Compilation results for deploy1003.eqiad.wmnet: System changes detected
You can retrieve this result from host.json.Catalog differences
Summary
| Total Resources: | 17426 |
|---|---|
| Resources added: | 70 |
| Resources removed: | 140 |
| Resources modified: | 215 |
| Change percentage: | 2.44% |
Resources only in the new catalog
- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.csr]
- File[/etc/cfssl/csr/dse__wdqs.csr]
- Exec[renew certificate - dse__wdqs-next]
- File[/etc/kubernetes/pki/dse__wdqs.chain.pem]
- File[/etc/kubernetes/pki/dse__wdqs-deploy.csr]
- File[/etc/kubernetes/pki/dse__wdqs.csr]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-deploy.chain.pem]
- File[/etc/kubernetes/pki/dse__wdqs-next.chained.pem]
- File[/etc/kubernetes/pki/dse__wdqs.chained.pem]
- File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs]
- Cfssl::Cert[dse__wdqs-next]
- File[/etc/cfssl/csr/dse__wdqs-next.csr]
- File[/etc/kubernetes/wdqs-deploy-dse-k8s-eqiad.config]
- File[/etc/kubernetes/wdqs-next-deploy-dse-k8s-codfw.config]
- Exec[Generate cert dse__wdqs-next]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-dse-k8s-eqiad.config]
- File[/etc/kubernetes/wdqs-deploy-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-deploy-key.pem]
- Exec[Generate cert dse__wdqs-next-deploy refresh]
- Exec[Generate cert dse__wdqs-next-deploy]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-next-deploy.chain.pem]
- File[/etc/kubernetes/pki/dse__wdqs-next.csr]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-next-dse-k8s-codfw.config]
- Cfssl::Cert[dse__wdqs]
- File[/etc/kubernetes/pki/dse__wdqs-deploy.chain.pem]
- File[/etc/kubernetes/pki/dse__wdqs-key.pem]
- Exec[Generate cert dse__wdqs]
- File[/etc/cfssl/csr/dse__wdqs-deploy.csr]
- Exec[Generate cert dse__wdqs refresh on intermediate ca change]
- File[/etc/cfssl/csr/dse__wdqs-next-deploy.csr]
- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.pem]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs.csr]
- File[/etc/kubernetes/pki/dse__wdqs-next.pem]
- File[/etc/kubernetes/wdqs-next-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.chain.pem]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-deploy-dse-k8s-eqiad.config]
- Exec[Generate cert dse__wdqs-next refresh]
- Exec[Generate cert dse__wdqs-next-deploy refresh on intermediate ca change]
- Exec[Generate cert dse__wdqs-deploy refresh]
- File[/etc/kubernetes/pki/dse__wdqs-next-deploy-key.pem]
- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.chained.pem]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs.chain.pem]
- File[/etc/kubernetes/wdqs-next-deploy-dse-k8s-eqiad.config]
- Exec[Generate cert dse__wdqs-next refresh on intermediate ca change]
- Exec[renew certificate - dse__wdqs]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-next-dse-k8s-eqiad.config]
- File[/etc/kubernetes/pki/dse__wdqs-next.chain.pem]
- File[/etc/kubernetes/wdqs-next-dse-k8s-eqiad.config]
- Exec[Generate cert dse__wdqs refresh]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-next.chain.pem]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-next-deploy-dse-k8s-eqiad.config]
- Exec[Generate cert dse__wdqs-deploy]
- Exec[renew certificate - dse__wdqs-next-deploy]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-next-deploy-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-next-key.pem]
- Exec[Generate cert dse__wdqs-deploy refresh on intermediate ca change]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-deploy-dse-k8s-codfw.config]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs.pem]
- File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs-next]
- File[/etc/kubernetes/wdqs-dse-k8s-eqiad.config]
- Exec[renew certificate - dse__wdqs-deploy]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-deploy.csr]
- File[/etc/kubernetes/pki/dse__wdqs-deploy.pem]
- File[/etc/kubernetes/wdqs-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-deploy.chained.pem]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-next.csr]
- Cfssl::Cert[dse__wdqs-next-deploy]
- Cfssl::Cert[dse__wdqs-deploy]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-next-deploy.csr]
Resources only in the old catalog
- File[/etc/kubernetes/pki/dse__wdqs-internal-next.chain.pem]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next-deploy.csr]
- Exec[Generate cert dse__wdqs-internal-next refresh]
- File[/etc/kubernetes/pki/dse__wdqs-internal-key.pem]
- Cfssl::Cert[dse__wdqs-external-next-deploy]
- File[/etc/kubernetes/pki/dse__wdqs-external-next.pem]
- Exec[Generate cert dse__wdqs-external-next refresh on intermediate ca change]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next-deploy.chained.pem]
- File[/etc/kubernetes/pki/dse__wdqs-external-next.chain.pem]
- Exec[renew certificate - dse__wdqs-external-next-deploy]
- File[/etc/kubernetes/pki/dse__wdqs-external-next.chained.pem]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next-deploy.pem]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external.chain.pem]
- File[/etc/kubernetes/wdqs-external-deploy-dse-k8s-codfw.config]
- Exec[renew certificate - dse__wdqs-internal-next-deploy]
- Exec[Generate cert dse__wdqs-internal-deploy refresh]
- Exec[renew certificate - dse__wdqs-internal]
- File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs-internal]
- File[/etc/kubernetes/pki/dse__wdqs-external-deploy.chain.pem]
- Exec[Generate cert dse__wdqs-internal-next]
- Exec[Generate cert dse__wdqs-external refresh]
- Exec[Generate cert dse__wdqs-external-next-deploy refresh]
- File[/etc/kubernetes/wdqs-internal-next-deploy-dse-k8s-eqiad.config]
- Cfssl::Cert[dse__wdqs-external]
- File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs-external-next]
- File[/etc/cfssl/csr/dse__wdqs-internal.csr]
- Exec[Generate cert dse__wdqs-internal-next-deploy]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external-deploy.chain.pem]
- Exec[Generate cert dse__wdqs-internal refresh on intermediate ca change]
- File[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr]
- Exec[Generate cert dse__wdqs-external]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-deploy-dse-k8s-eqiad.config]
- File[/etc/kubernetes/pki/dse__wdqs-external.csr]
- File[/etc/kubernetes/pki/dse__wdqs-internal.pem]
- Exec[Generate cert dse__wdqs-external-next-deploy]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-dse-k8s-eqiad.config]
- Exec[renew certificate - dse__wdqs-external-deploy]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external-next.chain.pem]
- Exec[Generate cert dse__wdqs-external-deploy]
- File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs-internal-next]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-deploy-dse-k8s-codfw.config]
- Exec[renew certificate - dse__wdqs-external]
- File[/etc/kubernetes/pki/dse__wdqs-external-deploy-key.pem]
- File[/etc/kubernetes/wdqs-external-next-deploy-dse-k8s-eqiad.config]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-next-deploy.csr]
- File[/etc/kubernetes/pki/dse__wdqs-external.chain.pem]
- File[/etc/kubernetes/wdqs-internal-next-deploy-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-external-next-key.pem]
- File[/etc/kubernetes/pki/dse__wdqs-external-key.pem]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-deploy-dse-k8s-eqiad.config]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr]
- File[/etc/kubernetes/pki/dse__wdqs-external-deploy.pem]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-next-deploy-dse-k8s-codfw.config]
- File[/etc/kubernetes/wdqs-external-next-dse-k8s-eqiad.config]
- Exec[renew certificate - dse__wdqs-internal-deploy]
- File[/etc/kubernetes/pki/dse__wdqs-internal-deploy.pem]
- Exec[Generate cert dse__wdqs-external refresh on intermediate ca change]
- File[/etc/cfssl/csr/dse__wdqs-external-deploy.csr]
- File[/etc/kubernetes/wdqs-external-next-dse-k8s-codfw.config]
- File[/etc/kubernetes/wdqs-internal-next-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-internal-deploy.csr]
- File[/etc/kubernetes/pki/dse__wdqs-external-next-deploy.chained.pem]
- File[/etc/kubernetes/wdqs-internal-deploy-dse-k8s-eqiad.config]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-internal.chain.pem]
- Exec[renew certificate - dse__wdqs-external-next]
- Exec[renew certificate - dse__wdqs-internal-next]
- File[/etc/kubernetes/pki/dse__wdqs-internal.chained.pem]
- Cfssl::Cert[dse__wdqs-internal-next-deploy]
- File[/etc/kubernetes/wdqs-internal-dse-k8s-codfw.config]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-deploy-dse-k8s-eqiad.config]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-external-next-deploy.csr]
- Cfssl::Cert[dse__wdqs-external-deploy]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-dse-k8s-eqiad.config]
- Exec[Generate cert dse__wdqs-external-next]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next-deploy-key.pem]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next.csr]
- File[/etc/kubernetes/pki/dse__wdqs-internal.csr]
- File[/etc/kubernetes/pki/dse__wdqs-external-next-deploy.chain.pem]
- File[/etc/cfssl/csr/dse__wdqs-internal-next.csr]
- File[/etc/kubernetes/pki/dse__wdqs-internal-deploy-key.pem]
- Exec[Generate cert dse__wdqs-external-next refresh]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config]
- Cfssl::Cert[dse__wdqs-internal]
- File[/etc/kubernetes/wdqs-external-deploy-dse-k8s-eqiad.config]
- File[/etc/kubernetes/pki/dse__wdqs-external-deploy.chained.pem]
- Cfssl::Cert[dse__wdqs-external-next]
- File[/etc/kubernetes/pki/dse__wdqs-internal-deploy.chained.pem]
- File[/etc/kubernetes/wdqs-internal-dse-k8s-eqiad.config]
- File[/etc/kubernetes/pki/dse__wdqs-external-next-deploy.pem]
- Exec[Generate cert dse__wdqs-internal-deploy refresh on intermediate ca change]
- Exec[Generate cert dse__wdqs-external-deploy refresh]
- File[/etc/cfssl/csr/dse__wdqs-external.csr]
- File[/etc/kubernetes/wdqs-external-dse-k8s-eqiad.config]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-internal-next.chain.pem]
- Exec[Generate cert dse__wdqs-internal-next-deploy refresh on intermediate ca change]
- File[/etc/kubernetes/pki/dse__wdqs-internal-deploy.chain.pem]
- File[/etc/cfssl/csr/dse__wdqs-external-next.csr]
- File[/etc/cfssl/csr/dse__wdqs-internal-next-deploy.csr]
- File[/etc/kubernetes/wdqs-external-dse-k8s-codfw.config]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-dse-k8s-codfw.config]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-next-dse-k8s-eqiad.config]
- Cfssl::Cert[dse__wdqs-internal-next]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal.csr]
- File[/etc/cfssl/csr/dse__wdqs-external-next-deploy.csr]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-deploy-dse-k8s-codfw.config]
- Exec[Generate cert dse__wdqs-internal-deploy]
- File[/etc/kubernetes/pki/dse__wdqs-external-deploy.csr]
- File[/etc/kubernetes/wdqs-internal-deploy-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-internal.chain.pem]
- Exec[Generate cert dse__wdqs-internal refresh]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-internal-next-deploy.chain.pem]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-codfw.config]
- Exec[Generate cert dse__wdqs-external-deploy refresh on intermediate ca change]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next.pem]
- File[/etc/kubernetes/pki/dse__wdqs-external-next.csr]
- Exec[Generate cert dse__wdqs-external-next-deploy refresh on intermediate ca change]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-next.csr]
- Exec[Generate cert dse__wdqs-internal-next refresh on intermediate ca change]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next-deploy.chain.pem]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-next-deploy-dse-k8s-eqiad.config]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-external-next.csr]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-external-deploy.csr]
- File[/etc/kubernetes/pki/dse__wdqs-external.pem]
- File[/etc/kubernetes/pki/dse__wdqs-external.chained.pem]
- File[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config]
- File[/etc/kubernetes/pki/dse__wdqs-external-next-deploy.csr]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-external.csr]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-internal-deploy.chain.pem]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-dse-k8s-codfw.config]
- Cfssl::Cert[dse__wdqs-internal-deploy]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next-key.pem]
- File[/etc/kubernetes/wdqs-external-next-deploy-dse-k8s-codfw.config]
- Exec[Generate cert dse__wdqs-internal-next-deploy refresh]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external-next-deploy.chain.pem]
