Compilation results for pki1001.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the old catalog

• Nrpe::Check[check_check_certificate_expiry_discovery]
• Profile::Pki::Multirootca::Monitoring[discovery]
• Monitoring::Service[check_certificate_expiry_discovery]
• Exec[systemd daemon-reload for cfssl-ocsprefresh-discovery.timer (cfssl-ocsprefresh-discovery.timer)]
• Systemd::Timer[nrpe2nodexp-check_certificate_expiry_discovery]
• File[/etc/cfssl/ssl/ocsp/OCSP_discovery_pki1001_eqiad_wmnet-key.pem]
• Sudo::User[nrpe-check_check_certificate_expiry_discovery]
• Prometheus::Blackbox::Check::Http[PKI_discovery]
• Systemd::Unit[cfssl-ocsprefresh-discovery.timer]
• File[/var/log/prometheus-node-textfile-prometheus-check-discovery-certificate-expiry]
• Systemd::Unit[cfssl-ocspserve@discovery]
• File[/lib/systemd/system/cfssl-ocsprefresh-discovery.timer]
• Service[cfssl-ocspserve@discovery]
• Rsyslog::Conf[prometheus-node-textfile-prometheus-check-discovery-certificate-expiry]
• File[/etc/cfssl/ssl/ocsp/OCSP_discovery_pki1001_eqiad_wmnet.pem]
• Service[prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.timer]
• File[/etc/cfssl/signers/discovery/ca/discovery-key.pem]
• File[/etc/sudoers.d/nrpe_certificate_check_discovery]
• Exec[Generate cert OCSP_discovery_pki1001_eqiad_wmnet refresh]
• Nrpe::Monitor_service[check_certificate_expiry_discovery]
• Systemd::Timer::Job[nrpe2nodexp-check_certificate_expiry_discovery]
• Systemd::Timer[cfssl-ocsprefresh-discovery]
• Cfssl::Signer[discovery]
• Exec[systemd daemon-reload for prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.timer (prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.timer)]
• Systemd::Timer::Job[cfssl-ocsprefresh-discovery]
• File[/etc/rsyslog.d/40-prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.conf]
• File[/var/log/cfssl-ocsprefresh-discovery]
• Systemd::Syslog[prometheus-node-textfile-prometheus-check-discovery-certificate-expiry]
• File[/etc/cfssl/ocsp/discovery.ocsp]
• Exec[systemd daemon-reload for cfssl-ocsprefresh-discovery.service (cfssl-ocsprefresh-discovery.service)]
• File[/lib/systemd/system/prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.timer]
• Logrotate::Conf[cfssl-ocsprefresh-discovery]
• File[/etc/cfssl/signers/discovery/ca/discovery.pem]
• Cfssl::Config[discovery]
• File[/srv/cfssl/bundles/discovery.pem]
• Exec[systemd daemon-reload for cfssl-ocspserve@discovery.service (cfssl-ocspserve@discovery)]
• Exec[systemd daemon-reload for nrpe2nodexp-check_certificate_expiry_discovery.timer (nrpe2nodexp-check_certificate_expiry_discovery.timer)]
• Systemd::Syslog[cfssl-ocsprefresh-discovery]
• Service[cfssl-ocsprefresh-discovery.timer]
• Rsyslog::Conf[nrpe2nodexp-check_certificate_expiry_discovery]
• Logrotate::Conf[prometheus-node-textfile-prometheus-check-discovery-certificate-expiry]
• Systemd::Unit[nrpe2nodexp-check_certificate_expiry_discovery.service]
• File[/etc/cfssl/ssl/ocsp/OCSP_discovery_pki1001_eqiad_wmnet.csr]
• Systemd::Service[cfssl-ocspserve@discovery]
• File[/etc/rsyslog.d/40-cfssl-ocsprefresh-discovery.conf]
• Systemd::Timer[prometheus-node-textfile-prometheus-check-discovery-certificate-expiry]
• Systemd::Unit[nrpe2nodexp-check_certificate_expiry_discovery.timer]
• Prometheus::Node_textfile[prometheus-check-discovery-certificate-expiry]
• File[/lib/systemd/system/nrpe2nodexp-check_certificate_expiry_discovery.timer]
• File[/usr/local/bin/prometheus-check-discovery-certificate-expiry]
• File[/lib/systemd/system/prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.service]
• File[/etc/logrotate.d/cfssl-ocsprefresh-discovery]
• File[/etc/rsyslog.d/25-nrpe2nodexp-check-certificate-expiry-discovery.conf]
• Systemd::Service[nrpe2nodexp-check_certificate_expiry_discovery]
• File[/etc/logrotate.d/prometheus-node-textfile-prometheus-check-discovery-certificate-expiry]
• Systemd::Service[cfssl-ocsprefresh-discovery]
• File[/var/lib/prometheus/node.d/check_check_certificate_expiry_discovery.prom]
• File[/etc/sudoers.d/nrpe-check_check_certificate_expiry_discovery]
• Systemd::Unit[prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.service]
• Systemd::Timer::Job[prometheus-node-textfile-prometheus-check-discovery-certificate-expiry]
• File[/lib/systemd/system/nrpe2nodexp-check_certificate_expiry_discovery.service]
• Exec[systemd daemon-reload for nrpe2nodexp-check_certificate_expiry_discovery.service (nrpe2nodexp-check_certificate_expiry_discovery.service)]
• Systemd::Unit[prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.timer]
• File[/lib/systemd/system/cfssl-ocspserve@discovery.service]
• Exec[systemd daemon-reload for prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.service (prometheus-node-textfile-prometheus-check-discovery-certificate-expiry.service)]
• Cfssl::Cert[OCSP_discovery_pki1001_eqiad_wmnet]
• File[/etc/cfssl/csr/OCSP_discovery_pki1001_eqiad_wmnet.csr]
• Cfssl::Ocsp[discovery]
• File[/etc/cfssl/signers/discovery/cfssl.conf]
• File[/etc/cfssl/signers/discovery/ca]
• Cfssl::Csr[/etc/cfssl/csr/OCSP_discovery_pki1001_eqiad_wmnet.csr]
• Exec[Generate initial CRL for discovery]
• File[/lib/systemd/system/cfssl-ocsprefresh-discovery.service]
• File[/etc/cfssl/signers/discovery]
• File[/etc/nagios/nrpe.d/check_check_certificate_expiry_discovery.cfg]
• Exec[renew certificate - OCSP_discovery_pki1001_eqiad_wmnet]
• Systemd::Unit[cfssl-ocsprefresh-discovery.service]
• Exec[Generate cert OCSP_discovery_pki1001_eqiad_wmnet]
• Rsyslog::Conf[cfssl-ocsprefresh-discovery]
• Monitoring::Exported_nagios_service[pki1001 check_certificate_expiry_discovery]
• Systemd::Service[prometheus-node-textfile-prometheus-check-discovery-certificate-expiry]
• Service[nrpe2nodexp-check_certificate_expiry_discovery.timer]
• Sudo::User[nrpe_certificate_check_discovery]
• Prometheus::Alert::Rule[check_check_certificate_expiry_discovery_38e4dbcfd07ed60daf5bb89397abbe29]

