Upgrading Bors to latest, crash

jmcfallargo · April 6, 2020, 2:15pm

We have been running Bors in a docker container (for about two years now). Decided to upgrade to the latest and are getting the error listed below - We tracked it down to a change when Bors was switched over to use Tesla. I have deleted the database and that hasn't helped, so I am assuming that it has something to do with our configuration.

19:01:11.468 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1373 generated CLIENT ALERT: Fatal - Handshake Failure - {bad_cert,max_path_length_reached}', 10]
19:01:11.573 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1373 generated CLIENT ALERT: Fatal - Handshake Failure - {bad_cert,max_path_length_reached}', 10]
19:01:11.678 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1373 generated CLIENT ALERT: Fatal - Handshake Failure - {bad_cert,max_path_length_reached}', 10]
19:01:11.783 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1373 generated CLIENT ALERT: Fatal - Handshake Failure - {bad_cert,max_path_length_reached}', 10]
19:01:11.889 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1373 generated CLIENT ALERT: Fatal - Handshake Failure - {bad_cert,max_path_length_reached}', 10]
19:01:11.890 [error] GenServer BorsNG.GitHub terminating
** (Tesla.Error) :econnrefused (GET /app)
(tesla) lib/tesla.ex:300: Tesla.execute!/3
(bors) lib/github/github/server.ex:61: BorsNG.GitHub.Server.handle_call/3
(stdlib) gen_server.erl:661: :gen_server.try_handle_call/4
(stdlib) gen_server.erl:690: :gen_server.handle_msg/6
(stdlib) proc_lib.erl:249: :proc_lib.init_p_do_apply/3
Last message (from BorsNG.Supervisor): :get_app
19:01:11.891 [info] Application bors exited: BorsNG.Application.start(:normal, ) returned an error: shutdown: failed to start child: BorsNG.Attrs
** (EXIT) exited in: GenServer.call(BorsNG.GitHub, :get_app, 20000)
** (EXIT) an exception was raised:
** (Tesla.Error) :econnrefused (GET /app)
(tesla) lib/tesla.ex:300: Tesla.execute!/3
(bors) lib/github/github/server.ex:61: BorsNG.GitHub.Server.handle_call/3
(stdlib) gen_server.erl:661: :gen_server.try_handle_call/4
(stdlib) gen_server.erl:690: :gen_server.handle_msg/6
(stdlib) proc_lib.erl:249: :proc_lib.init_p_do_apply/3
{"Kernel pid terminated",application_controller,"{application_start_failure,bors,{{shutdown,{failed_to_start_child,'Elixir.BorsNG.Attrs',{'EXIT',{{#{'exception' => true,'struct' => 'Elixir.Tesla.Error',env => #{'client' => #{'struct' => 'Elixir.Tesla.Client',adapter => {'Elixir.Tesla.Adapter.Httpc',call,[[{ssl,[{verify,verify_peer},{verify_fun,{fun ssl_verify_hostname:verify_fun/3,[{check_hostname,"github.mycompany.com"}]}},{cacertfile,"/app/bors/lib/certifi-2.4.2/priv/cacerts.pem"}]}]]},'fun' => nil,post => ,pre => [{'Elixir.Tesla.Middleware.BaseUrl',call,[<<"https://github.mycompany.com/api/v3">>]},{'Elixir.Tesla.Middleware.Headers',call,[[{<<"authorization">>,<<"Bearer [TOKEN HERE]">>},{<<"accept">>,<<"application/vnd.github.machine-man-preview+json">>},{<<"user-agent">>,<<"bors-ng https://bors.tech">>}]]},{'Elixir.Tesla.Middleware.Retry',call,[[{delay,100},{max_retries,5}]]}]},'module' => 'Elixir.Tesla','struct' => 'Elixir.Tesla.Env',body => nil,headers => ,method => get,opts => ,query => ,status => nil,url => <<"/app">>},
reason => econnrefused,stack => [{'Elixir.Tesla.Middleware.BaseUrl',call,[<<"https://github.mycompany.com/api/v3">>]},
{'Elixir.Tesla.Middleware.Headers',call,[[{<<"authorization">>,<<"Bearer [some long key here]">>},{<<"accept">>,<<"application/vnd.github.machine-man-preview+json">>},{<<"user-agent">>,<<"bors-ng https://bors.tech">>}]]},
{'Elixir.Tesla.Middleware.Retry',call,[[{delay,100},{max_retries,5}]]},{'Elixir.Tesla.Adapter.Httpc',call,[[{ssl,[{verify,verify_peer},{verify_fun,{fun ssl_verify_hostname:verify_fun/3,[{check_hostname,"github.mycompany.com"}]}},{cacertfile,"/app/bors/lib/certifi-2.4.2/priv/cacerts.pem"}]}]]}]},
[{'Elixir.Tesla','execute!',3,[{file,"lib/tesla.ex"},{line,300}]},{'Elixir.BorsNG.GitHub.Server',handle_call,3,[{file,"lib/github/github/server.ex"},{line,61}]},{gen_server,try_handle_call,4,[{file,"gen_server.erl"},{line,661}]},{gen_server,handle_msg,6,[{file,"gen_server.erl"},{line,690}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,249}]}]},
{'Elixir.GenServer',call,['Elixir.BorsNG.GitHub',get_app,20000]}}}}},{'Elixir.BorsNG.Application',start,[normal,]}}}"}
Kernel pid terminated (application_controller) ({application_start_failure,bors,{{shutdown,{failed_to_start_child,'Elixir.BorsNG.Attrs',{'EXIT',{{#{'exception' => true,'struct' => 'Elixir.Tesl

Crash dump is being written to: erl_crash.dump...done
Thanks

notriddle · April 7, 2020, 6:30am

I think you need to patch the container so that your GitHub Enterprise instance's Certificate Authority is placed at /app/bors/lib/certifi-2.4.2/priv/cacerts.pem. You could probably do that with a volume mount over the top of that file.