{"host": "krb1002.eqiad.wmnet", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3201, "only_in_self": ["Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]", "Concat_fragment[/etc/rsyncd.conf-srv-keytabs]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]", "File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]", "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]", "File[/var/log/wmf_auto_restart_krb5-admin-server]", "File_line[auto_restart_file_presence_krb5-admin-server]", "Logrotate::Conf[wmf_auto_restart_krb5-admin-server]", "Profile::Auto_restarts::Service[krb5-admin-server]", "Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]", "Service[krb5-admin-server]", "Service[wmf_auto_restart_krb5-admin-server.timer]", "Systemd::Service[wmf_auto_restart_krb5-admin-server]", "Systemd::Syslog[wmf_auto_restart_krb5-admin-server]", "Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]", "Systemd::Timer[wmf_auto_restart_krb5-admin-server]", "Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]", "Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]"], "only_in_other": ["Ferm::Service[kerberos_kpropd_tcp]", "File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]", "Firewall::Service[kerberos_kpropd_tcp]", "Nftables::Service[kerberos_kpropd_tcp]"], "resource_diffs": [{"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Timer[wmf_auto_restart_rsync].orig\n+++ Systemd::Timer[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Timer[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Timer[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Profile::Auto_restarts::Service[rsync]", "parameters": "--- Profile::Auto_restarts::Service[rsync].orig\n+++ Profile::Auto_restarts::Service[rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Concat_fragment[/etc/rsyncd.conf-srv-keytabs]", "content": "--- /etc/rsyncd.conf-srv-keytabs.orig\n+++ /etc/rsyncd.conf-srv-keytabs\n@@ -1,20 +0,0 @@\n-# This file is being maintained by Puppet.\n-# DO NOT EDIT\n-\n-[ srv-keytabs ]\n-path            = /srv/kerberos/keytabs\n-read only       = yes\n-write only      = no\n-list            = yes\n-uid             = 0\n-gid             = 0\n-use chroot      = yes\n-\n-\n-max connections = 0\n-\n-\n-secrets file = /srv/kerberos/rsync_secrets_file\n-auth users = kerb\n-hosts allow = puppetserver1001.eqiad.wmnet localhost\n-", "parameters": "--- Concat_fragment[/etc/rsyncd.conf-srv-keytabs].orig\n+++ Concat_fragment[/etc/rsyncd.conf-srv-keytabs]\n\n-    target => /etc/rsyncd.conf\n-    order  => 10\n-    tag    => _etc_rsyncd.conf\n"}, {"resource": "File[/var/log/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/var/log/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/var/log/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => directory\n"}, {"resource": "File[/srv/kerberos/rsync_secrets_file]", "parameters": "--- File[/srv/kerberos/rsync_secrets_file].orig\n+++ File[/srv/kerberos/rsync_secrets_file]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Profile::Apt]", "parameters": "--- Class[Profile::Apt].orig\n+++ Class[Profile::Apt]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']\n"}, {"resource": "Monitoring::Exported_nagios_service[krb1002 check_replicate-krb-database_status]", "parameters": "--- Monitoring::Exported_nagios_service[krb1002 check_replicate-krb-database_status].orig\n+++ Monitoring::Exported_nagios_service[krb1002 check_replicate-krb-database_status]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Service[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Service[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Service[wmf_auto_restart_krb5-kpropd.timer]\n\n-    before => ['Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]']\n@@\n-    enable => False\n+    enable => True\n@@\n-    ensure => stopped\n+    ensure => running\n"}, {"resource": "Systemd::Unit[replicate-krb-database.timer]", "parameters": "--- Systemd::Unit[replicate-krb-database.timer].orig\n+++ Systemd::Unit[replicate-krb-database.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Ferm::Service[kerberos_kpropd_tcp]", "parameters": "--- Ferm::Service[kerberos_kpropd_tcp].orig\n+++ Ferm::Service[kerberos_kpropd_tcp]\n\n+    srange              => ['krb2002.codfw.wmnet']\n+    port                => 754\n+    proto               => tcp\n+    ensure              => present\n+    prio                => 10\n+    desc                => \n+    unrestricted_access => False\n+    notrack             => False\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_rsync]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_rsync].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Unit[replicate-krb-database.service]", "parameters": "--- Systemd::Unit[replicate-krb-database.service].orig\n+++ Systemd::Unit[replicate-krb-database.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Profile::Kerberos::Kadminserver]", "parameters": "--- Class[Profile::Kerberos::Kadminserver].orig\n+++ Class[Profile::Kerberos::Kadminserver]\n\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]\n\n-    before => ['Service[wmf_auto_restart_rsync.timer]']\n"}, {"resource": "Systemd::Timer::Job[replicate-krb-database]", "parameters": "--- Systemd::Timer::Job[replicate-krb-database].orig\n+++ Systemd::Timer::Job[replicate-krb-database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Firewall::Service[kerberos_kpropd_tcp]", "parameters": "--- Firewall::Service[kerberos_kpropd_tcp].orig\n+++ Firewall::Service[kerberos_kpropd_tcp]\n\n+    srange              => ['krb2002.codfw.wmnet']\n+    port                => 754\n+    proto               => tcp\n+    ensure              => present\n+    prio                => 10\n+    desc                => \n+    unrestricted_access => False\n+    notrack             => False\n"}, {"resource": "Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]", "parameters": "--- Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)].orig\n+++ Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]\n\n-    before => ['Service[replicate-krb-database.timer]']\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-admin-server.service].