Compilation results for gerrit1003.wikimedia.org: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3484
Resources added:	38
Resources removed:	22
Resources modified:	62
Change percentage:	3.50%

Resources only in the new catalog

Service[rsync-gerrit-data.timer]
File[/usr/local/sbin/sync-gerrit-data]
Systemd::Syslog[rsync-gerrit-home]
File[/lib/systemd/system/rsync-gerrit-home.service]
Systemd::Service[rsync-gerrit-data]
Rsync::Quickdatacopy[gerrit-data]
Rsyslog::Conf[rsync-gerrit-home]
File[/etc/logrotate.d/rsync-gerrit-data]
Systemd::Timer[rsync-gerrit-data]
File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]
Systemd::Unit[rsync-gerrit-data.service]
File[/lib/systemd/system/rsync-gerrit-data.service]
Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]
File[/var/log/rsync-gerrit-home]
Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]
File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]
Systemd::Timer[rsync-gerrit-home]
Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]
File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]
File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]
Systemd::Unit[rsync-gerrit-home.timer]
Systemd::Timer::Job[rsync-gerrit-data]
File[/var/log/rsync-gerrit-data]
Systemd::Timer::Job[rsync-gerrit-home]
Rsync::Quickdatacopy[gerrit-home]
Systemd::Unit[rsync-gerrit-data.timer]
File[/lib/systemd/system/rsync-gerrit-home.timer]
Logrotate::Conf[rsync-gerrit-home]
File[/etc/logrotate.d/rsync-gerrit-home]
Logrotate::Conf[rsync-gerrit-data]
Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]
Systemd::Unit[rsync-gerrit-home.service]
File[/usr/local/sbin/sync-gerrit-home]
Systemd::Service[rsync-gerrit-home]
Systemd::Syslog[rsync-gerrit-data]
Service[rsync-gerrit-home.timer]
File[/lib/systemd/system/rsync-gerrit-data.timer]
Rsyslog::Conf[rsync-gerrit-data]

Resources only in the old catalog

Class[Rsync::Server]
Rsync::Server::Module[gerrit-data]
Rsync::Server::Module[gerrit-home]
Ferm::Service[rsyncd_access_gerrit_home]
Firewall::Service[rsyncd_access_gerrit-data]
File[/etc/rsync.d]
Concat::Fragment[/etc/rsyncd.conf-gerrit-home]
Concat_fragment[/etc/rsyncd.conf-header]
Nftables::Service[rsyncd_access_gerrit-home]
Concat::Fragment[/etc/rsyncd.conf-header]
Concat_fragment[/etc/rsyncd.conf-gerrit-home]
Nftables::Service[rsyncd_access_gerrit-data]
Ferm::Service[rsyncd_access_gerrit_data]
File[/etc/default/rsync]
Concat_file[/etc/rsyncd.conf]
Concat::Fragment[/etc/rsyncd.conf-gerrit-data]
File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]
Concat[/etc/rsyncd.conf]
Concat_fragment[/etc/rsyncd.conf-gerrit-data]
File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]
Firewall::Service[rsyncd_access_gerrit-home]
Service[rsync]

Resources modified

Concat_file[/etc/rsyncd.conf]

Parameters differences:

--- Concat_file[/etc/rsyncd.conf].orig
+++ Concat_file[/etc/rsyncd.conf]

-    replace        => True
-    order          => alpha
-    force          => False
-    show_diff      => True
-    mode           => 0444
-    owner          => root
-    tag            => _etc_rsyncd.conf
-    format         => plain
-    ensure_newline => False
-    backup         => puppet
-    group          => root

File[/usr/local/sbin/sync-gerrit-home]

Parameters differences:

--- File[/usr/local/sbin/sync-gerrit-home].orig
+++ File[/usr/local/sbin/sync-gerrit-home]

+    ensure => present
+    group  => root
+    mode   => 0755
+    owner  => root

Content differences:

--- /usr/local/sbin/sync-gerrit-home.orig
+++ /usr/local/sbin/sync-gerrit-home
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/rsync --rsh /usr/local/sbin/sync-gerrit-home-ssl-wrapper -a  --chown=gerrit:gerrit  rsync://gerrit2003.wikimedia.org/gerrit-home /srv/home-gerrit2003.wikimedia.org/

Class[Adduser]

Parameters differences:

--- Class[Adduser].orig
+++ Class[Adduser]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-fd]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[openjdk-17-dbg]', 'Package[python3-virtualenv]', 'Package[virtualenv]', 'Package[python3-pip]', 'Package[apache2]', 'Package[links]', 'Package[rsync]', 'Package[envoyproxy]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[openjdk-17-jdk]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[gerrit/gerrit]', 'Package[gervert/deploy]', 'Package[stunnel4]', 'Package[mtail]', 'Package[prometheus-apache-exporter]']
+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-fd]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[openjdk-17-dbg]', 'Package[python3-virtualenv]', 'Package[virtualenv]', 'Package[python3-pip]', 'Package[apache2]', 'Package[links]', 'Package[envoyproxy]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[openjdk-17-jdk]', 'Package[git-lfs]', 'Package[rsync]', 'Package[python3-venv]', 'Package[gerrit/gerrit]', 'Package[gervert/deploy]', 'Package[stunnel4]', 'Package[mtail]', 'Package[prometheus-apache-exporter]']

File[/usr/local/sbin/sync-gerrit-data]

Parameters differences:

--- File[/usr/local/sbin/sync-gerrit-data].orig
+++ File[/usr/local/sbin/sync-gerrit-data]

+    ensure => present
+    group  => root
+    mode   => 0755
+    owner  => root

Content differences:

--- /usr/local/sbin/sync-gerrit-data.orig
+++ /usr/local/sbin/sync-gerrit-data
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/rsync --rsh /usr/local/sbin/sync-gerrit-data-ssl-wrapper -a  --chown=gerrit:gerrit  rsync://gerrit2003.wikimedia.org/gerrit-data /srv/gerrit/

Concat[/etc/rsyncd.conf]

Parameters differences:

--- Concat[/etc/rsyncd.conf].orig
+++ Concat[/etc/rsyncd.conf]

-    ensure         => present
-    replace        => True
-    order          => alpha
-    path           => /etc/rsyncd.conf
-    force          => False
-    show_diff      => True
-    mode           => 0444
-    owner          => root
-    format         => plain
-    warn           => False
-    ensure_newline => False
-    backup         => puppet
-    group          => root

Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)].orig
+++ Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True
+    before      => ['Service[rsync-gerrit-home.timer]']

Systemd::Syslog[rsync-gerrit-data]

Parameters differences:

--- Systemd::Syslog[rsync-gerrit-data].orig
+++ Systemd::Syslog[rsync-gerrit-data]

+    ensure                 => present
+    programname_comparison => startswith
+    log_filename           => syslog.log
+    base_dir               => /var/log
+    force_stop             => True
+    owner                  => root
+    readable_by            => all
+    group                  => root

Class[Rsync::Server]

Parameters differences:

--- Class[Rsync::Server].orig
+++ Class[Rsync::Server]

-    rsyncd_conf    => {}
-    rsync_opts     => []
-    use_chroot     => yes
-    timeout        => 300
-    ensure_service => running
-    address        => 0.0.0.0

Ferm::Service[rsyncd_access_gerrit_data]

Parameters differences:

--- Ferm::Service[rsyncd_access_gerrit_data].orig
+++ Ferm::Service[rsyncd_access_gerrit_data]

-    ensure              => present
-    srange              => ['gerrit2003.wikimedia.org']
-    proto               => tcp
-    unrestricted_access => False
-    prio                => 10
-    notrack             => False
-    desc                => 
-    port                => [873, 1873]

Systemd::Syslog[rsync-gerrit-home]

Parameters differences:

--- Systemd::Syslog[rsync-gerrit-home].orig
+++ Systemd::Syslog[rsync-gerrit-home]

+    ensure                 => present
+    programname_comparison => startswith
+    log_filename           => syslog.log
+    base_dir               => /var/log
+    force_stop             => True
+    owner                  => root
+    readable_by            => all
+    group                  => root

Service[rsync-gerrit-data.timer]

Parameters differences:

--- Service[rsync-gerrit-data.timer].orig
+++ Service[rsync-gerrit-data.timer]

+    ensure   => running
+    provider => systemd
+    enable   => True

Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)].orig
+++ Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True
+    before      => ['Service[rsync-gerrit-data.timer]']

Rsync::Quickdatacopy[gerrit-home]

Parameters differences:

--- Rsync::Quickdatacopy[gerrit-home].orig
+++ Rsync::Quickdatacopy[gerrit-home]

+    ensure                     => present
+    dest_host                  => gerrit1003.wikimedia.org
+    auto_sync                  => True
+    auto_interval              => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    progress                   => False
+    source_host                => gerrit2003.wikimedia.org
+    chown                      => gerrit:gerrit
+    module_path                => /srv/home-gerrit2003.wikimedia.org
+    delete                     => False
+    ignore_missing_file_errors => True
+    server_uses_stunnel        => True

Ferm::Service[rsyncd_access_gerrit_home]

Parameters differences:

--- Ferm::Service[rsyncd_access_gerrit_home].orig
+++ Ferm::Service[rsyncd_access_gerrit_home]

