Compilation results for gerrit2003.wikimedia.org: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3481
Resources added:	53
Resources removed:	0
Resources modified:	53
Change percentage:	3.05%

Resources only in the new catalog

Systemd::Unit[rsync-gerrit-data.service]
File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]
Rsync::Quickdatacopy[gerrit-home]
File[/etc/logrotate.d/rsync-gerrit-home]
File[/etc/logrotate.d/rsync-gerrit-data]
Rsyslog::Conf[rsync-gerrit-data]
Concat_fragment[/etc/rsyncd.conf-gerrit-data]
File[/usr/local/sbin/sync-gerrit-home]
Logrotate::Conf[rsync-gerrit-home]
Systemd::Unit[rsync-gerrit-data.timer]
Systemd::Syslog[rsync-gerrit-home]
File[/lib/systemd/system/rsync-gerrit-home.timer]
File[/lib/systemd/system/rsync-gerrit-home.service]
Systemd::Timer::Job[rsync-gerrit-data]
Systemd::Syslog[rsync-gerrit-data]
Concat_fragment[/etc/rsyncd.conf-gerrit-home]
Rsync::Server::Module[gerrit-data]
Nftables::Service[rsyncd_access_gerrit-data]
File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]
Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]
Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]
File[/var/log/rsync-gerrit-data]
Systemd::Service[rsync-gerrit-home]
File[/usr/local/sbin/sync-gerrit-data]
Rsync::Quickdatacopy[gerrit-data]
Service[rsync-gerrit-data.timer]
Ferm::Service[rsyncd_access_gerrit_home]
File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]
File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]
Rsync::Server::Module[gerrit-home]
Systemd::Unit[rsync-gerrit-home.service]
Service[rsync-gerrit-home.timer]
File[/lib/systemd/system/rsync-gerrit-data.timer]
Systemd::Timer[rsync-gerrit-data]
Systemd::Unit[rsync-gerrit-home.timer]
File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]
Systemd::Service[rsync-gerrit-data]
Rsyslog::Conf[rsync-gerrit-home]
Systemd::Timer[rsync-gerrit-home]
Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]
Concat::Fragment[/etc/rsyncd.conf-gerrit-home]
Nftables::Service[rsyncd_access_gerrit-home]
Logrotate::Conf[rsync-gerrit-data]
Systemd::Timer::Job[rsync-gerrit-home]
File[/var/log/rsync-gerrit-home]
Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]
File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]
Ferm::Service[rsyncd_access_gerrit_data]
Concat::Fragment[/etc/rsyncd.conf-gerrit-data]
Firewall::Service[rsyncd_access_gerrit-data]
File[/srv/home-gerrit2003.wikimedia.org/]
Firewall::Service[rsyncd_access_gerrit-home]
File[/lib/systemd/system/rsync-gerrit-data.service]

Resources modified

File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]

Parameters differences:

--- File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper].orig
+++ File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]

+    group  => root
+    mode   => 0755
+    owner  => root
+    ensure => present

Content differences:

--- /usr/local/sbin/sync-gerrit-data-ssl-wrapper.orig
+++ /usr/local/sbin/sync-gerrit-data-ssl-wrapper
@@ -0,0 +1,29 @@
+#!/bin/sh
+# This file is managed by Puppet
+#
+# This script is expected to be used as the --rsh argument to rsync.
+# It will wrap rsync's communication in stunnel, and validate the
+# server's cert vs the Puppet CA.
+
+set -eu
+
+cleanup() {
+    [ -f "$CONFIG" ] && rm -f "$CONFIG"
+}
+trap cleanup EXIT
+
+CONFIG=$(mktemp -t sync-ssl-wrapper.stunnel.conf.XXXXXXXX)
+
+RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-1873}
+
+cat > "$CONFIG" <<EOF
+foreground  = yes
+client      = yes
+connect     = $1:$RSYNC_SSL_PORT
+CAfile      = /var/lib/puppet/ssl/certs/ca.pem
+cert        = /var/lib/puppet/ssl/certs/gerrit2003.wikimedia.org.pem
+key         = /var/lib/puppet/ssl/private_keys/gerrit2003.wikimedia.org.pem
+verifyChain = yes
+EOF
+
+/usr/bin/stunnel4 "$CONFIG"

Systemd::Timer::Job[rsync-gerrit-data]

Parameters differences:

--- Systemd::Timer::Job[rsync-gerrit-data].orig
+++ Systemd::Timer::Job[rsync-gerrit-data]

+    send_mail_to              => root@gerrit2003.wikimedia.org
+    monitoring_enabled        => False
+    monitoring_contact_groups => admins
+    command                   => /usr/local/sbin/sync-gerrit-data
+    logfile_perms             => all
+    private_tmp               => False
+    ignore_errors             => False
+    logfile_group             => root
+    ensure                    => absent
+    interval                  => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    environment               => {}
+    logging_enabled           => True
+    success_exit_status       => [24]
+    logfile_basedir           => /var/log
+    description               => Transfer data periodically between hosts
+    user                      => root
+    fixed_random_delay        => False
+    send_mail                 => False
+    syslog_match_startswith   => True
+    send_mail_only_on_error   => True
+    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+    syslog_force_stop         => True
+    logfile_name              => syslog.log

Concat_fragment[/etc/rsyncd.conf-gerrit-home]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-gerrit-home].orig
+++ Concat_fragment[/etc/rsyncd.conf-gerrit-home]

+    tag    => _etc_rsyncd.conf
+    order  => 10
+    target => /etc/rsyncd.conf

Content differences:

--- /etc/rsyncd.conf-gerrit-home.orig
+++ /etc/rsyncd.conf-gerrit-home
@@ -0,0 +1,20 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+[ gerrit-home ]
+path            = /srv/home-gerrit2003.wikimedia.org
+read only       = yes
+write only      = no
+list            = yes
+uid             = 0
+gid             = 0
+use chroot      = yes
+
+
+max connections = 0
+
+
+
+
+hosts allow = gerrit2003.wikimedia.org localhost
+

Logrotate::Conf[rsync-gerrit-data]

Parameters differences:

--- Logrotate::Conf[rsync-gerrit-data].orig
+++ Logrotate::Conf[rsync-gerrit-data]

+    ensure => absent

File[/srv/home-gerrit2003.wikimedia.org/]

Parameters differences:

--- File[/srv/home-gerrit2003.wikimedia.org/].orig
+++ File[/srv/home-gerrit2003.wikimedia.org/]

+    path   => /srv/home-gerrit2003.wikimedia.org
+    group  => root
+    owner  => root
+    ensure => directory

Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)].orig
+++ Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True

Firewall::Service[rsyncd_access_gerrit-home]

Parameters differences:

--- Firewall::Service[rsyncd_access_gerrit-home].orig
+++ Firewall::Service[rsyncd_access_gerrit-home]

+    srange              => ['gerrit2003.wikimedia.org']
+    prio                => 10
+    port                => [873, 1873]
+    unrestricted_access => False
+    notrack             => False
+    ensure              => present
+    proto               => tcp
+    desc                =>

File[/var/log/rsync-gerrit-data]

Parameters differences:

--- File[/var/log/rsync-gerrit-data].orig
+++ File[/var/log/rsync-gerrit-data]

+    mode   => 0755
+    backup => False
+    group  => root
+    force  => True
+    owner  => root
+    ensure => absent

Logrotate::Conf[rsync-gerrit-home]

Parameters differences:

--- Logrotate::Conf[rsync-gerrit-home].orig
+++ Logrotate::Conf[rsync-gerrit-home]

+    ensure => absent

File[/lib/systemd/system/rsync-gerrit-home.service]

Parameters differences:

--- File[/lib/systemd/system/rsync-gerrit-home.service].orig
+++ File[/lib/systemd/system/rsync-gerrit-home.service]

+    mode   => 0444
+    notify => Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]
+    group  => root
+    owner  => root
+    ensure => absent

Content differences:

--- /lib/systemd/system/rsync-gerrit-home.service.orig
+++ /lib/systemd/system/rsync-gerrit-home.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Transfer data periodically between hosts
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/local/sbin/sync-gerrit-home
+SuccessExitStatus=24

File[/lib/systemd/system/rsync-gerrit-home.timer]

Parameters differences:

--- File[/lib/systemd/system/rsync-gerrit-home.timer].orig
+++ File[/lib/systemd/system/rsync-gerrit-home.timer]

+    mode   => 0444
+    notify => Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]
+    group  => root
+    owner  => root
+    ensure => absent

Content differences:

--- /lib/systemd/system/rsync-gerrit-home.timer.orig
+++ /lib/systemd/system/rsync-gerrit-home.timer
@@ -0,0 +1,12 @@
+[Unit]
+Description=Periodic execution of rsync-gerrit-home.service
+
+[Timer]
+Unit=rsync-gerrit-home.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnCalendar=*-*-* *:00/10:00
+RandomizedDelaySec=0
+
+[Install]
+WantedBy=multi-user.target

Systemd::Unit[rsync-gerrit-data.service]

Parameters differences:

--- Systemd::Unit[rsync-gerrit-data.service].orig
+++ Systemd::Unit[rsync-gerrit-data.service]

+    restart           => False
+    unit              => rsync-gerrit-data.service
+    override_filename => puppet-override.conf
+    require           => ['Class[Systemd]']
+    override          => False
+    ensure            => absent

File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]

+    tag    => nft
+    mode   => 0444
+    notify => ['Service[nftables]']
+    group  => root
+    owner  => root
+    ensure => present

Content differences:

--- /etc/nftables/input/10_rsyncd_access_gerrit-data.nft.orig
+++ /etc/nftables/input/10_rsyncd_access_gerrit-data.nft
@@ -0,0 +1,4 @@
+# Managed by puppet
+# 
+ip saddr { 208.80.153.116 } tcp dport { 873, 1873 } accept
+ip6 saddr { 2620:0:860:4:208:80:153:116 } tcp dport { 873, 1873 } accept

Firewall::Service[rsyncd_access_gerrit-data]

Parameters differences:

--- Firewall::Service[rsyncd_access_gerrit-data].orig
+++ Firewall::Service[rsyncd_access_gerrit-data]

+    srange              => ['gerrit2003.wikimedia.org']
+    prio                => 10
+    port                => [873, 1873]
+    unrestricted_access => False
+    notrack             => False
+    ensure              => present
+    proto               => tcp
+    desc                =>

Rsyslog::Conf[rsync-gerrit-home]

Parameters differences:

--- Rsyslog::Conf[rsync-gerrit-home].orig
+++ Rsyslog::Conf[rsync-gerrit-home]

+    priority => 40
+    require  => File[/var/log/rsync-gerrit-home]
+    mode     => 0444
+    ensure   => absent

File[/usr/local/sbin/sync-gerrit-home]

Parameters differences:

--- File[/usr/local/sbin/sync-gerrit-home].orig
+++ File[/usr/local/sbin/sync-gerrit-home]

+    group  => root
+    mode   => 0755
+    owner  => root
+    ensure => present

Content differences:

--- /usr/local/sbin/sync-gerrit-home.orig
+++ /usr/local/sbin/sync-gerrit-home
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/rsync --rsh /usr/local/sbin/sync-gerrit-home-ssl-wrapper -a  --chown=gerrit:gerrit  rsync://gerrit2003.wikimedia.org/gerrit-home /srv/home-gerrit2003.wikimedia.org/

Service[rsync-gerrit-home.timer]

Parameters differences:

--- Service[rsync-gerrit-home.timer].orig
+++ Service[rsync-gerrit-home.timer]

+    enable   => False
+    provider => systemd
+    before   => ['Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]']
+    ensure   => stopped

Ferm::Service[rsyncd_access_gerrit_home]

Parameters differences:

--- Ferm::Service[rsyncd_access_gerrit_home].orig
+++ Ferm::Service[rsyncd_access_gerrit_home]

+    srange              => ['gerrit2003.wikimedia.org']
+    prio                => 10
+    port                => [873, 1873]
+    unrestricted_access => False
+    notrack             => False
+    ensure              => present
+    proto               => tcp
+    desc                =>

Systemd::Timer::Job[rsync-gerrit-home]

Parameters differences:

--- Systemd::Timer::Job[rsync-gerrit-home].orig
+++ Systemd::Timer::Job[rsync-gerrit-home]

+    send_mail_to              => root@gerrit2003.wikimedia.org
+    monitoring_enabled        => False
+    monitoring_contact_groups => admins
+    command                   => /usr/local/sbin/sync-gerrit-home
+    logfile_perms             => all
+    private_tmp               => False
+    ignore_errors             => False
+    logfile_group             => root
+    ensure                    => absent
+    interval                  => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    environment               => {}
+    logging_enabled           => True
+    success_exit_status       => [24]
+    logfile_basedir           => /var/log
+    description               => Transfer data periodically between hosts
+    user                      => root
+    fixed_random_delay        => False
+    send_mail                 => False
+    syslog_match_startswith   => True
+    send_mail_only_on_error   => True
+    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+    syslog_force_stop         => True
+    logfile_name              => syslog.log

File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-rsync-gerrit-home.conf].orig
+++ File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]

+    mode   => 0444
+    notify => Service[rsyslog]
+    group  => root
+    owner  => root
+    ensure => absent

Content differences:

--- /etc/rsyslog.d/40-rsync-gerrit-home.conf.orig
+++ /etc/rsyslog.d/40-rsync-gerrit-home.conf
@@ -0,0 +1,10 @@
+# rsyslog.conf(5) configuration file for services.
+# This file is managed by Puppet.
+if $programname startswith "rsync-gerrit-home" then {
+    action(
+        type="omfile" file="/var/log/rsync-gerrit-home/syslog.log"
+        fileOwner="root" fileGroup="root"
+        fileCreateMode="0644"
+    )
+    & stop
+}

File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-rsync-gerrit-data.conf].orig
+++ File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]

+    mode   => 0444
+    notify => Service[rsyslog]
+    group  => root
+    owner  => root
+    ensure => absent

Content differences:

--- /etc/rsyslog.d/40-rsync-gerrit-data.conf.orig
+++ /etc/rsyslog.d/40-rsync-gerrit-data.conf
@@ -0,0 +1,10 @@
+# rsyslog.conf(5) configuration file for services.
+# This file is managed by Puppet.
+if $programname startswith "rsync-gerrit-data" then {
+    action(
+        type="omfile" file="/var/log/rsync-gerrit-data/syslog.log"
+        fileOwner="root" fileGroup="root"
+        fileCreateMode="0644"
+    )
+    & stop
+}

Systemd::Timer[rsync-gerrit-data]

Parameters differences:

--- Systemd::Timer[rsync-gerrit-data].orig
+++ Systemd::Timer[rsync-gerrit-data]

+    unit_name          => rsync-gerrit-data.service
+    fixed_random_delay => False
+    timer_intervals    => [{'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}]
+    accuracy           => 15sec
+    splay              => 0
+    ensure             => absent

Concat::Fragment[/etc/rsyncd.conf-gerrit-home]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-gerrit-home].orig
+++ Concat::Fragment[/etc/rsyncd.conf-gerrit-home]

+    order  => 10
+    target => /etc/rsyncd.conf

File[/lib/systemd/system/rsync-gerrit-data.timer]

Parameters differences:

--- File[/lib/systemd/system/rsync-gerrit-data.timer].orig
+++ File[/lib/systemd/system/rsync-gerrit-data.timer]

+    mode   => 0444
+    notify => Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]
+    group  => root
+    owner  => root
+    ensure => absent

Content differences:

--- /lib/systemd/system/rsync-gerrit-data.timer.orig
+++ /lib/systemd/system/rsync-gerrit-data.timer
@@ -0,0 +1,12 @@
+[Unit]
+Description=Periodic execution of rsync-gerrit-data.service
+
+[Timer]
+Unit=rsync-gerrit-data.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnCalendar=*-*-* *:00/10:00
+RandomizedDelaySec=0
+
+[Install]
+WantedBy=multi-user.target

Systemd::Unit[rsync-gerrit-home.timer]

Parameters differences:

--- Systemd::Unit[rsync-gerrit-home.timer].orig
+++ Systemd::Unit[rsync-gerrit-home.timer]

+    restart           => False
+    unit              => rsync-gerrit-home.timer
+    override_filename => puppet-override.conf
+    require           => ['Class[Systemd]']
+    override          => False
+    ensure            => absent

Systemd::Syslog[rsync-gerrit-data]

Parameters differences:

--- Systemd::Syslog[rsync-gerrit-data].orig
+++ Systemd::Syslog[rsync-gerrit-data]

+    force_stop             => True
+    group                  => root
+    programname_comparison => startswith
+    owner                  => root
+    ensure                 => absent
+    readable_by            => all
+    base_dir               => /var/log
+    log_filename           => syslog.log

Systemd::Service[rsync-gerrit-data]

Parameters differences:

--- Systemd::Service[rsync-gerrit-data].orig
+++ Systemd::Service[rsync-gerrit-data]

+    service_params           => {}
+    monitoring_enabled       => False
+    unit_type                => timer
+    monitoring_contact_group => admins
+    ensure                   => absent
+    restart                  => False
+    migration_task           => T407130
+    monitoring_critical      => False
+    require                  => Systemd::Unit[rsync-gerrit-data.service]
+    override                 => False

Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)].orig
+++ Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True

Rsync::Quickdatacopy[gerrit-home]

Parameters differences:

--- Rsync::Quickdatacopy[gerrit-home].orig
+++ Rsync::Quickdatacopy[gerrit-home]

+    auto_interval              => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    dest_host                  => gerrit2003.wikimedia.org
+    auto_sync                  => False
+    ensure                     => present
+    module_path                => /srv/home-gerrit2003.wikimedia.org
+    delete                     => False
+    ignore_missing_file_errors => True
+    progress                   => False
+    source_host                => gerrit2003.wikimedia.org
+    chown                      => gerrit:gerrit
+    server_uses_stunnel        => True

Systemd::Service[rsync-gerrit-home]

Parameters differences:

--- Systemd::Service[rsync-gerrit-home].orig
+++ Systemd::Service[rsync-gerrit-home]

+    service_params           => {}
+    monitoring_enabled       => False
+    unit_type                => timer
+    monitoring_contact_group => admins
+    ensure                   => absent
+    restart                  => False
+    migration_task           => T407130
+    monitoring_critical      => False
+    require                  => Systemd::Unit[rsync-gerrit-home.service]
+    override                 => False

Nftables::Service[rsyncd_access_gerrit-home]

Parameters differences:

--- Nftables::Service[rsyncd_access_gerrit-home].orig
+++ Nftables::Service[rsyncd_access_gerrit-home]

+    prio                => 10
+    port                => [873, 1873]
+    unrestricted_access => False
+    notrack             => False
+    ensure              => present
+    proto               => tcp
+    src_ips             => ['208.80.153.116', '2620:0:860:4:208:80:153:116']
+    desc                =>

File[/etc/logrotate.d/rsync-gerrit-data]

Parameters differences:

--- File[/etc/logrotate.d/rsync-gerrit-data].orig
+++ File[/etc/logrotate.d/rsync-gerrit-data]

+    group  => root
+    mode   => 0444
+    owner  => root
+    ensure => absent

Content differences:

--- /etc/logrotate.d/rsync-gerrit-data.orig
+++ /etc/logrotate.d/rsync-gerrit-data
@@ -0,0 +1,12 @@
+# logrotate(8) config for rsync-gerrit-data
+
+/var/log/rsync-gerrit-data/*.log {
+    daily
+    copytruncate
+    missingok
+    compress
+    delaycompress
+    notifempty
+    rotate 15
+    size 256M
+}

Systemd::Unit[rsync-gerrit-data.timer]

Parameters differences:

--- Systemd::Unit[rsync-gerrit-data.timer].orig
+++ Systemd::Unit[rsync-gerrit-data.timer]

+    restart           => False
+    unit              => rsync-gerrit-data.timer
+    override_filename => puppet-override.conf
+    require           => ['Class[Systemd]']
+    override          => False
+    ensure            => absent

File[/var/log/rsync-gerrit-home]

Parameters differences:

--- File[/var/log/rsync-gerrit-home].orig
+++ File[/var/log/rsync-gerrit-home]

+    mode   => 0755
+    backup => False
+    group  => root
+    force  => True
+    owner  => root
+    ensure => absent

Systemd::Syslog[rsync-gerrit-home]

Parameters differences:

--- Systemd::Syslog[rsync-gerrit-home].orig
+++ Systemd::Syslog[rsync-gerrit-home]

+    force_stop             => True
+    group                  => root
+    programname_comparison => startswith
+    owner                  => root
+    ensure                 => absent
+    readable_by            => all
+    base_dir               => /var/log
+    log_filename           => syslog.log

Systemd::Unit[rsync-gerrit-home.service]

Parameters differences:

--- Systemd::Unit[rsync-gerrit-home.service].orig
+++ Systemd::Unit[rsync-gerrit-home.service]

+    restart           => False
+    unit              => rsync-gerrit-home.service
+    override_filename => puppet-override.conf
+    require           => ['Class[Systemd]']
+    override          => False
+    ensure            => absent

Concat::Fragment[/etc/rsyncd.conf-gerrit-data]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-gerrit-data].orig
+++ Concat::Fragment[/etc/rsyncd.conf-gerrit-data]