Resources modified

• Httpd::Conf[pki.discovery.wmnet]

• Class[Cfssl::Multirootca]

  Parameters differences:

  --- Class[Cfssl::Multirootca].orig
  +++ Class[Cfssl::Multirootca]
  
  @@
  -    signers => {'debmonitor': {'private': '/etc/cfssl/signers/debmonitor/ca/debmonitor-key.pem', 'certificate': '/etc/cfssl/signers/debmonitor/ca/debmonitor.pem', 'config': '/etc/cfssl/signers/debmonitor/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'discovery': {'private': '/etc/cfssl/signers/discovery/ca/discovery-key.pem', 'certificate': '/etc/cfssl/signers/discovery/ca/discovery.pem', 'config': '/etc/cfssl/signers/discovery/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'kafka': {'private': '/etc/cfssl/signers/kafka/ca/kafka-key.pem', 'certificate': '/etc/cfssl/signers/kafka/ca/kafka.pem', 'config': '/etc/cfssl/signers/kafka/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'cloud_wmnet_ca': {'private': '/etc/cfssl/signers/cloud_wmnet_ca/ca/cloud_wmnet_ca-key.pem', 'certificate': '/etc/cfssl/signers/cloud_wmnet_ca/ca/cloud_wmnet_ca.pem', 'config': '/etc/cfssl/signers/cloud_wmnet_ca/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'etcd': {'private': '/etc/cfssl/signers/etcd/ca/etcd-key.pem', 'certificate': '/etc/cfssl/signers/etcd/ca/etcd.pem', 'config': '/etc/cfssl/signers/etcd/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'cassandra': {'private': '/etc/cfssl/signers/cassandra/ca/cassandra-key.pem', 'certificate': '/etc/cfssl/signers/cassandra/ca/cassandra.pem', 'config': '/etc/cfssl/signers/cassandra/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'syslog': {'private': '/etc/cfssl/signers/syslog/ca/syslog-key.pem', 'certificate': '/etc/cfssl/signers/syslog/ca/syslog.pem', 'config': '/etc/cfssl/signers/syslog/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'puppet_rsa': {'private': '/etc/cfssl/signers/puppet_rsa/ca/puppet_rsa-key.pem', 'certificate': '/etc/cfssl/signers/puppet_rsa/ca/puppet_rsa.pem', 'config': '/etc/cfssl/signers/puppet_rsa/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'zuul': {'private': '/etc/cfssl/signers/zuul/ca/zuul-key.pem', 'certificate': '/etc/cfssl/signers/zuul/ca/zuul.pem', 'config': '/etc/cfssl/signers/zuul/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'discovery2026': {'private': '/etc/cfssl/signers/discovery2026/ca/discovery2026-key.pem', 'certificate': '/etc/cfssl/signers/discovery2026/ca/discovery2026.pem', 'config': '/etc/cfssl/signers/discovery2026/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'wikikube': {'private': '/etc/cfssl/signers/wikikube/ca/wikikube-key.pem', 'certificate': '/etc/cfssl/signers/wikikube/ca/wikikube.pem', 'config': '/etc/cfssl/signers/wikikube/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'wikikube_front_proxy': {'private': '/etc/cfssl/signers/wikikube_front_proxy/ca/wikikube_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/wikikube_front_proxy/ca/wikikube_front_proxy.pem', 'config': '/etc/cfssl/signers/wikikube_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'wikikube_staging': {'private': '/etc/cfssl/signers/wikikube_staging/ca/wikikube_staging-key.pem', 'certificate': '/etc/cfssl/signers/wikikube_staging/ca/wikikube_staging.pem', 'config': '/etc/cfssl/signers/wikikube_staging/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'wikikube_staging_front_proxy': {'private': '/etc/cfssl/signers/wikikube_staging_front_proxy/ca/wikikube_staging_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/wikikube_staging_front_proxy/ca/wikikube_staging_front_proxy.pem', 'config': '/etc/cfssl/signers/wikikube_staging_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'mlserve': {'private': '/etc/cfssl/signers/mlserve/ca/mlserve-key.pem', 'certificate': '/etc/cfssl/signers/mlserve/ca/mlserve.pem', 