Details

    • Type: Improvement
    • Status: Closed
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 2017/08/02
    • Component/s: None
    • Labels:
      None
    • Environment:

      Ubuntu 14.04 running in AWS region west-2

    • Template:
    • QA Risk Assessment:
      Needs Assessment

      Description

      This ticket is pretty much as duplicate of CPR-419, but only effects some CDNs. I've started this as a blocker as it prevents puppet installing on some AWS regions - which is quite a big deal.

      The apt-update command fails unless I manually point apt.puppetlabs.com at a different CDN

      root@ip-172-30-2-30:~# apt-get update
      ...
      Reading package lists... Done
      W: GPG error: http://apt.puppetlabs.com trusty Release: The following signatures were invalid: BADSIG 7F438280EF8D349F Puppet, Inc. Release Key (Puppet, Inc. Release Key) <release@puppet.com>
      

      Is there any way to force an update to all of your CDN servers?

      Test that demonstrates the problem/ fix, starting with an AWS instance in us-west-2c:

      ubuntu@ip-172-30-2-30:~$ sudo -s
      root@ip-172-30-2-30:~# apt-get update
      Ign http://us-west-2.ec2.archive.ubuntu.com trusty InRelease
      ....
      Get:28 http://security.ubuntu.com trusty-security/universe Translation-en [91.4 kB]
      Fetched 11.9 MB in 4s (2,499 kB/s)                                             
      Reading package lists... Done
      

      root@ip-172-30-2-30:~# wget https://apt.puppetlabs.com/puppetlabs-release-pc1-trusty.deb
      --2017-05-09 11:20:24--  https://apt.puppetlabs.com/puppetlabs-release-pc1-trusty.deb
      Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 52.84.21.35, 52.84.21.66, 52.84.21.107, ...
      Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|52.84.21.35|:443... connected.
      HTTP request sent, awaiting response... 200 OK
      Length: 13652 (13K) [application/x-debian-package]
      Saving to: ‘puppetlabs-release-pc1-trusty.deb’
       
      100%[===================================================================================================================================================================>] 13,652      --.-K/s   in 0s      
       
      2017-05-09 11:20:24 (456 MB/s) - ‘puppetlabs-release-pc1-trusty.deb’ saved [13652/13652]
       
      root@ip-172-30-2-30:~# dpkg -i puppetlabs-release-pc1-trusty.deb 
      Selecting previously unselected package puppetlabs-release-pc1.
      (Reading database ... 51307 files and directories currently installed.)
      Preparing to unpack puppetlabs-release-pc1-trusty.deb ...
      Unpacking puppetlabs-release-pc1 (1.1.0-2trusty) ...
      Setting up puppetlabs-release-pc1 (1.1.0-2trusty) ...
      

      Apt-update now process a BADSIG error:

      root@ip-172-30-2-30:~# apt-get update
      Ign http://us-west-2.ec2.archive.ubuntu.com trusty InRelease
      ....
      Hit http://us-west-2.ec2.archive.ubuntu.com trusty-updates/main Sources        
      Get:1 http://apt.puppetlabs.com trusty Release.gpg [841 B]                     
      Hit http://us-west-2.ec2.archive.ubuntu.com trusty-updates/restricted Sources  
      ....
      Hit http://us-west-2.ec2.archive.ubuntu.com trusty-updates/restricted amd64 Packages
      Get:2 http://apt.puppetlabs.com trusty Release [54.2 kB]                       
      Hit http://us-west-2.ec2.archive.ubuntu.com trusty-updates/universe amd64 Packages
      ....
      Hit http://us-west-2.ec2.archive.ubuntu.com trusty-backports/universe amd64 Packages
      Ign http://apt.puppetlabs.com trusty Release                                   
      Hit http://us-west-2.ec2.archive.ubuntu.com trusty-backports/multiverse amd64 Packages
      ....
      Hit http://security.ubuntu.com trusty-security/universe Translation-en
      Get:3 http://apt.puppetlabs.com trusty/PC1 amd64 Packages [26.4 kB]
      Ign http://apt.puppetlabs.com trusty/PC1 Translation-en_US         
      Ign http://apt.puppetlabs.com trusty/PC1 Translation-en
      Fetched 81.4 kB in 2s (35.9 kB/s)
      Reading package lists... Done
      W: GPG error: http://apt.puppetlabs.com trusty Release: The following signatures were invalid: BADSIG 7F438280EF8D349F Puppet, Inc. Release Key (Puppet, Inc. Release Key) <release@puppet.com>
      

