Compilation results for cp3074.esams.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3922
Resources added:	14
Resources removed:	0
Resources modified:	17
Change percentage:	0.79%

Resources only in the new catalog

Exec[apt_package_from_component_haproxy]
Concat_fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia-header]
Concat::Fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]
File[/etc/apt/preferences.d/apt_pin_haproxy.pref]
Exec[apt_repository_thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]
Concat::Fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia-header]
Apt::Repository[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]
File[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.list]
Concat[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources]
Apt::Package_from_component[haproxy]
Concat_file[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources]
Apt::Pin[apt_pin_haproxy]
Concat_fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]
Exec[apt_pin_apt_pin_haproxy]

Resources modified

Concat_fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]

Parameters differences:

--- Concat_fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia].orig
+++ Concat_fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]

+    target => /etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources
+    tag    => _etc_apt_sources.list.d_thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources
+    order  => 10

Content differences:

--- thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.orig
+++ thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia
@@ -0,0 +1,5 @@
+Types: deb deb-src
+URIs: http://apt.wikimedia.org/wikimedia
+Suites: trixie-wikimedia
+Components: thirdparty/haproxy32
+Signed-By: /etc/apt/keyrings/wikimedia-archive-keyring.gpg

Apt::Repository[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]

Parameters differences:

--- Apt::Repository[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia].orig
+++ Apt::Repository[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]

+    components               => thirdparty/haproxy32
+    keyfile                  => puppet:///modules/install_server/autoinstall/keyring/wikimedia-archive-keyring.gpg
+    bin                      => True
+    source                   => True
+    dist                     => trixie-wikimedia
+    uri                      => http://apt.wikimedia.org/wikimedia
+    ensure                   => present
+    trust_repo               => False
+    allow_releaseinfo_change => False

Apt::Pin[apt_pin_haproxy]

Parameters differences:

--- Apt::Pin[apt_pin_haproxy].orig
+++ Apt::Pin[apt_pin_haproxy]

+    notify   => Exec[apt_package_from_component_haproxy]
+    package  => haproxy
+    ensure   => present
+    priority => 1002
+    pin      => release c=thirdparty/haproxy32

Concat::Fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia-header]

Parameters differences:

--- Concat::Fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia-header].orig
+++ Concat::Fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia-header]

+    target => /etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources
+    source => puppet:///modules/apt/sources-deb822-header.txt
+    order  => 01

File[/etc/haproxy/haproxy.cfg]

Content differences:

--- /etc/haproxy/haproxy.cfg.orig
+++ /etc/haproxy/haproxy.cfg
@@ -35,7 +35,6 @@
 
 
     tune.h2.header-table-size 4096
-    tune.h2.initial-window-size 65535
     tune.h2.max-concurrent-streams 100
 
 
@@ -45,8 +44,8 @@
     log-format-sd %{+E}o\ [haproxykafka@0\ server_pid=\"%pid\"\ ip=\"%ci\"\ sequence=\"%rt\"\ dt=\"%tr\"\ time_backend_response=\"%Tr\"\ http_status=\"%ST\"\ response_size=\"%B\"\ termination_state=\"%ts\"\ uri_host=\"%[capture.req.hdr(0),lua.utf8ps]\"\ referer=\"%[capture.req.hdr(1),lua.utf8ps]\"\ user_agent=\"%[capture.req.hdr(2),lua.utf8ps]\"\ accept_language=\"%[capture.req.hdr(3),lua.utf8ps]\"\ range=\"%[capture.req.hdr(4),lua.utf8ps]\"\ accept=\"%[capture.req.hdr(5),lua.utf8ps]\"\ tls=\"%[var(txn.tls)]\"\ cache_status=\"%[var(txn.x_cache_status)]\"\ content_type=\"%[var(txn.content_type)]\"\ x_analytics=\"%[var(txn.x_analytics)]\"\ x_cache=\"%[var(txn.x_cache)]\"\ backend=\"%[var(txn.server)]\"\ http_method=\"%HM\"\ uri_path=\"%HPO\"\ uri_query=\"%HQ\"]
 
     option     dontlognull
-    option     accept-invalid-http-request
-    option     accept-invalid-http-response
+    option     accept-unsafe-violations-in-http-request
+    option     accept-unsafe-violations-in-http-response
     option     http-ignore-probes
     retries    1
     timeout    connect 50000

