Compilation results for wdqs2025.codfw.wmnet: System changes detected
You can retrieve this result from host.json.Catalog differences
Summary
| Total Resources: | 3164 |
|---|---|
| Resources added: | 13 |
| Resources removed: | 13 |
| Resources modified: | 31 |
| Change percentage: | 1.80% |
Resources only in the new catalog
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem]
- File[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chained.pem]
- Exec[renew certificate - discovery2026__query-experimental_eqiad_wmnet_server]
- Cfssl::Csr[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- Exec[create chained cert /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem]
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server-key.pem]
- Cfssl::Cert[discovery2026__query-experimental_eqiad_wmnet_server]
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem]
- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server]
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh]
- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh on intermediate ca change]
Resources only in the old catalog
- Cfssl::Csr[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr]
- Cfssl::Cert[discovery__query-experimental_eqiad_wmnet_server]
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server-key.pem]
- Exec[renew certificate - discovery__query-experimental_eqiad_wmnet_server]
- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server]
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem]
- Exec[create chained cert /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem]
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chained.pem]
- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh on intermediate ca change]
- File[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr]
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem]
- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh]
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.csr]
Resources modified
- Class[Profile::Tlsproxy::Envoy]
- Parameters differences:
--- Class[Profile::Tlsproxy::Envoy].orig +++ Class[Profile::Tlsproxy::Envoy] @@ - cfssl_label => discovery + cfssl_label => discovery2026
- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh on intermediate ca change]
- Parameters differences:
--- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh on intermediate ca change].orig +++ Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh on intermediate ca change] + environment => ['GODEBUG=x509ignoreCN=0'] + subscribe => File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem] + command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/wdqs2025.codfw.wmnet.pem -label discovery2026 -profile server /etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr | /usr/bin/cfssljson -bare /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server + refreshonly => True
- Exec[renew certificate - discovery__query-experimental_eqiad_wmnet_server]
- Parameters differences:
--- Exec[renew certificate - discovery__query-experimental_eqiad_wmnet_server].orig +++ Exec[renew certificate - discovery__query-experimental_eqiad_wmnet_server] - environment => ['GODEBUG=x509ignoreCN=0'] - unless => /usr/bin/openssl x509 -in /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem -checkend 952200 - command => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/wdqs2025.codfw.wmnet.pem -label discovery -profile server /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.csr | /usr/bin/cfssljson -bare /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server - require => Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server]
- File[/etc/envoy/listeners.d/00-tls_terminator_443.yaml]
- Content differences:
--- /etc/envoy/listeners.d/00-tls_terminator_443.yaml.orig +++ /etc/envoy/listeners.d/00-tls_terminator_443.yaml @@ -16,8 +16,8 @@ '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext common_tls_context: tls_certificates: - - certificate_chain: { filename: "/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chained.pem" } - private_key: { filename: "/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server-key.pem" } + - certificate_chain: { filename: "/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chained.pem" } + private_key: { filename: "/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server-key.pem" } filters: - name: envoy.http_connection_manager typed_config:
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem].orig +++ File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem] - mode => 0440 - group => envoy - source => puppet:///modules/profile/pki/intermediates/discovery-cert.pem - owner => envoy - ensure => file
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem].orig +++ File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem] - mode => 0440 - group => envoy - ensure => file - owner => envoy
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.csr].orig +++ File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.csr] + mode => 0440 + group => envoy + ensure => file + owner => envoy
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chained.pem]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chained.pem].orig +++ File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chained.pem] + group => envoy + ensure => file + owner => envoy + require => Exec[create chained cert /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem]
- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh]
- Parameters differences:
--- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh].orig +++ Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh] - environment => ['GODEBUG=x509ignoreCN=0'] - subscribe => File[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr] - command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/wdqs2025.codfw.wmnet.pem -label discovery -profile server /etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr | /usr/bin/cfssljson -bare /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server - refreshonly => True
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem].orig +++ File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem] + mode => 0440 + group => envoy + ensure => file + owner => envoy
- Cfssl::Csr[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr]
- Parameters differences:
--- Cfssl::Csr[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr].orig +++ Cfssl::Csr[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr] - hosts => ['wdqs2025.codfw.wmnet'] - key => {'algo': 'ecdsa', 'size': 256} - common_name => query-experimental.eqiad.wmnet - ensure => present - names => []- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server-key.pem]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server-key.pem].orig +++ File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server-key.pem] + mode => 0440 + backup => False + group => envoy + owner => envoy + ensure => file + show_diff => False
- File[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr]
- Parameters differences:
--- File[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr].orig +++ File[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr] - mode => 0400 - group => root - ensure => file - owner => root
- Content differences:
--- /etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr.orig +++ /etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr @@ -1,14 +0,0 @@ -{ - "CN": "query-experimental.eqiad.wmnet", - "hosts": [ - "wdqs2025.codfw.wmnet", - "query-experimental.eqiad.wmnet" - ], - "key": { - "algo": "ecdsa", - "size": 256 - }, - "names": [ - - ] -}- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server-key.pem]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server-key.pem].orig +++ File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server-key.pem] - mode => 0440 - backup => False - group => envoy - owner => envoy - ensure => file - show_diff => False
- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh on intermediate ca change]
- Parameters differences:
--- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh on intermediate ca change].orig +++ Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh on intermediate ca change] - environment => ['GODEBUG=x509ignoreCN=0'] - subscribe => File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem] - command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/wdqs2025.codfw.wmnet.pem -label discovery -profile server /etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr | /usr/bin/cfssljson -bare /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server - refreshonly => True
- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server]
- Parameters differences:
--- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server].orig +++ Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server] - environment => ['GODEBUG=x509ignoreCN=0'] - unless => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server-key.pem 2>&1)" - command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/wdqs2025.codfw.wmnet.pem -label discovery -profile server /etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr | /usr/bin/cfssljson -bare /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server - require => Cfssl::Csr[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr]
- Exec[create chained cert /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem]
- Parameters differences:
--- Exec[create chained cert /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem].orig +++ Exec[create chained cert /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem] + unless => /usr/bin/test "$(/bin/cat /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem | sha512sum)" == "$(/bin/cat /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chained.pem | sha512sum)" + command => /bin/cat /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem > /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chained.pem + require => Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh on intermediate ca change] + subscribe => ['Exec[renew certificate - discovery2026__query-experimental_eqiad_wmnet_server]', 'File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem]', 'File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem]']
- Cfssl::Csr[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- Parameters differences:
--- Cfssl::Csr[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr].orig +++ Cfssl::Csr[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr] + hosts => ['wdqs2025.codfw.wmnet'] + key => {'algo': 'ecdsa', 'size': 256} + common_name => query-experimental.eqiad.wmnet + ensure => present + names => []- Cfssl::Cert[discovery2026__query-experimental_eqiad_wmnet_server]
- Parameters differences:
--- Cfssl::Cert[discovery2026__query-experimental_eqiad_wmnet_server].orig +++ Cfssl::Cert[discovery2026__query-experimental_eqiad_wmnet_server] + notify_services => [] + auto_renew => True + common_name => query-experimental.eqiad.wmnet + outdir => /etc/envoy/ssl + notify => Service[envoyproxy.service] + group => envoy + key => {'algo': 'ecdsa', 'size': 256} + hosts => ['wdqs2025.codfw.wmnet'] + mode => 0740 + before_services => [] + require => Package[envoyproxy] + owner => envoy + provide_chain => True + label => discovery2026 + names => [] + profile => server + environment => ['GODEBUG=x509ignoreCN=0'] + ensure => present + renew_seconds => 952200- Exec[renew certificate - discovery2026__query-experimental_eqiad_wmnet_server]
- Parameters differences:
--- Exec[renew certificate - discovery2026__query-experimental_eqiad_wmnet_server].orig +++ Exec[renew certificate - discovery2026__query-experimental_eqiad_wmnet_server] + environment => ['GODEBUG=x509ignoreCN=0'] + unless => /usr/bin/openssl x509 -in /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem -checkend 952200 + command => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/wdqs2025.codfw.wmnet.pem -label discovery2026 -profile server /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.csr | /usr/bin/cfssljson -bare /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server + require => Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server]
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.csr]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.csr].orig +++ File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.csr] - mode => 0440 - group => envoy - ensure => file - owner => envoy
- Envoyproxy::Conf[tls_terminator_443]
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem].orig +++ File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem] + mode => 0440 + group => envoy + source => puppet:///modules/profile/pki/intermediates/discovery2026-cert.pem + owner => envoy + ensure => file
