Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lock down kernel on buster #986

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Lock down kernel on buster #986

wants to merge 3 commits into from

Conversation

daradib
Copy link
Member

@daradib daradib commented Jul 24, 2020
edited
Loading

Harden kernel using kernel command line options and sysctl settings
recommended by the Kernel Self Protection Project.

Also install cloud kernel image on VMs which removes some hardware
support. Benefits: slightly faster boot and reduced attack surface.

@ocfbot
Copy link
Contributor

ocfbot commented Jul 24, 2020

Errored hosts (0)

Changed hosts (8)

Unaffected hosts (89)

Changed hosts
diff for bedbugs.ocf.berkeley.edu, jaws.ocf.berkeley.edu, pandemic.ocf.berkeley.edu, tornado.ocf.berkeley.edu 
*******************************************
+ Package[lockdown] =>
   parameters =>
     "allow_virtual": false
*******************************************
diff for flood.ocf.berkeley.edu, quarantine.ocf.berkeley.edu, spectre.ocf.berkeley.edu, trojan.ocf.berkeley.edu 
*******************************************
+ Package[linux-image-amd64] =>
   parameters =>
     "allow_virtual": false,
     "ensure": "purged"
*******************************************
+ Package[linux-image-cloud-amd64] =>
   parameters =>
     "allow_virtual": false
*******************************************
+ Package[lockdown] =>
   parameters =>
     "allow_virtual": false
*******************************************
Unaffected hosts 
acid.ocf.berkeley.edu
anthrax.ocf.berkeley.edu
arsenic.ocf.berkeley.edu
asteroid.ocf.berkeley.edu
autocrat.ocf.berkeley.edu
avalanche.ocf.berkeley.edu
bigbang.ocf.berkeley.edu
bigrip.ocf.berkeley.edu
biohazard.ocf.berkeley.edu
blackout.ocf.berkeley.edu
blight.ocf.berkeley.edu
blizzard.ocf.berkeley.edu
bolide.ocf.berkeley.edu
calamity.ocf.berkeley.edu
corruption.ocf.berkeley.edu
coup.ocf.berkeley.edu
cyanide.ocf.berkeley.edu
dataloss.ocf.berkeley.edu
deadlock.ocf.berkeley.edu
death.ocf.berkeley.edu
dementors.ocf.berkeley.edu
democracy.ocf.berkeley.edu
destruction.ocf.berkeley.edu
drought.ocf.berkeley.edu
eruption.ocf.berkeley.edu
failure.ocf.berkeley.edu
fallingrocks.ocf.berkeley.edu
falsevacuum.ocf.berkeley.edu
famine.ocf.berkeley.edu
fire.ocf.berkeley.edu
firestorm.ocf.berkeley.edu
firewhirl.ocf.berkeley.edu
fraud.ocf.berkeley.edu
fukushima.ocf.berkeley.edu
gridlock.ocf.berkeley.edu
hailstorm.ocf.berkeley.edu
hal.ocf.berkeley.edu
headcrash.ocf.berkeley.edu
heatwave.ocf.berkeley.edu
hellfire.ocf.berkeley.edu
invasion.ocf.berkeley.edu
leprosy.ocf.berkeley.edu
lethe.ocf.berkeley.edu
lightning.ocf.berkeley.edu
madcow.ocf.berkeley.edu
maelstrom.ocf.berkeley.edu
meteorstorm.ocf.berkeley.edu
monsoon.ocf.berkeley.edu
nuke.ocf.berkeley.edu
oilspill.ocf.berkeley.edu
panic.ocf.berkeley.edu
pestilence.ocf.berkeley.edu
pgp.ocf.berkeley.edu
pileup.ocf.berkeley.edu
plague.ocf.berkeley.edu
pox.ocf.berkeley.edu
quicksand.ocf.berkeley.edu
ragnarok.ocf.berkeley.edu
rapture.ocf.berkeley.edu
reaper.ocf.berkeley.edu
rejection.ocf.berkeley.edu
riot.ocf.berkeley.edu
riptide.ocf.berkeley.edu
sarin.ocf.berkeley.edu
scurvy.ocf.berkeley.edu
segfault.ocf.berkeley.edu
shipwreck.ocf.berkeley.edu
singularity.ocf.berkeley.edu
sinkhole.ocf.berkeley.edu
solarflare.ocf.berkeley.edu
stackclash.ocf.berkeley.edu
supernova.ocf.berkeley.edu
surge.ocf.berkeley.edu
tempest.ocf.berkeley.edu
thunder.ocf.berkeley.edu
tsunami.ocf.berkeley.edu
typhoon.ocf.berkeley.edu
vampires.ocf.berkeley.edu
venom.ocf.berkeley.edu
virus.ocf.berkeley.edu
volcano.ocf.berkeley.edu
vortex.ocf.berkeley.edu
walpurgisnacht.ocf.berkeley.edu
war.ocf.berkeley.edu
whirlwind.ocf.berkeley.edu
whiteout.ocf.berkeley.edu
wildfire.ocf.berkeley.edu
worm.ocf.berkeley.edu
zombies.ocf.berkeley.edu

Jenkins

@ja5087
Copy link
Member

ja5087 commented Jul 28, 2020

The changes look good to me but I would like to canary this on a VM and physical host first before merging to avoid potential issues. Thanks!

