Compilation results for centrallog1002.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3186
Resources added:	0
Resources removed:	14
Resources modified:	19
Change percentage:	1.04%

Resources only in the old catalog

File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet]
Exec[create chained cert /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem]
Exec[Generate cert syslog__centrallog1002_eqiad_wmnet refresh on intermediate ca change]
File[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr]
File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.csr]
File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet-key.pem]
Exec[Generate cert syslog__centrallog1002_eqiad_wmnet]
Exec[renew certificate - syslog__centrallog1002_eqiad_wmnet]
Cfssl::Csr[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr]
Exec[Generate cert syslog__centrallog1002_eqiad_wmnet refresh]
File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem]
File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem]
File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.pem]
Cfssl::Cert[syslog__centrallog1002_eqiad_wmnet]

Resources modified

Exec[renew certificate - syslog__centrallog1002_eqiad_wmnet]

Parameters differences:

--- Exec[renew certificate - syslog__centrallog1002_eqiad_wmnet].orig
+++ Exec[renew certificate - syslog__centrallog1002_eqiad_wmnet]

-    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/centrallog1002.eqiad.wmnet.pem -label syslog  /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet

-    require     => Exec[Generate cert syslog__centrallog1002_eqiad_wmnet]
-    environment => ['GODEBUG=x509ignoreCN=0']
-    unless      => /usr/bin/openssl x509 -in /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.pem -checkend 952200

Cfssl::Cert[syslog__centrallog1002_eqiad_wmnet]

Parameters differences:

--- Cfssl::Cert[syslog__centrallog1002_eqiad_wmnet].orig
+++ Cfssl::Cert[syslog__centrallog1002_eqiad_wmnet]

-    key             => {'algo': 'ecdsa', 'size': 256}
-    before_services => []
-    hosts           => []
-    ensure          => present
-    auto_renew      => True
-    mode            => 0740
-    environment     => ['GODEBUG=x509ignoreCN=0']
-    notify_services => []
-    label           => syslog
-    owner           => root
-    renew_seconds   => 952200
-    names           => []
-    provide_chain   => True
-    group           => root
-    common_name     => centrallog1002.eqiad.wmnet

File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet-key.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet-key.pem].orig
+++ File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet-key.pem]

-    ensure    => file
-    mode      => 0440
-    owner     => root
-    show_diff => False
-    group     => root
-    backup    => False

File[/lib/systemd/system/rsyslog-receiver-remedy.service]

Content differences:

--- /lib/systemd/system/rsyslog-receiver-remedy.service.orig
+++ /lib/systemd/system/rsyslog-receiver-remedy.service
@@ -5,4 +5,4 @@
 [Service]
 Type=oneshot
 User=root
-ExecStart=/bin/sh -c "timeout 5s openssl s_client -connect localhost:6514 -cert_chain /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem -cert /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem -key /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet-key.pem -CAfile /etc/ssl/certs/wmf-ca-certificates.crt -quiet -no_ign_eof </dev/null || systemctl restart rsyslog-receiver"
+ExecStart=/bin/sh -c "timeout 5s openssl s_client -connect localhost:6514 -cert_chain /etc/cfssl/ssl/syslog__rsyslog-receiver/syslog__rsyslog-receiver.chained.pem -cert /etc/cfssl/ssl/syslog__rsyslog-receiver/syslog__rsyslog-receiver.chained.pem -key /etc/cfssl/ssl/syslog__rsyslog-receiver/syslog__rsyslog-receiver-key.pem -CAfile /etc/ssl/certs/wmf-ca-certificates.crt -quiet -no_ign_eof </dev/null || systemctl restart rsyslog-receiver"

File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet]

Parameters differences:

--- File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet].orig
+++ File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet]

-    ensure  => directory
-    mode    => 0740
-    owner   => root
-    group   => root
-    recurse => True

File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.pem].orig
+++ File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.pem]

-    group  => root
-    ensure => file
-    mode   => 0440
-    owner  => root

Exec[Generate cert syslog__centrallog1002_eqiad_wmnet refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert syslog__centrallog1002_eqiad_wmnet refresh on intermediate ca change].orig
+++ Exec[Generate cert syslog__centrallog1002_eqiad_wmnet refresh on intermediate ca change]

-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/centrallog1002.eqiad.wmnet.pem -label syslog  /etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet

-    subscribe   => File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem]
-    environment => ['GODEBUG=x509ignoreCN=0']
-    refreshonly => True

File[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr]

Parameters differences:

--- File[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr].orig
+++ File[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr]

-    group  => root
-    ensure => file
-    mode   => 0400
-    owner  => root

Content differences:

--- /etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr.orig
+++ /etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr
@@ -1,13 +0,0 @@
-{
-  "CN": "centrallog1002.eqiad.wmnet",
-  "hosts": [
-    "centrallog1002.eqiad.wmnet"
-  ],
-  "key": {
-    "algo": "ecdsa",
-    "size": 256
-  },
-  "names": [
-
-  ]
-}

Class[Toil::Rsyslog_receiver_remedy]

Parameters differences:

--- Class[Toil::Rsyslog_receiver_remedy].orig
+++ Class[Toil::Rsyslog_receiver_remedy]

-    ssl_provider => cfssl
+    ca_file      => /etc/ssl/certs/wmf-ca-certificates.crt
+    cert_file    => /etc/cfssl/ssl/syslog__rsyslog-receiver/syslog__rsyslog-receiver.chained.pem
+    key_file     => /etc/cfssl/ssl/syslog__rsyslog-receiver/syslog__rsyslog-receiver-key.pem

Class[Rsyslog::Receiver]

Parameters differences:

--- Class[Rsyslog::Receiver].orig
+++ Class[Rsyslog::Receiver]

-    ssl_provider => cfssl
+    ca_file      => /etc/ssl/certs/wmf-ca-certificates.crt

File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem].orig
+++ File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem]

-    require => Exec[create chained cert /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem]
-    group   => root
-    ensure  => file
-    owner   => root

File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem].orig
+++ File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem]

-    ensure => file
-    mode   => 0440
-    owner  => root
-    source => puppet:///modules/profile/pki/intermediates/syslog-cert.pem
-    group  => root

Systemd::Unit[rsyslog-receiver-remedy.service]

Exec[Generate cert syslog__centrallog1002_eqiad_wmnet]

Parameters differences:

--- Exec[Generate cert syslog__centrallog1002_eqiad_wmnet].orig
+++ Exec[Generate cert syslog__centrallog1002_eqiad_wmnet]

-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/centrallog1002.eqiad.wmnet.pem -label syslog  /etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet

-    require     => Cfssl::Csr[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr]
-    environment => ['GODEBUG=x509ignoreCN=0']
-    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet-key.pem 2>&1)"

Exec[Generate cert syslog__centrallog1002_eqiad_wmnet refresh]

Parameters differences:

--- Exec[Generate cert syslog__centrallog1002_eqiad_wmnet refresh].orig
+++ Exec[Generate cert syslog__centrallog1002_eqiad_wmnet refresh]

-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/centrallog1002.eqiad.wmnet.pem -label syslog  /etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet

-    subscribe   => File[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr]
-    environment => ['GODEBUG=x509ignoreCN=0']
-    refreshonly => True

Systemd::Timer::Job[rsyslog-receiver-remedy]

Parameters differences:

--- Systemd::Timer::Job[rsyslog-receiver-remedy].orig
+++ Systemd::Timer::Job[rsyslog-receiver-remedy]

@@
-    command => /bin/sh -c "timeout 5s openssl s_client -connect localhost:6514 -cert_chain /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem -cert /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem -key /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet-key.pem -CAfile /etc/ssl/certs/wmf-ca-certificates.crt -quiet -no_ign_eof </dev/null || systemctl restart rsyslog-receiver"
+    command => /bin/sh -c "timeout 5s openssl s_client -connect localhost:6514 -cert_chain /etc/cfssl/ssl/syslog__rsyslog-receiver/syslog__rsyslog-receiver.chained.pem -cert /etc/cfssl/ssl/syslog__rsyslog-receiver/syslog__rsyslog-receiver.chained.pem -key /etc/cfssl/ssl/syslog__rsyslog-receiver/syslog__rsyslog-receiver-key.pem -CAfile /etc/ssl/certs/wmf-ca-certificates.crt -quiet -no_ign_eof </dev/null || systemctl restart rsyslog-receiver"

Cfssl::Csr[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/syslog__centrallog1002_eqiad_wmnet.csr]

-    key         => {'algo': 'ecdsa', 'size': 256}
-    hosts       => []
-    ensure      => present
-    names       => []
-    common_name => centrallog1002.eqiad.wmnet

Exec[create chained cert /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem].orig
+++ Exec[create chained cert /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem]

-    command   => /bin/cat /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.pem /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem > /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem
-    subscribe => ['Exec[renew certificate - syslog__centrallog1002_eqiad_wmnet]', 'File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem]', 'File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.pem]']
-    require   => Exec[Generate cert syslog__centrallog1002_eqiad_wmnet refresh on intermediate ca change]
-    unless    => /usr/bin/test "$(/bin/cat /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.pem /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chain.pem | sha512sum)" == "$(/bin/cat /etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.chained.pem | sha512sum)"

File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.csr]

Parameters differences:

--- File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.csr].orig
+++ File[/etc/cfssl/ssl/syslog__centrallog1002_eqiad_wmnet/syslog__centrallog1002_eqiad_wmnet.csr]

-    group  => root
-    ensure => file
-    mode   => 0440
-    owner  => root

Compilation results for centrallog1002.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the old catalog

Resources modified

Relevant files