Compilation results for kafka-jumbo1010.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	2998
Resources added:	26
Resources removed:	26
Resources modified:	56
Change percentage:	3.60%

Resources only in the new catalog

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.csr]
Exec[renew certificate - kafka__kafka_mirror_maker]
Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet refresh]
Cfssl::Cert[kafka__kafka_mirror_maker]
Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr]
Exec[Generate cert kafka__kafka_mirror_maker refresh on intermediate ca change]
Exec[Generate cert kafka__kafka_mirror_maker]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.csr]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet-key.pem]
File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker-key.pem]
Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chained.pem]
Cfssl::Cert[kafka__kafka-jumbo1010_eqiad_wmnet]
File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.pem]
File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem]
Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem]
File[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.pem]
Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem]
Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet]
Exec[Generate cert kafka__kafka_mirror_maker refresh]
File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chained.pem]
File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr]
Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet]
Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet refresh on intermediate ca change]

Resources only in the old catalog

Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]
Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11 refresh]
Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem]
Exec[Generate cert kafka__kafka_mirror_maker_kafka_11 refresh on intermediate ca change]
File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chained.pem]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.pem]
Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11 refresh on intermediate ca change]
File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11-key.pem]
Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]
Exec[renew certificate - kafka__kafka_mirror_maker_kafka_11]
Exec[Generate cert kafka__kafka_mirror_maker_kafka_11 refresh]
File[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr]
File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.pem]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem]
File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]
Exec[Generate cert kafka__kafka_mirror_maker_kafka_11]
Cfssl::Cert[kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11-key.pem]
Cfssl::Cert[kafka__kafka_mirror_maker_kafka_11]
Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem]
File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.csr]
Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]
Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]
File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chained.pem]
File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem]

Resources modified

Cfssl::Cert[kafka__kafka-jumbo1010_eqiad_wmnet]

Parameters differences:

--- Cfssl::Cert[kafka__kafka-jumbo1010_eqiad_wmnet].orig
+++ Cfssl::Cert[kafka__kafka-jumbo1010_eqiad_wmnet]

+    environment     => ['GODEBUG=x509ignoreCN=0']
+    outdir          => /etc/kafka/ssl
+    provide_chain   => True
+    notify          => Sslcert::X509_to_pkcs12[kafka_keystore]
+    group           => root
+    ensure          => present
+    mode            => 0740
+    notify_services => []
+    renew_seconds   => 2678400
+    before_services => []
+    names           => []
+    auto_renew      => True
+    common_name     => kafka-jumbo1010.eqiad.wmnet
+    require         => Class[Confluent::Kafka::Common]
+    key             => {'algo': 'ecdsa', 'size': 256}
+    owner           => kafka
+    hosts           => ['kafka-jumbo1010', 'kafka-jumbo1010.eqiad.wmnet', '10.64.130.10', '2620:0:861:109:10:64:130:10', 'kafka-jumbo-eqiad.external-services.svc.cluster.local']
+    label           => kafka

Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr]

+    hosts       => ['kafka-jumbo1010', 'kafka-jumbo1010.eqiad.wmnet', '10.64.130.10', '2620:0:861:109:10:64:130:10', 'kafka-jumbo-eqiad.external-services.svc.cluster.local']
+    names       => []
+    ensure      => present
+    common_name => kafka-jumbo1010.eqiad.wmnet
+    key         => {'algo': 'ecdsa', 'size': 256}

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chained.pem]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chained.pem].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chained.pem]

-    ensure  => file
-    require => Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem]
-    owner   => kafka
-    group   => root

Exec[Generate cert kafka__kafka_mirror_maker]

Parameters differences:

--- Exec[Generate cert kafka__kafka_mirror_maker].orig
+++ Exec[Generate cert kafka__kafka_mirror_maker]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker-key.pem 2>&1)"

+    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__kafka_mirror_maker.csr | /usr/bin/cfssljson -bare /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker

Exec[Generate cert kafka__kafka_mirror_maker refresh]

Parameters differences:

--- Exec[Generate cert kafka__kafka_mirror_maker refresh].orig
+++ Exec[Generate cert kafka__kafka_mirror_maker refresh]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    refreshonly => True
+    subscribe   => File[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__kafka_mirror_maker.csr | /usr/bin/cfssljson -bare /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.pem]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.pem].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.pem]

-    ensure => file
-    mode   => 0440
-    owner  => kafka
-    group  => kafka

Exec[sslcert generate kafka_keystore.p12]

Parameters differences:

--- Exec[sslcert generate kafka_keystore.p12].orig
+++ Exec[sslcert generate kafka_keystore.p12]

@@
-    unless  => /usr/bin/test     "$(/usr/bin/openssl x509 -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chained.pem)" ==     "$(/usr/bin/openssl pkcs12 -password 'pass:qwerty' -in /etc/kafka/ssl/kafka_jumbo-eqiad_broker.keystore.p12 -clcerts -nokeys | openssl x509)"
+    unless  => /usr/bin/test     "$(/usr/bin/openssl x509 -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chained.pem)" ==     "$(/usr/bin/openssl pkcs12 -password 'pass:qwerty' -in /etc/kafka/ssl/kafka_jumbo-eqiad_broker.keystore.p12 -clcerts -nokeys | openssl x509)"
@@
-    command => /usr/bin/openssl pkcs12 -export  -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chained.pem -inkey /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11-key.pem -out /etc/kafka/ssl/kafka_jumbo-eqiad_broker.keystore.p12 -password 'pass:qwerty'
+    command => /usr/bin/openssl pkcs12 -export  -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chained.pem -inkey /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet-key.pem -out /etc/kafka/ssl/kafka_jumbo-eqiad_broker.keystore.p12 -password 'pass:qwerty'

Exec[Generate cert kafka__kafka_mirror_maker_kafka_11 refresh]

Parameters differences:

--- Exec[Generate cert kafka__kafka_mirror_maker_kafka_11 refresh].orig
+++ Exec[Generate cert kafka__kafka_mirror_maker_kafka_11 refresh]

-    environment => ['GODEBUG=x509ignoreCN=0']
-    refreshonly => True
-    subscribe   => File[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr | /usr/bin/cfssljson -bare /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11

Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]

Parameters differences:

--- Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11].orig
+++ Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]

-    environment => ['GODEBUG=x509ignoreCN=0']
-    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11-key.pem 2>&1)"

-    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr | /usr/bin/cfssljson -bare /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11

Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr]

+    hosts       => []
+    names       => []
+    ensure      => present
+    common_name => kafka_mirror_maker
+    key         => {'algo': 'ecdsa', 'size': 256}

File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr]

Parameters differences:

--- File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr].orig
+++ File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr]

+    ensure => file
+    mode   => 0400
+    owner  => root
+    group  => root

Content differences:

--- /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr.orig
+++ /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr
@@ -0,0 +1,17 @@
+{
+  "CN": "kafka-jumbo1010.eqiad.wmnet",
+  "hosts": [
+    "kafka-jumbo1010",
+    "kafka-jumbo1010.eqiad.wmnet",
+    "10.64.130.10",
+    "2620:0:861:109:10:64:130:10",
+    "kafka-jumbo-eqiad.external-services.svc.cluster.local"
+  ],
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  },
+  "names": [
+
+  ]
+}

Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet]

Parameters differences:

--- Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet].orig
+++ Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet-key.pem 2>&1)"

+    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet

Exec[Generate cert kafka__kafka_mirror_maker_kafka_11 refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert kafka__kafka_mirror_maker_kafka_11 refresh on intermediate ca change].orig
+++ Exec[Generate cert kafka__kafka_mirror_maker_kafka_11 refresh on intermediate ca change]

-    environment => ['GODEBUG=x509ignoreCN=0']
-    subscribe   => File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr | /usr/bin/cfssljson -bare /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11

-    refreshonly => True
-    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr]

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.pem]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.pem].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.pem]

+    ensure => file
+    mode   => 0440
+    owner  => kafka
+    group  => root

Exec[Generate cert kafka__kafka_mirror_maker_kafka_11]

Parameters differences:

--- Exec[Generate cert kafka__kafka_mirror_maker_kafka_11].orig
+++ Exec[Generate cert kafka__kafka_mirror_maker_kafka_11]

-    environment => ['GODEBUG=x509ignoreCN=0']
-    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11-key.pem 2>&1)"

-    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr | /usr/bin/cfssljson -bare /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.pem]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.pem].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.pem]

+    ensure => file
+    mode   => 0440
+    owner  => kafka
+    group  => kafka

Exec[renew certificate - kafka__kafka_mirror_maker]

Parameters differences:

--- Exec[renew certificate - kafka__kafka_mirror_maker].orig
+++ Exec[renew certificate - kafka__kafka_mirror_maker]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/openssl x509 -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.pem -checkend 952200
+    require     => Exec[Generate cert kafka__kafka_mirror_maker]
+    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka  /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.csr | /usr/bin/cfssljson -bare /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker

File[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr]

Parameters differences:

--- File[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr].orig
+++ File[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr]

+    ensure => file
+    mode   => 0400
+    owner  => root
+    group  => root

Content differences:

--- /etc/cfssl/csr/kafka__kafka_mirror_maker.csr.orig
+++ /etc/cfssl/csr/kafka__kafka_mirror_maker.csr
@@ -0,0 +1,13 @@
+{
+  "CN": "kafka_mirror_maker",
+  "hosts": [
+    "kafka_mirror_maker"
+  ],
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  },
+  "names": [
+
+  ]
+}

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chained.pem]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chained.pem].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chained.pem]

+    ensure  => file
+    require => Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem]
+    owner   => kafka
+    group   => root

Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]

-    hosts       => ['kafka-jumbo1010', 'kafka-jumbo1010.eqiad.wmnet', '10.64.130.10', '2620:0:861:109:10:64:130:10', 'kafka-jumbo-eqiad.external-services.svc.cluster.local']
-    names       => []
-    ensure      => present
-    common_name => kafka-jumbo1010.eqiad.wmnet
-    key         => {'algo': 'ecdsa', 'size': 256}

Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet refresh]

Parameters differences:

--- Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet refresh].orig
+++ Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet refresh]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    refreshonly => True
+    subscribe   => File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet

Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem].orig
+++ Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem]

+    unless    => /usr/bin/test "$(/bin/cat /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.pem /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem | sha512sum)" == "$(/bin/cat /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chained.pem | sha512sum)"

+    subscribe => ['Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet]', 'File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem]', 'File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.pem]']
+    require   => Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet refresh on intermediate ca change]
+    command   => /bin/cat /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.pem /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem > /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chained.pem

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.csr]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.csr].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.csr]

+    ensure => file
+    mode   => 0440
+    owner  => kafka
+    group  => root

Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]

Parameters differences:

--- Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11].orig
+++ Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]

-    environment => ['GODEBUG=x509ignoreCN=0']
-    unless      => /usr/bin/openssl x509 -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.pem -checkend 2678400
-    require     => Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]
-    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka -profile kafka_11 /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr | /usr/bin/cfssljson -bare /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11

Exec[Generate cert kafka__kafka_mirror_maker refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert kafka__kafka_mirror_maker refresh on intermediate ca change].orig
+++ Exec[Generate cert kafka__kafka_mirror_maker refresh on intermediate ca change]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    subscribe   => File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__kafka_mirror_maker.csr | /usr/bin/cfssljson -bare /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker

+    refreshonly => True
+    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker.csr]

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.pem]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.pem].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.pem]

-    ensure => file
-    mode   => 0440
-    owner  => kafka
-    group  => root

Sslcert::X509_to_pkcs12[kafka_keystore]

Parameters differences:

--- Sslcert::X509_to_pkcs12[kafka_keystore].orig
+++ Sslcert::X509_to_pkcs12[kafka_keystore]

@@
-    public_key  => /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chained.pem
+    public_key  => /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chained.pem
@@
-    private_key => /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11-key.pem
+    private_key => /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet-key.pem

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11-key.pem]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11-key.pem].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11-key.pem]

-    owner     => kafka
-    backup    => False
-    show_diff => False
-    group     => kafka
-    mode      => 0440
-    ensure    => file

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]

-    ensure => file
-    mode   => 0440
-    owner  => kafka
-    group  => root

Cfssl::Cert[kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]

Parameters differences:

--- Cfssl::Cert[kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11].orig
+++ Cfssl::Cert[kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]

-    environment     => ['GODEBUG=x509ignoreCN=0']
-    outdir          => /etc/kafka/ssl
-    provide_chain   => True
-    profile         => kafka_11
-    notify          => Sslcert::X509_to_pkcs12[kafka_keystore]
-    group           => root
-    ensure          => present
-    mode            => 0740
-    notify_services => []
-    renew_seconds   => 2678400
-    before_services => []
-    names           => []
-    auto_renew      => True
-    common_name     => kafka-jumbo1010.eqiad.wmnet
-    require         => Class[Confluent::Kafka::Common]
-    key             => {'algo': 'ecdsa', 'size': 256}
-    owner           => kafka
-    hosts           => ['kafka-jumbo1010', 'kafka-jumbo1010.eqiad.wmnet', '10.64.130.10', '2620:0:861:109:10:64:130:10', 'kafka-jumbo-eqiad.external-services.svc.cluster.local']
-    label           => kafka

Exec[sslcert generate kafka_mirror_keystore.p12]

Parameters differences:

--- Exec[sslcert generate kafka_mirror_keystore.p12].orig
+++ Exec[sslcert generate kafka_mirror_keystore.p12]

@@
-    unless  => /usr/bin/test     "$(/usr/bin/openssl x509 -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chained.pem)" ==     "$(/usr/bin/openssl pkcs12 -password 'pass:' -in /etc/kafka/mirror/ssl/kafka_mirror_maker.keystore.p12 -clcerts -nokeys | openssl x509)"
+    unless  => /usr/bin/test     "$(/usr/bin/openssl x509 -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chained.pem)" ==     "$(/usr/bin/openssl pkcs12 -password 'pass:' -in /etc/kafka/mirror/ssl/kafka_mirror_maker.keystore.p12 -clcerts -nokeys | openssl x509)"
@@
-    command => /usr/bin/openssl pkcs12 -export  -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chained.pem -inkey /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11-key.pem -out /etc/kafka/mirror/ssl/kafka_mirror_maker.keystore.p12 -password 'pass:'
+    command => /usr/bin/openssl pkcs12 -export  -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chained.pem -inkey /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker-key.pem -out /etc/kafka/mirror/ssl/kafka_mirror_maker.keystore.p12 -password 'pass:'

Exec[renew certificate - kafka__kafka_mirror_maker_kafka_11]

Parameters differences:

--- Exec[renew certificate - kafka__kafka_mirror_maker_kafka_11].orig
+++ Exec[renew certificate - kafka__kafka_mirror_maker_kafka_11]

-    environment => ['GODEBUG=x509ignoreCN=0']
-    unless      => /usr/bin/openssl x509 -in /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.pem -checkend 952200
-    require     => Exec[Generate cert kafka__kafka_mirror_maker_kafka_11]
-    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka -profile kafka_11 /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.csr | /usr/bin/cfssljson -bare /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11

Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr]

-    hosts       => []
-    names       => []
-    ensure      => present
-    common_name => kafka_mirror_maker
-    key         => {'algo': 'ecdsa', 'size': 256}

Cfssl::Cert[kafka__kafka_mirror_maker]

Parameters differences:

--- Cfssl::Cert[kafka__kafka_mirror_maker].orig
+++ Cfssl::Cert[kafka__kafka_mirror_maker]

+    environment     => ['GODEBUG=x509ignoreCN=0']
+    outdir          => /etc/kafka/mirror/ssl
+    provide_chain   => True
+    notify          => Sslcert::X509_to_pkcs12[kafka_mirror_keystore]
+    group           => kafka
+    ensure          => present
+    mode            => 0740
+    notify_services => []
+    renew_seconds   => 952200
+    before_services => []
+    names           => []
+    auto_renew      => True
+    common_name     => kafka_mirror_maker
+    key             => {'algo': 'ecdsa', 'size': 256}
+    owner           => kafka
+    hosts           => []
+    label           => kafka

Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem].orig
+++ Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem]

-    unless    => /usr/bin/test "$(/bin/cat /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.pem /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem | sha512sum)" == "$(/bin/cat /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chained.pem | sha512sum)"

-    subscribe => ['Exec[renew certificate - kafka__kafka_mirror_maker_kafka_11]', 'File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem]', 'File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.pem]']
-    require   => Exec[Generate cert kafka__kafka_mirror_maker_kafka_11 refresh on intermediate ca change]
-    command   => /bin/cat /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.pem /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem > /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chained.pem

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker-key.pem]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker-key.pem].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker-key.pem]

+    owner     => kafka
+    backup    => False
+    show_diff => False
+    group     => kafka
+    mode      => 0440
+    ensure    => file

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem]

+    owner  => kafka
+    group  => kafka
+    mode   => 0440
+    source => puppet:///modules/profile/pki/intermediates/kafka-cert.pem
+    ensure => file

Sslcert::X509_to_pkcs12[kafka_mirror_keystore]

Parameters differences:

--- Sslcert::X509_to_pkcs12[kafka_mirror_keystore].orig
+++ Sslcert::X509_to_pkcs12[kafka_mirror_keystore]

@@
-    public_key  => /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chained.pem
+    public_key  => /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chained.pem
@@
-    private_key => /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11-key.pem
+    private_key => /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker-key.pem

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.csr]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.csr].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.csr]

-    ensure => file
-    mode   => 0440
-    owner  => kafka
-    group  => kafka

Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet refresh on intermediate ca change].orig
+++ Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet refresh on intermediate ca change]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    subscribe   => File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka  /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet

+    refreshonly => True
+    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet.csr]

Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet]

Parameters differences:

--- Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet].orig
+++ Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet]

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/openssl x509 -in /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.pem -checkend 2678400
+    require     => Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet]
+    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka  /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet.chain.pem]

+    owner  => kafka
+    group  => root
+    mode   => 0440
+    source => puppet:///modules/profile/pki/intermediates/kafka-cert.pem
+    ensure => file

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet-key.pem]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet-key.pem].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet-key.pem]

+    owner     => kafka
+    backup    => False
+    show_diff => False
+    group     => root
+    mode      => 0440
+    ensure    => file

Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11 refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11 refresh on intermediate ca change].orig
+++ Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11 refresh on intermediate ca change]

-    environment => ['GODEBUG=x509ignoreCN=0']
-    subscribe   => File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr | /usr/bin/cfssljson -bare /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11

-    refreshonly => True
-    require     => Cfssl::Csr[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]

File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]

Parameters differences:

--- File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr].orig
+++ File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]

-    ensure => file
-    mode   => 0400
-    owner  => root
-    group  => root

Content differences:

--- /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr.orig
+++ /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr
@@ -1,17 +0,0 @@
-{
-  "CN": "kafka-jumbo1010.eqiad.wmnet",
-  "hosts": [
-    "kafka-jumbo1010",
-    "kafka-jumbo1010.eqiad.wmnet",
-    "10.64.130.10",
-    "2620:0:861:109:10:64:130:10",
-    "kafka-jumbo-eqiad.external-services.svc.cluster.local"
-  ],
-  "key": {
-    "algo": "ecdsa",
-    "size": 256
-  },
-  "names": [
-
-  ]
-}

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chained.pem]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chained.pem].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chained.pem]

-    ensure  => file
-    require => Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem]
-    owner   => kafka
-    group   => kafka

Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem].orig
+++ Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem]

+    unless    => /usr/bin/test "$(/bin/cat /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.pem /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem | sha512sum)" == "$(/bin/cat /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chained.pem | sha512sum)"

+    subscribe => ['Exec[renew certificate - kafka__kafka_mirror_maker]', 'File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem]', 'File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.pem]']
+    require   => Exec[Generate cert kafka__kafka_mirror_maker refresh on intermediate ca change]
+    command   => /bin/cat /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.pem /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem > /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chained.pem

Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem].orig
+++ Exec[create chained cert /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem]

-    unless    => /usr/bin/test "$(/bin/cat /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.pem /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem | sha512sum)" == "$(/bin/cat /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chained.pem | sha512sum)"

-    subscribe => ['Exec[renew certificate - kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11]', 'File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem]', 'File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.pem]']
-    require   => Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11 refresh on intermediate ca change]
-    command   => /bin/cat /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.pem /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem > /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chained.pem

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.csr]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.csr].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.csr]

+    ensure => file
+    mode   => 0440
+    owner  => kafka
+    group  => kafka

File[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr]

Parameters differences:

--- File[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr].orig
+++ File[/etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr]

-    ensure => file
-    mode   => 0400
-    owner  => root
-    group  => root

Content differences:

--- /etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr.orig
+++ /etc/cfssl/csr/kafka__kafka_mirror_maker_kafka_11.csr
@@ -1,13 +0,0 @@
-{
-  "CN": "kafka_mirror_maker",
-  "hosts": [
-    "kafka_mirror_maker"
-  ],
-  "key": {
-    "algo": "ecdsa",
-    "size": 256
-  },
-  "names": [
-
-  ]
-}

Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11 refresh]

Parameters differences:

--- Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11 refresh].orig
+++ Exec[Generate cert kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11 refresh]

-    environment => ['GODEBUG=x509ignoreCN=0']
-    refreshonly => True
-    subscribe   => File[/etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr]
-    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/kafka-jumbo1010.eqiad.wmnet.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.csr | /usr/bin/cfssljson -bare /etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker_kafka_11.chain.pem]

-    owner  => kafka
-    group  => kafka
-    mode   => 0440
-    source => puppet:///modules/profile/pki/intermediates/kafka-cert.pem
-    ensure => file

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11-key.pem]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11-key.pem].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11-key.pem]

-    owner     => kafka
-    backup    => False
-    show_diff => False
-    group     => root
-    mode      => 0440
-    ensure    => file

Cfssl::Cert[kafka__kafka_mirror_maker_kafka_11]

Parameters differences:

--- Cfssl::Cert[kafka__kafka_mirror_maker_kafka_11].orig
+++ Cfssl::Cert[kafka__kafka_mirror_maker_kafka_11]

-    environment     => ['GODEBUG=x509ignoreCN=0']
-    outdir          => /etc/kafka/mirror/ssl
-    provide_chain   => True
-    profile         => kafka_11
-    notify          => Sslcert::X509_to_pkcs12[kafka_mirror_keystore]
-    group           => kafka
-    ensure          => present
-    mode            => 0740
-    notify_services => []
-    renew_seconds   => 952200
-    before_services => []
-    names           => []
-    auto_renew      => True
-    common_name     => kafka_mirror_maker
-    key             => {'algo': 'ecdsa', 'size': 256}
-    owner           => kafka
-    hosts           => []
-    label           => kafka

File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chained.pem]

Parameters differences:

--- File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chained.pem].orig
+++ File[/etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chained.pem]

+    ensure  => file
+    require => Exec[create chained cert /etc/kafka/mirror/ssl/kafka__kafka_mirror_maker.chain.pem]
+    owner   => kafka
+    group   => kafka

File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem]

Parameters differences:

--- File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem].orig
+++ File[/etc/kafka/ssl/kafka__kafka-jumbo1010_eqiad_wmnet_kafka_11.chain.pem]

-    owner  => kafka
-    group  => root
-    mode   => 0440
-    source => puppet:///modules/profile/pki/intermediates/kafka-cert.pem
-    ensure => file

Compilation results for kafka-jumbo1010.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources only in the old catalog

Resources modified

Relevant files