@nattofriends
Copy link
Member

Why would we want to disable BPF?

daradib added 2 commits July 28, 2020 15:55
@daradib
Lock down kernel on buster
56d280d 
Disable some kernel features: module loading after boot, kexec,
Berkeley Packet Filter (BPF).

Also install cloud kernel image on VMs which removes some hardware
support. Benefits: slightly faster boot and reduced attack surface.
@daradib
Replace lockdown with hardening-runtime
83c9ee0
@ocfjenkins
Copy link

ocfjenkins bot commented Jul 28, 2020

Errored hosts (0)

Changed hosts (36)

Unaffected hosts (62)

Changed hosts
diff for acid.ocf.berkeley.edu, arsenic.ocf.berkeley.edu, asteroid.ocf.berkeley.edu, avalanche.ocf.berkeley.edu, bigbang.ocf.berkeley.edu, blackout.ocf.berkeley.edu, blight.ocf.berkeley.edu, blizzard.ocf.berkeley.edu, cyanide.ocf.berkeley.edu, destruction.ocf.berkeley.edu, drought.ocf.berkeley.edu, eruption.ocf.berkeley.edu, famine.ocf.berkeley.edu, firewhirl.ocf.berkeley.edu, hailstorm.ocf.berkeley.edu, headcrash.ocf.berkeley.edu, heatwave.ocf.berkeley.edu, invasion.ocf.berkeley.edu, madcow.ocf.berkeley.edu, meteorstorm.ocf.berkeley.edu, plague.ocf.berkeley.edu, sinkhole.ocf.berkeley.edu, surge.ocf.berkeley.edu, typhoon.ocf.berkeley.edu, venom.ocf.berkeley.edu, volcano.ocf.berkeley.edu, wildfire.ocf.berkeley.edu 
*******************************************
  Sysctl[kernel.unprivileged_userns_clone] =>
   parameters =>
     ensure =>
      + absent
     value =>
      - 1
*******************************************
diff for flood.ocf.berkeley.edu, maelstrom.ocf.berkeley.edu, quarantine.ocf.berkeley.edu, spectre.ocf.berkeley.edu, trojan.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
+ Package[linux-image-amd64] =>
   parameters =>
     "allow_virtual": false,
     "ensure": "purged"
*******************************************
+ Package[linux-image-cloud-amd64] =>
   parameters =>
     "allow_virtual": false
*******************************************
diff for tornado.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
  Sysctl[kernel.unprivileged_userns_clone] =>
   parameters =>
     ensure =>
      + absent
     value =>
      - 1
*******************************************
diff for bedbugs.ocf.berkeley.edu, jaws.ocf.berkeley.edu, pandemic.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
Unaffected hosts 
anthrax.ocf.berkeley.edu
autocrat.ocf.berkeley.edu
bigrip.ocf.berkeley.edu
biohazard.ocf.berkeley.edu
bolide.ocf.berkeley.edu
calamity.ocf.berkeley.edu
corruption.ocf.berkeley.edu
coup.ocf.berkeley.edu
dataloss.ocf.berkeley.edu
deadlock.ocf.berkeley.edu
death.ocf.berkeley.edu
dementors.ocf.berkeley.edu
democracy.ocf.berkeley.edu
dev-maelstrom.ocf.berkeley.edu
failure.ocf.berkeley.edu
fallingrocks.ocf.berkeley.edu
falsevacuum.ocf.berkeley.edu
fire.ocf.berkeley.edu
firestorm.ocf.berkeley.edu
fraud.ocf.berkeley.edu
fukushima.ocf.berkeley.edu
gridlock.ocf.berkeley.edu
hal.ocf.berkeley.edu
hellfire.ocf.berkeley.edu
leprosy.ocf.berkeley.edu
lethe.ocf.berkeley.edu
lightning.ocf.berkeley.edu
monsoon.ocf.berkeley.edu
nuke.ocf.berkeley.edu
oilspill.ocf.berkeley.edu
panic.ocf.berkeley.edu
pestilence.ocf.berkeley.edu
pgp.ocf.berkeley.edu
pileup.ocf.berkeley.edu
pox.ocf.berkeley.edu
quicksand.ocf.berkeley.edu
ragnarok.ocf.berkeley.edu
rapture.ocf.berkeley.edu
reaper.ocf.berkeley.edu
rejection.ocf.berkeley.edu
riot.ocf.berkeley.edu
riptide.ocf.berkeley.edu
sarin.ocf.berkeley.edu
scurvy.ocf.berkeley.edu
segfault.ocf.berkeley.edu
shipwreck.ocf.berkeley.edu
singularity.ocf.berkeley.edu
solarflare.ocf.berkeley.edu
stackclash.ocf.berkeley.edu
supernova.ocf.berkeley.edu
tempest.ocf.berkeley.edu
thunder.ocf.berkeley.edu
tsunami.ocf.berkeley.edu
vampires.ocf.berkeley.edu
virus.ocf.berkeley.edu
vortex.ocf.berkeley.edu
walpurgisnacht.ocf.berkeley.edu
war.ocf.berkeley.edu
whirlwind.ocf.berkeley.edu
whiteout.ocf.berkeley.edu
worm.ocf.berkeley.edu
zombies.ocf.berkeley.edu

Jenkins

@daradib
Copy link
Member Author

daradib commented Jul 28, 2020

The changes look good to me but I would like to canary this on a VM and physical host first before merging to avoid potential issues. Thanks!

Most definitely. I also replaced the lockdown package with hardening-runtime. However if the performance impact of the kernel command line options is too great we'll need to revert it.

Why would we want to disable BPF?

To clarify, this doesn't disable BPF entirely, it disables unprivileged bpf() that has been a source of privilege escalation vulnerabilities, e.g., CVE-2020-8835, CVE-2017-16995, CVE-2016-4557. netfilter and seccomp-bpf predate it and shouldn't be affected.

@kpengboy
Copy link
Member

kpengboy commented Jul 28, 2020
edited
Loading

Do you know if we currently rely on any after-boot module loading à la request_module or similar?

Nvm outdated question it seems

@ocfjenkins
Copy link

ocfjenkins bot commented Jul 29, 2020

Errored hosts (1)

Changed hosts (36)

Unaffected hosts (61)

Errored hosts
error for anthrax.ocf.berkeley.edu 
W, [2020-07-29T01:18:58.315491 #9660]  WARN -- : Puppet command failed: STDOUT:
  Notice: Compiled catalog for anthrax.ocf.berkeley.edu in environment production in 101.06 seconds
STDERR:
  Warning: The function 'hiera_include' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/6.17/deprecated_language.html
     (file & line not available)
  Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/ssl/default.pp, line: 11, column: 13)
  Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/functions/get_host_fqdns.pp, line: 10, column: 47)
  Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/functions/get_host_fqdns.pp, line: 10, column: 47)
  Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::apt definition
  Warning: Unknown variable: '::skip_kerberos'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/kerberos.pp, line: 2, column: 6)
  Warning: Unknown variable: '::skip_ldap'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 57, column: 6)
  Warning: Unknown variable: '::skip_kerberos'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 82, column: 10)
  Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 160, column: 29)
  Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 161, column: 5)
  Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::groups definition
  Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::puppet definition
  Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::rootpw definition
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
  Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
  /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-scriptrunner20200729-9660-48rpp7/puppet.sh: line 12: 18508 Killed                  "$OCD_PUPPET_BINARY" "$@"
W, [2020-07-29T01:18:58.337233 #9660]  WARN -- : Failed build_catalog for origin/master validation: OctocatalogDiff::Errors::CatalogError Catalog failed: Warning: The function 'hiera_include' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/6.17/deprecated_language.html
   (file & line not available)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/ssl/default.pp, line: 11, column: 13)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/functions/get_host_fqdns.pp, line: 10, column: 47)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/functions/get_host_fqdns.pp, line: 10, column: 47)
Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::apt definition
Warning: Unknown variable: '::skip_kerberos'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/kerberos.pp, line: 2, column: 6)
Warning: Unknown variable: '::skip_ldap'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 57, column: 6)
Warning: Unknown variable: '::skip_kerberos'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 82, column: 10)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 160, column: 29)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 161, column: 5)
Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::groups definition
Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::puppet definition
Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::rootpw definition
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
/tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-scriptrunner20200729-9660-48rpp7/puppet.sh: line 12: 18508 Killed                  "$OCD_PUPPET_BINARY" "$@"

/usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:259:in `catalog_validator': Catalog failed: Warning: The function 'hiera_include' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/6.17/deprecated_language.html (OctocatalogDiff::Errors::CatalogError)
   (file & line not available)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/ssl/default.pp, line: 11, column: 13)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/functions/get_host_fqdns.pp, line: 10, column: 47)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/functions/get_host_fqdns.pp, line: 10, column: 47)
Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::apt definition
Warning: Unknown variable: '::skip_kerberos'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/kerberos.pp, line: 2, column: 6)
Warning: Unknown variable: '::skip_ldap'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 57, column: 6)
Warning: Unknown variable: '::skip_kerberos'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 82, column: 10)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 160, column: 29)
Warning: Unknown variable: '::dnsA'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/auth.pp, line: 161, column: 5)
Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::groups definition
Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::puppet definition
Warning: stage is a metaparam; this value will inherit to all contained resources in the ocf::rootpw definition
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
Warning: Unknown variable: 'subscribe'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 14, column: 18)
Warning: Unknown variable: 'notify'. (file: /tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-builddir-20200729-9660-f9t0fq/environments/production/modules/ocf/manifests/firewall/firewall46.pp, line: 16, column: 18)
/tmp/ocd-ipc-20200729-9421-14k4xq7/ocd-scriptrunner20200729-9660-48rpp7/puppet.sh: line 12: 18508 Killed                  "$OCD_PUPPET_BINARY" "$@"
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:39:in `call'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:39:in `validate'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:202:in `execute_task'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:119:in `block (2 levels) in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `fork'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `block in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each_with_index'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:94:in `run_tasks'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:92:in `build_catalog_parallelizer'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:29:in `catalogs'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1/catalog-diff.rb:34:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1.rb:19:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:151:in `run_octocatalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:125:in `cli'
	from /usr/bin/octocatalog-diff:34:in `<main>'
Changed hosts
diff for flood.ocf.berkeley.edu, maelstrom.ocf.berkeley.edu, quarantine.ocf.berkeley.edu, spectre.ocf.berkeley.edu, trojan.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
+ Package[linux-image-amd64] =>
   parameters =>
     "allow_virtual": false,
     "ensure": "purged"
*******************************************
+ Package[linux-image-cloud-amd64] =>
   parameters =>
     "allow_virtual": false
*******************************************
diff for bedbugs.ocf.berkeley.edu, jaws.ocf.berkeley.edu, pandemic.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
diff for acid.ocf.berkeley.edu, arsenic.ocf.berkeley.edu, asteroid.ocf.berkeley.edu, avalanche.ocf.berkeley.edu, bigbang.ocf.berkeley.edu, blackout.ocf.berkeley.edu, blight.ocf.berkeley.edu, blizzard.ocf.berkeley.edu, cyanide.ocf.berkeley.edu, destruction.ocf.berkeley.edu, drought.ocf.berkeley.edu, eruption.ocf.berkeley.edu, famine.ocf.berkeley.edu, firewhirl.ocf.berkeley.edu, hailstorm.ocf.berkeley.edu, headcrash.ocf.berkeley.edu, heatwave.ocf.berkeley.edu, invasion.ocf.berkeley.edu, madcow.ocf.berkeley.edu, meteorstorm.ocf.berkeley.edu, plague.ocf.berkeley.edu, sinkhole.ocf.berkeley.edu, surge.ocf.berkeley.edu, typhoon.ocf.berkeley.edu, venom.ocf.berkeley.edu, volcano.ocf.berkeley.edu, wildfire.ocf.berkeley.edu 
*******************************************
  Sysctl[kernel.unprivileged_userns_clone] =>
   parameters =>
     ensure =>
      + absent
     value =>
      - 1
*******************************************
diff for tornado.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
  Sysctl[kernel.unprivileged_userns_clone] =>
   parameters =>
     ensure =>
      + absent
     value =>
      - 1
*******************************************
Unaffected hosts 
autocrat.ocf.berkeley.edu
bigrip.ocf.berkeley.edu
biohazard.ocf.berkeley.edu
bolide.ocf.berkeley.edu
calamity.ocf.berkeley.edu
corruption.ocf.berkeley.edu
coup.ocf.berkeley.edu
dataloss.ocf.berkeley.edu
deadlock.ocf.berkeley.edu
death.ocf.berkeley.edu
dementors.ocf.berkeley.edu
democracy.ocf.berkeley.edu
dev-maelstrom.ocf.berkeley.edu
failure.ocf.berkeley.edu
fallingrocks.ocf.berkeley.edu
falsevacuum.ocf.berkeley.edu
fire.ocf.berkeley.edu
firestorm.ocf.berkeley.edu
fraud.ocf.berkeley.edu
fukushima.ocf.berkeley.edu
gridlock.ocf.berkeley.edu
hal.ocf.berkeley.edu
hellfire.ocf.berkeley.edu
leprosy.ocf.berkeley.edu
lethe.ocf.berkeley.edu
lightning.ocf.berkeley.edu
monsoon.ocf.berkeley.edu
nuke.ocf.berkeley.edu
oilspill.ocf.berkeley.edu
panic.ocf.berkeley.edu
pestilence.ocf.berkeley.edu
pgp.ocf.berkeley.edu
pileup.ocf.berkeley.edu
pox.ocf.berkeley.edu
quicksand.ocf.berkeley.edu
ragnarok.ocf.berkeley.edu
rapture.ocf.berkeley.edu
reaper.ocf.berkeley.edu
rejection.ocf.berkeley.edu
riot.ocf.berkeley.edu
riptide.ocf.berkeley.edu
sarin.ocf.berkeley.edu
scurvy.ocf.berkeley.edu
segfault.ocf.berkeley.edu
shipwreck.ocf.berkeley.edu
singularity.ocf.berkeley.edu
solarflare.ocf.berkeley.edu
stackclash.ocf.berkeley.edu
supernova.ocf.berkeley.edu
tempest.ocf.berkeley.edu
thunder.ocf.berkeley.edu
tsunami.ocf.berkeley.edu
vampires.ocf.berkeley.edu
virus.ocf.berkeley.edu
vortex.ocf.berkeley.edu
walpurgisnacht.ocf.berkeley.edu
war.ocf.berkeley.edu
whirlwind.ocf.berkeley.edu
whiteout.ocf.berkeley.edu
worm.ocf.berkeley.edu
zombies.ocf.berkeley.edu

Jenkins

@ocfjenkins
Copy link

ocfjenkins bot commented Jul 31, 2020

Errored hosts (0)

Changed hosts (36)

Unaffected hosts (62)

Changed hosts
diff for flood.ocf.berkeley.edu, maelstrom.ocf.berkeley.edu, quarantine.ocf.berkeley.edu, spectre.ocf.berkeley.edu, trojan.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
+ Package[linux-image-amd64] =>
   parameters =>
     "allow_virtual": false,
     "ensure": "purged"
*******************************************
+ Package[linux-image-cloud-amd64] =>
   parameters =>
     "allow_virtual": false
*******************************************
diff for tornado.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
  Sysctl[kernel.unprivileged_userns_clone] =>
   parameters =>
     ensure =>
      + absent
     value =>
      - 1
*******************************************
diff for bedbugs.ocf.berkeley.edu, jaws.ocf.berkeley.edu, pandemic.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
diff for acid.ocf.berkeley.edu, arsenic.ocf.berkeley.edu, asteroid.ocf.berkeley.edu, avalanche.ocf.berkeley.edu, bigbang.ocf.berkeley.edu, blackout.ocf.berkeley.edu, blight.ocf.berkeley.edu, blizzard.ocf.berkeley.edu, cyanide.ocf.berkeley.edu, destruction.ocf.berkeley.edu, drought.ocf.berkeley.edu, eruption.ocf.berkeley.edu, famine.ocf.berkeley.edu, firewhirl.ocf.berkeley.edu, hailstorm.ocf.berkeley.edu, headcrash.ocf.berkeley.edu, heatwave.ocf.berkeley.edu, invasion.ocf.berkeley.edu, madcow.ocf.berkeley.edu, meteorstorm.ocf.berkeley.edu, plague.ocf.berkeley.edu, sinkhole.ocf.berkeley.edu, surge.ocf.berkeley.edu, typhoon.ocf.berkeley.edu, venom.ocf.berkeley.edu, volcano.ocf.berkeley.edu, wildfire.ocf.berkeley.edu 
*******************************************
  Sysctl[kernel.unprivileged_userns_clone] =>
   parameters =>
     ensure =>
      + absent
     value =>
      - 1
*******************************************
Unaffected hosts 
anthrax.ocf.berkeley.edu
autocrat.ocf.berkeley.edu
bigrip.ocf.berkeley.edu
biohazard.ocf.berkeley.edu
bolide.ocf.berkeley.edu
calamity.ocf.berkeley.edu
corruption.ocf.berkeley.edu
coup.ocf.berkeley.edu
dataloss.ocf.berkeley.edu
deadlock.ocf.berkeley.edu
death.ocf.berkeley.edu
dementors.ocf.berkeley.edu
democracy.ocf.berkeley.edu
dev-maelstrom.ocf.berkeley.edu
failure.ocf.berkeley.edu
fallingrocks.ocf.berkeley.edu
falsevacuum.ocf.berkeley.edu
fire.ocf.berkeley.edu
firestorm.ocf.berkeley.edu
fraud.ocf.berkeley.edu
fukushima.ocf.berkeley.edu
gridlock.ocf.berkeley.edu
hal.ocf.berkeley.edu
hellfire.ocf.berkeley.edu
leprosy.ocf.berkeley.edu
lethe.ocf.berkeley.edu
lightning.ocf.berkeley.edu
monsoon.ocf.berkeley.edu
nuke.ocf.berkeley.edu
oilspill.ocf.berkeley.edu
panic.ocf.berkeley.edu
pestilence.ocf.berkeley.edu
pgp.ocf.berkeley.edu
pileup.ocf.berkeley.edu
pox.ocf.berkeley.edu
quicksand.ocf.berkeley.edu
ragnarok.ocf.berkeley.edu
rapture.ocf.berkeley.edu
reaper.ocf.berkeley.edu
rejection.ocf.berkeley.edu
riot.ocf.berkeley.edu
riptide.ocf.berkeley.edu
sarin.ocf.berkeley.edu
scurvy.ocf.berkeley.edu
segfault.ocf.berkeley.edu
shipwreck.ocf.berkeley.edu
singularity.ocf.berkeley.edu
solarflare.ocf.berkeley.edu
stackclash.ocf.berkeley.edu
supernova.ocf.berkeley.edu
tempest.ocf.berkeley.edu
thunder.ocf.berkeley.edu
tsunami.ocf.berkeley.edu
vampires.ocf.berkeley.edu
virus.ocf.berkeley.edu
vortex.ocf.berkeley.edu
walpurgisnacht.ocf.berkeley.edu
war.ocf.berkeley.edu
whirlwind.ocf.berkeley.edu
whiteout.ocf.berkeley.edu
worm.ocf.berkeley.edu
zombies.ocf.berkeley.edu

Jenkins

@singingtelegram
Copy link
Member

Can we take another look at this? Would be good to test on a few dev- VMs.

@ocfjenkins
Copy link

ocfjenkins bot commented Apr 11, 2023

Errored hosts (6)

Changed hosts (60)

Unaffected hosts (8)

Errored hosts
error for chaos.ocf.berkeley.edu 
#<Thread:0x000056528dc24b70@/usr/lib/ruby/2.5.0/open3.rb:264 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:264:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:264:in `block (2 levels) in capture3'
#<Thread:0x000056528dc24a30@/usr/lib/ruby/2.5.0/open3.rb:265 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:265:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:265:in `block (2 levels) in capture3'
/usr/lib/ruby/2.5.0/open3.rb:200:in `detach': can't create Thread: Resource temporarily unavailable (ThreadError)
	from /usr/lib/ruby/2.5.0/open3.rb:200:in `popen_run'
	from /usr/lib/ruby/2.5.0/open3.rb:95:in `popen3'
	from /usr/lib/ruby/2.5.0/open3.rb:258:in `capture3'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/scriptrunner.rb:59:in `run'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/puppetversion.rb:34:in `puppet_version'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:51:in `puppet_version'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:213:in `block in run_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:210:in `upto'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:210:in `run_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:114:in `build_catalog'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog.rb:96:in `build'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:241:in `build_catalog'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:34:in `call'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:34:in `execute'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:193:in `execute_task'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:119:in `block (2 levels) in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `fork'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `block in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each_with_index'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:94:in `run_tasks'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:92:in `build_catalog_parallelizer'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:29:in `catalogs'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1/catalog-diff.rb:34:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1.rb:19:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:151:in `run_octocatalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:125:in `cli'
	from /usr/bin/octocatalog-diff:34:in `<main>'
error for cyclone.ocf.berkeley.edu 
#<Thread:0x000055e25d456600@/usr/lib/ruby/2.5.0/open3.rb:264 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:264:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:264:in `block (2 levels) in capture3'
#<Thread:0x000055e25d456240@/usr/lib/ruby/2.5.0/open3.rb:265 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:265:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:265:in `block (2 levels) in capture3'
/usr/lib/ruby/2.5.0/open3.rb:264:in `initialize': can't create Thread: Resource temporarily unavailable (ThreadError)
	from /usr/lib/ruby/2.5.0/open3.rb:264:in `new'
	from /usr/lib/ruby/2.5.0/open3.rb:264:in `block in capture3'
	from /usr/lib/ruby/2.5.0/open3.rb:205:in `popen_run'
	from /usr/lib/ruby/2.5.0/open3.rb:95:in `popen3'
	from /usr/lib/ruby/2.5.0/open3.rb:258:in `capture3'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/scriptrunner.rb:59:in `run'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:180:in `exec_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:214:in `block in run_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:210:in `upto'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:210:in `run_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:114:in `build_catalog'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog.rb:96:in `build'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:241:in `build_catalog'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:34:in `call'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:34:in `execute'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:193:in `execute_task'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:119:in `block (2 levels) in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `fork'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `block in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each_with_index'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:94:in `run_tasks'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:92:in `build_catalog_parallelizer'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:29:in `catalogs'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1/catalog-diff.rb:34:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1.rb:19:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:151:in `run_octocatalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:125:in `cli'
	from /usr/bin/octocatalog-diff:34:in `<main>'
error for death.ocf.berkeley.edu 
W, [2023-04-11T14:28:23.889650 #14327]  WARN -- : Puppet command failed: STDOUT:
STDERR:
  /opt/puppetlabs/bin/puppet: 10: /opt/puppetlabs/bin/puppet: Cannot fork
W, [2023-04-11T14:28:23.890162 #14327]  WARN -- : Failed build_catalog for . validation: OctocatalogDiff::Errors::CatalogError Catalog failed: /opt/puppetlabs/bin/puppet: 10: /opt/puppetlabs/bin/puppet: Cannot fork

#<Thread:0x00005555cdd3f658@/usr/lib/ruby/2.5.0/open3.rb:264 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:264:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:264:in `block (2 levels) in capture3'
#<Thread:0x00005555cdd3f518@/usr/lib/ruby/2.5.0/open3.rb:265 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:265:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:265:in `block (2 levels) in capture3'
/usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:259:in `catalog_validator': Catalog failed: /opt/puppetlabs/bin/puppet: 10: /opt/puppetlabs/bin/puppet: Cannot fork (OctocatalogDiff::Errors::CatalogError)
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:39:in `call'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:39:in `validate'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:202:in `execute_task'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:119:in `block (2 levels) in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `fork'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `block in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each_with_index'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:94:in `run_tasks'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:92:in `build_catalog_parallelizer'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:29:in `catalogs'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1/catalog-diff.rb:34:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1.rb:19:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:151:in `run_octocatalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:125:in `cli'
	from /usr/bin/octocatalog-diff:34:in `<main>'
error for democracy.ocf.berkeley.edu 
#<Thread:0x000055c5bd401838@/usr/lib/ruby/2.5.0/open3.rb:264 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:264:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:264:in `block (2 levels) in capture3'
#<Thread:0x000055c5bd401248@/usr/lib/ruby/2.5.0/open3.rb:265 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:265:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:265:in `block (2 levels) in capture3'
/usr/lib/ruby/2.5.0/open3.rb:200:in `detach': can't create Thread: Resource temporarily unavailable (ThreadError)
	from /usr/lib/ruby/2.5.0/open3.rb:200:in `popen_run'
	from /usr/lib/ruby/2.5.0/open3.rb:95:in `popen3'
	from /usr/lib/ruby/2.5.0/open3.rb:258:in `capture3'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/scriptrunner.rb:59:in `run'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/puppetversion.rb:34:in `puppet_version'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:51:in `puppet_version'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:213:in `block in run_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:210:in `upto'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:210:in `run_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:114:in `build_catalog'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog.rb:96:in `build'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:241:in `build_catalog'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:34:in `call'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:34:in `execute'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:193:in `execute_task'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:119:in `block (2 levels) in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `fork'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `block in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each_with_index'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:94:in `run_tasks'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:92:in `build_catalog_parallelizer'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:29:in `catalogs'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1/catalog-diff.rb:34:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1.rb:19:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:151:in `run_octocatalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:125:in `cli'
	from /usr/bin/octocatalog-diff:34:in `<main>'
error for destruction.ocf.berkeley.edu 
#<Thread:0x0000562f63d10d38@/usr/lib/ruby/2.5.0/open3.rb:264 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:264:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:264:in `block (2 levels) in capture3'
#<Thread:0x0000562f63d10b58@/usr/lib/ruby/2.5.0/open3.rb:265 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:265:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:265:in `block (2 levels) in capture3'
/usr/lib/ruby/2.5.0/open3.rb:265:in `initialize': can't create Thread: Resource temporarily unavailable (ThreadError)
	from /usr/lib/ruby/2.5.0/open3.rb:265:in `new'
	from /usr/lib/ruby/2.5.0/open3.rb:265:in `block in capture3'
	from /usr/lib/ruby/2.5.0/open3.rb:205:in `popen_run'
	from /usr/lib/ruby/2.5.0/open3.rb:95:in `popen3'
	from /usr/lib/ruby/2.5.0/open3.rb:258:in `capture3'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/scriptrunner.rb:59:in `run'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:180:in `exec_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:214:in `block in run_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:210:in `upto'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:210:in `run_puppet'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog/computed.rb:114:in `build_catalog'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/catalog.rb:96:in `build'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:241:in `build_catalog'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:34:in `call'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:34:in `execute'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:193:in `execute_task'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:119:in `block (2 levels) in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `fork'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `block in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each_with_index'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:94:in `run_tasks'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:92:in `build_catalog_parallelizer'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:29:in `catalogs'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1/catalog-diff.rb:34:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1.rb:19:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:151:in `run_octocatalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:125:in `cli'
	from /usr/bin/octocatalog-diff:34:in `<main>'
error for segfault.ocf.berkeley.edu 
W, [2023-04-11T14:33:59.295839 #31934]  WARN -- : Puppet command failed: STDOUT:
STDERR:
  Warning: The function 'hiera_include' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/7.21/deprecated_language.html
     (file & line not available)
  Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
  Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
  Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
  Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
  Error: Try 'puppet help catalog compile' for usage
W, [2023-04-11T14:33:59.296372 #31934]  WARN -- : Failed build_catalog for origin/master validation: OctocatalogDiff::Errors::CatalogError Catalog failed: Warning: The function 'hiera_include' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/7.21/deprecated_language.html
   (file & line not available)
Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
Error: Try 'puppet help catalog compile' for usage