'config': '/etc/cfssl/signers/mlserve/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'mlserve_front_proxy': {'private': '/etc/cfssl/signers/mlserve_front_proxy/ca/mlserve_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/mlserve_front_proxy/ca/mlserve_front_proxy.pem', 'config': '/etc/cfssl/signers/mlserve_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'mlserve_staging': {'private': '/etc/cfssl/signers/mlserve_staging/ca/mlserve_staging-key.pem', 'certificate': '/etc/cfssl/signers/mlserve_staging/ca/mlserve_staging.pem', 'config': '/etc/cfssl/signers/mlserve_staging/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'mlserve_staging_front_proxy': {'private': '/etc/cfssl/signers/mlserve_staging_front_proxy/ca/mlserve_staging_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/mlserve_staging_front_proxy/ca/mlserve_staging_front_proxy.pem', 'config': '/etc/cfssl/signers/mlserve_staging_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'aux': {'private': '/etc/cfssl/signers/aux/ca/aux-key.pem', 'certificate': '/etc/cfssl/signers/aux/ca/aux.pem', 'config': '/etc/cfssl/signers/aux/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'aux_front_proxy': {'private': '/etc/cfssl/signers/aux_front_proxy/ca/aux_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/aux_front_proxy/ca/aux_front_proxy.pem', 'config': '/etc/cfssl/signers/aux_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'dse': {'private': '/etc/cfssl/signers/dse/ca/dse-key.pem', 'certificate': '/etc/cfssl/signers/dse/ca/dse.pem', 'config': '/etc/cfssl/signers/dse/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'dse_front_proxy': {'private': '/etc/cfssl/signers/dse_front_proxy/ca/dse_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/dse_front_proxy/ca/dse_front_proxy.pem', 'config': '/etc/cfssl/signers/dse_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'network_devices': {'private': '/etc/cfssl/signers/network_devices/ca/network_devices-key.pem', 'certificate': '/etc/cfssl/signers/network_devices/ca/network_devices.pem', 'config': '/etc/cfssl/signers/network_devices/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}}
  +    signers => {'debmonitor': {'private': '/etc/cfssl/signers/debmonitor/ca/debmonitor-key.pem', 'certificate': '/etc/cfssl/signers/debmonitor/ca/debmonitor.pem', 'config': '/etc/cfssl/signers/debmonitor/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'kafka': {'private': '/etc/cfssl/signers/kafka/ca/kafka-key.pem', 'certificate': '/etc/cfssl/signers/kafka/ca/kafka.pem', 'config': '/etc/cfssl/signers/kafka/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'cloud_wmnet_ca': {'private': '/etc/cfssl/signers/cloud_wmnet_ca/ca/cloud_wmnet_ca-key.pem', 'certificate': '/etc/cfssl/signers/cloud_wmnet_ca/ca/cloud_wmnet_ca.pem', 'config': '/etc/cfssl/signers/cloud_wmnet_ca/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'etcd': {'private': '/etc/cfssl/signers/etcd/ca/etcd-key.pem', 'certificate': '/etc/cfssl/signers/etcd/ca/etcd.pem', 'config': '/etc/cfssl/signers/etcd/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'cassandra': {'private': '/etc/cfssl/signers/cassandra/ca/cassandra-key.pem', 'certificate': '/etc/cfssl/signers/cassandra/ca/cassandra.pem', 'config': '/etc/cfssl/signers/cassandra/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'syslog': {'private': '/etc/cfssl/signers/syslog/ca/syslog-key.pem', 'certificate': '/etc/cfssl/signers/syslog/ca/syslog.pem', 'config': '/etc/cfssl/signers/syslog/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'puppet_rsa': {'private': '/etc/cfssl/signers/puppet_rsa/ca/puppet_rsa-key.pem', 'certificate': '/etc/cfssl/signers/puppet_rsa/ca/puppet_rsa.pem', 'config': '/etc/cfssl/signers/puppet_rsa/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'zuul': {'private': '/etc/cfssl/signers/zuul/ca/zuul-key.pem', 'certificate': '/etc/cfssl/signers/zuul/ca/zuul.pem', 'config': '/etc/cfssl/signers/zuul/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'discovery2026': {'private': '/etc/cfssl/signers/discovery2026/ca/discovery2026-key.pem', 'certificate': '/etc/cfssl/signers/discovery2026/ca/discovery2026.pem', 'config': '/etc/cfssl/signers/discovery2026/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'wikikube': {'private': '/etc/cfssl/signers/wikikube/ca/wikikube-key.pem', 'certificate': '/etc/cfssl/signers/wikikube/ca/wikikube.pem', 'config': '/etc/cfssl/signers/wikikube/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'wikikube_front_proxy': {'private': '/etc/cfssl/signers/wikikube_front_proxy/ca/wikikube_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/wikikube_front_proxy/ca/wikikube_front_proxy.pem', 'config': '/etc/cfssl/signers/wikikube_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'wikikube_staging': {'private': '/etc/cfssl/signers/wikikube_staging/ca/wikikube_staging-key.pem', 'certificate': '/etc/cfssl/signers/wikikube_staging/ca/wikikube_staging.pem', 'config': '/etc/cfssl/signers/wikikube_staging/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'wikikube_staging_front_proxy': {'private': '/etc/cfssl/signers/wikikube_staging_front_proxy/ca/wikikube_staging_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/wikikube_staging_front_proxy/ca/wikikube_staging_front_proxy.pem', 'config': '/etc/cfssl/signers/wikikube_staging_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'mlserve': {'private': '/etc/cfssl/signers/mlserve/ca/mlserve-key.pem', 'certificate': '/etc/cfssl/signers/mlserve/ca/mlserve.pem', 'config': '/etc/cfssl/signers/mlserve/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'mlserve_front_proxy': {'private': '/etc/cfssl/signers/mlserve_front_proxy/ca/mlserve_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/mlserve_front_proxy/ca/mlserve_front_proxy.pem', 'config': '/etc/cfssl/signers/mlserve_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'mlserve_staging': {'private': '/etc/cfssl/signers/mlserve_staging/ca/mlserve_staging-key.pem', 'certificate': '/etc/cfssl/signers/mlserve_staging/ca/mlserve_staging.pem', 'config': '/etc/cfssl/signers/mlserve_staging/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'mlserve_staging_front_proxy': {'private': '/etc/cfssl/signers/mlserve_staging_front_proxy/ca/mlserve_staging_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/mlserve_staging_front_proxy/ca/mlserve_staging_front_proxy.pem', 'config': '/etc/cfssl/signers/mlserve_staging_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'aux': {'private': '/etc/cfssl/signers/aux/ca/aux-key.pem', 'certificate': '/etc/cfssl/signers/aux/ca/aux.pem', 'config': '/etc/cfssl/signers/aux/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'aux_front_proxy': {'private': '/etc/cfssl/signers/aux_front_proxy/ca/aux_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/aux_front_proxy/ca/aux_front_proxy.pem', 'config': '/etc/cfssl/signers/aux_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'dse': {'private': '/etc/cfssl/signers/dse/ca/dse-key.pem', 'certificate': '/etc/cfssl/signers/dse/ca/dse.pem', 'config': '/etc/cfssl/signers/dse/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'dse_front_proxy': {'private': '/etc/cfssl/signers/dse_front_proxy/ca/dse_front_proxy-key.pem', 'certificate': '/etc/cfssl/signers/dse_front_proxy/ca/dse_front_proxy.pem', 'config': '/etc/cfssl/signers/dse_front_proxy/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}, 'network_devices': {'private': '/etc/cfssl/signers/network_devices/ca/network_devices-key.pem', 'certificate': '/etc/cfssl/signers/network_devices/ca/network_devices.pem', 'config': '/etc/cfssl/signers/network_devices/cfssl.conf', 'dbconfig': '/etc/cfssl/db.conf', 'nets': ['127.0.0.1/32']}}
  

• Class[Profile::Pki::Multirootca]

  Parameters differences:

  --- Class[Profile::Pki::Multirootca].orig
  +++ Class[Profile::Pki::Multirootca]
  
  @@
  -    intermediates => {'debmonitor': {'ocsp_port': 10001}, 'discovery': {'ocsp_port': 10002, 'default_usages': ['digital signature', 'key encipherment', 'server auth'], 'profiles': {'k8s_staging': {'expiry': '24h', 'auth_key': 'k8s_staging'}, 'k8s_wikikube': {'auth_key': 'k8s_wikikube'}, 'k8s_mlserve': {'auth_key': 'k8s_mlserve'}, 'k8s_mlstaging': {'expiry': '24h', 'auth_key': 'k8s_mlstaging'}, 'k8s_dse': {'auth_key': 'k8s_dse', 'usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'k8s_dse_opensearch': {'expiry': '4380h', 'auth_key': 'k8s_dse', 'usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'k8s_aux': {'auth_key': 'k8s_aux'}}}, 'kafka': {'ocsp_port': 10003, 'default_usages': ['digital signature', 'key encipherment', 'server auth', 'client auth'], 'profiles': {'kafka_11': {'expiry': '8760h'}}}, 'cloud_wmnet_ca': {'ocsp_port': 10004, 'default_usages': ['digital signature', 'key encipherment', 'server auth']}, 'etcd': {'ocsp_port': 10005, 'default_usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'cassandra': {'ocsp_port': 10006, 'default_usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'syslog': {'ocsp_port': 10007, 'default_usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'puppet_rsa': {'ocsp_port': 10008, 'default_usages': ['digital signature', 'key encipherment', 'server auth'], 'profiles': {'mtls': {'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'zuul': {'ocsp_port': 10009, 'default_usages': ['server auth', 'client auth']}, 'discovery2026': {'ocsp_port': 10010, 'default_usages': ['digital signature', 'key encipherment', 'server auth'], 'profiles': {'k8s_staging': {'expiry': '24h', 'auth_key': 'k8s_staging'}, 'k8s_wikikube': {'auth_key': 'k8s_wikikube'}, 'k8s_mlserve': {'auth_key': 'k8s_mlserve'}, 'k8s_mlstaging': {'expiry': '24h', 'auth_key': 'k8s_mlstaging'}, 'k8s_dse': {'auth_key': 'k8s_dse', 'usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'k8s_dse_opensearch': {'expiry': '4380h', 'auth_key': 'k8s_dse', 'usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'k8s_aux': {'auth_key': 'k8s_aux'}}}, 'wikikube': {'ocsp_port': 20010, 'profiles': {'service-account-management': {'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'wikikube_front_proxy': {'ocsp_port': 20011}, 'wikikube_staging': {'ocsp_port': 20020, 'default_expiry': '72h', 'profiles': {'server': {'expiry': '72h', 'usages': ['digital signature', 'key encipherment', 'server auth']}, 'service-account-management': {'expiry': '72h', 'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'wikikube_staging_front_proxy': {'ocsp_port': 20021, 'default_expiry': '72h'}, 'mlserve': {'ocsp_port': 20030, 'profiles': {'service-account-management': {'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'mlserve_front_proxy': {'ocsp_port': 20031}, 'mlserve_staging': {'ocsp_port': 20040, 'default_expiry': '72h', 'profiles': {'server': {'expiry': '72h', 'usages': ['digital signature', 'key encipherment', 'server auth']}, 'service-account-management': {'expiry': '72h', 'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'mlserve_staging_front_proxy': {'ocsp_port': 20041, 'default_expiry': '72h'}, 'aux': {'ocsp_port': 20050, 'profiles': {'service-account-management': {'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'aux_front_proxy': {'ocsp_port': 20051}, 'dse': {'ocsp_port': 20061, 'profiles': {'service-account-management': {'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'dse_front_proxy': {'ocsp_port': 20062}, 'network_devices': {'ocsp_port': 20063, 'default_expiry': '8760h', 'default_usages': ['digital signature', 'key encipherment', 'server auth']}}
  +    intermediates => {'debmonitor': {'ocsp_port': 10001}, 'kafka': {'ocsp_port': 10003, 'default_usages': ['digital signature', 'key encipherment', 'server auth', 'client auth'], 'profiles': {'kafka_11': {'expiry': '8760h'}}}, 'cloud_wmnet_ca': {'ocsp_port': 10004, 'default_usages': ['digital signature', 'key encipherment', 'server auth']}, 'etcd': {'ocsp_port': 10005, 'default_usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'cassandra': {'ocsp_port': 10006, 'default_usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'syslog': {'ocsp_port': 10007, 'default_usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'puppet_rsa': {'ocsp_port': 10008, 'default_usages': ['digital signature', 'key encipherment', 'server auth'], 'profiles': {'mtls': {'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'zuul': {'ocsp_port': 10009, 'default_usages': ['server auth', 'client auth']}, 'discovery2026': {'ocsp_port': 10010, 'default_usages': ['digital signature', 'key encipherment', 'server auth'], 'profiles': {'k8s_staging': {'expiry': '24h', 'auth_key': 'k8s_staging'}, 'k8s_wikikube': {'auth_key': 'k8s_wikikube'}, 'k8s_mlserve': {'auth_key': 'k8s_mlserve'}, 'k8s_mlstaging': {'expiry': '24h', 'auth_key': 'k8s_mlstaging'}, 'k8s_dse': {'auth_key': 'k8s_dse', 'usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'k8s_dse_opensearch': {'expiry': '4380h', 'auth_key': 'k8s_dse', 'usages': ['digital signature', 'key encipherment', 'server auth', 'client auth']}, 'k8s_aux': {'auth_key': 'k8s_aux'}}}, 'wikikube': {'ocsp_port': 20010, 'profiles': {'service-account-management': {'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'wikikube_front_proxy': {'ocsp_port': 20011}, 'wikikube_staging': {'ocsp_port': 20020, 'default_expiry': '72h', 'profiles': {'server': {'expiry': '72h', 'usages': ['digital signature', 'key encipherment', 'server auth']}, 'service-account-management': {'expiry': '72h', 'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'wikikube_staging_front_proxy': {'ocsp_port': 20021, 'default_expiry': '72h'}, 'mlserve': {'ocsp_port': 20030, 'profiles': {'service-account-management': {'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'mlserve_front_proxy': {'ocsp_port': 20031}, 'mlserve_staging': {'ocsp_port': 20040, 'default_expiry': '72h', 'profiles': {'server': {'expiry': '72h', 'usages': ['digital signature', 'key encipherment', 'server auth']}, 'service-account-management': {'expiry': '72h', 'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'mlserve_staging_front_proxy': {'ocsp_port': 20041, 'default_expiry': '72h'}, 'aux': {'ocsp_port': 20050, 'profiles': {'service-account-management': {'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'aux_front_proxy': {'ocsp_port': 20051}, 'dse': {'ocsp_port': 20061, 'profiles': {'service-account-management': {'usages': ['digital signature', 'key encipherment']}, 'prometheus': {'expiry': '8760h', 'usages': ['digital signature', 'key encipherment', 'client auth']}}}, 'dse_front_proxy': {'ocsp_port': 20062}, 'network_devices': {'ocsp_port': 20063, 'default_expiry': '8760h', 'default_usages': ['digital signature', 'key encipherment', 'server auth']}}
  

