search

ocf / puppet

Puppet config for OCF servers and lab machines
https://www.ocf.berkeley.edu/
31 stars 71 forks source link

Add SSL configuration to windshear #1354

Closed Kalissaac closed 1 year ago

ocfjenkins[bot] commented 1 year ago

Errored hosts (1)

Changed hosts (1)

Unaffected hosts (72)

Errored hosts
error for segfault.ocf.berkeley.edu ```text W, [2023-02-23T09:15:07.606421 #19960] WARN -- : Puppet command failed: STDOUT: STDERR: Warning: The function 'hiera_include' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/7.21/deprecated_language.html (file & line not available) Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Try 'puppet help catalog compile' for usage W, [2023-02-23T09:15:07.606786 #19960] WARN -- : Failed build_catalog for origin/master validation: OctocatalogDiff::Errors::CatalogError Catalog failed: Warning: The function 'hiera_include' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/7.21/deprecated_language.html (file & line not available) Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Try 'puppet help catalog compile' for usage # terminated with exception (report_on_exception is true): /usr/lib/ruby/2.5.0/open3.rb:264:in `read': stream closed in another thread (IOError) from /usr/lib/ruby/2.5.0/open3.rb:264:in `block (2 levels) in capture3' # terminated with exception (report_on_exception is true): /usr/lib/ruby/2.5.0/open3.rb:265:in `read': stream closed in another thread (IOError) from /usr/lib/ruby/2.5.0/open3.rb:265:in `block (2 levels) in capture3' /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:259:in `catalog_validator': Catalog failed: Warning: The function 'hiera_include' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/7.21/deprecated_language.html (OctocatalogDiff::Errors::CatalogError) (file & line not available) Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230223-19890-6ekz28/ocd-builddir-20230223-19960-935ot6/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu Error: Try 'puppet help catalog compile' for usage from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:39:in `call' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:39:in `validate' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:202:in `execute_task' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:119:in `block (2 levels) in run_tasks_parallel' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `fork' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `block in run_tasks_parallel' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each_with_index' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `run_tasks_parallel' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:94:in `run_tasks' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:92:in `build_catalog_parallelizer' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:29:in `catalogs' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1/catalog-diff.rb:34:in `catalog_diff' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1.rb:19:in `catalog_diff' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:151:in `run_octocatalog_diff' from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:125:in `cli' from /usr/bin/octocatalog-diff:34:in `
' ```
Changed hosts
diff for windshear.ocf.berkeley.edu ```diff ******************************************* + Concat::Fragment[windshear.ocf.berkeley.edu-pem-bundle] => parameters => "order": "1", "source": "file:///var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu/ful... "target": "/etc/ssl/private/windshear.ocf.berkeley.edu.pem" ******************************************* + Concat::Fragment[windshear.ocf.berkeley.edu-pem-key] => parameters => "order": "0", "source": "file:///var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu/pri... "target": "/etc/ssl/private/windshear.ocf.berkeley.edu.pem" ******************************************* + Concat::Fragment[windshear.ocf.berkeley.edu] => parameters => "content": "windshear.ocf.berkeley.edu *.windshear.ocf.berkeley.edu windshea... "order": "10", "target": "/var/lib/lets-encrypt/domains.txt" ******************************************* + Concat[/etc/ssl/private/windshear.ocf.berkeley.edu.pem] => parameters => "backup": "puppet", "ensure": "present", "ensure_newline": true, "force": false, "format": "plain", "group": "ssl-cert", "mode": "0640", "order": "alpha", "owner": "root", "path": "/etc/ssl/private/windshear.ocf.berkeley.edu.pem", "replace": true, "show_diff": false, "warn": false ******************************************* + Concat[/var/lib/lets-encrypt/domains.txt] => parameters => "backup": "puppet", "ensure": "present", "ensure_newline": true, "force": false, "format": "plain", "group": "ssl-cert", "mode": "0644", "order": "alpha", "owner": "ocfletsencrypt", "path": "/var/lib/lets-encrypt/domains.txt", "replace": true, "show_diff": true, "warn": false ******************************************* + Concat_file[/etc/ssl/private/windshear.ocf.berkeley.edu.pem] => parameters => "backup": "puppet", "ensure_newline": true, "force": false, "format": "plain", "group": "ssl-cert", "mode": "0640", "order": "alpha", "owner": "root", "replace": true, "show_diff": false, "tag": "_etc_ssl_private_windshear.ocf.berkeley.edu.pem" ******************************************* + Concat_file[/var/lib/lets-encrypt/domains.txt] => parameters => "backup": "puppet", "ensure_newline": true, "force": false, "format": "plain", "group": "ssl-cert", "mode": "0644", "order": "alpha", "owner": "ocfletsencrypt", "replace": true, "show_diff": true, "tag": "_var_lib_lets-encrypt_domains.txt" ******************************************* + Concat_fragment[windshear.ocf.berkeley.edu-pem-bundle] => parameters => "order": "1", "source": "file:///var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu/ful... "tag": "_etc_ssl_private_windshear.ocf.berkeley.edu.pem", "target": "/etc/ssl/private/windshear.ocf.berkeley.edu.pem" ******************************************* + Concat_fragment[windshear.ocf.berkeley.edu-pem-key] => parameters => "order": "0", "source": "file:///var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu/pri... "tag": "_etc_ssl_private_windshear.ocf.berkeley.edu.pem", "target": "/etc/ssl/private/windshear.ocf.berkeley.edu.pem" ******************************************* + Concat_fragment[windshear.ocf.berkeley.edu] => parameters => "content": "windshear.ocf.berkeley.edu *.windshear.ocf.berkeley.edu windshea... "order": "10", "tag": "_var_lib_lets-encrypt_domains.txt", "target": "/var/lib/lets-encrypt/domains.txt" ******************************************* + Exec[obtain windshear.ocf.berkeley.edu cert] => parameters => "command": "/usr/bin/dehydrated --cron --privkey /etc/ssl/lets-encrypt/le-ac... "notify": [ "File[/var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu]" ], "path": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "refreshonly": false, "subscribe": [ "Concat[/var/lib/lets-encrypt/domains.txt]", "File[/etc/dehydrated/config]", "File[/etc/dehydrated/dehydrated-hook-ddns-tsig.conf]", "File[/etc/ssl/lets-encrypt/le-account.key]" ], "timeout": 900, "user": "ocfletsencrypt" ******************************************* + File[/etc/dehydrated/config] => parameters => "backup": "main", "content": "BASEDIR=\"/var/lib/lets-encrypt\"\n\nHOOK=\"/usr/share/dehydrate... "group": "root", "mode": "0644", "owner": "root" ******************************************* + File[/etc/dehydrated/dehydrated-hook-ddns-tsig.conf] => parameters => "backup": "main", "content": "[DEFAULT]\nname_server_ip = 169.229.226.22\nverbosity = 1\n# WAR... "group": "root", "mode": "0644", "owner": "root", "show_diff": false ******************************************* File[/etc/motd] => parameters => content => @@ -1,4 +1,4 @@ Hi, I am windshear, a virtual staffvm at 169.229.226.204. - - Puppet classes: ocf_staffvm + - Puppet classes: ocf::ssl::default  - Owner: kian  - DNS names: *.windshear ******************************************* + File[/etc/ssl/certs/lets-encrypt.crt] => parameters => "backup": "main", "ensure": "absent", "group": "root", "mode": "0644", "owner": "root" ******************************************* + File[/etc/ssl/dhparam.pem] => parameters => "backup": "main", "content": "-----BEGIN DH PARAMETERS-----\nMIIBCAKCAQEAk7Yy5sDQb5CjfwqGUQn3h... "group": "root", "mode": "0444", "owner": "root" ******************************************* + File[/etc/ssl/lets-encrypt/le-account.key] => parameters => "backup": false, "content": "dummy private file", "ensure": "file", "force": false, "group": "root", "mode": "0400", "owner": "ocfletsencrypt", "purge": false, "recurse": false, "show_diff": false ******************************************* + File[/etc/ssl/lets-encrypt] => parameters => "backup": "main", "ensure": "directory", "group": "root", "mode": "0644", "owner": "ocfletsencrypt" ******************************************* + File[/etc/ssl/private/windshear.ocf.berkeley.edu.bundle] => parameters => "backup": "main", "ensure": "symlink", "group": "ssl-cert", "links": "manage", "mode": "0644", "owner": "root", "show_diff": false, "target": "/var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu/fullchain.... ******************************************* + File[/etc/ssl/private/windshear.ocf.berkeley.edu.crt] => parameters => "backup": "main", "ensure": "symlink", "group": "ssl-cert", "links": "manage", "mode": "0644", "owner": "root", "show_diff": false, "target": "/var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu/cert.pem" ******************************************* + File[/etc/ssl/private/windshear.ocf.berkeley.edu.intermediate] => parameters => "backup": "main", "ensure": "symlink", "group": "ssl-cert", "links": "manage", "mode": "0644", "owner": "root", "show_diff": false, "target": "/var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu/chain.pem"... ******************************************* + File[/etc/ssl/private/windshear.ocf.berkeley.edu.key] => parameters => "backup": "main", "ensure": "symlink", "group": "ssl-cert", "links": "manage", "mode": "0640", "owner": "root", "show_diff": false, "target": "/var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu/privkey.pe... ******************************************* + File[/var/lib/lets-encrypt/certs/windshear.ocf.berkeley.edu] => parameters => "backup": "main", "ensure": "directory", "group": "ssl-cert", "mode": "0640", "owner": "ocfletsencrypt", "recurse": true ******************************************* + File[/var/lib/lets-encrypt/certs] => parameters => "backup": "main", "ensure": "directory", "group": "ssl-cert", "mode": "0644", "owner": "ocfletsencrypt" ******************************************* + File[/var/lib/lets-encrypt] => parameters => "backup": "main", "ensure": "directory", "group": "ssl-cert", "mode": "0644", "owner": "ocfletsencrypt" ******************************************* + Ocf::Privatefile[/etc/ssl/lets-encrypt/le-account.key] => parameters => "content_path": "/opt/puppet/shares/private/lets-encrypt-account.key", "ensure": "file", "force": false, "group": "root", "immutable": false, "mode": "0400", "owner": "ocfletsencrypt", "path": "/etc/ssl/lets-encrypt/le-account.key", "purge": false, "recurse": false ******************************************* + Ocf::Ssl::Bundle[windshear.ocf.berkeley.edu] => parameters => "domains": [ "windshear.ocf.berkeley.edu", "*.windshear.ocf.berkeley.edu", "windshear.ocf.io", "*.windshear.ocf.io" ], "group": "ssl-cert", "owner": "ocfletsencrypt" ******************************************* + Ocf::Ssl::Lets_encrypt::Dns[windshear.ocf.berkeley.edu] => parameters => "domains": [ "windshear.ocf.berkeley.edu", "*.windshear.ocf.berkeley.edu", "windshear.ocf.io", "*.windshear.ocf.io" ], "group": "ssl-cert", "owner": "ocfletsencrypt" ******************************************* + Package[dehydrated-hook-ddns-tsig] => parameters => "allow_virtual": false ******************************************* + Package[dehydrated] => parameters => "allow_virtual": false ******************************************* + Package[ssl-cert] => parameters => "allow_virtual": false ******************************************* + User[ocfletsencrypt] => parameters => "forcelocal": false, "groups": [ "ssl-cert", "sys" ], "system": true ******************************************* ```
Unaffected hosts ``` acid.ocf.berkeley.edu afterhours.ocf.berkeley.edu anthrax.ocf.berkeley.edu arsenic.ocf.berkeley.edu asteroid.ocf.berkeley.edu autocrat.ocf.berkeley.edu avalanche.ocf.berkeley.edu bedbugs.ocf.berkeley.edu bigbang.ocf.berkeley.edu biohazard.ocf.berkeley.edu blight.ocf.berkeley.edu blizzard.ocf.berkeley.edu chaos.ocf.berkeley.edu corruption.ocf.berkeley.edu coup.ocf.berkeley.edu cyanide.ocf.berkeley.edu cyclone.ocf.berkeley.edu dataloss.ocf.berkeley.edu deadlock.ocf.berkeley.edu death.ocf.berkeley.edu dementors.ocf.berkeley.edu democracy.ocf.berkeley.edu destruction.ocf.berkeley.edu drought.ocf.berkeley.edu fallingrocks.ocf.berkeley.edu falsevacuum.ocf.berkeley.edu famine.ocf.berkeley.edu fire.ocf.berkeley.edu firestorm.ocf.berkeley.edu firewhirl.ocf.berkeley.edu flood.ocf.berkeley.edu fraud.ocf.berkeley.edu gridlock.ocf.berkeley.edu hailstorm.ocf.berkeley.edu hal.ocf.berkeley.edu headcrash.ocf.berkeley.edu heatwave.ocf.berkeley.edu hellfire.ocf.berkeley.edu hurricane.ocf.berkeley.edu invasion.ocf.berkeley.edu lethe.ocf.berkeley.edu lightning.ocf.berkeley.edu madcow.ocf.berkeley.edu maelstrom.ocf.berkeley.edu meteorstorm.ocf.berkeley.edu nuke.ocf.berkeley.edu outbreak.ocf.berkeley.edu pestilence.ocf.berkeley.edu plague.ocf.berkeley.edu pox.ocf.berkeley.edu quarantine.ocf.berkeley.edu radiation-mgmt.ocf.berkeley.edu reaper.ocf.berkeley.edu riptide.ocf.berkeley.edu scurvy.ocf.berkeley.edu shipwreck.ocf.berkeley.edu singularity.ocf.berkeley.edu sinkhole.ocf.berkeley.edu solarflare.ocf.berkeley.edu supernova.ocf.berkeley.edu surge.ocf.berkeley.edu thunder.ocf.berkeley.edu tornado.ocf.berkeley.edu tsunami.ocf.berkeley.edu typhoon.ocf.berkeley.edu vampires.ocf.berkeley.edu venom.ocf.berkeley.edu volcano.ocf.berkeley.edu war.ocf.berkeley.edu whiteout.ocf.berkeley.edu wildfire.ocf.berkeley.edu worm.ocf.berkeley.edu ```

Jenkins