search

theforeman / foreman-infra

Puppet modules and scripts to manage Foreman project infrastructure
https://theforeman.github.io/foreman-infra
Apache License 2.0
23 stars 51 forks source link

Update ruby 2.7 to 2.7.8 #2001

Closed wbclark closed 7 months ago

wbclark commented 9 months ago

Trying to resolve an issue with https://github.com/Katello/katello/pull/10824

In CI, that was failing with:

[2023-12-12T21:28:51.917Z] Error:

[2023-12-12T21:28:51.917Z] CdnResourceTest#test_http_downloader_tlsv13:

[2023-12-12T21:28:51.917Z] NameError: uninitialized constant OpenSSL::SSL::TLS1_3_VERSION

[2023-12-12T21:28:51.917Z] Did you mean?  OpenSSL::SSL::TLS1_1_VERSION

[2023-12-12T21:28:51.917Z]                OpenSSL::SSL::TLS1_2_VERSION

[2023-12-12T21:28:51.917Z]                OpenSSL::SSL::TLS1_VERSION

[2023-12-12T21:28:51.917Z]                OpenSSL::SSL::SSL3_VERSION

[2023-12-12T21:28:51.917Z]     /home/jenkins/workspace/katello-pr-test/app/lib/katello/resources/cdn.rb:115:in `const_get'

[2023-12-12T21:28:51.917Z]     /home/jenkins/workspace/katello-pr-test/app/lib/katello/resources/cdn.rb:115:in `http_downloader'

[2023-12-12T21:28:51.917Z]     /home/jenkins/workspace/katello-pr-test/test/lib/resources/cdn_test.rb:24:in `test_http_downloader_tlsv13'

In nightlies and in my dev environment, with ruby 2.7.8, that issue is not occurring.

evgeni commented 9 months ago

@ekohl @ehelms any one of you recall why we have .4 here? .8 is what's in EL8…

ekohl commented 9 months ago

You bumped it in 989ad9214329c69e0bcbc7a416802310b37740e9 and https://github.com/theforeman/foreman-infra/pull/1793 doesn't say anything about why .4 was chosen. It wasn't the latest version at the time, given https://www.ruby-lang.org/en/downloads/releases/ says 2.7.6 was already out at that point.

Having said that:

[2023-12-12T21:28:51.917Z] NameError: uninitialized constant OpenSSL::SSL::TLS1_3_VERSION

This isn't going to work on our EL7 builders since the OpenSSL version there is too old.

wbclark commented 9 months ago

@ekohl Is there an existing plan or issue to track upgrading builders off of EL7?

I'm disabling that TLS1_3_VERSION unit test in my PR and need to create an issue to re-enable it when it's feasible to do so.

wbclark commented 9 months ago

Also, should this PR be closed, or is it safe to merge given that Ruby 2.7.8 is what users are getting when they install the latest Foreman and Katello builds?

evgeni commented 9 months ago

You bumped it in 989ad92 and #1793 doesn't say anything about why .4 was chosen. It wasn't the latest version at the time, given https://www.ruby-lang.org/en/downloads/releases/ says 2.7.6 was already out at that point.

Ah, 2.7.4 is the Ruby in Debian buster, this is why I used it.

ekohl commented 9 months ago

@ekohl Is there an existing plan or issue to track upgrading builders off of EL7?

https://github.com/theforeman/foreman-infra/issues/1706

I'm disabling that TLS1_3_VERSION unit test in my PR and need to create an issue to re-enable it when it's feasible to do so.

You can check if constants are defined. We do a similar thing here: https://github.com/theforeman/smart-proxy/blob/2fb6db34f8726df3e8b276c4ced0542fd296bc6a/lib/launcher.rb#L72-L75

That way it gets enabled if TLS 1.3 is supported.