fix(repo-server): Fix SystemCATrust for RHEL 9#1123
Conversation
|
|
||
| update-ca-trust | ||
| # Specifying the explicit location to turn on the container-aware behavior | ||
| update-ca-trust extract --output /etc/pki/ca-trust/extracted |
There was a problem hiding this comment.
This is the actual fix for the bug. The --output option causes update-ca-trust not to assume it is run as root. Ref.: https://bugzilla.redhat.com/show_bug.cgi?id=2241240
| "cat", caBundlePath, | ||
| "bash", "-c", | ||
| // Ubuntu or RHEL location | ||
| "cat /etc/ssl/certs/ca-certificates.crt || cat /etc/ssl/certs/ca-bundle.crt", |
There was a problem hiding this comment.
Done this way, so tests are easier to sync in the future - no difference between operators on this line.
|
|
||
| if !fixture.EnvNonOLM() { | ||
| image = "registry.redhat.io/openshift-gitops-1/argocd-rhel8" | ||
| imageVersion = "sha256:8a0544c14823492165550d83a6d8ba79dd632b46144d3fdcb543793726111d76" |
There was a problem hiding this comment.
The very culprit of the bug. The rhel8 I hard-coded here prevented our quality gates to spot incompatibility with rhel9, so this passed nicely during CI and QE, but failed spectacularly in production using RHEL 9.
olivergondza
changed the title
|
/retest |
|
/lgtm |
|
/approve |
olivergondza
force-pushed
the
fix-systemcatrust-tests
branch
from
5cf7436 to
39977df
Compare
|
|
||
| // --- Helper Functions --- | ||
|
|
||
| func getCSV(ctx context.Context, k8sClient client.Client) *olmv1alpha1.ClusterServiceVersion { |
There was a problem hiding this comment.
Moved to fixture.
olivergondza
changed the title
The hardcoded image url caused the tests to pass despite the desired image have changed. Signed-off-by: Oliver Gondža <ogondza@gmail.com>
…into fix-systemcatrust-tests
olivergondza
force-pushed
the
fix-systemcatrust-tests
branch
from
39977df to
783f49b
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: svghadi The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
openshift-merge-bot
bot
merged commit 71974fd
into
redhat-developer:master
|
/cherry-pick v1.20 |
|
@svghadi: new pull request created: #1127 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
3 participants
The hardcoded image url caused the tests to pass despite the desired image have changed.
What type of PR is this?
/kind bug
What does this PR do / why we need it:
Have you updated the necessary documentation?
Which issue(s) this PR fixes:
https://redhat.atlassian.net/browse/GITOPS-9511
Test acceptance criteria:
How to test changes / Special notes to the reviewer: