveraging open-source tools such as Debian's live-build, Docker, Ansible, OpenZFS, and others.
Apache License 2.0
19 stars 41 forks source link

Failed to generate sign.request #697

Open sdimitro opened 1 year ago

sdimitro commented 1 year ago 
05:30:27  + cp /var/tmp/jenkins/workspace/appliance-build-stage0/post-push/appliance-build/upgrade/prepare prepare
05:30:27  + sha256sum payload.tar.gz version.info verification-version.info prepare
05:31:00  + set +o xtrace
05:31:00  curl: (22) The requested URL returned error: 404 
05:31:00  upgrade-image-from-aptly-repo.sh: failed to generate sign-request.response file
05:31:00  + die 'failed to generate upgrade image from Aptly repository'
05:31:00  ++ basename /var/tmp/jenkins/workspace/appliance-build-stage0/post-push/appliance-build/scripts/build-upgrade-image.sh
05:31:00  + echo 'build-upgrade-image.sh: failed to generate upgrade image from Aptly repository'
05:31:00  build-upgrade-image.sh: failed to generate upgrade image from Aptly repository
05:31:00  + exit 2

link: http://ops.jenkins.delphix.com/job/appliance-build-stage0/job/post-push/4745/execution/node/295/log/

sdimitro commented 1 year ago

Problem seems to stem from here: https://github.com/delphix/appliance-build/blob/a5936cd05378a303b06da8dc59705567382e7205/scripts/upgrade-image-from-aptly-repo.sh#L160

if [[ -n "${DELPHIX_SIGNATURE_TOKEN:-}" ]] && [[ -n "${DELPHIX_SIGNATURE_URL:-}" ]]; then
    echo "{\"data\": \"$(base64 -w 0 SHA256SUMS)\"}" >sign-request.payload ||
        die "failed to generate sigh-request.payload file"

    #
    # Here, we need to generate signature files for all of the appliance
    # versions that'll be allowed to upgrade from, using this upgrade
    # image. We rely on the user of this script to pass in this list
    # of versions; generally this will be some Jenkins automation.
    #
    for signature_version in $DELPHIX_SIGNATURE_VERSIONS; do
        curl -s -S -f -H "Content-Type: application/json" \
            -u "$DELPHIX_SIGNATURE_TOKEN" -d @sign-request.payload \
            "$DELPHIX_SIGNATURE_URL/upgrade/keyVersion/${signature_version}/sign" \
            >sign-request.response ||
            die "failed to generate sign-request.response file"

We got a 404 from the $DELPHIX_SIGNATURE_URL/...etc.../${signature_version}/sign. Unfortunately the logs don't tell us where this came from so I'll probably need to rerun the job in a bootstrap VM.

pcd1193182 commented 1 year ago

That means that the signing server threw a 404 when you tried to get the signature... Possibly the signing server removed support for an old key version that the appliance-build repo still tries to use?