[Ci-users] Accessing cbs.centos.org from inside CI

Wed May 11 13:34:48 UTC 2016
Fabian Arrotin <arrfab at centos.org>

On 11/05/16 15:12, Karanbir Singh wrote:
> On 10/05/16 19:43, Fabian Arrotin wrote:
>> On 10/05/16 20:37, Jason Brooks wrote:
>>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>>> ```
>>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>>> cbs.centos.org has address
>>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>>> ^C
>>>>>> ```
>>>>>> Just times out
>>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>> I can work around this for now by sed'ing the repo to use
>>>>> http just inside the CI infra.
>>>> CI environment is located in the same DC as cbs, but in a different
>>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>>> only opened http from ci to cbs, but I now added https too.
>>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>> Jason
>> Different issue as artifact node is internal and that has been discussed
>> some time ago :
>> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
>> (and people confirmed that the solution worked for them)
>> And the wiki/doc was also adapted to only show one url that works both
>> internally and externally :
>> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
>> http://artifacts.ci.centos.org/
> options on how the https:// might work on the CDN for buildlogs ?

Well, buildlogs is external but also internal copy (yeah ....) but we'd
be able to setup proper https support for that, but the automatic
http->https redirection is what needs to be tested and how yum follows
the redirection for the repomd.xml file (if that works)
Something added on the TODO list, but not priority #1 this week though

OTOH, it's true that it was also discussed that people needing a lot of
artifacts file should ask those to be published on the CDN, and not
retrieved from CI network at all (but can be problematic if people want
the same test to work inside and outside too)

Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160511/f25ea924/attachment-0003.sig>