Compilation results for gitlab1004.wikimedia.org: System changes detected

Catalog differences

Summary

Resources modified

• Class[Profile::Gitlab]

  Parameters differences:

  --- Class[Profile::Gitlab].orig
  +++ Class[Profile::Gitlab]
  
  @@
  -    nginx_listen_addresses => ['208.80.154.145', '2620:0:861:2:208:80:154:145']
  +    nginx_listen_addresses => ['208.80.154.145', '2620:0:861:2:208:80:154:145', '127.0.0.1', '::1']
  

• Envoyproxy::Conf[cluster_local_port_443]

• Envoyproxy::Cluster[cluster_local_port_443]

• Class[Profile::Tlsproxy::Envoy]

  Parameters differences:

  --- Class[Profile::Tlsproxy::Envoy].orig
  +++ Class[Profile::Tlsproxy::Envoy]
  
  +    upstream_sni  => gitlab.wikimedia.org
  @@
  -    upstream_addr => gitlab1004.wikimedia.org
  +    upstream_addr => 127.0.0.1
  

• File[/etc/gitlab/gitlab.rb]

  Content differences:

  --- /etc/gitlab/gitlab.rb.orig
  +++ /etc/gitlab/gitlab.rb
  @@ -61,7 +61,7 @@
   nginx['redirect_http_to_https'] = false
   nginx['ssl_certificate'] = "/etc/acmecerts/gitlab/live/ec-prime256v1.chained.crt"
   nginx['ssl_certificate_key'] = "/etc/acmecerts/gitlab/live/ec-prime256v1.key"
  -nginx['listen_addresses'] = ["208.80.154.145", "[2620:0:861:2:208:80:154:145]"]
  +nginx['listen_addresses'] = ["208.80.154.145", "[2620:0:861:2:208:80:154:145]", "127.0.0.1", "[::1]"]
   
   # Nginx access logging in JSON - see https://phabricator.wikimedia.org/T274462
   #

• Class[Gitlab]

  Parameters differences:

  --- Class[Gitlab].orig
  +++ Class[Gitlab]
  
  @@
  -    nginx_listen_addresses => ['208.80.154.145', '2620:0:861:2:208:80:154:145']
  +    nginx_listen_addresses => ['208.80.154.145', '2620:0:861:2:208:80:154:145', '127.0.0.1', '::1']
  

• Envoyproxy::Tls_terminator[8443]

  Parameters differences:

  --- Envoyproxy::Tls_terminator[8443].orig
  +++ Envoyproxy::Tls_terminator[8443]
  
  @@
  -    upstreams => [{'server_names': ['*'], 'cert_path': None, 'key_path': None, 'upstream_port': 443, 'upstream_addr': 'gitlab1004.wikimedia.org', 'upstream_tls': True}]
  +    upstreams => [{'server_names': ['*'], 'cert_path': None, 'key_path': None, 'upstream_port': 443, 'upstream_addr': '127.0.0.1', 'upstream_tls': True, 'upstream_sni': 'gitlab.wikimedia.org'}]
  

• File[/etc/envoy/clusters.d/00-cluster_local_port_443.yaml]

  Content differences:

  --- /etc/envoy/clusters.d/00-cluster_local_port_443.yaml.orig
  +++ /etc/envoy/clusters.d/00-cluster_local_port_443.yaml
  @@ -16,12 +16,13 @@
       - endpoint:
           address:
             socket_address:
  -            address: gitlab1004.wikimedia.org
  +            address: 127.0.0.1
               port_value: 443
   transport_socket:
     name: envoy.transport_sockets.tls
     typed_config:
       "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
  +    sni: gitlab.wikimedia.org
       common_tls_context:
         validation_context:
           trusted_ca:

Relevant files

• Production catalog
• Change catalog
• Production errors/warnings
• Change errors/warnings
• Core Diff
• Standard Diff