-    ensure              => present
-    srange              => ['gerrit2003.wikimedia.org']
-    proto               => tcp
-    unrestricted_access => False
-    prio                => 10
-    notrack             => False
-    desc                => 
-    port                => [873, 1873]

Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)].orig
+++ Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True

Rsyslog::Conf[rsync-gerrit-home]

Parameters differences:

--- Rsyslog::Conf[rsync-gerrit-home].orig
+++ Rsyslog::Conf[rsync-gerrit-home]

+    ensure   => present
+    priority => 40
+    mode     => 0444
+    require  => File[/var/log/rsync-gerrit-home]

Systemd::Unit[rsync-gerrit-home.service]

Parameters differences:

--- Systemd::Unit[rsync-gerrit-home.service].orig
+++ Systemd::Unit[rsync-gerrit-home.service]

+    ensure            => present
+    override_filename => puppet-override.conf
+    unit              => rsync-gerrit-home.service
+    require           => ['Class[Systemd]']
+    override          => False
+    restart           => False

Systemd::Unit[rsync-gerrit-data.timer]

Parameters differences:

--- Systemd::Unit[rsync-gerrit-data.timer].orig
+++ Systemd::Unit[rsync-gerrit-data.timer]

+    ensure            => present
+    override_filename => puppet-override.conf
+    unit              => rsync-gerrit-data.timer
+    require           => ['Class[Systemd]']
+    override          => False
+    restart           => False

File[/lib/systemd/system/rsync-gerrit-home.timer]

Parameters differences:

--- File[/lib/systemd/system/rsync-gerrit-home.timer].orig
+++ File[/lib/systemd/system/rsync-gerrit-home.timer]

+    ensure => present
+    mode   => 0444
+    notify => Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]
+    group  => root
+    owner  => root

Content differences:

--- /lib/systemd/system/rsync-gerrit-home.timer.orig
+++ /lib/systemd/system/rsync-gerrit-home.timer
@@ -0,0 +1,12 @@
+[Unit]
+Description=Periodic execution of rsync-gerrit-home.service
+
+[Timer]
+Unit=rsync-gerrit-home.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnCalendar=*-*-* *:00/10:00
+RandomizedDelaySec=0
+
+[Install]
+WantedBy=multi-user.target

Logrotate::Conf[rsync-gerrit-data]

Parameters differences:

--- Logrotate::Conf[rsync-gerrit-data].orig
+++ Logrotate::Conf[rsync-gerrit-data]

+    ensure => present

File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]

Parameters differences:

--- File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper].orig
+++ File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]

+    ensure => present
+    group  => root
+    mode   => 0755
+    owner  => root

Content differences:

--- /usr/local/sbin/sync-gerrit-home-ssl-wrapper.orig
+++ /usr/local/sbin/sync-gerrit-home-ssl-wrapper
@@ -0,0 +1,29 @@
+#!/bin/sh
+# This file is managed by Puppet
+#
+# This script is expected to be used as the --rsh argument to rsync.
+# It will wrap rsync's communication in stunnel, and validate the
+# server's cert vs the Puppet CA.
+
+set -eu
+
+cleanup() {
+    [ -f "$CONFIG" ] && rm -f "$CONFIG"
+}
+trap cleanup EXIT
+
+CONFIG=$(mktemp -t sync-ssl-wrapper.stunnel.conf.XXXXXXXX)
+
+RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-1873}
+
+cat > "$CONFIG" <<EOF
+foreground  = yes
+client      = yes
+connect     = $1:$RSYNC_SSL_PORT
+CAfile      = /var/lib/puppet/ssl/certs/ca.pem
+cert        = /var/lib/puppet/ssl/certs/gerrit1003.wikimedia.org.pem
+key         = /var/lib/puppet/ssl/private_keys/gerrit1003.wikimedia.org.pem
+verifyChain = yes
+EOF
+
+/usr/bin/stunnel4 "$CONFIG"

File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]

-    ensure => present
-    tag    => nft
-    notify => ['Service[nftables]']
-    owner  => root
-    group  => root
-    mode   => 0444

Content differences:

--- /etc/nftables/input/10_rsyncd_access_gerrit-home.nft.orig
+++ /etc/nftables/input/10_rsyncd_access_gerrit-home.nft
@@ -1,4 +0,0 @@
-# Managed by puppet
-# 
-ip saddr { 208.80.153.116 } tcp dport { 873, 1873 } accept
-ip6 saddr { 2620:0:860:4:208:80:153:116 } tcp dport { 873, 1873 } accept

File[/etc/logrotate.d/rsync-gerrit-data]

Parameters differences:

--- File[/etc/logrotate.d/rsync-gerrit-data].orig
+++ File[/etc/logrotate.d/rsync-gerrit-data]

+    ensure => present
+    group  => root
+    mode   => 0444
+    owner  => root

Content differences:

--- /etc/logrotate.d/rsync-gerrit-data.orig
+++ /etc/logrotate.d/rsync-gerrit-data
@@ -0,0 +1,12 @@
+# logrotate(8) config for rsync-gerrit-data
+
+/var/log/rsync-gerrit-data/*.log {
+    daily
+    copytruncate
+    missingok
+    compress
+    delaycompress
+    notifempty
+    rotate 15
+    size 256M
+}

Nftables::Service[rsyncd_access_gerrit-home]

Parameters differences:

--- Nftables::Service[rsyncd_access_gerrit-home].orig
+++ Nftables::Service[rsyncd_access_gerrit-home]

-    ensure              => present
-    proto               => tcp
-    unrestricted_access => False
-    prio                => 10
-    notrack             => False
-    desc                => 
-    src_ips             => ['208.80.153.116', '2620:0:860:4:208:80:153:116']
-    port                => [873, 1873]

Rsync::Server::Module[gerrit-data]

Parameters differences:

--- Rsync::Server::Module[gerrit-data].orig
+++ Rsync::Server::Module[gerrit-data]

-    ensure          => present
-    gid             => 0
-    read_only       => no
-    auto_firewall   => True
-    lock_file       => /var/run/rsyncd.lock
-    uid             => 0
-    path            => /srv/gerrit
-    hosts_allow     => ['gerrit2003.wikimedia.org']
-    list            => yes
-    max_connections => 0
-    chroot          => True
-    qos_low         => False
-    write_only      => no

Firewall::Service[rsyncd_access_gerrit-data]

Parameters differences:

--- Firewall::Service[rsyncd_access_gerrit-data].orig
+++ Firewall::Service[rsyncd_access_gerrit-data]

-    ensure              => present
-    srange              => ['gerrit2003.wikimedia.org']
-    proto               => tcp
-    unrestricted_access => False
-    prio                => 10
-    notrack             => False
-    desc                => 
-    port                => [873, 1873]

File[/lib/systemd/system/rsync-gerrit-data.service]

Parameters differences:

--- File[/lib/systemd/system/rsync-gerrit-data.service].orig
+++ File[/lib/systemd/system/rsync-gerrit-data.service]

+    ensure => present
+    mode   => 0444
+    notify => Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]
+    group  => root
+    owner  => root

Content differences:

--- /lib/systemd/system/rsync-gerrit-data.service.orig
+++ /lib/systemd/system/rsync-gerrit-data.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Transfer data periodically between hosts
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/local/sbin/sync-gerrit-data
+SuccessExitStatus=24

Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)].orig
+++ Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True

Class[Profile::Apt]

Parameters differences:

--- Class[Profile::Apt].orig
+++ Class[Profile::Apt]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-fd]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[openjdk-17-dbg]', 'Package[python3-virtualenv]', 'Package[virtualenv]', 'Package[python3-pip]', 'Package[apache2]', 'Package[links]', 'Package[rsync]', 'Package[envoyproxy]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[openjdk-17-jdk]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[stunnel4]', 'Package[mtail]', 'Package[prometheus-apache-exporter]']
+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-fd]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[openjdk-17-dbg]', 'Package[python3-virtualenv]', 'Package[virtualenv]', 'Package[python3-pip]', 'Package[apache2]', 'Package[links]', 'Package[envoyproxy]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[openjdk-17-jdk]', 'Package[git-lfs]', 'Package[rsync]', 'Package[python3-venv]', 'Package[stunnel4]', 'Package[mtail]', 'Package[prometheus-apache-exporter]']

File[/etc/logrotate.d/rsync-gerrit-home]

Parameters differences:

--- File[/etc/logrotate.d/rsync-gerrit-home].orig
+++ File[/etc/logrotate.d/rsync-gerrit-home]

+    ensure => present
+    group  => root
+    mode   => 0444
+    owner  => root

Content differences:

--- /etc/logrotate.d/rsync-gerrit-home.orig
+++ /etc/logrotate.d/rsync-gerrit-home
@@ -0,0 +1,12 @@
+# logrotate(8) config for rsync-gerrit-home
+
+/var/log/rsync-gerrit-home/*.log {
+    daily
+    copytruncate
+    missingok
+    compress
+    delaycompress
+    notifempty
+    rotate 15
+    size 256M
+}

Concat_fragment[/etc/rsyncd.conf-gerrit-home]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-gerrit-home].orig
+++ Concat_fragment[/etc/rsyncd.conf-gerrit-home]

-    target => /etc/rsyncd.conf
-    tag    => _etc_rsyncd.conf
-    order  => 10

Content differences:

--- /etc/rsyncd.conf-gerrit-home.orig
+++ /etc/rsyncd.conf-gerrit-home
@@ -1,20 +0,0 @@
-# This file is being maintained by Puppet.
-# DO NOT EDIT
-
-[ gerrit-home ]
-path            = /srv/home-gerrit2003.wikimedia.org
-read only       = no
-write only      = no
-list            = yes
-uid             = 0
-gid             = 0
-use chroot      = yes
-
-
-max connections = 0
-
-
-
-
-hosts allow = gerrit2003.wikimedia.org localhost
-

File[/var/log/rsync-gerrit-data]

Parameters differences:

--- File[/var/log/rsync-gerrit-data].orig
+++ File[/var/log/rsync-gerrit-data]

+    ensure => directory
+    group  => root
+    owner  => root
+    force  => True
+    backup => False
+    mode   => 0755

Concat_fragment[/etc/rsyncd.conf-header]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-header].orig
+++ Concat_fragment[/etc/rsyncd.conf-header]

-    target => /etc/rsyncd.conf
-    tag    => _etc_rsyncd.conf
-    order  => 01

Content differences:

--- /etc/rsyncd.conf-header.orig
+++ /etc/rsyncd.conf-header
@@ -1,11 +0,0 @@
-# This file is being maintained by Puppet.
-# DO NOT EDIT
-
-uid = nobody
-gid = nogroup
-use chroot = yes
-
-log format = %t %a %m %f %b
-syslog facility = local3
-timeout = 300
-address = 0.0.0.0

Nftables::Service[rsyncd_access_gerrit-data]

Parameters differences:

--- Nftables::Service[rsyncd_access_gerrit-data].orig
+++ Nftables::Service[rsyncd_access_gerrit-data]

-    ensure              => present
-    proto               => tcp
-    unrestricted_access => False
-    prio                => 10
-    notrack             => False
-    desc                => 
-    src_ips             => ['208.80.153.116', '2620:0:860:4:208:80:153:116']
-    port                => [873, 1873]

Rsync::Quickdatacopy[gerrit-data]

Parameters differences:

--- Rsync::Quickdatacopy[gerrit-data].orig
+++ Rsync::Quickdatacopy[gerrit-data]

+    ensure                     => present
+    dest_host                  => gerrit1003.wikimedia.org
+    auto_sync                  => True
+    auto_interval              => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    progress                   => False
+    source_host                => gerrit2003.wikimedia.org
+    chown                      => gerrit:gerrit
+    module_path                => /srv/gerrit
+    delete                     => False
+    ignore_missing_file_errors => True
+    server_uses_stunnel        => True

Systemd::Unit[rsync-gerrit-data.service]

Parameters differences:

--- Systemd::Unit[rsync-gerrit-data.service].orig
+++ Systemd::Unit[rsync-gerrit-data.service]

+    ensure            => present
+    override_filename => puppet-override.conf
+    unit              => rsync-gerrit-data.service
+    require           => ['Class[Systemd]']
+    override          => False
+    restart           => False

Systemd::Timer[rsync-gerrit-home]

Parameters differences:

--- Systemd::Timer[rsync-gerrit-home].orig
+++ Systemd::Timer[rsync-gerrit-home]

+    ensure             => present
+    accuracy           => 15sec
+    fixed_random_delay => False
+    unit_name          => rsync-gerrit-home.service
+    timer_intervals    => [{'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}]
+    splay              => 0

File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]

Parameters differences:

--- File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper].orig
+++ File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]

+    ensure => present
+    group  => root
+    mode   => 0755
+    owner  => root

Content differences:

--- /usr/local/sbin/sync-gerrit-data-ssl-wrapper.orig
+++ /usr/local/sbin/sync-gerrit-data-ssl-wrapper
@@ -0,0 +1,29 @@
+#!/bin/sh
+# This file is managed by Puppet
+#
+# This script is expected to be used as the --rsh argument to rsync.
+# It will wrap rsync's communication in stunnel, and validate the
+# server's cert vs the Puppet CA.
+
+set -eu
+
+cleanup() {
+    [ -f "$CONFIG" ] && rm -f "$CONFIG"
+}
+trap cleanup EXIT
+
+CONFIG=$(mktemp -t sync-ssl-wrapper.stunnel.conf.XXXXXXXX)
+
+RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-1873}
+
+cat > "$CONFIG" <<EOF
+foreground  = yes
+client      = yes
+connect     = $1:$RSYNC_SSL_PORT
+CAfile      = /var/lib/puppet/ssl/certs/ca.pem
+cert        = /var/lib/puppet/ssl/certs/gerrit1003.wikimedia.org.pem
+key         = /var/lib/puppet/ssl/private_keys/gerrit1003.wikimedia.org.pem
+verifyChain = yes
+EOF
+
+/usr/bin/stunnel4 "$CONFIG"

Service[rsync-gerrit-home.timer]

Parameters differences:

--- Service[rsync-gerrit-home.timer].orig
+++ Service[rsync-gerrit-home.timer]

+    ensure   => running
+    provider => systemd
+    enable   => True

File[/lib/systemd/system/rsync-gerrit-data.timer]

Parameters differences:

--- File[/lib/systemd/system/rsync-gerrit-data.timer].orig
+++ File[/lib/systemd/system/rsync-gerrit-data.timer]

+    ensure => present
+    mode   => 0444
+    notify => Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]
+    group  => root
+    owner  => root

Content differences:

--- /lib/systemd/system/rsync-gerrit-data.timer.orig
+++ /lib/systemd/system/rsync-gerrit-data.timer
@@ -0,0 +1,12 @@
+[Unit]
+Description=Periodic execution of rsync-gerrit-data.service
+
+[Timer]
+Unit=rsync-gerrit-data.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnCalendar=*-*-* *:00/10:00
+RandomizedDelaySec=0
+
+[Install]
+WantedBy=multi-user.target

Rsyslog::Conf[rsync-gerrit-data]

Parameters differences:

--- Rsyslog::Conf[rsync-gerrit-data].orig
+++ Rsyslog::Conf[rsync-gerrit-data]

+    ensure   => present
+    priority => 40
+    mode     => 0444
+    require  => File[/var/log/rsync-gerrit-data]

Systemd::Unit[rsync-gerrit-home.timer]

Parameters differences:

--- Systemd::Unit[rsync-gerrit-home.timer].orig
+++ Systemd::Unit[rsync-gerrit-home.timer]

+    ensure            => present
+    override_filename => puppet-override.conf
+    unit              => rsync-gerrit-home.timer
+    require           => ['Class[Systemd]']
+    override          => False
+    restart           => False

Service[rsync]

Parameters differences:

--- Service[rsync].orig
+++ Service[rsync]

-    ensure    => running
-    subscribe => ['Concat[/etc/rsyncd.conf]', 'File[/etc/default/rsync]']
-    enable    => True
-    require   => Package[rsync]

Systemd::Timer[rsync-gerrit-data]

Parameters differences:

--- Systemd::Timer[rsync-gerrit-data].orig
+++ Systemd::Timer[rsync-gerrit-data]

+    ensure             => present
+    accuracy           => 15sec
+    fixed_random_delay => False
+    unit_name          => rsync-gerrit-data.service
+    timer_intervals    => [{'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}]
+    splay              => 0

Firewall::Service[rsyncd_access_gerrit-home]

Parameters differences:

--- Firewall::Service[rsyncd_access_gerrit-home].orig
+++ Firewall::Service[rsyncd_access_gerrit-home]

-    ensure              => present
-    srange              => ['gerrit2003.wikimedia.org']
-    proto               => tcp
-    unrestricted_access => False
-    prio                => 10
-    notrack             => False
-    desc                => 
-    port                => [873, 1873]

Concat::Fragment[/etc/rsyncd.conf-gerrit-home]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-gerrit-home].orig
+++ Concat::Fragment[/etc/rsyncd.conf-gerrit-home]

-    target => /etc/rsyncd.conf
-    order  => 10

Concat::Fragment[/etc/rsyncd.conf-header]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-header].orig
+++ Concat::Fragment[/etc/rsyncd.conf-header]

-    target => /etc/rsyncd.conf
-    order  => 01

File[/lib/systemd/system/rsync-gerrit-home.service]

Parameters differences:

--- File[/lib/systemd/system/rsync-gerrit-home.service].orig
+++ File[/lib/systemd/system/rsync-gerrit-home.service]

+    ensure => present
+    mode   => 0444
+    notify => Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]
+    group  => root
+    owner  => root

Content differences:

--- /lib/systemd/system/rsync-gerrit-home.service.orig
+++ /lib/systemd/system/rsync-gerrit-home.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Transfer data periodically between hosts
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/local/sbin/sync-gerrit-home
+SuccessExitStatus=24

File[/etc/default/rsync]

Parameters differences:

--- File[/etc/default/rsync].orig
+++ File[/etc/default/rsync]

-    ensure => present
-    owner  => root
-    group  => root
-    mode   => 0444

Content differences:

