Compilation results for logging-hd1001.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3059
Resources added:	14
Resources removed:	0
Resources modified:	17
Change percentage:	1.01%

Resources only in the new catalog

Exec[renew certificate - INVALID__logging-hd1001_eqiad_wmnet]
File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chained.pem]
File[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr]
Cfssl::Cert[INVALID__logging-hd1001_eqiad_wmnet]
Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet refresh]
File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.csr]
Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet]
Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem]
File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem]
File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem]
File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet-key.pem]
Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet refresh on intermediate ca change]
File[/etc/opensearch/production-elk7-eqiad/ssl]
Cfssl::Csr[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr]

Resources modified

File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.csr]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.csr].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.csr]

+    group  => opensearch
+    mode   => 0440
+    ensure => file
+    owner  => opensearch

Opensearch::Instance[production-elk7-eqiad]

Parameters differences:

--- Opensearch::Instance[production-elk7-eqiad].orig
+++ Opensearch::Instance[production-elk7-eqiad]

+    security_plugin_certificates => {'cert': '/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem', 'key': '/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet-key.pem', 'chain': '/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem', 'chained': '/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chained.pem'}

Exec[renew certificate - INVALID__logging-hd1001_eqiad_wmnet]

Parameters differences:

--- Exec[renew certificate - INVALID__logging-hd1001_eqiad_wmnet].orig
+++ Exec[renew certificate - INVALID__logging-hd1001_eqiad_wmnet]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/openssl x509 -in /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem -checkend 952200
+    require     => Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet]
+    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-hd1001.eqiad.wmnet.pem -label INVALID  /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet

Class[Opensearch]

Parameters differences:

--- Class[Opensearch].orig
+++ Class[Opensearch]

@@
-    instances => {'default': {'http_port': 9200, 'transport_tcp_port': 9300, 'awareness_attributes': '', 'auto_create_index': True, 'short_cluster_name': 'elk7', 'expected_nodes': 10, 'heap_memory': '64G', 'recover_after_nodes': 2, 'recover_after_time': '1m', 'send_logs_to_logstash': False, 'curator_uses_unicast_hosts': False, 'filter_cache_size': '10%', 'disktype': 'hdd', 'disable_security_plugin': True, 'recovery_max_bytes_per_sec': '800mb', 'watermarks': {'low': '1500gb', 'high': '500gb', 'flood_stage': '100gb'}, 'cluster_name': 'production-elk7-eqiad', 'unicast_hosts': ['logging-hd1001.eqiad.wmnet', 'logging-hd1002.eqiad.wmnet', 'logging-hd1003.eqiad.wmnet', 'logging-hd1004.eqiad.wmnet', 'logging-hd1005.eqiad.wmnet', 'logging-sd1001.eqiad.wmnet', 'logging-sd1002.eqiad.wmnet', 'logging-sd1003.eqiad.wmnet', 'logging-sd1004.eqiad.wmnet', 'logging-sd1005.eqiad.wmnet', 'logging-sd1006.eqiad.wmnet', 'logging-sd1007.eqiad.wmnet', 'logstash1033.eqiad.wmnet', 'logstash1034.eqiad.wmnet', 'logstash1035.eqiad.wmnet', 'logstash1036.eqiad.wmnet', 'logstash1037.eqiad.wmnet'], 'cluster_hosts': ['logging-hd1001.eqiad.wmnet', 'logging-hd1002.eqiad.wmnet', 'logging-hd1003.eqiad.wmnet', 'logging-hd1004.eqiad.wmnet', 'logging-hd1005.eqiad.wmnet', 'logging-sd1001.eqiad.wmnet', 'logging-sd1002.eqiad.wmnet', 'logging-sd1003.eqiad.wmnet', 'logging-sd1004.eqiad.wmnet', 'logging-sd1005.eqiad.wmnet', 'logging-sd1006.eqiad.wmnet', 'logging-sd1007.eqiad.wmnet', 'logstash1023.eqiad.wmnet', 'logstash1024.eqiad.wmnet', 'logstash1025.eqiad.wmnet', 'logstash1030.eqiad.wmnet', 'logstash1031.eqiad.wmnet', 'logstash1032.eqiad.wmnet', 'logstash1033.eqiad.wmnet', 'logstash1034.eqiad.wmnet', 'logstash1035.eqiad.wmnet', 'logstash1036.eqiad.wmnet', 'logstash1037.eqiad.wmnet']}}
+    instances => {'default': {'security_plugin_certificates': {'cert': '/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem', 'key': '/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet-key.pem', 'chain': '/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem', 'chained': '/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chained.pem'}, 'http_port': 9200, 'transport_tcp_port': 9300, 'awareness_attributes': '', 'auto_create_index': True, 'short_cluster_name': 'elk7', 'expected_nodes': 10, 'heap_memory': '64G', 'recover_after_nodes': 2, 'recover_after_time': '1m', 'send_logs_to_logstash': False, 'curator_uses_unicast_hosts': False, 'filter_cache_size': '10%', 'disktype': 'hdd', 'disable_security_plugin': True, 'recovery_max_bytes_per_sec': '800mb', 'watermarks': {'low': '1500gb', 'high': '500gb', 'flood_stage': '100gb'}, 'cluster_name': 'production-elk7-eqiad', 'unicast_hosts': ['logging-hd1001.eqiad.wmnet', 'logging-hd1002.eqiad.wmnet', 'logging-hd1003.eqiad.wmnet', 'logging-hd1004.eqiad.wmnet', 'logging-hd1005.eqiad.wmnet', 'logging-sd1001.eqiad.wmnet', 'logging-sd1002.eqiad.wmnet', 'logging-sd1003.eqiad.wmnet', 'logging-sd1004.eqiad.wmnet', 'logging-sd1005.eqiad.wmnet', 'logging-sd1006.eqiad.wmnet', 'logging-sd1007.eqiad.wmnet', 'logstash1033.eqiad.wmnet', 'logstash1034.eqiad.wmnet', 'logstash1035.eqiad.wmnet', 'logstash1036.eqiad.wmnet', 'logstash1037.eqiad.wmnet'], 'cluster_hosts': ['logging-hd1001.eqiad.wmnet', 'logging-hd1002.eqiad.wmnet', 'logging-hd1003.eqiad.wmnet', 'logging-hd1004.eqiad.wmnet', 'logging-hd1005.eqiad.wmnet', 'logging-sd1001.eqiad.wmnet', 'logging-sd1002.eqiad.wmnet', 'logging-sd1003.eqiad.wmnet', 'logging-sd1004.eqiad.wmnet', 'logging-sd1005.eqiad.wmnet', 'logging-sd1006.eqiad.wmnet', 'logging-sd1007.eqiad.wmnet', 'logstash1023.eqiad.wmnet', 'logstash1024.eqiad.wmnet', 'logstash1025.eqiad.wmnet', 'logstash1030.eqiad.wmnet', 'logstash1031.eqiad.wmnet', 'logstash1032.eqiad.wmnet', 'logstash1033.eqiad.wmnet', 'logstash1034.eqiad.wmnet', 'logstash1035.eqiad.wmnet', 'logstash1036.eqiad.wmnet', 'logstash1037.eqiad.wmnet']}}

File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chained.pem]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chained.pem].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chained.pem]

+    group   => opensearch
+    require => Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem]
+    ensure  => file
+    owner   => opensearch

Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet refresh on intermediate ca change].orig
+++ Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet refresh on intermediate ca change]

+    subscribe   => File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-hd1001.eqiad.wmnet.pem -label INVALID  /etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet

+    refreshonly => True
+    environment => ['GODEBUG=x509ignoreCN=0']
+    require     => Cfssl::Csr[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr]

File[/etc/opensearch/production-elk7-eqiad/ssl]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl]

+    group   => opensearch
+    ensure  => directory
+    mode    => 0740
+    recurse => True
+    owner   => opensearch

Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet refresh]

Parameters differences:

--- Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet refresh].orig
+++ Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet refresh]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    subscribe   => File[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-hd1001.eqiad.wmnet.pem -label INVALID  /etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet

+    refreshonly => True

Class[Profile::Opensearch::Server]

Parameters differences:

--- Class[Profile::Opensearch::Server].orig
+++ Class[Profile::Opensearch::Server]

+    pki_intermediate_name => INVALID

File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem]

+    group  => opensearch
+    mode   => 0440
+    ensure => file
+    owner  => opensearch

Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem].orig
+++ Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem]

+    unless    => /usr/bin/test "$(/bin/cat /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem | sha512sum)" == "$(/bin/cat /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chained.pem | sha512sum)"

+    require   => Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet refresh on intermediate ca change]
+    command   => /bin/cat /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem > /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chained.pem
+    subscribe => ['Exec[renew certificate - INVALID__logging-hd1001_eqiad_wmnet]', 'File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem]', 'File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem]']

File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.chain.pem]

+    source => puppet:///modules/profile/pki/intermediates/INVALID-cert.pem
+    group  => opensearch
+    ensure => file
+    mode   => 0440
+    owner  => opensearch

Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet]

Parameters differences:

--- Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet].orig
+++ Exec[Generate cert INVALID__logging-hd1001_eqiad_wmnet]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet-key.pem 2>&1)"

+    require     => Cfssl::Csr[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-hd1001.eqiad.wmnet.pem -label INVALID  /etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet

File[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr]

Parameters differences:

--- File[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr].orig
+++ File[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr]

+    group  => root
+    mode   => 0400
+    ensure => file
+    owner  => root

Content differences:

--- /etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr.orig
+++ /etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr
@@ -0,0 +1,13 @@
+{
+  "CN": "logging-hd1001.eqiad.wmnet",
+  "hosts": [
+    "logging-hd1001.eqiad.wmnet"
+  ],
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  },
+  "names": [
+
+  ]
+}

Cfssl::Csr[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/INVALID__logging-hd1001_eqiad_wmnet.csr]

+    ensure      => present
+    hosts       => []
+    names       => []
+    common_name => logging-hd1001.eqiad.wmnet
+    key         => {'algo': 'ecdsa', 'size': 256}

File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet-key.pem]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet-key.pem].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/INVALID__logging-hd1001_eqiad_wmnet-key.pem]

+    backup    => False
+    group     => opensearch
+    ensure    => file
+    mode      => 0440
+    show_diff => False
+    owner     => opensearch

Cfssl::Cert[INVALID__logging-hd1001_eqiad_wmnet]

Parameters differences:

--- Cfssl::Cert[INVALID__logging-hd1001_eqiad_wmnet].orig
+++ Cfssl::Cert[INVALID__logging-hd1001_eqiad_wmnet]

+    common_name     => logging-hd1001.eqiad.wmnet
+    environment     => ['GODEBUG=x509ignoreCN=0']
+    renew_seconds   => 952200
+    group           => opensearch
+    ensure          => present
+    before_services => []
+    names           => []
+    key             => {'algo': 'ecdsa', 'size': 256}
+    hosts           => []
+    provide_chain   => True
+    mode            => 0740
+    label           => INVALID
+    owner           => opensearch
+    outdir          => /etc/opensearch/production-elk7-eqiad/ssl
+    notify_services => []
+    auto_renew      => True

Compilation results for logging-hd1001.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files