- Exec[Generate cert dse__wdqs-internal]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next.chained.pem]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-next-dse-k8s-codfw.config]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-deploy-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-external-next-deploy-key.pem]
- File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs-external]
Resources modified
- File[/etc/helmfile-defaults/services-dse-k8s-codfw.yaml]
- Content differences:
--- /etc/helmfile-defaults/services-dse-k8s-codfw.yaml.orig +++ /etc/helmfile-defaults/services-dse-k8s-codfw.yaml @@ -76,22 +76,14 @@ usernames: - name: opensearch-ttmserver-test - name: opensearch-ttmserver-test-deploy - wdqs-internal: + wdqs: usernames: - - name: wdqs-internal - - name: wdqs-internal-deploy - wdqs-internal-next: + - name: wdqs + - name: wdqs-deploy + wdqs-next: usernames: - - name: wdqs-internal-next - - name: wdqs-internal-next-deploy - wdqs-external: - usernames: - - name: wdqs-external - - name: wdqs-external-deploy - wdqs-external-next: - usernames: - - name: wdqs-external-next - - name: wdqs-external-next-deploy + - name: wdqs-next + - name: wdqs-next-deploy echoserver: usernames: - name: echoserver
- Content differences:
- Exec[Generate cert dse__wdqs-deploy refresh]
- Parameters differences:
--- Exec[Generate cert dse__wdqs-deploy refresh].orig +++ Exec[Generate cert dse__wdqs-deploy refresh] + command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/cfssl/csr/dse__wdqs-deploy.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-deploy + refreshonly => True + subscribe => File[/etc/cfssl/csr/dse__wdqs-deploy.csr] + environment => ['GODEBUG=x509ignoreCN=0']
- Exec[Generate cert dse__wdqs-internal-next refresh]
- Parameters differences:
--- Exec[Generate cert dse__wdqs-internal-next refresh].orig +++ Exec[Generate cert dse__wdqs-internal-next refresh] - command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/cfssl/csr/dse__wdqs-internal-next.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-internal-next - refreshonly => True - subscribe => File[/etc/cfssl/csr/dse__wdqs-internal-next.csr] - environment => ['GODEBUG=x509ignoreCN=0']
- File[/etc/kubernetes/wdqs-external-dse-k8s-codfw.config]
- Parameters differences:
--- File[/etc/kubernetes/wdqs-external-dse-k8s-codfw.config].orig +++ File[/etc/kubernetes/wdqs-external-dse-k8s-codfw.config] - mode => 0640 - owner => mwdeploy - group => deployment - ensure => present
- Content differences:
--- /etc/kubernetes/wdqs-external-dse-k8s-codfw.config.orig +++ /etc/kubernetes/wdqs-external-dse-k8s-codfw.config @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Config -preferences: {} -current-context: default-system -contexts: -- name: default-system - context: - cluster: default-cluster - user: wdqs-external - namespace: wdqs-external -clusters: -- name: default-cluster - cluster: - server: https://dse-k8s-ctrl.svc.codfw.wmnet:6443 -users: -- name: wdqs-external - user: - client-certificate: /etc/kubernetes/pki/dse__wdqs-external.pem - client-key: /etc/kubernetes/pki/dse__wdqs-external-key.pem- File[/etc/kubernetes/pki/dse__wdqs-external-next.chained.pem]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-external-next.chained.pem].orig +++ File[/etc/kubernetes/pki/dse__wdqs-external-next.chained.pem] - owner => mwdeploy - require => Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external-next.chain.pem] - group => deployment - ensure => file
- Exec[Generate cert dse__wdqs-next-deploy refresh on intermediate ca change]
- Parameters differences:
--- Exec[Generate cert dse__wdqs-next-deploy refresh on intermediate ca change].orig +++ Exec[Generate cert dse__wdqs-next-deploy refresh on intermediate ca change] + refreshonly => True + require => Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-next-deploy.csr] + environment => ['GODEBUG=x509ignoreCN=0'] + command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/cfssl/csr/dse__wdqs-next-deploy.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-next-deploy + subscribe => File[/etc/kubernetes/pki/dse__wdqs-next-deploy.chain.pem]
- Cfssl::Cert[dse__wdqs-internal-next-deploy]
- Parameters differences:
--- Cfssl::Cert[dse__wdqs-internal-next-deploy].orig +++ Cfssl::Cert[dse__wdqs-internal-next-deploy] - notify_services => [] - renew_seconds => 952200 - names => [{'organisation': 'view'}, {'organisation': 'deploy'}] - key => {'algo': 'ecdsa', 'size': 256} - auto_renew => True - owner => mwdeploy - provide_chain => True - mode => 0740 - common_name => wdqs-internal-next-deploy - label => dse - ensure => present - environment => ['GODEBUG=x509ignoreCN=0'] - group => deployment - outdir => /etc/kubernetes/pki - before_services => [] - hosts => []- Exec[renew certificate - dse__wdqs-external-next-deploy]
- Parameters differences:
--- Exec[renew certificate - dse__wdqs-external-next-deploy].orig +++ Exec[renew certificate - dse__wdqs-external-next-deploy] - command => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/kubernetes/pki/dse__wdqs-external-next-deploy.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-external-next-deploy - environment => ['GODEBUG=x509ignoreCN=0'] - unless => /usr/bin/openssl x509 -in /etc/kubernetes/pki/dse__wdqs-external-next-deploy.pem -checkend 952200 - require => Exec[Generate cert dse__wdqs-external-next-deploy]
- File[/etc/kubernetes/pki/dse__wdqs-external-deploy-key.pem]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-external-deploy-key.pem].orig +++ File[/etc/kubernetes/pki/dse__wdqs-external-deploy-key.pem] - show_diff => False - owner => mwdeploy - mode => 0440 - backup => False - group => deployment - ensure => file
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external.chain.pem]
- Parameters differences:
--- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external.chain.pem].orig +++ Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external.chain.pem] - command => /bin/cat /etc/kubernetes/pki/dse__wdqs-external.pem /etc/kubernetes/pki/dse__wdqs-external.chain.pem > /etc/kubernetes/pki/dse__wdqs-external.chained.pem - subscribe => ['Exec[renew certificate - dse__wdqs-external]', 'File[/etc/kubernetes/pki/dse__wdqs-external.chain.pem]', 'File[/etc/kubernetes/pki/dse__wdqs-external.pem]'] - require => Exec[Generate cert dse__wdqs-external refresh on intermediate ca change] - unless => /usr/bin/test "$(/bin/cat /etc/kubernetes/pki/dse__wdqs-external.pem /etc/kubernetes/pki/dse__wdqs-external.chain.pem | sha512sum)" == "$(/bin/cat /etc/kubernetes/pki/dse__wdqs-external.chained.pem | sha512sum)"
- Exec[renew certificate - dse__wdqs]
- Parameters differences:
--- Exec[renew certificate - dse__wdqs].orig +++ Exec[renew certificate - dse__wdqs] + command => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/kubernetes/pki/dse__wdqs.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs + environment => ['GODEBUG=x509ignoreCN=0'] + unless => /usr/bin/openssl x509 -in /etc/kubernetes/pki/dse__wdqs.pem -checkend 952200 + require => Exec[Generate cert dse__wdqs]
- Exec[Generate cert dse__wdqs-internal-next-deploy refresh]
- Parameters differences:
--- Exec[Generate cert dse__wdqs-internal-next-deploy refresh].orig +++ Exec[Generate cert dse__wdqs-internal-next-deploy refresh] - command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/cfssl/csr/dse__wdqs-internal-next-deploy.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-internal-next-deploy - refreshonly => True - subscribe => File[/etc/cfssl/csr/dse__wdqs-internal-next-deploy.csr] - environment => ['GODEBUG=x509ignoreCN=0']
- File[/etc/cfssl/csr/dse__wdqs-next.csr]
- Parameters differences:
--- File[/etc/cfssl/csr/dse__wdqs-next.csr].orig +++ File[/etc/cfssl/csr/dse__wdqs-next.csr] + mode => 0400 + owner => root + group => root + ensure => file
- Content differences:
--- /etc/cfssl/csr/dse__wdqs-next.csr.orig +++ /etc/cfssl/csr/dse__wdqs-next.csr @@ -0,0 +1,19 @@ +{ + "CN": "wdqs-next", + "hosts": [ + "wdqs-next" + ], + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": null, + "L": null, + "O": "view", + "OU": null, + "S": null + } + ] +}- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-next-deploy-dse-k8s-codfw.config]
- Parameters differences:
--- K8s::Kubeconfig[/etc/kubernetes/wdqs-external-next-deploy-dse-k8s-codfw.config].orig +++ K8s::Kubeconfig[/etc/kubernetes/wdqs-external-next-deploy-dse-k8s-codfw.config] - master_host => dse-k8s-ctrl.svc.codfw.wmnet - require => ['Class[K8s::Base_dirs]'] - owner => mwdeploy - namespace => wdqs-external-next - mode => 0640 - ensure => present - username => wdqs-external-next-deploy - auth_cert => {'cert': '/etc/kubernetes/pki/dse__wdqs-external-next-deploy.pem', 'key': '/etc/kubernetes/pki/dse__wdqs-external-next-deploy-key.pem', 'chain': '/etc/kubernetes/pki/dse__wdqs-external-next-deploy.chain.pem', 'chained': '/etc/kubernetes/pki/dse__wdqs-external-next-deploy.chained.pem'} - group => deployment- File[/etc/kubernetes/pki/dse__wdqs-external-next.csr]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-external-next.csr].orig +++ File[/etc/kubernetes/pki/dse__wdqs-external-next.csr] - mode => 0440 - owner => mwdeploy - group => deployment - ensure => file
- Exec[Generate cert dse__wdqs]
- Parameters differences:
--- Exec[Generate cert dse__wdqs].orig +++ Exec[Generate cert dse__wdqs] + command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/cfssl/csr/dse__wdqs.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs + environment => ['GODEBUG=x509ignoreCN=0'] + unless => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/kubernetes/pki/dse__wdqs.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/kubernetes/pki/dse__wdqs-key.pem 2>&1)" + require => Cfssl::Csr[/etc/cfssl/csr/dse__wdqs.csr]
- File[/etc/kubernetes/pki/dse__wdqs-internal.pem]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-internal.pem].orig +++ File[/etc/kubernetes/pki/dse__wdqs-internal.pem] - mode => 0440 - owner => mwdeploy - group => deployment - ensure => file
- File[/etc/kubernetes/pki/dse__wdqs-internal-next-deploy.chain.pem]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-internal-next-deploy.chain.pem].orig +++ File[/etc/kubernetes/pki/dse__wdqs-internal-next-deploy.chain.pem] - source => puppet:///modules/profile/pki/intermediates/dse-cert.pem - owner => mwdeploy - mode => 0440 - group => deployment - ensure => file
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-dse-k8s-codfw.config]
- Parameters differences:
--- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-dse-k8s-codfw.config].orig +++ K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-dse-k8s-codfw.config] - master_host => dse-k8s-ctrl.svc.codfw.wmnet - require => ['Class[K8s::Base_dirs]'] - owner => mwdeploy - namespace => wdqs-internal - mode => 0640 - ensure => present - username => wdqs-internal - auth_cert => {'cert': '/etc/kubernetes/pki/dse__wdqs-internal.pem', 'key': '/etc/kubernetes/pki/dse__wdqs-internal-key.pem', 'chain': '/etc/kubernetes/pki/dse__wdqs-internal.chain.pem', 'chained': '/etc/kubernetes/pki/dse__wdqs-internal.chained.pem'} - group => deployment- File[/etc/kubernetes/wdqs-next-deploy-dse-k8s-eqiad.config]
- Parameters differences:
--- File[/etc/kubernetes/wdqs-next-deploy-dse-k8s-eqiad.config].orig +++ File[/etc/kubernetes/wdqs-next-deploy-dse-k8s-eqiad.config] + mode => 0640 + owner => mwdeploy + group => deployment + ensure => present
- Content differences:
--- /etc/kubernetes/wdqs-next-deploy-dse-k8s-eqiad.config.orig +++ /etc/kubernetes/wdqs-next-deploy-dse-k8s-eqiad.config @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Config +preferences: {} +current-context: default-system +contexts: +- name: default-system + context: + cluster: default-cluster + user: wdqs-next-deploy + namespace: wdqs-next +clusters: +- name: default-cluster + cluster: + server: https://dse-k8s-ctrl.svc.eqiad.wmnet:6443 +users: +- name: wdqs-next-deploy + user: + client-certificate: /etc/kubernetes/pki/dse__wdqs-next-deploy.pem + client-key: /etc/kubernetes/pki/dse__wdqs-next-deploy-key.pem- Exec[Generate cert dse__wdqs-external-next]
- Parameters differences:
--- Exec[Generate cert dse__wdqs-external-next].orig +++ Exec[Generate cert dse__wdqs-external-next] - command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/cfssl/csr/dse__wdqs-external-next.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-external-next - environment => ['GODEBUG=x509ignoreCN=0'] - unless => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/kubernetes/pki/dse__wdqs-external-next.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/kubernetes/pki/dse__wdqs-external-next-key.pem 2>&1)" - require => Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-external-next.csr]
- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.chain.pem]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.chain.pem].orig +++ File[/etc/kubernetes/pki/dse__wdqs-next-deploy.chain.pem] + source => puppet:///modules/profile/pki/intermediates/dse-cert.pem + owner => mwdeploy + mode => 0440 + group => deployment + ensure => file
- Exec[renew certificate - dse__wdqs-external-next]
- Parameters differences:
--- Exec[renew certificate - dse__wdqs-external-next].orig +++ Exec[renew certificate - dse__wdqs-external-next] - command => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/kubernetes/pki/dse__wdqs-external-next.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-external-next - environment => ['GODEBUG=x509ignoreCN=0'] - unless => /usr/bin/openssl x509 -in /etc/kubernetes/pki/dse__wdqs-external-next.pem -checkend 952200 - require => Exec[Generate cert dse__wdqs-external-next]
- File[/etc/profile.d/kube-conf.sh]
- Content differences:
--- /etc/profile.d/kube-conf.sh.orig +++ /etc/profile.d/kube-conf.sh @@ -3,7 +3,7 @@ # kube environments export KUBE_ENV_ENVIRONMENTS="eqiad codfw staging staging-eqiad staging-codfw ml-serve-eqiad ml-serve-codfw ml-staging-codfw dse-k8s-eqiad dse-k8s-codfw aux-k8s-eqiad aux-k8s-codfw" -export KUBE_ENV_SERVICES="admin apertium api-gateway benthos-cache-invalidator changeprop changeprop-jobqueue chart-renderer cirrus-streaming-updater citoid commons-impact-analytics cxserver data-gateway developer-portal device-analytics echostore edit-analytics editor-analytics eventgate-analytics eventgate-analytics-external eventgate-logging-external eventgate-main eventstreams failoid-ng geo-analytics ipoid kartotherian linked-artifacts linkrecommendation machinetranslation mathoid media-analytics miscweb mobileapps mw-api-ext mw-api-int mw-cron mw-debug mw-experimental mw-jobrunner mw-mcrouter mw-misc mw-page-content-change-enrich mw-parsoid mw-script mw-videoscaler mw-web mw-wikifunctions opentelemetry-collector page-analytics proton push-notifications ratelimit rdf-streaming-updater recommendation-api rest-gateway sessionstore shellbox shellbox-constraints shellbox-media shellbox-syntaxhighlight shellbox-timeline shellbox-video tegola-vector-tiles termbox thumbor toolhub wikidata-query-gui wikifeeds wikifunctions zotero article-descriptions article-models articletopic-outlink edit-check experimental llm logo-detection ores-legacy readability recommendation-api-ng revertrisk revise-tone-task-generator revision-models revscoring-articlequality revscoring-articletopic revscoring-draftquality revscoring-drafttopic revscoring-editquality-damaging revscoring-editquality-goodfaith revscoring-editquality-reverted analytics analytics-test kafka-mirrormaker kafka-ui opensearch-ipoid opensearch-ipoid-test opensearch-operator opensearch-operator-3 opensearch-semantic-search opensearch-semantic-search-test opensearch-test opensearch-toolhub opensearch-toolhub-test opensearch-apifeatureusage opensearch-apifeatureusage-test opensearch-ttmserver opensearch-ttmserver-test wdqs-internal wdqs-internal-next wdqs-external wdqs-external-next echoserver airflow-analytics-product airflow-analytics-test airflow-dev airflow-fr-tech airflow-main airflow-ml airflow-platform-eng airflow-research airflow-search airflow-sre airflow-test-k8s airflow-wikidata airflow-wmde blunderbuss datahub datahub-next datasets-config datasets-config-next eventstreams-internal growthbook growthbook-next llm-inference mediawiki-dumps-legacy mw-content-history-reconcile-enrich mw-content-history-reconcile-enrich-next mw-dump-rev-content-reconcile-enrich mw-dump-rev-content-reconcile-enrich-next mw-page-html-content-change-enrich mw-page-html-content-change-enrich-next mw-page-html-feature-counts-change-enrich mw-page-html-feature-counts-change-enrich-next spark spark-history spark-history-test superset superset-next test-kitchen test-kitchen-next turnilo turnilo-next webrequest-page-view webrequest-page-view-next wdqs-queryhammer codesearch jaeger redioscope sophroid zarcillo" +export KUBE_ENV_SERVICES="admin apertium api-gateway benthos-cache-invalidator changeprop changeprop-jobqueue chart-renderer cirrus-streaming-updater citoid commons-impact-analytics cxserver data-gateway developer-portal device-analytics echostore edit-analytics editor-analytics eventgate-analytics eventgate-analytics-external eventgate-logging-external eventgate-main eventstreams failoid-ng geo-analytics ipoid kartotherian linked-artifacts linkrecommendation machinetranslation mathoid media-analytics miscweb mobileapps mw-api-ext mw-api-int mw-cron mw-debug mw-experimental mw-jobrunner mw-mcrouter mw-misc mw-page-content-change-enrich mw-parsoid mw-script mw-videoscaler mw-web mw-wikifunctions opentelemetry-collector page-analytics proton push-notifications ratelimit rdf-streaming-updater recommendation-api rest-gateway sessionstore shellbox shellbox-constraints shellbox-media shellbox-syntaxhighlight shellbox-timeline shellbox-video tegola-vector-tiles termbox thumbor toolhub wikidata-query-gui wikifeeds wikifunctions zotero article-descriptions article-models articletopic-outlink edit-check experimental llm logo-detection ores-legacy readability recommendation-api-ng revertrisk revise-tone-task-generator revision-models revscoring-articlequality revscoring-articletopic revscoring-draftquality revscoring-drafttopic revscoring-editquality-damaging revscoring-editquality-goodfaith revscoring-editquality-reverted analytics analytics-test kafka-mirrormaker kafka-ui opensearch-ipoid opensearch-ipoid-test opensearch-operator opensearch-operator-3 opensearch-semantic-search opensearch-semantic-search-test opensearch-test opensearch-toolhub opensearch-toolhub-test opensearch-apifeatureusage opensearch-apifeatureusage-test opensearch-ttmserver opensearch-ttmserver-test wdqs wdqs-next echoserver airflow-analytics-product airflow-analytics-test airflow-dev airflow-fr-tech airflow-main airflow-ml airflow-platform-eng airflow-research airflow-search airflow-sre airflow-test-k8s airflow-wikidata airflow-wmde blunderbuss datahub datahub-next datasets-config datasets-config-next eventstreams-internal growthbook growthbook-next llm-inference mediawiki-dumps-legacy mw-content-history-reconcile-enrich mw-content-history-reconcile-enrich-next mw-dump-rev-content-reconcile-enrich mw-dump-rev-content-reconcile-enrich-next mw-page-html-content-change-enrich mw-page-html-content-change-enrich-next mw-page-html-feature-counts-change-enrich mw-page-html-feature-counts-change-enrich-next spark spark-history spark-history-test superset superset-next test-kitchen test-kitchen-next turnilo turnilo-next webrequest-page-view webrequest-page-view-next wdqs-queryhammer codesearch jaeger redioscope sophroid zarcillo" # Array that maps kubernetes environments to their respective versions # This duplicated information from KUBE_ENV_ENVIRONMENTS, but I did not want to break existing scripts
