Compilation results for krb1002.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3201
Resources added:	4
Resources removed:	21
Resources modified:	95
Change percentage:	3.75%

Resources only in the new catalog

Nftables::Service[kerberos_kpropd_tcp]
Firewall::Service[kerberos_kpropd_tcp]
File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]
Ferm::Service[kerberos_kpropd_tcp]

Resources only in the old catalog

File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]
Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]
File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]
Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]
Systemd::Timer[wmf_auto_restart_krb5-admin-server]
Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]
Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]
Systemd::Service[wmf_auto_restart_krb5-admin-server]
File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]
Logrotate::Conf[wmf_auto_restart_krb5-admin-server]
File[/var/log/wmf_auto_restart_krb5-admin-server]
Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]
Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]
File_line[auto_restart_file_presence_krb5-admin-server]
File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]
Systemd::Syslog[wmf_auto_restart_krb5-admin-server]
Concat_fragment[/etc/rsyncd.conf-srv-keytabs]
Service[wmf_auto_restart_krb5-admin-server.timer]
Profile::Auto_restarts::Service[krb5-admin-server]
Service[krb5-admin-server]
Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]

Resources modified

Service[krb5-kpropd]

Parameters differences:

--- Service[krb5-kpropd].orig
+++ Service[krb5-kpropd]

+    require => Package[krb5-kpropd]
@@
-    ensure  => stopped
+    ensure  => running

Nrpe::Check[check_check_replicate-krb-database_status]

Parameters differences:

--- Nrpe::Check[check_check_replicate-krb-database_status].orig
+++ Nrpe::Check[check_check_replicate-krb-database_status]

@@
-    ensure => present
+    ensure => absent

Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.service].orig
+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]

@@
-    ensure => absent
+    ensure => present

File_line[auto_restart_file_presence_rsync]

Parameters differences:

--- File_line[auto_restart_file_presence_rsync].orig
+++ File_line[auto_restart_file_presence_rsync]

@@
-    ensure => present
+    ensure => absent

Systemd::Unit[wmf_auto_restart_rsync.service]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_rsync.service].orig
+++ Systemd::Unit[wmf_auto_restart_rsync.service]

@@
-    ensure => present
+    ensure => absent

Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]

Parameters differences:

--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)].orig
+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]

-    refreshonly => True
-    command     => /bin/systemctl daemon-reload

File[/lib/systemd/system/wmf_auto_restart_rsync.timer]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_rsync.timer].orig
+++ File[/lib/systemd/system/wmf_auto_restart_rsync.timer]

@@
-    ensure => present
+    ensure => absent

Nftables::Service[rsyncd_access_srv-keytabs]

Parameters differences:

--- Nftables::Service[rsyncd_access_srv-keytabs].orig
+++ Nftables::Service[rsyncd_access_srv-keytabs]

@@
-    ensure => present
+    ensure => absent

File[/etc/update-motd.d/01-inactive-warning]

Parameters differences:

--- File[/etc/update-motd.d/01-inactive-warning].orig
+++ File[/etc/update-motd.d/01-inactive-warning]

@@
-    ensure => absent
+    ensure => present

Content differences:

--- /etc/update-motd.d/01-inactive-warning.orig
+++ /etc/update-motd.d/01-inactive-warning
@@ -18,6 +18,6 @@
 
 command since credentials are kept in sync via kprod replication.
 
-The current active kadmin host is krb1002.eqiad.wmnet
+The current active kadmin host is krb2002.codfw.wmnet
 
 MOTD

File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]

@@
-    ensure => present
+    ensure => absent

Rsync::Server::Module[srv-keytabs]

Parameters differences:

--- Rsync::Server::Module[srv-keytabs].orig
+++ Rsync::Server::Module[srv-keytabs]

@@
-    ensure => present
+    ensure => absent

File[/usr/local/sbin/replicate_krb_database]

Parameters differences:

--- File[/usr/local/sbin/replicate_krb_database].orig
+++ File[/usr/local/sbin/replicate_krb_database]

@@
-    ensure => present
+    ensure => absent

Content differences:

--- /usr/local/sbin/replicate_krb_database.orig
+++ /usr/local/sbin/replicate_krb_database
@@ -8,5 +8,4 @@
 
