Compilation results for pki-root1001.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3033
Resources added:	10
Resources removed:	0
Resources modified:	11
Change percentage:	0.69%

Resources only in the new catalog

File[/etc/cfssl/ssl/discovery2026]
File[/etc/cfssl/csr/discovery2026.csr]
Cfssl::Cert[discovery2026]
File[/etc/cfssl/ssl/discovery2026/discovery2026.pem]
Exec[Generate cert discovery2026]
Exec[Generate cert discovery2026 refresh]
File[/etc/cfssl/ssl/discovery2026/discovery2026.csr]
Exec[renew certificate - discovery2026]
Cfssl::Csr[/etc/cfssl/csr/discovery2026.csr]
File[/etc/cfssl/ssl/discovery2026/discovery2026-key.pem]

Resources modified

Cfssl::Csr[/etc/cfssl/csr/discovery2026.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/discovery2026.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/discovery2026.csr]

+    ensure      => present
+    hosts       => []
+    common_name => discovery2026
+    names       => [{'organisation': 'Wikimedia Foundation, Inc', 'organisational_unit': 'SRE Foundations', 'locality': 'San Francisco', 'state': 'California', 'country': 'US'}]
+    key         => {'algo': 'ecdsa', 'size': 521}

File[/etc/cfssl/ssl/discovery2026]

Parameters differences:

--- File[/etc/cfssl/ssl/discovery2026].orig
+++ File[/etc/cfssl/ssl/discovery2026]

+    owner   => root
+    ensure  => directory
+    group   => root
+    recurse => True
+    mode    => 0740

Class[Profile::Pki::Root_ca]

Parameters differences:

--- Class[Profile::Pki::Root_ca].orig
+++ Class[Profile::Pki::Root_ca]

@@
-    intermediates => ['debmonitor', 'discovery', 'kafka', 'cloud_wmnet_ca', 'etcd', 'wikikube', 'wikikube_front_proxy', 'wikikube_staging', 'wikikube_staging_front_proxy', 'mlserve', 'mlserve_front_proxy', 'mlserve_staging', 'mlserve_staging_front_proxy', 'aux', 'aux_front_proxy', 'dse', 'dse_front_proxy', 'cassandra', 'puppet', 'network_devices', 'syslog', 'zuul']
+    intermediates => ['debmonitor', 'discovery', 'discovery2026', 'kafka', 'cloud_wmnet_ca', 'etcd', 'wikikube', 'wikikube_front_proxy', 'wikikube_staging', 'wikikube_staging_front_proxy', 'mlserve', 'mlserve_front_proxy', 'mlserve_staging', 'mlserve_staging_front_proxy', 'aux', 'aux_front_proxy', 'dse', 'dse_front_proxy', 'cassandra', 'puppet', 'network_devices', 'syslog', 'zuul']

File[/etc/cfssl/ssl/discovery2026/discovery2026.csr]

Parameters differences:

--- File[/etc/cfssl/ssl/discovery2026/discovery2026.csr].orig
+++ File[/etc/cfssl/ssl/discovery2026/discovery2026.csr]

+    owner  => root
+    ensure => file
+    group  => root
+    mode   => 0440

Cfssl::Cert[discovery2026]

Parameters differences:

--- Cfssl::Cert[discovery2026].orig
+++ Cfssl::Cert[discovery2026]

+    auto_renew      => True
+    ensure          => present
+    before_services => []
+    profile         => intermediate
+    notify_services => []
+    group           => root
+    hosts           => []
+    mode            => 0740
+    provide_chain   => False
+    signer_config   => {'config_dir': '/etc/cfssl/signers/Wikimedia_Internal_Root_CA'}
+    environment     => ['GODEBUG=x509ignoreCN=0']
+    common_name     => discovery2026
+    owner           => root
+    renew_seconds   => 952200
+    names           => [{'organisation': 'Wikimedia Foundation, Inc', 'organisational_unit': 'SRE Foundations', 'locality': 'San Francisco', 'state': 'California', 'country': 'US'}]
+    require         => Cfssl::Signer[Wikimedia_Internal_Root_CA]
+    key             => {'algo': 'ecdsa', 'size': 521}

Exec[Generate cert discovery2026]

Parameters differences:

--- Exec[Generate cert discovery2026].orig
+++ Exec[Generate cert discovery2026]

+    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/cfssl/ssl/discovery2026/discovery2026.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/cfssl/ssl/discovery2026/discovery2026-key.pem 2>&1)"

+    environment => ['GODEBUG=x509ignoreCN=0']
+    require     => Cfssl::Csr[/etc/cfssl/csr/discovery2026.csr]
+    command     => /usr/bin/cfssl gencert -ca=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/ca/ca.pem -ca-key=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/ca/ca-key.pem -config=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/cfssl.conf -db-config=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/db.conf  -profile intermediate /etc/cfssl/csr/discovery2026.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/discovery2026/discovery2026

Exec[renew certificate - discovery2026]

Parameters differences:

--- Exec[renew certificate - discovery2026].orig
+++ Exec[renew certificate - discovery2026]

+    unless      => /usr/bin/openssl x509 -in /etc/cfssl/ssl/discovery2026/discovery2026.pem -checkend 952200
+    environment => ['GODEBUG=x509ignoreCN=0']
+    require     => Exec[Generate cert discovery2026]
+    command     => /usr/bin/cfssl sign -ca=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/ca/ca.pem -ca-key=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/ca/ca-key.pem -config=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/cfssl.conf -db-config=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/db.conf  -profile intermediate /etc/cfssl/ssl/discovery2026/discovery2026.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/discovery2026/discovery2026

Exec[Generate cert discovery2026 refresh]

Parameters differences:

--- Exec[Generate cert discovery2026 refresh].orig
+++ Exec[Generate cert discovery2026 refresh]

+    refreshonly => True
+    subscribe   => File[/etc/cfssl/csr/discovery2026.csr]
+    environment => ['GODEBUG=x509ignoreCN=0']
+    command     => /usr/bin/cfssl gencert -ca=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/ca/ca.pem -ca-key=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/ca/ca-key.pem -config=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/cfssl.conf -db-config=/etc/cfssl/signers/Wikimedia_Internal_Root_CA/db.conf  -profile intermediate /etc/cfssl/csr/discovery2026.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/discovery2026/discovery2026

File[/etc/cfssl/ssl/discovery2026/discovery2026-key.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/discovery2026/discovery2026-key.pem].orig
+++ File[/etc/cfssl/ssl/discovery2026/discovery2026-key.pem]

+    owner     => root
+    ensure    => file
+    group     => root
+    show_diff => False
+    backup    => False
+    mode      => 0440

File[/etc/cfssl/csr/discovery2026.csr]

Parameters differences:

--- File[/etc/cfssl/csr/discovery2026.csr].orig
+++ File[/etc/cfssl/csr/discovery2026.csr]

+    owner  => root
+    ensure => file
+    group  => root
+    mode   => 0400

Content differences:

--- /etc/cfssl/csr/discovery2026.csr.orig
+++ /etc/cfssl/csr/discovery2026.csr
@@ -0,0 +1,19 @@
+{
+  "CN": "discovery2026",
+  "hosts": [
+    "discovery2026"
+  ],
+  "key": {
+    "algo": "ecdsa",
+    "size": 521
+  },
+  "names": [
+    {
+      "C": "US",
+      "L": "San Francisco",
+      "O": "Wikimedia Foundation, Inc",
+      "OU": "SRE Foundations",
+      "S": "California"
+    }
+  ]
+}

File[/etc/cfssl/ssl/discovery2026/discovery2026.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/discovery2026/discovery2026.pem].orig
+++ File[/etc/cfssl/ssl/discovery2026/discovery2026.pem]

+    owner  => root
+    ensure => file
+    group  => root
+    mode   => 0440

Compilation results for pki-root1001.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files