- Cfssl::Cert[dse__wdqs]
- Parameters differences:
--- Cfssl::Cert[dse__wdqs].orig +++ Cfssl::Cert[dse__wdqs] + notify_services => [] + renew_seconds => 952200 + names => [{'organisation': 'view'}] + key => {'algo': 'ecdsa', 'size': 256} + auto_renew => True + owner => mwdeploy + provide_chain => True + mode => 0740 + common_name => wdqs + label => dse + ensure => present + environment => ['GODEBUG=x509ignoreCN=0'] + group => deployment + outdir => /etc/kubernetes/pki + before_services => [] + hosts => []- File[/etc/kubernetes/wdqs-deploy-dse-k8s-codfw.config]
- Parameters differences:
--- File[/etc/kubernetes/wdqs-deploy-dse-k8s-codfw.config].orig +++ File[/etc/kubernetes/wdqs-deploy-dse-k8s-codfw.config] + mode => 0640 + owner => mwdeploy + group => deployment + ensure => present
- Content differences:
--- /etc/kubernetes/wdqs-deploy-dse-k8s-codfw.config.orig +++ /etc/kubernetes/wdqs-deploy-dse-k8s-codfw.config @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Config +preferences: {} +current-context: default-system +contexts: +- name: default-system + context: + cluster: default-cluster + user: wdqs-deploy + namespace: wdqs +clusters: +- name: default-cluster + cluster: + server: https://dse-k8s-ctrl.svc.codfw.wmnet:6443 +users: +- name: wdqs-deploy + user: + client-certificate: /etc/kubernetes/pki/dse__wdqs-deploy.pem + client-key: /etc/kubernetes/pki/dse__wdqs-deploy-key.pem- K8s::Kubeconfig[/etc/kubernetes/wdqs-dse-k8s-codfw.config]
- Parameters differences:
--- K8s::Kubeconfig[/etc/kubernetes/wdqs-dse-k8s-codfw.config].orig +++ K8s::Kubeconfig[/etc/kubernetes/wdqs-dse-k8s-codfw.config] + master_host => dse-k8s-ctrl.svc.codfw.wmnet + require => ['Class[K8s::Base_dirs]'] + owner => mwdeploy + namespace => wdqs + mode => 0640 + ensure => present + username => wdqs + auth_cert => {'cert': '/etc/kubernetes/pki/dse__wdqs.pem', 'key': '/etc/kubernetes/pki/dse__wdqs-key.pem', 'chain': '/etc/kubernetes/pki/dse__wdqs.chain.pem', 'chained': '/etc/kubernetes/pki/dse__wdqs.chained.pem'} + group => deployment- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config]
- Parameters differences:
--- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config].orig +++ K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config] - master_host => dse-k8s-ctrl.svc.eqiad.wmnet - require => ['Class[K8s::Base_dirs]'] - owner => mwdeploy - namespace => wdqs-internal-next - mode => 0640 - ensure => present - username => wdqs-internal-next - auth_cert => {'cert': '/etc/kubernetes/pki/dse__wdqs-internal-next.pem', 'key': '/etc/kubernetes/pki/dse__wdqs-internal-next-key.pem', 'chain': '/etc/kubernetes/pki/dse__wdqs-internal-next.chain.pem', 'chained': '/etc/kubernetes/pki/dse__wdqs-internal-next.chained.pem'} - group => deployment- File[/etc/kubernetes/wdqs-external-next-dse-k8s-codfw.config]
- Parameters differences:
--- File[/etc/kubernetes/wdqs-external-next-dse-k8s-codfw.config].orig +++ File[/etc/kubernetes/wdqs-external-next-dse-k8s-codfw.config] - mode => 0640 - owner => mwdeploy - group => deployment - ensure => present
- Content differences:
--- /etc/kubernetes/wdqs-external-next-dse-k8s-codfw.config.orig +++ /etc/kubernetes/wdqs-external-next-dse-k8s-codfw.config @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Config -preferences: {} -current-context: default-system -contexts: -- name: default-system - context: - cluster: default-cluster - user: wdqs-external-next - namespace: wdqs-external-next -clusters: -- name: default-cluster - cluster: - server: https://dse-k8s-ctrl.svc.codfw.wmnet:6443 -users: -- name: wdqs-external-next - user: - client-certificate: /etc/kubernetes/pki/dse__wdqs-external-next.pem - client-key: /etc/kubernetes/pki/dse__wdqs-external-next-key.pem- File[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr]
- Parameters differences:
--- File[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr].orig +++ File[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr] - mode => 0400 - owner => root - group => root - ensure => file
- Content differences:
--- /etc/cfssl/csr/dse__wdqs-internal-deploy.csr.orig +++ /etc/cfssl/csr/dse__wdqs-internal-deploy.csr @@ -1,26 +0,0 @@ -{ - "CN": "wdqs-internal-deploy", - "hosts": [ - "wdqs-internal-deploy" - ], - "key": { - "algo": "ecdsa", - "size": 256 - }, - "names": [ - { - "C": null, - "L": null, - "O": "view", - "OU": null, - "S": null - }, - { - "C": null, - "L": null, - "O": "deploy", - "OU": null, - "S": null - } - ] -}- Cfssl::Cert[dse__wdqs-internal]
- Parameters differences:
--- Cfssl::Cert[dse__wdqs-internal].orig +++ Cfssl::Cert[dse__wdqs-internal] - notify_services => [] - renew_seconds => 952200 - names => [{'organisation': 'view'}] - key => {'algo': 'ecdsa', 'size': 256} - auto_renew => True - owner => mwdeploy - provide_chain => True - mode => 0740 - common_name => wdqs-internal - label => dse - ensure => present - environment => ['GODEBUG=x509ignoreCN=0'] - group => deployment - outdir => /etc/kubernetes/pki - before_services => [] - hosts => []- File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs-internal-next]
- Parameters differences:
--- File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs-internal-next].orig +++ File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs-internal-next] - recurse => True - owner => mwdeploy - mode => 0751 - force => True - group => deployment - ensure => directory
- Cfssl::Cert[dse__wdqs-external-deploy]
- Parameters differences:
--- Cfssl::Cert[dse__wdqs-external-deploy].orig +++ Cfssl::Cert[dse__wdqs-external-deploy] - notify_services => [] - renew_seconds => 952200 - names => [{'organisation': 'view'}, {'organisation': 'deploy'}] - key => {'algo': 'ecdsa', 'size': 256} - auto_renew => True - owner => mwdeploy - provide_chain => True - mode => 0740 - common_name => wdqs-external-deploy - label => dse - ensure => present - environment => ['GODEBUG=x509ignoreCN=0'] - group => deployment - outdir => /etc/kubernetes/pki - before_services => [] - hosts => []- File[/etc/cfssl/csr/dse__wdqs-deploy.csr]
- Parameters differences:
--- File[/etc/cfssl/csr/dse__wdqs-deploy.csr].orig +++ File[/etc/cfssl/csr/dse__wdqs-deploy.csr] + mode => 0400 + owner => root + group => root + ensure => file
- Content differences:
--- /etc/cfssl/csr/dse__wdqs-deploy.csr.orig +++ /etc/cfssl/csr/dse__wdqs-deploy.csr @@ -0,0 +1,26 @@ +{ + "CN": "wdqs-deploy", + "hosts": [ + "wdqs-deploy" + ], + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": null, + "L": null, + "O": "view", + "OU": null, + "S": null + }, + { + "C": null, + "L": null, + "O": "deploy", + "OU": null, + "S": null + } + ] +}- Exec[renew certificate - dse__wdqs-internal-next-deploy]
- Parameters differences:
--- Exec[renew certificate - dse__wdqs-internal-next-deploy].orig +++ Exec[renew certificate - dse__wdqs-internal-next-deploy] - command => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/kubernetes/pki/dse__wdqs-internal-next-deploy.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-internal-next-deploy - environment => ['GODEBUG=x509ignoreCN=0'] - unless => /usr/bin/openssl x509 -in /etc/kubernetes/pki/dse__wdqs-internal-next-deploy.pem -checkend 952200 - require => Exec[Generate cert dse__wdqs-internal-next-deploy]
- File[/etc/cfssl/csr/dse__wdqs-internal-next.csr]
- Parameters differences:
--- File[/etc/cfssl/csr/dse__wdqs-internal-next.csr].orig +++ File[/etc/cfssl/csr/dse__wdqs-internal-next.csr] - mode => 0400 - owner => root - group => root - ensure => file
- Content differences:
--- /etc/cfssl/csr/dse__wdqs-internal-next.csr.orig +++ /etc/cfssl/csr/dse__wdqs-internal-next.csr @@ -1,19 +0,0 @@ -{ - "CN": "wdqs-internal-next", - "hosts": [ - "wdqs-internal-next" - ], - "key": { - "algo": "ecdsa", - "size": 256 - }, - "names": [ - { - "C": null, - "L": null, - "O": "view", - "OU": null, - "S": null - } - ] -}- File[/etc/cfssl/csr/dse__wdqs-next-deploy.csr]
- Parameters differences:
--- File[/etc/cfssl/csr/dse__wdqs-next-deploy.csr].orig +++ File[/etc/cfssl/csr/dse__wdqs-next-deploy.csr] + mode => 0400 + owner => root + group => root + ensure => file
- Content differences:
--- /etc/cfssl/csr/dse__wdqs-next-deploy.csr.orig +++ /etc/cfssl/csr/dse__wdqs-next-deploy.csr @@ -0,0 +1,26 @@ +{ + "CN": "wdqs-next-deploy", + "hosts": [ + "wdqs-next-deploy" + ], + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": null, + "L": null, + "O": "view", + "OU": null, + "S": null + }, + { + "C": null, + "L": null, + "O": "deploy", + "OU": null, + "S": null + } + ] +}- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs.csr]
- Parameters differences:
--- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs.csr].orig +++ Cfssl::Csr[/etc/cfssl/csr/dse__wdqs.csr] + key => {'algo': 'ecdsa', 'size': 256} + hosts => [] + names => [{'organisation': 'view'}] + common_name => wdqs + ensure => present- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr]
- Parameters differences:
--- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr].orig +++ Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr] - key => {'algo': 'ecdsa', 'size': 256} - hosts => [] - names => [{'organisation': 'view'}, {'organisation': 'deploy'}] - common_name => wdqs-internal-deploy - ensure => present- Exec[Generate cert dse__wdqs-next-deploy refresh]
- Parameters differences:
--- Exec[Generate cert dse__wdqs-next-deploy refresh].orig +++ Exec[Generate cert dse__wdqs-next-deploy refresh] + command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/cfssl/csr/dse__wdqs-next-deploy.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-next-deploy + refreshonly => True + subscribe => File[/etc/cfssl/csr/dse__wdqs-next-deploy.csr] + environment => ['GODEBUG=x509ignoreCN=0']
- File[/etc/kubernetes/pki/dse__wdqs-external-next-deploy.pem]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-external-next-deploy.pem].orig +++ File[/etc/kubernetes/pki/dse__wdqs-external-next-deploy.pem] - mode => 0440 - owner => mwdeploy - group => deployment - ensure => file
- File[/etc/kubernetes/wdqs-dse-k8s-codfw.config]
- Parameters differences:
--- File[/etc/kubernetes/wdqs-dse-k8s-codfw.config].orig +++ File[/etc/kubernetes/wdqs-dse-k8s-codfw.config] + mode => 0640 + owner => mwdeploy + group => deployment + ensure => present
- Content differences:
--- /etc/kubernetes/wdqs-dse-k8s-codfw.config.orig +++ /etc/kubernetes/wdqs-dse-k8s-codfw.config @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Config +preferences: {} +current-context: default-system +contexts: +- name: default-system + context: + cluster: default-cluster + user: wdqs + namespace: wdqs +clusters: +- name: default-cluster + cluster: + server: https://dse-k8s-ctrl.svc.codfw.wmnet:6443 +users: +- name: wdqs + user: + client-certificate: /etc/kubernetes/pki/dse__wdqs.pem + client-key: /etc/kubernetes/pki/dse__wdqs-key.pem- Exec[Generate cert dse__wdqs refresh on intermediate ca change]
- Parameters differences:
--- Exec[Generate cert dse__wdqs refresh on intermediate ca change].orig +++ Exec[Generate cert dse__wdqs refresh on intermediate ca change] + refreshonly => True + require => Cfssl::Csr[/etc/cfssl/csr/dse__wdqs.csr] + environment => ['GODEBUG=x509ignoreCN=0'] + command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/cfssl/csr/dse__wdqs.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs + subscribe => File[/etc/kubernetes/pki/dse__wdqs.chain.pem]
- File[/etc/kubernetes/pki/dse__wdqs-external-deploy.chained.pem]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-external-deploy.chained.pem].orig +++ File[/etc/kubernetes/pki/dse__wdqs-external-deploy.chained.pem] - owner => mwdeploy - require => Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external-deploy.chain.pem] - group => deployment - ensure => file
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-codfw.config]
- Parameters differences:
--- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-codfw.config].orig +++ K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-codfw.config] - master_host => dse-k8s-ctrl.svc.codfw.wmnet - require => ['Class[K8s::Base_dirs]'] - owner => mwdeploy - namespace => wdqs-internal-next - mode => 0640 - ensure => present - username => wdqs-internal-next - auth_cert => {'cert': '/etc/kubernetes/pki/dse__wdqs-internal-next.pem', 'key': '/etc/kubernetes/pki/dse__wdqs-internal-next-key.pem', 'chain': '/etc/kubernetes/pki/dse__wdqs-internal-next.chain.pem', 'chained': '/etc/kubernetes/pki/dse__wdqs-internal-next.chained.pem'} - group => deployment- File[/etc/kubernetes/wdqs-dse-k8s-eqiad.config]