 KRB_DATABASE_FILE=/srv/backup/kdc_database_krepl_$(date +%Y%m%d%H%M%S)
 /usr/sbin/kdb5_util dump $KRB_DATABASE_FILE
-/usr/sbin/kprop -d -f $KRB_DATABASE_FILE krb2002.codfw.wmnet
 rm -f $KRB_DATABASE_FILE

Firewall::Service[rsyncd_access_srv-keytabs]

Parameters differences:

--- Firewall::Service[rsyncd_access_srv-keytabs].orig
+++ Firewall::Service[rsyncd_access_srv-keytabs]

@@
-    ensure => present
+    ensure => absent

Systemd::Monitor[replicate-krb-database]

Parameters differences:

--- Systemd::Monitor[replicate-krb-database].orig
+++ Systemd::Monitor[replicate-krb-database]

@@
-    ensure => present
+    ensure => absent

File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer].orig
+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]

@@
-    ensure => absent
+    ensure => present

Class[Profile::Apt]

Parameters differences:

--- Class[Profile::Apt].orig
+++ Class[Profile::Apt]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']
+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']

File[/lib/systemd/system/wmf_auto_restart_rsync.service]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_rsync.service].orig
+++ File[/lib/systemd/system/wmf_auto_restart_rsync.service]

@@
-    ensure => present
+    ensure => absent

Logrotate::Conf[wmf_auto_restart_krb5-admin-server]

Parameters differences:

--- Logrotate::Conf[wmf_auto_restart_krb5-admin-server].orig
+++ Logrotate::Conf[wmf_auto_restart_krb5-admin-server]

-    ensure => present

Systemd::Timer[wmf_auto_restart_krb5-kpropd]

Parameters differences:

--- Systemd::Timer[wmf_auto_restart_krb5-kpropd].orig
+++ Systemd::Timer[wmf_auto_restart_krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

File[/var/log/wmf_auto_restart_krb5-kpropd]

Parameters differences:

--- File[/var/log/wmf_auto_restart_krb5-kpropd].orig
+++ File[/var/log/wmf_auto_restart_krb5-kpropd]

@@
-    ensure => absent
+    ensure => directory

Systemd::Syslog[wmf_auto_restart_krb5-admin-server]

Parameters differences:

--- Systemd::Syslog[wmf_auto_restart_krb5-admin-server].orig
+++ Systemd::Syslog[wmf_auto_restart_krb5-admin-server]

-    force_stop             => True
-    group                  => root
-    owner                  => root
-    readable_by            => all
-    base_dir               => /var/log
-    log_filename           => syslog.log
-    ensure                 => present
-    programname_comparison => startswith

Systemd::Timer::Job[wmf_auto_restart_rsync]

Parameters differences:

--- Systemd::Timer::Job[wmf_auto_restart_rsync].orig
+++ Systemd::Timer::Job[wmf_auto_restart_rsync]

@@
-    ensure => present
+    ensure => absent

Monitoring::Exported_nagios_service[krb1002 check_replicate-krb-database_status]

Parameters differences:

--- Monitoring::Exported_nagios_service[krb1002 check_replicate-krb-database_status].orig
+++ Monitoring::Exported_nagios_service[krb1002 check_replicate-krb-database_status]

@@
-    ensure => present
+    ensure => absent

File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service].orig
+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]

@@
-    ensure => absent
+    ensure => present

Systemd::Timer::Job[replicate-krb-database]

Parameters differences:

--- Systemd::Timer::Job[replicate-krb-database].orig
+++ Systemd::Timer::Job[replicate-krb-database]

@@
-    ensure => present
+    ensure => absent

Systemd::Service[wmf_auto_restart_krb5-kpropd]

Parameters differences:

--- Systemd::Service[wmf_auto_restart_krb5-kpropd].orig
+++ Systemd::Service[wmf_auto_restart_krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

Class[Profile::Kerberos::Kdc]

Parameters differences:

--- Class[Profile::Kerberos::Kdc].orig
+++ Class[Profile::Kerberos::Kdc]

@@
-    krb_kdc_servers => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']
+    krb_kdc_servers => ['krb2002.codfw.wmnet']

Systemd::Unit[replicate-krb-database.timer]

Parameters differences:

--- Systemd::Unit[replicate-krb-database.timer].orig
+++ Systemd::Unit[replicate-krb-database.timer]

@@
-    ensure => present
+    ensure => absent

Motd::Script[inactive_warning]

Parameters differences:

--- Motd::Script[inactive_warning].orig
+++ Motd::Script[inactive_warning]

@@
-    ensure => absent
+    ensure => present

Ferm::Service[rsyncd_access_srv_keytabs]

Parameters differences:

--- Ferm::Service[rsyncd_access_srv_keytabs].orig
+++ Ferm::Service[rsyncd_access_srv_keytabs]

@@
-    ensure => present
+    ensure => absent

Service[krb5-admin-server]

Parameters differences:

--- Service[krb5-admin-server].orig
+++ Service[krb5-admin-server]

-    ensure  => running
-    require => Package[krb5-admin-server]

Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)].orig
+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]

-    refreshonly => True
-    before      => ['Service[wmf_auto_restart_krb5-admin-server.timer]']
-    command     => /bin/systemctl daemon-reload

Service[wmf_auto_restart_krb5-admin-server.timer]

Parameters differences:

--- Service[wmf_auto_restart_krb5-admin-server.timer].orig
+++ Service[wmf_auto_restart_krb5-admin-server.timer]

-    ensure   => running
-    enable   => True
-    provider => systemd

Debconf::Set[krb5-config/kerberos_servers]

Parameters differences:

--- Debconf::Set[krb5-config/kerberos_servers].orig
+++ Debconf::Set[krb5-config/kerberos_servers]

@@
-    value => krb1002.eqiad.wmnet krb2002.codfw.wmnet
+    value => krb2002.codfw.wmnet

Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-srv-keytabs].orig
+++ Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]

-    target => /etc/rsyncd.conf
-    order  => 10

Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]

Parameters differences:

--- Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server].orig
+++ Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]

-    command                   => /usr/local/sbin/wmf-auto-restart -s krb5-admin-server
-    send_mail_to              => root@krb1002.eqiad.wmnet
-    private_tmp               => False
-    logfile_perms             => all
-    logfile_name              => syslog.log
-    ignore_errors             => False
-    logfile_basedir           => /var/log
-    logfile_group             => root
-    monitoring_enabled        => False
-    monitoring_contact_groups => admins
-    success_exit_status       => []
-    send_mail                 => False
-    description               => Auto restart job: krb5-admin-server
-    syslog_match_startswith   => True
-    require                   => File[/usr/local/sbin/wmf-auto-restart]
-    send_mail_only_on_error   => True
-    syslog_force_stop         => True
-    logging_enabled           => True
-    fixed_random_delay        => False
-    user                      => root
-    ensure                    => present
-    environment               => {}
-    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
-    interval                  => {'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 18:18:00'}

File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]

Parameters differences:

--- File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft].orig
+++ File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]

+    mode   => 0444
+    tag    => nft
+    notify => ['Service[nftables]']
+    ensure => present
+    group  => root
+    owner  => root

Content differences:

--- /etc/nftables/input/10_kerberos_kpropd_tcp.nft.orig
+++ /etc/nftables/input/10_kerberos_kpropd_tcp.nft
@@ -0,0 +1,4 @@
+# Managed by puppet
+# 
+ip saddr { 10.192.48.190 } tcp dport { 754 } accept
+ip6 saddr { 2620:0:860:104:10:192:48:190 } tcp dport { 754 } accept

File[/lib/systemd/system/replicate-krb-database.timer]

Parameters differences:

--- File[/lib/systemd/system/replicate-krb-database.timer].orig
+++ File[/lib/systemd/system/replicate-krb-database.timer]

@@
-    ensure => present
+    ensure => absent

Profile::Auto_restarts::Service[rsync]

Parameters differences:

--- Profile::Auto_restarts::Service[rsync].orig
+++ Profile::Auto_restarts::Service[rsync]

@@
-    ensure => present
+    ensure => absent

Systemd::Service[wmf_auto_restart_rsync]

Parameters differences:

--- Systemd::Service[wmf_auto_restart_rsync].orig
+++ Systemd::Service[wmf_auto_restart_rsync]

@@
-    ensure => present
+    ensure => absent

Class[Profile::Kerberos::Replication]

Parameters differences:

--- Class[Profile::Kerberos::Replication].orig
+++ Class[Profile::Kerberos::Replication]

@@
-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']
+    krb_kdc_servers    => ['krb2002.codfw.wmnet']
@@
-    krb_kadmin_primary => krb1002.eqiad.wmnet
+    krb_kadmin_primary => krb2002.codfw.wmnet

Systemd::Unit[replicate-krb-database.service]

Parameters differences:

--- Systemd::Unit[replicate-krb-database.service].orig
+++ Systemd::Unit[replicate-krb-database.service]

@@
-    ensure => present
+    ensure => absent

Systemd::Service[wmf_auto_restart_krb5-admin-server]

Parameters differences:

--- Systemd::Service[wmf_auto_restart_krb5-admin-server].orig
+++ Systemd::Service[wmf_auto_restart_krb5-admin-server]

-    require                  => Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]
-    override                 => False
-    monitoring_contact_group => admins
-    migration_task           => T407130
-    monitoring_enabled       => False
-    ensure                   => present
-    unit_type                => timer
-    restart                  => False
-    service_params           => {}
-    monitoring_critical      => False

Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]

Parameters differences:

--- Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd].orig
+++ Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)].orig
+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]

+    before => ['Service[wmf_auto_restart_krb5-kpropd.timer]']

File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf].orig
+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]

@@
-    ensure => absent
+    ensure => present

File[/var/log/wmf_auto_restart_krb5-admin-server]

Parameters differences:

--- File[/var/log/wmf_auto_restart_krb5-admin-server].orig
+++ File[/var/log/wmf_auto_restart_krb5-admin-server]

-    backup => False
-    mode   => 0755
-    force  => True
-    ensure => directory
-    group  => root
-    owner  => root

File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf].orig
+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]

-    mode   => 0444
-    notify => Service[rsyslog]
-    ensure => present
-    group  => root
-    owner  => root

Content differences:

--- /etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf.orig
+++ /etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf
@@ -1,10 +0,0 @@
-# rsyslog.conf(5) configuration file for services.
-# This file is managed by Puppet.
-if $programname startswith "wmf_auto_restart_krb5-admin-server" then {
-    action(
-        type="omfile" file="/var/log/wmf_auto_restart_krb5-admin-server/syslog.log"
-        fileOwner="root" fileGroup="root"
-        fileCreateMode="0644"
-    )
-    & stop
-}

Logrotate::Conf[wmf_auto_restart_krb5-kpropd]

Parameters differences:

--- Logrotate::Conf[wmf_auto_restart_krb5-kpropd].orig
+++ Logrotate::Conf[wmf_auto_restart_krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

File[/srv/kerberos/rsync_secrets_file]

Parameters differences:

--- File[/srv/kerberos/rsync_secrets_file].orig
+++ File[/srv/kerberos/rsync_secrets_file]

@@
-    ensure => present
+    ensure => absent

Systemd::Syslog[wmf_auto_restart_krb5-kpropd]

Parameters differences:

--- Systemd::Syslog[wmf_auto_restart_krb5-kpropd].orig
+++ Systemd::Syslog[wmf_auto_restart_krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

File[/etc/logrotate.d/wmf_auto_restart_rsync]

Parameters differences:

--- File[/etc/logrotate.d/wmf_auto_restart_rsync].orig
+++ File[/etc/logrotate.d/wmf_auto_restart_rsync]

@@
-    ensure => present
+    ensure => absent

File[/etc/krb5.conf]

Content differences:

--- /etc/krb5.conf.orig
+++ /etc/krb5.conf
@@ -12,9 +12,8 @@
 
 [realms]
         WIKIMEDIA = {
-                kdc = krb1002.eqiad.wmnet
                 kdc = krb2002.codfw.wmnet
-                admin_server = krb1002.eqiad.wmnet
+                admin_server = krb2002.codfw.wmnet
         }
 
 [domain_realm]

File[/lib/systemd/system/replicate-krb-database.service]

Parameters differences:

--- File[/lib/systemd/system/replicate-krb-database.service].orig
+++ File[/lib/systemd/system/replicate-krb-database.service]

@@
-    ensure => present
+    ensure => absent

Monitoring::Service[check_replicate-krb-database_status]

Parameters differences:

--- Monitoring::Service[check_replicate-krb-database_status].orig
+++ Monitoring::Service[check_replicate-krb-database_status]

@@
-    ensure => present
+    ensure => absent

Service[wmf_auto_restart_krb5-kpropd.timer]

Parameters differences:

--- Service[wmf_auto_restart_krb5-kpropd.timer].orig
+++ Service[wmf_auto_restart_krb5-kpropd.timer]

-    before => ['Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]']
@@
-    ensure => stopped
+    ensure => running
@@
-    enable => False
+    enable => True

Service[replicate-krb-database.timer]

Parameters differences:

--- Service[replicate-krb-database.timer].orig
+++ Service[replicate-krb-database.timer]

+    before => ['Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]']
@@
-    ensure => running
+    ensure => stopped
@@
-    enable => True
+    enable => False

Profile::Auto_restarts::Service[krb5-kpropd]

Parameters differences:

--- Profile::Auto_restarts::Service[krb5-kpropd].orig
+++ Profile::Auto_restarts::Service[krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

Class[Profile::Kerberos::Kadminserver]

Parameters differences:

--- Class[Profile::Kerberos::Kadminserver].orig
+++ Class[Profile::Kerberos::Kadminserver]

@@
-    krb_kadmin_primary => krb1002.eqiad.wmnet
+    krb_kadmin_primary => krb2002.codfw.wmnet

Systemd::Timer[replicate-krb-database]

Parameters differences:

--- Systemd::Timer[replicate-krb-database].orig
+++ Systemd::Timer[replicate-krb-database]

@@
-    ensure => present
+    ensure => absent

Rsyslog::Conf[wmf_auto_restart_rsync]

Parameters differences:

--- Rsyslog::Conf[wmf_auto_restart_rsync].orig
+++ Rsyslog::Conf[wmf_auto_restart_rsync]

@@
-    ensure => present
+    ensure => absent

Systemd::Service[replicate-krb-database]

Parameters differences:

--- Systemd::Service[replicate-krb-database].orig
+++ Systemd::Service[replicate-krb-database]

@@
-    ensure => present
+    ensure => absent

Logrotate::Conf[wmf_auto_restart_rsync]

Parameters differences:

--- Logrotate::Conf[wmf_auto_restart_rsync].orig
+++ Logrotate::Conf[wmf_auto_restart_rsync]

@@
-    ensure => present
+    ensure => absent

Nrpe::Monitor_service[check_replicate-krb-database_status]

Parameters differences:

--- Nrpe::Monitor_service[check_replicate-krb-database_status].orig
+++ Nrpe::Monitor_service[check_replicate-krb-database_status]

@@
-    ensure => present
+    ensure => absent

Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]

Parameters differences:

--- Rsyslog::Conf[wmf_auto_restart_krb5-admin-server].orig
+++ Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]

-    ensure   => present
-    require  => File[/var/log/wmf_auto_restart_krb5-admin-server]
-    priority => 40
-    mode     => 0444

Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)].orig
+++ Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]

-    before => ['Service[wmf_auto_restart_rsync.timer]']

Systemd::Timer[wmf_auto_restart_krb5-admin-server]

Parameters differences:

--- Systemd::Timer[wmf_auto_restart_krb5-admin-server].orig
+++ Systemd::Timer[wmf_auto_restart_krb5-admin-server]

-    splay              => 0
-    unit_name          => wmf_auto_restart_krb5-admin-server.service
-    fixed_random_delay => False
-    accuracy           => 15sec
-    ensure             => present
-    timer_intervals    => [{'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 18:18:00'}]

Ferm::Service[kerberos_kpropd_tcp]

Parameters differences:

--- Ferm::Service[kerberos_kpropd_tcp].orig
+++ Ferm::Service[kerberos_kpropd_tcp]

+    notrack             => False
+    unrestricted_access => False
+    desc                => 
+    srange              => ['krb2002.codfw.wmnet']
+    port                => 754
+    ensure              => present
+    prio                => 10
+    proto               => tcp

File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]

Parameters differences:

--- File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd].orig
+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

Service[wmf_auto_restart_rsync.timer]

Parameters differences:

--- Service[wmf_auto_restart_rsync.timer].orig
+++ Service[wmf_auto_restart_rsync.timer]

+    before => ['Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]']
@@
-    ensure => running
+    ensure => stopped
@@
-    enable => True
+    enable => False

Systemd::Syslog[wmf_auto_restart_rsync]

Parameters differences:

--- Systemd::Syslog[wmf_auto_restart_rsync].orig
+++ Systemd::Syslog[wmf_auto_restart_rsync]

@@
-    ensure => present
+    ensure => absent

Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]

Parameters differences:

--- Rsyslog::Conf[wmf_auto_restart_krb5-kpropd].orig
+++ Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

Systemd::Unit[wmf_auto_restart_rsync.timer]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_rsync.timer].orig
+++ Systemd::Unit[wmf_auto_restart_rsync.timer]

@@
-    ensure => present
+    ensure => absent

File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service].orig
+++ File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]

-    mode   => 0444
-    notify => Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]
-    ensure => present
-    group  => root
-    owner  => root

Content differences:

--- /lib/systemd/system/wmf_auto_restart_krb5-admin-server.service.orig
+++ /lib/systemd/system/wmf_auto_restart_krb5-admin-server.service
@@ -1,8 +0,0 @@
-[Unit]
-Description=Auto restart job: krb5-admin-server
-Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
-
-[Service]
-Type=oneshot
-User=root
-ExecStart=/usr/local/sbin/wmf-auto-restart -s krb5-admin-server

File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer].orig
+++ File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]

-    mode   => 0444
-    notify => Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]
-    ensure => present
-    group  => root
-    owner  => root

Content differences:

--- /lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer.orig
+++ /lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer
@@ -1,12 +0,0 @@
-[Unit]
-Description=Periodic execution of wmf_auto_restart_krb5-admin-server.service
-
-[Timer]
-Unit=wmf_auto_restart_krb5-admin-server.service
-# Accuracy sets the maximum time interval around the execution time we want to allow
-AccuracySec=15sec
-OnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 18:18:00
-RandomizedDelaySec=0
-
-[Install]
-WantedBy=multi-user.target

Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer].orig
+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]

@@
-    ensure => absent
+    ensure => present

Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer].orig
+++ Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]

-    require           => ['Class[Systemd]']
-    unit              => wmf_auto_restart_krb5-admin-server.timer
-    override          => False
-    ensure            => present
-    override_filename => puppet-override.conf
-    restart           => False

File_line[auto_restart_file_presence_krb5-kpropd]

Parameters differences:

--- File_line[auto_restart_file_presence_krb5-kpropd].orig
+++ File_line[auto_restart_file_presence_krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_krb5-admin-server.service].orig
+++ Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]

-    require           => ['Class[Systemd]']
-    unit              => wmf_auto_restart_krb5-admin-server.service
-    override          => False
-    ensure            => present
-    override_filename => puppet-override.conf
-    restart           => False

File_line[auto_restart_file_presence_krb5-admin-server]

Parameters differences:

--- File_line[auto_restart_file_presence_krb5-admin-server].orig
+++ File_line[auto_restart_file_presence_krb5-admin-server]

-    ensure  => present
-    line    => krb5-admin-server
-    path    => /etc/debdeploy-client/autorestarts.conf
-    require => File[/etc/debdeploy-client/autorestarts.conf]

Concat_fragment[/etc/rsyncd.conf-srv-keytabs]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-srv-keytabs].orig
+++ Concat_fragment[/etc/rsyncd.conf-srv-keytabs]

-    tag    => _etc_rsyncd.conf
-    target => /etc/rsyncd.conf
-    order  => 10

Content differences:

--- /etc/rsyncd.conf-srv-keytabs.orig
+++ /etc/rsyncd.conf-srv-keytabs
@@ -1,20 +0,0 @@
-# This file is being maintained by Puppet.
-# DO NOT EDIT
-
-[ srv-keytabs ]
-path            = /srv/kerberos/keytabs
-read only       = yes
-write only      = no
-list            = yes
-uid             = 0
-gid             = 0
-use chroot      = yes
-
-
-max connections = 0
-
-
-secrets file = /srv/kerberos/rsync_secrets_file
-auth users = kerb
-hosts allow = puppetserver1001.eqiad.wmnet localhost
-

Systemd::Timer[wmf_auto_restart_rsync]

Parameters differences:

--- Systemd::Timer[wmf_auto_restart_rsync].orig
+++ Systemd::Timer[wmf_auto_restart_rsync]

@@
-    ensure => present
+    ensure => absent

File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf].orig
+++ File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]

@@
-    ensure => present
+    ensure => absent

Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)].orig
+++ Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]

-    before => ['Service[replicate-krb-database.timer]']

Class[Adduser]

Parameters differences:

--- Class[Adduser].orig
+++ Class[Adduser]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']
+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']

Exec[debconf-set-selections set string krb5-config/kerberos_servers]

Parameters differences:

--- Exec[debconf-set-selections set string krb5-config/kerberos_servers].orig
+++ Exec[debconf-set-selections set string krb5-config/kerberos_servers]

@@
-    command => echo set krb5-config/kerberos_servers string "krb1002.eqiad.wmnet krb2002.codfw.wmnet" | debconf-set-selections
+    command => echo set krb5-config/kerberos_servers string "krb2002.codfw.wmnet" | debconf-set-selections
@@
-    unless  => test "$(echo get krb5-config/kerberos_servers | debconf-communicate)" = "0 krb1002.eqiad.wmnet krb2002.codfw.wmnet"
+    unless  => test "$(echo get krb5-config/kerberos_servers | debconf-communicate)" = "0 krb2002.codfw.wmnet"

File[/etc/krb5kdc/kpropd.acl]

Parameters differences:

--- File[/etc/krb5kdc/kpropd.acl].orig
+++ File[/etc/krb5kdc/kpropd.acl]

-    ensure => absent
+    before => Package[krb5-kpropd]
+    mode   => 0444

Content differences:

--- /etc/krb5kdc/kpropd.acl.orig
+++ /etc/krb5kdc/kpropd.acl
@@ -0,0 +1 @@
+host/krb2002.codfw.wmnet@WIKIMEDIA

Package[krb5-kpropd]

Parameters differences:

--- Package[krb5-kpropd].orig
+++ Package[krb5-kpropd]

@@
-    ensure => absent
+    ensure => present

Firewall::Service[kerberos_kpropd_tcp]

Parameters differences:

--- Firewall::Service[kerberos_kpropd_tcp].orig
+++ Firewall::Service[kerberos_kpropd_tcp]

+    notrack             => False
+    unrestricted_access => False
+    desc                => 
+    srange              => ['krb2002.codfw.wmnet']
+    port                => 754
+    ensure              => present
+    prio                => 10
+    proto               => tcp

Class[Profile::Kerberos::Client]

Parameters differences:

--- Class[Profile::Kerberos::Client].orig
+++ Class[Profile::Kerberos::Client]

@@
-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']
+    krb_kdc_servers    => ['krb2002.codfw.wmnet']
@@
-    krb_kadmin_primary => krb1002.eqiad.wmnet
+    krb_kadmin_primary => krb2002.codfw.wmnet

Nftables::Service[kerberos_kpropd_tcp]

Parameters differences:

--- Nftables::Service[kerberos_kpropd_tcp].orig
+++ Nftables::Service[kerberos_kpropd_tcp]

+    notrack             => False
+    unrestricted_access => False
+    desc                => 
+    src_ips             => ['10.192.48.190', '2620:0:860:104:10:192:48:190']
+    port                => 754
+    ensure              => present
+    prio                => 10
+    proto               => tcp

File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]

Parameters differences:

--- File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg].orig
+++ File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]

@@
-    ensure => present
+    ensure => absent

File[/var/log/wmf_auto_restart_rsync]

Parameters differences:

--- File[/var/log/wmf_auto_restart_rsync].orig
+++ File[/var/log/wmf_auto_restart_rsync]

@@
-    ensure => directory
+    ensure => absent

Profile::Auto_restarts::Service[krb5-admin-server]

Parameters differences:

--- Profile::Auto_restarts::Service[krb5-admin-server].orig
+++ Profile::Auto_restarts::Service[krb5-admin-server]

-    ensure => present

File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]

Parameters differences:

--- File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server].orig
+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]

-    ensure => present
-    group  => root
-    owner  => root
-    mode   => 0444

Content differences:

--- /etc/logrotate.d/wmf_auto_restart_krb5-admin-server.orig
+++ /etc/logrotate.d/wmf_auto_restart_krb5-admin-server
@@ -1,12 +0,0 @@
-# logrotate(8) config for wmf_auto_restart_krb5-admin-server
-
-/var/log/wmf_auto_restart_krb5-admin-server/*.log {
-    daily
-    copytruncate
-    missingok
-    compress
-    delaycompress
-    notifempty
-    rotate 15
-    size 256M
-}

Compilation results for krb1002.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources only in the old catalog

Resources modified

Relevant files