Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unauthorized error should cause containers to quit or (better) re-read authentication information #358

Open
nuclearcat opened this issue Nov 27, 2023 · 3 comments
Open

Unauthorized error should cause containers to quit or (better) re-read authentication information #358

nuclearcat opened this issue Nov 27, 2023 · 3 comments

Comments

@nuclearcat
Copy link
Member

In some cases token might get updated in k8s or docker container, but in current case we have following problem:

11/24/2023 04:01:46 PM UTC [INFO] Existing revision                kernelci_staging-stable          5be3078c819c6de773b07dba8bd45bb40f2caa96
11/24/2023 04:01:47 PM UTC [INFO] Existing revision                mainline                         f1a09972a45ae63efbd1587337c4be13b1893330
11/24/2023 04:01:47 PM UTC [INFO] Sleeping for 3600s
11/24/2023 05:01:47 PM UTC [INFO] New revision                     kernelci_staging-mainline        7b8e21d60e895185fb8bdcedf51b4161d0305d60
11/24/2023 05:01:47 PM UTC [ERROR] Unauthorized
11/24/2023 05:01:47 PM UTC [INFO] Existing revision                kernelci_staging-next            1c98619b589f17c2c6ee53abc55350f138e359bb
11/24/2023 05:01:47 PM UTC [INFO] Existing revision                kernelci_staging-stable          5be3078c819c6de773b07dba8bd45bb40f2caa96
11/24/2023 05:01:48 PM UTC [INFO] Existing revision                mainline                         f1a09972a45ae63efbd1587337c4be13b1893330

trigger process keep failing on Unauthorized, but not rereading token, staying non-functional.
nuclearcat added a commit to nuclearcat/kernelci-pipeline that referenced this issue Nov 27, 2023
@nuclearcat
trigger.py: Quit, if error 401
9d8499d 
In some cases token might get updated, but to re-read it we need
to restart container.
In future we need to implement re-read of token only.

Improves kernelci#358

Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
nuclearcat added a commit to nuclearcat/kernelci-pipeline that referenced this issue Nov 27, 2023
@nuclearcat
trigger.py: Quit, if error 401
52cb559 
In some cases token might get updated, but to re-read it we need
to restart container.
In future we need to implement re-read of token only.

Improves kernelci#358

Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
This was referenced Nov 27, 2023
Closed
Closed
@gctucker
Copy link
Contributor

In principle, when something like a token is revoked or replaced, then a production redeployment should happen to enable the new configuration. Then the services would be restarted. I think this is just one of the many corner-cases where something can go wrong but isn't part of the normal workflow.

@nuclearcat nuclearcat mentioned this issue Nov 28, 2023
Closed
@JenySadadia
Copy link
Collaborator

One solution is to restart all the services whenever .env file changes are detected. The drawback is that if we use this kind of automation, the user will be unaware of when the services got restarted. That would also cause abrupt termination of ongoing tests or build execution.
I think the best way is to manually restart services when required instead of automating the process.

@JenySadadia
Copy link
Collaborator

@nuclearcat One solution is to monitor .env file and restart all the services if file change is detected.
I created a script using inotifywait tool.
Here is the draft PR #380

@JenySadadia JenySadadia mentioned this issue Feb 21, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nuclearcat @gctucker @JenySadadia