Allow plugin download to use an insecure repository

[akram]

No description provided.

[akram]

hi @adambkaplan , can you PTAL ?

[adambkaplan]

@akram I assume this is to address https://jira.coreos.com/browse/DEVEXP-367 and https://bugzilla.redhat.com/show_bug.cgi?id=1693533 ?

[gabemontero]

@akram @adambkaplan I'm taking a look

[gabemontero]

@akram since this is a RH subscription customer support case calling for this we should expose this tuning option:

1. update the README's env var section to explain it
2. update the templates under https://github.com/openshift/jenkins/tree/master/openshift/templates
3. update the docs under https://github.com/openshift/openshift-docs ... as those are still in a bit of flux, reach out to @bmcelvee to nail down the right branch/location

[gabemontero]

Also, to help @akram on the e2e-aws-jenkins failure, I took a peek for him. It failed in the client plugin test becase of an apparent expired certificate. From https://openshift-gce-devel.appspot.com/build/origin-ci-test/pr-logs/pull/openshift_jenkins/866/pull-ci-openshift-jenkins-master-e2e-aws-jenkins/288:

[Pipeline] End of Pipeline
hudson.AbortException: rsh returned an error;
{reference={}, err=Error from server: error dialing backend: x509: certificate signed by unknown authority
, verb=rsh, cmd=oc --server=https://172.30.0.1:443 --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt --namespace=e2e-test-jenkins-pipeline-xskb5 --token=XXXXX rsh mongodb-1-4qrs7 ps ax , out=, status=1}

	at com.openshift.jenkins.plugins.OpenShiftDSL$Result.failIf(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1030)
	at com.openshift.jenkins.plugins.OpenShiftDSL.simplePassthrough(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:980)
	at com.openshift.jenkins.plugins.OpenShiftDSL.rsh(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:985)
	at WorkflowScript.run(WorkflowScript:185)
	at com.openshift.jenkins.plugins.OpenShiftDSL$OpenShiftResourceSelector.untilEach(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1353)
	at com.openshift.jenkins.plugins.OpenShiftDSL$OpenShiftResourceSelector.withEach(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1629)
	at com.openshift.jenkins.plugins.OpenShiftDSL$OpenShiftResourceSelector.untilEach(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1352)
	at com.openshift.jenkins.plugins.OpenShiftDSL$OpenShiftResourceSelector.watch(jar:file:/var/lib/jenkins/plugins/openshift-client/WEB-INF/lib/openshift-client.jar!/com/openshift/jenkins/plugins/OpenShiftDSL.groovy:1321)
	at ___cps.transform___(Native Method)

On the surface that feels like a api.ci / openshift CICD flake. I saw similar ones in unrelated networking e2es in the e2e-aws run:

StdErr: "Error from server: error dialing backend: x509: certificate signed by unknown authority",

[gabemontero]

/retest

[akram]

https://bugzilla.redhat.com/show_bug.cgi?id=1693533

@akram I assume this is to address https://jira.coreos.com/browse/DEVEXP-367 and https://bugzilla.redhat.com/show_bug.cgi?id=1693533 ?

Hi @adambkaplan
I didn't know about the BZ and the JIRA. My initial PR was done maybe in last December and the BZ has been reported on march.
Reading the BZ, it looks like they are asking to expose CURL_OPTIONS which may have more impacts and would require more input filtering.

[akram]

@akram since this is a RH subscription customer support case calling for this we should expose this tuning option:

1. update the README's env var section to explain it
2. update the templates under https://github.com/openshift/jenkins/tree/master/openshift/templates
3. update the docs under https://github.com/openshift/openshift-docs ... as those are still in a bit of flux, reach out to @bmcelvee to nail down the right branch/location

Hi @gabemontero , thank you for reviewing.
Definitely, I was thinking about updating the README. And OK, I will update the template also. I will do it in separate commits and squash when all validated.

[gabemontero]

a couple of additional req's @akram while waiting on the template update

[akram]

It looks like my editor did some clean up of whitespaces that I didn't notice when doing my git diff.

[akram]

@akram since this is a RH subscription customer support case calling for this we should expose this tuning option:

1. update the README's env var section to explain it
2. update the templates under https://github.com/openshift/jenkins/tree/master/openshift/templates
3. update the docs under https://github.com/openshift/openshift-docs ... as those are still in a bit of flux, reach out to @bmcelvee to nail down the right branch/location

Documentation update is in this branch:
https://github.com/akram/openshift-docs/tree/allow-plugin-download-to-use-an-insecure-repository which I based on enterprise-3.11 .

I contacted @bmcelvee to know which branch to rely on to create the PR. I am waiting for her reply.

[akram]

PRs for documentation:
openshift/openshift-docs#15258
openshift/openshift-docs#14227
bmcelvee/openshift-docs#2

[gabemontero]

Some minor changes on the new README hits

[gabemontero]

/approve

[gabemontero]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: akram, gabemontero

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [gabemontero]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment