Compilation results for cp1111.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources modified

• Class[Haproxy]

  Parameters differences:

  --- Class[Haproxy].orig
  +++ Class[Haproxy]
  
  @@
  -    config_content => # Note: This file is managed by puppet.
  global
      user haproxy
      group haproxy
      stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level admin
      log /var/lib/haproxy/dev/log local0 info
      log /var/run/haproxykafka/haproxykafka.sock len 8192 format rfc5424 local0 info
      tune.http.logurilen 2048
      # do not keep old processes longer than 1m after a reload
      hard-stop-after 1m
      set-dumpable
      nbthread 48
      # NB: mapping too many cores (>~60) will cause HAProxy to complain about
      # too long of a line and fail to start
      cpu-map 1/1- 0 48 2 50 4 52 6 54 8 56 10 58 12 60 14 62 16 64 18 66 20 68 22 70 24 72 26 74 28 76 30 78 32 80 34 82 36 84 38 86 40 88 42 90 44 92 46 94
  
      tune.lua.bool-sample-conversion pre-3.1-bug
      lua-prepend-path /etc/haproxy/lua/private/?.lua
      lua-load-per-thread /etc/haproxy/lua/private/main.lua
      lua-load-per-thread /etc/haproxy/lua/maxmind-lookup.lua
      tune.ssl.capture-buffer-size 96
      lua-load-per-thread /etc/haproxy/lua/ja3n.lua
      lua-load-per-thread /etc/haproxy/lua/ja4h.lua
      lua-load-per-thread /etc/haproxy/lua/utf8ps.lua
      lua-load-per-thread /etc/haproxy/lua/contact_info.lua
      lua-load-per-thread /etc/haproxy/lua/cidergrinder_mmdb.lua /usr/share/CIDERGRINDER/anonymous-residential.cider.mmdb
      lua-load-per-thread /etc/haproxy/lua/cidergrinder_bloom.lua /usr/share/CIDERGRINDER/anonymous-residential.cider.bloom
  
      ssl-default-bind-options ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
      ssl-default-bind-ciphers -ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256
      ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
      ssl-dh-param-file /etc/ssl/dhparam.pem
      
      tune.ssl.cachesize 512000
      tune.ssl.lifetime 86400
      maxconn 200000
  
  
      tune.h2.header-table-size 4096
      tune.h2.max-concurrent-streams 100
  
  
  defaults
      mode       http
      log-format "%rt %Tr %Tw %Tc %ST {%[capture.req.hdr(0)]} {%[capture.res.hdr(0)]} %ts"
      log-format-sd %{+E}o\ [haproxykafka@0\ server_pid=\"%pid\"\ ip=\"%ci\"\ sequence=\"%rt\"\ dt=\"%tr\"\ time_backend_response=\"%Tr\"\ http_status=\"%ST\"\ response_size=\"%B\"\ termination_state=\"%ts\"\ uri_host=\"%[capture.req.hdr(0),lua.utf8ps]\"\ referer=\"%[capture.req.hdr(1),lua.utf8ps]\"\ user_agent=\"%[capture.req.hdr(2),lua.utf8ps]\"\ accept_language=\"%[capture.req.hdr(3),lua.utf8ps]\"\ range=\"%[capture.req.hdr(4),lua.utf8ps]\"\ accept=\"%[capture.req.hdr(5),lua.utf8ps]\"\ tls=\"%[var(txn.tls)]\"\ cache_status=\"%[var(txn.x_cache_status)]\"\ content_type=\"%[var(txn.content_type)]\"\ x_analytics=\"%[var(txn.x_analytics)]\"\ x_cache=\"%[var(txn.x_cache)]\"\ backend=\"%[var(txn.server)]\"\ http_method=\"%HM\"\ uri_path=\"%HPO\"\ uri_query=\"%HQ\"]
  
      option     dontlognull
      option     accept-unsafe-violations-in-http-request
      option     accept-unsafe-violations-in-http-response
      option     http-ignore-probes
      retries    1
      timeout    connect 50000
      timeout    client 500000
      timeout    server 500000
  
  +    config_content => # Note: This file is managed by puppet.
  global
      user haproxy
      group haproxy
      stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level admin
      log /var/lib/haproxy/dev/log local0 info
      log /var/run/haproxykafka/haproxykafka.sock len 8192 format rfc5424 local0 info
      tune.http.logurilen 2048
      # do not keep old processes longer than 1m after a reload
      hard-stop-after 1m
      set-dumpable
      nbthread 48
      # NB: mapping too many cores (>~60) will cause HAProxy to complain about
      # too long of a line and fail to start
      cpu-map 1/1- 0 48 2 50 4 52 6 54 8 56 10 58 12 60 14 62 16 64 18 66 20 68 22 70 24 72 26 74 28 76 30 78 32 80 34 82 36 84 38 86 40 88 42 90 44 92 46 94
  
      tune.lua.bool-sample-conversion pre-3.1-bug
      lua-prepend-path /etc/haproxy/lua/private/?.lua
      lua-load-per-thread /etc/haproxy/lua/private/main.lua
      lua-load-per-thread /etc/haproxy/lua/maxmind-lookup.lua
      tune.ssl.capture-buffer-size 96
      lua-load-per-thread /etc/haproxy/lua/ja3n.lua
      lua-load-per-thread /etc/haproxy/lua/ja4h.lua
      lua-load-per-thread /etc/haproxy/lua/utf8ps.lua
      lua-load-per-thread /etc/haproxy/lua/contact_info.lua
      lua-load-per-thread /etc/haproxy/lua/cidergrinder_mmdb.lua /usr/share/CIDERGRINDER/anonymous-residential.cider.mmdb
      lua-load-per-thread /etc/haproxy/lua/cidergrinder_bloom.lua /usr/share/CIDERGRINDER/anonymous-residential.cider.bloom
  
      ssl-default-bind-options ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
      ssl-default-bind-ciphers -ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256
      ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
      ssl-dh-param-file /etc/ssl/dhparam.pem
      tune.ssl.cachesize 512000
      tune.ssl.lifetime 86400
      maxconn 200000
  
  
      tune.h2.header-table-size 4096
      tune.h2.max-concurrent-streams 100
  
  
  defaults
      mode       http
      log-format "%rt %Tr %Tw %Tc %ST {%[capture.req.hdr(0)]} {%[capture.res.hdr(0)]} %ts"
      log-format-sd %{+E}o\ [haproxykafka@0\ server_pid=\"%pid\"\ ip=\"%ci\"\ sequence=\"%rt\"\ dt=\"%tr\"\ time_backend_response=\"%Tr\"\ http_status=\"%ST\"\ response_size=\"%B\"\ termination_state=\"%ts\"\ uri_host=\"%[capture.req.hdr(0),lua.utf8ps]\"\ referer=\"%[capture.req.hdr(1),lua.utf8ps]\"\ user_agent=\"%[capture.req.hdr(2),lua.utf8ps]\"\ accept_language=\"%[capture.req.hdr(3),lua.utf8ps]\"\ range=\"%[capture.req.hdr(4),lua.utf8ps]\"\ accept=\"%[capture.req.hdr(5),lua.utf8ps]\"\ tls=\"%[var(txn.tls)]\"\ cache_status=\"%[var(txn.x_cache_status)]\"\ content_type=\"%[var(txn.content_type)]\"\ x_analytics=\"%[var(txn.x_analytics)]\"\ x_cache=\"%[var(txn.x_cache)]\"\ backend=\"%[var(txn.server)]\"\ http_method=\"%HM\"\ uri_path=\"%HPO\"\ uri_query=\"%HQ\"]
  
      option     dontlognull
      option     accept-unsafe-violations-in-http-request
      option     accept-unsafe-violations-in-http-response
      option     http-ignore-probes
      retries    1
      timeout    connect 50000
      timeout    client 500000
      timeout    server 500000
  
  

• File[/etc/haproxy/haproxy.cfg]

  Content differences:

  --- /etc/haproxy/haproxy.cfg.orig
  +++ /etc/haproxy/haproxy.cfg
  @@ -30,7 +30,6 @@
       ssl-default-bind-ciphers -ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256
       ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
       ssl-dh-param-file /etc/ssl/dhparam.pem
  -    
       tune.ssl.cachesize 512000
       tune.ssl.lifetime 86400
       maxconn 200000

Relevant files

• Production catalog
• Change catalog
• Production errors/warnings
• Change errors/warnings
• Core Diff
• Full Diff