--Task-- name: Configure_ds-cts enabled: True class_name: DsConfigTask source_name: ds-cts source_namespace: >default< target_name: ds-cts target_namespace: >default< start: 0.0 stop: None timeout: no timeout loop: False interval: None dependencies: [] wait_for: [] preceding_task: None options: {} group_name: None Current dir: /mnt/disks/data/xslou/lodestar-fork/pyrock ________________________________________________________________________________ [2024-04-09 22:06:57] Configure_ds-cts pre : Checking task config ________________________________________________________________________________ ________________________________________________________________________________ [2024-04-09 22:06:57] Configure_ds-cts step1 : Enable trust transaction-id ________________________________________________________________________________ 2024-04-09 22:06:57,422 INFO 2024-04-09 22:06:57,422 INFO [loop_until]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-0 --container ds -- dsconfig set-global-configuration-prop --set trust-transaction-ids:true --hostname ds-cts-0 --port 4444 --bindDN uid=admin --bindPassword **** --no-prompt 2024-04-09 22:06:57,422 INFO [loop_until]: (max_time=180, interval=5, expected_rc=[0] 2024-04-09 22:06:59,768 INFO [loop_until]: OK (rc = 0) 2024-04-09 22:06:59,769 DEBUG --- stdout --- 2024-04-09 22:06:59,769 DEBUG 2024-04-09 22:06:59,769 DEBUG --- stderr --- 2024-04-09 22:06:59,769 DEBUG 2024-04-09 22:06:59,770 INFO 2024-04-09 22:06:59,771 INFO [loop_until]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-1 --container ds -- dsconfig set-global-configuration-prop --set trust-transaction-ids:true --hostname ds-cts-1 --port 4444 --bindDN uid=admin --bindPassword **** --no-prompt 2024-04-09 22:06:59,771 INFO [loop_until]: (max_time=180, interval=5, expected_rc=[0] 2024-04-09 22:07:02,068 INFO [loop_until]: OK (rc = 0) 2024-04-09 22:07:02,068 DEBUG --- stdout --- 2024-04-09 22:07:02,069 DEBUG 2024-04-09 22:07:02,069 DEBUG --- stderr --- 2024-04-09 22:07:02,069 DEBUG 2024-04-09 22:07:02,069 INFO 2024-04-09 22:07:02,069 INFO [loop_until]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-2 --container ds -- dsconfig set-global-configuration-prop --set trust-transaction-ids:true --hostname ds-cts-2 --port 4444 --bindDN uid=admin --bindPassword **** --no-prompt 2024-04-09 22:07:02,070 INFO [loop_until]: (max_time=180, interval=5, expected_rc=[0] 2024-04-09 22:07:04,287 INFO [loop_until]: OK (rc = 0) 2024-04-09 22:07:04,288 DEBUG --- stdout --- 2024-04-09 22:07:04,288 DEBUG 2024-04-09 22:07:04,288 DEBUG --- stderr --- 2024-04-09 22:07:04,288 DEBUG ________________________________________________________________________________ [2024-04-09 22:07:04] Configure_ds-cts step2 : List log filtering policies ________________________________________________________________________________ 2024-04-09 22:07:04,289 INFO 2024-04-09 22:07:04,289 INFO [run_command]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-0 --container ds -- ldapsearch --noPropertiesFile --port 1389 --useStartTls --trustAll --bindDn "uid=admin" --bindPassword **** --baseDn "cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config" "objectclass=*" 2024-04-09 22:07:06,211 INFO [run_command]: OK (rc = 0 - expected to be in [0]) 2024-04-09 22:07:06,212 DEBUG --- stdout --- 2024-04-09 22:07:06,213 DEBUG dn: cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-branch cn: Filtering Criteria dn: cn=Administrative Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Administrative Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-request-target-dn-equal-to: cn=config ds-cfg-request-target-dn-equal-to: **,cn=config ds-cfg-request-target-dn-equal-to: cn=tasks ds-cfg-request-target-dn-equal-to: **,cn=tasks dn: cn=Auth Failures,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Auth Failures ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 7 ds-cfg-response-result-code-equal-to: 8 ds-cfg-response-result-code-equal-to: 13 ds-cfg-response-result-code-equal-to: 48 ds-cfg-response-result-code-equal-to: 49 ds-cfg-response-result-code-equal-to: 50 ds-cfg-response-result-code-equal-to: 123 dn: cn=Long Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Long Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-etime-greater-than: 1000 dn: cn=Misbehaving Clients,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Misbehaving Clients ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 1 ds-cfg-response-result-code-equal-to: 2 ds-cfg-response-result-code-equal-to: 17 ds-cfg-response-result-code-equal-to: 18 ds-cfg-response-result-code-equal-to: 19 ds-cfg-response-result-code-equal-to: 21 ds-cfg-response-result-code-equal-to: 34 ds-cfg-response-result-code-equal-to: 60 ds-cfg-response-result-code-equal-to: 61 ds-cfg-response-result-code-equal-to: 64 ds-cfg-response-result-code-equal-to: 65 ds-cfg-response-result-code-equal-to: 66 ds-cfg-response-result-code-equal-to: 67 ds-cfg-response-result-code-equal-to: 69 dn: cn=Searches Returning 1000\+ Entries,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Searches Returning 1000+ Entries ds-cfg-log-record-type: search ds-cfg-search-response-nentries-greater-than: 1000 dn: cn=Unindexed Searches,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Unindexed Searches ds-cfg-log-record-type: search ds-cfg-search-response-is-indexed: false 2024-04-09 22:07:06,213 DEBUG --- stderr --- 2024-04-09 22:07:06,213 DEBUG 2024-04-09 22:07:06,213 INFO 2024-04-09 22:07:06,213 