• File[/etc/apache2/sites-available/50-pki-discovery-wmnet.conf]

  Content differences:

  --- /etc/apache2/sites-available/50-pki-discovery-wmnet.conf.orig
  +++ /etc/apache2/sites-available/50-pki-discovery-wmnet.conf
  @@ -24,9 +24,6 @@
     # debmonitor
     ProxyPass /ocsp/debmonitor  http://localhost:10001/
     ProxyPassReverse /ocsp/debmonitor  http://localhost:10001/
  -  # discovery
  -  ProxyPass /ocsp/discovery  http://localhost:10002/
  -  ProxyPassReverse /ocsp/discovery  http://localhost:10002/
     # kafka
     ProxyPass /ocsp/kafka  http://localhost:10003/
     ProxyPassReverse /ocsp/kafka  http://localhost:10003/

• Httpd::Site[pki.discovery.wmnet]

• File[/etc/cfssl/multiroot.conf]

  Content differences:

  --- /etc/cfssl/multiroot.conf.orig
  +++ /etc/cfssl/multiroot.conf
  @@ -2,12 +2,6 @@
   private = file:///etc/cfssl/signers/debmonitor/ca/debmonitor-key.pem
   certificate = /etc/cfssl/signers/debmonitor/ca/debmonitor.pem
   config = /etc/cfssl/signers/debmonitor/cfssl.conf
  -dbconfig = /etc/cfssl/db.conf
  -
  -[discovery]
  -private = file:///etc/cfssl/signers/discovery/ca/discovery-key.pem
  -certificate = /etc/cfssl/signers/discovery/ca/discovery.pem
  -config = /etc/cfssl/signers/discovery/cfssl.conf
   dbconfig = /etc/cfssl/db.conf
   
   [kafka]

Relevant files

• Production catalog
• Change catalog
• Production errors/warnings
• Change errors/warnings
• Core Diff
• Full Diff