- Envoyproxy::Tls_terminator[443]
- Parameters differences:
--- Envoyproxy::Tls_terminator[443].orig +++ Envoyproxy::Tls_terminator[443] @@ - global_certs => [{'cert_path': '/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chained.pem', 'key_path': '/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server-key.pem'}] + global_certs => [{'cert_path': '/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chained.pem', 'key_path': '/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server-key.pem'}]- Exec[create chained cert /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem]
- Parameters differences:
--- Exec[create chained cert /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem].orig +++ Exec[create chained cert /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem] - unless => /usr/bin/test "$(/bin/cat /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem | sha512sum)" == "$(/bin/cat /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chained.pem | sha512sum)" - command => /bin/cat /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem > /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chained.pem - require => Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh on intermediate ca change] - subscribe => ['Exec[renew certificate - discovery__query-experimental_eqiad_wmnet_server]', 'File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem]', 'File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem]']
- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server]
- Parameters differences:
--- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server].orig +++ Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server] + environment => ['GODEBUG=x509ignoreCN=0'] + unless => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server-key.pem 2>&1)" + command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/wdqs2025.codfw.wmnet.pem -label discovery2026 -profile server /etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr | /usr/bin/cfssljson -bare /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server + require => Cfssl::Csr[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh]
- Parameters differences:
--- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh].orig +++ Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh] + environment => ['GODEBUG=x509ignoreCN=0'] + subscribe => File[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr] + command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/wdqs2025.codfw.wmnet.pem -label discovery2026 -profile server /etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr | /usr/bin/cfssljson -bare /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server + refreshonly => True
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chained.pem]
- Parameters differences:
--- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chained.pem].orig +++ File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chained.pem] - group => envoy - ensure => file - owner => envoy - require => Exec[create chained cert /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem]
- Envoyproxy::Listener[tls_terminator_443]
- Cfssl::Cert[discovery__query-experimental_eqiad_wmnet_server]
- Parameters differences:
--- Cfssl::Cert[discovery__query-experimental_eqiad_wmnet_server].orig +++ Cfssl::Cert[discovery__query-experimental_eqiad_wmnet_server] - notify_services => [] - auto_renew => True - common_name => query-experimental.eqiad.wmnet - outdir => /etc/envoy/ssl - notify => Service[envoyproxy.service] - group => envoy - key => {'algo': 'ecdsa', 'size': 256} - hosts => ['wdqs2025.codfw.wmnet'] - mode => 0740 - before_services => [] - require => Package[envoyproxy] - owner => envoy - provide_chain => True - label => discovery - names => [] - profile => server - environment => ['GODEBUG=x509ignoreCN=0'] - ensure => present - renew_seconds => 952200- File[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- Parameters differences:
--- File[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr].orig +++ File[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr] + mode => 0400 + group => root + ensure => file + owner => root
- Content differences:
--- /etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr.orig +++ /etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr @@ -0,0 +1,14 @@ +{ + "CN": "query-experimental.eqiad.wmnet", + "hosts": [ + "wdqs2025.codfw.wmnet", + "query-experimental.eqiad.wmnet" + ], + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + + ] +}Relevant files
- Content differences:
- File[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- Envoyproxy::Listener[tls_terminator_443]
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chained.pem]
- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh]
- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server]
- Exec[create chained cert /etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.chain.pem]
- Envoyproxy::Tls_terminator[443]
- Envoyproxy::Conf[tls_terminator_443]
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.csr]
- Exec[renew certificate - discovery2026__query-experimental_eqiad_wmnet_server]
- Cfssl::Cert[discovery2026__query-experimental_eqiad_wmnet_server]
- Cfssl::Csr[/etc/cfssl/csr/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- Exec[create chained cert /etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chain.pem]
- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server]
- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh on intermediate ca change]
- Content differences:
- File[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr]
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server-key.pem]
- Cfssl::Csr[/etc/cfssl/csr/discovery__query-experimental_eqiad_wmnet_server.csr]
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.pem]
- Exec[Generate cert discovery__query-experimental_eqiad_wmnet_server refresh]
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.chained.pem]
- File[/etc/envoy/ssl/discovery2026__query-experimental_eqiad_wmnet_server.csr]
- File[/etc/envoy/ssl/discovery__query-experimental_eqiad_wmnet_server.pem]
- File[/etc/envoy/listeners.d/00-tls_terminator_443.yaml]
- Exec[renew certificate - discovery__query-experimental_eqiad_wmnet_server]
- Exec[Generate cert discovery2026__query-experimental_eqiad_wmnet_server refresh on intermediate ca change]
- Parameters differences: