{"host": "gerrit2003.wikimedia.org", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3481, "only_in_self": [], "only_in_other": ["Concat::Fragment[/etc/rsyncd.conf-gerrit-data]", "Concat::Fragment[/etc/rsyncd.conf-gerrit-home]", "Concat_fragment[/etc/rsyncd.conf-gerrit-data]", "Concat_fragment[/etc/rsyncd.conf-gerrit-home]", "Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]", "Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]", "Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]", "Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]", "Ferm::Service[rsyncd_access_gerrit_data]", "Ferm::Service[rsyncd_access_gerrit_home]", "File[/etc/logrotate.d/rsync-gerrit-data]", "File[/etc/logrotate.d/rsync-gerrit-home]", "File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]", "File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]", "File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]", "File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]", "File[/lib/systemd/system/rsync-gerrit-data.service]", "File[/lib/systemd/system/rsync-gerrit-data.timer]", "File[/lib/systemd/system/rsync-gerrit-home.service]", "File[/lib/systemd/system/rsync-gerrit-home.timer]", "File[/srv/home-gerrit2003.wikimedia.org/]", "File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]", "File[/usr/local/sbin/sync-gerrit-data]", "File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]", "File[/usr/local/sbin/sync-gerrit-home]", "File[/var/log/rsync-gerrit-data]", "File[/var/log/rsync-gerrit-home]", "Firewall::Service[rsyncd_access_gerrit-data]", "Firewall::Service[rsyncd_access_gerrit-home]", "Logrotate::Conf[rsync-gerrit-data]", "Logrotate::Conf[rsync-gerrit-home]", "Nftables::Service[rsyncd_access_gerrit-data]", "Nftables::Service[rsyncd_access_gerrit-home]", "Rsync::Quickdatacopy[gerrit-data]", "Rsync::Quickdatacopy[gerrit-home]", "Rsync::Server::Module[gerrit-data]", "Rsync::Server::Module[gerrit-home]", "Rsyslog::Conf[rsync-gerrit-data]", "Rsyslog::Conf[rsync-gerrit-home]", "Service[rsync-gerrit-data.timer]", "Service[rsync-gerrit-home.timer]", "Systemd::Service[rsync-gerrit-data]", "Systemd::Service[rsync-gerrit-home]", "Systemd::Syslog[rsync-gerrit-data]", "Systemd::Syslog[rsync-gerrit-home]", "Systemd::Timer::Job[rsync-gerrit-data]", "Systemd::Timer::Job[rsync-gerrit-home]", "Systemd::Timer[rsync-gerrit-data]", "Systemd::Timer[rsync-gerrit-home]", "Systemd::Unit[rsync-gerrit-data.service]", "Systemd::Unit[rsync-gerrit-data.timer]", "Systemd::Unit[rsync-gerrit-home.service]", "Systemd::Unit[rsync-gerrit-home.timer]"], "resource_diffs": [{"resource": "File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]", "content": "--- /usr/local/sbin/sync-gerrit-data-ssl-wrapper.orig\n+++ /usr/local/sbin/sync-gerrit-data-ssl-wrapper\n@@ -0,0 +1,29 @@\n+#!/bin/sh\n+# This file is managed by Puppet\n+#\n+# This script is expected to be used as the --rsh argument to rsync.\n+# It will wrap rsync's communication in stunnel, and validate the\n+# server's cert vs the Puppet CA.\n+\n+set -eu\n+\n+cleanup() {\n+ [ -f \"$CONFIG\" ] && rm -f \"$CONFIG\"\n+}\n+trap cleanup EXIT\n+\n+CONFIG=$(mktemp -t sync-ssl-wrapper.stunnel.conf.XXXXXXXX)\n+\n+RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-1873}\n+\n+cat > \"$CONFIG\" < root\n+ mode => 0755\n+ owner => root\n+ ensure => present\n"}, {"resource": "Systemd::Timer::Job[rsync-gerrit-data]", "parameters": "--- Systemd::Timer::Job[rsync-gerrit-data].orig\n+++ Systemd::Timer::Job[rsync-gerrit-data]\n\n+ send_mail_to => root@gerrit2003.wikimedia.org\n+ monitoring_enabled => False\n+ monitoring_contact_groups => admins\n+ command => /usr/local/sbin/sync-gerrit-data\n+ logfile_perms => all\n+ private_tmp => False\n+ ignore_errors => False\n+ logfile_group => root\n+ ensure => absent\n+ interval => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}\n+ environment => {}\n+ logging_enabled => True\n+ success_exit_status => [24]\n+ logfile_basedir => /var/log\n+ description => Transfer data periodically between hosts\n+ user => root\n+ fixed_random_delay => False\n+ send_mail => False\n+ syslog_match_startswith => True\n+ send_mail_only_on_error => True\n+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+ syslog_force_stop => True\n+ logfile_name => syslog.log\n"}, {"resource": "Concat_fragment[/etc/rsyncd.conf-gerrit-home]", "content": "--- /etc/rsyncd.conf-gerrit-home.orig\n+++ /etc/rsyncd.conf-gerrit-home\n@@ -0,0 +1,20 @@\n+# This file is being maintained by Puppet.\n+# DO NOT EDIT\n+\n+[ gerrit-home ]\n+path = /srv/home-gerrit2003.wikimedia.org\n+read only = yes\n+write only = no\n+list = yes\n+uid = 0\n+gid = 0\n+use chroot = yes\n+\n+\n+max connections = 0\n+\n+\n+\n+\n+hosts allow = gerrit2003.wikimedia.org localhost\n+", "parameters": "--- Concat_fragment[/etc/rsyncd.conf-gerrit-home].orig\n+++ Concat_fragment[/etc/rsyncd.conf-gerrit-home]\n\n+ tag => _etc_rsyncd.conf\n+ order => 10\n+ target => /etc/rsyncd.conf\n"}, {"resource": "Logrotate::Conf[rsync-gerrit-data]", "parameters": "--- Logrotate::Conf[rsync-gerrit-data].orig\n+++ Logrotate::Conf[rsync-gerrit-data]\n\n+ ensure => absent\n"}, {"resource": "File[/srv/home-gerrit2003.wikimedia.org/]", "parameters": "--- File[/srv/home-gerrit2003.wikimedia.org/].orig\n+++ File[/srv/home-gerrit2003.wikimedia.org/]\n\n+ path => /srv/home-gerrit2003.wikimedia.org\n+ group => root\n+ owner => root\n+ ensure => directory\n"}, {"resource": "Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]", "parameters": "--- Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)].orig\n+++ Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]\n\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "Firewall::Service[rsyncd_access_gerrit-home]", "parameters": "--- Firewall::Service[rsyncd_access_gerrit-home].orig\n+++ Firewall::Service[rsyncd_access_gerrit-home]\n\n+ srange => ['gerrit2003.wikimedia.org']\n+ prio => 10\n+ port => [873, 1873]\n+ unrestricted_access => False\n+ notrack => False\n+ ensure => present\n+ proto => tcp\n+ desc => \n"}, {"resource": "File[/var/log/rsync-gerrit-data]", "parameters": "--- File[/var/log/rsync-gerrit-data].orig\n+++ File[/var/log/rsync-gerrit-data]\n\n+ mode => 0755\n+ backup => False\n+ group => root\n+ force => True\n+ owner => root\n+ ensure => absent\n"}, {"resource": "Logrotate::Conf[rsync-gerrit-home]", "parameters": "--- Logrotate::Conf[rsync-gerrit-home].orig\n+++ Logrotate::Conf[rsync-gerrit-home]\n\n+ ensure => absent\n"}, {"resource": "File[/lib/systemd/system/rsync-gerrit-home.service]", "content": "--- /lib/systemd/system/rsync-gerrit-home.service.orig\n+++ /lib/systemd/system/rsync-gerrit-home.service\n@@ -0,0 +1,9 @@\n+[Unit]\n+Description=Transfer data periodically between hosts\n+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+\n+[Service]\n+Type=oneshot\n+User=root\n+ExecStart=/usr/local/sbin/sync-gerrit-home\n+SuccessExitStatus=24", "parameters": "--- File[/lib/systemd/system/rsync-gerrit-home.service].orig\n+++ File[/lib/systemd/system/rsync-gerrit-home.service]\n\n+ mode => 0444\n+ notify => Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]\n+ group => root\n+ owner => root\n+ ensure => absent\n"}, {"resource": "File[/lib/systemd/system/rsync-gerrit-home.timer]", "content": "--- /lib/systemd/system/rsync-gerrit-home.timer.orig\n+++ /lib/systemd/system/rsync-gerrit-home.timer\n@@ -0,0 +1,12 @@\n+[Unit]\n+Description=Periodic execution of rsync-gerrit-home.service\n+\n+[Timer]\n+Unit=rsync-gerrit-home.service\n+# Accuracy sets the maximum time interval around the execution time we want to allow\n+AccuracySec=15sec\n+OnCalendar=*-*-* *:00/10:00\n+RandomizedDelaySec=0\n+\n+[Install]\n+WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/rsync-gerrit-home.timer].orig\n+++ File[/lib/systemd/system/rsync-gerrit-home.timer]\n\n+ mode => 0444\n+ notify => Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]\n+ group => root\n+ owner => root\n+ ensure => absent\n"}, {"resource": "Systemd::Unit[rsync-gerrit-data.service]", "parameters": "--- Systemd::Unit[rsync-gerrit-data.service].orig\n+++ Systemd::Unit[rsync-gerrit-data.service]\n\n+ restart => False\n+ unit => rsync-gerrit-data.service\n+ override_filename => puppet-override.conf\n+ require => ['Class[Systemd]']\n+ override => False\n+ ensure => absent\n"}, {"resource": "File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]", "content": "--- /etc/nftables/input/10_rsyncd_access_gerrit-data.nft.orig\n+++ /etc/nftables/input/10_rsyncd_access_gerrit-data.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr { 208.80.153.116 } tcp dport { 873, 1873 } accept\n+ip6 saddr { 2620:0:860:4:208:80:153:116 } tcp dport { 873, 1873 } accept", "parameters": "--- File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft].orig\n+++ File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]\n\n+ tag => nft\n+ mode => 0444\n+ notify => ['Service[nftables]']\n+ group => root\n+ owner => root\n+ ensure => present\n"}, {"resource": "Firewall::Service[rsyncd_access_gerrit-data]", "parameters": "--- Firewall::Service[rsyncd_access_gerrit-data].orig\n+++ Firewall::Service[rsyncd_access_gerrit-data]\n\n+ srange => ['gerrit2003.wikimedia.org']\n+ prio => 10\n+ port => [873, 1873]\n+ unrestricted_access => False\n+ notrack => False\n+ ensure => present\n+ proto => tcp\n+ desc => \n"}, {"resource": "Rsyslog::Conf[rsync-gerrit-home]", "parameters": "--- Rsyslog::Conf[rsync-gerrit-home].orig\n+++ Rsyslog::Conf[rsync-gerrit-home]\n\n+ priority => 40\n+ require => File[/var/log/rsync-gerrit-home]\n+ mode => 0444\n+ ensure => absent\n"}, {"resource": "File[/usr/local/sbin/sync-gerrit-home]", "content": "--- /usr/local/sbin/sync-gerrit-home.orig\n+++ /usr/local/sbin/sync-gerrit-home\n@@ -0,0 +1,2 @@\n+#!/bin/sh\n+/usr/bin/rsync --rsh /usr/local/sbin/sync-gerrit-home-ssl-wrapper -a --chown=gerrit:gerrit rsync://gerrit2003.wikimedia.org/gerrit-home /srv/home-gerrit2003.wikimedia.org/", "parameters": "--- File[/usr/local/sbin/sync-gerrit-home].orig\n+++ File[/usr/local/sbin/sync-gerrit-home]\n\n+ group => root\n+ mode => 0755\n+ owner => root\n+ ensure => present\n"}, {"resource": "Service[rsync-gerrit-home.timer]", "parameters": "--- Service[rsync-gerrit-home.timer].orig\n+++ Service[rsync-gerrit-home.timer]\n\n+ enable => False\n+ provider => systemd\n+ before => ['Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]']\n+ ensure => stopped\n"}, {"resource": "Ferm::Service[rsyncd_access_gerrit_home]", "parameters": "--- Ferm::Service[rsyncd_access_gerrit_home].orig\n+++ Ferm::Service[rsyncd_access_gerrit_home]\n\n+ srange => ['gerrit2003.wikimedia.org']\n+ prio => 10\n+ port => [873, 1873]\n+ unrestricted_access => False\n+ notrack => False\n+ ensure => present\n+ proto => tcp\n+ desc => \n"}, {"resource": "Systemd::Timer::Job[rsync-gerrit-home]", "parameters": "--- Systemd::Timer::Job[rsync-gerrit-home].orig\n+++ Systemd::Timer::Job[rsync-gerrit-home]\n\n+ send_mail_to => root@gerrit2003.wikimedia.org\n+ monitoring_enabled => False\n+ monitoring_contact_groups => admins\n+ command => /usr/local/sbin/sync-gerrit-home\n+ logfile_perms => all\n+ private_tmp => False\n+ ignore_errors => False\n+ logfile_group => root\n+ ensure => absent\n+ interval => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}\n+ environment => {}\n+ logging_enabled => True\n+ success_exit_status => [24]\n+ logfile_basedir => /var/log\n+ description => Transfer data periodically between hosts\n+ user => root\n+ fixed_random_delay => False\n+ send_mail => False\n+ syslog_match_startswith => True\n+ send_mail_only_on_error => True\n+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+ syslog_force_stop => True\n+ logfile_name => syslog.log\n"}, {"resource": "File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]", "content": "--- /etc/rsyslog.d/40-rsync-gerrit-home.conf.orig\n+++ /etc/rsyslog.d/40-rsync-gerrit-home.conf\n@@ -0,0 +1,10 @@\n+# rsyslog.conf(5) configuration file for services.\n+# This file is managed by Puppet.\n+if $programname startswith \"rsync-gerrit-home\" then {\n+ action(\n+ type=\"omfile\" file=\"/var/log/rsync-gerrit-home/syslog.log\"\n+ fileOwner=\"root\" fileGroup=\"root\"\n+ fileCreateMode=\"0644\"\n+ )\n+ & stop\n+}", "parameters": "--- File[/etc/rsyslog.d/40-rsync-gerrit-home.conf].orig\n+++ File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]\n\n+ mode => 0444\n+ notify => Service[rsyslog]\n+ group => root\n+ owner => root\n+ ensure => absent\n"}, {"resource": "File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]", "content": "--- /etc/rsyslog.d/40-rsync-gerrit-data.conf.orig\n+++ /etc/rsyslog.d/40-rsync-gerrit-data.conf\n@@ -0,0 +1,10 @@\n+# rsyslog.conf(5) configuration file for services.\n+# This file is managed by Puppet.\n+if $programname startswith \"rsync-gerrit-data\" then {\n+ action(\n+ type=\"omfile\" file=\"/var/log/rsync-gerrit-data/syslog.log\"\n+ fileOwner=\"root\" fileGroup=\"root\"\n+ fileCreateMode=\"0644\"\n+ )\n+ & stop\n+}", "parameters": "--- File[/etc/rsyslog.d/40-rsync-gerrit-data.conf].orig\n+++ File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]\n\n+ mode => 0444\n+ notify => Service[rsyslog]\n+ group => root\n+ owner => root\n+ ensure => absent\n"}, {"resource": "Systemd::Timer[rsync-gerrit-data]", "parameters": "--- Systemd::Timer[rsync-gerrit-data].orig\n+++ Systemd::Timer[rsync-gerrit-data]\n\n+ unit_name => rsync-gerrit-data.service\n+ fixed_random_delay => False\n+ timer_intervals => [{'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}]\n+ accuracy => 15sec\n+ splay => 0\n+ ensure => absent\n"}, {"resource": "Concat::Fragment[/etc/rsyncd.conf-gerrit-home]", "parameters": "--- Concat::Fragment[/etc/rsyncd.conf-gerrit-home].orig\n+++ Concat::Fragment[/etc/rsyncd.conf-gerrit-home]\n\n+ order => 10\n+ target => /etc/rsyncd.conf\n"}, {"resource": "File[/lib/systemd/system/rsync-gerrit-data.timer]", "content": "--- /lib/systemd/system/rsync-gerrit-data.timer.orig\n+++ /lib/systemd/system/rsync-gerrit-data.timer\n@@ -0,0 +1,12 @@\n+[Unit]\n+Description=Periodic execution of rsync-gerrit-data.service\n+\n+[Timer]\n+Unit=rsync-gerrit-data.service\n+# Accuracy sets the maximum time interval around the execution time we want to allow\n+AccuracySec=15sec\n+OnCalendar=*-*-* *:00/10:00\n+RandomizedDelaySec=0\n+\n+[Install]\n+WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/rsync-gerrit-data.timer].orig\n+++ File[/lib/systemd/system/rsync-gerrit-data.timer]\n\n+ mode => 0444\n+ notify => Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]\n+ group => root\n+ owner => root\n+ ensure => absent\n"}, {"resource": "Systemd::Unit[rsync-gerrit-home.timer]", "parameters": "--- Systemd::Unit[rsync-gerrit-home.timer].orig\n+++ Systemd::Unit[rsync-gerrit-home.timer]\n\n+ restart => False\n+ unit => rsync-gerrit-home.timer\n+ override_filename => puppet-override.conf\n+ require => ['Class[Systemd]']\n+ override => False\n+ ensure => absent\n"}, {"resource": "Systemd::Syslog[rsync-gerrit-data]", "parameters": "--- Systemd::Syslog[rsync-gerrit-data].orig\n+++ Systemd::Syslog[rsync-gerrit-data]\n\n+ force_stop => True\n+ group => root\n+ programname_comparison => startswith\n+ owner => root\n+ ensure => absent\n+ readable_by => all\n+ base_dir => /var/log\n+ log_filename => syslog.log\n"}, {"resource": "Systemd::Service[rsync-gerrit-data]", "parameters": "--- Systemd::Service[rsync-gerrit-data].orig\n+++ Systemd::Service[rsync-gerrit-data]\n\n+ service_params => {}\n+ monitoring_enabled => False\n+ unit_type => timer\n+ monitoring_contact_group => admins\n+ ensure => absent\n+ restart => False\n+ migration_task => T407130\n+ monitoring_critical => False\n+ require => Systemd::Unit[rsync-gerrit-data.service]\n+ override => False\n"}, {"resource": "Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]", "parameters": "--- Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)].orig\n+++ Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]\n\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "Rsync::Quickdatacopy[gerrit-home]", "parameters": "--- Rsync::Quickdatacopy[gerrit-home].orig\n+++ Rsync::Quickdatacopy[gerrit-home]\n\n+ auto_interval => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}\n+ dest_host => gerrit2003.wikimedia.org\n+ auto_sync => False\n+ ensure => present\n+ module_path => /srv/home-gerrit2003.wikimedia.org\n+ delete => False\n+ ignore_missing_file_errors => True\n+ progress => False\n+ source_host => gerrit2003.wikimedia.org\n+ chown => gerrit:gerrit\n+ server_uses_stunnel => True\n"}, {"resource": "Systemd::Service[rsync-gerrit-home]", "parameters": "--- Systemd::Service[rsync-gerrit-home].orig\n+++ Systemd::Service[rsync-gerrit-home]\n\n+ service_params => {}\n+ monitoring_enabled => False\n+ unit_type => timer\n+ monitoring_contact_group => admins\n+ ensure => absent\n+ restart => False\n+ migration_task => T407130\n+ monitoring_critical => False\n+ require => Systemd::Unit[rsync-gerrit-home.service]\n+ override => False\n"}, {"resource": "Nftables::Service[rsyncd_access_gerrit-home]", "parameters": "--- Nftables::Service[rsyncd_access_gerrit-home].orig\n+++ Nftables::Service[rsyncd_access_gerrit-home]\n\n+ prio => 10\n+ port => [873, 1873]\n+ unrestricted_access => False\n+ notrack => False\n+ ensure => present\n+ proto => tcp\n+ src_ips => ['208.80.153.116', '2620:0:860:4:208:80:153:116']\n+ desc => \n"}, {"resource": "File[/etc/logrotate.d/rsync-gerrit-data]", "content": "--- /etc/logrotate.d/rsync-gerrit-data.orig\n+++ /etc/logrotate.d/rsync-gerrit-data\n@@ -0,0 +1,12 @@\n+# logrotate(8) config for rsync-gerrit-data\n+\n+/var/log/rsync-gerrit-data/*.log {\n+ daily\n+ copytruncate\n+ missingok\n+ compress\n+ delaycompress\n+ notifempty\n+ rotate 15\n+ size 256M\n+}", "parameters": "--- File[/etc/logrotate.d/rsync-gerrit-data].orig\n+++ File[/etc/logrotate.d/rsync-gerrit-data]\n\n+ group => root\n+ mode => 0444\n+ owner => root\n+ ensure => absent\n"}, {"resource": "Systemd::Unit[rsync-gerrit-data.timer]", "parameters": "--- Systemd::Unit[rsync-gerrit-data.timer].orig\n+++ Systemd::Unit[rsync-gerrit-data.timer]\n\n+ restart => False\n+ unit => rsync-gerrit-data.timer\n+ override_filename => puppet-override.conf\n+ require => ['Class[Systemd]']\n+ override => False\n+ ensure => absent\n"}, {"resource": "File[/var/log/rsync-gerrit-home]", "parameters": "--- File[/var/log/rsync-gerrit-home].orig\n+++ File[/var/log/rsync-gerrit-home]\n\n+ mode => 0755\n+ backup => False\n+ group => root\n+ force => True\n+ owner => root\n+ ensure => absent\n"}, {"resource": "Systemd::Syslog[rsync-gerrit-home]", "parameters": "--- Systemd::Syslog[rsync-gerrit-home].orig\n+++ Systemd::Syslog[rsync-gerrit-home]\n\n+ force_stop => True\n+ group => root\n+ programname_comparison => startswith\n+ owner => root\n+ ensure => absent\n+ readable_by => all\n+ base_dir => /var/log\n+ log_filename => syslog.log\n"}, {"resource": "Systemd::Unit[rsync-gerrit-home.service]", "parameters": "--- Systemd::Unit[rsync-gerrit-home.service].orig\n+++ Systemd::Unit[rsync-gerrit-home.service]\n\n+ restart => False\n+ unit => rsync-gerrit-home.service\n+ override_filename => puppet-override.conf\n+ require => ['Class[Systemd]']\n+ override => False\n+ ensure => absent\n"}, {"resource": "Concat::Fragment[/etc/rsyncd.conf-gerrit-data]", "parameters": "--- Concat::Fragment[/etc/rsyncd.conf-gerrit-data].orig\n+++ Concat::Fragment[/etc/rsyncd.conf-gerrit-data]\n\n+ order => 10\n+ target => /etc/rsyncd.conf\n"}, {"resource": "Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]", "parameters": "--- Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)].orig\n+++ Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]\n\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "File[/etc/logrotate.d/rsync-gerrit-home]", "content": "--- /etc/logrotate.d/rsync-gerrit-home.orig\n+++ /etc/logrotate.d/rsync-gerrit-home\n@@ -0,0 +1,12 @@\n+# logrotate(8) config for rsync-gerrit-home\n+\n+/var/log/rsync-gerrit-home/*.log {\n+ daily\n+ copytruncate\n+ missingok\n+ compress\n+ delaycompress\n+ notifempty\n+ rotate 15\n+ size 256M\n+}", "parameters": "--- File[/etc/logrotate.d/rsync-gerrit-home].orig\n+++ File[/etc/logrotate.d/rsync-gerrit-home]\n\n+ group => root\n+ mode => 0444\n+ owner => root\n+ ensure => absent\n"}, {"resource": "File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]", "content": "--- /usr/local/sbin/sync-gerrit-home-ssl-wrapper.orig\n+++ /usr/local/sbin/sync-gerrit-home-ssl-wrapper\n@@ -0,0 +1,29 @@\n+#!/bin/sh\n+# This file is managed by Puppet\n+#\n+# This script is expected to be used as the --rsh argument to rsync.\n+# It will wrap rsync's communication in stunnel, and validate the\n+# server's cert vs the Puppet CA.\n+\n+set -eu\n+\n+cleanup() {\n+ [ -f \"$CONFIG\" ] && rm -f \"$CONFIG\"\n+}\n+trap cleanup EXIT\n+\n+CONFIG=$(mktemp -t sync-ssl-wrapper.stunnel.conf.XXXXXXXX)\n+\n+RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-1873}\n+\n+cat > \"$CONFIG\" < root\n+ mode => 0755\n+ owner => root\n+ ensure => present\n"}, {"resource": "File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]", "content": "--- /etc/nftables/input/10_rsyncd_access_gerrit-home.nft.orig\n+++ /etc/nftables/input/10_rsyncd_access_gerrit-home.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr { 208.80.153.116 } tcp dport { 873, 1873 } accept\n+ip6 saddr { 2620:0:860:4:208:80:153:116 } tcp dport { 873, 1873 } accept", "parameters": "--- File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft].orig\n+++ File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]\n\n+ tag => nft\n+ mode => 0444\n+ notify => ['Service[nftables]']\n+ group => root\n+ owner => root\n+ ensure => present\n"}, {"resource": "Rsync::Quickdatacopy[gerrit-data]", "parameters": "--- Rsync::Quickdatacopy[gerrit-data].orig\n+++ Rsync::Quickdatacopy[gerrit-data]\n\n+ auto_interval => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}\n+ dest_host => gerrit2003.wikimedia.org\n+ auto_sync => False\n+ ensure => present\n+ module_path => /srv/gerrit\n+ delete => False\n+ ignore_missing_file_errors => True\n+ progress => False\n+ source_host => gerrit2003.wikimedia.org\n+ chown => gerrit:gerrit\n+ server_uses_stunnel => True\n"}, {"resource": "Rsyslog::Conf[rsync-gerrit-data]", "parameters": "--- Rsyslog::Conf[rsync-gerrit-data].orig\n+++ Rsyslog::Conf[rsync-gerrit-data]\n\n+ priority => 40\n+ require => File[/var/log/rsync-gerrit-data]\n+ mode => 0444\n+ ensure => absent\n"}, {"resource": "File[/usr/local/sbin/sync-gerrit-data]", "content": "--- /usr/local/sbin/sync-gerrit-data.orig\n+++ /usr/local/sbin/sync-gerrit-data\n@@ -0,0 +1,2 @@\n+#!/bin/sh\n+/usr/bin/rsync --rsh /usr/local/sbin/sync-gerrit-data-ssl-wrapper -a --chown=gerrit:gerrit rsync://gerrit2003.wikimedia.org/gerrit-data /srv/gerrit/", "parameters": "--- File[/usr/local/sbin/sync-gerrit-data].orig\n+++ File[/usr/local/sbin/sync-gerrit-data]\n\n+ group => root\n+ mode => 0755\n+ owner => root\n+ ensure => present\n"}, {"resource": "Concat_fragment[/etc/rsyncd.conf-gerrit-data]", "content": "--- /etc/rsyncd.conf-gerrit-data.orig\n+++ /etc/rsyncd.conf-gerrit-data\n@@ -0,0 +1,20 @@\n+# This file is being maintained by Puppet.