--- /etc/default/rsync.orig
+++ /etc/default/rsync
@@ -1,46 +0,0 @@
-#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///rsync/rsync.default.erb
-#####################################################################
-
-# defaults file for rsync daemon mode
-
-# start rsync in daemon mode from init.d script?
-#  only allowed values are "true", "false", and "inetd"
-#  Use "inetd" if you want to start the rsyncd from inetd,
-#  all this does is prevent the init.d script from printing a message
-#  about not starting rsyncd (you still need to modify inetd's config yourself).
-RSYNC_ENABLE=true
-
-# which file should be used as the configuration file for rsync.
-# This file is used instead of the default /etc/rsyncd.conf
-# Warning: This option has no effect if the daemon is accessed
-#          using a remote shell. When using a different file for
-#          rsync you might want to symlink /etc/rsyncd.conf to
-#          that file.
-RSYNC_CONFIG_FILE=/etc/rsyncd.conf
-
-# what extra options to give rsync --daemon?
-#  that excludes the --daemon; that's always done in the init.d script
-#  Possibilities are:
-#   --address=123.45.67.89		(bind to a specific IP address)
-#   --port=8730				(bind to specified port; default 873)
-RSYNC_OPTS=''
-
-# run rsyncd at a nice level?
-#  the rsync daemon can impact performance due to much I/O and CPU usage,
-#  so you may want to run it at a nicer priority than the default priority.
-#  Allowed values are 0 - 19 inclusive; 10 is a reasonable value.
-RSYNC_NICE=''
-
-# run rsyncd with ionice?
-#  "ionice" does for IO load what "nice" does for CPU load.
-#  As rsync is often used for backups which aren't all that time-critical,
-#  reducing the rsync IO priority will benefit the rest of the system.
-#  See the manpage for ionice for allowed options.
-#  -c3 is recommended, this will run rsync IO at "idle" priority. Uncomment
-#  the next line to activate this.
-# RSYNC_IONICE='-c3'
-
-# Don't forget to create an appropriate config file,
-# else the daemon will not start.

Systemd::Service[rsync-gerrit-home]

Parameters differences:

--- Systemd::Service[rsync-gerrit-home].orig
+++ Systemd::Service[rsync-gerrit-home]

+    ensure                   => present
+    service_params           => {}
+    monitoring_critical      => False
+    require                  => Systemd::Unit[rsync-gerrit-home.service]
+    unit_type                => timer
+    override                 => False
+    monitoring_contact_group => admins
+    migration_task           => T407130
+    monitoring_enabled       => False
+    restart                  => False

File[/etc/rsync.d]

Parameters differences:

--- File[/etc/rsync.d].orig
+++ File[/etc/rsync.d]

-    ensure  => absent
-    force   => True
-    recurse => True
-    purge   => True
-    group   => root
-    owner   => root

File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-rsync-gerrit-home.conf].orig
+++ File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]

+    ensure => present
+    notify => Service[rsyslog]
+    owner  => root
+    group  => root
+    mode   => 0444

Content differences:

--- /etc/rsyslog.d/40-rsync-gerrit-home.conf.orig
+++ /etc/rsyslog.d/40-rsync-gerrit-home.conf
@@ -0,0 +1,10 @@
+# rsyslog.conf(5) configuration file for services.
+# This file is managed by Puppet.
+if $programname startswith "rsync-gerrit-home" then {
+    action(
+        type="omfile" file="/var/log/rsync-gerrit-home/syslog.log"
+        fileOwner="root" fileGroup="root"
+        fileCreateMode="0644"
+    )
+    & stop
+}

Concat_fragment[/etc/rsyncd.conf-gerrit-data]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-gerrit-data].orig
+++ Concat_fragment[/etc/rsyncd.conf-gerrit-data]

-    target => /etc/rsyncd.conf
-    tag    => _etc_rsyncd.conf
-    order  => 10

Content differences:

--- /etc/rsyncd.conf-gerrit-data.orig
+++ /etc/rsyncd.conf-gerrit-data
@@ -1,20 +0,0 @@
-# This file is being maintained by Puppet.
-# DO NOT EDIT
-
-[ gerrit-data ]
-path            = /srv/gerrit
-read only       = no
-write only      = no
-list            = yes
-uid             = 0
-gid             = 0
-use chroot      = yes
-
-
-max connections = 0
-
-
-
-
-hosts allow = gerrit2003.wikimedia.org localhost
-

File[/var/log/rsync-gerrit-home]

Parameters differences:

--- File[/var/log/rsync-gerrit-home].orig
+++ File[/var/log/rsync-gerrit-home]

+    ensure => directory
+    group  => root
+    owner  => root
+    force  => True
+    backup => False
+    mode   => 0755

Concat::Fragment[/etc/rsyncd.conf-gerrit-data]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-gerrit-data].orig
+++ Concat::Fragment[/etc/rsyncd.conf-gerrit-data]

-    target => /etc/rsyncd.conf
-    order  => 10

Systemd::Service[rsync-gerrit-data]

Parameters differences:

--- Systemd::Service[rsync-gerrit-data].orig
+++ Systemd::Service[rsync-gerrit-data]

