{"host": "clouddumps1002.wikimedia.org", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3545, "only_in_self": [], "only_in_other": ["Augeas[ipip0_127.0.0.42/32]", "Augeas[ipip0_add_up]", "Augeas[ipip0_manual]", "Augeas[ipip0_set_up]", "Augeas[ipip60_add_up]", "Augeas[ipip60_manual]", "Augeas[ipip60_set_up]", "Class[Conftool::Config]", "Class[Conftool::Scripts]", "Class[Etcd::Client::Globalconfig]", "Class[Lvs::Realserver]", "Class[Passwords::Etcd]", "Class[Poolcounter::Client::Python]", "Class[Poolcounter::Client]", "Class[Profile::Conftool::Client]", "Class[Profile::Lvs::Configuration]", "Class[Profile::Lvs::Realserver::Ipip]", "Class[Profile::Lvs::Realserver]", "Class[Wmflib::Service::Catalog]", "Class[Wmflib::Service::Conftool]", "Conftool::Scripts::Safe_service_restart[nginx]", "Conftool::Scripts::Safe_service_restart[rsync]", "Etcd::Client::Config[/etc/etcd/etcdrc]", "Etcd::Client::Config[/root/.etcdrc]", "Exec[/usr/sbin/dpkg-reconfigure -p critical -f noninteractive wikimedia-lvs-realserver]", "Exec[/usr/sbin/tc qdisc del dev enp94s0f0np0 clsact]", "Exec[/usr/sbin/tc qdisc del dev lo clsact]", "Exec[disable-rp-filter-enp94s0f0np0]", "Exec[disable-rp-filter-ipip0]", "Exec[disable-rp-filter-ipip60]", "Exec[ip addr add 127.0.0.42/32 dev ipip0]", "Exec[ip link add name ipip0 type ipip external]", "Exec[ip link add name ipip60 type ip6tnl external]", "Exec[ip link set up dev ipip0]", "Exec[ip link set up dev ipip60]", "Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)]", "Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]", "Exec[systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)]", "Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)]", "Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)]", "Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)]", "Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]", "Ferm::Rule[clamp-mss-ipv4]", "Ferm::Rule[clamp-mss-ipv6]", "Ferm::Rule[ip6ip6]", "Ferm::Rule[ipip]", "File[/etc/conftool/config.yaml]", "File[/etc/conftool/json-schema/]", "File[/etc/conftool/local_services.yaml]", "File[/etc/conftool/schema.yaml]", "File[/etc/conftool]", "File[/etc/default/wikimedia-lvs-realserver]", "File[/etc/etcd/etcdrc]", "File[/etc/etcd]", "File[/etc/ferm/conf.d/10_clamp-mss-ipv4]", "File[/etc/ferm/conf.d/10_clamp-mss-ipv6]", "File[/etc/ferm/conf.d/10_ip6ip6]", "File[/etc/ferm/conf.d/10_ipip]", "File[/etc/logrotate.d/prometheus_ferm_mss]", "File[/etc/logrotate.d/prometheus_lvs_realserver_mss]", "File[/etc/nagios/nrpe.d/check_check_tcp-mss-clamper_status.cfg]", "File[/etc/poolcounter-backends.yaml]", "File[/etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf]", "File[/etc/rsyslog.d/40-prometheus-ferm-mss.conf]", "File[/etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf]", "File[/etc/sudoers.d/nrpe-check_check_tcp-mss-clamper_status]", "File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service]", "File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "File[/lib/systemd/system/prometheus_ferm_mss.service]", "File[/lib/systemd/system/prometheus_ferm_mss.timer]", "File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]", "File[/lib/systemd/system/prometheus_lvs_realserver_mss.timer]", "File[/lib/systemd/system/tcp-mss-clamper.service]", "File[/root/.etcdrc]", "File[/usr/local/bin/decommission]", "File[/usr/local/bin/depool-nginx]", "File[/usr/local/bin/depool-rsync]", "File[/usr/local/bin/depool]", "File[/usr/local/bin/drain]", "File[/usr/local/bin/ispooled]", "File[/usr/local/bin/pool-nginx]", "File[/usr/local/bin/pool-rsync]", "File[/usr/local/bin/pool]", "File[/usr/local/bin/pooler-loop]", "File[/usr/local/bin/prometheus-ferm-mss]", "File[/usr/local/bin/prometheus-lvs-realserver-mss]", "File[/usr/local/bin/safe-service-restart]", "File[/usr/local/lib/nagios/plugins/check_systemd_unit_status]", "File[/usr/local/sbin/restart-nginx]", "File[/usr/local/sbin/restart-rsync]", "File[/var/lib/prometheus/node.d/check_check_tcp-mss-clamper_status.prom]", "File[/var/log/prometheus_ferm_mss]", "File[/var/log/prometheus_lvs_realserver_mss]", "File_line[rm_post-up_enp94s0f0np0_clsact_enp94s0f0np0]", "File_line[rm_post-up_lo_clsact_lo]", "Interface::Clsact[clsact_enp94s0f0np0]", "Interface::Clsact[clsact_lo]", "Interface::Ip[ipip_ipv4 ipv4]", "Interface::Ipip[ipip_ipv4]", "Interface::Ipip[ipip_ipv6]", "Interface::Manual[ipip_ipv4]", "Interface::Manual[ipip_ipv6]", "Interface::Post_up_command[clsact_enp94s0f0np0]", "Interface::Post_up_command[clsact_lo]", "Logrotate::Conf[prometheus_ferm_mss]", "Logrotate::Conf[prometheus_lvs_realserver_mss]", "Monitoring::Exported_nagios_service[clouddumps1002 check_tcp-mss-clamper_status]", "Monitoring::Service[check_tcp-mss-clamper_status]", "Nrpe::Check[check_check_tcp-mss-clamper_status]", "Nrpe::Monitor_service[check_tcp-mss-clamper_status]", "Nrpe::Plugin[check_systemd_unit_status]", "Package[python3-conftool]", "Package[python3-poolcounter]", "Package[tcp-mss-clamper]", "Package[wikimedia-lvs-realserver]", "Prometheus::Alert::Rule[check_check_tcp-mss-clamper_status_295d6d5dd0a784bb9ba1d5983fd1894f]", "Prometheus::Node_ferm_mss[ferm_clamped_ipport]", "Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]", "Rsyslog::Conf[nrpe2nodexp-check_tcp-mss-clamper_status]", "Rsyslog::Conf[prometheus_ferm_mss]", "Rsyslog::Conf[prometheus_lvs_realserver_mss]", "Service[nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "Service[prometheus_ferm_mss.timer]", "Service[prometheus_lvs_realserver_mss.timer]", "Service[tcp-mss-clamper]", "Sudo::User[nrpe-check_check_tcp-mss-clamper_status]", "Systemd::Monitor[tcp-mss-clamper]", "Systemd::Service[nrpe2nodexp-check_tcp-mss-clamper_status]", "Systemd::Service[prometheus_ferm_mss]", "Systemd::Service[prometheus_lvs_realserver_mss]", "Systemd::Service[tcp-mss-clamper]", "Systemd::Syslog[prometheus_ferm_mss]", "Systemd::Syslog[prometheus_lvs_realserver_mss]", "Systemd::Timer::Job[nrpe2nodexp-check_tcp-mss-clamper_status]", "Systemd::Timer::Job[prometheus_ferm_mss]", "Systemd::Timer::Job[prometheus_lvs_realserver_mss]", "Systemd::Timer[nrpe2nodexp-check_tcp-mss-clamper_status]", "Systemd::Timer[prometheus_ferm_mss]", "Systemd::Timer[prometheus_lvs_realserver_mss]", "Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service]", "Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "Systemd::Unit[prometheus_ferm_mss.service]", "Systemd::Unit[prometheus_ferm_mss.timer]", "Systemd::Unit[prometheus_lvs_realserver_mss.service]", "Systemd::Unit[prometheus_lvs_realserver_mss.timer]", "Systemd::Unit[tcp-mss-clamper]"], "resource_diffs": [{"resource": "File[/usr/local/bin/pool-nginx]", "content": "--- /usr/local/bin/pool-nginx.orig\n+++ /usr/local/bin/pool-nginx\n@@ -0,0 +1,2 @@\n+#!/bin/bash\n+/usr/local/bin/safe-service-restart --pools dumps-https --pool --retries 10 --wait 5", "parameters": "--- File[/usr/local/bin/pool-nginx].orig\n+++ File[/usr/local/bin/pool-nginx]\n\n+ mode => 0555\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "Ferm::Rule[ip6ip6]", "parameters": "--- Ferm::Rule[ip6ip6].orig\n+++ Ferm::Rule[ip6ip6]\n\n+ desc => \n+ table => filter\n+ chain => INPUT\n+ rule => saddr 0100::/64 proto ipv6 ACCEPT;\n+ ensure => present\n+ domain => (ip6)\n+ prio => 10\n"}, {"resource": "Systemd::Timer::Job[prometheus_lvs_realserver_mss]", "parameters": "--- Systemd::Timer::Job[prometheus_lvs_realserver_mss].orig\n+++ Systemd::Timer::Job[prometheus_lvs_realserver_mss]\n\n+ monitoring_enabled => False\n+ command => /usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 208.80.154.242:443 -e 208.80.154.242:873 -e [2620:0:861:ed1a::3:242]:443 -e [2620:0:861:ed1a::3:242]:873\n+ logfile_basedir => /var/log\n+ user => root\n+ send_mail_to => root@clouddumps1002.wikimedia.org\n+ logfile_group => root\n+ interval => {'start': 'OnCalendar', 'interval': 'minutely'}\n+ syslog_force_stop => True\n+ logfile_name => syslog.log\n+ fixed_random_delay => False\n+ monitoring_contact_groups => admins\n+ send_mail => False\n+ description => Regular job to collect MSS values of realserver endpoints\n+ environment => {}\n+ private_tmp => False\n+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+ send_mail_only_on_error => True\n+ syslog_match_startswith => True\n+ success_exit_status => []\n+ ignore_errors => False\n+ ensure => present\n+ logfile_perms => all\n+ logging_enabled => True\n"}, {"resource": "Systemd::Timer::Job[prometheus_ferm_mss]", "parameters": "--- Systemd::Timer::Job[prometheus_ferm_mss].orig\n+++ Systemd::Timer::Job[prometheus_ferm_mss]\n\n+ monitoring_enabled => False\n+ command => /usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 208.80.154.242:443 -e 208.80.154.242:873 -e [2620:0:861:ed1a::3:242]:443 -e [2620:0:861:ed1a::3:242]:873\n+ logfile_basedir => /var/log\n+ user => root\n+ send_mail_to => root@clouddumps1002.wikimedia.org\n+ logfile_group => root\n+ interval => {'start': 'OnCalendar', 'interval': 'minutely'}\n+ syslog_force_stop => True\n+ logfile_name => syslog.log\n+ fixed_random_delay => False\n+ monitoring_contact_groups => admins\n+ send_mail => False\n+ description => Regular job to collect MSS values of ferm-based hosts\n+ environment => {}\n+ private_tmp => False\n+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+ send_mail_only_on_error => True\n+ syslog_match_startswith => True\n+ success_exit_status => []\n+ ignore_errors => False\n+ ensure => present\n+ logfile_perms => all\n+ logging_enabled => True\n"}, {"resource": "Interface::Ipip[ipip_ipv4]", "parameters": "--- Interface::Ipip[ipip_ipv4].orig\n+++ Interface::Ipip[ipip_ipv4]\n\n+ family => inet\n+ ensure => present\n+ interface => ipip0\n+ address => 127.0.0.42\n"}, {"resource": "Interface::Post_up_command[clsact_lo]", "parameters": "--- Interface::Post_up_command[clsact_lo].orig\n+++ Interface::Post_up_command[clsact_lo]\n\n+ ensure => absent\n+ command => /usr/sbin/tc qdisc add dev lo clsact\n+ interface => lo\n"}, {"resource": "File[/etc/conftool/json-schema/]", "parameters": "--- File[/etc/conftool/json-schema/].orig\n+++ File[/etc/conftool/json-schema/]\n\n+ source => puppet:///modules/profile/conftool/json-schema/\n+ mode => 0555\n+ path => /etc/conftool/json-schema\n+ group => root\n+ owner => root\n+ ensure => directory\n+ recurse => True\n"}, {"resource": "Sudo::User[nrpe-check_check_tcp-mss-clamper_status]", "parameters": "--- Sudo::User[nrpe-check_check_tcp-mss-clamper_status].orig\n+++ Sudo::User[nrpe-check_check_tcp-mss-clamper_status]\n\n+ tag => nrpe::check\n+ user => nagios\n+ ensure => absent\n+ require => ['Class[Sudo]']\n+ privileges => []\n"}, {"resource": "Ferm::Rule[clamp-mss-ipv6]", "parameters": "--- Ferm::Rule[clamp-mss-ipv6].orig\n+++ Ferm::Rule[clamp-mss-ipv6]\n\n+ desc => \n+ table => filter\n+ chain => OUTPUT\n+ rule => outerface (enp94s0f0np0 lo) saddr @ipfilter((208.80.154.242 2620:0:861:ed1a::3:242])) proto tcp sport (443 873) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n+ ensure => present\n+ domain => (ip6)\n+ prio => 10\n"}, {"resource": "Class[Adduser]", "parameters": "--- Class[Adduser].orig\n+++ Class[Adduser]\n\n@@\n- before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[nginx-full]', 'Package[nginx-common]', 'Package[nfs-kernel-server]', 'Package[nfs-common]', 'Package[rpcbind]', 'Package[rsync]', 'Package[hadoop-client]', 'Package[libhdfs0]', 'Package[liblog4j-extras1.2-java]', 'Package[hadoop-hdfs-fuse]', 'Package[krb5-user]', 'Package[kstart]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[analytics/hdfs-tools/deploy]', 'Package[openjdk-8-jdk]']\n+ before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[nginx-full]', 'Package[nginx-common]', 'Package[nfs-kernel-server]', 'Package[nfs-common]', 'Package[rpcbind]', 'Package[rsync]', 'Package[wikimedia-lvs-realserver]', 'Package[python3-conftool]', 'Package[python3-poolcounter]', 'Package[tcp-mss-clamper]', 'Package[hadoop-client]', 'Package[libhdfs0]', 'Package[liblog4j-extras1.2-java]', 'Package[hadoop-hdfs-fuse]', 'Package[krb5-user]', 'Package[kstart]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[analytics/hdfs-tools/deploy]', 'Package[openjdk-8-jdk]']\n"}, {"resource": "Augeas[ipip0_manual]", "parameters": "--- Augeas[ipip0_manual].orig\n+++ Augeas[ipip0_manual]\n\n+ changes => [\"set auto[./1 = 'ipip0']/1 'ipip0'\", \"set iface[. = 'ipip0'] 'ipip0'\", \"set iface[. = 'ipip0']/family 'inet'\", \"set iface[. = 'ipip0']/method 'manual'\"]\n+ context => /files/etc/network/interfaces\n+ incl => /etc/network/interfaces\n+ lens => Interfaces.lns\n"}, {"resource": "Systemd::Service[nrpe2nodexp-check_tcp-mss-clamper_status]", "parameters": "--- Systemd::Service[nrpe2nodexp-check_tcp-mss-clamper_status].orig\n+++ Systemd::Service[nrpe2nodexp-check_tcp-mss-clamper_status]\n\n+ monitoring_enabled => False\n+ restart => False\n+ override => False\n+ service_params => {}\n+ unit_type => timer\n+ migration_task => T407130\n+ monitoring_critical => False\n+ ensure => absent\n+ require => Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service]\n+ monitoring_contact_group => admins\n"}, {"resource": "Service[prometheus_lvs_realserver_mss.timer]", "parameters": "--- Service[prometheus_lvs_realserver_mss.timer].orig\n+++ Service[prometheus_lvs_realserver_mss.timer]\n\n+ enable => True\n+ ensure => running\n+ provider => systemd\n"}, {"resource": "File[/etc/conftool/local_services.yaml]", "content": "--- /etc/conftool/local_services.yaml.orig\n+++ /etc/conftool/local_services.yaml\n@@ -0,0 +1,13 @@\n+---\n+dumps-https:\n+ cluster: dumps\n+ service: dumps-https\n+ servers:\n+ - pybal-high-traffic2-eqiad.wikimedia.org\n+ port: 443\n+dumps-rsync:\n+ cluster: dumps\n+ service: dumps-rsync\n+ servers:\n+ - pybal-high-traffic2-eqiad.wikimedia.org\n+ port: 873", "parameters": "--- File[/etc/conftool/local_services.yaml].orig\n+++ File[/etc/conftool/local_services.yaml]\n\n+ group => root\n+ owner => root\n+ ensure => present\n"}, {"resource": "File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service]", "content": "--- /lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service.orig\n+++ /lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service\n@@ -0,0 +1,11 @@\n+[Unit]\n+Description=execution of nrpe2nodexp for the check_check_tcp-mss-clamper_status command.\n+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+\n+[Service]\n+Type=oneshot\n+User=nagios\n+\n+Group=prometheus-node-exporter\n+SyslogIdentifier=nrpe2nodexp-check_tcp-mss-clamper_status\n+ExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"295d6d5dd0a784bb9ba1d5983fd1894f\" --timeout 10 --check-command \"check_check_tcp-mss-clamper_status\"", "parameters": "--- File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service].orig\n+++ File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => absent\n+ notify => Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)]\n"}, {"resource": "Service[prometheus_ferm_mss.timer]", "parameters": "--- Service[prometheus_ferm_mss.timer].orig\n+++ Service[prometheus_ferm_mss.timer]\n\n+ enable => True\n+ ensure => running\n+ provider => systemd\n"}, {"resource": "Systemd::Service[prometheus_ferm_mss]", "parameters": "--- Systemd::Service[prometheus_ferm_mss].orig\n+++ Systemd::Service[prometheus_ferm_mss]\n\n+ monitoring_enabled => False\n+ restart => False\n+ override => False\n+ service_params => {}\n+ unit_type => timer\n+ migration_task => T407130\n+ monitoring_critical => False\n+ ensure => present\n+ require => Systemd::Unit[prometheus_ferm_mss.service]\n+ monitoring_contact_group => admins\n"}, {"resource": "Interface::Ip[ipip_ipv4 ipv4]", "parameters": "--- Interface::Ip[ipip_ipv4 ipv4].orig\n+++ Interface::Ip[ipip_ipv4 ipv4]\n\n+ address => 127.0.0.42\n+ prefixlen => 32\n+ ensure => present\n+ interface => ipip0\n+ require => Augeas[ipip0_set_up]\n"}, {"resource": "Augeas[ipip60_manual]", "parameters": "--- Augeas[ipip60_manual].orig\n+++ Augeas[ipip60_manual]\n\n+ changes => [\"set auto[./1 = 'ipip60']/1 'ipip60'\", \"set iface[. = 'ipip60'] 'ipip60'\", \"set iface[. = 'ipip60']/family 'inet6'\", \"set iface[. = 'ipip60']/method 'manual'\"]\n+ context => /files/etc/network/interfaces\n+ incl => /etc/network/interfaces\n+ lens => Interfaces.lns\n"}, {"resource": "Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]", "parameters": "--- Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)].orig\n+++ Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]\n\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "File[/etc/rsyslog.d/40-prometheus-ferm-mss.conf]", "content": "--- /etc/rsyslog.d/40-prometheus-ferm-mss.conf.orig\n+++ /etc/rsyslog.d/40-prometheus-ferm-mss.conf\n@@ -0,0 +1,10 @@\n+# rsyslog.conf(5) configuration file for services.\n+# This file is managed by Puppet.\n+if $programname startswith \"prometheus_ferm_mss\" then {\n+ action(\n+ type=\"omfile\" file=\"/var/log/prometheus_ferm_mss/syslog.log\"\n+ fileOwner=\"root\" fileGroup=\"root\"\n+ fileCreateMode=\"0644\"\n+ )\n+ & stop\n+}", "parameters": "--- File[/etc/rsyslog.d/40-prometheus-ferm-mss.conf].orig\n+++ File[/etc/rsyslog.d/40-prometheus-ferm-mss.conf]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => Service[rsyslog]\n"}, {"resource": "Rsyslog::Conf[prometheus_lvs_realserver_mss]", "parameters": "--- Rsyslog::Conf[prometheus_lvs_realserver_mss].orig\n+++ Rsyslog::Conf[prometheus_lvs_realserver_mss]\n\n+ priority => 40\n+ mode => 0444\n+ ensure => present\n+ require => File[/var/log/prometheus_lvs_realserver_mss]\n"}, {"resource": "Interface::Manual[ipip_ipv4]", "parameters": "--- Interface::Manual[ipip_ipv4].orig\n+++ Interface::Manual[ipip_ipv4]\n\n+ family => inet\n+ ensure => present\n+ interface => ipip0\n+ hotplug => False\n"}, {"resource": "Class[Base::Sysctl]", "parameters": "--- Class[Base::Sysctl].orig\n+++ Class[Base::Sysctl]\n\n@@\n- all_rp_filter => 1\n+ all_rp_filter => 0\n@@\n- default_rp_filter => 1\n+ default_rp_filter => 0\n"}, {"resource": "Exec[systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)]", "parameters": "--- Exec[systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)].orig\n+++ Exec[systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)]\n\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "Class[Lvs::Realserver]", "parameters": "--- Class[Lvs::Realserver].orig\n+++ Class[Lvs::Realserver]\n\n+ realserver_ips => ['208.80.154.242', '2620:0:861:ed1a::3:242']\n"}, {"resource": "File[/usr/local/bin/depool-nginx]", "content": "--- /usr/local/bin/depool-nginx.orig\n+++ /usr/local/bin/depool-nginx\n@@ -0,0 +1,2 @@\n+#!/bin/bash\n+/usr/local/bin/safe-service-restart --pools dumps-https --depool --retries 10 --wait 5", "parameters": "--- File[/usr/local/bin/depool-nginx].orig\n+++ File[/usr/local/bin/depool-nginx]\n\n+ mode => 0555\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "File[/usr/local/bin/pool]", "parameters": "--- File[/usr/local/bin/pool].orig\n+++ File[/usr/local/bin/pool]\n\n+ mode => 0555\n+ source => puppet:///modules/conftool/conftool-simple-command.sh\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service]", "parameters": "--- Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service].orig\n+++ Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service]\n\n+ override_filename => puppet-override.conf\n+ unit => nrpe2nodexp-check_tcp-mss-clamper_status.service\n+ override => False\n+ restart => False\n+ ensure => absent\n+ require => ['Class[Systemd]']\n"}, {"resource": "Class[Poolcounter::Client]", "parameters": "--- Class[Poolcounter::Client].orig\n+++ Class[Poolcounter::Client]\n\n+ ensure => present\n+ backends => [{'label': 'pc1', 'fqdn': 'poolcounter1006.eqiad.wmnet'}, {'label': 'pc2', 'fqdn': 'poolcounter1007.eqiad.wmnet'}]\n"}, {"resource": "File[/etc/nagios/nrpe.d/check_check_tcp-mss-clamper_status.cfg]", "content": "--- /etc/nagios/nrpe.d/check_check_tcp-mss-clamper_status.cfg.orig\n+++ /etc/nagios/nrpe.d/check_check_tcp-mss-clamper_status.cfg\n@@ -0,0 +1,2 @@\n+# File generated by puppet. DO NOT edit by hand\n+command[check_check_tcp-mss-clamper_status]=/usr/local/lib/nagios/plugins/check_systemd_unit_status tcp-mss-clamper", "parameters": "--- File[/etc/nagios/nrpe.d/check_check_tcp-mss-clamper_status.cfg].orig\n+++ File[/etc/nagios/nrpe.d/check_check_tcp-mss-clamper_status.cfg]\n\n+ mode => 0444\n+ tag => nrpe::check\n+ group => root\n+ owner => root\n+ ensure => absent\n+ require => Package[nagios-nrpe-server]\n+ notify => Service[nagios-nrpe-server]\n"}, {"resource": "Ferm::Rule[clamp-mss-ipv4]", "parameters": "--- Ferm::Rule[clamp-mss-ipv4].orig\n+++ Ferm::Rule[clamp-mss-ipv4]\n\n+ desc => \n+ table => filter\n+ chain => OUTPUT\n+ rule => outerface (enp94s0f0np0 lo) saddr @ipfilter((208.80.154.242 2620:0:861:ed1a::3:242])) proto tcp sport (443 873) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n+ ensure => present\n+ domain => (ip)\n+ prio => 10\n"}, {"resource": "Systemd::Monitor[tcp-mss-clamper]", "parameters": "--- Systemd::Monitor[tcp-mss-clamper].orig\n+++ Systemd::Monitor[tcp-mss-clamper]\n\n+ critical => False\n+ migration_task => T407130\n+ notes_url => https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments\n+ check_interval => 10\n+ contact_group => admins\n+ ensure => absent\n+ retries => 2\n"}, {"resource": "File[/usr/local/bin/depool]", "parameters": "--- File[/usr/local/bin/depool].orig\n+++ File[/usr/local/bin/depool]\n\n+ mode => 0555\n+ source => puppet:///modules/conftool/conftool-simple-command.sh\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "Augeas[ipip0_127.0.0.42/32]", "parameters": "--- Augeas[ipip0_127.0.0.42/32].orig\n+++ Augeas[ipip0_127.0.0.42/32]\n\n+ changes => set up[last()+1] 'ip addr add 127.0.0.42/32 dev ipip0'\n+ context => /files/etc/network/interfaces/*[. = 'ipip0' and ./family = 'inet']\n+ lens => Interfaces.lns\n+ onlyif => match up[. = 'ip addr add 127.0.0.42/32 dev ipip0'] size == 0\n+ incl => /etc/network/interfaces\n"}, {"resource": "Package[tcp-mss-clamper]", "parameters": "--- Package[tcp-mss-clamper].orig\n+++ Package[tcp-mss-clamper]\n\n+ ensure => absent\n+ provider => apt\n"}, {"resource": "Service[tcp-mss-clamper]", "parameters": "--- Service[tcp-mss-clamper].orig\n+++ Service[tcp-mss-clamper]\n\n+ enable => False\n+ ensure => stopped\n+ before => ['Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]']\n"}, {"resource": "Etcd::Client::Config[/etc/etcd/etcdrc]", "parameters": "--- Etcd::Client::Config[/etc/etcd/etcdrc].orig\n+++ Etcd::Client::Config[/etc/etcd/etcdrc]\n\n+ world_readable => True\n+ group => root\n+ owner => root\n+ ensure => present\n+ settings => {'host': None, 'port': None, 'srv_domain': 'conftool.eqiad.wmnet', 'ca_cert': '/etc/ssl/certs/wmf-ca-certificates.crt', 'protocol': 'https', 'allow_reconnect': True}\n"}, {"resource": "Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "parameters": "--- Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.timer].orig\n+++ Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.timer]\n\n+ override_filename => puppet-override.conf\n+ restart => False\n+ ensure => absent\n+ override => False\n+ unit => nrpe2nodexp-check_tcp-mss-clamper_status.timer\n+ require => ['Class[Systemd]']\n"}, {"resource": "Systemd::Service[prometheus_lvs_realserver_mss]", "parameters": "--- Systemd::Service[prometheus_lvs_realserver_mss].orig\n+++ Systemd::Service[prometheus_lvs_realserver_mss]\n\n+ monitoring_enabled => False\n+ restart => False\n+ override => False\n+ service_params => {}\n+ unit_type => timer\n+ migration_task => T407130\n+ monitoring_critical => False\n+ ensure => present\n+ require => Systemd::Unit[prometheus_lvs_realserver_mss.service]\n+ monitoring_contact_group => admins\n"}, {"resource": "File[/etc/etcd]", "parameters": "--- File[/etc/etcd].orig\n+++ File[/etc/etcd]\n\n+ mode => 0755\n+ owner => root\n+ ensure => directory\n+ group => root\n"}, {"resource": "Exec[ip link set up dev ipip0]", "parameters": "--- Exec[ip link set up dev ipip0].orig\n+++ Exec[ip link set up dev ipip0]\n\n+ returns => [0, 2]\n+ path => /bin:/usr/bin\n+ unless => ip link show ipip0 | grep -q UP\n"}, {"resource": "Exec[ip addr add 127.0.0.42/32 dev ipip0]", "parameters": "--- Exec[ip addr add 127.0.0.42/32 dev ipip0].orig\n+++ Exec[ip addr add 127.0.0.42/32 dev ipip0]\n\n+ returns => [0, 2]\n+ path => /bin:/usr/bin\n+ unless => ip address show ipip0 | grep -q 127.0.0.42/32\n"}, {"resource": "Monitoring::Service[check_tcp-mss-clamper_status]", "parameters": "--- Monitoring::Service[check_tcp-mss-clamper_status].orig\n+++ Monitoring::Service[check_tcp-mss-clamper_status]\n\n+ critical => False\n+ retry_interval => 1\n+ config_dir => /etc/nagios\n+ description => Check unit status of tcp-mss-clamper\n+ host => clouddumps1002\n+ check_interval => 10\n+ contact_group => admins\n+ passive => False\n+ check_command => nrpe_check!check_check_tcp-mss-clamper_status!10\n+ migration_task => T407130\n+ freshness => 36000\n+ notes_url => https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments\n+ ensure => absent\n+ retries => 2\n"}, {"resource": "File[/etc/conftool/config.yaml]", "content": "--- /etc/conftool/config.yaml.orig\n+++ /etc/conftool/config.yaml\n@@ -0,0 +1,14 @@\n+---\n+hosts: []\n+tcpircbot_host: icinga.wikimedia.org\n+tcpircbot_port: 9200\n+driver_options:\n+ allow_reconnect: true\n+ suppress_san_warnings: false\n+namespace: \"/conftool\"\n+extensions_config:\n+ reqconfig:\n+ haproxy_reserved_slots:\n+ - 0\n+ varnish_acl_ipblocks: []\n+conftool2git_address: puppetserver1003.eqiad.wmnet:1312", "parameters": "--- File[/etc/conftool/config.yaml].orig\n+++ File[/etc/conftool/config.yaml]\n\n+ group => root\n+ owner => root\n+ mode => 0444\n+ ensure => present\n"}, {"resource": "Rsyslog::Conf[nrpe2nodexp-check_tcp-mss-clamper_status]", "parameters": "--- Rsyslog::Conf[nrpe2nodexp-check_tcp-mss-clamper_status].orig\n+++ Rsyslog::Conf[nrpe2nodexp-check_tcp-mss-clamper_status]\n\n+ priority => 25\n+ mode => 0444\n+ ensure => absent\n"}, {"resource": "File[/etc/ferm/conf.d/10_clamp-mss-ipv6]", "content": "--- /etc/ferm/conf.d/10_clamp-mss-ipv6.orig\n+++ /etc/ferm/conf.d/10_clamp-mss-ipv6\n@@ -0,0 +1,11 @@\n+# Autogenerated by puppet. DO NOT EDIT BY HAND!\n+#\n+# 10_clamp-mss-ipv6: \n+\n+domain (ip6) {\n+\ttable filter {\n+\t\tchain OUTPUT {\n+\t\t\touterface (enp94s0f0np0 lo) saddr @ipfilter((208.80.154.242 2620:0:861:ed1a::3:242])) proto tcp sport (443 873) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n+\t\t}\n+\t}\n+}", "parameters": "--- File[/etc/ferm/conf.d/10_clamp-mss-ipv6].orig\n+++ File[/etc/ferm/conf.d/10_clamp-mss-ipv6]\n\n+ mode => 0400\n+ tag => ferm\n+ group => root\n+ owner => root\n+ ensure => present\n+ require => File[/etc/ferm/conf.d]\n+ notify => Service[ferm]\n"}, {"resource": "Nrpe::Monitor_service[check_tcp-mss-clamper_status]", "parameters": "--- Nrpe::Monitor_service[check_tcp-mss-clamper_status].orig\n+++ Nrpe::Monitor_service[check_tcp-mss-clamper_status]\n\n+ nrpe_command => /usr/local/lib/nagios/plugins/check_systemd_unit_status tcp-mss-clamper\n+ critical => False\n+ retry_interval => 1\n+ description => Check unit status of tcp-mss-clamper\n+ enable_nrpe2nodexp => False\n+ check_interval => 10\n+ contact_group => admins\n+ timeout => 10\n+ migration_task => T407130\n+ nrpe2nodexp_parse_perf_data => False\n+ enable_icinga_check => True\n+ alertmanager_team => observability\n+ notes_url => https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments\n+ ensure => absent\n+ retries => 2\n"}, {"resource": "File[/etc/logrotate.d/prometheus_ferm_mss]", "content": "--- /etc/logrotate.d/prometheus_ferm_mss.orig\n+++ /etc/logrotate.d/prometheus_ferm_mss\n@@ -0,0 +1,12 @@\n+# logrotate(8) config for prometheus_ferm_mss\n+\n+/var/log/prometheus_ferm_mss/*.log {\n+ daily\n+ copytruncate\n+ missingok\n+ compress\n+ delaycompress\n+ notifempty\n+ rotate 15\n+ size 256M\n+}", "parameters": "--- File[/etc/logrotate.d/prometheus_ferm_mss].orig\n+++ File[/etc/logrotate.d/prometheus_ferm_mss]\n\n+ group => root\n+ owner => root\n+ mode => 0444\n+ ensure => present\n"}, {"resource": "Exec[ip link set up dev ipip60]", "parameters": "--- Exec[ip link set up dev ipip60].orig\n+++ Exec[ip link set up dev ipip60]\n\n+ returns => [0, 2]\n+ path => /bin:/usr/bin\n+ unless => ip link show ipip60 | grep -q UP\n"}, {"resource": "File[/etc/sudoers.d/nrpe-check_check_tcp-mss-clamper_status]", "parameters": "--- File[/etc/sudoers.d/nrpe-check_check_tcp-mss-clamper_status].orig\n+++ File[/etc/sudoers.d/nrpe-check_check_tcp-mss-clamper_status]\n\n+ group => root\n+ owner => root\n+ ensure => absent\n+ require => Package[nagios-nrpe-server]\n"}, {"resource": "Prometheus::Node_ferm_mss[ferm_clamped_ipport]", "parameters": "--- Prometheus::Node_ferm_mss[ferm_clamped_ipport].orig\n+++ Prometheus::Node_ferm_mss[ferm_clamped_ipport]\n\n+ ensure => present\n+ clamped_ipport => ['208.80.154.242:443', '208.80.154.242:873', '[2620:0:861:ed1a::3:242]:443', '[2620:0:861:ed1a::3:242]:873']\n+ outfile => /var/lib/prometheus/node.d/ferm-mss.prom\n"}, {"resource": "File[/etc/sysctl.d/51-ubuntu-defaults.conf]", "content": "--- /etc/sysctl.d/51-ubuntu-defaults.conf.orig\n+++ /etc/sysctl.d/51-ubuntu-defaults.conf\n@@ -4,7 +4,7 @@\n kernel.kptr_restrict = 1\n kernel.printk = 4 4 1 7\n kernel.yama.ptrace_scope = 1\n-net.ipv4.conf.all.rp_filter = 1\n-net.ipv4.conf.default.rp_filter = 1\n+net.ipv4.conf.all.rp_filter = 0\n+net.ipv4.conf.default.rp_filter = 0\n net.ipv4.tcp_syncookies = 1\n vm.mmap_min_addr = 65536"}, {"resource": "File[/etc/ferm/conf.d/10_ip6ip6]", "content": "--- /etc/ferm/conf.d/10_ip6ip6.orig\n+++ /etc/ferm/conf.d/10_ip6ip6\n@@ -0,0 +1,11 @@\n+# Autogenerated by puppet. DO NOT EDIT BY HAND!\n+#\n+# 10_ip6ip6: \n+\n+domain (ip6) {\n+\ttable filter {\n+\t\tchain INPUT {\n+\t\t\tsaddr 0100::/64 proto ipv6 ACCEPT;\n+\t\t}\n+\t}\n+}", "parameters": "--- File[/etc/ferm/conf.d/10_ip6ip6].orig\n+++ File[/etc/ferm/conf.d/10_ip6ip6]\n\n+ mode => 0400\n+ tag => ferm\n+ group => root\n+ owner => root\n+ ensure => present\n+ require => File[/etc/ferm/conf.d]\n+ notify => Service[ferm]\n"}, {"resource": "File[/etc/etcd/etcdrc]", "content": "--- /etc/etcd/etcdrc.orig\n+++ /etc/etcd/etcdrc\n@@ -0,0 +1,7 @@\n+allow_reconnect: true\n+ca_cert: /etc/ssl/certs/wmf-ca-certificates.crt\n+host: \n+port: \n+protocol: https\n+srv_domain: conftool.eqiad.wmnet\n+", "parameters": "--- File[/etc/etcd/etcdrc].orig\n+++ File[/etc/etcd/etcdrc]\n\n+ mode => 0444\n+ show_diff => True\n+ group => root\n+ owner => root\n+ ensure => present\n"}, {"resource": "File[/var/log/prometheus_lvs_realserver_mss]", "parameters": "--- File[/var/log/prometheus_lvs_realserver_mss].orig\n+++ File[/var/log/prometheus_lvs_realserver_mss]\n\n+ mode => 0755\n+ force => True\n+ group => root\n+ owner => root\n+ ensure => directory\n+ backup => False\n"}, {"resource": "File[/etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf]", "content": "--- /etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf.orig\n+++ /etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf\n@@ -0,0 +1,10 @@\n+# rsyslog.conf(5) configuration file for services.\n+# This file is managed by Puppet.\n+if $programname startswith \"prometheus_lvs_realserver_mss\" then {\n+ action(\n+ type=\"omfile\" file=\"/var/log/prometheus_lvs_realserver_mss/syslog.log\"\n+ fileOwner=\"root\" fileGroup=\"root\"\n+ fileCreateMode=\"0644\"\n+ )\n+ & stop\n+}", "parameters": "--- File[/etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf].orig\n+++ File[/etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => Service[rsyslog]\n"}, {"resource": "File[/usr/local/bin/safe-service-restart]", "parameters": "--- File[/usr/local/bin/safe-service-restart].orig\n+++ File[/usr/local/bin/safe-service-restart]\n\n+ mode => 0555\n+ source => puppet:///modules/conftool/safe-service-restart.py\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "Systemd::Timer[prometheus_ferm_mss]", "parameters": "--- Systemd::Timer[prometheus_ferm_mss].orig\n+++ Systemd::Timer[prometheus_ferm_mss]\n\n+ splay => 0\n+ fixed_random_delay => False\n+ unit_name => prometheus_ferm_mss.service\n+ ensure => present\n+ accuracy => 15sec\n+ timer_intervals => [{'start': 'OnCalendar', 'interval': 'minutely'}]\n"}, {"resource": "Augeas[ipip60_add_up]", "parameters": "--- Augeas[ipip60_add_up].orig\n+++ Augeas[ipip60_add_up]\n\n+ changes => set up[last()+1] 'ip link add name ipip60 type ip6tnl external'\n+ context => /files/etc/network/interfaces/*[. = 'ipip60' and ./family = 'inet6']\n+ lens => Interfaces.lns\n+ onlyif => match up[. = 'ip link add name ipip60 type ip6tnl external'] size == 0\n+ incl => /etc/network/interfaces\n+ require => Interface::Manual[ipip_ipv6]\n"}, {"resource": "Interface::Ipip[ipip_ipv6]", "parameters": "--- Interface::Ipip[ipip_ipv6].orig\n+++ Interface::Ipip[ipip_ipv6]\n\n+ family => inet6\n+ ensure => present\n+ interface => ipip60\n"}, {"resource": "File[/etc/ferm/conf.d/10_clamp-mss-ipv4]", "content": "--- /etc/ferm/conf.d/10_clamp-mss-ipv4.orig\n+++ /etc/ferm/conf.d/10_clamp-mss-ipv4\n@@ -0,0 +1,11 @@\n+# Autogenerated by puppet. DO NOT EDIT BY HAND!\n+#\n+# 10_clamp-mss-ipv4: \n+\n+domain (ip) {\n+\ttable filter {\n+\t\tchain OUTPUT {\n+\t\t\touterface (enp94s0f0np0 lo) saddr @ipfilter((208.80.154.242 2620:0:861:ed1a::3:242])) proto tcp sport (443 873) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n+\t\t}\n+\t}\n+}", "parameters": "--- File[/etc/ferm/conf.d/10_clamp-mss-ipv4].orig\n+++ File[/etc/ferm/conf.d/10_clamp-mss-ipv4]\n\n+ mode => 0400\n+ tag => ferm\n+ group => root\n+ owner => root\n+ ensure => present\n+ require => File[/etc/ferm/conf.d]\n+ notify => Service[ferm]\n"}, {"resource": "Augeas[ipip0_add_up]", "parameters": "--- Augeas[ipip0_add_up].orig\n+++ Augeas[ipip0_add_up]\n\n+ changes => set up[last()+1] 'ip link add name ipip0 type ipip external'\n+ context => /files/etc/network/interfaces/*[. = 'ipip0' and ./family = 'inet']\n+ lens => Interfaces.lns\n+ onlyif => match up[. = 'ip link add name ipip0 type ipip external'] size == 0\n+ incl => /etc/network/interfaces\n+ require => Interface::Manual[ipip_ipv4]\n"}, {"resource": "Class[Poolcounter::Client::Python]", "parameters": "--- Class[Poolcounter::Client::Python].orig\n+++ Class[Poolcounter::Client::Python]\n\n+ ensure => present\n+ backends => [{'label': 'pc1', 'fqdn': 'poolcounter1006.eqiad.wmnet'}, {'label': 'pc2', 'fqdn': 'poolcounter1007.eqiad.wmnet'}]\n"}, {"resource": "Systemd::Timer[nrpe2nodexp-check_tcp-mss-clamper_status]", "parameters": "--- Systemd::Timer[nrpe2nodexp-check_tcp-mss-clamper_status].orig\n+++ Systemd::Timer[nrpe2nodexp-check_tcp-mss-clamper_status]\n\n+ splay => 300\n+ fixed_random_delay => True\n+ unit_name => nrpe2nodexp-check_tcp-mss-clamper_status.service\n+ ensure => absent\n+ accuracy => 15sec\n+ timer_intervals => [{'start': 'OnUnitInactiveSec', 'interval': '5min'}, {'interval': '1s', 'start': 'OnActiveSec'}]\n"}, {"resource": "File[/usr/local/lib/nagios/plugins/check_systemd_unit_status]", "parameters": "--- File[/usr/local/lib/nagios/plugins/check_systemd_unit_status].orig\n+++ File[/usr/local/lib/nagios/plugins/check_systemd_unit_status]\n\n+ source => puppet:///modules/systemd/check_systemd_unit_status\n+ mode => 0555\n+ tag => nrpe::plugin\n+ group => root\n+ owner => root\n+ ensure => file\n+ require => File[/usr/local/lib/nagios/plugins/]\n"}, {"resource": "File[/usr/local/bin/ispooled]", "parameters": "--- File[/usr/local/bin/ispooled].orig\n+++ File[/usr/local/bin/ispooled]\n\n+ mode => 0555\n+ source => puppet:///modules/conftool/ispooled.sh\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "Systemd::Timer[prometheus_lvs_realserver_mss]", "parameters": "--- Systemd::Timer[prometheus_lvs_realserver_mss].orig\n+++ Systemd::Timer[prometheus_lvs_realserver_mss]\n\n+ splay => 0\n+ fixed_random_delay => False\n+ unit_name => prometheus_lvs_realserver_mss.service\n+ ensure => present\n+ accuracy => 15sec\n+ timer_intervals => [{'start': 'OnCalendar', 'interval': 'minutely'}]\n"}, {"resource": "File_line[rm_post-up_lo_clsact_lo]", "parameters": "--- File_line[rm_post-up_lo_clsact_lo].orig\n+++ File_line[rm_post-up_lo_clsact_lo]\n\n+ path => /etc/network/interfaces\n+ match_for_absence => True\n+ ensure => absent\n+ match => post-up /usr/sbin/tc qdisc add dev lo clsact\n"}, {"resource": "File[/root/.etcdrc]", "content": "--- /root/.etcdrc.orig\n+++ /root/.etcdrc\n@@ -0,0 +1,3 @@\n+password: MdEpzsKV8D56fxJExlfYJ\n+username: pool-eqiad-dumps\n+", "parameters": "--- File[/root/.etcdrc].orig\n+++ File[/root/.etcdrc]\n\n+ mode => 0440\n+ show_diff => False\n+ group => root\n+ owner => root\n+ ensure => present\n"}, {"resource": "Class[Profile::Base]", "parameters": "--- Class[Profile::Base].orig\n+++ Class[Profile::Base]\n\n@@\n- rp_filter => True\n+ rp_filter => False\n"}, {"resource": "Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)]", "parameters": "--- Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)].orig\n+++ Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)]\n\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "Systemd::Timer::Job[nrpe2nodexp-check_tcp-mss-clamper_status]", "parameters": "--- Systemd::Timer::Job[nrpe2nodexp-check_tcp-mss-clamper_status].orig\n+++ Systemd::Timer::Job[nrpe2nodexp-check_tcp-mss-clamper_status]\n\n+ monitoring_enabled => False\n+ splay => 300\n+ command => /usr/local/bin/nrpe2nodexp --alert-rule-hash \"295d6d5dd0a784bb9ba1d5983fd1894f\" --timeout 10 --check-command \"check_check_tcp-mss-clamper_status\"\n+ logfile_basedir => /var/log\n+ group => prometheus-node-exporter\n+ user => nagios\n+ send_mail_to => root@clouddumps1002.wikimedia.org\n+ logfile_group => root\n+ interval => [{'start': 'OnUnitInactiveSec', 'interval': '5min'}]\n+ syslog_force_stop => True\n+ logfile_name => syslog.log\n+ fixed_random_delay => True\n+ monitoring_contact_groups => admins\n+ send_mail => False\n+ description => execution of nrpe2nodexp for the check_check_tcp-mss-clamper_status command.\n+ environment => {}\n+ private_tmp => False\n+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+ send_mail_only_on_error => True\n+ syslog_match_startswith => True\n+ success_exit_status => []\n+ ignore_errors => True\n+ syslog_identifier => nrpe2nodexp-check_tcp-mss-clamper_status\n+ ensure => absent\n+ logfile_perms => all\n+ logging_enabled => False\n"}, {"resource": "File[/var/log/prometheus_ferm_mss]", "parameters": "--- File[/var/log/prometheus_ferm_mss].orig\n+++ File[/var/log/prometheus_ferm_mss]\n\n+ mode => 0755\n+ force => True\n+ group => root\n+ owner => root\n+ ensure => directory\n+ backup => False\n"}, {"resource": "File[/etc/default/wikimedia-lvs-realserver]", "content": "--- /etc/default/wikimedia-lvs-realserver.orig\n+++ /etc/default/wikimedia-lvs-realserver\n@@ -0,0 +1,10 @@\n+# This file is managed by puppet!\n+\n+\n+\n+# Location of the sysctl file containing LVS ARP settings\n+SYSCTLFILE=/usr/share/wikimedia-lvs-realserver/sysctl.conf\n+\n+# LVS service IPs to be bound to the loopback interface,\n+# separate using spaces\n+LVS_SERVICE_IPS=\"208.80.154.242 2620:0:861:ed1a::3:242\"", "parameters": "--- File[/etc/default/wikimedia-lvs-realserver].orig\n+++ File[/etc/default/wikimedia-lvs-realserver]\n\n+ group => root\n+ owner => root\n+ mode => 0444\n+ ensure => present\n"}, {"resource": "Conftool::Scripts::Safe_service_restart[rsync]", "parameters": "--- Conftool::Scripts::Safe_service_restart[rsync].orig\n+++ Conftool::Scripts::Safe_service_restart[rsync]\n\n+ max_concurrency => 1\n+ lvs_pools => ['dumps-rsync']\n+ require => ['Class[Conftool::Scripts]']\n"}, {"resource": "File[/var/lib/prometheus/node.d/check_check_tcp-mss-clamper_status.prom]", "parameters": "--- File[/var/lib/prometheus/node.d/check_check_tcp-mss-clamper_status.prom].orig\n+++ File[/var/lib/prometheus/node.d/check_check_tcp-mss-clamper_status.prom]\n\n+ group => root\n+ owner => root\n+ ensure => absent\n"}, {"resource": "Logrotate::Conf[prometheus_lvs_realserver_mss]", "parameters": "--- Logrotate::Conf[prometheus_lvs_realserver_mss].orig\n+++ Logrotate::Conf[prometheus_lvs_realserver_mss]\n\n+ ensure => present\n"}, {"resource": "File[/etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf]", "content": "--- /etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf.orig\n+++ /etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf\n@@ -0,0 +1,10 @@\n+# SPDX-License-Identifier: Apache-2.0\n+if $programname contains \"nrpe2nodexp-check_tcp-mss-clamper_status\" then {\n+ if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n+ # Send logs to kafka\n+ set $.log_outputs = \"kafka ecs_170 local\";\n+ } else {\n+ # Filter out non-relevant nrpe2nodexp messages\n+ stop\n+ }\n+}", "parameters": "--- File[/etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf].orig\n+++ File[/etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => absent\n+ notify => Service[rsyslog]\n"}, {"resource": "File[/usr/local/sbin/restart-nginx]", "content": "--- /usr/local/sbin/restart-nginx.orig\n+++ /usr/local/sbin/restart-nginx\n@@ -0,0 +1,2 @@\n+#!/bin/bash\n+/usr/local/bin/safe-service-restart --pools dumps-https --services nginx --retries 10 --wait 5 --max-concurrency 1 $@", "parameters": "--- File[/usr/local/sbin/restart-nginx].orig\n+++ File[/usr/local/sbin/restart-nginx]\n\n+ mode => 0555\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "Package[python3-poolcounter]", "parameters": "--- Package[python3-poolcounter].orig\n+++ Package[python3-poolcounter]\n\n+ ensure => present\n+ provider => apt\n"}, {"resource": "File[/usr/local/bin/depool-rsync]", "content": "--- /usr/local/bin/depool-rsync.orig\n+++ /usr/local/bin/depool-rsync\n@@ -0,0 +1,2 @@\n+#!/bin/bash\n+/usr/local/bin/safe-service-restart --pools dumps-rsync --depool --retries 10 --wait 5", "parameters": "--- File[/usr/local/bin/depool-rsync].orig\n+++ File[/usr/local/bin/depool-rsync]\n\n+ group => root\n+ owner => root\n+ mode => 0555\n+ ensure => present\n"}, {"resource": "Exec[disable-rp-filter-ipip0]", "parameters": "--- Exec[disable-rp-filter-ipip0].orig\n+++ Exec[disable-rp-filter-ipip0]\n\n+ unless => /usr/sbin/sysctl -n net.ipv4.conf.ipip0.rp_filter |grep -- '0'\n+ require => Interface::Ipip[ipip_ipv4]\n+ command => /usr/sbin/sysctl -q net.ipv4.conf.ipip0.rp_filter=0\n"}, {"resource": "File[/usr/local/sbin/restart-rsync]", "content": "--- /usr/local/sbin/restart-rsync.orig\n+++ /usr/local/sbin/restart-rsync\n@@ -0,0 +1,2 @@\n+#!/bin/bash\n+/usr/local/bin/safe-service-restart --pools dumps-rsync --services rsync --retries 10 --wait 5 --max-concurrency 1 $@", "parameters": "--- File[/usr/local/sbin/restart-rsync].orig\n+++ File[/usr/local/sbin/restart-rsync]\n\n+ group => root\n+ owner => root\n+ mode => 0555\n+ ensure => present\n"}, {"resource": "File[/etc/conftool/schema.yaml]", "parameters": "--- File[/etc/conftool/schema.yaml].orig\n+++ File[/etc/conftool/schema.yaml]\n\n+ source => puppet:///modules/profile/conftool/schema.yaml\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => file\n"}, {"resource": "Conftool::Scripts::Safe_service_restart[nginx]", "parameters": "--- Conftool::Scripts::Safe_service_restart[nginx].orig\n+++ Conftool::Scripts::Safe_service_restart[nginx]\n\n+ max_concurrency => 1\n+ lvs_pools => ['dumps-https']\n+ require => ['Class[Conftool::Scripts]']\n"}, {"resource": "Exec[ip link add name ipip60 type ip6tnl external]", "parameters": "--- Exec[ip link add name ipip60 type ip6tnl external].orig\n+++ Exec[ip link add name ipip60 type ip6tnl external]\n\n+ returns => [0, 2]\n+ path => /bin:/usr/bin\n+ unless => ip link show ipip60\n"}, {"resource": "Interface::Clsact[clsact_enp94s0f0np0]", "parameters": "--- Interface::Clsact[clsact_enp94s0f0np0].orig\n+++ Interface::Clsact[clsact_enp94s0f0np0]\n\n+ ensure => absent\n+ interface => enp94s0f0np0\n"}, {"resource": "Class[Profile::Lvs::Realserver]", "parameters": "--- Class[Profile::Lvs::Realserver].orig\n+++ Class[Profile::Lvs::Realserver]\n\n+ use_conftool => True\n+ pools => {'dumps-https': {'services': ['nginx']}, 'dumps-rsync': {'services': ['rsync']}}\n+ poolcounter_backends => [{'label': 'pc1', 'fqdn': 'poolcounter1006.eqiad.wmnet'}, {'label': 'pc2', 'fqdn': 'poolcounter1007.eqiad.wmnet'}]\n+ require => ['Class[Profile::Conftool::Client]']\n"}, {"resource": "Class[Profile::Apt]", "parameters": "--- Class[Profile::Apt].orig\n+++ Class[Profile::Apt]\n\n@@\n- before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[nginx-full]', 'Package[nginx-common]', 'Package[nfs-kernel-server]', 'Package[nfs-common]', 'Package[rpcbind]', 'Package[rsync]', 'Package[hadoop-client]', 'Package[libhdfs0]', 'Package[liblog4j-extras1.2-java]', 'Package[hadoop-hdfs-fuse]', 'Package[krb5-user]', 'Package[kstart]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[openjdk-8-jdk]']\n+ before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[nginx-full]', 'Package[nginx-common]', 'Package[nfs-kernel-server]', 'Package[nfs-common]', 'Package[rpcbind]', 'Package[rsync]', 'Package[wikimedia-lvs-realserver]', 'Package[python3-conftool]', 'Package[python3-poolcounter]', 'Package[tcp-mss-clamper]', 'Package[hadoop-client]', 'Package[libhdfs0]', 'Package[liblog4j-extras1.2-java]', 'Package[hadoop-hdfs-fuse]', 'Package[krb5-user]', 'Package[kstart]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[openjdk-8-jdk]']\n"}, {"resource": "Systemd::Unit[prometheus_lvs_realserver_mss.service]", "parameters": "--- Systemd::Unit[prometheus_lvs_realserver_mss.service].orig\n+++ Systemd::Unit[prometheus_lvs_realserver_mss.service]\n\n+ override_filename => puppet-override.conf\n+ unit => prometheus_lvs_realserver_mss.service\n+ override => False\n+ restart => False\n+ ensure => present\n+ require => ['Class[Systemd]']\n"}, {"resource": "Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)]", "parameters": "--- Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)].orig\n+++ Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)]\n\n+ before => ['Service[prometheus_ferm_mss.timer]']\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "Systemd::Service[tcp-mss-clamper]", "parameters": "--- Systemd::Service[tcp-mss-clamper].orig\n+++ Systemd::Service[tcp-mss-clamper]\n\n+ monitoring_enabled => True\n+ restart => False\n+ override => False\n+ service_params => {}\n+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments\n+ unit_type => service\n+ migration_task => T407130\n+ monitoring_critical => False\n+ ensure => absent\n+ monitoring_contact_group => admins\n"}, {"resource": "File[/lib/systemd/system/prometheus_lvs_realserver_mss.timer]", "content": "--- /lib/systemd/system/prometheus_lvs_realserver_mss.timer.orig\n+++ /lib/systemd/system/prometheus_lvs_realserver_mss.timer\n@@ -0,0 +1,12 @@\n+[Unit]\n+Description=Periodic execution of prometheus_lvs_realserver_mss.service\n+\n+[Timer]\n+Unit=prometheus_lvs_realserver_mss.service\n+# Accuracy sets the maximum time interval around the execution time we want to allow\n+AccuracySec=15sec\n+OnCalendar=minutely\n+RandomizedDelaySec=0\n+\n+[Install]\n+WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/prometheus_lvs_realserver_mss.timer].orig\n+++ File[/lib/systemd/system/prometheus_lvs_realserver_mss.timer]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)]\n"}, {"resource": "File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "content": "--- /lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer.orig\n+++ /lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer\n@@ -0,0 +1,14 @@\n+[Unit]\n+Description=Periodic execution of nrpe2nodexp-check_tcp-mss-clamper_status.service\n+\n+[Timer]\n+Unit=nrpe2nodexp-check_tcp-mss-clamper_status.service\n+# Accuracy sets the maximum time interval around the execution time we want to allow\n+AccuracySec=15sec\n+OnUnitInactiveSec=5min\n+OnActiveSec=1s\n+RandomizedDelaySec=300\n+FixedRandomDelay=true\n+\n+[Install]\n+WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer].orig\n+++ File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => absent\n+ notify => Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]\n"}, {"resource": "Class[Conftool::Config]", "parameters": "--- Class[Conftool::Config].orig\n+++ Class[Conftool::Config]\n\n+ tcpircbot_port => 9200\n+ tcpircbot_host => icinga.wikimedia.org\n+ hosts => []\n+ namespace => /conftool\n+ conftool2git_address => puppetserver1003.eqiad.wmnet:1312\n"}, {"resource": "Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]", "parameters": "--- Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport].orig\n+++ Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]\n\n+ ensure => present\n+ clamped_ipport => ['208.80.154.242:443', '208.80.154.242:873', '[2620:0:861:ed1a::3:242]:443', '[2620:0:861:ed1a::3:242]:873']\n+ outfile => /var/lib/prometheus/node.d/lvs-realserver-mss.prom\n"}, {"resource": "Exec[disable-rp-filter-ipip60]", "parameters": "--- Exec[disable-rp-filter-ipip60].orig\n+++ Exec[disable-rp-filter-ipip60]\n\n+ unless => /usr/sbin/sysctl -n net.ipv4.conf.ipip60.rp_filter |grep -- '0'\n+ require => Interface::Ipip[ipip_ipv6]\n+ command => /usr/sbin/sysctl -q net.ipv4.conf.ipip60.rp_filter=0\n"}, {"resource": "Exec[disable-rp-filter-enp94s0f0np0]", "parameters": "--- Exec[disable-rp-filter-enp94s0f0np0].orig\n+++ Exec[disable-rp-filter-enp94s0f0np0]\n\n+ unless => /usr/sbin/sysctl -n net.ipv4.conf.enp94s0f0np0.rp_filter |grep -- '0'\n+ command => /usr/sbin/sysctl -q net.ipv4.conf.enp94s0f0np0.rp_filter=0\n"}, {"resource": "File[/usr/local/bin/pool-rsync]", "content": "--- /usr/local/bin/pool-rsync.orig\n+++ /usr/local/bin/pool-rsync\n@@ -0,0 +1,2 @@\n+#!/bin/bash\n+/usr/local/bin/safe-service-restart --pools dumps-rsync --pool --retries 10 --wait 5", "parameters": "--- File[/usr/local/bin/pool-rsync].orig\n+++ File[/usr/local/bin/pool-rsync]\n\n+ group => root\n+ owner => root\n+ mode => 0555\n+ ensure => present\n"}, {"resource": "Service[nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "parameters": "--- Service[nrpe2nodexp-check_tcp-mss-clamper_status.timer].orig\n+++ Service[nrpe2nodexp-check_tcp-mss-clamper_status.timer]\n\n+ enable => False\n+ ensure => stopped\n+ provider => systemd\n+ before => ['Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]']\n"}, {"resource": "Sysctl::Conffile[ubuntu defaults]"}, {"resource": "File[/etc/conftool]", "parameters": "--- File[/etc/conftool].orig\n+++ File[/etc/conftool]\n\n+ group => root\n+ owner => root\n+ mode => 0755\n+ ensure => directory\n"}, {"resource": "Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]", "parameters": "--- Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)].orig\n+++ Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]\n\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]", "content": "--- /lib/systemd/system/prometheus_lvs_realserver_mss.service.orig\n+++ /lib/systemd/system/prometheus_lvs_realserver_mss.service\n@@ -0,0 +1,8 @@\n+[Unit]\n+Description=Regular job to collect MSS values of realserver endpoints\n+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+\n+[Service]\n+Type=oneshot\n+User=root\n+ExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 208.80.154.242:443 -e 208.80.154.242:873 -e [2620:0:861:ed1a::3:242]:443 -e [2620:0:861:ed1a::3:242]:873", "parameters": "--- File[/lib/systemd/system/prometheus_lvs_realserver_mss.service].orig\n+++ File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)]\n"}, {"resource": "Etcd::Client::Config[/root/.etcdrc]", "parameters": "--- Etcd::Client::Config[/root/.etcdrc].orig\n+++ Etcd::Client::Config[/root/.etcdrc]\n\n+ world_readable => False\n+ group => root\n+ owner => root\n+ ensure => present\n+ settings => {'username': 'pool-eqiad-dumps', 'password': 'MdEpzsKV8D56fxJExlfYJ'}\n"}, {"resource": "Exec[/usr/sbin/dpkg-reconfigure -p critical -f noninteractive wikimedia-lvs-realserver]", "parameters": "--- Exec[/usr/sbin/dpkg-reconfigure -p critical -f noninteractive wikimedia-lvs-realserver].orig\n+++ Exec[/usr/sbin/dpkg-reconfigure -p critical -f noninteractive wikimedia-lvs-realserver]\n\n+ path => /bin:/sbin:/usr/bin:/usr/sbin\n+ subscribe => File[/etc/default/wikimedia-lvs-realserver]\n+ refreshonly => True\n+ require => Package[wikimedia-lvs-realserver]\n"}, {"resource": "Exec[/usr/sbin/tc qdisc del dev enp94s0f0np0 clsact]", "parameters": "--- Exec[/usr/sbin/tc qdisc del dev enp94s0f0np0 clsact].orig\n+++ Exec[/usr/sbin/tc qdisc del dev enp94s0f0np0 clsact]\n\n+ onlyif => /usr/sbin/tc qdisc show dev enp94s0f0np0 | grep -q clsact\n"}, {"resource": "Rsyslog::Conf[prometheus_ferm_mss]", "parameters": "--- Rsyslog::Conf[prometheus_ferm_mss].orig\n+++ Rsyslog::Conf[prometheus_ferm_mss]\n\n+ priority => 40\n+ mode => 0444\n+ ensure => present\n+ require => File[/var/log/prometheus_ferm_mss]\n"}, {"resource": "Sysctl::Parameters[ubuntu defaults]", "parameters": "--- Sysctl::Parameters[ubuntu defaults].orig\n+++ Sysctl::Parameters[ubuntu defaults]\n\n@@\n- values => {'kernel.printk': [4, 4, 1, 7], 'kernel.kptr_restrict': 1, 'net.ipv4.conf.default.rp_filter': 1, 'net.ipv4.conf.all.rp_filter': 1, 'net.ipv4.tcp_syncookies': 1, 'kernel.yama.ptrace_scope': 1, 'fs.protected_hardlinks': 1, 'fs.protected_symlinks': 1, 'vm.mmap_min_addr': 65536}\n+ values => {'kernel.printk': [4, 4, 1, 7], 'kernel.kptr_restrict': 1, 'net.ipv4.conf.default.rp_filter': 0, 'net.ipv4.conf.all.rp_filter': 0, 'net.ipv4.tcp_syncookies': 1, 'kernel.yama.ptrace_scope': 1, 'fs.protected_hardlinks': 1, 'fs.protected_symlinks': 1, 'vm.mmap_min_addr': 65536}\n"}, {"resource": "File[/usr/local/bin/pooler-loop]", "parameters": "--- File[/usr/local/bin/pooler-loop].orig\n+++ File[/usr/local/bin/pooler-loop]\n\n+ mode => 0555\n+ source => puppet:///modules/conftool/pooler_loop.rb\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "File[/lib/systemd/system/tcp-mss-clamper.service]", "content": "--- /lib/systemd/system/tcp-mss-clamper.service.orig\n+++ /lib/systemd/system/tcp-mss-clamper.service\n@@ -0,0 +1,11 @@\n+[Unit]\n+Description=eBPF based TCP MSS clamper\n+After=network.target\n+\n+[Install]\n+WantedBy=multi-user.target\n+\n+[Service]\n+LimitMEMLOCK=infinity\n+ExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1440 --ipv6-mss 1400 -p :2200 -s \"208.80.154.242:443,208.80.154.242:873,[2620:0:861:ed1a::3:242]:443,[2620:0:861:ed1a::3:242]:873\" -i enp94s0f0np0,lo\n+Restart=on-failure", "parameters": "--- File[/lib/systemd/system/tcp-mss-clamper.service].orig\n+++ File[/lib/systemd/system/tcp-mss-clamper.service]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => absent\n+ notify => Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]\n"}, {"resource": "Exec[ip link add name ipip0 type ipip external]", "parameters": "--- Exec[ip link add name ipip0 type ipip external].orig\n+++ Exec[ip link add name ipip0 type ipip external]\n\n+ returns => [0, 2]\n+ path => /bin:/usr/bin\n+ unless => ip link show ipip0\n"}, {"resource": "Logrotate::Conf[prometheus_ferm_mss]", "parameters": "--- Logrotate::Conf[prometheus_ferm_mss].orig\n+++ Logrotate::Conf[prometheus_ferm_mss]\n\n+ ensure => present\n"}, {"resource": "Systemd::Unit[tcp-mss-clamper]", "parameters": "--- Systemd::Unit[tcp-mss-clamper].orig\n+++ Systemd::Unit[tcp-mss-clamper]\n\n+ override_filename => puppet-override.conf\n+ restart => False\n+ ensure => absent\n+ override => False\n+ unit => tcp-mss-clamper\n+ require => ['Class[Systemd]']\n"}, {"resource": "Class[Profile::Conftool::Client]", "parameters": "--- Class[Profile::Conftool::Client].orig\n+++ Class[Profile::Conftool::Client]\n\n+ tcpircbot_host => icinga.wikimedia.org\n+ namespace => /conftool\n+ tcpircbot_port => 9200\n+ etcd_user => __auto__\n+ srv_domain => conftool.eqiad.wmnet\n+ conftool2git_bind_addr => 0.0.0.0:1312\n+ conftool2git_host => puppetserver1003.eqiad.wmnet\n+ pool_pwd_seed => 21}@/\n+ require => ['Class[Passwords::Etcd]']\n"}, {"resource": "Package[python3-conftool]", "parameters": "--- Package[python3-conftool].orig\n+++ Package[python3-conftool]\n\n+ ensure => installed\n+ provider => apt\n"}, {"resource": "Nrpe::Check[check_check_tcp-mss-clamper_status]", "parameters": "--- Nrpe::Check[check_check_tcp-mss-clamper_status].orig\n+++ Nrpe::Check[check_check_tcp-mss-clamper_status]\n\n+ ensure => absent\n+ before => Monitoring::Service[check_tcp-mss-clamper_status]\n+ command => /usr/local/lib/nagios/plugins/check_systemd_unit_status tcp-mss-clamper\n"}, {"resource": "Systemd::Unit[prometheus_ferm_mss.service]", "parameters": "--- Systemd::Unit[prometheus_ferm_mss.service].orig\n+++ Systemd::Unit[prometheus_ferm_mss.service]\n\n+ override_filename => puppet-override.conf\n+ unit => prometheus_ferm_mss.service\n+ override => False\n+ restart => False\n+ ensure => present\n+ require => ['Class[Systemd]']\n"}, {"resource": "Interface::Manual[ipip_ipv6]", "parameters": "--- Interface::Manual[ipip_ipv6].orig\n+++ Interface::Manual[ipip_ipv6]\n\n+ family => inet6\n+ ensure => present\n+ interface => ipip60\n+ hotplug => False\n"}, {"resource": "Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)]", "parameters": "--- Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)].orig\n+++ Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)]\n\n+ before => ['Service[prometheus_lvs_realserver_mss.timer]']\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "File[/usr/local/bin/drain]", "parameters": "--- File[/usr/local/bin/drain].orig\n+++ File[/usr/local/bin/drain]\n\n+ mode => 0555\n+ source => puppet:///modules/conftool/conftool-simple-command.sh\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "Class[Profile::Lvs::Realserver::Ipip]", "parameters": "--- Class[Profile::Lvs::Realserver::Ipip].orig\n+++ Class[Profile::Lvs::Realserver::Ipip]\n\n+ enabled => True\n+ ipv6_mss => 1400\n+ firewall_provider => ferm\n+ clamping_enabled => True\n+ pools => {'dumps-https': {'services': ['nginx']}, 'dumps-rsync': {'services': ['rsync']}}\n+ interfaces => ['enp94s0f0np0', 'lo']\n+ ipv4_mss => 1440\n"}, {"resource": "Prometheus::Alert::Rule[check_check_tcp-mss-clamper_status_295d6d5dd0a784bb9ba1d5983fd1894f]", "parameters": "--- Prometheus::Alert::Rule[check_check_tcp-mss-clamper_status_295d6d5dd0a784bb9ba1d5983fd1894f].orig\n+++ Prometheus::Alert::Rule[check_check_tcp-mss-clamper_status_295d6d5dd0a784bb9ba1d5983fd1894f]\n\n+ def_label_whitelst => ['team', 'severity']\n+ alert_name => nrpe_Check_unit_status_of_tcp_mss_clamper\n+ description => NRPE CHECK: Check unit status of tcp-mss-clamper\n+ instance => ops\n+ group => nrpechecks\n+ team => observability\n+ dashboard => TODO\n+ severity => info\n+ ensure => absent\n+ runbook => https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments\n+ logs => https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_check_tcp-mss-clamper_status))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))\n+ expr => (nagios_nrpe_check_result{alert_rule_hash=\"295d6d5dd0a784bb9ba1d5983fd1894f\",check_name=\"check_check_tcp-mss-clamper_status\", status=~\"(WARNING|CRITICAL)\", severity=~\"(warning|critical)\"} > 0) * on (instance) group_left (team) role_owner\n+ site => eqiad\n+ summary => NRPE CHECK: Check unit status of tcp-mss-clamper\n+ for => 11m\n"}, {"resource": "Interface::Clsact[clsact_lo]", "parameters": "--- Interface::Clsact[clsact_lo].orig\n+++ Interface::Clsact[clsact_lo]\n\n+ ensure => absent\n+ interface => lo\n"}, {"resource": "Systemd::Syslog[prometheus_lvs_realserver_mss]", "parameters": "--- Systemd::Syslog[prometheus_lvs_realserver_mss].orig\n+++ Systemd::Syslog[prometheus_lvs_realserver_mss]\n\n+ log_filename => syslog.log\n+ programname_comparison => startswith\n+ readable_by => all\n+ group => root\n+ force_stop => True\n+ owner => root\n+ ensure => present\n+ base_dir => /var/log\n"}, {"resource": "Systemd::Syslog[prometheus_ferm_mss]", "parameters": "--- Systemd::Syslog[prometheus_ferm_mss].orig\n+++ Systemd::Syslog[prometheus_ferm_mss]\n\n+ log_filename => syslog.log\n+ programname_comparison => startswith\n+ readable_by => all\n+ group => root\n+ force_stop => True\n+ owner => root\n+ ensure => present\n+ base_dir => /var/log\n"}, {"resource": "Systemd::Unit[prometheus_lvs_realserver_mss.timer]", "parameters": "--- Systemd::Unit[prometheus_lvs_realserver_mss.timer].orig\n+++ Systemd::Unit[prometheus_lvs_realserver_mss.timer]\n\n+ override_filename => puppet-override.conf\n+ restart => False\n+ ensure => present\n+ override => False\n+ unit => prometheus_lvs_realserver_mss.timer\n+ require => ['Class[Systemd]']\n"}, {"resource": "File[/lib/systemd/system/prometheus_ferm_mss.timer]", "content": "--- /lib/systemd/system/prometheus_ferm_mss.timer.orig\n+++ /lib/systemd/system/prometheus_ferm_mss.timer\n@@ -0,0 +1,12 @@\n+[Unit]\n+Description=Periodic execution of prometheus_ferm_mss.service\n+\n+[Timer]\n+Unit=prometheus_ferm_mss.service\n+# Accuracy sets the maximum time interval around the execution time we want to allow\n+AccuracySec=15sec\n+OnCalendar=minutely\n+RandomizedDelaySec=0\n+\n+[Install]\n+WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/prometheus_ferm_mss.timer].orig\n+++ File[/lib/systemd/system/prometheus_ferm_mss.timer]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)]\n"}, {"resource": "File[/lib/systemd/system/prometheus_ferm_mss.service]", "content": "--- /lib/systemd/system/prometheus_ferm_mss.service.orig\n+++ /lib/systemd/system/prometheus_ferm_mss.service\n@@ -0,0 +1,8 @@\n+[Unit]\n+Description=Regular job to collect MSS values of ferm-based hosts\n+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+\n+[Service]\n+Type=oneshot\n+User=root\n+ExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 208.80.154.242:443 -e 208.80.154.242:873 -e [2620:0:861:ed1a::3:242]:443 -e [2620:0:861:ed1a::3:242]:873", "parameters": "--- File[/lib/systemd/system/prometheus_ferm_mss.service].orig\n+++ File[/lib/systemd/system/prometheus_ferm_mss.service]\n\n+ mode => 0444\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => Exec[systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)]\n"}, {"resource": "Augeas[ipip60_set_up]", "parameters": "--- Augeas[ipip60_set_up].orig\n+++ Augeas[ipip60_set_up]\n\n+ changes => set up[last()+1] 'ip link set up dev ipip60'\n+ context => /files/etc/network/interfaces/*[. = 'ipip60' and ./family = 'inet6']\n+ lens => Interfaces.lns\n+ onlyif => match up[. = 'ip link set up dev ipip60'] size == 0\n+ incl => /etc/network/interfaces\n+ require => Augeas[ipip60_add_up]\n"}, {"resource": "Nrpe::Plugin[check_systemd_unit_status]", "parameters": "--- Nrpe::Plugin[check_systemd_unit_status].orig\n+++ Nrpe::Plugin[check_systemd_unit_status]\n\n+ source => puppet:///modules/systemd/check_systemd_unit_status\n+ ensure => present\n"}, {"resource": "Exec[/usr/sbin/tc qdisc del dev lo clsact]", "parameters": "--- Exec[/usr/sbin/tc qdisc del dev lo clsact].orig\n+++ Exec[/usr/sbin/tc qdisc del dev lo clsact]\n\n+ onlyif => /usr/sbin/tc qdisc show dev lo | grep -q clsact\n"}, {"resource": "File[/etc/logrotate.d/prometheus_lvs_realserver_mss]", "content": "--- /etc/logrotate.d/prometheus_lvs_realserver_mss.orig\n+++ /etc/logrotate.d/prometheus_lvs_realserver_mss\n@@ -0,0 +1,12 @@\n+# logrotate(8) config for prometheus_lvs_realserver_mss\n+\n+/var/log/prometheus_lvs_realserver_mss/*.log {\n+ daily\n+ copytruncate\n+ missingok\n+ compress\n+ delaycompress\n+ notifempty\n+ rotate 15\n+ size 256M\n+}", "parameters": "--- File[/etc/logrotate.d/prometheus_lvs_realserver_mss].orig\n+++ File[/etc/logrotate.d/prometheus_lvs_realserver_mss]\n\n+ group => root\n+ owner => root\n+ mode => 0444\n+ ensure => present\n"}, {"resource": "Interface::Post_up_command[clsact_enp94s0f0np0]", "parameters": "--- Interface::Post_up_command[clsact_enp94s0f0np0].orig\n+++ Interface::Post_up_command[clsact_enp94s0f0np0]\n\n+ ensure => absent\n+ command => /usr/sbin/tc qdisc add dev enp94s0f0np0 clsact\n+ interface => enp94s0f0np0\n"}, {"resource": "Monitoring::Exported_nagios_service[clouddumps1002 check_tcp-mss-clamper_status]", "parameters": "--- Monitoring::Exported_nagios_service[clouddumps1002 check_tcp-mss-clamper_status].orig\n+++ Monitoring::Exported_nagios_service[clouddumps1002 check_tcp-mss-clamper_status]\n\n+ max_check_attempts => 2\n+ is_volatile => 0\n+ contact_groups => admins\n+ notification_options => c,r,f\n+ check_interval => 10\n+ notification_interval => 0\n+ passive_checks_enabled => 1\n+ host_name => clouddumps1002\n+ servicegroups => wmcs_eqiad\n+ check_period => 24x7\n+ check_command => nrpe_check!check_check_tcp-mss-clamper_status!10\n+ notes_url => https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments\n+ check_freshness => 0\n+ retry_interval => 1\n+ active_checks_enabled => 1\n+ notifications_enabled => 1\n+ notification_period => 24x7\n+ ensure => absent\n+ service_description => Check unit status of tcp-mss-clamper\n"}, {"resource": "File_line[rm_post-up_enp94s0f0np0_clsact_enp94s0f0np0]", "parameters": "--- File_line[rm_post-up_enp94s0f0np0_clsact_enp94s0f0np0].orig\n+++ File_line[rm_post-up_enp94s0f0np0_clsact_enp94s0f0np0]\n\n+ path => /etc/network/interfaces\n+ match_for_absence => True\n+ ensure => absent\n+ match => post-up /usr/sbin/tc qdisc add dev enp94s0f0np0 clsact\n"}, {"resource": "File[/etc/ferm/conf.d/10_ipip]", "content": "--- /etc/ferm/conf.d/10_ipip.orig\n+++ /etc/ferm/conf.d/10_ipip\n@@ -0,0 +1,11 @@\n+# Autogenerated by puppet. DO NOT EDIT BY HAND!\n+#\n+# 10_ipip: \n+\n+domain (ip) {\n+\ttable filter {\n+\t\tchain INPUT {\n+\t\t\tsaddr 172.16.0.0/12 proto ipencap ACCEPT;\n+\t\t}\n+\t}\n+}", "parameters": "--- File[/etc/ferm/conf.d/10_ipip].orig\n+++ File[/etc/ferm/conf.d/10_ipip]\n\n+ mode => 0400\n+ tag => ferm\n+ group => root\n+ owner => root\n+ ensure => present\n+ require => File[/etc/ferm/conf.d]\n+ notify => Service[ferm]\n"}, {"resource": "Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)]", "parameters": "--- Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)].orig\n+++ Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)]\n\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "File[/usr/local/bin/prometheus-ferm-mss]", "parameters": "--- File[/usr/local/bin/prometheus-ferm-mss].orig\n+++ File[/usr/local/bin/prometheus-ferm-mss]\n\n+ mode => 0555\n+ source => puppet:///modules/prometheus/usr/local/bin/prometheus-ferm-mss.py\n+ group => root\n+ owner => root\n+ ensure => file\n"}, {"resource": "File[/usr/local/bin/prometheus-lvs-realserver-mss]", "parameters": "--- File[/usr/local/bin/prometheus-lvs-realserver-mss].orig\n+++ File[/usr/local/bin/prometheus-lvs-realserver-mss]\n\n+ mode => 0555\n+ source => puppet:///modules/prometheus/usr/local/bin/prometheus-lvs-realserver-mss.py\n+ group => root\n+ owner => root\n+ ensure => file\n"}, {"resource": "Ferm::Rule[ipip]", "parameters": "--- Ferm::Rule[ipip].orig\n+++ Ferm::Rule[ipip]\n\n+ desc => \n+ table => filter\n+ chain => INPUT\n+ rule => saddr 172.16.0.0/12 proto ipencap ACCEPT;\n+ ensure => present\n+ domain => (ip)\n+ prio => 10\n"}, {"resource": "Systemd::Unit[prometheus_ferm_mss.timer]", "parameters": "--- Systemd::Unit[prometheus_ferm_mss.timer].orig\n+++ Systemd::Unit[prometheus_ferm_mss.timer]\n\n+ override_filename => puppet-override.conf\n+ restart => False\n+ ensure => present\n+ override => False\n+ unit => prometheus_ferm_mss.timer\n+ require => ['Class[Systemd]']\n"}, {"resource": "File[/usr/local/bin/decommission]", "parameters": "--- File[/usr/local/bin/decommission].orig\n+++ File[/usr/local/bin/decommission]\n\n+ mode => 0555\n+ source => puppet:///modules/conftool/conftool-simple-command.sh\n+ group => root\n+ owner => root\n+ ensure => present\n+ notify => ['Service[nginx]']\n"}, {"resource": "Package[wikimedia-lvs-realserver]", "parameters": "--- Package[wikimedia-lvs-realserver].orig\n+++ Package[wikimedia-lvs-realserver]\n\n+ ensure => present\n+ provider => apt\n+ require => File[/etc/default/wikimedia-lvs-realserver]\n"}, {"resource": "Class[Etcd::Client::Globalconfig]", "parameters": "--- Class[Etcd::Client::Globalconfig].orig\n+++ Class[Etcd::Client::Globalconfig]\n\n+ srv_domain => conftool.eqiad.wmnet\n"}, {"resource": "Augeas[ipip0_set_up]", "parameters": "--- Augeas[ipip0_set_up].orig\n+++ Augeas[ipip0_set_up]\n\n+ changes => set up[last()+1] 'ip link set up dev ipip0'\n+ context => /files/etc/network/interfaces/*[. = 'ipip0' and ./family = 'inet']\n+ lens => Interfaces.lns\n+ onlyif => match up[. = 'ip link set up dev ipip0'] size == 0\n+ incl => /etc/network/interfaces\n+ require => Augeas[ipip0_add_up]\n"}, {"resource": "File[/etc/poolcounter-backends.yaml]", "content": "--- /etc/poolcounter-backends.yaml.orig\n+++ /etc/poolcounter-backends.yaml\n@@ -0,0 +1,3 @@\n+---\n+- pc1:poolcounter1006.eqiad.wmnet:1\n+- pc2:poolcounter1007.eqiad.wmnet:1", "parameters": "--- File[/etc/poolcounter-backends.yaml].orig\n+++ File[/etc/poolcounter-backends.yaml]\n\n+ mode => 0444\n+ owner => root\n+ ensure => present\n+ group => root\n"}], "perc_changed": "8.29%"}, "core": {"total": 3545, "only_in_self": [], "only_in_other": ["Augeas[ipip0_127.0.0.42/32]", "Augeas[ipip0_add_up]", "Augeas[ipip0_manual]", "Augeas[ipip0_set_up]", "Augeas[ipip60_add_up]", "Augeas[ipip60_manual]", "Augeas[ipip60_set_up]", "Exec[/usr/sbin/dpkg-reconfigure -p critical -f noninteractive wikimedia-lvs-realserver]", "Exec[/usr/sbin/tc qdisc del dev enp94s0f0np0 clsact]", "Exec[/usr/sbin/tc qdisc del dev lo clsact]", "Exec[disable-rp-filter-enp94s0f0np0]", "Exec[disable-rp-filter-ipip0]", "Exec[disable-rp-filter-ipip60]", "Exec[ip addr add 127.0.0.42/32 dev ipip0]", "Exec[ip link add name ipip0 type ipip external]", "Exec[ip link add name ipip60 type ip6tnl external]", "Exec[ip link set up dev ipip0]", "Exec[ip link set up dev ipip60]", "Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)]", "Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]", "Exec[systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)]", "Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)]", "Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)]", "Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)]", "Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]", "File[/etc/conftool/config.yaml]", "File[/etc/conftool/json-schema/]", "File[/etc/conftool/local_services.yaml]", "File[/etc/conftool/schema.yaml]", "File[/etc/conftool]", "File[/etc/default/wikimedia-lvs-realserver]", "File[/etc/etcd/etcdrc]", "File[/etc/etcd]", "File[/etc/ferm/conf.d/10_clamp-mss-ipv4]", "File[/etc/ferm/conf.d/10_clamp-mss-ipv6]", "File[/etc/ferm/conf.d/10_ip6ip6]", "File[/etc/ferm/conf.d/10_ipip]", "File[/etc/logrotate.d/prometheus_ferm_mss]", "File[/etc/logrotate.d/prometheus_lvs_realserver_mss]", "File[/etc/nagios/nrpe.d/check_check_tcp-mss-clamper_status.cfg]", "File[/etc/poolcounter-backends.yaml]", "File[/etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf]", "File[/etc/rsyslog.d/40-prometheus-ferm-mss.conf]", "File[/etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf]", "File[/etc/sudoers.d/nrpe-check_check_tcp-mss-clamper_status]", "File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service]", "File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "File[/lib/systemd/system/prometheus_ferm_mss.service]", "File[/lib/systemd/system/prometheus_ferm_mss.timer]", "File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]", "File[/lib/systemd/system/prometheus_lvs_realserver_mss.timer]", "File[/lib/systemd/system/tcp-mss-clamper.service]", "File[/root/.etcdrc]", "File[/usr/local/bin/decommission]", "File[/usr/local/bin/depool-nginx]", "File[/usr/local/bin/depool-rsync]", "File[/usr/local/bin/depool]", "File[/usr/local/bin/drain]", "File[/usr/local/bin/ispooled]", "File[/usr/local/bin/pool-nginx]", "File[/usr/local/bin/pool-rsync]", "File[/usr/local/bin/pool]", "File[/usr/local/bin/pooler-loop]", "File[/usr/local/bin/prometheus-ferm-mss]", "File[/usr/local/bin/prometheus-lvs-realserver-mss]", "File[/usr/local/bin/safe-service-restart]", "File[/usr/local/lib/nagios/plugins/check_systemd_unit_status]", "File[/usr/local/sbin/restart-nginx]", "File[/usr/local/sbin/restart-rsync]", "File[/var/lib/prometheus/node.d/check_check_tcp-mss-clamper_status.prom]", "File[/var/log/prometheus_ferm_mss]", "File[/var/log/prometheus_lvs_realserver_mss]", "File_line[rm_post-up_enp94s0f0np0_clsact_enp94s0f0np0]", "File_line[rm_post-up_lo_clsact_lo]", "Package[python3-conftool]", "Package[python3-poolcounter]", "Package[tcp-mss-clamper]", "Package[wikimedia-lvs-realserver]", "Service[nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "Service[prometheus_ferm_mss.timer]", "Service[prometheus_lvs_realserver_mss.timer]", "Service[tcp-mss-clamper]"], "resource_diffs": [{"resource": "File[/etc/sysctl.d/51-ubuntu-defaults.conf]", "content": "--- /etc/sysctl.d/51-ubuntu-defaults.conf.orig\n+++ /etc/sysctl.d/51-ubuntu-defaults.conf\n@@ -4,7 +4,7 @@\n kernel.kptr_restrict = 1\n kernel.printk = 4 4 1 7\n kernel.yama.ptrace_scope = 1\n-net.ipv4.conf.all.rp_filter = 1\n-net.ipv4.conf.default.rp_filter = 1\n+net.ipv4.conf.all.rp_filter = 0\n+net.ipv4.conf.default.rp_filter = 0\n net.ipv4.tcp_syncookies = 1\n vm.mmap_min_addr = 65536"}], "perc_changed": "2.34%"}, "main": {"total": 3545, "only_in_self": [], "only_in_other": ["Augeas[ipip0_127.0.0.42/32]", "Augeas[ipip0_add_up]", "Augeas[ipip0_manual]", "Augeas[ipip0_set_up]", "Augeas[ipip60_add_up]", "Augeas[ipip60_manual]", "Augeas[ipip60_set_up]", "Class[Conftool::Config]", "Class[Conftool::Scripts]", "Class[Etcd::Client::Globalconfig]", "Class[Lvs::Realserver]", "Class[Passwords::Etcd]", "Class[Poolcounter::Client::Python]", "Class[Poolcounter::Client]", "Class[Profile::Conftool::Client]", "Class[Profile::Lvs::Configuration]", "Class[Profile::Lvs::Realserver::Ipip]", "Class[Profile::Lvs::Realserver]", "Class[Wmflib::Service::Catalog]", "Class[Wmflib::Service::Conftool]", "Conftool::Scripts::Safe_service_restart[nginx]", "Conftool::Scripts::Safe_service_restart[rsync]", "Etcd::Client::Config[/etc/etcd/etcdrc]", "Etcd::Client::Config[/root/.etcdrc]", "Exec[/usr/sbin/dpkg-reconfigure -p critical -f noninteractive wikimedia-lvs-realserver]", "Exec[/usr/sbin/tc qdisc del dev enp94s0f0np0 clsact]", "Exec[/usr/sbin/tc qdisc del dev lo clsact]", "Exec[disable-rp-filter-enp94s0f0np0]", "Exec[disable-rp-filter-ipip0]", "Exec[disable-rp-filter-ipip60]", "Exec[ip addr add 127.0.0.42/32 dev ipip0]", "Exec[ip link add name ipip0 type ipip external]", "Exec[ip link add name ipip60 type ip6tnl external]", "Exec[ip link set up dev ipip0]", "Exec[ip link set up dev ipip60]", "Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)]", "Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]", "Exec[systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)]", "Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)]", "Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)]", "Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)]", "Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]", "Ferm::Rule[clamp-mss-ipv4]", "Ferm::Rule[clamp-mss-ipv6]", "Ferm::Rule[ip6ip6]", "Ferm::Rule[ipip]", "File[/etc/conftool/config.yaml]", "File[/etc/conftool/json-schema/]", "File[/etc/conftool/local_services.yaml]", "File[/etc/conftool/schema.yaml]", "File[/etc/conftool]", "File[/etc/default/wikimedia-lvs-realserver]", "File[/etc/etcd/etcdrc]", "File[/etc/etcd]", "File[/etc/ferm/conf.d/10_clamp-mss-ipv4]", "File[/etc/ferm/conf.d/10_clamp-mss-ipv6]", "File[/etc/ferm/conf.d/10_ip6ip6]", "File[/etc/ferm/conf.d/10_ipip]", "File[/etc/logrotate.d/prometheus_ferm_mss]", "File[/etc/logrotate.d/prometheus_lvs_realserver_mss]", "File[/etc/nagios/nrpe.d/check_check_tcp-mss-clamper_status.cfg]", "File[/etc/poolcounter-backends.yaml]", "File[/etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf]", "File[/etc/rsyslog.d/40-prometheus-ferm-mss.conf]", "File[/etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf]", "File[/etc/sudoers.d/nrpe-check_check_tcp-mss-clamper_status]", "File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service]", "File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "File[/lib/systemd/system/prometheus_ferm_mss.service]", "File[/lib/systemd/system/prometheus_ferm_mss.timer]", "File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]", "File[/lib/systemd/system/prometheus_lvs_realserver_mss.timer]", "File[/lib/systemd/system/tcp-mss-clamper.service]", "File[/root/.etcdrc]", "File[/usr/local/bin/decommission]", "File[/usr/local/bin/depool-nginx]", "File[/usr/local/bin/depool-rsync]", "File[/usr/local/bin/depool]", "File[/usr/local/bin/drain]", "File[/usr/local/bin/ispooled]", "File[/usr/local/bin/pool-nginx]", "File[/usr/local/bin/pool-rsync]", "File[/usr/local/bin/pool]", "File[/usr/local/bin/pooler-loop]", "File[/usr/local/bin/prometheus-ferm-mss]", "File[/usr/local/bin/prometheus-lvs-realserver-mss]", "File[/usr/local/bin/safe-service-restart]", "File[/usr/local/lib/nagios/plugins/check_systemd_unit_status]", "File[/usr/local/sbin/restart-nginx]", "File[/usr/local/sbin/restart-rsync]", "File[/var/lib/prometheus/node.d/check_check_tcp-mss-clamper_status.prom]", "File[/var/log/prometheus_ferm_mss]", "File[/var/log/prometheus_lvs_realserver_mss]", "File_line[rm_post-up_enp94s0f0np0_clsact_enp94s0f0np0]", "File_line[rm_post-up_lo_clsact_lo]", "Interface::Clsact[clsact_enp94s0f0np0]", "Interface::Clsact[clsact_lo]", "Interface::Ip[ipip_ipv4 ipv4]", "Interface::Ipip[ipip_ipv4]", "Interface::Ipip[ipip_ipv6]", "Interface::Manual[ipip_ipv4]", "Interface::Manual[ipip_ipv6]", "Interface::Post_up_command[clsact_enp94s0f0np0]", "Interface::Post_up_command[clsact_lo]", "Logrotate::Conf[prometheus_ferm_mss]", "Logrotate::Conf[prometheus_lvs_realserver_mss]", "Monitoring::Exported_nagios_service[clouddumps1002 check_tcp-mss-clamper_status]", "Monitoring::Service[check_tcp-mss-clamper_status]", "Nrpe::Check[check_check_tcp-mss-clamper_status]", "Nrpe::Monitor_service[check_tcp-mss-clamper_status]", "Nrpe::Plugin[check_systemd_unit_status]", "Package[python3-conftool]", "Package[python3-poolcounter]", "Package[tcp-mss-clamper]", "Package[wikimedia-lvs-realserver]", "Prometheus::Alert::Rule[check_check_tcp-mss-clamper_status_295d6d5dd0a784bb9ba1d5983fd1894f]", "Prometheus::Node_ferm_mss[ferm_clamped_ipport]", "Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]", "Rsyslog::Conf[nrpe2nodexp-check_tcp-mss-clamper_status]", "Rsyslog::Conf[prometheus_ferm_mss]", "Rsyslog::Conf[prometheus_lvs_realserver_mss]", "Service[nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "Service[prometheus_ferm_mss.timer]", "Service[prometheus_lvs_realserver_mss.timer]", "Service[tcp-mss-clamper]", "Sudo::User[nrpe-check_check_tcp-mss-clamper_status]", "Systemd::Monitor[tcp-mss-clamper]", "Systemd::Service[nrpe2nodexp-check_tcp-mss-clamper_status]", "Systemd::Service[prometheus_ferm_mss]", "Systemd::Service[prometheus_lvs_realserver_mss]", "Systemd::Service[tcp-mss-clamper]", "Systemd::Syslog[prometheus_ferm_mss]", "Systemd::Syslog[prometheus_lvs_realserver_mss]", "Systemd::Timer::Job[nrpe2nodexp-check_tcp-mss-clamper_status]", "Systemd::Timer::Job[prometheus_ferm_mss]", "Systemd::Timer::Job[prometheus_lvs_realserver_mss]", "Systemd::Timer[nrpe2nodexp-check_tcp-mss-clamper_status]", "Systemd::Timer[prometheus_ferm_mss]", "Systemd::Timer[prometheus_lvs_realserver_mss]", "Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service]", "Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.timer]", "Systemd::Unit[prometheus_ferm_mss.service]", "Systemd::Unit[prometheus_ferm_mss.timer]", "Systemd::Unit[prometheus_lvs_realserver_mss.service]", "Systemd::Unit[prometheus_lvs_realserver_mss.timer]", "Systemd::Unit[tcp-mss-clamper]"], "resource_diffs": [{"resource": "Class[Adduser]", "parameters": "--- Class[Adduser].orig\n+++ Class[Adduser]\n\n@@\n- before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[nginx-full]', 'Package[nginx-common]', 'Package[nfs-kernel-server]', 'Package[nfs-common]', 'Package[rpcbind]', 'Package[rsync]', 'Package[hadoop-client]', 'Package[libhdfs0]', 'Package[liblog4j-extras1.2-java]', 'Package[hadoop-hdfs-fuse]', 'Package[krb5-user]', 'Package[kstart]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[analytics/hdfs-tools/deploy]', 'Package[openjdk-8-jdk]']\n+ before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[nginx-full]', 'Package[nginx-common]', 'Package[nfs-kernel-server]', 'Package[nfs-common]', 'Package[rpcbind]', 'Package[rsync]', 'Package[wikimedia-lvs-realserver]', 'Package[python3-conftool]', 'Package[python3-poolcounter]', 'Package[tcp-mss-clamper]', 'Package[hadoop-client]', 'Package[libhdfs0]', 'Package[liblog4j-extras1.2-java]', 'Package[hadoop-hdfs-fuse]', 'Package[krb5-user]', 'Package[kstart]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[analytics/hdfs-tools/deploy]', 'Package[openjdk-8-jdk]']\n"}, {"resource": "Class[Profile::Apt]", "parameters": "--- Class[Profile::Apt].orig\n+++ Class[Profile::Apt]\n\n@@\n- before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[nginx-full]', 'Package[nginx-common]', 'Package[nfs-kernel-server]', 'Package[nfs-common]', 'Package[rpcbind]', 'Package[rsync]', 'Package[hadoop-client]', 'Package[libhdfs0]', 'Package[liblog4j-extras1.2-java]', 'Package[hadoop-hdfs-fuse]', 'Package[krb5-user]', 'Package[kstart]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[openjdk-8-jdk]']\n+ before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[nginx-full]', 'Package[nginx-common]', 'Package[nfs-kernel-server]', 'Package[nfs-common]', 'Package[rpcbind]', 'Package[rsync]', 'Package[wikimedia-lvs-realserver]', 'Package[python3-conftool]', 'Package[python3-poolcounter]', 'Package[tcp-mss-clamper]', 'Package[hadoop-client]', 'Package[libhdfs0]', 'Package[liblog4j-extras1.2-java]', 'Package[hadoop-hdfs-fuse]', 'Package[krb5-user]', 'Package[kstart]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[openjdk-8-jdk]']\n"}, {"resource": "Class[Base::Sysctl]", "parameters": "--- Class[Base::Sysctl].orig\n+++ Class[Base::Sysctl]\n\n@@\n- all_rp_filter => 1\n+ all_rp_filter => 0\n@@\n- default_rp_filter => 1\n+ default_rp_filter => 0\n"}, {"resource": "Sysctl::Conffile[ubuntu defaults]"}, {"resource": "Sysctl::Parameters[ubuntu defaults]", "parameters": "--- Sysctl::Parameters[ubuntu defaults].orig\n+++ Sysctl::Parameters[ubuntu defaults]\n\n@@\n- values => {'kernel.printk': [4, 4, 1, 7], 'kernel.kptr_restrict': 1, 'net.ipv4.conf.default.rp_filter': 1, 'net.ipv4.conf.all.rp_filter': 1, 'net.ipv4.tcp_syncookies': 1, 'kernel.yama.ptrace_scope': 1, 'fs.protected_hardlinks': 1, 'fs.protected_symlinks': 1, 'vm.mmap_min_addr': 65536}\n+ values => {'kernel.printk': [4, 4, 1, 7], 'kernel.kptr_restrict': 1, 'net.ipv4.conf.default.rp_filter': 0, 'net.ipv4.conf.all.rp_filter': 0, 'net.ipv4.tcp_syncookies': 1, 'kernel.yama.ptrace_scope': 1, 'fs.protected_hardlinks': 1, 'fs.protected_symlinks': 1, 'vm.mmap_min_addr': 65536}\n"}, {"resource": "File[/etc/sysctl.d/51-ubuntu-defaults.conf]", "content": "--- /etc/sysctl.d/51-ubuntu-defaults.conf.orig\n+++ /etc/sysctl.d/51-ubuntu-defaults.conf\n@@ -4,7 +4,7 @@\n kernel.kptr_restrict = 1\n kernel.printk = 4 4 1 7\n kernel.yama.ptrace_scope = 1\n-net.ipv4.conf.all.rp_filter = 1\n-net.ipv4.conf.default.rp_filter = 1\n+net.ipv4.conf.all.rp_filter = 0\n+net.ipv4.conf.default.rp_filter = 0\n net.ipv4.tcp_syncookies = 1\n vm.mmap_min_addr = 65536"}, {"resource": "Class[Profile::Base]", "parameters": "--- Class[Profile::Base].orig\n+++ Class[Profile::Base]\n\n@@\n- rp_filter => True\n+ rp_filter => False\n"}], "perc_changed": "4.32%"}}}