How to check/fix robosignatory
|
sysadmin-main can access robosignatory in staging, but production is only accessible to a very limited set of people. |
-
Check the status of robosignatory:
-
Log into
autosign01{.stg}.rdu3.fedoraproject.org -
Check the logs:
journalctl -f -l -u robosignatory
-
If the service is not running properly, restart it:
systemctl restart robosignatory
-
You will need to know the autosigning passphrase and enter it with:
systemd-tty-ask-password-agent
-
-
Check the status of the signing-vault
-
Log into
sign-vault01.{stg}.rdu3.fedoraproject.org -
Check the status of sigul server:
tail -f /var/log/sigul_server.log
-
If needed, restart the sigul server:
sigul_server -dvv
-
-
Check the status of the signing-bridge
-
Log into
sign-bridge01{.stg}.rdu3.fedoraproject.org -
Check the status of the sigul bridge:
tail -f /var/log/sigul_bridge.log
-
If needed, restart the sigul bridge:
sigul_bridge -dvv
-
If the service is running, but appears to be reprocessing the same message over and over again, you may need to drop that message in order to restore processing.
-
Cases where you may need to do this:
-
some rpm is corrupt (you can see if this is the case in the vault logs)
-
some rpm is larger than sigul can process (you can see this in vault logs)
-
First, stop robosignatory.service on autosign01. It’s important that nothing is processing the messages when you attempt to drop one.
-
Setup a ssh tunnel to the rabbitmq web interface:
ssh rabbitmq01.rdu3.fedoraproject.org -L 15672:localhost:15672
-
Next go to localhost:15672 in your browser, there should be a rabbitmq login page there.
-
Login as admin. Password is in ansible-private vars
-
go to 'queues'
-
search for 'robosignatory'
-
First get the top message on the queue and see if it’s the one you want to drop.
-
Then, select reject message and NAK (drop from queue)
-
Select (and requeue) the next message to confirm that the one you nacked is gone.
-
Restart robosignatory
-
Want to help? Learn how to contribute to Fedora Docs ›