#<Thread:0x0000561f153a9ed8@/usr/lib/ruby/2.5.0/open3.rb:264 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:264:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:264:in `block (2 levels) in capture3'
#<Thread:0x0000561f153a9b90@/usr/lib/ruby/2.5.0/open3.rb:265 run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/2.5.0/open3.rb:265:in `read': stream closed in another thread (IOError)
	from /usr/lib/ruby/2.5.0/open3.rb:265:in `block (2 levels) in capture3'
/usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:259:in `catalog_validator': Catalog failed: Warning: The function 'hiera_include' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/7.21/deprecated_language.html (OctocatalogDiff::Errors::CatalogError)
   (file & line not available)
Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
Error: Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
Error: Could not call 'find' on 'catalog': Evaluation Error: Error while evaluating a Function Call, 'new' The string 'bookworm/sid' cannot be converted to Integer (file: /tmp/ocd-ipc-20230411-30009-152jr7y/ocd-builddir-20230411-31934-7yy39q/environments/production/modules/ocf/manifests/packages/mysql_server.pp, line: 13, column: 8) on node segfault.ocf.berkeley.edu
Error: Try 'puppet help catalog compile' for usage
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:39:in `call'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:39:in `validate'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:202:in `execute_task'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:119:in `block (2 levels) in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `fork'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:117:in `block in run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `each_with_index'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:114:in `run_tasks_parallel'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/parallel.rb:94:in `run_tasks'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:92:in `build_catalog_parallelizer'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/util/catalogs.rb:29:in `catalogs'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1/catalog-diff.rb:34:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/api/v1.rb:19:in `catalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:151:in `run_octocatalog_diff'
	from /usr/lib/ruby/vendor_ruby/octocatalog-diff/cli.rb:125:in `cli'
	from /usr/bin/octocatalog-diff:34:in `<main>'
Changed hosts
diff for acid.ocf.berkeley.edu, arsenic.ocf.berkeley.edu, asteroid.ocf.berkeley.edu, avalanche.ocf.berkeley.edu, bigbang.ocf.berkeley.edu, blackout.ocf.berkeley.edu, blight.ocf.berkeley.edu, blizzard.ocf.berkeley.edu, cyanide.ocf.berkeley.edu, drought.ocf.berkeley.edu, eruption.ocf.berkeley.edu, famine.ocf.berkeley.edu, firewhirl.ocf.berkeley.edu, hailstorm.ocf.berkeley.edu, headcrash.ocf.berkeley.edu, heatwave.ocf.berkeley.edu, hurricane.ocf.berkeley.edu, invasion.ocf.berkeley.edu, madcow.ocf.berkeley.edu, meteorstorm.ocf.berkeley.edu, outbreak.ocf.berkeley.edu, plague.ocf.berkeley.edu, sinkhole.ocf.berkeley.edu, surge.ocf.berkeley.edu, tornado.ocf.berkeley.edu, typhoon.ocf.berkeley.edu, venom.ocf.berkeley.edu, volcano.ocf.berkeley.edu, wildfire.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
  Sysctl[kernel.unprivileged_userns_clone] =>
   parameters =>
     ensure =>
      + absent
     value =>
      - 1
*******************************************
diff for anthrax.ocf.berkeley.edu, autocrat.ocf.berkeley.edu, biohazard.ocf.berkeley.edu, coup.ocf.berkeley.edu, deadlock.ocf.berkeley.edu, dementors.ocf.berkeley.edu, fire.ocf.berkeley.edu, firestorm.ocf.berkeley.edu, flood.ocf.berkeley.edu, fraud.ocf.berkeley.edu, gridlock.ocf.berkeley.edu, hellfire.ocf.berkeley.edu, lethe.ocf.berkeley.edu, lightning.ocf.berkeley.edu, maelstrom.ocf.berkeley.edu, quarantine.ocf.berkeley.edu, radiation-mgmt.ocf.berkeley.edu, thunder.ocf.berkeley.edu, whiteout.ocf.berkeley.edu, windshear.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
+ Package[linux-image-amd64] =>
   parameters =>
     "allow_virtual": false,
     "ensure": "purged"
*******************************************
+ Package[linux-image-cloud-amd64] =>
   parameters =>
     "allow_virtual": false
*******************************************
diff for bedbugs.ocf.berkeley.edu, corruption.ocf.berkeley.edu, dataloss.ocf.berkeley.edu, fallingrocks.ocf.berkeley.edu, hal.ocf.berkeley.edu, riptide.ocf.berkeley.edu, scurvy.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
diff for reaper.ocf.berkeley.edu, supernova.ocf.berkeley.edu, tsunami.ocf.berkeley.edu 
*******************************************
+ Package[hardening-runtime] =>
   parameters =>
     "allow_virtual": false
*******************************************
+ Package[linux-image-amd64] =>
   parameters =>
     "allow_virtual": false,
     "ensure": "purged"
*******************************************
+ Package[linux-image-cloud-amd64] =>
   parameters =>
     "allow_virtual": false
*******************************************
  Sysctl[kernel.unprivileged_userns_clone] =>
   parameters =>
     ensure =>
      + absent
     value =>
      - 1
*******************************************
diff for vampires.ocf.berkeley.edu 
*******************************************
  Sysctl[kernel.unprivileged_userns_clone] =>
   parameters =>
     ensure =>
      + absent
     value =>
      - 1
*******************************************
Unaffected hosts 
falsevacuum.ocf.berkeley.edu
nuke.ocf.berkeley.edu
pox.ocf.berkeley.edu
shipwreck.ocf.berkeley.edu
singularity.ocf.berkeley.edu
solarflare.ocf.berkeley.edu
war.ocf.berkeley.edu
worm.ocf.berkeley.edu

Jenkins

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@daradib @ocfbot @ja5087 @nattofriends @kpengboy @singingtelegram