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]\n\n-    unit              => wmf_auto_restart_krb5-admin-server.service\n-    restart           => False\n-    ensure            => present\n-    override          => False\n-    require           => ['Class[Systemd]']\n-    override_filename => puppet-override.conf\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.service].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.timer]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.timer].orig\n+++ File[/lib/systemd/system/replicate-krb-database.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File_line[auto_restart_file_presence_krb5-admin-server]", "parameters": "--- File_line[auto_restart_file_presence_krb5-admin-server].orig\n+++ File_line[auto_restart_file_presence_krb5-admin-server]\n\n-    path    => /etc/debdeploy-client/autorestarts.conf\n-    require => File[/etc/debdeploy-client/autorestarts.conf]\n-    line    => krb5-admin-server\n-    ensure  => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_rsync.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_rsync.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Profile::Auto_restarts::Service[krb5-kpropd]", "parameters": "--- Profile::Auto_restarts::Service[krb5-kpropd].orig\n+++ Profile::Auto_restarts::Service[krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Service[replicate-krb-database.timer]", "parameters": "--- Service[replicate-krb-database.timer].orig\n+++ Service[replicate-krb-database.timer]\n\n+    before => ['Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]']\n@@\n-    enable => True\n+    enable => False\n@@\n-    ensure => running\n+    ensure => stopped\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_krb5-admin-server].orig\n+++ Logrotate::Conf[wmf_auto_restart_krb5-admin-server]\n\n-    ensure => present\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File_line[auto_restart_file_presence_rsync]", "parameters": "--- File_line[auto_restart_file_presence_rsync].orig\n+++ File_line[auto_restart_file_presence_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]", "content": "--- /etc/nftables/input/10_kerberos_kpropd_tcp.nft.orig\n+++ /etc/nftables/input/10_kerberos_kpropd_tcp.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr { 10.192.48.190 } tcp dport { 754 } accept\n+ip6 saddr { 2620:0:860:104:10:192:48:190 } tcp dport { 754 } accept", "parameters": "--- File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft].orig\n+++ File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]\n\n+    tag    => nft\n+    owner  => root\n+    ensure => present\n+    notify => ['Service[nftables]']\n+    mode   => 0444\n+    group  => root\n"}, {"resource": "Class[Profile::Kerberos::Kdc]", "parameters": "--- Class[Profile::Kerberos::Kdc].orig\n+++ Class[Profile::Kerberos::Kdc]\n\n@@\n-    krb_kdc_servers => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers => ['krb2002.codfw.wmnet']\n"}, {"resource": "Exec[debconf-set-selections set string krb5-config/kerberos_servers]", "parameters": "--- Exec[debconf-set-selections set string krb5-config/kerberos_servers].orig\n+++ Exec[debconf-set-selections set string krb5-config/kerberos_servers]\n\n@@\n-    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb1002.eqiad.wmnet krb2002.codfw.wmnet\"\n+    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb2002.codfw.wmnet\"\n@@\n-    command => echo set krb5-config/kerberos_servers string \"krb1002.eqiad.wmnet krb2002.codfw.wmnet\" | debconf-set-selections\n+    command => echo set krb5-config/kerberos_servers string \"krb2002.codfw.wmnet\" | debconf-set-selections\n"}, {"resource": "Nftables::Service[rsyncd_access_srv-keytabs]", "parameters": "--- Nftables::Service[rsyncd_access_srv-keytabs].orig\n+++ Nftables::Service[rsyncd_access_srv-keytabs]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]", "content": "--- /lib/systemd/system/wmf_auto_restart_krb5-admin-server.service.orig\n+++ /lib/systemd/system/wmf_auto_restart_krb5-admin-server.service\n@@ -1,8 +0,0 @@\n-[Unit]\n-Description=Auto restart job: krb5-admin-server\n-Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n-\n-[Service]\n-Type=oneshot\n-User=root\n-ExecStart=/usr/local/sbin/wmf-auto-restart -s krb5-admin-server", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]\n\n-    notify => Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]\n-    ensure => present\n-    owner  => root\n-    mode   => 0444\n-    group  => root\n"}, {"resource": "Monitoring::Service[check_replicate-krb-database_status]", "parameters": "--- Monitoring::Service[check_replicate-krb-database_status].orig\n+++ Monitoring::Service[check_replicate-krb-database_status]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Profile::Auto_restarts::Service[krb5-admin-server]", "parameters": "--- Profile::Auto_restarts::Service[krb5-admin-server].orig\n+++ Profile::Auto_restarts::Service[krb5-admin-server]\n\n-    ensure => present\n"}, {"resource": "Firewall::Service[rsyncd_access_srv-keytabs]", "parameters": "--- Firewall::Service[rsyncd_access_srv-keytabs].orig\n+++ Firewall::Service[rsyncd_access_srv-keytabs]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Rsync::Server::Module[srv-keytabs]", "parameters": "--- Rsync::Server::Module[srv-keytabs].orig\n+++ Rsync::Server::Module[srv-keytabs]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Service[replicate-krb-database]", "parameters": "--- Systemd::Service[replicate-krb-database].orig\n+++ Systemd::Service[replicate-krb-database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]\n\n-    command     => /bin/systemctl daemon-reload\n-    refreshonly => True\n-    before      => ['Service[wmf_auto_restart_krb5-admin-server.timer]']\n"}, {"resource": "Service[krb5-admin-server]", "parameters": "--- Service[krb5-admin-server].orig\n+++ Service[krb5-admin-server]\n\n-    require => Package[krb5-admin-server]\n-    ensure  => running\n"}, {"resource": "Motd::Script[inactive_warning]", "parameters": "--- Motd::Script[inactive_warning].orig\n+++ Motd::Script[inactive_warning]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Syslog[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Syslog[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Syslog[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_krb5-admin-server].orig\n+++ Systemd::Syslog[wmf_auto_restart_krb5-admin-server]\n\n-    programname_comparison => startswith\n-    ensure                 => present\n-    base_dir               => /var/log\n-    readable_by            => all\n-    force_stop             => True\n-    log_filename           => syslog.log\n-    owner                  => root\n-    group                  => root\n"}, {"resource": "Debconf::Set[krb5-config/kerberos_servers]", "parameters": "--- Debconf::Set[krb5-config/kerberos_servers].orig\n+++ Debconf::Set[krb5-config/kerberos_servers]\n\n@@\n-    value => krb1002.eqiad.wmnet krb2002.codfw.wmnet\n+    value => krb2002.codfw.wmnet\n"}, {"resource": "Service[wmf_auto_restart_krb5-admin-server.timer]", "parameters": "--- Service[wmf_auto_restart_krb5-admin-server.timer].orig\n+++ Service[wmf_auto_restart_krb5-admin-server.timer]\n\n-    enable   => True\n-    provider => systemd\n-    ensure   => running\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]", "content": "--- /etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf.orig\n+++ /etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf\n@@ -1,10 +0,0 @@\n-# rsyslog.conf(5) configuration file for services.\n-# This file is managed by Puppet.\n-if $programname startswith \"wmf_auto_restart_krb5-admin-server\" then {\n-    action(\n-        type=\"omfile\" file=\"/var/log/wmf_auto_restart_krb5-admin-server/syslog.log\"\n-        fileOwner=\"root\" fileGroup=\"root\"\n-        fileCreateMode=\"0644\"\n-    )\n-    & stop\n-}", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]\n\n-    notify => Service[rsyslog]\n-    ensure => present\n-    owner  => root\n-    mode   => 0444\n-    group  => root\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_rsync]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_rsync].orig\n+++ Rsyslog::Conf[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]", "parameters": "--- Concat::Fragment[/etc/rsyncd.conf-srv-keytabs].orig\n+++ Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]\n\n-    target => /etc/rsyncd.conf\n-    order  => 10\n"}, {"resource": "Nrpe::Monitor_service[check_replicate-krb-database_status]", "parameters": "--- Nrpe::Monitor_service[check_replicate-krb-database_status].orig\n+++ Nrpe::Monitor_service[check_replicate-krb-database_status]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Service[krb5-kpropd]", "parameters": "--- Service[krb5-kpropd].orig\n+++ Service[krb5-kpropd]\n\n+    require => Package[krb5-kpropd]\n@@\n-    ensure  => stopped\n+    ensure  => running\n"}, {"resource": "Package[krb5-kpropd]", "parameters": "--- Package[krb5-kpropd].orig\n+++ Package[krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]\n\n-    unit              => wmf_auto_restart_krb5-admin-server.timer\n-    restart           => False\n-    ensure            => present\n-    override          => False\n-    require           => ['Class[Systemd]']\n-    override_filename => puppet-override.conf\n"}, {"resource": "Systemd::Syslog[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_rsync].orig\n+++ Systemd::Syslog[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Service[wmf_auto_restart_rsync.timer]", "parameters": "--- Service[wmf_auto_restart_rsync.timer].orig\n+++ Service[wmf_auto_restart_rsync.timer]\n\n+    before => ['Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]']\n@@\n-    enable => True\n+    enable => False\n@@\n-    ensure => running\n+    ensure => stopped\n"}, {"resource": "Class[Profile::Kerberos::Replication]", "parameters": "--- Class[Profile::Kerberos::Replication].orig\n+++ Class[Profile::Kerberos::Replication]\n\n@@\n-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers    => ['krb2002.codfw.wmnet']\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]", "content": "--- /etc/logrotate.d/wmf_auto_restart_krb5-admin-server.orig\n+++ /etc/logrotate.d/wmf_auto_restart_krb5-admin-server\n@@ -1,12 +0,0 @@\n-# logrotate(8) config for wmf_auto_restart_krb5-admin-server\n-\n-/var/log/wmf_auto_restart_krb5-admin-server/*.log {\n-    daily\n-    copytruncate\n-    missingok\n-    compress\n-    delaycompress\n-    notifempty\n-    rotate 15\n-    size 256M\n-}", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]\n\n-    group  => root\n-    mode   => 0444\n-    owner  => root\n-    ensure => present\n"}, {"resource": "File[/usr/local/sbin/replicate_krb_database]", "content": "--- /usr/local/sbin/replicate_krb_database.orig\n+++ /usr/local/sbin/replicate_krb_database\n@@ -8,5 +8,4 @@\n \n KRB_DATABASE_FILE=/srv/backup/kdc_database_krepl_$(date +%Y%m%d%H%M%S)\n /usr/sbin/kdb5_util dump $KRB_DATABASE_FILE\n-/usr/sbin/kprop -d -f $KRB_DATABASE_FILE krb2002.codfw.wmnet\n rm -f $KRB_DATABASE_FILE", "parameters": "--- File[/usr/local/sbin/replicate_krb_database].orig\n+++ File[/usr/local/sbin/replicate_krb_database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]\n\n-    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n-    monitoring_contact_groups => admins\n-    send_mail                 => False\n-    send_mail_only_on_error   => True\n-    require                   => File[/usr/local/sbin/wmf-auto-restart]\n-    command                   => /usr/local/sbin/wmf-auto-restart -s krb5-admin-server\n-    environment               => {}\n-    monitoring_enabled        => False\n-    user                      => root\n-    success_exit_status       => []\n-    ignore_errors             => False\n-    fixed_random_delay        => False\n-    syslog_force_stop         => True\n-    logfile_perms             => all\n-    send_mail_to              => root@krb1002.eqiad.wmnet\n-    ensure                    => present\n-    private_tmp               => False\n-    logfile_basedir           => /var/log\n-    syslog_match_startswith   => True\n-    description               => Auto restart job: krb5-admin-server\n-    interval                  => {'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 18:18:00'}\n-    logfile_name              => syslog.log\n-    logging_enabled           => True\n-    logfile_group             => root\n"}, {"resource": "Systemd::Monitor[replicate-krb-database]", "parameters": "--- Systemd::Monitor[replicate-krb-database].orig\n+++ Systemd::Monitor[replicate-krb-database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/update-motd.d/01-inactive-warning]", "content": "--- /etc/update-motd.d/01-inactive-warning.orig\n+++ /etc/update-motd.d/01-inactive-warning\n@@ -18,6 +18,6 @@\n \n command since credentials are kept in sync via kprod replication.\n \n-The current active kadmin host is krb1002.eqiad.wmnet\n+The current active kadmin host is krb2002.codfw.wmnet\n \n MOTD", "parameters": "--- File[/etc/update-motd.d/01-inactive-warning].orig\n+++ File[/etc/update-motd.d/01-inactive-warning]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Ferm::Service[rsyncd_access_srv_keytabs]", "parameters": "--- Ferm::Service[rsyncd_access_srv_keytabs].orig\n+++ Ferm::Service[rsyncd_access_srv_keytabs]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Adduser]", "parameters": "--- Class[Adduser].orig\n+++ Class[Adduser]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_krb5-kpropd].orig\n+++ Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Nftables::Service[kerberos_kpropd_tcp]", "parameters": "--- Nftables::Service[kerberos_kpropd_tcp].orig\n+++ Nftables::Service[kerberos_kpropd_tcp]\n\n+    port                => 754\n+    proto               => tcp\n+    ensure              => present\n+    prio                => 10\n+    src_ips             => ['10.192.48.190', '2620:0:860:104:10:192:48:190']\n+    desc                => \n+    unrestricted_access => False\n+    notrack             => False\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Systemd::Timer[wmf_auto_restart_krb5-admin-server].orig\n+++ Systemd::Timer[wmf_auto_restart_krb5-admin-server]\n\n-    accuracy           => 15sec\n-    timer_intervals    => [{'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 18:18:00'}]\n-    splay              => 0\n-    fixed_random_delay => False\n-    ensure             => present\n-    unit_name          => wmf_auto_restart_krb5-admin-server.service\n"}, {"resource": "File[/etc/krb5.conf]", "content": "--- /etc/krb5.conf.orig\n+++ /etc/krb5.conf\n@@ -12,9 +12,8 @@\n \n [realms]\n         WIKIMEDIA = {\n-                kdc = krb1002.eqiad.wmnet\n                 kdc = krb2002.codfw.wmnet\n-                admin_server = krb1002.eqiad.wmnet\n+                admin_server = krb2002.codfw.wmnet\n         }\n \n [domain_realm]"}, {"resource": "File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]", "parameters": "--- File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg].orig\n+++ File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File_line[auto_restart_file_presence_krb5-kpropd]", "parameters": "--- File_line[auto_restart_file_presence_krb5-kpropd].orig\n+++ File_line[auto_restart_file_presence_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]", "content": "--- /lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer.orig\n+++ /lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer\n@@ -1,12 +0,0 @@\n-[Unit]\n-Description=Periodic execution of wmf_auto_restart_krb5-admin-server.service\n-\n-[Timer]\n-Unit=wmf_auto_restart_krb5-admin-server.service\n-# Accuracy sets the maximum time interval around the execution time we want to allow\n-AccuracySec=15sec\n-OnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 18:18:00\n-RandomizedDelaySec=0\n-\n-[Install]\n-WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]\n\n-    notify => Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]\n-    ensure => present\n-    owner  => root\n-    mode   => 0444\n-    group  => root\n"}, {"resource": "Nrpe::Check[check_check_replicate-krb-database_status]", "parameters": "--- Nrpe::Check[check_check_replicate-krb-database_status].orig\n+++ Nrpe::Check[check_check_replicate-krb-database_status]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/krb5kdc/kpropd.acl]", "content": "--- /etc/krb5kdc/kpropd.acl.orig\n+++ /etc/krb5kdc/kpropd.acl\n@@ -0,0 +1 @@\n+host/krb2002.codfw.wmnet@WIKIMEDIA", "parameters": "--- File[/etc/krb5kdc/kpropd.acl].orig\n+++ File[/etc/krb5kdc/kpropd.acl]\n\n-    ensure => absent\n+    mode   => 0444\n+    before => Package[krb5-kpropd]\n"}, {"resource": "Class[Profile::Kerberos::Client]", "parameters": "--- Class[Profile::Kerberos::Client].orig\n+++ Class[Profile::Kerberos::Client]\n\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n@@\n-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers    => ['krb2002.codfw.wmnet']\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.service]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.service].orig\n+++ File[/lib/systemd/system/replicate-krb-database.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/var/log/wmf_auto_restart_rsync]", "parameters": "--- File[/var/log/wmf_auto_restart_rsync].orig\n+++ File[/var/log/wmf_auto_restart_rsync]\n\n@@\n-    ensure => directory\n+    ensure => absent\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_krb5-kpropd].orig\n+++ Logrotate::Conf[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Service[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Service[wmf_auto_restart_rsync].orig\n+++ Systemd::Service[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Service[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Systemd::Service[wmf_auto_restart_krb5-admin-server].orig\n+++ Systemd::Service[wmf_auto_restart_krb5-admin-server]\n\n-    restart                  => False\n-    ensure                   => present\n-    unit_type                => timer\n-    require                  => Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]\n-    monitoring_enabled       => False\n-    service_params           => {}\n-    monitoring_contact_group => admins\n-    migration_task           => T407130\n-    override                 => False\n-    monitoring_critical      => False\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_krb5-admin-server].orig\n+++ Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]\n\n-    mode     => 0444\n-    priority => 40\n-    require  => File[/var/log/wmf_auto_restart_krb5-admin-server]\n-    ensure   => present\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]\n\n-    refreshonly => True\n-    command     => /bin/systemctl daemon-reload\n"}, {"resource": "Systemd::Timer[replicate-krb-database]", "parameters": "--- Systemd::Timer[replicate-krb-database].orig\n+++ Systemd::Timer[replicate-krb-database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_rsync].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]\n\n+    before => ['Service[wmf_auto_restart_krb5-kpropd.timer]']\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_rsync]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_rsync].orig\n+++ Logrotate::Conf[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_rsync.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_rsync.service].orig\n+++ Systemd::Unit[wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Service[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Service[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Service[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]", "parameters": "--- File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft].orig\n+++ File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/var/log/wmf_auto_restart_krb5-admin-server]", "parameters": "--- File[/var/log/wmf_auto_restart_krb5-admin-server].orig\n+++ File[/var/log/wmf_auto_restart_krb5-admin-server]\n\n-    backup => False\n-    owner  => root\n-    ensure => directory\n-    force  => True\n-    mode   => 0755\n-    group  => root\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}], "perc_changed": "3.75%"}, "core": {"total": 3201, "only_in_self": ["Concat_fragment[/etc/rsyncd.conf-srv-keytabs]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]", "File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]", "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]", "File[/var/log/wmf_auto_restart_krb5-admin-server]", "File_line[auto_restart_file_presence_krb5-admin-server]", "Service[krb5-admin-server]", "Service[wmf_auto_restart_krb5-admin-server.timer]"], "only_in_other": ["File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]"], "resource_diffs": [{"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Service[krb5-kpropd]", "parameters": "--- Service[krb5-kpropd].orig\n+++ Service[krb5-kpropd]\n\n+    require => Package[krb5-kpropd]\n@@\n-    ensure  => stopped\n+    ensure  => running\n"}, {"resource": "Package[krb5-kpropd]", "parameters": "--- Package[krb5-kpropd].orig\n+++ Package[krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/var/log/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/var/log/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/var/log/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => directory\n"}, {"resource": "File[/srv/kerberos/rsync_secrets_file]", "parameters": "--- File[/srv/kerberos/rsync_secrets_file].orig\n+++ File[/srv/kerberos/rsync_secrets_file]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Service[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Service[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Service[wmf_auto_restart_krb5-kpropd.timer]\n\n-    before => ['Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]']\n@@\n-    enable => False\n+    enable => True\n@@\n-    ensure => stopped\n+    ensure => running\n"}, {"resource": "Service[wmf_auto_restart_rsync.timer]", "parameters": "--- Service[wmf_auto_restart_rsync.timer].orig\n+++ Service[wmf_auto_restart_rsync.timer]\n\n+    before => ['Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]']\n@@\n-    enable => True\n+    enable => False\n@@\n-    ensure => running\n+    ensure => stopped\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_rsync]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_rsync].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/usr/local/sbin/replicate_krb_database]", "content": "--- /usr/local/sbin/replicate_krb_database.orig\n+++ /usr/local/sbin/replicate_krb_database\n@@ -8,5 +8,4 @@\n \n KRB_DATABASE_FILE=/srv/backup/kdc_database_krepl_$(date +%Y%m%d%H%M%S)\n /usr/sbin/kdb5_util dump $KRB_DATABASE_FILE\n-/usr/sbin/kprop -d -f $KRB_DATABASE_FILE krb2002.codfw.wmnet\n rm -f $KRB_DATABASE_FILE", "parameters": "--- File[/usr/local/sbin/replicate_krb_database].orig\n+++ File[/usr/local/sbin/replicate_krb_database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/update-motd.d/01-inactive-warning]", "content": "--- /etc/update-motd.d/01-inactive-warning.orig\n+++ /etc/update-motd.d/01-inactive-warning\n@@ -18,6 +18,6 @@\n \n command since credentials are kept in sync via kprod replication.