--- Class[Profile::Apt].orig
+++ Class[Profile::Apt]
@@
- before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[python3-novaclient]', 'Package[python3-glanceclient]', 'Package[python3-keystoneauth1]', 'Package[python3-keystoneclient]', 'Package[python3-openstackclient]', 'Package[python3-troveclient]', 'Package[python3-designateclient]', 'Package[python3-neutronclient]', 'Package[python3-osc-placement]', 'Package[python3-tenacity]', 'Package[patch]', 'Package[libapache2-mod-auth-openidc]', 'Package[apache2]', 'Package[links]', 'Package[keystone]', 'Package[alembic]', 'Package[ldapvi]', 'Package[python3-ldappool]', 'Package[python3-ldap3]', 'Package[ruby-net-ldap]', 'Package[python3-mwclient]', 'Package[libvirt-clients]', 'Package[python3-pytest]', 'Package[neutron-common]', 'Package[neutron-api]', 'Package[neutron-server]', 'Package[glance]', 'Package[placement-api]', 'Package[cinder-api]', 'Package[cinder-scheduler]', 'Package[cinder-volume]', 'Package[tgt]', 'Package[python3-trove]', 'Package[trove-common]', 'Package[trove-api]', 'Package[trove-taskmanager]', 'Package[trove-conductor]', 'Package[python3-sqlalchemy]', 'Package[designate-sink]', 'Package[designate-common]', 'Package[designate-mdns]', 'Package[designate]', 'Package[designate-api]', 'Package[designate-doc]', 'Package[designate-central]', 'Package[python3-git]', 'Package[mcrouter]', 'Package[radosgw]', 'Package[ceph-common]', 'Package[fio]', 'Package[heat-api]', 'Package[heat-api-cfn]', 'Package[heat-engine]', 'Package[magnum-api]', 'Package[magnum-conductor]', 'Package[unzip]', 'Package[bridge-utils]', 'Package[nova-common]', 'Package[nova-conductor]', 'Package[nova-scheduler]', 'Package[nova-api]', 'Package[octavia-api]', 'Package[octavia-health-manager]', 'Package[octavia-housekeeping]', 'Package[octavia-worker]', 'Package[python3-octavia]', 'Package[python3-octaviaclient]', 'Package[ldap-utils]', 'Package[memcached]', 'Package[liburi-perl]', 'Package[mariadb-server]', 'Package[mariadb-backup]', 'Package[galera-4]', 'Package[python3-pymysql]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[vlan]', 'Package[prometheus-openstack-exporter]', 'Package[rsync]', 'Package[prometheus-memcached-exporter]', 'Package[prometheus-mysqld-exporter]', 'Package[bacula-fd]', 'Package[bacula-common]', 'Package[tofu]']
+ before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[atop]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[python3-novaclient]', 'Package[python3-glanceclient]', 'Package[python3-keystoneauth1]', 'Package[python3-keystoneclient]', 'Package[python3-openstackclient]', 'Package[python3-troveclient]', 'Package[python3-designateclient]', 'Package[python3-neutronclient]', 'Package[python3-osc-placement]', 'Package[python3-tenacity]', 'Package[patch]', 'Package[libapache2-mod-auth-openidc]', 'Package[apache2]', 'Package[links]', 'Package[keystone]', 'Package[alembic]', 'Package[ldapvi]', 'Package[python3-ldappool]', 'Package[python3-ldap3]', 'Package[ruby-net-ldap]', 'Package[python3-mwclient]', 'Package[libvirt-clients]', 'Package[python3-pytest]', 'Package[neutron-common]', 'Package[neutron-api]', 'Package[neutron-server]', 'Package[glance]', 'Package[placement-api]', 'Package[cinder-api]', 'Package[cinder-scheduler]', 'Package[cinder-volume]', 'Package[tgt]', 'Package[python3-trove]', 'Package[trove-common]', 'Package[trove-api]', 'Package[trove-taskmanager]', 'Package[trove-conductor]', 'Package[python3-sqlalchemy]', 'Package[designate-sink]', 'Package[designate-common]', 'Package[designate-mdns]', 'Package[designate]', 'Package[designate-api]', 'Package[designate-doc]', 'Package[designate-central]', 'Package[python3-git]', 'Package[zookeeper]', 'Package[zookeeperd]', 'Package[radosgw]', 'Package[ceph-common]', 'Package[fio]', 'Package[heat-api]', 'Package[heat-api-cfn]', 'Package[heat-engine]', 'Package[magnum-api]', 'Package[magnum-conductor]', 'Package[unzip]', 'Package[bridge-utils]', 'Package[nova-common]', 'Package[nova-conductor]', 'Package[nova-scheduler]', 'Package[nova-api]', 'Package[octavia-api]', 'Package[octavia-health-manager]', 'Package[octavia-housekeeping]', 'Package[octavia-worker]', 'Package[python3-octavia]', 'Package[python3-octaviaclient]', 'Package[ldap-utils]', 'Package[memcached]', 'Package[liburi-perl]', 'Package[mariadb-server]', 'Package[mariadb-backup]', 'Package[galera-4]', 'Package[python3-pymysql]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[vlan]', 'Package[prometheus-openstack-exporter]', 'Package[rsync]', 'Package[prometheus-jmx-exporter]', 'Package[openjdk-21-jdk]', 'Package[prometheus-memcached-exporter]', 'Package[prometheus-mysqld-exporter]', 'Package[bacula-fd]', 'Package[bacula-common]', 'Package[tofu]']
File[/etc/zookeeper/conf/zoo.cfg]
- Parameters differences:
--- File[/etc/zookeeper/conf/zoo.cfg].orig
+++ File[/etc/zookeeper/conf/zoo.cfg]
+ group => root
+ require => Package[zookeeper]
+ owner => root
- Content differences:
--- /etc/zookeeper/conf/zoo.cfg.orig
+++ /etc/zookeeper/conf/zoo.cfg
@@ -0,0 +1,65 @@
+# Note: This file is managed by Puppet.
+
+# http://hadoop.apache.org/zookeeper/docs/current/zookeeperAdmin.html
+
+# https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html#sc_zkCommands
+# T365400 Really we should check zk version >= 3.4.10 but for now just check os
+4lw.commands.whitelist=*
+
+# specify all zookeeper servers
+# The first port is used by followers to connect to the leader
+# The second one is used for leader election
+server.1006=cloudcontrol1006.private.eqiad.wikimedia.cloud:2182:2183
+server.1007=cloudcontrol1007.private.eqiad.wikimedia.cloud:2182:2183
+server.1011=cloudcontrol1011.private.eqiad.wikimedia.cloud:2182:2183
+
+# the port at which the clients will connect
+clientPort=2181
+
+# the directory where the snapshot is stored.
+dataDir=/var/lib/zookeeper
+
+# Place the dataLogDir to a separate physical disc for better performance
+# dataLogDir=/disk2/zookeeper
+
+
+# The maximum number of connections per IP, 0 == unlimited
+maxClientCnxns=1024
+
+# The number of milliseconds of each tick.
+tickTime=2000
+
+# The number of ticks that the initial
+# synchronization phase can take.
+initLimit=10
+
+# The number of ticks that can pass between
+# sending a request and getting an acknowledgement
+syncLimit=8
+
+# To avoid seeks ZooKeeper allocates space in the transaction log file in
+# blocks of preAllocSize kilobytes. The default block size is 64M. One reason
+# for changing the size of the blocks is to reduce the block size if snapshots
+# are taken more often. (Also, see snapCount).
+#preAllocSize=65536
+
+# Clients can submit requests faster than ZooKeeper can process them,
+# especially if there are a lot of clients. To prevent ZooKeeper from running
+# out of memory due to queued requests, ZooKeeper will throttle clients so that
+# there is no more than globalOutstandingLimit outstanding requests in the
+# system. The default limit is 1,000.ZooKeeper logs transactions to a
+# transaction log. After snapCount transactions are written to a log file a
+# snapshot is started and a new transaction log file is started. The default
+# snapCount is 10,000.
+#snapCount=1000
+
+# If this option is defined, requests will be will logged to a trace file named
+# traceFile.year.month.day.
+#traceFile=
+
+# Leader accepts client connections. Default value is "yes". The leader machine
+# coordinates updates. For higher update throughput at thes slight expense of
+# read throughput the leader can be configured to not accept clients and focus
+# on coordination.
+#leaderServes=yes
+
- Class[Zookeeper::Server]
- Parameters differences:
--- Class[Zookeeper::Server].orig
+++ Class[Zookeeper::Server]
+ cleanup_timer_deploy => True
+ log4j_template => profile/zookeeper/log4j.properties.erb
+ jmx_port => 9998
+ default_template => profile/zookeeper/zookeeper.default.erb
+ cleanup_script_args => -n 10
+ java_home => /usr/lib/jvm/java-21-openjdk-amd64
+ cleanup_script => /usr/share/zookeeper/bin/zkCleanup.sh
+ zookeeper_id => 1011
+ java_opts => -Xms1g -Xmx1g -javaagent:/usr/share/java/prometheus/jmx_prometheus_javaagent.jar=10.64.151.8:12181:/etc/prometheus/jvm_zookeeper_jmx_exporter.yaml
+ enable_tls => False
- File[/etc/logrotate.d/mcrouter]
- Parameters differences:
--- File[/etc/logrotate.d/mcrouter].orig
+++ File[/etc/logrotate.d/mcrouter]
- group => root
- owner => root
- ensure => present
- mode => 0444
- Content differences:
--- /etc/logrotate.d/mcrouter.orig
+++ /etc/logrotate.d/mcrouter
@@ -1,15 +0,0 @@
-# This file is managed by Puppet.
-# puppet:///logrotate/logrotate.erb
-
-/var/log/mcrouter.log {
- notifempty
- daily
- rotate 7
- compress
- delaycompress
- missingok
- sharedscripts
- postrotate
- service rsyslog rotate >/dev/null 2>&1 || true
- endscript
-}
- File[/etc/rsyslog.d/20-mcrouter.conf]
- Parameters differences:
--- File[/etc/rsyslog.d/20-mcrouter.conf].orig
+++ File[/etc/rsyslog.d/20-mcrouter.conf]
- group => root
- owner => root
- source => puppet:///modules/mcrouter/mcrouter.rsyslog.conf
- ensure => present
- notify => Service[rsyslog]
- mode => 0444
- Logrotate::Rule[mcrouter]
- Parameters differences:
--- Logrotate::Rule[mcrouter].orig
+++ Logrotate::Rule[mcrouter]
- not_if_empty => True
- file_glob => /var/log/mcrouter.log
- ensure => present
- compress => True
- frequency => daily
- rotate => 7
- date_yesterday => False
- date_ext => False
- no_create => False
- missing_ok => True
- post_rotate => ['service rsyslog rotate >/dev/null 2>&1 || true']
- copy_truncate => False
- Class[Java]
- Parameters differences:
--- Class[Java].orig
+++ Class[Java]
+ require => Package[wmf-certificates]
+ hardened_tls => False
+ before => ['Java::Cacert[wmf:puppetca.pem]', 'Java::Cacert[wmf:Wikimedia_Internal_Root_CA]', 'Java::Cacert[wmf:puppetca.pem]', 'Java::Cacert[wmf:Wikimedia_Internal_Root_CA]']
+ egd_source => /dev/random
+ java_packages => [{'version': '21', 'variant': 'jdk'}]
+ enable_dbg => False
- Alternatives::Java[21]
- Parameters differences:
--- Alternatives::Java[21].orig
+++ Alternatives::Java[21]
+ require => Java::Package[openjdk-jdk-21]
- Systemd::Timer::Job[zookeeper-cleanup]
- Parameters differences:
--- Systemd::Timer::Job[zookeeper-cleanup].orig
+++ Systemd::Timer::Job[zookeeper-cleanup]
+ monitoring_enabled => False
+ require => Service[zookeeper]
+ logging_enabled => True
+ monitoring_contact_groups => admins
+ private_tmp => False
+ syslog_force_stop => True
+ syslog_match_startswith => True
+ logfile_name => syslog.log
+ send_mail => False
+ command => /usr/share/zookeeper/bin/zkCleanup.sh -n 10
+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+ send_mail_to => root@cloudcontrol1011.eqiad.wmnet
+ logfile_perms => all
+ send_mail_only_on_error => True
+ description => Regular jobs for running the cleanup script
+ interval => {'start': 'OnCalendar', 'interval': '*-*-* 0:10:00'}
+ ignore_errors => False
+ user => zookeeper
+ success_exit_status => []
+ logfile_basedir => /var/log
+ ensure => present
+ fixed_random_delay => False
+ logfile_group => root
+ environment => {}
- Systemd::Syslog[zookeeper-cleanup]
- Parameters differences:
--- Systemd::Syslog[zookeeper-cleanup].orig
+++ Systemd::Syslog[zookeeper-cleanup]
+ group => root
+ owner => zookeeper
+ log_filename => syslog.log
+ readable_by => all
+ ensure => present
+ force_stop => True
+ programname_comparison => startswith
+ base_dir => /var/log
- Rsyslog::Conf[zookeeper-cleanup]
- Parameters differences:
--- Rsyslog::Conf[zookeeper-cleanup].orig
+++ Rsyslog::Conf[zookeeper-cleanup]
+ require => File[/var/log/zookeeper-cleanup]
+ ensure => present
+ priority => 40
+ mode => 0444
- Service[zookeeper]
- Parameters differences:
--- Service[zookeeper].orig
+++ Service[zookeeper]
+ require => ['Package[zookeeperd]', 'File[/var/lib/zookeeper]', 'File[/var/lib/zookeeper/myid]', 'File[/etc/default/zookeeper]', 'File[/etc/zookeeper/conf/zoo.cfg]', 'File[/etc/zookeeper/conf/myid]', 'File[/etc/zookeeper/conf/log4j.properties]']
+ hasrestart => True
+ ensure => running
+ hasstatus => True
- Exec[java__cacert_wmf:puppetca.pem]
- Parameters differences:
--- Exec[java__cacert_wmf:puppetca.pem].orig
+++ Exec[java__cacert_wmf:puppetca.pem]
+ user => root
+ command => /usr/bin/keytool -import -trustcacerts -noprompt -cacerts -file /etc/ssl/certs/Puppet_Internal_CA.pem -storepass changeit -alias wmf:puppetca.pem
+ group => root
+ unless => /usr/bin/keytool -list -cacerts -noprompt -storepass changeit -alias wmf:puppetca.pem
- Class[Profile::Openstack::Eqiad1::Designate::Service]
- Parameters differences:
--- Class[Profile::Openstack::Eqiad1::Designate::Service].orig
+++ Class[Profile::Openstack::Eqiad1::Designate::Service]
- mcrouter_port => 11213
- File[/etc/designate/designate.conf]
- Content differences:
--- /etc/designate/designate.conf.orig
+++ /etc/designate/designate.conf
@@ -291,7 +291,7 @@
# Each designate host just talks to the local mcrouter instance; this instance
# is part of a pool that includes the other designate hosts.
#
-backend_url = memcached://localhost:11213
+backend_url = zookeeper://cloudcontrol1006.private.eqiad.wikimedia.cloud:2181?hosts=cloudcontrol1007.private.eqiad.wikimedia.cloud:2181,cloudcontrol1011.private.eqiad.wikimedia.cloud:2181
[service:worker]
#workers = None
- Class[Profile::Openstack::Base::Designate::Service]
- Parameters differences:
--- Class[Profile::Openstack::Base::Designate::Service].orig
+++ Class[Profile::Openstack::Base::Designate::Service]
- tooz_backend => mcrouter
- mcrouter_port => 11213