File[/etc/apt/preferences.d/apt_pin_haproxy.pref]

Parameters differences:

--- File[/etc/apt/preferences.d/apt_pin_haproxy.pref].orig
+++ File[/etc/apt/preferences.d/apt_pin_haproxy.pref]

+    notify => Exec[apt_package_from_component_haproxy]
+    ensure => present
+    owner  => root
+    group  => root
+    mode   => 0444

Content differences:

--- /etc/apt/preferences.d/apt_pin_haproxy.pref.orig
+++ /etc/apt/preferences.d/apt_pin_haproxy.pref
@@ -0,0 +1,3 @@
+Package: haproxy
+Pin: release c=thirdparty/haproxy32
+Pin-Priority: 1002

File[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.list]

Parameters differences:

--- File[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.list].orig
+++ File[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.list]

+    owner  => root
+    group  => root
+    ensure => absent

Class[Haproxy]

Parameters differences:

--- Class[Haproxy].orig
+++ Class[Haproxy]

@@
-    config_content => # Note: This file is managed by puppet.
global
    user haproxy
    group haproxy
    stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level admin
    log /var/lib/haproxy/dev/log local0 info
    log /var/run/haproxykafka/haproxykafka.sock len 8192 format rfc5424 local0 info
    tune.http.logurilen 2048
    # do not keep old processes longer than 1m after a reload
    hard-stop-after 1m
    set-dumpable
    nbthread 48
    # NB: mapping too many cores (>~60) will cause HAProxy to complain about
    # too long of a line and fail to start
    cpu-map 1/1- 0 48 2 50 4 52 6 54 8 56 10 58 12 60 14 62 16 64 18 66 20 68 22 70 24 72 26 74 28 76 30 78 32 80 34 82 36 84 38 86 40 88 42 90 44 92 46 94

    lua-prepend-path /etc/haproxy/lua/private/?.lua
    lua-load-per-thread /etc/haproxy/lua/private/main.lua
    lua-load-per-thread /etc/haproxy/lua/maxmind-lookup.lua
    tune.ssl.capture-buffer-size 96
    lua-load-per-thread /etc/haproxy/lua/ja3n.lua
    lua-load-per-thread /etc/haproxy/lua/ja4h.lua
    lua-load-per-thread /etc/haproxy/lua/utf8ps.lua
    lua-load-per-thread /etc/haproxy/lua/contact_info.lua
    lua-load-per-thread /etc/haproxy/lua/cidergrinder_mmdb.lua /usr/share/CIDERGRINDER/anonymous-residential.cider.mmdb
    lua-load-per-thread /etc/haproxy/lua/cidergrinder_bloom.lua /usr/share/CIDERGRINDER/anonymous-residential.cider.bloom

    ssl-default-bind-options ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
    ssl-default-bind-ciphers -ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
    ssl-dh-param-file /etc/ssl/dhparam.pem
    tune.ssl.cachesize 512000
    tune.ssl.lifetime 86400
    maxconn 200000


    tune.h2.header-table-size 4096
    tune.h2.initial-window-size 65535
    tune.h2.max-concurrent-streams 100


