elukey commented on pull request #838: URL: https://github.com/apache/bigtop/pull/838#issuecomment-986504343
@iwasakims thanks for the review! What I tried before this solution was: - Add `require bigtop_toolchain::packages` in the maven/ant classes, with the aim to install ca-certificates (via dependency) before the Execs run, but it didn't work. The install packages step started before ant/maven but the Execs ran while it was still in progress, ending up in TLS validation failures. - Add `ca-certificates` to the `bigtop_toolchain::packages` class, and add a `require => Package["ca-certificates"]` to the Execs in the ant/maven classes. This seems to work, but it affects all slave image builds. It seems correct in my opinion to have a require for wget and ca-certificates in those classes, since the Execs implicitly rely on those, but then I preferred to limit the scope to centos-7 and use puppetize.sh (that runs before puppet manifests are applied for sure, and also that installs wget and other utils as well). Whatever we choose should guarantee, in my opinion, that the puppet Execs in the maven/ant/etc.. classes run when the ca-certificates packages is installed, otherwise dowloading maven/ant fails (and sometimes the image build proceeds anyway ending up in package build failures later on). Let me know! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
