bots icon indicating copy to clipboard operation
bots copied to clipboard

Published 20 hours ago verified publisher icon cockpit-project

WIP: 2254473af0e9: [no-test] Fix debian-testing image refresh

Open martinpitt opened this issue 1 year ago • 3 comments

Fixes #6377

  • [ ] image-refresh debian-testing
  • [x] Requires https://github.com/cockpit-project/cockpit/pull/20502

martinpitt avatar May 24 '24 05:05 martinpitt

image-refresh debian-testing done: https://github.com/cockpit-project/bots/commits/image-refresh-debian-testing-20240524-051432

cockpituous avatar May 24 '24 05:05 cockpituous

Success. Log: https://cockpit-logs.us-east-1.linodeobjects.com/image-refresh-debian-testing-ac17cf87-20240524-050101/log.html

cockpituous avatar May 24 '24 05:05 cockpituous

I have the other failures fixed locally, but this one remains. Connecting to the RHEL 8 machine now takes rather long, but does eventually succeed.

This is independent of cockpit -- ssh -vv 10.111.113.5 also hangs for a long time. This seems to be due to an attempted kerberos auth:

debug1: Next authentication method: gssapi-with-mic

# 5 seconds pause

debug1: No credentials were supplied, or the credentials were unavailable or inaccessible
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_0)

# 10 seconds pause

debug1: No credentials were supplied, or the credentials were unavailable or inaccessible
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_0)
debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey

Curiously it works fast with cockpit-ssh, but this is ferny ssh. The test itself isn't involved -- I added a sit() right at the top.

As the previous image refresh was already 3 weeks ago, tons of packages changed. The most plausible ones are openssh-client (but not much happened, no difference with downgrade) and sssd (but it's not running, and still happens with removing all "sss" from nsswitch.conf).

So I started with the current image, and upgraded packages step by step. But even after a full upgrade that is fast.

Finally I figured out that installing krb5-config fixes this. ssh is just slow without /etc/krb5.conf.

martinpitt avatar May 24 '24 07:05 martinpitt

image-refresh debian-testing done: https://github.com/cockpit-project/bots/commits/image-refresh-debian-testing-20240524-081242

cockpituous avatar May 24 '24 08:05 cockpituous

Success. Log: https://cockpit-logs.us-east-1.linodeobjects.com/image-refresh-debian-testing-665d7989-20240524-075858/log.html

cockpituous avatar May 24 '24 08:05 cockpituous

Why do we require the tzdata-legacy package? will chrony not work properly without it (and if so, why isn't it a dependency)? do our tests depend on the old names?

It is a dependency. But apt-get download doesn't download dependencies, only the specified package. I had an intermediate version with apt-get install --download-only, but that doesn't work properly either as chrony is already installed by default on some images.

martinpitt avatar May 27 '24 03:05 martinpitt