search

projectcalico / calico

Cloud native networking and network security
https://docs.tigera.io/calico/latest/about/
Apache License 2.0
6.01k stars 1.34k forks source link

Cannot build node/calico_test dockerfile in 3.26 or 3.27 #8832

Closed paulgmiller closed 4 months ago

paulgmiller commented 5 months ago

Cannot build node/calico_test dockerfile in 3.26 or 3.27 fails with certificate verify failed

Expected Behavior

runnig make k8s-test in node directory shoudl work but it can't create its docker file in .calico_test.created

Current Behavior

Switched to a new branch 'release-v3.27'

pmiller@millercloud2 [04:43:34] [~/calico/node/calico_test] [release-v3.27 *]
-> % docker build -f Dockerfile.amd64.calico_test -t junk .
Sending build context to Docker daemon  15.36kB
Step 1/7 : FROM docker:1.13.0
 ---> 9aa3005db491
Step 2/7 : MAINTAINER Tom Denham <tom@projectcalico.org>
 ---> Using cache
 ---> 4269843ac2d8
Step 3/7 : RUN apk add --update python python-dev py2-pip py-setuptools openssl-dev libffi-dev tshark         netcat-openbsd iptables ip6tables iproute2 iputils ipset curl gcc jq musl-dev &&         echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf &&         rm -rf /var/cache/apk/*
 ---> Using cache
 ---> 0e604788b0c6
Step 4/7 : COPY requirements.txt /requirements.txt
 ---> 8a5a4d28428f
Step 5/7 : RUN pip install -r /requirements.txt
 ---> Running in 2b109e795cac
Collecting atomicwrites==1.4.1 (from -r /requirements.txt (line 1))
  **Could not fetch URL https://pypi.python.org/simple/atomicwrites/: There was a problem confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726) - skipping
  Could not find a version that satisfies the requirement atomicwrites==1.4.1 (from -r /requirements.txt (line 1)) (from versions: )
No matching distribution found for atomicwrites==1.4.1 (from -r /requirements.txt (line 1))**

Possible Solution

works in master. come up to newer docker base image? Or add/update ca certs in old?

Steps to Reproduce (for bugs)

See above.

Context

Rebuilding a bad arm64 image (we weren't cross compiling) and would like to run the tests.

Your Environment

Ubuntu 20.24

paulgmiller commented 5 months ago

Realized its possible old releases are run calico_test from master. If thats the case let us know.

matthewdupre commented 5 months ago

@paulgmiller Yes, they all use the latest image. The last 3.27 ran we ran in CI used calico/test:latest-amd64

It's a bit disappointing that the make target doesn't work directly - we use the .semaphore/vms/run-tests-on-vms script to run them all in CI but that may not be terribly portable.

hjiawei commented 4 months ago

node/calico_test image build for v3.26 branch is fixed as part of https://github.com/projectcalico/calico/pull/8894. v3.27 is fixed in https://github.com/projectcalico/calico/pull/8815.