\n \n-The current active kadmin host is krb1002.eqiad.wmnet\n+The current active kadmin host is krb2002.codfw.wmnet\n \n MOTD", "parameters": "--- File[/etc/update-motd.d/01-inactive-warning].orig\n+++ File[/etc/update-motd.d/01-inactive-warning]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]\n\n-    before => ['Service[wmf_auto_restart_rsync.timer]']\n"}, {"resource": "Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]", "parameters": "--- Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)].orig\n+++ Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]\n\n-    before => ['Service[replicate-krb-database.timer]']\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/krb5.conf]", "content": "--- /etc/krb5.conf.orig\n+++ /etc/krb5.conf\n@@ -12,9 +12,8 @@\n \n [realms]\n         WIKIMEDIA = {\n-                kdc = krb1002.eqiad.wmnet\n                 kdc = krb2002.codfw.wmnet\n-                admin_server = krb1002.eqiad.wmnet\n+                admin_server = krb2002.codfw.wmnet\n         }\n \n [domain_realm]"}, {"resource": "File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]", "parameters": "--- File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg].orig\n+++ File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File_line[auto_restart_file_presence_krb5-kpropd]", "parameters": "--- File_line[auto_restart_file_presence_krb5-kpropd].orig\n+++ File_line[auto_restart_file_presence_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.timer]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.timer].orig\n+++ File[/lib/systemd/system/replicate-krb-database.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/krb5kdc/kpropd.acl]", "content": "--- /etc/krb5kdc/kpropd.acl.orig\n+++ /etc/krb5kdc/kpropd.acl\n@@ -0,0 +1 @@\n+host/krb2002.codfw.wmnet@WIKIMEDIA", "parameters": "--- File[/etc/krb5kdc/kpropd.acl].orig\n+++ File[/etc/krb5kdc/kpropd.acl]\n\n-    ensure => absent\n+    mode   => 0444\n+    before => Package[krb5-kpropd]\n"}, {"resource": "Service[replicate-krb-database.timer]", "parameters": "--- Service[replicate-krb-database.timer].orig\n+++ Service[replicate-krb-database.timer]\n\n+    before => ['Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]']\n@@\n-    enable => True\n+    enable => False\n@@\n-    ensure => running\n+    ensure => stopped\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.service]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.service].orig\n+++ File[/lib/systemd/system/replicate-krb-database.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/var/log/wmf_auto_restart_rsync]", "parameters": "--- File[/var/log/wmf_auto_restart_rsync].orig\n+++ File[/var/log/wmf_auto_restart_rsync]\n\n@@\n-    ensure => directory\n+    ensure => absent\n"}, {"resource": "File_line[auto_restart_file_presence_rsync]", "parameters": "--- File_line[auto_restart_file_presence_rsync].orig\n+++ File_line[auto_restart_file_presence_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Exec[debconf-set-selections set string krb5-config/kerberos_servers]", "parameters": "--- Exec[debconf-set-selections set string krb5-config/kerberos_servers].orig\n+++ Exec[debconf-set-selections set string krb5-config/kerberos_servers]\n\n@@\n-    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb1002.eqiad.wmnet krb2002.codfw.wmnet\"\n+    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb2002.codfw.wmnet\"\n@@\n-    command => echo set krb5-config/kerberos_servers string \"krb1002.eqiad.wmnet krb2002.codfw.wmnet\" | debconf-set-selections\n+    command => echo set krb5-config/kerberos_servers string \"krb2002.codfw.wmnet\" | debconf-set-selections\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]\n\n+    before => ['Service[wmf_auto_restart_krb5-kpropd.timer]']\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]", "parameters": "--- File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft].orig\n+++ File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}], "perc_changed": "1.31%"}, "main": {"total": 3201, "only_in_self": ["Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]", "Concat_fragment[/etc/rsyncd.conf-srv-keytabs]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]", "File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]", "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]", "File[/var/log/wmf_auto_restart_krb5-admin-server]", "File_line[auto_restart_file_presence_krb5-admin-server]", "Logrotate::Conf[wmf_auto_restart_krb5-admin-server]", "Profile::Auto_restarts::Service[krb5-admin-server]", "Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]", "Service[krb5-admin-server]", "Service[wmf_auto_restart_krb5-admin-server.timer]", "Systemd::Service[wmf_auto_restart_krb5-admin-server]", "Systemd::Syslog[wmf_auto_restart_krb5-admin-server]", "Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]", "Systemd::Timer[wmf_auto_restart_krb5-admin-server]", "Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]", "Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]"], "only_in_other": ["Ferm::Service[kerberos_kpropd_tcp]", "File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]", "Firewall::Service[kerberos_kpropd_tcp]", "Nftables::Service[kerberos_kpropd_tcp]"], "resource_diffs": [{"resource": "Systemd::Syslog[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Syslog[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Debconf::Set[krb5-config/kerberos_servers]", "parameters": "--- Debconf::Set[krb5-config/kerberos_servers].orig\n+++ Debconf::Set[krb5-config/kerberos_servers]\n\n@@\n-    value => krb1002.eqiad.wmnet krb2002.codfw.wmnet\n+    value => krb2002.codfw.wmnet\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_rsync]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_rsync].orig\n+++ Rsyslog::Conf[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Timer[wmf_auto_restart_rsync].orig\n+++ Systemd::Timer[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Nrpe::Monitor_service[check_replicate-krb-database_status]", "parameters": "--- Nrpe::Monitor_service[check_replicate-krb-database_status].orig\n+++ Nrpe::Monitor_service[check_replicate-krb-database_status]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Service[krb5-kpropd]", "parameters": "--- Service[krb5-kpropd].orig\n+++ Service[krb5-kpropd]\n\n+    require => Package[krb5-kpropd]\n@@\n-    ensure  => stopped\n+    ensure  => running\n"}, {"resource": "Package[krb5-kpropd]", "parameters": "--- Package[krb5-kpropd].orig\n+++ Package[krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Timer[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Timer[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Profile::Auto_restarts::Service[rsync]", "parameters": "--- Profile::Auto_restarts::Service[rsync].orig\n+++ Profile::Auto_restarts::Service[rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/var/log/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/var/log/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/var/log/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => directory\n"}, {"resource": "File[/srv/kerberos/rsync_secrets_file]", "parameters": "--- File[/srv/kerberos/rsync_secrets_file].orig\n+++ File[/srv/kerberos/rsync_secrets_file]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Profile::Apt]", "parameters": "--- Class[Profile::Apt].orig\n+++ Class[Profile::Apt]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']\n"}, {"resource": "Systemd::Syslog[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_rsync].orig\n+++ Systemd::Syslog[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Monitoring::Exported_nagios_service[krb1002 check_replicate-krb-database_status]", "parameters": "--- Monitoring::Exported_nagios_service[krb1002 check_replicate-krb-database_status].orig\n+++ Monitoring::Exported_nagios_service[krb1002 check_replicate-krb-database_status]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Service[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Service[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Service[wmf_auto_restart_krb5-kpropd.timer]\n\n-    before => ['Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]']\n@@\n-    enable => False\n+    enable => True\n@@\n-    ensure => stopped\n+    ensure => running\n"}, {"resource": "Service[wmf_auto_restart_rsync.timer]", "parameters": "--- Service[wmf_auto_restart_rsync.timer].orig\n+++ Service[wmf_auto_restart_rsync.timer]\n\n+    before => ['Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]']\n@@\n-    enable => True\n+    enable => False\n@@\n-    ensure => running\n+    ensure => stopped\n"}, {"resource": "Systemd::Unit[replicate-krb-database.timer]", "parameters": "--- Systemd::Unit[replicate-krb-database.timer].orig\n+++ Systemd::Unit[replicate-krb-database.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_rsync]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_rsync].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Unit[replicate-krb-database.service]", "parameters": "--- Systemd::Unit[replicate-krb-database.service].orig\n+++ Systemd::Unit[replicate-krb-database.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Profile::Kerberos::Kadminserver]", "parameters": "--- Class[Profile::Kerberos::Kadminserver].orig\n+++ Class[Profile::Kerberos::Kadminserver]\n\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n"}, {"resource": "Class[Profile::Kerberos::Replication]", "parameters": "--- Class[Profile::Kerberos::Replication].orig\n+++ Class[Profile::Kerberos::Replication]\n\n@@\n-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers    => ['krb2002.codfw.wmnet']\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n"}, {"resource": "File[/usr/local/sbin/replicate_krb_database]", "content": "--- /usr/local/sbin/replicate_krb_database.orig\n+++ /usr/local/sbin/replicate_krb_database\n@@ -8,5 +8,4 @@\n \n KRB_DATABASE_FILE=/srv/backup/kdc_database_krepl_$(date +%Y%m%d%H%M%S)\n /usr/sbin/kdb5_util dump $KRB_DATABASE_FILE\n-/usr/sbin/kprop -d -f $KRB_DATABASE_FILE krb2002.codfw.wmnet\n rm -f $KRB_DATABASE_FILE", "parameters": "--- File[/usr/local/sbin/replicate_krb_database].orig\n+++ File[/usr/local/sbin/replicate_krb_database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Monitor[replicate-krb-database]", "parameters": "--- Systemd::Monitor[replicate-krb-database].orig\n+++ Systemd::Monitor[replicate-krb-database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/update-motd.d/01-inactive-warning]", "content": "--- /etc/update-motd.d/01-inactive-warning.orig\n+++ /etc/update-motd.d/01-inactive-warning\n@@ -18,6 +18,6 @@\n \n command since credentials are kept in sync via kprod replication.\n \n-The current active kadmin host is krb1002.eqiad.wmnet\n+The current active kadmin host is krb2002.codfw.wmnet\n \n MOTD", "parameters": "--- File[/etc/update-motd.d/01-inactive-warning].orig\n+++ File[/etc/update-motd.d/01-inactive-warning]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Ferm::Service[rsyncd_access_srv_keytabs]", "parameters": "--- Ferm::Service[rsyncd_access_srv_keytabs].orig\n+++ Ferm::Service[rsyncd_access_srv_keytabs]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Adduser]", "parameters": "--- Class[Adduser].orig\n+++ Class[Adduser]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_krb5-kpropd].orig\n+++ Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]\n\n-    before => ['Service[wmf_auto_restart_rsync.timer]']\n"}, {"resource": "Systemd::Timer::Job[replicate-krb-database]", "parameters": "--- Systemd::Timer::Job[replicate-krb-database].orig\n+++ Systemd::Timer::Job[replicate-krb-database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]", "parameters": "--- Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)].orig\n+++ Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]\n\n-    before => ['Service[replicate-krb-database.timer]']\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/krb5.conf]", "content": "--- /etc/krb5.conf.orig\n+++ /etc/krb5.conf\n@@ -12,9 +12,8 @@\n \n [realms]\n         WIKIMEDIA = {\n-                kdc = krb1002.eqiad.wmnet\n                 kdc = krb2002.codfw.wmnet\n-                admin_server = krb1002.eqiad.wmnet\n+                admin_server = krb2002.codfw.wmnet\n         }\n \n [domain_realm]"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.service].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]", "parameters": "--- File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg].orig\n+++ File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File_line[auto_restart_file_presence_krb5-kpropd]", "parameters": "--- File_line[auto_restart_file_presence_krb5-kpropd].orig\n+++ File_line[auto_restart_file_presence_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.timer]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.timer].orig\n+++ File[/lib/systemd/system/replicate-krb-database.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_rsync.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_rsync.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Profile::Auto_restarts::Service[krb5-kpropd]", "parameters": "--- Profile::Auto_restarts::Service[krb5-kpropd].orig\n+++ Profile::Auto_restarts::Service[krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Nrpe::Check[check_check_replicate-krb-database_status]", "parameters": "--- Nrpe::Check[check_check_replicate-krb-database_status].orig\n+++ Nrpe::Check[check_check_replicate-krb-database_status]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/krb5kdc/kpropd.acl]", "content": "--- /etc/krb5kdc/kpropd.acl.orig\n+++ /etc/krb5kdc/kpropd.acl\n@@ -0,0 +1 @@\n+host/krb2002.codfw.wmnet@WIKIMEDIA", "parameters": "--- File[/etc/krb5kdc/kpropd.acl].orig\n+++ File[/etc/krb5kdc/kpropd.acl]\n\n-    ensure => absent\n+    mode   => 0444\n+    before => Package[krb5-kpropd]\n"}, {"resource": "Service[replicate-krb-database.timer]", "parameters": "--- Service[replicate-krb-database.timer].orig\n+++ Service[replicate-krb-database.timer]\n\n+    before => ['Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]']\n@@\n-    enable => True\n+    enable => False\n@@\n-    ensure => running\n+    ensure => stopped\n"}, {"resource": "Class[Profile::Kerberos::Client]", "parameters": "--- Class[Profile::Kerberos::Client].orig\n+++ Class[Profile::Kerberos::Client]\n\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n@@\n-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers    => ['krb2002.codfw.wmnet']\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.service]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.service].orig\n+++ File[/lib/systemd/system/replicate-krb-database.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/var/log/wmf_auto_restart_rsync]", "parameters": "--- File[/var/log/wmf_auto_restart_rsync].orig\n+++ File[/var/log/wmf_auto_restart_rsync]\n\n@@\n-    ensure => directory\n+    ensure => absent\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_krb5-kpropd].orig\n+++ Logrotate::Conf[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Service[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Service[wmf_auto_restart_rsync].orig\n+++ Systemd::Service[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File_line[auto_restart_file_presence_rsync]", "parameters": "--- File_line[auto_restart_file_presence_rsync].orig\n+++ File_line[auto_restart_file_presence_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Profile::Kerberos::Kdc]", "parameters": "--- Class[Profile::Kerberos::Kdc].orig\n+++ Class[Profile::Kerberos::Kdc]\n\n@@\n-    krb_kdc_servers => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers => ['krb2002.codfw.wmnet']\n"}, {"resource": "Exec[debconf-set-selections set string krb5-config/kerberos_servers]", "parameters": "--- Exec[debconf-set-selections set string krb5-config/kerberos_servers].orig\n+++ Exec[debconf-set-selections set string krb5-config/kerberos_servers]\n\n@@\n-    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb1002.eqiad.wmnet krb2002.codfw.wmnet\"\n+    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb2002.codfw.wmnet\"\n@@\n-    command => echo set krb5-config/kerberos_servers string \"krb1002.eqiad.wmnet krb2002.codfw.wmnet\" | debconf-set-selections\n+    command => echo set krb5-config/kerberos_servers string \"krb2002.codfw.wmnet\" | debconf-set-selections\n"}, {"resource": "Nftables::Service[rsyncd_access_srv-keytabs]", "parameters": "--- Nftables::Service[rsyncd_access_srv-keytabs].orig\n+++ Nftables::Service[rsyncd_access_srv-keytabs]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer[replicate-krb-database]", "parameters": "--- Systemd::Timer[replicate-krb-database].orig\n+++ Systemd::Timer[replicate-krb-database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_rsync].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Monitoring::Service[check_replicate-krb-database_status]", "parameters": "--- Monitoring::Service[check_replicate-krb-database_status].orig\n+++ Monitoring::Service[check_replicate-krb-database_status]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Firewall::Service[rsyncd_access_srv-keytabs]", "parameters": "--- Firewall::Service[rsyncd_access_srv-keytabs].orig\n+++ Firewall::Service[rsyncd_access_srv-keytabs]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Rsync::Server::Module[srv-keytabs]", "parameters": "--- Rsync::Server::Module[srv-keytabs].orig\n+++ Rsync::Server::Module[srv-keytabs]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]\n\n+    before => ['Service[wmf_auto_restart_krb5-kpropd.timer]']\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Service[replicate-krb-database]", "parameters": "--- Systemd::Service[replicate-krb-database].orig\n+++ Systemd::Service[replicate-krb-database]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_rsync]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_rsync].orig\n+++ Logrotate::Conf[wmf_auto_restart_rsync]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_rsync.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_rsync.service].orig\n+++ Systemd::Unit[wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Service[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Service[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Service[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]", "parameters": "--- File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft].orig\n+++ File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Motd::Script[inactive_warning]", "parameters": "--- Motd::Script[inactive_warning].orig\n+++ Motd::Script[inactive_warning]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}], "perc_changed": "2.97%"}}}