+    ensure                   => present
+    service_params           => {}
+    monitoring_critical      => False
+    require                  => Systemd::Unit[rsync-gerrit-data.service]
+    unit_type                => timer
+    override                 => False
+    monitoring_contact_group => admins
+    migration_task           => T407130
+    monitoring_enabled       => False
+    restart                  => False

File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-rsync-gerrit-data.conf].orig
+++ File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]

+    ensure => present
+    notify => Service[rsyslog]
+    owner  => root
+    group  => root
+    mode   => 0444

Content differences:

--- /etc/rsyslog.d/40-rsync-gerrit-data.conf.orig
+++ /etc/rsyslog.d/40-rsync-gerrit-data.conf
@@ -0,0 +1,10 @@
+# rsyslog.conf(5) configuration file for services.
+# This file is managed by Puppet.
+if $programname startswith "rsync-gerrit-data" then {
+    action(
+        type="omfile" file="/var/log/rsync-gerrit-data/syslog.log"
+        fileOwner="root" fileGroup="root"
+        fileCreateMode="0644"
+    )
+    & stop
+}

Systemd::Timer::Job[rsync-gerrit-data]

Parameters differences:

--- Systemd::Timer::Job[rsync-gerrit-data].orig
+++ Systemd::Timer::Job[rsync-gerrit-data]

+    ensure                    => present
+    logfile_name              => syslog.log
+    send_mail_only_on_error   => True
+    user                      => root
+    send_mail_to              => root@gerrit1003.wikimedia.org
+    environment               => {}
+    command                   => /usr/local/sbin/sync-gerrit-data
+    logging_enabled           => True
+    send_mail                 => False
+    logfile_basedir           => /var/log
+    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+    syslog_force_stop         => True
+    description               => Transfer data periodically between hosts
+    fixed_random_delay        => False
+    monitoring_contact_groups => admins
+    syslog_match_startswith   => True
+    ignore_errors             => False
+    logfile_group             => root
+    interval                  => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    monitoring_enabled        => False
+    success_exit_status       => [24]
+    logfile_perms             => all
+    private_tmp               => False

Systemd::Timer::Job[rsync-gerrit-home]

Parameters differences:

--- Systemd::Timer::Job[rsync-gerrit-home].orig
+++ Systemd::Timer::Job[rsync-gerrit-home]

+    ensure                    => present
+    logfile_name              => syslog.log
+    send_mail_only_on_error   => True
+    user                      => root
+    send_mail_to              => root@gerrit1003.wikimedia.org
+    environment               => {}
+    command                   => /usr/local/sbin/sync-gerrit-home
+    logging_enabled           => True
+    send_mail                 => False
+    logfile_basedir           => /var/log
+    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+    syslog_force_stop         => True
+    description               => Transfer data periodically between hosts
+    fixed_random_delay        => False
+    monitoring_contact_groups => admins
+    syslog_match_startswith   => True
+    ignore_errors             => False
+    logfile_group             => root
+    interval                  => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    monitoring_enabled        => False
+    success_exit_status       => [24]
+    logfile_perms             => all
+    private_tmp               => False

Logrotate::Conf[rsync-gerrit-home]

Parameters differences:

--- Logrotate::Conf[rsync-gerrit-home].orig
+++ Logrotate::Conf[rsync-gerrit-home]

+    ensure => present

Rsync::Server::Module[gerrit-home]

Parameters differences:

--- Rsync::Server::Module[gerrit-home].orig
+++ Rsync::Server::Module[gerrit-home]

-    ensure          => present
-    gid             => 0
-    read_only       => no
-    auto_firewall   => True
-    lock_file       => /var/run/rsyncd.lock
-    uid             => 0
-    path            => /srv/home-gerrit2003.wikimedia.org
-    hosts_allow     => ['gerrit2003.wikimedia.org']
-    list            => yes
-    max_connections => 0
-    chroot          => True
-    qos_low         => False
-    write_only      => no

File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]

-    ensure => present
-    tag    => nft
-    notify => ['Service[nftables]']
-    owner  => root
-    group  => root
-    mode   => 0444

Content differences:

--- /etc/nftables/input/10_rsyncd_access_gerrit-data.nft.orig
+++ /etc/nftables/input/10_rsyncd_access_gerrit-data.nft
@@ -1,4 +0,0 @@
-# Managed by puppet
-# 
-ip saddr { 208.80.153.116 } tcp dport { 873, 1873 } accept
-ip6 saddr { 2620:0:860:4:208:80:153:116 } tcp dport { 873, 1873 } accept

Compilation results for gerrit1003.wikimedia.org: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources only in the old catalog

Resources modified

Relevant files