INFO 2024-04-09 22:07:06,214 INFO [run_command]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-1 --container ds -- ldapsearch --noPropertiesFile --port 1389 --useStartTls --trustAll --bindDn "uid=admin" --bindPassword **** --baseDn "cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config" "objectclass=*" 2024-04-09 22:07:08,154 INFO [run_command]: OK (rc = 0 - expected to be in [0]) 2024-04-09 22:07:08,154 DEBUG --- stdout --- 2024-04-09 22:07:08,155 DEBUG dn: cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-branch cn: Filtering Criteria dn: cn=Administrative Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Administrative Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-request-target-dn-equal-to: cn=config ds-cfg-request-target-dn-equal-to: **,cn=config ds-cfg-request-target-dn-equal-to: cn=tasks ds-cfg-request-target-dn-equal-to: **,cn=tasks dn: cn=Auth Failures,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Auth Failures ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 7 ds-cfg-response-result-code-equal-to: 8 ds-cfg-response-result-code-equal-to: 13 ds-cfg-response-result-code-equal-to: 48 ds-cfg-response-result-code-equal-to: 49 ds-cfg-response-result-code-equal-to: 50 ds-cfg-response-result-code-equal-to: 123 dn: cn=Long Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Long Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-etime-greater-than: 1000 dn: cn=Misbehaving Clients,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Misbehaving Clients ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 1 ds-cfg-response-result-code-equal-to: 2 ds-cfg-response-result-code-equal-to: 17 ds-cfg-response-result-code-equal-to: 18 ds-cfg-response-result-code-equal-to: 19 ds-cfg-response-result-code-equal-to: 21 ds-cfg-response-result-code-equal-to: 34 ds-cfg-response-result-code-equal-to: 60 ds-cfg-response-result-code-equal-to: 61 ds-cfg-response-result-code-equal-to: 64 ds-cfg-response-result-code-equal-to: 65 ds-cfg-response-result-code-equal-to: 66 ds-cfg-response-result-code-equal-to: 67 ds-cfg-response-result-code-equal-to: 69 dn: cn=Searches Returning 1000\+ Entries,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Searches Returning 1000+ Entries ds-cfg-log-record-type: search ds-cfg-search-response-nentries-greater-than: 1000 dn: cn=Unindexed Searches,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Unindexed Searches ds-cfg-log-record-type: search ds-cfg-search-response-is-indexed: false 2024-04-09 22:07:08,155 DEBUG --- stderr --- 2024-04-09 22:07:08,155 DEBUG 2024-04-09 22:07:08,155 INFO 2024-04-09 22:07:08,155 INFO 2024-04-09 22:07:08,156 INFO [run_command]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-2 --container ds -- ldapsearch --noPropertiesFile --port 1389 --useStartTls --trustAll --bindDn "uid=admin" --bindPassword **** --baseDn "cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config" "objectclass=*" 2024-04-09 22:07:09,993 INFO [run_command]: OK (rc = 0 - expected to be in [0]) 2024-04-09 22:07:09,993 DEBUG --- stdout --- 2024-04-09 22:07:09,993 DEBUG dn: cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-branch cn: Filtering Criteria dn: cn=Administrative Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Administrative Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-request-target-dn-equal-to: cn=config ds-cfg-request-target-dn-equal-to: **,cn=config ds-cfg-request-target-dn-equal-to: cn=tasks ds-cfg-request-target-dn-equal-to: **,cn=tasks dn: cn=Auth Failures,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Auth Failures ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 7 ds-cfg-response-result-code-equal-to: 8 ds-cfg-response-result-code-equal-to: 13 ds-cfg-response-result-code-equal-to: 48 ds-cfg-response-result-code-equal-to: 49 ds-cfg-response-result-code-equal-to: 50 ds-cfg-response-result-code-equal-to: 123 dn: cn=Long Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Long Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-etime-greater-than: 1000 dn: cn=Misbehaving Clients,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Misbehaving Clients ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 1 ds-cfg-response-result-code-equal-to: 2 ds-cfg-response-result-code-equal-to: 17 ds-cfg-response-result-code-equal-to: 18 ds-cfg-response-result-code-equal-to: 19 ds-cfg-response-result-code-equal-to: 21 ds-cfg-response-result-code-equal-to: 34 ds-cfg-response-result-code-equal-to: 60 ds-cfg-response-result-code-equal-to: 61 ds-cfg-response-result-code-equal-to: 64 ds-cfg-response-result-code-equal-to: 65 ds-cfg-response-result-code-equal-to: 66 ds-cfg-response-result-code-equal-to: 67 ds-cfg-response-result-code-equal-to: 69 dn: cn=Searches Returning 1000\+ Entries,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Searches Returning 1000+ Entries ds-cfg-log-record-type: search ds-cfg-search-response-nentries-greater-than: 1000 dn: cn=Unindexed Searches,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Unindexed Searches ds-cfg-log-record-type: search ds-cfg-search-response-is-indexed: false 2024-04-09 22:07:09,993 DEBUG --- stderr --- 2024-04-09 22:07:09,993 DEBUG 2024-04-09 22:07:09,993 INFO ________________________________________________________________________________ [2024-04-09 22:07:09] Configure_ds-cts post : Post method ________________________________________________________________________________ Setting result to PASS Task has been successfully stopped