Compilation results for deploy1003.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	17149
Resources added:	9
Resources removed:	0
Resources modified:	15
Change percentage:	0.14%

Resources only in the new catalog

Envoyproxy::Conf[opensearch-semantic-search]
File[/etc/envoy/clusters.d/50-k8s_ingress_dse_aa_cluster.yaml]
File[/etc/envoy/listeners.d/50-opensearch_ipoid.yaml]
Envoyproxy::Conf[opensearch-ipoid]
File[/etc/envoy/listeners.d/50-opensearch_semantic_search.yaml]
Envoyproxy::Cluster[k8s-ingress-dse-aa_cluster]
Envoyproxy::Conf[k8s-ingress-dse-aa_cluster]
Envoyproxy::Listener[opensearch-semantic-search]
Envoyproxy::Listener[opensearch-ipoid]

Resources modified

Envoyproxy::Listener[opensearch-semantic-search]

Parameters differences:

--- Envoyproxy::Listener[opensearch-semantic-search].orig
+++ Envoyproxy::Listener[opensearch-semantic-search]

+    priority => 50

Class[Profile::Kubernetes::Deployment_server::Sophroid_config]

Parameters differences:

--- Class[Profile::Kubernetes::Deployment_server::Sophroid_config].orig
+++ Class[Profile::Kubernetes::Deployment_server::Sophroid_config]

@@
-    enabled_listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics']
+    enabled_listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics', 'opensearch-semantic-search', 'opensearch-ipoid']

Envoyproxy::Cluster[k8s-ingress-dse-aa_cluster]

Parameters differences:

--- Envoyproxy::Cluster[k8s-ingress-dse-aa_cluster].orig
+++ Envoyproxy::Cluster[k8s-ingress-dse-aa_cluster]

+    priority => 50

Class[Profile::Kubernetes::Deployment_server::Mediawiki::Config]

Parameters differences:

--- Class[Profile::Kubernetes::Deployment_server::Mediawiki::Config].orig
+++ Class[Profile::Kubernetes::Deployment_server::Mediawiki::Config]

@@
-    enabled_listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics']
+    enabled_listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics', 'opensearch-semantic-search', 'opensearch-ipoid']

Envoyproxy::Conf[k8s-ingress-dse-aa_cluster]

Parameters differences:

--- Envoyproxy::Conf[k8s-ingress-dse-aa_cluster].orig
+++ Envoyproxy::Conf[k8s-ingress-dse-aa_cluster]

+    priority  => 50
+    conf_type => cluster

File[/etc/envoy/listeners.d/50-opensearch_ipoid.yaml]

Parameters differences:

--- File[/etc/envoy/listeners.d/50-opensearch_ipoid.yaml].orig
+++ File[/etc/envoy/listeners.d/50-opensearch_ipoid.yaml]

+    group  => root
+    notify => Exec[verify-envoy-config]
+    mode   => 0444
+    ensure => present
+    owner  => root

Content differences:

--- /etc/envoy/listeners.d/50-opensearch_ipoid.yaml.orig
+++ /etc/envoy/listeners.d/50-opensearch_ipoid.yaml
@@ -0,0 +1,92 @@
+- address:
+    socket_address: {protocol: TCP, address: "::", port_value: 6045}
+  filter_chains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typed_config:
+        "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        access_log:
+        - filter:
+            status_code_filter:
+              comparison:
+                op: "GE"
+                value:
+                  default_value: 500
+                  runtime_key: opensearch-ipoid_min_log_code
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+            path: "/var/log/envoy/opensearch-ipoid.log"
+        stat_prefix: opensearch-ipoid_egress
+        http_filters:
+        - name: envoy.filters.http.router
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        route_config:
+          name: opensearch-ipoid_route
+          virtual_hosts:
+          - name: opensearch-ipoid
+            domains: ["*"]
+            routes:
+            - match:
+                prefix: "/"
+              route:
+                auto_host_rewrite: true
+                cluster: k8s-ingress-dse-aa
+                timeout: 50s
+                retry_policy:
+                  retry_on: "gateway-error"
+        internal_address_config:
+          unix_sockets: true
+          cidr_ranges:
+          - address_prefix: 10.0.0.0
+            prefix_len: 8
+          - address_prefix: 127.0.0.1
+            prefix_len: 32
+          - address_prefix: ::1
+            prefix_len: 128
+- address:
+    socket_address: {protocol: TCP, address: 0.0.0.0, port_value: 6045}
+  filter_chains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typed_config:
+        "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        access_log:
+        - filter:
+            status_code_filter:
+              comparison:
+                op: "GE"
+                value:
+                  default_value: 500
+                  runtime_key: opensearch-ipoid_min_log_code
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+            path: "/var/log/envoy/opensearch-ipoid.log"
+        stat_prefix: opensearch-ipoid_egress
+        http_filters:
+        - name: envoy.filters.http.router
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        route_config:
+          name: opensearch-ipoid_route
+          virtual_hosts:
+          - name: opensearch-ipoid
+            domains: ["*"]
+            routes:
+            - match:
+                prefix: "/"
+              route:
+                auto_host_rewrite: true
+                cluster: k8s-ingress-dse-aa
+                timeout: 50s
+                retry_policy:
+                  retry_on: "gateway-error"
+        internal_address_config:
+          unix_sockets: true
+          cidr_ranges:
+          - address_prefix: 10.0.0.0
+            prefix_len: 8
+          - address_prefix: 127.0.0.1
+            prefix_len: 32
+          - address_prefix: ::1
+            prefix_len: 128

File[/etc/envoy/clusters.d/50-k8s_ingress_dse_aa_cluster.yaml]

Parameters differences:

--- File[/etc/envoy/clusters.d/50-k8s_ingress_dse_aa_cluster.yaml].orig
+++ File[/etc/envoy/clusters.d/50-k8s_ingress_dse_aa_cluster.yaml]

+    group  => root
+    notify => Exec[verify-envoy-config]
+    mode   => 0444
+    ensure => present
+    owner  => root

Content differences:

--- /etc/envoy/clusters.d/50-k8s_ingress_dse_aa_cluster.yaml.orig
+++ /etc/envoy/clusters.d/50-k8s_ingress_dse_aa_cluster.yaml
@@ -0,0 +1,38 @@
+name: k8s-ingress-dse-aa
+connect_timeout: 0.25s
+typed_extension_protocol_options:
+  envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+    "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+    common_http_protocol_options:
+      idle_timeout: 50s
+      # Given we go through a load-balancer, we want to keep the number of requests that go through a single connection pool small
+      max_requests_per_connection: 1000
+    use_downstream_protocol_config: {}
+type: STRICT_DNS
+dns_lookup_family: V4_ONLY
+lb_policy: ROUND_ROBIN
+load_assignment:
+  cluster_name: cluster_k8s-ingress-dse-aa
+  endpoints:
+  - lb_endpoints:
+    - endpoint:
+        address:
+          socket_address:
+            address: k8s-ingress-dse-aa.discovery.wmnet
+            port_value: 30443
+# Let's not enable circuit-breaking for now. It would look something like
+#circuit_breakers:
+#  thresholds:
+#    - max_pending_requests: 30
+transport_socket:
+  name: envoy.transport_sockets.tls
+  typed_config:
+    "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+    sni: k8s-ingress-dse-aa.discovery.wmnet
+    common_tls_context:
+       tls_params:
+         cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+       validation_context:
+         trusted_ca:
+           filename: /etc/ssl/certs/ca-certificates.crt
+

File[/etc/helmfile-defaults/sophroid/listeners.yaml]

Content differences:

--- /etc/helmfile-defaults/sophroid/listeners.yaml.orig
+++ /etc/helmfile-defaults/sophroid/listeners.yaml
@@ -603,4 +603,6 @@
 - data-gateway
 - analytics-web
 - page-analytics
+- opensearch-semantic-search
+- opensearch-ipoid
 profile::services_proxy::envoy::local_otel_reporting_pct: 0.0

File[/etc/helmfile-defaults/mediawiki/tlsproxy.yaml]

Content differences:

--- /etc/helmfile-defaults/mediawiki/tlsproxy.yaml.orig
+++ /etc/helmfile-defaults/mediawiki/tlsproxy.yaml
@@ -45,6 +45,8 @@
   - data-gateway
   - analytics-web
   - page-analytics
+  - opensearch-semantic-search
+  - opensearch-ipoid
 mesh:
   error_page: |
     <!DOCTYPE html>

File[/etc/envoy/listeners.d/50-opensearch_semantic_search.yaml]

Parameters differences:

--- File[/etc/envoy/listeners.d/50-opensearch_semantic_search.yaml].orig
+++ File[/etc/envoy/listeners.d/50-opensearch_semantic_search.yaml]

+    group  => root
+    notify => Exec[verify-envoy-config]
+    mode   => 0444
+    ensure => present
+    owner  => root

Content differences:

--- /etc/envoy/listeners.d/50-opensearch_semantic_search.yaml.orig
+++ /etc/envoy/listeners.d/50-opensearch_semantic_search.yaml
@@ -0,0 +1,92 @@
+- address:
+    socket_address: {protocol: TCP, address: "::", port_value: 6044}
+  filter_chains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typed_config:
+        "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        access_log:
+        - filter:
+            status_code_filter:
+              comparison:
+                op: "GE"
+                value:
+                  default_value: 500
+                  runtime_key: opensearch-semantic-search_min_log_code
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+            path: "/var/log/envoy/opensearch-semantic-search.log"
+        stat_prefix: opensearch-semantic-search_egress
+        http_filters:
+        - name: envoy.filters.http.router
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        route_config:
+          name: opensearch-semantic-search_route
+          virtual_hosts:
+          - name: opensearch-semantic-search
+            domains: ["*"]
+            routes:
+            - match:
+                prefix: "/"
+              route:
+                auto_host_rewrite: true
+                cluster: k8s-ingress-dse-aa
+                timeout: 50s
+                retry_policy:
+                  retry_on: "gateway-error"
+        internal_address_config:
+          unix_sockets: true
+          cidr_ranges:
+          - address_prefix: 10.0.0.0
+            prefix_len: 8
+          - address_prefix: 127.0.0.1
+            prefix_len: 32
+          - address_prefix: ::1
+            prefix_len: 128
+- address:
+    socket_address: {protocol: TCP, address: 0.0.0.0, port_value: 6044}
+  filter_chains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typed_config:
+        "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        access_log:
+        - filter:
+            status_code_filter:
+              comparison:
+                op: "GE"
+                value:
+                  default_value: 500
+                  runtime_key: opensearch-semantic-search_min_log_code
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+            path: "/var/log/envoy/opensearch-semantic-search.log"
+        stat_prefix: opensearch-semantic-search_egress
+        http_filters:
+        - name: envoy.filters.http.router
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        route_config:
+          name: opensearch-semantic-search_route
+          virtual_hosts:
+          - name: opensearch-semantic-search
+            domains: ["*"]
+            routes:
+            - match:
+                prefix: "/"
+              route:
+                auto_host_rewrite: true
+                cluster: k8s-ingress-dse-aa
+                timeout: 50s
+                retry_policy:
+                  retry_on: "gateway-error"
+        internal_address_config:
+          unix_sockets: true
+          cidr_ranges:
+          - address_prefix: 10.0.0.0
+            prefix_len: 8
+          - address_prefix: 127.0.0.1
+            prefix_len: 32
+          - address_prefix: ::1
+            prefix_len: 128

Envoyproxy::Conf[opensearch-semantic-search]

Parameters differences:

--- Envoyproxy::Conf[opensearch-semantic-search].orig
+++ Envoyproxy::Conf[opensearch-semantic-search]

+    priority  => 50
+    conf_type => listener

Class[Profile::Services_proxy::Envoy]

Parameters differences:

--- Class[Profile::Services_proxy::Envoy].orig
+++ Class[Profile::Services_proxy::Envoy]

@@
-    enabled_listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics']
+    enabled_listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics', 'opensearch-semantic-search', 'opensearch-ipoid']

Envoyproxy::Conf[opensearch-ipoid]

Parameters differences:

--- Envoyproxy::Conf[opensearch-ipoid].orig
+++ Envoyproxy::Conf[opensearch-ipoid]

+    priority  => 50
+    conf_type => listener

Envoyproxy::Listener[opensearch-ipoid]

Parameters differences:

--- Envoyproxy::Listener[opensearch-ipoid].orig
+++ Envoyproxy::Listener[opensearch-ipoid]

+    priority => 50

Class[Mediawiki::Tlsproxy::Yaml_defs]

Parameters differences:

--- Class[Mediawiki::Tlsproxy::Yaml_defs].orig
+++ Class[Mediawiki::Tlsproxy::Yaml_defs]

@@
-    listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics']
+    listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics', 'opensearch-semantic-search', 'opensearch-ipoid']

Compilation results for deploy1003.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files