defaults
    mode       http
    log-format "%rt %Tr %Tw %Tc %ST {%[capture.req.hdr(0)]} {%[capture.res.hdr(0)]} %ts"
    log-format-sd %{+E}o\ [haproxykafka@0\ server_pid=\"%pid\"\ ip=\"%ci\"\ sequence=\"%rt\"\ dt=\"%tr\"\ time_backend_response=\"%Tr\"\ http_status=\"%ST\"\ response_size=\"%B\"\ termination_state=\"%ts\"\ uri_host=\"%[capture.req.hdr(0),lua.utf8ps]\"\ referer=\"%[capture.req.hdr(1),lua.utf8ps]\"\ user_agent=\"%[capture.req.hdr(2),lua.utf8ps]\"\ accept_language=\"%[capture.req.hdr(3),lua.utf8ps]\"\ range=\"%[capture.req.hdr(4),lua.utf8ps]\"\ accept=\"%[capture.req.hdr(5),lua.utf8ps]\"\ tls=\"%[var(txn.tls)]\"\ cache_status=\"%[var(txn.x_cache_status)]\"\ content_type=\"%[var(txn.content_type)]\"\ x_analytics=\"%[var(txn.x_analytics)]\"\ x_cache=\"%[var(txn.x_cache)]\"\ backend=\"%[var(txn.server)]\"\ http_method=\"%HM\"\ uri_path=\"%HPO\"\ uri_query=\"%HQ\"]

    option     dontlognull
    option     accept-invalid-http-request
    option     accept-invalid-http-response
    option     http-ignore-probes
    retries    1
    timeout    connect 50000
    timeout    client 500000
    timeout    server 500000

+    config_content => # Note: This file is managed by puppet.
global
    user haproxy
    group haproxy
    stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level admin
    log /var/lib/haproxy/dev/log local0 info
    log /var/run/haproxykafka/haproxykafka.sock len 8192 format rfc5424 local0 info
    tune.http.logurilen 2048
    # do not keep old processes longer than 1m after a reload
    hard-stop-after 1m
    set-dumpable
    nbthread 48
    # NB: mapping too many cores (>~60) will cause HAProxy to complain about
    # too long of a line and fail to start
    cpu-map 1/1- 0 48 2 50 4 52 6 54 8 56 10 58 12 60 14 62 16 64 18 66 20 68 22 70 24 72 26 74 28 76 30 78 32 80 34 82 36 84 38 86 40 88 42 90 44 92 46 94

    lua-prepend-path /etc/haproxy/lua/private/?.lua
    lua-load-per-thread /etc/haproxy/lua/private/main.lua
    lua-load-per-thread /etc/haproxy/lua/maxmind-lookup.lua
    tune.ssl.capture-buffer-size 96
    lua-load-per-thread /etc/haproxy/lua/ja3n.lua
    lua-load-per-thread /etc/haproxy/lua/ja4h.lua
    lua-load-per-thread /etc/haproxy/lua/utf8ps.lua
    lua-load-per-thread /etc/haproxy/lua/contact_info.lua
    lua-load-per-thread /etc/haproxy/lua/cidergrinder_mmdb.lua /usr/share/CIDERGRINDER/anonymous-residential.cider.mmdb
    lua-load-per-thread /etc/haproxy/lua/cidergrinder_bloom.lua /usr/share/CIDERGRINDER/anonymous-residential.cider.bloom

    ssl-default-bind-options ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
    ssl-default-bind-ciphers -ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
    ssl-dh-param-file /etc/ssl/dhparam.pem
    tune.ssl.cachesize 512000
    tune.ssl.lifetime 86400
    maxconn 200000


    tune.h2.header-table-size 4096
    tune.h2.max-concurrent-streams 100


defaults
    mode       http
    log-format "%rt %Tr %Tw %Tc %ST {%[capture.req.hdr(0)]} {%[capture.res.hdr(0)]} %ts"
    log-format-sd %{+E}o\ [haproxykafka@0\ server_pid=\"%pid\"\ ip=\"%ci\"\ sequence=\"%rt\"\ dt=\"%tr\"\ time_backend_response=\"%Tr\"\ http_status=\"%ST\"\ response_size=\"%B\"\ termination_state=\"%ts\"\ uri_host=\"%[capture.req.hdr(0),lua.utf8ps]\"\ referer=\"%[capture.req.hdr(1),lua.utf8ps]\"\ user_agent=\"%[capture.req.hdr(2),lua.utf8ps]\"\ accept_language=\"%[capture.req.hdr(3),lua.utf8ps]\"\ range=\"%[capture.req.hdr(4),lua.utf8ps]\"\ accept=\"%[capture.req.hdr(5),lua.utf8ps]\"\ tls=\"%[var(txn.tls)]\"\ cache_status=\"%[var(txn.x_cache_status)]\"\ content_type=\"%[var(txn.content_type)]\"\ x_analytics=\"%[var(txn.x_analytics)]\"\ x_cache=\"%[var(txn.x_cache)]\"\ backend=\"%[var(txn.server)]\"\ http_method=\"%HM\"\ uri_path=\"%HPO\"\ uri_query=\"%HQ\"]

    option     dontlognull
    option     accept-unsafe-violations-in-http-request
    option     accept-unsafe-violations-in-http-response
    option     http-ignore-probes
    retries    1
    timeout    connect 50000
    timeout    client 500000
    timeout    server 500000

Concat_file[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources]

Parameters differences:

--- Concat_file[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources].orig
+++ Concat_file[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources]

+    force          => False
+    show_diff      => True
+    mode           => 0444
+    replace        => True
+    format         => plain
+    backup         => puppet
+    ensure_newline => False
+    owner          => root
+    tag            => _etc_apt_sources.list.d_thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources
+    order          => alpha
+    group          => root

Exec[apt_pin_apt_pin_haproxy]

Parameters differences:

--- Exec[apt_pin_apt_pin_haproxy].orig
+++ Exec[apt_pin_apt_pin_haproxy]

+    refreshonly => True
+    command     => /usr/bin/apt-get update

Exec[apt_repository_thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]

Parameters differences:

--- Exec[apt_repository_thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia].orig
+++ Exec[apt_repository_thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]

+    refreshonly => True
+    command     => /usr/bin/apt-get update

Exec[apt_package_from_component_haproxy]

Parameters differences:

--- Exec[apt_package_from_component_haproxy].orig
+++ Exec[apt_package_from_component_haproxy]

+    refreshonly => True
+    subscribe   => Apt::Repository[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]
+    command     => /usr/bin/apt-get update

Concat::Fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]

Parameters differences:

--- Concat::Fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia].orig
+++ Concat::Fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]

+    target => /etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources
+    order  => 10

Class[Profile::Cache::Haproxy]

Parameters differences:

--- Class[Profile::Cache::Haproxy].orig
+++ Class[Profile::Cache::Haproxy]

@@
-    haproxy_version => haproxy30
+    haproxy_version => haproxy32

Concat[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources]

Parameters differences:

--- Concat[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources].orig
+++ Concat[/etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources]

+    warn           => False
+    force          => False
+    show_diff      => True
+    path           => /etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources
+    mode           => 0444
+    notify         => Exec[apt_repository_thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia]
+    replace        => True
+    format         => plain
+    backup         => puppet
+    ensure         => present
+    owner          => root
+    ensure_newline => False
+    order          => alpha
+    group          => root

Apt::Package_from_component[haproxy]

Parameters differences:

--- Apt::Package_from_component[haproxy].orig
+++ Apt::Package_from_component[haproxy]

+    priority        => 1002
+    before          => Class[Haproxy]
+    ensure_packages => False
+    packages        => ['haproxy']
+    distro          => trixie-wikimedia
+    uri             => http://apt.wikimedia.org/wikimedia
+    component       => thirdparty/haproxy32
+    ensure          => present

Concat_fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia-header]

Parameters differences:

--- Concat_fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia-header].orig
+++ Concat_fragment[thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia-header]

+    target => /etc/apt/sources.list.d/thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources
+    tag    => _etc_apt_sources.list.d_thirdparty-haproxy32-apt.wikimedia.org-wikimedia-trixie-wikimedia.sources
+    order  => 01
+    source => puppet:///modules/apt/sources-deb822-header.txt

Compilation results for cp3074.esams.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files