Open Stack

We fell foul of this Ansible issue: https://github.com/ansible/ansible/issues/18996 <https://github.com/ansible/ansible/issues/18996>

And now with a workaround our blog syndication is back up and running.

Thanks again,
Stig


> On 21 Jun 2017, at 07:16, Stig Telfer <stig.openstack at telfer.org> wrote:
> 
> Thank you Jeremy, that is exactly what we needed to know.
> 
> Much appreciated,
> Stig
> 
>> On 20 Jun 2017, at 19:06, Jeremy Stanley <fungi at yuggoth.org> wrote:
>> 
>> On 2017-06-20 18:07:54 +0100 (+0100), Stig Telfer wrote:
>>> Can anyone help me with restoring our blog feed on
>>> planet.openstack.org?  Our blog ("StackHPC team blog") is not
>>> getting syndicated.  In the planet.openstack.org page source, it's
>>> tagged with "internal server error" - is that something we can fix
>>> or the result of a transient outage, or…?
>> 
>> It appears that planet is unable to connect to the HTTPS URL you've
>> supplied because https://www.stackhpc.com/ is using an X.509 cert
>> issued by "Let's Encrypt Authority X3" but is not supplying an
>> appropriate certificate chain up to a well-known authority trusted
>> by Ubuntu 16.04 (note some browsers, e.g. recent Firefox releases,
>> may include that cert directly in their trust set but many
>> command-line tools like wget/curl or other browsers still may not):
>> 
>>   https://www.ssllabs.com/ssltest/analyze.html?d=www.stackhpc.com
>> 
>>   "This server's certificate chain is incomplete."
>> 
>> You likely need to configure your server to append the active
>> intermediate CA certificates linked at:
>> 
>>   https://letsencrypt.org/certificates/
>> 
>>> It seems like there are 26 blog feeds currently in this state
>>> (ours has been like it for a few weeks at least).
>> 
>> I haven't checked them all exhaustively (if someone wants to
>> volunteer to clean up the planet config I'm happy to supply a copy
>> of the log from the latest run to aid in that effort), but among the
>> many HTTP not-found, database/internal server error responses, DNS
>> no-such-host and TCP connection timeout failures I have also found a
>> few more with similar HTTPS misconfigurations (though none so far
>> with certs issued by the same CA as yours).
>> 
>>> Is this a known issue, and what needs doing to fix it?
>> 
>> I would classify missing chain certs as a known issue, but one
>> you'll need to address on your end. Alternatively, you could switch
>> to using an http:// scheme in the planet config for your
>> syndication since you're apparently not unilaterally redirecting all
>> HTTP requests to HTTPS.
>> -- 
>> Jeremy Stanley
>> _______________________________________________
>> OpenStack-Infra mailing list
>> OpenStack-Infra at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
> 
> 
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20170622/a4b350ad/attachment.html>