+    order  => 10
+    target => /etc/rsyncd.conf

Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)].orig
+++ Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True

File[/etc/logrotate.d/rsync-gerrit-home]

Parameters differences:

--- File[/etc/logrotate.d/rsync-gerrit-home].orig
+++ File[/etc/logrotate.d/rsync-gerrit-home]

+    group  => root
+    mode   => 0444
+    owner  => root
+    ensure => absent

Content differences:

--- /etc/logrotate.d/rsync-gerrit-home.orig
+++ /etc/logrotate.d/rsync-gerrit-home
@@ -0,0 +1,12 @@
+# logrotate(8) config for rsync-gerrit-home
+
+/var/log/rsync-gerrit-home/*.log {
+    daily
+    copytruncate
+    missingok
+    compress
+    delaycompress
+    notifempty
+    rotate 15
+    size 256M
+}

File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]

Parameters differences:

--- File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper].orig
+++ File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]

+    group  => root
+    mode   => 0755
+    owner  => root
+    ensure => present

Content differences:

--- /usr/local/sbin/sync-gerrit-home-ssl-wrapper.orig
+++ /usr/local/sbin/sync-gerrit-home-ssl-wrapper
@@ -0,0 +1,29 @@
+#!/bin/sh
+# This file is managed by Puppet
+#
+# This script is expected to be used as the --rsh argument to rsync.
+# It will wrap rsync's communication in stunnel, and validate the
+# server's cert vs the Puppet CA.
+
+set -eu
+
+cleanup() {
+    [ -f "$CONFIG" ] && rm -f "$CONFIG"
+}
+trap cleanup EXIT
+
+CONFIG=$(mktemp -t sync-ssl-wrapper.stunnel.conf.XXXXXXXX)
+
+RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-1873}
+
+cat > "$CONFIG" <<EOF
+foreground  = yes
+client      = yes
+connect     = $1:$RSYNC_SSL_PORT
+CAfile      = /var/lib/puppet/ssl/certs/ca.pem
+cert        = /var/lib/puppet/ssl/certs/gerrit2003.wikimedia.org.pem
+key         = /var/lib/puppet/ssl/private_keys/gerrit2003.wikimedia.org.pem
+verifyChain = yes
+EOF
+
+/usr/bin/stunnel4 "$CONFIG"

File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]

+    tag    => nft
+    mode   => 0444
+    notify => ['Service[nftables]']
+    group  => root
+    owner  => root
+    ensure => present

Content differences:

--- /etc/nftables/input/10_rsyncd_access_gerrit-home.nft.orig
+++ /etc/nftables/input/10_rsyncd_access_gerrit-home.nft
@@ -0,0 +1,4 @@
+# Managed by puppet
+# 
+ip saddr { 208.80.153.116 } tcp dport { 873, 1873 } accept
+ip6 saddr { 2620:0:860:4:208:80:153:116 } tcp dport { 873, 1873 } accept

Rsync::Quickdatacopy[gerrit-data]

Parameters differences:

--- Rsync::Quickdatacopy[gerrit-data].orig
+++ Rsync::Quickdatacopy[gerrit-data]

+    auto_interval              => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}
+    dest_host                  => gerrit2003.wikimedia.org
+    auto_sync                  => False
+    ensure                     => present
+    module_path                => /srv/gerrit
+    delete                     => False
+    ignore_missing_file_errors => True
+    progress                   => False
+    source_host                => gerrit2003.wikimedia.org
+    chown                      => gerrit:gerrit
+    server_uses_stunnel        => True

Rsyslog::Conf[rsync-gerrit-data]

Parameters differences:

--- Rsyslog::Conf[rsync-gerrit-data].orig
+++ Rsyslog::Conf[rsync-gerrit-data]

+    priority => 40
+    require  => File[/var/log/rsync-gerrit-data]
+    mode     => 0444
+    ensure   => absent

File[/usr/local/sbin/sync-gerrit-data]

Parameters differences:

--- File[/usr/local/sbin/sync-gerrit-data].orig
+++ File[/usr/local/sbin/sync-gerrit-data]

+    group  => root
+    mode   => 0755
+    owner  => root
+    ensure => present

Content differences:

--- /usr/local/sbin/sync-gerrit-data.orig
+++ /usr/local/sbin/sync-gerrit-data
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/rsync --rsh /usr/local/sbin/sync-gerrit-data-ssl-wrapper -a  --chown=gerrit:gerrit  rsync://gerrit2003.wikimedia.org/gerrit-data /srv/gerrit/

Concat_fragment[/etc/rsyncd.conf-gerrit-data]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-gerrit-data].orig
+++ Concat_fragment[/etc/rsyncd.conf-gerrit-data]

+    tag    => _etc_rsyncd.conf
+    order  => 10
+    target => /etc/rsyncd.conf

Content differences:

--- /etc/rsyncd.conf-gerrit-data.orig
+++ /etc/rsyncd.conf-gerrit-data
@@ -0,0 +1,20 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+[ gerrit-data ]
+path            = /srv/gerrit
+read only       = yes
+write only      = no
+list            = yes
+uid             = 0
+gid             = 0
+use chroot      = yes
+
+
+max connections = 0
+
+
+
+
+hosts allow = gerrit2003.wikimedia.org localhost
+

Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)].orig
+++ Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True

File[/lib/systemd/system/rsync-gerrit-data.service]

Parameters differences:

--- File[/lib/systemd/system/rsync-gerrit-data.service].orig
+++ File[/lib/systemd/system/rsync-gerrit-data.service]

+    mode   => 0444
+    notify => Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]
+    group  => root
+    owner  => root
+    ensure => absent

Content differences:

--- /lib/systemd/system/rsync-gerrit-data.service.orig
+++ /lib/systemd/system/rsync-gerrit-data.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Transfer data periodically between hosts
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/local/sbin/sync-gerrit-data
+SuccessExitStatus=24

Nftables::Service[rsyncd_access_gerrit-data]

Parameters differences:

--- Nftables::Service[rsyncd_access_gerrit-data].orig
+++ Nftables::Service[rsyncd_access_gerrit-data]

+    prio                => 10
+    port                => [873, 1873]
+    unrestricted_access => False
+    notrack             => False
+    ensure              => present
+    proto               => tcp
+    src_ips             => ['208.80.153.116', '2620:0:860:4:208:80:153:116']
+    desc                =>

Systemd::Timer[rsync-gerrit-home]

Parameters differences:

--- Systemd::Timer[rsync-gerrit-home].orig
+++ Systemd::Timer[rsync-gerrit-home]

+    unit_name          => rsync-gerrit-home.service
+    fixed_random_delay => False
+    timer_intervals    => [{'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}]
+    accuracy           => 15sec
+    splay              => 0
+    ensure             => absent

Rsync::Server::Module[gerrit-data]

Parameters differences:

--- Rsync::Server::Module[gerrit-data].orig
+++ Rsync::Server::Module[gerrit-data]

+    write_only      => no
+    lock_file       => /var/run/rsyncd.lock
+    read_only       => yes
+    gid             => 0
+    hosts_allow     => ['gerrit2003.wikimedia.org']
+    ensure          => present
+    path            => /srv/gerrit
+    list            => yes
+    auto_firewall   => True
+    uid             => 0
+    max_connections => 0
+    qos_low         => False
+    chroot          => True

Rsync::Server::Module[gerrit-home]

Parameters differences:

--- Rsync::Server::Module[gerrit-home].orig
+++ Rsync::Server::Module[gerrit-home]

+    write_only      => no
+    lock_file       => /var/run/rsyncd.lock
+    read_only       => yes
+    gid             => 0
+    hosts_allow     => ['gerrit2003.wikimedia.org']
+    ensure          => present
+    path            => /srv/home-gerrit2003.wikimedia.org
+    list            => yes
+    auto_firewall   => True
+    uid             => 0
+    max_connections => 0
+    qos_low         => False
+    chroot          => True

Ferm::Service[rsyncd_access_gerrit_data]

Parameters differences:

--- Ferm::Service[rsyncd_access_gerrit_data].orig
+++ Ferm::Service[rsyncd_access_gerrit_data]

+    srange              => ['gerrit2003.wikimedia.org']
+    prio                => 10
+    port                => [873, 1873]
+    unrestricted_access => False
+    notrack             => False
+    ensure              => present
+    proto               => tcp
+    desc                =>

Service[rsync-gerrit-data.timer]

Parameters differences:

--- Service[rsync-gerrit-data.timer].orig
+++ Service[rsync-gerrit-data.timer]

+    enable   => False
+    provider => systemd
+    before   => ['Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]']
+    ensure   => stopped

Compilation results for gerrit2003.wikimedia.org: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files