      Checking the CDN server:

      root@ip-172-30-2-30:~# nslookup apt.puppetlabs.com
      Server:		172.30.0.2
      Address:	172.30.0.2#53
       
      Non-authoritative answer:
      apt.puppetlabs.com	canonical name = d5lz8ppryy0af.cloudfront.net.
      Name:	d5lz8ppryy0af.cloudfront.net
      Address: 52.84.21.224
      Name:	d5lz8ppryy0af.cloudfront.net
      Address: 52.84.21.226
      Name:	d5lz8ppryy0af.cloudfront.net
      Address: 52.84.21.229
      Name:	d5lz8ppryy0af.cloudfront.net
      Address: 52.84.21.35
      Name:	d5lz8ppryy0af.cloudfront.net
      Address: 52.84.21.66
      Name:	d5lz8ppryy0af.cloudfront.net
      Address: 52.84.21.107
      Name:	d5lz8ppryy0af.cloudfront.net
      Address: 52.84.21.122
      Name:	d5lz8ppryy0af.cloudfront.net
      Address: 52.84.21.127
       
      root@ip-172-30-2-30:~# ping apt.puppetlabs.com
      PING d5lz8ppryy0af.cloudfront.net (52.84.21.226) 56(84) bytes of data.
      64 bytes from server-52-84-21-226.sea32.r.cloudfront.net (52.84.21.226): icmp_seq=1 ttl=239 time=7.35 ms
      64 bytes from server-52-84-21-226.sea32.r.cloudfront.net (52.84.21.226): icmp_seq=2 ttl=239 time=7.41 ms
       
      --- d5lz8ppryy0af.cloudfront.net ping statistics ---
      2 packets transmitted, 2 received, 0% packet loss, time 1001ms
      rtt min/avg/max/mdev = 7.352/7.384/7.416/0.032 ms
      

      Pointing at a different server, from a working host in the UK:

      root@ip-172-30-2-30:~# vi /etc/hosts
      root@ip-172-30-2-30:~# cat /etc/hosts
      127.0.0.1 localhost
       
      216.137.63.14 apt.puppetlabs.com                   << Added this
       
      # The following lines are desirable for IPv6 capable hosts
      ::1 ip6-localhost ip6-loopback
      fe00::0 ip6-localnet
      ff00::0 ip6-mcastprefix
      ff02::1 ip6-allnodes
      ff02::2 ip6-allrouters
      ff02::3 ip6-allhosts
      

      Succeeding apt-get update:

      root@ip-172-30-2-30:~# apt-get update
      root@ip-172-30-2-30:~# apt-get update
      Ign http://us-west-2.ec2.archive.ubuntu.com trusty InRelease
      ....
      Hit http://security.ubuntu.com trusty-security InRelease                       
      Ign http://apt.puppetlabs.com trusty InRelease                               
      Hit http://security.ubuntu.com trusty-security/main Sources               
      Get:1 http://apt.puppetlabs.com trusty Release.gpg [836 B]         
      Hit http://security.ubuntu.com trusty-security/universe Sources   
      Hit http://apt.puppetlabs.com trusty Release                      
      Hit http://security.ubuntu.com trusty-security/main amd64 Packages 
      Hit http://apt.puppetlabs.com trusty/PC1 amd64 Packages
      Hit http://security.ubuntu.com trusty-security/universe amd64 Packages
      ....
      Hit http://security.ubuntu.com trusty-security/universe Translation-en
      Ign http://apt.puppetlabs.com trusty/PC1 Translation-en_US         
      Ign http://apt.puppetlabs.com trusty/PC1 Translation-en
      Fetched 836 B in 2s (348 B/s)
      Reading package lists... Done
       
      root@ip-172-30-2-30:~# ping apt.puppetlabs.com
      PING apt.puppetlabs.com (216.137.63.14) 56(84) bytes of data.
      64 bytes from apt.puppetlabs.com (216.137.63.14): icmp_seq=1 ttl=238 time=155 ms
      64 bytes from apt.puppetlabs.com (216.137.63.14): icmp_seq=2 ttl=238 time=155 ms
      64 bytes from apt.puppetlabs.com (216.137.63.14): icmp_seq=3 ttl=238 time=155 ms
      

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                heyto Tom Hey
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support