--Task-- name: Configure_ds-cts enabled: True class_name: DsConfigTask source_name: ds-cts source_namespace: >default< target_name: ds-cts target_namespace: >default< start: 0.0 stop: None timeout: no timeout loop: False interval: None dependencies: [] wait_for: [] preceding_task: None options: {} group_name: None Current dir: /mnt/disks/data/xslou/lodestar-fork/pyrock ________________________________________________________________________________ [2024-04-26 00:27:33] Configure_ds-cts pre : Checking task config ________________________________________________________________________________ ________________________________________________________________________________ [2024-04-26 00:27:33] Configure_ds-cts step1 : Enable trust transaction-id ________________________________________________________________________________ 2024-04-26 00:27:33,676 INFO 2024-04-26 00:27:33,676 INFO [loop_until]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-0 --container ds -- dsconfig set-global-configuration-prop --set trust-transaction-ids:true --hostname ds-cts-0 --port 4444 --bindDN uid=admin --bindPassword **** --no-prompt 2024-04-26 00:27:33,676 INFO [loop_until]: (max_time=180, interval=5, expected_rc=[0] 2024-04-26 00:27:35,978 INFO [loop_until]: OK (rc = 0) 2024-04-26 00:27:35,978 DEBUG --- stdout --- 2024-04-26 00:27:35,978 DEBUG 2024-04-26 00:27:35,978 DEBUG --- stderr --- 2024-04-26 00:27:35,978 DEBUG 2024-04-26 00:27:35,979 INFO 2024-04-26 00:27:35,979 INFO [loop_until]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-1 --container ds -- dsconfig set-global-configuration-prop --set trust-transaction-ids:true --hostname ds-cts-1 --port 4444 --bindDN uid=admin --bindPassword **** --no-prompt 2024-04-26 00:27:35,979 INFO [loop_until]: (max_time=180, interval=5, expected_rc=[0] 2024-04-26 00:27:38,223 INFO [loop_until]: OK (rc = 0) 2024-04-26 00:27:38,223 DEBUG --- stdout --- 2024-04-26 00:27:38,223 DEBUG 2024-04-26 00:27:38,224 DEBUG --- stderr --- 2024-04-26 00:27:38,224 DEBUG 2024-04-26 00:27:38,224 INFO 2024-04-26 00:27:38,224 INFO [loop_until]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-2 --container ds -- dsconfig set-global-configuration-prop --set trust-transaction-ids:true --hostname ds-cts-2 --port 4444 --bindDN uid=admin --bindPassword **** --no-prompt 2024-04-26 00:27:38,224 INFO [loop_until]: (max_time=180, interval=5, expected_rc=[0] 2024-04-26 00:27:40,418 INFO [loop_until]: OK (rc = 0) 2024-04-26 00:27:40,418 DEBUG --- stdout --- 2024-04-26 00:27:40,418 DEBUG 2024-04-26 00:27:40,418 DEBUG --- stderr --- 2024-04-26 00:27:40,418 DEBUG ________________________________________________________________________________ [2024-04-26 00:27:40] Configure_ds-cts step2 : List log filtering policies ________________________________________________________________________________ 2024-04-26 00:27:40,419 INFO 2024-04-26 00:27:40,419 INFO [run_command]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-0 --container ds -- ldapsearch --noPropertiesFile --port 1389 --useStartTls --trustAll --bindDn "uid=admin" --bindPassword **** --baseDn "cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config" "objectclass=*" 2024-04-26 00:27:42,249 INFO [run_command]: OK (rc = 0 - expected to be in [0]) 2024-04-26 00:27:42,249 DEBUG --- stdout --- 2024-04-26 00:27:42,249 DEBUG dn: cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-branch cn: Filtering Criteria dn: cn=Administrative Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Administrative Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-request-target-dn-equal-to: cn=config ds-cfg-request-target-dn-equal-to: **,cn=config ds-cfg-request-target-dn-equal-to: cn=tasks ds-cfg-request-target-dn-equal-to: **,cn=tasks dn: cn=Auth Failures,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Auth Failures ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 7 ds-cfg-response-result-code-equal-to: 8 ds-cfg-response-result-code-equal-to: 13 ds-cfg-response-result-code-equal-to: 48 ds-cfg-response-result-code-equal-to: 49 ds-cfg-response-result-code-equal-to: 50 ds-cfg-response-result-code-equal-to: 123 dn: cn=Long Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Long Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-etime-greater-than: 1000 dn: cn=Misbehaving Clients,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Misbehaving Clients ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 1 ds-cfg-response-result-code-equal-to: 2 ds-cfg-response-result-code-equal-to: 17 ds-cfg-response-result-code-equal-to: 18 ds-cfg-response-result-code-equal-to: 19 ds-cfg-response-result-code-equal-to: 21 ds-cfg-response-result-code-equal-to: 34 ds-cfg-response-result-code-equal-to: 60 ds-cfg-response-result-code-equal-to: 61 ds-cfg-response-result-code-equal-to: 64 ds-cfg-response-result-code-equal-to: 65 ds-cfg-response-result-code-equal-to: 66 ds-cfg-response-result-code-equal-to: 67 ds-cfg-response-result-code-equal-to: 69 dn: cn=Searches Returning 1000\+ Entries,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Searches Returning 1000+ Entries ds-cfg-log-record-type: search ds-cfg-search-response-nentries-greater-than: 1000 dn: cn=Unindexed Searches,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Unindexed Searches ds-cfg-log-record-type: search ds-cfg-search-response-is-indexed: false 2024-04-26 00:27:42,249 DEBUG --- stderr --- 2024-04-26 00:27:42,249 DEBUG 2024-04-26 00:27:42,249 INFO 2024-04-26 00:27:42,250 INFO 2024-04-26 00:27:42,250 INFO [run_command]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-1 --container ds -- ldapsearch --noPropertiesFile --port 1389 --useStartTls --trustAll --bindDn "uid=admin" --bindPassword **** --baseDn "cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config" "objectclass=*" 2024-04-26 00:27:44,009 INFO [run_command]: OK (rc = 0 - expected to be in [0]) 2024-04-26 00:27:44,010 DEBUG --- stdout --- 2024-04-26 00:27:44,010 DEBUG dn: cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-branch cn: Filtering Criteria dn: cn=Administrative Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Administrative Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-request-target-dn-equal-to: cn=config ds-cfg-request-target-dn-equal-to: **,cn=config ds-cfg-request-target-dn-equal-to: cn=tasks ds-cfg-request-target-dn-equal-to: **,cn=tasks dn: cn=Auth Failures,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Auth Failures ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 7 ds-cfg-response-result-code-equal-to: 8 ds-cfg-response-result-code-equal-to: 13 ds-cfg-response-result-code-equal-to: 48 ds-cfg-response-result-code-equal-to: 49 ds-cfg-response-result-code-equal-to: 50 ds-cfg-response-result-code-equal-to: 123 dn: cn=Long Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Long Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-etime-greater-than: 1000 dn: cn=Misbehaving Clients,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Misbehaving Clients ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 1 ds-cfg-response-result-code-equal-to: 2 ds-cfg-response-result-code-equal-to: 17 ds-cfg-response-result-code-equal-to: 18 ds-cfg-response-result-code-equal-to: 19 ds-cfg-response-result-code-equal-to: 21 ds-cfg-response-result-code-equal-to: 34 ds-cfg-response-result-code-equal-to: 60 ds-cfg-response-result-code-equal-to: 61 ds-cfg-response-result-code-equal-to: 64 ds-cfg-response-result-code-equal-to: 65 ds-cfg-response-result-code-equal-to: 66 ds-cfg-response-result-code-equal-to: 67 