- Parameters differences:
--- File[/etc/kubernetes/wdqs-dse-k8s-eqiad.config].orig +++ File[/etc/kubernetes/wdqs-dse-k8s-eqiad.config] + mode => 0640 + owner => mwdeploy + group => deployment + ensure => present
- Content differences:
--- /etc/kubernetes/wdqs-dse-k8s-eqiad.config.orig +++ /etc/kubernetes/wdqs-dse-k8s-eqiad.config @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Config +preferences: {} +current-context: default-system +contexts: +- name: default-system + context: + cluster: default-cluster + user: wdqs + namespace: wdqs +clusters: +- name: default-cluster + cluster: + server: https://dse-k8s-ctrl.svc.eqiad.wmnet:6443 +users: +- name: wdqs + user: + client-certificate: /etc/kubernetes/pki/dse__wdqs.pem + client-key: /etc/kubernetes/pki/dse__wdqs-key.pem- Exec[Generate cert dse__wdqs-internal-deploy]
- Parameters differences:
--- Exec[Generate cert dse__wdqs-internal-deploy].orig +++ Exec[Generate cert dse__wdqs-internal-deploy] - command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deploy1003.eqiad.wmnet.pem -label dse /etc/cfssl/csr/dse__wdqs-internal-deploy.csr | /usr/bin/cfssljson -bare /etc/kubernetes/pki/dse__wdqs-internal-deploy - environment => ['GODEBUG=x509ignoreCN=0'] - unless => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/kubernetes/pki/dse__wdqs-internal-deploy.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/kubernetes/pki/dse__wdqs-internal-deploy-key.pem 2>&1)" - require => Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr]
- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.csr]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.csr].orig +++ File[/etc/kubernetes/pki/dse__wdqs-next-deploy.csr] + mode => 0440 + owner => mwdeploy + group => deployment + ensure => file
- File[/etc/kubernetes/pki/dse__wdqs-external.chain.pem]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-external.chain.pem].orig +++ File[/etc/kubernetes/pki/dse__wdqs-external.chain.pem] - source => puppet:///modules/profile/pki/intermediates/dse-cert.pem - owner => mwdeploy - mode => 0440 - group => deployment - ensure => file
- File[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config]
- Parameters differences:
--- File[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config].orig +++ File[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config] - mode => 0640 - owner => mwdeploy - group => deployment - ensure => present
- Content differences:
--- /etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config.orig +++ /etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Config -preferences: {} -current-context: default-system -contexts: -- name: default-system - context: - cluster: default-cluster - user: wdqs-internal-next - namespace: wdqs-internal-next -clusters: -- name: default-cluster - cluster: - server: https://dse-k8s-ctrl.svc.eqiad.wmnet:6443 -users: -- name: wdqs-internal-next - user: - client-certificate: /etc/kubernetes/pki/dse__wdqs-internal-next.pem - client-key: /etc/kubernetes/pki/dse__wdqs-internal-next-key.pem- File[/etc/kubernetes/pki/dse__wdqs-external-next.chain.pem]
- Parameters differences:
--- File[/etc/kubernetes/pki/dse__wdqs-external-next.chain.pem].orig +++ File[/etc/kubernetes/pki/dse__wdqs-external-next.chain.pem] - source => puppet:///modules/profile/pki/intermediates/dse-cert.pem - owner => mwdeploy - mode => 0440 - group => deployment - ensure => file
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-next.csr]
- Parameters differences:
--- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-next.csr].orig +++ Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-next.csr] - key => {'algo': 'ecdsa', 'size': 256} - hosts => [] - names => [{'organisation': 'view'}] - common_name => wdqs-internal-next - ensure => present- File[/etc/kubernetes/pki/dse__wdqs-key.pem]
- File[/etc/kubernetes/pki/dse__wdqs-key.pem]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-next.csr]
- Content differences:
- File[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config]
- File[/etc/kubernetes/pki/dse__wdqs-external.chain.pem]
- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.csr]
- Content differences:
- File[/etc/kubernetes/wdqs-dse-k8s-eqiad.config]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-external-deploy.chained.pem]
- Content differences:
- File[/etc/kubernetes/wdqs-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-external-next-deploy.pem]
- Exec[Generate cert dse__wdqs-next-deploy refresh]
- Cfssl::Csr[/etc/cfssl/csr/dse__wdqs-internal-deploy.csr]
- Content differences:
- Content differences:
- File[/etc/cfssl/csr/dse__wdqs-internal-next.csr]
- Content differences:
- File[/etc/cfssl/csr/dse__wdqs-deploy.csr]
- Cfssl::Cert[dse__wdqs-external-deploy]
- File[/etc/helmfile-defaults/private/dse-k8s_services/wdqs-internal-next]
- Content differences:
- Content differences:
- File[/etc/kubernetes/wdqs-external-next-dse-k8s-codfw.config]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-next-dse-k8s-eqiad.config]
- Content differences:
- File[/etc/kubernetes/wdqs-deploy-dse-k8s-codfw.config]
- File[/etc/profile.d/kube-conf.sh]
- Exec[renew certificate - dse__wdqs-external-next]
- File[/etc/kubernetes/pki/dse__wdqs-next-deploy.chain.pem]
- Content differences:
- File[/etc/kubernetes/wdqs-next-deploy-dse-k8s-eqiad.config]
- K8s::Kubeconfig[/etc/kubernetes/wdqs-internal-dse-k8s-codfw.config]
- File[/etc/kubernetes/pki/dse__wdqs-internal-next-deploy.chain.pem]
- File[/etc/kubernetes/pki/dse__wdqs-internal.pem]
- Exec[Generate cert dse__wdqs]
- File[/etc/kubernetes/pki/dse__wdqs-external-next.csr]
- Content differences:
- File[/etc/cfssl/csr/dse__wdqs-next.csr]
- Exec[Generate cert dse__wdqs-internal-next-deploy refresh]
- Exec[renew certificate - dse__wdqs]
- Exec[create chained cert /etc/kubernetes/pki/dse__wdqs-external.chain.pem]
- File[/etc/kubernetes/pki/dse__wdqs-external-deploy-key.pem]
- Exec[renew certificate - dse__wdqs-external-next-deploy]
- Cfssl::Cert[dse__wdqs-internal-next-deploy]
- Exec[Generate cert dse__wdqs-next-deploy refresh on intermediate ca change]
- Content differences:
- File[/etc/kubernetes/wdqs-external-dse-k8s-codfw.config]
- Exec[Generate cert dse__wdqs-internal-next refresh]
- Parameters differences: