Compilation results for backup2014.codfw.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	2844
Resources added:	57
Resources removed:	4
Resources modified:	76
Change percentage:	4.82%

Resources only in the new catalog

File[/etc/bacula/bacula-sd.conf]
Concat_file[/etc/bacula/sd/ssl/cert.pem]
Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.service (nrpe2nodexp-bacula_sd.service)]
File[/etc/rsyslog.d/25-nrpe2nodexp-bacula-sd.conf]
File[/srv/bacula/es-readonly]
Motd::Message[backup::es]
Service[bacula-sd]
Concat[/etc/bacula/sd/ssl/cert.pem]
Class[Profile::Backup::Storage::Es]
File[/etc/bacula/sd/ssl/server-keypair.pem]
Nrpe::Monitor_service[bacula_sd]
File[/etc/bacula/sd/ssl]
Monitoring::Service[bacula_sd]
File[/etc/bacula/sd/ssl/server.p12]
Class[Profile::Backup::Storage::Common]
File[/etc/bacula/sd-devices.d/FileStorageEsRoCodfw.conf]
File[/etc/ferm/conf.d/10_bacula_storage_demon]
Puppet::Expose_agent_certs[/etc/bacula/sd]
Nftables::Service[bacula-storage-demon]
File[/etc/bacula/sd]
Rsyslog::Conf[nrpe2nodexp-bacula_sd]
File[/etc/update-motd.d/05-backup--es]
Concat::Fragment[/etc/bacula/sd_puppet_agent_cert]
File[/srv/bacula/es-readwrite]
Motd::Script[backup::es]
Systemd::Unit[nrpe2nodexp-bacula_sd.timer]
Bacula::Storage::Device[FileStorageEsRwCodfw]
File[/etc/bacula/sd-devices.d/FileStorageEsRwCodfw.conf]
Service[nrpe2nodexp-bacula_sd.timer]
Systemd::Timer::Job[nrpe2nodexp-bacula_sd]
Sslcert::X509_to_pkcs12[puppet::expose_agent_cert: /etc/bacula/sd]
File[/srv/bacula]
Systemd::Unit[nrpe2nodexp-bacula_sd.service]
File[/etc/bacula/sd-devices.d]
File[/lib/systemd/system/nrpe2nodexp-bacula_sd.service]
Concat_fragment[/etc/bacula/sd_puppet_ca_chain]
Class[Bacula::Storage]
Firewall::Service[bacula-storage-demon]
Concat_fragment[/etc/bacula/sd_puppet_agent_cert]
File[/var/lib/prometheus/node.d/check_bacula_sd.prom]
Bacula::Storage::Device[FileStorageEsRoCodfw]
Systemd::Timer[nrpe2nodexp-bacula_sd]
Sudo::User[nrpe-check_bacula_sd]
Package[bacula-sd]
Systemd::Service[nrpe2nodexp-bacula_sd]
Concat::Fragment[/etc/bacula/sd_puppet_ca_chain]
Nrpe::Check[check_bacula_sd]
Ferm::Service[bacula_storage_demon]
File[/etc/bacula/sd/ssl/server.key]
File[/etc/sudoers.d/nrpe-check_bacula_sd]
Exec[create-/etc/bacula/sd-keypair]
Class[Role::Backup::Es]
Prometheus::Alert::Rule[check_bacula_sd_4d3ab0ef8aa01b04270054b3d1d3c587]
Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.timer (nrpe2nodexp-bacula_sd.timer)]
File[/etc/nagios/nrpe.d/check_bacula_sd.cfg]
Monitoring::Exported_nagios_service[backup2014 bacula_sd]
File[/lib/systemd/system/nrpe2nodexp-bacula_sd.timer]

Resources only in the old catalog

Motd::Message[insetup::data_persistence_ferm]
File[/etc/update-motd.d/05-insetup--data-persistence-ferm]
Class[Role::Insetup::Data_persistence_ferm]
Motd::Script[insetup::data_persistence_ferm]

Resources modified

Class[Profile::Base::Production]

Parameters differences:

--- Class[Profile::Base::Production].orig
+++ Class[Profile::Base::Production]

@@
-    role_description => Host being setup by Data Persistence SREs
+    role_description => External Storage database backups

File[/etc/rsyslog.d/25-nrpe2nodexp-bacula-sd.conf]

Parameters differences:

--- File[/etc/rsyslog.d/25-nrpe2nodexp-bacula-sd.conf].orig
+++ File[/etc/rsyslog.d/25-nrpe2nodexp-bacula-sd.conf]

+    owner  => root
+    ensure => absent
+    mode   => 0444
+    group  => root
+    notify => Service[rsyslog]

Content differences:

--- /etc/rsyslog.d/25-nrpe2nodexp-bacula-sd.conf.orig
+++ /etc/rsyslog.d/25-nrpe2nodexp-bacula-sd.conf
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+if $programname contains "nrpe2nodexp-bacula_sd" then {
+    if ($msg contains "\"ecs.version\": \"1.7.0\"") then {
+        # Send logs to kafka
+        set $.log_outputs = "kafka ecs_170 local";
+    } else {
+        # Filter out non-relevant nrpe2nodexp messages
+        stop
+    }
+}

Class[Profile::Base]

Parameters differences:

--- Class[Profile::Base].orig
+++ Class[Profile::Base]

@@
-    cluster => insetup
+    cluster => backup

Concat_fragment[/etc/bacula/sd_puppet_agent_cert]

Parameters differences:

--- Concat_fragment[/etc/bacula/sd_puppet_agent_cert].orig
+++ Concat_fragment[/etc/bacula/sd_puppet_agent_cert]

+    order  => 01
+    tag    => _etc_bacula_sd_ssl_cert.pem
+    source => /var/lib/puppet/ssl/certs/backup2014.codfw.wmnet.pem
+    target => /etc/bacula/sd/ssl/cert.pem

Nrpe::Check[check_bacula_sd]

Parameters differences:

--- Nrpe::Check[check_bacula_sd].orig
+++ Nrpe::Check[check_bacula_sd]

+    ensure  => present
+    before  => Monitoring::Service[bacula_sd]
+    command => /usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u bacula -C bacula-sd

File[/lib/systemd/system/nrpe2nodexp-bacula_sd.timer]

Parameters differences:

--- File[/lib/systemd/system/nrpe2nodexp-bacula_sd.timer].orig
+++ File[/lib/systemd/system/nrpe2nodexp-bacula_sd.timer]

+    owner  => root
+    ensure => absent
+    mode   => 0444
+    group  => root
+    notify => Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.timer (nrpe2nodexp-bacula_sd.timer)]

Content differences:

--- /lib/systemd/system/nrpe2nodexp-bacula_sd.timer.orig
+++ /lib/systemd/system/nrpe2nodexp-bacula_sd.timer
@@ -0,0 +1,14 @@
+[Unit]
+Description=Periodic execution of nrpe2nodexp-bacula_sd.service
+
+[Timer]
+Unit=nrpe2nodexp-bacula_sd.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnUnitInactiveSec=1min
+OnActiveSec=1s
+RandomizedDelaySec=60
+FixedRandomDelay=true
+
+[Install]
+WantedBy=multi-user.target

Monitoring::Exported_nagios_service[backup2014 ssh]

Parameters differences:

--- Monitoring::Exported_nagios_service[backup2014 ssh].orig
+++ Monitoring::Exported_nagios_service[backup2014 ssh]

@@
-    notifications_enabled => 0
+    notifications_enabled => 1
@@
-    servicegroups         => insetup_codfw
+    servicegroups         => backup_codfw

Systemd::Service[nrpe2nodexp-bacula_sd]

Parameters differences:

--- Systemd::Service[nrpe2nodexp-bacula_sd].orig
+++ Systemd::Service[nrpe2nodexp-bacula_sd]

+    override                 => False
+    monitoring_contact_group => admins
+    monitoring_critical      => False
+    service_params           => {}
+    require                  => Systemd::Unit[nrpe2nodexp-bacula_sd.service]
+    ensure                   => absent
+    unit_type                => timer
+    restart                  => False
+    migration_task           => T407130
+    monitoring_enabled       => False

Nrpe::Monitor_service[bacula_sd]

Parameters differences:

--- Nrpe::Monitor_service[bacula_sd].orig
+++ Nrpe::Monitor_service[bacula_sd]

+    alertmanager_team           => observability
+    enable_nrpe2nodexp          => False
+    critical                    => False
+    check_interval              => 1
+    contact_group               => admins
+    notes_url                   => https://wikitech.wikimedia.org/wiki/Bacula
+    nrpe_command                => /usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u bacula -C bacula-sd
+    nrpe2nodexp_parse_perf_data => False
+    ensure                      => present
+    timeout                     => 10
+    retry_interval              => 1
+    migration_task              => T357099
+    enable_icinga_check         => True
+    description                 => bacula sd process
+    retries                     => 3

Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.service (nrpe2nodexp-bacula_sd.service)]

Parameters differences:

--- Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.service (nrpe2nodexp-bacula_sd.service)].orig
+++ Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.service (nrpe2nodexp-bacula_sd.service)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True

File[/etc/bacula/sd/ssl/server.p12]

Parameters differences:

--- File[/etc/bacula/sd/ssl/server.p12].orig
+++ File[/etc/bacula/sd/ssl/server.p12]

+    owner  => bacula
+    ensure => absent
+    mode   => 0440
+    group  => bacula

File[/etc/bacula/sd-devices.d]

Parameters differences:

--- File[/etc/bacula/sd-devices.d].orig
+++ File[/etc/bacula/sd-devices.d]

+    owner   => bacula
+    recurse => True
+    force   => True
+    purge   => True
+    mode    => 0550
+    require => File[/etc/bacula/bacula-sd.conf]
+    ensure  => directory
+    group   => tape

Concat::Fragment[main contacts]

Systemd::Timer[nrpe2nodexp-bacula_sd]

Parameters differences:

--- Systemd::Timer[nrpe2nodexp-bacula_sd].orig
+++ Systemd::Timer[nrpe2nodexp-bacula_sd]

+    timer_intervals    => [{'start': 'OnUnitInactiveSec', 'interval': '1min'}, {'interval': '1s', 'start': 'OnActiveSec'}]
+    unit_name          => nrpe2nodexp-bacula_sd.service
+    ensure             => absent
+    splay              => 60
+    accuracy           => 15sec
+    fixed_random_delay => True

Package[bacula-sd]

Parameters differences:

--- Package[bacula-sd].orig
+++ Package[bacula-sd]

+    ensure   => installed
+    provider => apt

File[/etc/nagios/nrpe.d/check_bacula_sd.cfg]

Parameters differences:

--- File[/etc/nagios/nrpe.d/check_bacula_sd.cfg].orig
+++ File[/etc/nagios/nrpe.d/check_bacula_sd.cfg]

+    owner   => root
+    ensure  => present
+    mode    => 0444
+    group   => root
+    tag     => nrpe::check
+    notify  => Service[nagios-nrpe-server]
+    require => Package[nagios-nrpe-server]

Content differences:

--- /etc/nagios/nrpe.d/check_bacula_sd.cfg.orig
+++ /etc/nagios/nrpe.d/check_bacula_sd.cfg
@@ -0,0 +1,2 @@
+# File generated by puppet. DO NOT edit by hand
+command[check_bacula_sd]=/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u bacula -C bacula-sd

Monitoring::Exported_nagios_service[backup2014 bacula_sd]

Parameters differences:

--- Monitoring::Exported_nagios_service[backup2014 bacula_sd].orig
+++ Monitoring::Exported_nagios_service[backup2014 bacula_sd]

+    notification_period    => 24x7
+    contact_groups         => admins
+    is_volatile            => 0
+    ensure                 => present
+    passive_checks_enabled => 1
+    check_freshness        => 0
+    active_checks_enabled  => 1
+    check_period           => 24x7
+    notification_options   => c,r,f
+    service_description    => bacula sd process
+    check_interval         => 1
+    notification_interval  => 0
+    notes_url              => https://wikitech.wikimedia.org/wiki/Bacula
+    check_command          => nrpe_check!check_bacula_sd!10
+    host_name              => backup2014
+    max_check_attempts     => 3
+    retry_interval         => 1
+    notifications_enabled  => 1
+    servicegroups          => backup_codfw

Ferm::Service[bacula_storage_demon]

Parameters differences:

--- Ferm::Service[bacula_storage_demon].orig
+++ Ferm::Service[bacula_storage_demon]

+    unrestricted_access => False
+    proto               => tcp
+    desc                => 
+    ensure              => present
+    prio                => 10
+    src_sets            => ['PRODUCTION_NETWORKS']
+    notrack             => False
+    port                => 9103

Class[Bacula::Storage]

Parameters differences:

--- Class[Bacula::Storage].orig
+++ Class[Bacula::Storage]

+    director           => backup1014.eqiad.wmnet
+    sd_port            => 9103
+    sqlvariant         => mysql
+    directorpassword   => 1eedc784c24dbaf5d191a6a47329af0e61259c06
+    sd_max_concur_jobs => 5

Monitoring::Exported_nagios_host[backup2014]

Parameters differences:

--- Monitoring::Exported_nagios_host[backup2014].orig
+++ Monitoring::Exported_nagios_host[backup2014]

@@
-    hostgroups            => insetup_codfw,lsw1-b3-codfw
+    hostgroups            => backup_codfw,lsw1-b3-codfw
@@
-    notifications_enabled => 0
+    notifications_enabled => 1

Bacula::Storage::Device[FileStorageEsRwCodfw]

Parameters differences:

--- Bacula::Storage::Device[FileStorageEsRwCodfw].orig
+++ Bacula::Storage::Device[FileStorageEsRwCodfw]

+    archive_device  => /srv/bacula/es-readwrite
+    media_type      => File
+    max_concur_jobs => 2
+    device_type     => File
+    require         => File[/srv/bacula/es-readwrite]

File[/etc/bacula/sd]

Parameters differences:

--- File[/etc/bacula/sd].orig
+++ File[/etc/bacula/sd]

+    owner   => bacula
+    ensure  => directory
+    group   => tape
+    mode    => 0550
+    require => Package[bacula-sd]

Class[Profile::Contacts]

Parameters differences:

--- Class[Profile::Contacts].orig
+++ Class[Profile::Contacts]

@@
-    cluster => insetup
+    cluster => backup

Concat_fragment[main contacts]

Content differences:

--- main contacts.orig
+++ main contacts
@@ -1,3 +1,3 @@
 ---
-role::insetup::data_persistence_ferm:
+role::backup::es:
 - Data Persistence

File[/etc/sudoers.d/nrpe-check_bacula_sd]

Parameters differences:

--- File[/etc/sudoers.d/nrpe-check_bacula_sd].orig
+++ File[/etc/sudoers.d/nrpe-check_bacula_sd]

+    owner   => root
+    ensure  => absent
+    require => Package[nagios-nrpe-server]
+    group   => root

Class[Profile::Apt]

Parameters differences:

--- Class[Profile::Apt].orig
+++ Class[Profile::Apt]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']
+    before => ['Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-sd]', 'Package[confd]', 'Package[python3-toml]', 'Package[python3-click]', 'Package[python3-box]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]']

Concat_file[/etc/bacula/sd/ssl/cert.pem]

Parameters differences:

--- Concat_file[/etc/bacula/sd/ssl/cert.pem].orig
+++ Concat_file[/etc/bacula/sd/ssl/cert.pem]

+    ensure_newline => False
+    show_diff      => True
+    order          => alpha
+    tag            => _etc_bacula_sd_ssl_cert.pem
+    force          => False
+    format         => plain
+    mode           => 0644
+    backup         => puppet
+    replace        => True

File[/etc/update-motd.d/05-insetup--data-persistence-ferm]

Parameters differences:

--- File[/etc/update-motd.d/05-insetup--data-persistence-ferm].orig
+++ File[/etc/update-motd.d/05-insetup--data-persistence-ferm]

-    owner  => root
-    ensure => present
-    mode   => 0555
-    group  => root

Content differences:

--- /etc/update-motd.d/05-insetup--data-persistence-ferm.orig
+++ /etc/update-motd.d/05-insetup--data-persistence-ferm
@@ -1,2 +0,0 @@
-#!/bin/sh
-printf "%s\n" "backup2014 is a Host being setup by Data Persistence SREs (insetup::data_persistence_ferm)"

Concat_fragment[/etc/bacula/sd_puppet_ca_chain]

Parameters differences:

--- Concat_fragment[/etc/bacula/sd_puppet_ca_chain].orig
+++ Concat_fragment[/etc/bacula/sd_puppet_ca_chain]

+    order  => 02
+    tag    => _etc_bacula_sd_ssl_cert.pem
+    source => /var/lib/puppet/ssl/certs/ca.pem
+    target => /etc/bacula/sd/ssl/cert.pem

File[/etc/bacula/sd/ssl/server.key]

Parameters differences:

--- File[/etc/bacula/sd/ssl/server.key].orig
+++ File[/etc/bacula/sd/ssl/server.key]

+    owner     => bacula
+    show_diff => False
+    ensure    => present
+    source    => /var/lib/puppet/ssl/private_keys/backup2014.codfw.wmnet.pem
+    mode      => 0400
+    group     => bacula

Monitoring::Exported_nagios_service[backup2014 disk_space]

Parameters differences:

--- Monitoring::Exported_nagios_service[backup2014 disk_space].orig
+++ Monitoring::Exported_nagios_service[backup2014 disk_space]

@@
-    notifications_enabled => 0
+    notifications_enabled => 1
@@
-    servicegroups         => insetup_codfw
+    servicegroups         => backup_codfw

File[/var/lib/prometheus/node.d/role_owner.prom]

Content differences:

--- /var/lib/prometheus/node.d/role_owner.prom.orig
+++ /var/lib/prometheus/node.d/role_owner.prom
@@ -1,3 +1,3 @@
 # HELP role_owner The team owner of the server role
 # TYPE role_owner gauge
-role_owner{team="data-persistence",role="insetup::data_persistence_ferm",cluster="insetup"} 1.0
+role_owner{team="data-persistence",role="backup::es",cluster="backup"} 1.0

Class[Cumin::Selector]

Parameters differences:

--- Class[Cumin::Selector].orig
+++ Class[Cumin::Selector]

@@
-    cluster => insetup
+    cluster => backup

Concat[/etc/bacula/sd/ssl/cert.pem]

Parameters differences:

--- Concat[/etc/bacula/sd/ssl/cert.pem].orig
+++ Concat[/etc/bacula/sd/ssl/cert.pem]

+    ensure_newline => False
+    show_diff      => True
+    warn           => False
+    order          => alpha
+    force          => False
+    format         => plain
+    mode           => 0644
+    backup         => puppet
+    path           => /etc/bacula/sd/ssl/cert.pem
+    ensure         => present
+    replace        => True

Motd::Message[insetup::data_persistence_ferm]

Parameters differences:

--- Motd::Message[insetup::data_persistence_ferm].orig
+++ Motd::Message[insetup::data_persistence_ferm]

-    message  => backup2014 is a Host being setup by Data Persistence SREs (insetup::data_persistence_ferm)
-    ensure   => present
-    priority => 5

File[/etc/bacula/sd/ssl]

Parameters differences:

--- File[/etc/bacula/sd/ssl].orig
+++ File[/etc/bacula/sd/ssl]

+    owner  => bacula
+    ensure => directory
+    mode   => 0555
+    group  => bacula

Systemd::Unit[nrpe2nodexp-bacula_sd.timer]

Parameters differences:

--- Systemd::Unit[nrpe2nodexp-bacula_sd.timer].orig
+++ Systemd::Unit[nrpe2nodexp-bacula_sd.timer]

+    override          => False
+    ensure            => absent
+    unit              => nrpe2nodexp-bacula_sd.timer
+    override_filename => puppet-override.conf
+    restart           => False
+    require           => ['Class[Systemd]']

Monitoring::Service[bacula_sd]

Parameters differences:

--- Monitoring::Service[bacula_sd].orig
+++ Monitoring::Service[bacula_sd]

+    critical       => False
+    check_interval => 1
+    contact_group  => admins
+    passive        => False
+    notes_url      => https://wikitech.wikimedia.org/wiki/Bacula
+    check_command  => nrpe_check!check_bacula_sd!10
+    freshness      => 36000
+    config_dir     => /etc/nagios
+    host           => backup2014
+    ensure         => present
+    retry_interval => 1
+    migration_task => T357099
+    description    => bacula sd process
+    retries        => 3

File[/var/lib/prometheus/node.d/check_bacula_sd.prom]

Parameters differences:

--- File[/var/lib/prometheus/node.d/check_bacula_sd.prom].orig
+++ File[/var/lib/prometheus/node.d/check_bacula_sd.prom]

+    owner  => root
+    ensure => absent
+    group  => root

File[/srv/bacula]

Parameters differences:

--- File[/srv/bacula].orig
+++ File[/srv/bacula]

+    owner  => bacula
+    ensure => directory
+    mode   => 0660
+    group  => bacula

Prometheus::Alert::Rule[check_bacula_sd_4d3ab0ef8aa01b04270054b3d1d3c587]

Parameters differences:

--- Prometheus::Alert::Rule[check_bacula_sd_4d3ab0ef8aa01b04270054b3d1d3c587].orig
+++ Prometheus::Alert::Rule[check_bacula_sd_4d3ab0ef8aa01b04270054b3d1d3c587]

+    site               => codfw
+    dashboard          => TODO
+    team               => observability
+    def_label_whitelst => ['team', 'severity']
+    summary            => NRPE CHECK: bacula sd process
+    severity           => info
+    instance           => ops
+    logs               => https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_bacula_sd))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))
+    runbook            => https://wikitech.wikimedia.org/wiki/Bacula
+    ensure             => absent
+    expr               => (nagios_nrpe_check_result{alert_rule_hash="4d3ab0ef8aa01b04270054b3d1d3c587",check_name="check_bacula_sd", status=~"(WARNING|CRITICAL)", severity=~"(warning|critical)"} > 0) * on (instance) group_left (team) role_owner
+    group              => nrpechecks
+    alert_name         => nrpe_bacula_sd_process
+    for                => 3m
+    description        => NRPE CHECK: bacula sd process

Puppet::Expose_agent_certs[/etc/bacula/sd]

Parameters differences:

--- Puppet::Expose_agent_certs[/etc/bacula/sd].orig
+++ Puppet::Expose_agent_certs[/etc/bacula/sd]

+    provide_private => True
+    ssldir          => /var/lib/puppet/ssl
+    provide_p12     => False
+    require         => File[/etc/bacula/sd]
+    provide_pem     => True
+    ensure          => present
+    user            => bacula
+    group           => bacula
+    provide_keypair => True

Motd::Script[insetup::data_persistence_ferm]

Parameters differences:

--- Motd::Script[insetup::data_persistence_ferm].orig
+++ Motd::Script[insetup::data_persistence_ferm]

-    ensure   => present
-    priority => 5

File[/srv/bacula/es-readonly]

Parameters differences:

--- File[/srv/bacula/es-readonly].orig
+++ File[/srv/bacula/es-readonly]

+    owner   => bacula
+    ensure  => directory
+    group   => bacula
+    mode    => 0660
+    require => File[/srv/bacula]

Class[Profile::Backup::Storage::Common]

Parameters differences:

--- Class[Profile::Backup::Storage::Common].orig
+++ Class[Profile::Backup::Storage::Common]

+    director => backup1014.eqiad.wmnet

Bacula::Storage::Device[FileStorageEsRoCodfw]

Parameters differences:

--- Bacula::Storage::Device[FileStorageEsRoCodfw].orig
+++ Bacula::Storage::Device[FileStorageEsRoCodfw]

+    archive_device  => /srv/bacula/es-readonly
+    media_type      => File
+    max_concur_jobs => 2
+    device_type     => File
+    require         => File[/srv/bacula/es-readonly]

File[/etc/bacula/sd-devices.d/FileStorageEsRoCodfw.conf]

Parameters differences:

--- File[/etc/bacula/sd-devices.d/FileStorageEsRoCodfw.conf].orig
+++ File[/etc/bacula/sd-devices.d/FileStorageEsRoCodfw.conf]

+    owner   => bacula
+    ensure  => present
+    mode    => 0440
+    group   => tape
+    notify  => Service[bacula-sd]
+    require => File[/etc/bacula/sd-devices.d]

Content differences:

--- /etc/bacula/sd-devices.d/FileStorageEsRoCodfw.conf.orig
+++ /etc/bacula/sd-devices.d/FileStorageEsRoCodfw.conf
@@ -0,0 +1,14 @@
+# This file has been autogenerated by puppet. Don't edit by hand
+
+Device {
+    Name = FileStorageEsRoCodfw
+    Device Type = File
+    Media Type = File
+    Archive Device = /srv/bacula/es-readonly
+    Maximum Concurrent Jobs = 2
+    LabelMedia = yes;
+    Random Access = Yes;
+    AutomaticMount = yes;
+    RemovableMedia = no;
+    AlwaysOpen = no;
+}

Systemd::Timer::Job[nrpe2nodexp-bacula_sd]

Parameters differences:

--- Systemd::Timer::Job[nrpe2nodexp-bacula_sd].orig
+++ Systemd::Timer::Job[nrpe2nodexp-bacula_sd]

+    private_tmp               => False
+    fixed_random_delay        => True
+    send_mail                 => False
+    logfile_name              => syslog.log
+    ensure                    => absent
+    splay                     => 60
+    syslog_identifier         => nrpe2nodexp-bacula_sd
+    send_mail_only_on_error   => True
+    description               => execution of nrpe2nodexp for the check_bacula_sd command.
+    logfile_group             => root
+    logfile_perms             => all
+    logging_enabled           => False
+    syslog_force_stop         => True
+    syslog_match_startswith   => True
+    success_exit_status       => []
+    ignore_errors             => True
+    interval                  => [{'start': 'OnUnitInactiveSec', 'interval': '1min'}]
+    logfile_basedir           => /var/log
+    command                   => /usr/local/bin/nrpe2nodexp --alert-rule-hash "4d3ab0ef8aa01b04270054b3d1d3c587" --timeout 10 --check-command "check_bacula_sd"
+    environment               => {}
+    user                      => nagios
+    monitoring_contact_groups => admins
+    group                     => prometheus-node-exporter
+    send_mail_to              => root@backup2014.codfw.wmnet
+    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+    monitoring_enabled        => False

File[/etc/bacula/bacula-sd.conf]

Parameters differences:

--- File[/etc/bacula/bacula-sd.conf].orig
+++ File[/etc/bacula/bacula-sd.conf]

+    owner   => bacula
+    ensure  => present
+    mode    => 0400
+    group   => tape
+    notify  => Service[bacula-sd]
+    require => Package[bacula-sd]

Content differences:

--- /etc/bacula/bacula-sd.conf.orig
+++ /etc/bacula/bacula-sd.conf
@@ -0,0 +1,40 @@
+# This file has been autogenerated by puppet. Don't edit by hand
+
+# The directors allowed to contect to us
+Director {
+    Name = "backup1014.eqiad.wmnet"
+    Password = "1eedc784c24dbaf5d191a6a47329af0e61259c06"
+    # Have the Control channel encrypted. Used for incoming console connections
+    TLS Enable = yes
+    TLS Require = yes
+    TLS CA Certificate File = "/etc/ssl/certs/wmf-ca-certificates.crt"
+    TLS Verify Peer = no
+    TLS Certificate = "/etc/bacula/sd/ssl/cert.pem"
+    TLS Key = "/etc/bacula/sd/ssl/server.key"
+}
+
+Storage {
+    Name = "backup2014.codfw.wmnet-fd"
+    SDport = 9103
+    WorkingDirectory = "/var/lib/bacula"
+    Pid Directory = "/var/run/bacula"
+    Maximum Concurrent Jobs = 5
+    Plugin Directory = "/usr/lib/bacula"
+    # Do Have the data channel encrypted.
+    TLS Enable = yes
+    TLS Require = yes
+    TLS CA Certificate File = "/etc/ssl/certs/wmf-ca-certificates.crt"
+    TLS Verify Peer = yes
+    TLS Certificate = "/etc/bacula/sd/ssl/cert.pem"
+    TLS Key = "/etc/bacula/sd/ssl/server.key"
+    # Heartbeat inverval = 0 # in secs
+    # SDAddresses = # For director connections
+}
+
+# Send all messages except skipped files back to Director
+Messages {
+    Name = Standard
+    director = "backup1014.eqiad.wmnet" = all, !skipped, !restored
+}
+
+@|"sh -c 'for f in /etc/bacula/sd-devices.d/*.conf ; do echo @${f} ; done'"

File[/etc/bacula/sd-devices.d/FileStorageEsRwCodfw.conf]

Parameters differences:

--- File[/etc/bacula/sd-devices.d/FileStorageEsRwCodfw.conf].orig
+++ File[/etc/bacula/sd-devices.d/FileStorageEsRwCodfw.conf]

+    owner   => bacula
+    ensure  => present
+    mode    => 0440
+    group   => tape
+    notify  => Service[bacula-sd]
+    require => File[/etc/bacula/sd-devices.d]

Content differences:

--- /etc/bacula/sd-devices.d/FileStorageEsRwCodfw.conf.orig
+++ /etc/bacula/sd-devices.d/FileStorageEsRwCodfw.conf
@@ -0,0 +1,14 @@
+# This file has been autogenerated by puppet. Don't edit by hand
+
+Device {
+    Name = FileStorageEsRwCodfw
+    Device Type = File
+    Media Type = File
+    Archive Device = /srv/bacula/es-readwrite
+    Maximum Concurrent Jobs = 2
+    LabelMedia = yes;
+    Random Access = Yes;
+    AutomaticMount = yes;
+    RemovableMedia = no;
+    AlwaysOpen = no;
+}

Service[nrpe2nodexp-bacula_sd.timer]

Parameters differences:

--- Service[nrpe2nodexp-bacula_sd.timer].orig
+++ Service[nrpe2nodexp-bacula_sd.timer]

+    ensure   => stopped
+    provider => systemd
+    enable   => False
+    before   => ['Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.timer (nrpe2nodexp-bacula_sd.timer)]']

Systemd::Unit[nrpe2nodexp-bacula_sd.service]

Parameters differences:

--- Systemd::Unit[nrpe2nodexp-bacula_sd.service].orig
+++ Systemd::Unit[nrpe2nodexp-bacula_sd.service]

+    override          => False
+    ensure            => absent
+    unit              => nrpe2nodexp-bacula_sd.service
+    override_filename => puppet-override.conf
+    restart           => False
+    require           => ['Class[Systemd]']

Service[bacula-sd]

Parameters differences:

--- Service[bacula-sd].orig
+++ Service[bacula-sd]

+    ensure  => running
+    require => Package[bacula-sd]

Monitoring::Exported_nagios_service[backup2014 raid_broadcom_raid]

Parameters differences:

--- Monitoring::Exported_nagios_service[backup2014 raid_broadcom_raid].orig
+++ Monitoring::Exported_nagios_service[backup2014 raid_broadcom_raid]

@@
-    notifications_enabled => 0
+    notifications_enabled => 1
@@
-    servicegroups         => insetup_codfw
+    servicegroups         => backup_codfw

File[/etc/bacula/sd/ssl/server-keypair.pem]

Parameters differences:

--- File[/etc/bacula/sd/ssl/server-keypair.pem].orig
+++ File[/etc/bacula/sd/ssl/server-keypair.pem]

+    owner  => bacula
+    ensure => present
+    mode   => 0400
+    group  => bacula

Exec[create-/etc/bacula/sd-keypair]

Parameters differences:

--- Exec[create-/etc/bacula/sd-keypair].orig
+++ Exec[create-/etc/bacula/sd-keypair]

+    require => File[/etc/bacula/sd/ssl]
+    creates => /etc/bacula/sd/ssl/server-keypair.pem
+    before  => File[/etc/bacula/sd/ssl/server-keypair.pem]
+    command => /bin/cat                          /var/lib/puppet/ssl/private_keys/backup2014.codfw.wmnet.pem                          /var/lib/puppet/ssl/certs/backup2014.codfw.wmnet.pem                         > /etc/bacula/sd/ssl/server-keypair.pem

Sslcert::X509_to_pkcs12[puppet::expose_agent_cert: /etc/bacula/sd]

Parameters differences:

--- Sslcert::X509_to_pkcs12[puppet::expose_agent_cert: /etc/bacula/sd].orig
+++ Sslcert::X509_to_pkcs12[puppet::expose_agent_cert: /etc/bacula/sd]

+    owner       => bacula
+    public_key  => /var/lib/puppet/ssl/certs/backup2014.codfw.wmnet.pem
+    outfile     => /etc/bacula/sd/ssl/server.p12
+    ensure      => absent
+    private_key => /var/lib/puppet/ssl/private_keys/backup2014.codfw.wmnet.pem
+    group       => bacula
+    certfile    => /var/lib/puppet/ssl/certs/ca.pem

File[/etc/ferm/conf.d/10_bacula_storage_demon]

Parameters differences:

--- File[/etc/ferm/conf.d/10_bacula_storage_demon].orig
+++ File[/etc/ferm/conf.d/10_bacula_storage_demon]

+    owner   => root
+    ensure  => present
+    notify  => Service[ferm]
+    group   => root
+    tag     => ferm
+    mode    => 0400
+    require => File[/etc/ferm/conf.d]

Content differences:

--- /etc/ferm/conf.d/10_bacula_storage_demon.orig
+++ /etc/ferm/conf.d/10_bacula_storage_demon
@@ -0,0 +1,6 @@
+# Autogenerated by puppet. DO NOT EDIT BY HAND!
+#
+# 
+&R_SERVICE(tcp, 9103, $PRODUCTION_NETWORKS);
+
+

Rsyslog::Conf[nrpe2nodexp-bacula_sd]

Parameters differences:

--- Rsyslog::Conf[nrpe2nodexp-bacula_sd].orig
+++ Rsyslog::Conf[nrpe2nodexp-bacula_sd]

+    ensure   => absent
+    priority => 25
+    mode     => 0444

Concat::Fragment[/etc/bacula/sd_puppet_ca_chain]

Parameters differences:

--- Concat::Fragment[/etc/bacula/sd_puppet_ca_chain].orig
+++ Concat::Fragment[/etc/bacula/sd_puppet_ca_chain]

+    order  => 02
+    target => /etc/bacula/sd/ssl/cert.pem
+    source => /var/lib/puppet/ssl/certs/ca.pem

Class[Adduser]

Parameters differences:

--- Class[Adduser].orig
+++ Class[Adduser]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']
+    before => ['Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-sd]', 'Package[confd]', 'Package[python3-toml]', 'Package[python3-click]', 'Package[python3-box]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]']

Class[Profile::Cumin::Target]

Parameters differences:

--- Class[Profile::Cumin::Target].orig
+++ Class[Profile::Cumin::Target]

@@
-    cluster => insetup
+    cluster => backup

File[/etc/update-motd.d/05-backup--es]

Parameters differences:

--- File[/etc/update-motd.d/05-backup--es].orig
+++ File[/etc/update-motd.d/05-backup--es]

+    owner  => root
+    ensure => present
+    mode   => 0555
+    group  => root

Content differences:

--- /etc/update-motd.d/05-backup--es.orig
+++ /etc/update-motd.d/05-backup--es
@@ -0,0 +1,2 @@
+#!/bin/sh
+printf "%s\n" "backup2014 is a External Storage database backups (backup::es)"

Firewall::Service[bacula-storage-demon]

Parameters differences:

--- Firewall::Service[bacula-storage-demon].orig
+++ Firewall::Service[bacula-storage-demon]

+    unrestricted_access => False
+    proto               => tcp
+    desc                => 
+    ensure              => present
+    prio                => 10
+    src_sets            => ['PRODUCTION_NETWORKS']
+    notrack             => False
+    port                => 9103

Class[Monitoring]

Parameters differences:

--- Class[Monitoring].orig
+++ Class[Monitoring]

@@
-    cluster               => insetup
+    cluster               => backup
@@
-    nagios_group          => insetup_codfw
+    nagios_group          => backup_codfw
@@
-    notifications_enabled => False
+    notifications_enabled => True

Class[Profile::Monitoring]

Parameters differences:

--- Class[Profile::Monitoring].orig
+++ Class[Profile::Monitoring]

@@
-    cluster               => insetup
+    cluster               => backup
@@
-    nagios_group          => insetup_codfw
+    nagios_group          => backup_codfw
@@
-    notifications_enabled => False
+    notifications_enabled => True

Monitoring::Exported_nagios_service[backup2014 ferm_active]

Parameters differences:

--- Monitoring::Exported_nagios_service[backup2014 ferm_active].orig
+++ Monitoring::Exported_nagios_service[backup2014 ferm_active]

@@
-    notifications_enabled => 0
+    notifications_enabled => 1
@@
-    servicegroups         => insetup_codfw
+    servicegroups         => backup_codfw

Motd::Script[backup::es]

Parameters differences:

--- Motd::Script[backup::es].orig
+++ Motd::Script[backup::es]

+    ensure   => present
+    priority => 5

Monitoring::Exported_nagios_service[backup2014 raid_md]

Parameters differences:

--- Monitoring::Exported_nagios_service[backup2014 raid_md].orig
+++ Monitoring::Exported_nagios_service[backup2014 raid_md]

@@
-    notifications_enabled => 0
+    notifications_enabled => 1
@@
-    servicegroups         => insetup_codfw
+    servicegroups         => backup_codfw

Sudo::User[nrpe-check_bacula_sd]

Parameters differences:

--- Sudo::User[nrpe-check_bacula_sd].orig
+++ Sudo::User[nrpe-check_bacula_sd]

+    ensure     => absent
+    user       => nagios
+    tag        => nrpe::check
+    privileges => []
+    require    => ['Class[Sudo]']

Nftables::Service[bacula-storage-demon]

Parameters differences:

--- Nftables::Service[bacula-storage-demon].orig
+++ Nftables::Service[bacula-storage-demon]

+    unrestricted_access => False
+    proto               => tcp
+    desc                => 
+    ensure              => present
+    prio                => 10
+    src_sets            => ['PRODUCTION_NETWORKS']
+    notrack             => False
+    port                => 9103

Concat::Fragment[/etc/bacula/sd_puppet_agent_cert]

Parameters differences:

--- Concat::Fragment[/etc/bacula/sd_puppet_agent_cert].orig
+++ Concat::Fragment[/etc/bacula/sd_puppet_agent_cert]

+    order  => 01
+    target => /etc/bacula/sd/ssl/cert.pem
+    source => /var/lib/puppet/ssl/certs/backup2014.codfw.wmnet.pem

File[/srv/bacula/es-readwrite]

Parameters differences:

--- File[/srv/bacula/es-readwrite].orig
+++ File[/srv/bacula/es-readwrite]

+    owner   => bacula
+    ensure  => directory
+    group   => bacula
+    mode    => 0660
+    require => File[/srv/bacula]

File[/lib/systemd/system/nrpe2nodexp-bacula_sd.service]

Parameters differences:

--- File[/lib/systemd/system/nrpe2nodexp-bacula_sd.service].orig
+++ File[/lib/systemd/system/nrpe2nodexp-bacula_sd.service]

+    owner  => root
+    ensure => absent
+    mode   => 0444
+    group  => root
+    notify => Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.service (nrpe2nodexp-bacula_sd.service)]

Content differences:

--- /lib/systemd/system/nrpe2nodexp-bacula_sd.service.orig
+++ /lib/systemd/system/nrpe2nodexp-bacula_sd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=execution of nrpe2nodexp for the check_bacula_sd command.
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=nagios
+
+Group=prometheus-node-exporter
+SyslogIdentifier=nrpe2nodexp-bacula_sd
+ExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash "4d3ab0ef8aa01b04270054b3d1d3c587" --timeout 10 --check-command "check_bacula_sd"

Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.timer (nrpe2nodexp-bacula_sd.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.timer (nrpe2nodexp-bacula_sd.timer)].orig
+++ Exec[systemd daemon-reload for nrpe2nodexp-bacula_sd.timer (nrpe2nodexp-bacula_sd.timer)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True

Motd::Message[backup::es]

Parameters differences:

--- Motd::Message[backup::es].orig
+++ Motd::Message[backup::es]

+    message  => backup2014 is a External Storage database backups (backup::es)
+    ensure   => present
+    priority => 5

Compilation results for backup2014.codfw.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources only in the old catalog

Resources modified

Relevant files