Compilation results for cumin1003.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3681
Resources added:	38
Resources removed:	0
Resources modified:	40
Change percentage:	2.12%

Resources only in the new catalog

Concat_fragment[/etc/rsyncd.conf-header]
Logrotate::Conf[rsync-srv_firmwares]
Concat::Fragment[/etc/rsyncd.conf-header]
Systemd::Unit[rsync-srv_firmwares.timer]
Systemd::Timer::Job[rsync-srv_firmwares]
Class[Rsync::Server::Stunnel]
Systemd::Syslog[rsync-srv_firmwares]
File[/etc/stunnel/rsync.conf]
File_line[enable_stunnel]
Concat[/etc/rsyncd.conf]
Package[rsync]
Class[Rsync::Server]
Service[stunnel4]
Service[rsync-srv_firmwares.timer]
Service[rsync]
Rsync::Quickdatacopy[srv_firmwares]
Class[Profile::Cluster::Management::Firmwares]
Nftables::Service[rsyncd_access_srv_firmwares]
File[/etc/default/rsync]
File[/etc/logrotate.d/rsync-srv_firmwares]
File[/etc/rsyslog.d/40-rsync-srv-firmwares.conf]
Exec[systemd daemon-reload for rsync-srv_firmwares.timer (rsync-srv_firmwares.timer)]
Concat_file[/etc/rsyncd.conf]
Package[stunnel4]
File[/var/log/rsync-srv_firmwares]
Systemd::Timer[rsync-srv_firmwares]
Exec[systemd daemon-reload for rsync-srv_firmwares.service (rsync-srv_firmwares.service)]
Systemd::Unit[rsync-srv_firmwares.service]
Concat_fragment[/etc/rsyncd.conf-srv_firmwares]
Rsync::Server::Module[srv_firmwares]
Rsyslog::Conf[rsync-srv_firmwares]
Concat::Fragment[/etc/rsyncd.conf-srv_firmwares]
Firewall::Service[rsyncd_access_srv_firmwares]
File[/etc/rsync.d]
Systemd::Service[rsync-srv_firmwares]
File[/lib/systemd/system/rsync-srv_firmwares.service]
File[/lib/systemd/system/rsync-srv_firmwares.timer]
File[/etc/nftables/input/10_rsyncd_access_srv_firmwares.nft]

Resources modified

Firewall::Service[rsyncd_access_srv_firmwares]

Parameters differences:

--- Firewall::Service[rsyncd_access_srv_firmwares].orig
+++ Firewall::Service[rsyncd_access_srv_firmwares]

+    desc    => 
+    notrack => False
+    port    => [873, 1873]
+    srange  => ['cumin2002.codfw.wmnet']
+    ensure  => present
+    prio    => 10
+    proto   => tcp

Systemd::Service[rsync-srv_firmwares]

Parameters differences:

--- Systemd::Service[rsync-srv_firmwares].orig
+++ Systemd::Service[rsync-srv_firmwares]

+    monitoring_critical      => False
+    monitoring_contact_group => admins
+    migration_task           => T407130
+    service_params           => {}
+    ensure                   => absent
+    override                 => False
+    restart                  => False
+    monitoring_enabled       => False
+    require                  => Systemd::Unit[rsync-srv_firmwares.service]
+    unit_type                => timer

File[/etc/stunnel/rsync.conf]

Parameters differences:

--- File[/etc/stunnel/rsync.conf].orig
+++ File[/etc/stunnel/rsync.conf]

+    ensure => present
+    group  => root
+    mode   => 0444
+    owner  => root

Content differences:

--- /etc/stunnel/rsync.conf.orig
+++ /etc/stunnel/rsync.conf
@@ -0,0 +1,14 @@
+# This file is managed by puppet
+
+[rsync]
+accept = :::1873
+client = no
+
+CAfile = /var/lib/puppet/ssl/certs/ca.pem
+cert   = /var/lib/puppet/ssl/certs/cumin1003.eqiad.wmnet.pem
+key    = /var/lib/puppet/ssl/private_keys/cumin1003.eqiad.wmnet.pem
+
+verifyChain = yes
+
+exec = /usr/bin/rsync
+execargs = rsync --daemon --config /etc/rsyncd.conf

File[/etc/rsyslog.d/40-rsync-srv-firmwares.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-rsync-srv-firmwares.conf].orig
+++ File[/etc/rsyslog.d/40-rsync-srv-firmwares.conf]

+    group  => root
+    mode   => 0444
+    owner  => root
+    ensure => absent
+    notify => Service[rsyslog]

Content differences:

--- /etc/rsyslog.d/40-rsync-srv-firmwares.conf.orig
+++ /etc/rsyslog.d/40-rsync-srv-firmwares.conf
@@ -0,0 +1,10 @@
+# rsyslog.conf(5) configuration file for services.
+# This file is managed by Puppet.
+if $programname startswith "rsync-srv_firmwares" then {
+    action(
+        type="omfile" file="/var/log/rsync-srv_firmwares/syslog.log"
+        fileOwner="root" fileGroup="root"
+        fileCreateMode="0644"
+    )
+    & stop
+}

Logrotate::Conf[rsync-srv_firmwares]

Parameters differences:

--- Logrotate::Conf[rsync-srv_firmwares].orig
+++ Logrotate::Conf[rsync-srv_firmwares]

+    ensure => absent

File[/etc/logrotate.d/rsync-srv_firmwares]

Parameters differences:

--- File[/etc/logrotate.d/rsync-srv_firmwares].orig
+++ File[/etc/logrotate.d/rsync-srv_firmwares]

+    ensure => absent
+    group  => root
+    mode   => 0444
+    owner  => root

Content differences:

--- /etc/logrotate.d/rsync-srv_firmwares.orig
+++ /etc/logrotate.d/rsync-srv_firmwares
@@ -0,0 +1,12 @@
+# logrotate(8) config for rsync-srv_firmwares
+
+/var/log/rsync-srv_firmwares/*.log {
+    daily
+    copytruncate
+    missingok
+    compress
+    delaycompress
+    notifempty
+    rotate 15
+    size 256M
+}

Service[rsync-srv_firmwares.timer]

Parameters differences:

--- Service[rsync-srv_firmwares.timer].orig
+++ Service[rsync-srv_firmwares.timer]

+    ensure   => stopped
+    before   => ['Exec[systemd daemon-reload for rsync-srv_firmwares.timer (rsync-srv_firmwares.timer)]']
+    enable   => False
+    provider => systemd

Class[Adduser]

Parameters differences:

--- Class[Adduser].orig
+++ Class[Adduser]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[eject]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[clustershell]', 'Package[cumin]', 'Package[python3-dnspython]', 'Package[python3-phabricator]', 'Package[python3-requests]', 'Package[python3-dbg]', 'Package[ipmitool]', 'Package[python3-conftool]', 'Package[python3-conftool-dbctl]', 'Package[etcd-client]', 'Package[spicerack]', 'Package[python3-prettytable]', 'Package[python3-packaging]', 'Package[python3-gitlab]', 'Package[transferpy]', 'Package[python3-aiohttp]', 'Package[python3-cryptography]', 'Package[python3-snappy]', 'Package[python3-scapy]', 'Package[debdeploy-server]', 'Package[httpbb]', 'Package[wmf-mariadb106-client]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[python3-pymysql]', 'Package[python3-tabulate]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-admin]', 'Package[wmfdb-admin]', 'Package[wmfbackups-remote]', 'Package[ripe-atlas-tools]', 'Package[bacula-fd]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[virtualenv]', 'Package[make]']
+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[eject]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[clustershell]', 'Package[cumin]', 'Package[python3-dnspython]', 'Package[python3-phabricator]', 'Package[python3-requests]', 'Package[python3-dbg]', 'Package[ipmitool]', 'Package[python3-conftool]', 'Package[python3-conftool-dbctl]', 'Package[etcd-client]', 'Package[spicerack]', 'Package[python3-prettytable]', 'Package[python3-packaging]', 'Package[python3-gitlab]', 'Package[transferpy]', 'Package[python3-aiohttp]', 'Package[python3-cryptography]', 'Package[python3-snappy]', 'Package[python3-scapy]', 'Package[debdeploy-server]', 'Package[httpbb]', 'Package[wmf-mariadb106-client]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[python3-pymysql]', 'Package[python3-tabulate]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-admin]', 'Package[wmfdb-admin]', 'Package[wmfbackups-remote]', 'Package[ripe-atlas-tools]', 'Package[bacula-fd]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[virtualenv]', 'Package[make]', 'Package[rsync]', 'Package[stunnel4]']

Systemd::Unit[rsync-srv_firmwares.timer]

Parameters differences:

--- Systemd::Unit[rsync-srv_firmwares.timer].orig
+++ Systemd::Unit[rsync-srv_firmwares.timer]

+    unit              => rsync-srv_firmwares.timer
+    override_filename => puppet-override.conf
+    require           => ['Class[Systemd]']
+    ensure            => absent
+    override          => False
+    restart           => False

Rsync::Quickdatacopy[srv_firmwares]

Parameters differences:

--- Rsync::Quickdatacopy[srv_firmwares].orig
+++ Rsync::Quickdatacopy[srv_firmwares]

+    dest_host                  => cumin2002.codfw.wmnet
+    progress                   => False
+    source_host                => cumin1003.eqiad.wmnet
+    ensure                     => present
+    auto_interval              => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    delete                     => True
+    auto_sync                  => True
+    server_uses_stunnel        => True
+    module_path                => /srv/firmware
+    ignore_missing_file_errors => False

Exec[systemd daemon-reload for rsync-srv_firmwares.service (rsync-srv_firmwares.service)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-srv_firmwares.service (rsync-srv_firmwares.service)].orig
+++ Exec[systemd daemon-reload for rsync-srv_firmwares.service (rsync-srv_firmwares.service)]

+    refreshonly => True
+    command     => /bin/systemctl daemon-reload

Exec[systemd daemon-reload for rsync-srv_firmwares.timer (rsync-srv_firmwares.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-srv_firmwares.timer (rsync-srv_firmwares.timer)].orig
+++ Exec[systemd daemon-reload for rsync-srv_firmwares.timer (rsync-srv_firmwares.timer)]

+    refreshonly => True
+    command     => /bin/systemctl daemon-reload

Class[Profile::Cluster::Management::Firmwares]

Parameters differences:

--- Class[Profile::Cluster::Management::Firmwares].orig
+++ Class[Profile::Cluster::Management::Firmwares]

+    dest_host   => cumin2002.codfw.wmnet
+    source_host => cumin1003.eqiad.wmnet

Service[rsync]

Parameters differences:

--- Service[rsync].orig
+++ Service[rsync]

+    ensure    => running
+    enable    => True
+    subscribe => ['Concat[/etc/rsyncd.conf]', 'File[/etc/default/rsync]']
+    require   => Package[rsync]

Concat_fragment[/etc/rsyncd.conf-header]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-header].orig
+++ Concat_fragment[/etc/rsyncd.conf-header]

+    tag    => _etc_rsyncd.conf
+    target => /etc/rsyncd.conf
+    order  => 01

Content differences:

--- /etc/rsyncd.conf-header.orig
+++ /etc/rsyncd.conf-header
@@ -0,0 +1,11 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+uid = nobody
+gid = nogroup
+use chroot = yes
+
+log format = %t %a %m %f %b
+syslog facility = local3
+timeout = 300
+address = 0.0.0.0

Concat[/etc/rsyncd.conf]

Parameters differences:

--- Concat[/etc/rsyncd.conf].orig
+++ Concat[/etc/rsyncd.conf]

+    group          => root
+    path           => /etc/rsyncd.conf
+    backup         => puppet
+    mode           => 0444
+    owner          => root
+    ensure         => present
+    replace        => True
+    order          => alpha
+    force          => False
+    ensure_newline => False
+    format         => plain
+    warn           => False
+    show_diff      => True

Systemd::Timer[rsync-srv_firmwares]

Parameters differences:

--- Systemd::Timer[rsync-srv_firmwares].orig
+++ Systemd::Timer[rsync-srv_firmwares]

+    accuracy           => 15sec
+    unit_name          => rsync-srv_firmwares.service
+    fixed_random_delay => False
+    ensure             => absent
+    timer_intervals    => [{'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}]
+    splay              => 0

File[/etc/rsync.d]

Parameters differences:

--- File[/etc/rsync.d].orig
+++ File[/etc/rsync.d]

+    group   => root
+    recurse => True
+    owner   => root
+    ensure  => absent
+    force   => True
+    purge   => True

File[/lib/systemd/system/rsync-srv_firmwares.timer]

Parameters differences:

--- File[/lib/systemd/system/rsync-srv_firmwares.timer].orig
+++ File[/lib/systemd/system/rsync-srv_firmwares.timer]

+    group  => root
+    mode   => 0444
+    owner  => root
+    ensure => absent
+    notify => Exec[systemd daemon-reload for rsync-srv_firmwares.timer (rsync-srv_firmwares.timer)]

Content differences:

--- /lib/systemd/system/rsync-srv_firmwares.timer.orig
+++ /lib/systemd/system/rsync-srv_firmwares.timer
@@ -0,0 +1,12 @@
+[Unit]
+Description=Periodic execution of rsync-srv_firmwares.service
+
+[Timer]
+Unit=rsync-srv_firmwares.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnCalendar=*-*-* *:00/10:00
+RandomizedDelaySec=0
+
+[Install]
+WantedBy=multi-user.target

Systemd::Timer::Job[rsync-srv_firmwares]

Parameters differences:

--- Systemd::Timer::Job[rsync-srv_firmwares].orig
+++ Systemd::Timer::Job[rsync-srv_firmwares]

+    monitoring_contact_groups => admins
+    command                   => /usr/local/sbin/sync-srv_firmwares
+    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+    ignore_errors             => False
+    environment               => {}
+    success_exit_status       => []
+    monitoring_enabled        => False
+    description               => Transfer data periodically between hosts
+    user                      => root
+    syslog_force_stop         => True
+    send_mail_only_on_error   => True
+    logging_enabled           => True
+    send_mail                 => False
+    logfile_basedir           => /var/log
+    ensure                    => absent
+    logfile_perms             => all
+    interval                  => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    syslog_match_startswith   => True
+    logfile_name              => syslog.log
+    fixed_random_delay        => False
+    private_tmp               => False
+    logfile_group             => root
+    send_mail_to              => root@cumin1003.eqiad.wmnet

File_line[enable_stunnel]

Parameters differences:

--- File_line[enable_stunnel].orig
+++ File_line[enable_stunnel]

+    path     => /etc/default/stunnel4
+    match    => ^ENABLED=
+    multiple => False
+    ensure   => present
+    line     => ENABLED=1  # Managed by puppet

Concat::Fragment[/etc/rsyncd.conf-header]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-header].orig
+++ Concat::Fragment[/etc/rsyncd.conf-header]

+    order  => 01
+    target => /etc/rsyncd.conf

Rsyslog::Conf[rsync-srv_firmwares]

Parameters differences:

--- Rsyslog::Conf[rsync-srv_firmwares].orig
+++ Rsyslog::Conf[rsync-srv_firmwares]

+    ensure   => absent
+    priority => 40
+    mode     => 0444
+    require  => File[/var/log/rsync-srv_firmwares]

Nftables::Service[rsyncd_access_srv_firmwares]

Parameters differences:

--- Nftables::Service[rsyncd_access_srv_firmwares].orig
+++ Nftables::Service[rsyncd_access_srv_firmwares]

+    desc    => 
+    notrack => False
+    port    => [873, 1873]
+    ensure  => present
+    prio    => 10
+    src_ips => ['10.192.32.49', '2620:0:860:103:10:192:32:49']
+    proto   => tcp

Package[stunnel4]

Parameters differences:

--- Package[stunnel4].orig
+++ Package[stunnel4]

+    ensure   => installed
+    provider => apt

File[/var/log/rsync-srv_firmwares]

Parameters differences:

--- File[/var/log/rsync-srv_firmwares].orig
+++ File[/var/log/rsync-srv_firmwares]

+    group  => root
+    backup => False
+    mode   => 0755
+    owner  => root
+    ensure => absent
+    force  => True

File[/etc/nftables/input/10_rsyncd_access_srv_firmwares.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_srv_firmwares.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_srv_firmwares.nft]

+    group  => root
+    mode   => 0444
+    owner  => root
+    ensure => present
+    tag    => nft
+    notify => ['Service[nftables]']

Content differences:

--- /etc/nftables/input/10_rsyncd_access_srv_firmwares.nft.orig
+++ /etc/nftables/input/10_rsyncd_access_srv_firmwares.nft
@@ -0,0 +1,4 @@
+# Managed by puppet
+# 
+ip saddr { 10.192.32.49 } tcp dport { 873, 1873 } accept
+ip6 saddr { 2620:0:860:103:10:192:32:49 } tcp dport { 873, 1873 } accept

File[/etc/default/rsync]

Parameters differences:

--- File[/etc/default/rsync].orig
+++ File[/etc/default/rsync]

+    ensure => present
+    group  => root
+    mode   => 0444
+    owner  => root

Content differences:

--- /etc/default/rsync.orig
+++ /etc/default/rsync
@@ -0,0 +1,46 @@
+#####################################################################
+### THIS FILE IS MANAGED BY PUPPET
+### puppet:///rsync/rsync.default.erb
+#####################################################################
+
+# defaults file for rsync daemon mode
+
+# start rsync in daemon mode from init.d script?
+#  only allowed values are "true", "false", and "inetd"
+#  Use "inetd" if you want to start the rsyncd from inetd,
+#  all this does is prevent the init.d script from printing a message
+#  about not starting rsyncd (you still need to modify inetd's config yourself).
+RSYNC_ENABLE=true
+
+# which file should be used as the configuration file for rsync.
+# This file is used instead of the default /etc/rsyncd.conf
+# Warning: This option has no effect if the daemon is accessed
+#          using a remote shell. When using a different file for
+#          rsync you might want to symlink /etc/rsyncd.conf to
+#          that file.
+RSYNC_CONFIG_FILE=/etc/rsyncd.conf
+
+# what extra options to give rsync --daemon?
+#  that excludes the --daemon; that's always done in the init.d script
+#  Possibilities are:
+#   --address=123.45.67.89		(bind to a specific IP address)
+#   --port=8730				(bind to specified port; default 873)
+RSYNC_OPTS=''
+
+# run rsyncd at a nice level?
+#  the rsync daemon can impact performance due to much I/O and CPU usage,
+#  so you may want to run it at a nicer priority than the default priority.
+#  Allowed values are 0 - 19 inclusive; 10 is a reasonable value.
+RSYNC_NICE=''
+
+# run rsyncd with ionice?
+#  "ionice" does for IO load what "nice" does for CPU load.
+#  As rsync is often used for backups which aren't all that time-critical,
+#  reducing the rsync IO priority will benefit the rest of the system.
+#  See the manpage for ionice for allowed options.
+#  -c3 is recommended, this will run rsync IO at "idle" priority. Uncomment
+#  the next line to activate this.
+# RSYNC_IONICE='-c3'
+
+# Don't forget to create an appropriate config file,
+# else the daemon will not start.

Systemd::Unit[rsync-srv_firmwares.service]

Parameters differences:

--- Systemd::Unit[rsync-srv_firmwares.service].orig
+++ Systemd::Unit[rsync-srv_firmwares.service]

+    unit              => rsync-srv_firmwares.service
+    override_filename => puppet-override.conf
+    require           => ['Class[Systemd]']
+    ensure            => absent
+    override          => False
+    restart           => False

Class[Profile::Apt]

Parameters differences:

--- Class[Profile::Apt].orig
+++ Class[Profile::Apt]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[eject]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[clustershell]', 'Package[cumin]', 'Package[python3-dnspython]', 'Package[python3-phabricator]', 'Package[python3-requests]', 'Package[python3-dbg]', 'Package[ipmitool]', 'Package[python3-conftool]', 'Package[python3-conftool-dbctl]', 'Package[etcd-client]', 'Package[spicerack]', 'Package[python3-prettytable]', 'Package[python3-packaging]', 'Package[python3-gitlab]', 'Package[transferpy]', 'Package[python3-aiohttp]', 'Package[python3-cryptography]', 'Package[python3-snappy]', 'Package[python3-scapy]', 'Package[debdeploy-server]', 'Package[httpbb]', 'Package[wmf-mariadb106-client]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[python3-pymysql]', 'Package[python3-tabulate]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-admin]', 'Package[wmfdb-admin]', 'Package[wmfbackups-remote]', 'Package[ripe-atlas-tools]', 'Package[bacula-fd]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[virtualenv]', 'Package[make]']
+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[eject]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[clustershell]', 'Package[cumin]', 'Package[python3-dnspython]', 'Package[python3-phabricator]', 'Package[python3-requests]', 'Package[python3-dbg]', 'Package[ipmitool]', 'Package[python3-conftool]', 'Package[python3-conftool-dbctl]', 'Package[etcd-client]', 'Package[spicerack]', 'Package[python3-prettytable]', 'Package[python3-packaging]', 'Package[python3-gitlab]', 'Package[transferpy]', 'Package[python3-aiohttp]', 'Package[python3-cryptography]', 'Package[python3-snappy]', 'Package[python3-scapy]', 'Package[debdeploy-server]', 'Package[httpbb]', 'Package[wmf-mariadb106-client]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[python3-pymysql]', 'Package[python3-tabulate]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-admin]', 'Package[wmfdb-admin]', 'Package[wmfbackups-remote]', 'Package[ripe-atlas-tools]', 'Package[bacula-fd]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[virtualenv]', 'Package[make]', 'Package[rsync]', 'Package[stunnel4]']

Concat_fragment[/etc/rsyncd.conf-srv_firmwares]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-srv_firmwares].orig
+++ Concat_fragment[/etc/rsyncd.conf-srv_firmwares]

+    tag    => _etc_rsyncd.conf
+    target => /etc/rsyncd.conf
+    order  => 10

Content differences:

--- /etc/rsyncd.conf-srv_firmwares.orig
+++ /etc/rsyncd.conf-srv_firmwares
@@ -0,0 +1,20 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+[ srv_firmwares ]
+path            = /srv/firmware
+read only       = yes
+write only      = no
+list            = yes
+uid             = 0
+gid             = 0
+use chroot      = yes
+
+
+max connections = 0
+
+
+
+
+hosts allow = cumin2002.codfw.wmnet localhost
+

Package[rsync]

Parameters differences:

--- Package[rsync].orig
+++ Package[rsync]

+    ensure   => installed
+    provider => apt

Service[stunnel4]

Parameters differences:

--- Service[stunnel4].orig
+++ Service[stunnel4]

+    ensure    => running
+    enable    => True
+    subscribe => ['Concat[/etc/rsyncd.conf]', 'File[/etc/default/rsync]', 'File[/etc/stunnel/rsync.conf]', 'File_line[enable_stunnel]', 'Package[stunnel4]']

Systemd::Syslog[rsync-srv_firmwares]

Parameters differences:

--- Systemd::Syslog[rsync-srv_firmwares].orig
+++ Systemd::Syslog[rsync-srv_firmwares]

+    log_filename           => syslog.log
+    group                  => root
+    programname_comparison => startswith
+    owner                  => root
+    ensure                 => absent
+    force_stop             => True
+    base_dir               => /var/log
+    readable_by            => all

Concat_file[/etc/rsyncd.conf]

Parameters differences:

--- Concat_file[/etc/rsyncd.conf].orig
+++ Concat_file[/etc/rsyncd.conf]

+    group          => root
+    backup         => puppet
+    mode           => 0444
+    owner          => root
+    tag            => _etc_rsyncd.conf
+    replace        => True
+    order          => alpha
+    ensure_newline => False
+    format         => plain
+    force          => False
+    show_diff      => True

File[/lib/systemd/system/rsync-srv_firmwares.service]

Parameters differences:

--- File[/lib/systemd/system/rsync-srv_firmwares.service].orig
+++ File[/lib/systemd/system/rsync-srv_firmwares.service]

+    group  => root
+    mode   => 0444
+    owner  => root
+    ensure => absent
+    notify => Exec[systemd daemon-reload for rsync-srv_firmwares.service (rsync-srv_firmwares.service)]

Content differences:

--- /lib/systemd/system/rsync-srv_firmwares.service.orig
+++ /lib/systemd/system/rsync-srv_firmwares.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Transfer data periodically between hosts
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/local/sbin/sync-srv_firmwares

Class[Rsync::Server]

Parameters differences:

--- Class[Rsync::Server].orig
+++ Class[Rsync::Server]

+    rsyncd_conf    => {}
+    address        => 0.0.0.0
+    ensure_service => running
+    timeout        => 300
+    use_chroot     => yes
+    rsync_opts     => []

Concat::Fragment[/etc/rsyncd.conf-srv_firmwares]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-srv_firmwares].orig
+++ Concat::Fragment[/etc/rsyncd.conf-srv_firmwares]

+    order  => 10
+    target => /etc/rsyncd.conf

Rsync::Server::Module[srv_firmwares]

Parameters differences:

--- Rsync::Server::Module[srv_firmwares].orig
+++ Rsync::Server::Module[srv_firmwares]

+    path            => /srv/firmware
+    auto_firewall   => True
+    ensure          => present
+    list            => yes
+    lock_file       => /var/run/rsyncd.lock
+    gid             => 0
+    chroot          => True
+    uid             => 0
+    qos_low         => False
+    read_only       => yes
+    hosts_allow     => ['cumin2002.codfw.wmnet']
+    max_connections => 0
+    write_only      => no

Class[Rsync::Server::Stunnel]

Parameters differences:

--- Class[Rsync::Server::Stunnel].orig
+++ Class[Rsync::Server::Stunnel]

+    ensure         => present
+    ensure_service => running

Compilation results for cumin1003.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files