ds-cfg-response-result-code-equal-to: 69 dn: cn=Searches Returning 1000\+ Entries,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Searches Returning 1000+ Entries ds-cfg-log-record-type: search ds-cfg-search-response-nentries-greater-than: 1000 dn: cn=Unindexed Searches,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Unindexed Searches ds-cfg-log-record-type: search ds-cfg-search-response-is-indexed: false 2024-04-26 00:27:44,010 DEBUG --- stderr --- 2024-04-26 00:27:44,010 DEBUG 2024-04-26 00:27:44,010 INFO 2024-04-26 00:27:44,010 INFO 2024-04-26 00:27:44,010 INFO [run_command]: kubectl --namespace=xlou --context=gke_engineeringpit_us-east1-d_xlou-cdm exec ds-cts-2 --container ds -- ldapsearch --noPropertiesFile --port 1389 --useStartTls --trustAll --bindDn "uid=admin" --bindPassword **** --baseDn "cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config" "objectclass=*" 2024-04-26 00:27:45,780 INFO [run_command]: OK (rc = 0 - expected to be in [0]) 2024-04-26 00:27:45,781 DEBUG --- stdout --- 2024-04-26 00:27:45,781 DEBUG dn: cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-branch cn: Filtering Criteria dn: cn=Administrative Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Administrative Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-request-target-dn-equal-to: cn=config ds-cfg-request-target-dn-equal-to: **,cn=config ds-cfg-request-target-dn-equal-to: cn=tasks ds-cfg-request-target-dn-equal-to: **,cn=tasks dn: cn=Auth Failures,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Auth Failures ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 7 ds-cfg-response-result-code-equal-to: 8 ds-cfg-response-result-code-equal-to: 13 ds-cfg-response-result-code-equal-to: 48 ds-cfg-response-result-code-equal-to: 49 ds-cfg-response-result-code-equal-to: 50 ds-cfg-response-result-code-equal-to: 123 dn: cn=Long Requests,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Long Requests ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-etime-greater-than: 1000 dn: cn=Misbehaving Clients,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Misbehaving Clients ds-cfg-log-record-type: add ds-cfg-log-record-type: bind ds-cfg-log-record-type: compare ds-cfg-log-record-type: delete ds-cfg-log-record-type: extended ds-cfg-log-record-type: modify ds-cfg-log-record-type: rename ds-cfg-log-record-type: search ds-cfg-response-result-code-equal-to: 1 ds-cfg-response-result-code-equal-to: 2 ds-cfg-response-result-code-equal-to: 17 ds-cfg-response-result-code-equal-to: 18 ds-cfg-response-result-code-equal-to: 19 ds-cfg-response-result-code-equal-to: 21 ds-cfg-response-result-code-equal-to: 34 ds-cfg-response-result-code-equal-to: 60 ds-cfg-response-result-code-equal-to: 61 ds-cfg-response-result-code-equal-to: 64 ds-cfg-response-result-code-equal-to: 65 ds-cfg-response-result-code-equal-to: 66 ds-cfg-response-result-code-equal-to: 67 ds-cfg-response-result-code-equal-to: 69 dn: cn=Searches Returning 1000\+ Entries,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Searches Returning 1000+ Entries ds-cfg-log-record-type: search ds-cfg-search-response-nentries-greater-than: 1000 dn: cn=Unindexed Searches,cn=Filtering Criteria,cn=Console LDAP Access Logger,cn=Loggers,cn=config objectClass: top objectClass: ds-cfg-access-log-filtering-criteria cn: Unindexed Searches ds-cfg-log-record-type: search ds-cfg-search-response-is-indexed: false 2024-04-26 00:27:45,781 DEBUG --- stderr --- 2024-04-26 00:27:45,781 DEBUG 2024-04-26 00:27:45,781 INFO ________________________________________________________________________________ [2024-04-26 00:27:45] Configure_ds-cts post : Post method ________________________________________________________________________________ Setting result to PASS Task has been successfully stopped