Compilation results for cp2043.codfw.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	4080
Resources added:	26
Resources removed:	26
Resources modified:	56
Change percentage:	2.65%

Resources only in the new catalog

Exec[Generate cert kafka__haproxykafka refresh on intermediate ca change]
Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem]
File[/etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem]
Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka.csr]
Cfssl::Cert[kafka__haproxykafka]
File[/etc/haproxykafka/ssl/kafka__haproxykafka-key.pem]
File[/etc/haproxykafka/ssl/kafka__haproxykafka.pem]
File[/etc/varnishkafka/ssl/kafka__varnishkafka.chained.pem]
File[/etc/varnishkafka/ssl/kafka__varnishkafka.pem]
Exec[renew certificate - kafka__haproxykafka]
File[/etc/varnishkafka/ssl/kafka__varnishkafka.csr]
File[/etc/haproxykafka/ssl/kafka__haproxykafka.csr]
File[/etc/varnishkafka/ssl/kafka__varnishkafka-key.pem]
File[/etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem]
Exec[renew certificate - kafka__varnishkafka]
Exec[Generate cert kafka__haproxykafka]
File[/etc/haproxykafka/ssl/kafka__haproxykafka.chained.pem]
File[/etc/cfssl/csr/kafka__varnishkafka.csr]
Exec[Generate cert kafka__varnishkafka refresh on intermediate ca change]
Cfssl::Cert[kafka__varnishkafka]
Exec[Generate cert kafka__varnishkafka refresh]
File[/etc/cfssl/csr/kafka__haproxykafka.csr]
Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem]
Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka.csr]
Exec[Generate cert kafka__haproxykafka refresh]
Exec[Generate cert kafka__varnishkafka]

Resources only in the old catalog

Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem]
Exec[Generate cert kafka__haproxykafka_kafka_11 refresh on intermediate ca change]
Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr]
File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.pem]
Cfssl::Cert[kafka__varnishkafka_kafka_11]
Exec[Generate cert kafka__varnishkafka_kafka_11 refresh on intermediate ca change]
File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chained.pem]
File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem]
File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.csr]
Exec[Generate cert kafka__varnishkafka_kafka_11]
Cfssl::Cert[kafka__haproxykafka_kafka_11]
Exec[renew certificate - kafka__varnishkafka_kafka_11]
File[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr]
Exec[Generate cert kafka__varnishkafka_kafka_11 refresh]
File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11-key.pem]
Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem]
Exec[renew certificate - kafka__haproxykafka_kafka_11]
Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr]
Exec[Generate cert kafka__haproxykafka_kafka_11 refresh]
File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.csr]
File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.pem]
File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11-key.pem]
File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem]
File[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr]
Exec[Generate cert kafka__haproxykafka_kafka_11]
File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chained.pem]

Resources modified

Class[Haproxykafka]

Parameters differences:

--- Class[Haproxykafka].orig
+++ Class[Haproxykafka]

@@
-    config => {'workers': 2, 'message_buffer': 100.0, 'sdid': 'haproxykafka@0', 'hostname': 'cp2043.codfw.wmnet', 'socket': {'path': '/var/run/haproxykafka/haproxykafka.sock', 'mode': '0622', 'user': 'haproxykafka', 'group': 'haproxykafka', 'batch_size': 25000, 'batch_deadline': '500ms'}, 'logparser': {'batch_size': 102400, 'batch_deadline': '1000ms'}, 'kafka': {'topic': 'webrequest_frontend_text', 'dlq_topic': 'webrequest_errors', 'flush_timeout': 1000, 'batch_size': 102400, 'batch_deadline': '1000ms', 'rdkafka': {'acks': 'all', 'client.id': 'cp2043', 'security.protocol': 'SSL', 'ssl.ca.location': '/etc/ssl/certs/wmf-ca-certificates.crt', 'ssl.cipher.suites': 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ssl.curves.list': 'P-256', 'ssl.sigalgs.list': 'ECDSA+SHA256', 'queue.buffering.max.messages': 720000, 'queue.buffering.max.ms': 1000, 'batch.num.messages': 9000, 'compression.codec': 'snappy', 'topic.request.required.acks': 1, 'bootstrap.servers': 'kafka-jumbo1010.eqiad.wmnet:9093,kafka-jumbo1011.eqiad.wmnet:9093,kafka-jumbo1012.eqiad.wmnet:9093,kafka-jumbo1013.eqiad.wmnet:9093,kafka-jumbo1014.eqiad.wmnet:9093,kafka-jumbo1015.eqiad.wmnet:9093,kafka-jumbo1016.eqiad.wmnet:9093,kafka-jumbo1017.eqiad.wmnet:9093,kafka-jumbo1018.eqiad.wmnet:9093', 'ssl.key.location': '/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11-key.pem', 'ssl.certificate.location': '/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chained.pem'}}, 'monitoring': {'enable_pprof': True, 'enable_prometheus': True, 'server_bind': ':9341', 'prometheus_prefix': 'haproxykafka_', 'prometheus_parsing_buckets': [5e-06, 1e-05, 5e-05, 0.0001, 0.0005, 0.001, 0.005], 'prometheus_processing_buckets': [1e-06, 5e-06, 1e-05, 2e-05, 3e-05, 5e-05, 0.0001, 0.0005, 0.001]}, 'transform_rules': {'haproxy_format': '02/Jan/2006:15:04:05.000', 'date_format': '2006-01-02T15:04:05Z', 'date_tz': 'UTC'}}
+    config => {'workers': 2, 'message_buffer': 100.0, 'sdid': 'haproxykafka@0', 'hostname': 'cp2043.codfw.wmnet', 'socket': {'path': '/var/run/haproxykafka/haproxykafka.sock', 'mode': '0622', 'user': 'haproxykafka', 'group': 'haproxykafka', 'batch_size': 25000, 'batch_deadline': '500ms'}, 'logparser': {'batch_size': 102400, 'batch_deadline': '1000ms'}, 'kafka': {'topic': 'webrequest_frontend_text', 'dlq_topic': 'webrequest_errors', 'flush_timeout': 1000, 'batch_size': 102400, 'batch_deadline': '1000ms', 'rdkafka': {'acks': 'all', 'client.id': 'cp2043', 'security.protocol': 'SSL', 'ssl.ca.location': '/etc/ssl/certs/wmf-ca-certificates.crt', 'ssl.cipher.suites': 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ssl.curves.list': 'P-256', 'ssl.sigalgs.list': 'ECDSA+SHA256', 'queue.buffering.max.messages': 720000, 'queue.buffering.max.ms': 1000, 'batch.num.messages': 9000, 'compression.codec': 'snappy', 'topic.request.required.acks': 1, 'bootstrap.servers': 'kafka-jumbo1010.eqiad.wmnet:9093,kafka-jumbo1011.eqiad.wmnet:9093,kafka-jumbo1012.eqiad.wmnet:9093,kafka-jumbo1013.eqiad.wmnet:9093,kafka-jumbo1014.eqiad.wmnet:9093,kafka-jumbo1015.eqiad.wmnet:9093,kafka-jumbo1016.eqiad.wmnet:9093,kafka-jumbo1017.eqiad.wmnet:9093,kafka-jumbo1018.eqiad.wmnet:9093', 'ssl.key.location': '/etc/haproxykafka/ssl/kafka__haproxykafka-key.pem', 'ssl.certificate.location': '/etc/haproxykafka/ssl/kafka__haproxykafka.chained.pem'}}, 'monitoring': {'enable_pprof': True, 'enable_prometheus': True, 'server_bind': ':9341', 'prometheus_prefix': 'haproxykafka_', 'prometheus_parsing_buckets': [5e-06, 1e-05, 5e-05, 0.0001, 0.0005, 0.001, 0.005], 'prometheus_processing_buckets': [1e-06, 5e-06, 1e-05, 2e-05, 3e-05, 5e-05, 0.0001, 0.0005, 0.001]}, 'transform_rules': {'haproxy_format': '02/Jan/2006:15:04:05.000', 'date_format': '2006-01-02T15:04:05Z', 'date_tz': 'UTC'}}

File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.csr]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.csr].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.csr]

-    group  => root
-    mode   => 0440
-    owner  => root
-    ensure => file

File[/etc/varnishkafka/statsv.conf]

Content differences:

--- /etc/varnishkafka/statsv.conf.orig
+++ /etc/varnishkafka/statsv.conf
@@ -252,8 +252,8 @@
 #
 kafka.security.protocol=SSL
 kafka.ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt
-kafka.ssl.key.location=/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11-key.pem
-kafka.ssl.certificate.location=/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chained.pem
+kafka.ssl.key.location=/etc/varnishkafka/ssl/kafka__varnishkafka-key.pem
+kafka.ssl.certificate.location=/etc/varnishkafka/ssl/kafka__varnishkafka.chained.pem
 kafka.ssl.cipher.suites=ECDHE-ECDSA-AES256-GCM-SHA384
 kafka.ssl.curves.list=P-256
 kafka.ssl.sigalgs.list=ECDSA+SHA256

File[/etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem]

+    group  => root
+    source => puppet:///modules/profile/pki/intermediates/kafka-cert.pem
+    mode   => 0440
+    owner  => root
+    ensure => file

Exec[Generate cert kafka__haproxykafka refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert kafka__haproxykafka refresh on intermediate ca change].orig
+++ Exec[Generate cert kafka__haproxykafka refresh on intermediate ca change]

+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__haproxykafka.csr | /usr/bin/cfssljson -bare /etc/haproxykafka/ssl/kafka__haproxykafka

+    environment => ['GODEBUG=x509ignoreCN=0']
+    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka.csr]
+    subscribe   => File[/etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem]
+    refreshonly => True

Exec[Generate cert kafka__varnishkafka_kafka_11]

Parameters differences:

--- Exec[Generate cert kafka__varnishkafka_kafka_11].orig
+++ Exec[Generate cert kafka__varnishkafka_kafka_11]

-    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11

-    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11-key.pem 2>&1)"

-    environment => ['GODEBUG=x509ignoreCN=0']

File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chained.pem]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chained.pem].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chained.pem]

-    group   => root
-    owner   => haproxykafka
-    ensure  => file
-    require => Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem]

Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem].orig
+++ Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem]

+    subscribe => ['Exec[renew certificate - kafka__varnishkafka]', 'File[/etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem]', 'File[/etc/varnishkafka/ssl/kafka__varnishkafka.pem]']
+    command   => /bin/cat /etc/varnishkafka/ssl/kafka__varnishkafka.pem /etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem > /etc/varnishkafka/ssl/kafka__varnishkafka.chained.pem
+    unless    => /usr/bin/test "$(/bin/cat /etc/varnishkafka/ssl/kafka__varnishkafka.pem /etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem | sha512sum)" == "$(/bin/cat /etc/varnishkafka/ssl/kafka__varnishkafka.chained.pem | sha512sum)"

+    require   => Exec[Generate cert kafka__varnishkafka refresh on intermediate ca change]

Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem].orig
+++ Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem]

+    subscribe => ['Exec[renew certificate - kafka__haproxykafka]', 'File[/etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem]', 'File[/etc/haproxykafka/ssl/kafka__haproxykafka.pem]']
+    command   => /bin/cat /etc/haproxykafka/ssl/kafka__haproxykafka.pem /etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem > /etc/haproxykafka/ssl/kafka__haproxykafka.chained.pem
+    unless    => /usr/bin/test "$(/bin/cat /etc/haproxykafka/ssl/kafka__haproxykafka.pem /etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem | sha512sum)" == "$(/bin/cat /etc/haproxykafka/ssl/kafka__haproxykafka.chained.pem | sha512sum)"

+    require   => Exec[Generate cert kafka__haproxykafka refresh on intermediate ca change]

File[/etc/varnishkafka/ssl/kafka__varnishkafka.pem]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka.pem].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka.pem]

+    group  => root
+    mode   => 0440
+    owner  => root
+    ensure => file

File[/etc/cfssl/csr/kafka__haproxykafka.csr]

Parameters differences:

--- File[/etc/cfssl/csr/kafka__haproxykafka.csr].orig
+++ File[/etc/cfssl/csr/kafka__haproxykafka.csr]

+    group  => root
+    mode   => 0400
+    owner  => root
+    ensure => file

Content differences:

--- /etc/cfssl/csr/kafka__haproxykafka.csr.orig
+++ /etc/cfssl/csr/kafka__haproxykafka.csr
@@ -0,0 +1,13 @@
+{
+  "CN": "haproxykafka",
+  "hosts": [
+    "haproxykafka"
+  ],
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  },
+  "names": [
+
+  ]
+}

File[/etc/haproxykafka/ssl/kafka__haproxykafka.chained.pem]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka.chained.pem].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka.chained.pem]

+    group   => root
+    owner   => haproxykafka
+    ensure  => file
+    require => Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem]

Varnishkafka::Instance[statsv]

Parameters differences:

--- Varnishkafka::Instance[statsv].orig
+++ Varnishkafka::Instance[statsv]

@@
-    ssl_key_location         => /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11-key.pem
+    ssl_key_location         => /etc/varnishkafka/ssl/kafka__varnishkafka-key.pem
@@
-    ssl_certificate_location => /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chained.pem
+    ssl_certificate_location => /etc/varnishkafka/ssl/kafka__varnishkafka.chained.pem

Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr]

-    common_name => varnishkafka
-    key         => {'algo': 'ecdsa', 'size': 256}
-    hosts       => []
-    names       => []
-    ensure      => present

File[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr]

Parameters differences:

--- File[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr].orig
+++ File[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr]

-    group  => root
-    mode   => 0400
-    owner  => root
-    ensure => file

Content differences:

--- /etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr.orig
+++ /etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr
@@ -1,13 +0,0 @@
-{
-  "CN": "haproxykafka",
-  "hosts": [
-    "haproxykafka"
-  ],
-  "key": {
-    "algo": "ecdsa",
-    "size": 256
-  },
-  "names": [
-
-  ]
-}

File[/etc/varnishkafka/ssl/kafka__varnishkafka.csr]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka.csr].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka.csr]

+    group  => root
+    mode   => 0440
+    owner  => root
+    ensure => file

Exec[renew certificate - kafka__haproxykafka]

Parameters differences:

--- Exec[renew certificate - kafka__haproxykafka].orig
+++ Exec[renew certificate - kafka__haproxykafka]

+    require     => Exec[Generate cert kafka__haproxykafka]
+    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka  /etc/haproxykafka/ssl/kafka__haproxykafka.csr | /usr/bin/cfssljson -bare /etc/haproxykafka/ssl/kafka__haproxykafka

+    unless      => /usr/bin/openssl x509 -in /etc/haproxykafka/ssl/kafka__haproxykafka.pem -checkend 952200
+    environment => ['GODEBUG=x509ignoreCN=0']

Exec[renew certificate - kafka__varnishkafka]

Parameters differences:

--- Exec[renew certificate - kafka__varnishkafka].orig
+++ Exec[renew certificate - kafka__varnishkafka]

+    require     => Exec[Generate cert kafka__varnishkafka]
+    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka  /etc/varnishkafka/ssl/kafka__varnishkafka.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka

+    unless      => /usr/bin/openssl x509 -in /etc/varnishkafka/ssl/kafka__varnishkafka.pem -checkend 952200
+    environment => ['GODEBUG=x509ignoreCN=0']

File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem]

-    group  => root
-    source => puppet:///modules/profile/pki/intermediates/kafka-cert.pem
-    mode   => 0440
-    owner  => root
-    ensure => file

File[/etc/cfssl/csr/kafka__varnishkafka.csr]

Parameters differences:

--- File[/etc/cfssl/csr/kafka__varnishkafka.csr].orig
+++ File[/etc/cfssl/csr/kafka__varnishkafka.csr]

+    group  => root
+    mode   => 0400
+    owner  => root
+    ensure => file

Content differences:

--- /etc/cfssl/csr/kafka__varnishkafka.csr.orig
+++ /etc/cfssl/csr/kafka__varnishkafka.csr
@@ -0,0 +1,13 @@
+{
+  "CN": "varnishkafka",
+  "hosts": [
+    "varnishkafka"
+  ],
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  },
+  "names": [
+
+  ]
+}

File[/etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka.chain.pem]

+    group  => root
+    source => puppet:///modules/profile/pki/intermediates/kafka-cert.pem
+    mode   => 0440
+    owner  => haproxykafka
+    ensure => file

File[/etc/varnishkafka/ssl/kafka__varnishkafka.chained.pem]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka.chained.pem].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka.chained.pem]

+    group   => root
+    owner   => root
+    ensure  => file
+    require => Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem]

Cfssl::Cert[kafka__varnishkafka_kafka_11]

Parameters differences:

--- Cfssl::Cert[kafka__varnishkafka_kafka_11].orig
+++ Cfssl::Cert[kafka__varnishkafka_kafka_11]

-    group           => root
-    outdir          => /etc/varnishkafka/ssl
-    profile         => kafka_11
-    names           => []
-    auto_renew      => True
-    hosts           => []
-    label           => kafka
-    provide_chain   => True
-    owner           => root
-    ensure          => present
-    environment     => ['GODEBUG=x509ignoreCN=0']
-    notify_services => []
-    notify          => Service[varnishkafka-all]
-    common_name     => varnishkafka
-    key             => {'algo': 'ecdsa', 'size': 256}
-    before_services => []
-    mode            => 0740
-    renew_seconds   => 952200

File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11-key.pem]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11-key.pem].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11-key.pem]

-    group     => root
-    backup    => False
-    mode      => 0440
-    show_diff => False
-    owner     => haproxykafka
-    ensure    => file

Cfssl::Cert[kafka__varnishkafka]

Parameters differences:

--- Cfssl::Cert[kafka__varnishkafka].orig
+++ Cfssl::Cert[kafka__varnishkafka]

+    group           => root
+    outdir          => /etc/varnishkafka/ssl
+    names           => []
+    auto_renew      => True
+    hosts           => []
+    label           => kafka
+    provide_chain   => True
+    owner           => root
+    ensure          => present
+    environment     => ['GODEBUG=x509ignoreCN=0']
+    notify_services => []
+    notify          => Service[varnishkafka-all]
+    common_name     => varnishkafka
+    key             => {'algo': 'ecdsa', 'size': 256}
+    before_services => []
+    mode            => 0740
+    renew_seconds   => 952200

File[/etc/varnishkafka/ssl/kafka__varnishkafka-key.pem]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka-key.pem].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka-key.pem]

+    group     => root
+    backup    => False
+    mode      => 0440
+    show_diff => False
+    owner     => root
+    ensure    => file

File[/etc/haproxykafka/ssl/kafka__haproxykafka.pem]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka.pem].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka.pem]

+    group  => root
+    mode   => 0440
+    owner  => haproxykafka
+    ensure => file

Exec[Generate cert kafka__haproxykafka_kafka_11 refresh]

Parameters differences:

--- Exec[Generate cert kafka__haproxykafka_kafka_11 refresh].orig
+++ Exec[Generate cert kafka__haproxykafka_kafka_11 refresh]

-    subscribe   => File[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr | /usr/bin/cfssljson -bare /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11

-    refreshonly => True
-    environment => ['GODEBUG=x509ignoreCN=0']

Exec[Generate cert kafka__varnishkafka_kafka_11 refresh]

Parameters differences:

--- Exec[Generate cert kafka__varnishkafka_kafka_11 refresh].orig
+++ Exec[Generate cert kafka__varnishkafka_kafka_11 refresh]

-    subscribe   => File[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11

-    refreshonly => True
-    environment => ['GODEBUG=x509ignoreCN=0']

File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem]

-    group  => root
-    source => puppet:///modules/profile/pki/intermediates/kafka-cert.pem
-    mode   => 0440
-    owner  => haproxykafka
-    ensure => file

Exec[renew certificate - kafka__haproxykafka_kafka_11]

Parameters differences:

--- Exec[renew certificate - kafka__haproxykafka_kafka_11].orig
+++ Exec[renew certificate - kafka__haproxykafka_kafka_11]

-    require     => Exec[Generate cert kafka__haproxykafka_kafka_11]
-    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka -profile kafka_11 /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.csr | /usr/bin/cfssljson -bare /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11

-    unless      => /usr/bin/openssl x509 -in /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.pem -checkend 952200
-    environment => ['GODEBUG=x509ignoreCN=0']

Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka.csr]

+    common_name => varnishkafka
+    key         => {'algo': 'ecdsa', 'size': 256}
+    hosts       => []
+    names       => []
+    ensure      => present

Cfssl::Cert[kafka__haproxykafka]

Parameters differences:

--- Cfssl::Cert[kafka__haproxykafka].orig
+++ Cfssl::Cert[kafka__haproxykafka]

+    group           => root
+    outdir          => /etc/haproxykafka/ssl
+    names           => []
+    auto_renew      => True
+    hosts           => []
+    label           => kafka
+    provide_chain   => True
+    owner           => haproxykafka
+    ensure          => present
+    environment     => ['GODEBUG=x509ignoreCN=0']
+    notify_services => []
+    notify          => Service[haproxykafka]
+    require         => ['File[/etc/haproxykafka/ssl]', 'User[haproxykafka]']
+    common_name     => haproxykafka
+    key             => {'algo': 'ecdsa', 'size': 256}
+    before_services => []
+    mode            => 0740
+    renew_seconds   => 952200

Exec[Generate cert kafka__haproxykafka_kafka_11 refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert kafka__haproxykafka_kafka_11 refresh on intermediate ca change].orig
+++ Exec[Generate cert kafka__haproxykafka_kafka_11 refresh on intermediate ca change]

-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr | /usr/bin/cfssljson -bare /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11

-    environment => ['GODEBUG=x509ignoreCN=0']
-    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr]
-    subscribe   => File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem]
-    refreshonly => True

Exec[Generate cert kafka__varnishkafka refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert kafka__varnishkafka refresh on intermediate ca change].orig
+++ Exec[Generate cert kafka__varnishkafka refresh on intermediate ca change]

+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__varnishkafka.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka

+    environment => ['GODEBUG=x509ignoreCN=0']
+    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka.csr]
+    subscribe   => File[/etc/varnishkafka/ssl/kafka__varnishkafka.chain.pem]
+    refreshonly => True

Exec[Generate cert kafka__varnishkafka]

Parameters differences:

--- Exec[Generate cert kafka__varnishkafka].orig
+++ Exec[Generate cert kafka__varnishkafka]

+    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__varnishkafka.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka

+    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/varnishkafka/ssl/kafka__varnishkafka.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/varnishkafka/ssl/kafka__varnishkafka-key.pem 2>&1)"

+    environment => ['GODEBUG=x509ignoreCN=0']

Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem].orig
+++ Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem]

-    subscribe => ['Exec[renew certificate - kafka__varnishkafka_kafka_11]', 'File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem]', 'File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.pem]']
-    command   => /bin/cat /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.pem /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem > /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chained.pem
-    unless    => /usr/bin/test "$(/bin/cat /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.pem /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem | sha512sum)" == "$(/bin/cat /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chained.pem | sha512sum)"

-    require   => Exec[Generate cert kafka__varnishkafka_kafka_11 refresh on intermediate ca change]

File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.csr]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.csr].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.csr]

-    group  => root
-    mode   => 0440
-    owner  => haproxykafka
-    ensure => file

File[/etc/haproxykafka/config.yaml]

Content differences:

--- /etc/haproxykafka/config.yaml.orig
+++ /etc/haproxykafka/config.yaml
@@ -33,8 +33,8 @@
     compression.codec: snappy
     topic.request.required.acks: 1
     bootstrap.servers: kafka-jumbo1010.eqiad.wmnet:9093,kafka-jumbo1011.eqiad.wmnet:9093,kafka-jumbo1012.eqiad.wmnet:9093,kafka-jumbo1013.eqiad.wmnet:9093,kafka-jumbo1014.eqiad.wmnet:9093,kafka-jumbo1015.eqiad.wmnet:9093,kafka-jumbo1016.eqiad.wmnet:9093,kafka-jumbo1017.eqiad.wmnet:9093,kafka-jumbo1018.eqiad.wmnet:9093
-    ssl.key.location: "/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11-key.pem"
-    ssl.certificate.location: "/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chained.pem"
+    ssl.key.location: "/etc/haproxykafka/ssl/kafka__haproxykafka-key.pem"
+    ssl.certificate.location: "/etc/haproxykafka/ssl/kafka__haproxykafka.chained.pem"
 monitoring:
   enable_pprof: true
   enable_prometheus: true

Exec[renew certificate - kafka__varnishkafka_kafka_11]

Parameters differences:

--- Exec[renew certificate - kafka__varnishkafka_kafka_11].orig
+++ Exec[renew certificate - kafka__varnishkafka_kafka_11]

-    require     => Exec[Generate cert kafka__varnishkafka_kafka_11]
-    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka -profile kafka_11 /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11

-    unless      => /usr/bin/openssl x509 -in /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.pem -checkend 952200
-    environment => ['GODEBUG=x509ignoreCN=0']

Cfssl::Cert[kafka__haproxykafka_kafka_11]

Parameters differences:

--- Cfssl::Cert[kafka__haproxykafka_kafka_11].orig
+++ Cfssl::Cert[kafka__haproxykafka_kafka_11]

-    group           => root
-    outdir          => /etc/haproxykafka/ssl
-    names           => []
-    hosts           => []
-    auto_renew      => True
-    label           => kafka
-    provide_chain   => True
-    owner           => haproxykafka
-    ensure          => present
-    environment     => ['GODEBUG=x509ignoreCN=0']
-    notify_services => []
-    notify          => Service[haproxykafka]
-    require         => ['File[/etc/haproxykafka/ssl]', 'User[haproxykafka]']
-    key             => {'algo': 'ecdsa', 'size': 256}
-    common_name     => haproxykafka
-    profile         => kafka_11
-    mode            => 0740
-    renew_seconds   => 952200
-    before_services => []

Exec[Generate cert kafka__varnishkafka_kafka_11 refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert kafka__varnishkafka_kafka_11 refresh on intermediate ca change].orig
+++ Exec[Generate cert kafka__varnishkafka_kafka_11 refresh on intermediate ca change]

-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11

-    environment => ['GODEBUG=x509ignoreCN=0']
-    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr]
-    subscribe   => File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem]
-    refreshonly => True

File[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr]

Parameters differences:

--- File[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr].orig
+++ File[/etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr]

-    group  => root
-    mode   => 0400
-    owner  => root
-    ensure => file

Content differences:

--- /etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr.orig
+++ /etc/cfssl/csr/kafka__varnishkafka_kafka_11.csr
@@ -1,13 +0,0 @@
-{
-  "CN": "varnishkafka",
-  "hosts": [
-    "varnishkafka"
-  ],
-  "key": {
-    "algo": "ecdsa",
-    "size": 256
-  },
-  "names": [
-
-  ]
-}

File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.pem]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.pem].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.pem]

-    group  => root
-    mode   => 0440
-    owner  => haproxykafka
-    ensure => file

File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11-key.pem]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11-key.pem].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11-key.pem]

-    group     => root
-    backup    => False
-    mode      => 0440
-    show_diff => False
-    owner     => root
-    ensure    => file

Exec[Generate cert kafka__haproxykafka_kafka_11]

Parameters differences:

--- Exec[Generate cert kafka__haproxykafka_kafka_11].orig
+++ Exec[Generate cert kafka__haproxykafka_kafka_11]

-    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr | /usr/bin/cfssljson -bare /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11

-    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11-key.pem 2>&1)"

-    environment => ['GODEBUG=x509ignoreCN=0']

File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chained.pem]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chained.pem].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chained.pem]

-    group   => root
-    owner   => root
-    ensure  => file
-    require => Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.chain.pem]

Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka_kafka_11.csr]

-    common_name => haproxykafka
-    key         => {'algo': 'ecdsa', 'size': 256}
-    hosts       => []
-    names       => []
-    ensure      => present

Exec[Generate cert kafka__varnishkafka refresh]

Parameters differences:

--- Exec[Generate cert kafka__varnishkafka refresh].orig
+++ Exec[Generate cert kafka__varnishkafka refresh]

+    subscribe   => File[/etc/cfssl/csr/kafka__varnishkafka.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__varnishkafka.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka

+    refreshonly => True
+    environment => ['GODEBUG=x509ignoreCN=0']

Exec[Generate cert kafka__haproxykafka]

Parameters differences:

--- Exec[Generate cert kafka__haproxykafka].orig
+++ Exec[Generate cert kafka__haproxykafka]

+    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__haproxykafka.csr | /usr/bin/cfssljson -bare /etc/haproxykafka/ssl/kafka__haproxykafka

+    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/haproxykafka/ssl/kafka__haproxykafka.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/haproxykafka/ssl/kafka__haproxykafka-key.pem 2>&1)"

+    environment => ['GODEBUG=x509ignoreCN=0']

File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.pem]

Parameters differences:

--- File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.pem].orig
+++ File[/etc/varnishkafka/ssl/kafka__varnishkafka_kafka_11.pem]

-    group  => root
-    mode   => 0440
-    owner  => root
-    ensure => file

Exec[Generate cert kafka__haproxykafka refresh]

Parameters differences:

--- Exec[Generate cert kafka__haproxykafka refresh].orig
+++ Exec[Generate cert kafka__haproxykafka refresh]

+    subscribe   => File[/etc/cfssl/csr/kafka__haproxykafka.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/cp2043.codfw.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__haproxykafka.csr | /usr/bin/cfssljson -bare /etc/haproxykafka/ssl/kafka__haproxykafka

+    refreshonly => True
+    environment => ['GODEBUG=x509ignoreCN=0']

Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem].orig
+++ Exec[create chained cert /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem]

-    subscribe => ['Exec[renew certificate - kafka__haproxykafka_kafka_11]', 'File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem]', 'File[/etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.pem]']
-    command   => /bin/cat /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.pem /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem > /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chained.pem
-    unless    => /usr/bin/test "$(/bin/cat /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.pem /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chain.pem | sha512sum)" == "$(/bin/cat /etc/haproxykafka/ssl/kafka__haproxykafka_kafka_11.chained.pem | sha512sum)"

-    require   => Exec[Generate cert kafka__haproxykafka_kafka_11 refresh on intermediate ca change]

File[/etc/haproxykafka/ssl/kafka__haproxykafka.csr]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka.csr].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka.csr]

+    group  => root
+    mode   => 0440
+    owner  => haproxykafka
+    ensure => file

Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/kafka__haproxykafka.csr]

+    common_name => haproxykafka
+    key         => {'algo': 'ecdsa', 'size': 256}
+    hosts       => []
+    names       => []
+    ensure      => present

File[/etc/haproxykafka/ssl/kafka__haproxykafka-key.pem]

Parameters differences:

--- File[/etc/haproxykafka/ssl/kafka__haproxykafka-key.pem].orig
+++ File[/etc/haproxykafka/ssl/kafka__haproxykafka-key.pem]

+    group     => root
+    backup    => False
+    mode      => 0440
+    show_diff => False
+    owner     => haproxykafka
+    ensure    => file

Compilation results for cp2043.codfw.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources only in the old catalog

Resources modified

Relevant files