Compilation results for logging-sd1001.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3121
Resources added:	28
Resources removed:	0
Resources modified:	33
Change percentage:	1.95%

Resources only in the new catalog

Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet refresh on intermediate ca change]
Exec[create chained cert /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem]
File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]
File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chained.pem]
File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]
File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.pem]
File[/etc/opensearch/production-elk7-eqiad/ssl]
File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem]
Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]
Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]
Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]
File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem]
Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet refresh]
File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem]
File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet-key.pem]
Cfssl::Cert[Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]
Cfssl::Cert[Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]
Exec[renew certificate - Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]
File[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]
File[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]
File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad-key.pem]
Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad refresh]
File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]
Exec[renew certificate - Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]
Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad refresh on intermediate ca change]
Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem]
File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chained.pem]
Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]

Resources modified

File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem]

+    owner  => opensearch
+    ensure => file
+    group  => opensearch
+    mode   => 0440

File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]

Parameters differences:

--- File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad].orig
+++ File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]

+    owner   => root
+    mode    => 0740
+    ensure  => directory
+    group   => root
+    recurse => True

File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet-key.pem]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet-key.pem].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet-key.pem]

+    owner     => opensearch
+    mode      => 0440
+    ensure    => file
+    backup    => False
+    group     => opensearch
+    show_diff => False

File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chained.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chained.pem].orig
+++ File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chained.pem]

+    require => Exec[create chained cert /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem]
+    owner   => root
+    ensure  => file
+    group   => root

Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem].orig
+++ Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem]

+    require   => Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet refresh on intermediate ca change]
+    command   => /bin/cat /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem > /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chained.pem
+    unless    => /usr/bin/test "$(/bin/cat /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem | sha512sum)" == "$(/bin/cat /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chained.pem | sha512sum)"

+    subscribe => ['Exec[renew certificate - Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]', 'File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem]', 'File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem]']

Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad refresh on intermediate ca change].orig
+++ Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad refresh on intermediate ca change]

+    refreshonly => True
+    require     => Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-sd1001.eqiad.wmnet.pem -label Production_Logging_OpenSearch  /etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad

+    environment => ['GODEBUG=x509ignoreCN=0']
+    subscribe   => File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem]

File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chained.pem]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chained.pem].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chained.pem]

+    require => Exec[create chained cert /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem]
+    owner   => opensearch
+    ensure  => file
+    group   => opensearch

Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]

+    names       => []
+    hosts       => []
+    ensure      => present
+    key         => {'algo': 'ecdsa', 'size': 256}
+    common_name => logging-sd1001.eqiad.wmnet

Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet refresh on intermediate ca change]

Parameters differences:

--- Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet refresh on intermediate ca change].orig
+++ Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet refresh on intermediate ca change]

+    refreshonly => True
+    require     => Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-sd1001.eqiad.wmnet.pem -label Production_Logging_OpenSearch  /etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet

+    environment => ['GODEBUG=x509ignoreCN=0']
+    subscribe   => File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem]

File[/etc/opensearch/production-elk7-eqiad/opensearch.yml]

Content differences:

--- /etc/opensearch/production-elk7-eqiad/opensearch.yml.orig
+++ /etc/opensearch/production-elk7-eqiad/opensearch.yml
@@ -187,5 +187,3 @@
 
 
 
-# Disables the security plugin and the requirement for intra-cluster TLS.
-plugins.security.disabled: true

File[/etc/opensearch/production-elk7-eqiad/ssl]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl]

+    owner   => opensearch
+    mode    => 0740
+    ensure  => directory
+    group   => opensearch
+    recurse => True

File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]

Parameters differences:

--- File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr].orig
+++ File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]

+    owner  => root
+    ensure => file
+    group  => root
+    mode   => 0440

Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]

Parameters differences:

--- Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad].orig
+++ Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]

+    require     => Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-sd1001.eqiad.wmnet.pem -label Production_Logging_OpenSearch  /etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad-key.pem 2>&1)"

File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad-key.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad-key.pem].orig
+++ File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad-key.pem]

+    owner     => root
+    mode      => 0440
+    ensure    => file
+    backup    => False
+    group     => root
+    show_diff => False

Class[Profile::Opensearch::Server]

Parameters differences:

--- Class[Profile::Opensearch::Server].orig
+++ Class[Profile::Opensearch::Server]

+    pki_intermediate_name => Production_Logging_OpenSearch
@@
-    common_settings       => {'awareness_attributes': '', 'auto_create_index': True, 'short_cluster_name': 'elk7', 'expected_nodes': 10, 'heap_memory': '32G', 'recover_after_nodes': 2, 'recover_after_time': '1m', 'send_logs_to_logstash': False, 'curator_uses_unicast_hosts': False, 'http_port': 9200, 'transport_tcp_port': 9300, 'filter_cache_size': '10%', 'disktype': 'ssd', 'disable_security_plugin': True, 'recovery_max_bytes_per_sec': '800mb', 'watermarks': {'low': '1500gb', 'high': '500gb', 'flood_stage': '100gb'}}
+    common_settings       => {'awareness_attributes': '', 'auto_create_index': True, 'short_cluster_name': 'elk7', 'expected_nodes': 10, 'heap_memory': '32G', 'recover_after_nodes': 2, 'recover_after_time': '1m', 'send_logs_to_logstash': False, 'curator_uses_unicast_hosts': False, 'http_port': 9200, 'transport_tcp_port': 9300, 'filter_cache_size': '10%', 'disktype': 'ssd', 'disable_security_plugin': False, 'recovery_max_bytes_per_sec': '800mb', 'watermarks': {'low': '1500gb', 'high': '500gb', 'flood_stage': '100gb'}}

File[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]

Parameters differences:

--- File[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr].orig
+++ File[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]

+    owner  => root
+    ensure => file
+    group  => root
+    mode   => 0400

Content differences:

--- /etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr.orig
+++ /etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr
@@ -0,0 +1,13 @@
+{
+  "CN": "logging-sd1001.eqiad.wmnet",
+  "hosts": [
+    "logging-sd1001.eqiad.wmnet"
+  ],
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  },
+  "names": [
+
+  ]
+}

Cfssl::Cert[Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]

Parameters differences:

--- Cfssl::Cert[Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad].orig
+++ Cfssl::Cert[Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]

+    auto_renew      => True
+    names           => []
+    owner           => root
+    before_services => []
+    key             => {'algo': 'ecdsa', 'size': 256}
+    common_name     => opensearch_admin_production-elk7-eqiad
+    renew_seconds   => 952200
+    environment     => ['GODEBUG=x509ignoreCN=0']
+    provide_chain   => True
+    notify_services => []
+    mode            => 0740
+    ensure          => present
+    hosts           => []
+    group           => root
+    label           => Production_Logging_OpenSearch

File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]

+    owner  => opensearch
+    ensure => file
+    group  => opensearch
+    mode   => 0440

Class[Profile::Opensearch::Logstash]

Parameters differences:

--- Class[Profile::Opensearch::Logstash].orig
+++ Class[Profile::Opensearch::Logstash]

+    pki_intermediate_name => Production_Logging_OpenSearch
+    common_settings       => {'awareness_attributes': '', 'auto_create_index': True, 'short_cluster_name': 'elk7', 'expected_nodes': 10, 'heap_memory': '32G', 'recover_after_nodes': 2, 'recover_after_time': '1m', 'send_logs_to_logstash': False, 'curator_uses_unicast_hosts': False, 'http_port': 9200, 'transport_tcp_port': 9300, 'filter_cache_size': '10%', 'disktype': 'ssd', 'disable_security_plugin': False, 'recovery_max_bytes_per_sec': '800mb', 'watermarks': {'low': '1500gb', 'high': '500gb', 'flood_stage': '100gb'}}

File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.pem].orig
+++ File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.pem]

+    owner  => root
+    ensure => file
+    group  => root
+    mode   => 0440

Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad refresh]

Parameters differences:

--- Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad refresh].orig
+++ Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad refresh]

+    refreshonly => True
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-sd1001.eqiad.wmnet.pem -label Production_Logging_OpenSearch  /etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad

+    environment => ['GODEBUG=x509ignoreCN=0']
+    subscribe   => File[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]

Cfssl::Cert[Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]

Parameters differences:

--- Cfssl::Cert[Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet].orig
+++ Cfssl::Cert[Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]

+    environment     => ['GODEBUG=x509ignoreCN=0']
+    common_name     => logging-sd1001.eqiad.wmnet
+    ensure          => present
+    auto_renew      => True
+    owner           => opensearch
+    names           => []
+    before_services => []
+    key             => {'algo': 'ecdsa', 'size': 256}
+    notify_services => []
+    group           => opensearch
+    provide_chain   => True
+    mode            => 0740
+    hosts           => []
+    renew_seconds   => 952200
+    label           => Production_Logging_OpenSearch
+    outdir          => /etc/opensearch/production-elk7-eqiad/ssl

Exec[renew certificate - Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]

Parameters differences:

--- Exec[renew certificate - Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet].orig
+++ Exec[renew certificate - Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]

+    require     => Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]
+    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-sd1001.eqiad.wmnet.pem -label Production_Logging_OpenSearch  /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/openssl x509 -in /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem -checkend 952200

File[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]

Parameters differences:

--- File[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr].orig
+++ File[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]

+    owner  => root
+    ensure => file
+    group  => root
+    mode   => 0400

Content differences:

--- /etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr.orig
+++ /etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr
@@ -0,0 +1,13 @@
+{
+  "CN": "opensearch_admin_production-elk7-eqiad",
+  "hosts": [
+    "opensearch_admin_production-elk7-eqiad"
+  ],
+  "key": {
+    "algo": "ecdsa",
+    "size": 256
+  },
+  "names": [
+
+  ]
+}

Exec[renew certificate - Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]

Parameters differences:

--- Exec[renew certificate - Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad].orig
+++ Exec[renew certificate - Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]

+    require     => Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]
+    command     => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-sd1001.eqiad.wmnet.pem -label Production_Logging_OpenSearch  /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/openssl x509 -in /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.pem -checkend 952200

Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]

Parameters differences:

--- Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet].orig
+++ Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet]

+    require     => Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-sd1001.eqiad.wmnet.pem -label Production_Logging_OpenSearch  /etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet

+    environment => ['GODEBUG=x509ignoreCN=0']
+    unless      => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet-key.pem 2>&1)"

Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]

Parameters differences:

--- Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr].orig
+++ Cfssl::Csr[/etc/cfssl/csr/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.csr]

+    names       => []
+    hosts       => []
+    ensure      => present
+    key         => {'algo': 'ecdsa', 'size': 256}
+    common_name => opensearch_admin_production-elk7-eqiad

File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem]

Parameters differences:

--- File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem].orig
+++ File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem]

+    owner  => root
+    mode   => 0440
+    ensure => file
+    group  => root
+    source => puppet:///modules/profile/pki/intermediates/Production_Logging_OpenSearch-cert.pem

File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem]

Parameters differences:

--- File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem].orig
+++ File[/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem]

+    owner  => opensearch
+    mode   => 0440
+    ensure => file
+    group  => opensearch
+    source => puppet:///modules/profile/pki/intermediates/Production_Logging_OpenSearch-cert.pem

Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet refresh]

Parameters differences:

--- Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet refresh].orig
+++ Exec[Generate cert Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet refresh]

+    refreshonly => True
+    command     => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/logging-sd1001.eqiad.wmnet.pem -label Production_Logging_OpenSearch  /etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr | /usr/bin/cfssljson -bare /etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet

+    environment => ['GODEBUG=x509ignoreCN=0']
+    subscribe   => File[/etc/cfssl/csr/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.csr]

Exec[create chained cert /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem]

Parameters differences:

--- Exec[create chained cert /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem].orig
+++ Exec[create chained cert /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem]

+    require   => Exec[Generate cert Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad refresh on intermediate ca change]
+    command   => /bin/cat /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.pem /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem > /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chained.pem
+    unless    => /usr/bin/test "$(/bin/cat /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.pem /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem | sha512sum)" == "$(/bin/cat /etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chained.pem | sha512sum)"

+    subscribe => ['Exec[renew certificate - Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad]', 'File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.chain.pem]', 'File[/etc/cfssl/ssl/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad/Production_Logging_OpenSearch__opensearch_admin_production-elk7-eqiad.pem]']

Opensearch::Instance[production-elk7-eqiad]

Parameters differences:

--- Opensearch::Instance[production-elk7-eqiad].orig
+++ Opensearch::Instance[production-elk7-eqiad]

@@
-    disable_security_plugin      => True
+    disable_security_plugin      => False
@@
-    security_plugin_certificates => {}
+    security_plugin_certificates => {'cert': '/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem', 'key': '/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet-key.pem', 'chain': '/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem', 'chained': '/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chained.pem'}

Class[Opensearch]

Parameters differences:

--- Class[Opensearch].orig
+++ Class[Opensearch]

@@
-    instances => {'default': {'http_port': 9200, 'transport_tcp_port': 9300, 'awareness_attributes': '', 'auto_create_index': True, 'short_cluster_name': 'elk7', 'expected_nodes': 10, 'heap_memory': '32G', 'recover_after_nodes': 2, 'recover_after_time': '1m', 'send_logs_to_logstash': False, 'curator_uses_unicast_hosts': False, 'filter_cache_size': '10%', 'disktype': 'ssd', 'disable_security_plugin': True, 'recovery_max_bytes_per_sec': '800mb', 'watermarks': {'low': '1500gb', 'high': '500gb', 'flood_stage': '100gb'}, 'cluster_name': 'production-elk7-eqiad', 'unicast_hosts': ['logging-hd1001.eqiad.wmnet', 'logging-hd1002.eqiad.wmnet', 'logging-hd1003.eqiad.wmnet', 'logging-hd1004.eqiad.wmnet', 'logging-hd1005.eqiad.wmnet', 'logging-sd1001.eqiad.wmnet', 'logging-sd1002.eqiad.wmnet', 'logging-sd1003.eqiad.wmnet', 'logging-sd1004.eqiad.wmnet', 'logging-sd1005.eqiad.wmnet', 'logging-sd1006.eqiad.wmnet', 'logging-sd1007.eqiad.wmnet', 'logstash1033.eqiad.wmnet', 'logstash1034.eqiad.wmnet', 'logstash1035.eqiad.wmnet', 'logstash1036.eqiad.wmnet', 'logstash1037.eqiad.wmnet'], 'cluster_hosts': ['logging-hd1001.eqiad.wmnet', 'logging-hd1002.eqiad.wmnet', 'logging-hd1003.eqiad.wmnet', 'logging-hd1004.eqiad.wmnet', 'logging-hd1005.eqiad.wmnet', 'logging-sd1001.eqiad.wmnet', 'logging-sd1002.eqiad.wmnet', 'logging-sd1003.eqiad.wmnet', 'logging-sd1004.eqiad.wmnet', 'logging-sd1005.eqiad.wmnet', 'logging-sd1006.eqiad.wmnet', 'logging-sd1007.eqiad.wmnet', 'logstash1023.eqiad.wmnet', 'logstash1024.eqiad.wmnet', 'logstash1025.eqiad.wmnet', 'logstash1030.eqiad.wmnet', 'logstash1031.eqiad.wmnet', 'logstash1032.eqiad.wmnet', 'logstash1033.eqiad.wmnet', 'logstash1034.eqiad.wmnet', 'logstash1035.eqiad.wmnet', 'logstash1036.eqiad.wmnet', 'logstash1037.eqiad.wmnet']}}
+    instances => {'default': {'security_plugin_certificates': {'cert': '/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.pem', 'key': '/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet-key.pem', 'chain': '/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chain.pem', 'chained': '/etc/opensearch/production-elk7-eqiad/ssl/Production_Logging_OpenSearch__logging-sd1001_eqiad_wmnet.chained.pem'}, 'http_port': 9200, 'transport_tcp_port': 9300, 'awareness_attributes': '', 'auto_create_index': True, 'short_cluster_name': 'elk7', 'expected_nodes': 10, 'heap_memory': '32G', 'recover_after_nodes': 2, 'recover_after_time': '1m', 'send_logs_to_logstash': False, 'curator_uses_unicast_hosts': False, 'filter_cache_size': '10%', 'disktype': 'ssd', 'disable_security_plugin': False, 'recovery_max_bytes_per_sec': '800mb', 'watermarks': {'low': '1500gb', 'high': '500gb', 'flood_stage': '100gb'}, 'cluster_name': 'production-elk7-eqiad', 'unicast_hosts': ['logging-hd1001.eqiad.wmnet', 'logging-hd1002.eqiad.wmnet', 'logging-hd1003.eqiad.wmnet', 'logging-hd1004.eqiad.wmnet', 'logging-hd1005.eqiad.wmnet', 'logging-sd1001.eqiad.wmnet', 'logging-sd1002.eqiad.wmnet', 'logging-sd1003.eqiad.wmnet', 'logging-sd1004.eqiad.wmnet', 'logging-sd1005.eqiad.wmnet', 'logging-sd1006.eqiad.wmnet', 'logging-sd1007.eqiad.wmnet', 'logstash1033.eqiad.wmnet', 'logstash1034.eqiad.wmnet', 'logstash1035.eqiad.wmnet', 'logstash1036.eqiad.wmnet', 'logstash1037.eqiad.wmnet'], 'cluster_hosts': ['logging-hd1001.eqiad.wmnet', 'logging-hd1002.eqiad.wmnet', 'logging-hd1003.eqiad.wmnet', 'logging-hd1004.eqiad.wmnet', 'logging-hd1005.eqiad.wmnet', 'logging-sd1001.eqiad.wmnet', 'logging-sd1002.eqiad.wmnet', 'logging-sd1003.eqiad.wmnet', 'logging-sd1004.eqiad.wmnet', 'logging-sd1005.eqiad.wmnet', 'logging-sd1006.eqiad.wmnet', 'logging-sd1007.eqiad.wmnet', 'logstash1023.eqiad.wmnet', 'logstash1024.eqiad.wmnet', 'logstash1025.eqiad.wmnet', 'logstash1030.eqiad.wmnet', 'logstash1031.eqiad.wmnet', 'logstash1032.eqiad.wmnet', 'logstash1033.eqiad.wmnet', 'logstash1034.eqiad.wmnet', 'logstash1035.eqiad.wmnet', 'logstash1036.eqiad.wmnet', 'logstash1037.eqiad.wmnet']}}

Compilation results for logging-sd1001.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files