\n+# DO NOT EDIT\n+\n+[ gerrit-data ]\n+path = /srv/gerrit\n+read only = yes\n+write only = no\n+list = yes\n+uid = 0\n+gid = 0\n+use chroot = yes\n+\n+\n+max connections = 0\n+\n+\n+\n+\n+hosts allow = gerrit2003.wikimedia.org localhost\n+", "parameters": "--- Concat_fragment[/etc/rsyncd.conf-gerrit-data].orig\n+++ Concat_fragment[/etc/rsyncd.conf-gerrit-data]\n\n+ tag => _etc_rsyncd.conf\n+ order => 10\n+ target => /etc/rsyncd.conf\n"}, {"resource": "Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]", "parameters": "--- Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)].orig\n+++ Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]\n\n+ command => /bin/systemctl daemon-reload\n+ refreshonly => True\n"}, {"resource": "File[/lib/systemd/system/rsync-gerrit-data.service]", "content": "--- /lib/systemd/system/rsync-gerrit-data.service.orig\n+++ /lib/systemd/system/rsync-gerrit-data.service\n@@ -0,0 +1,9 @@\n+[Unit]\n+Description=Transfer data periodically between hosts\n+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+\n+[Service]\n+Type=oneshot\n+User=root\n+ExecStart=/usr/local/sbin/sync-gerrit-data\n+SuccessExitStatus=24", "parameters": "--- File[/lib/systemd/system/rsync-gerrit-data.service].orig\n+++ File[/lib/systemd/system/rsync-gerrit-data.service]\n\n+ mode => 0444\n+ notify => Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]\n+ group => root\n+ owner => root\n+ ensure => absent\n"}, {"resource": "Nftables::Service[rsyncd_access_gerrit-data]", "parameters": "--- Nftables::Service[rsyncd_access_gerrit-data].orig\n+++ Nftables::Service[rsyncd_access_gerrit-data]\n\n+ prio => 10\n+ port => [873, 1873]\n+ unrestricted_access => False\n+ notrack => False\n+ ensure => present\n+ proto => tcp\n+ src_ips => ['208.80.153.116', '2620:0:860:4:208:80:153:116']\n+ desc => \n"}, {"resource": "Systemd::Timer[rsync-gerrit-home]", "parameters": "--- Systemd::Timer[rsync-gerrit-home].orig\n+++ Systemd::Timer[rsync-gerrit-home]\n\n+ unit_name => rsync-gerrit-home.service\n+ fixed_random_delay => False\n+ timer_intervals => [{'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}]\n+ accuracy => 15sec\n+ splay => 0\n+ ensure => absent\n"}, {"resource": "Rsync::Server::Module[gerrit-data]", "parameters": "--- Rsync::Server::Module[gerrit-data].orig\n+++ Rsync::Server::Module[gerrit-data]\n\n+ write_only => no\n+ lock_file => /var/run/rsyncd.lock\n+ read_only => yes\n+ gid => 0\n+ hosts_allow => ['gerrit2003.wikimedia.org']\n+ ensure => present\n+ path => /srv/gerrit\n+ list => yes\n+ auto_firewall => True\n+ uid => 0\n+ max_connections => 0\n+ qos_low => False\n+ chroot => True\n"}, {"resource": "Rsync::Server::Module[gerrit-home]", "parameters": "--- Rsync::Server::Module[gerrit-home].orig\n+++ Rsync::Server::Module[gerrit-home]\n\n+ write_only => no\n+ lock_file => /var/run/rsyncd.lock\n+ read_only => yes\n+ gid => 0\n+ hosts_allow => ['gerrit2003.wikimedia.org']\n+ ensure => present\n+ path => /srv/home-gerrit2003.wikimedia.org\n+ list => yes\n+ auto_firewall => True\n+ uid => 0\n+ max_connections => 0\n+ qos_low => False\n+ chroot => True\n"}, {"resource": "Ferm::Service[rsyncd_access_gerrit_data]", "parameters": "--- Ferm::Service[rsyncd_access_gerrit_data].orig\n+++ Ferm::Service[rsyncd_access_gerrit_data]\n\n+ srange => ['gerrit2003.wikimedia.org']\n+ prio => 10\n+ port => [873, 1873]\n+ unrestricted_access => False\n+ notrack => False\n+ ensure => present\n+ proto => tcp\n+ desc => \n"}, {"resource": "Service[rsync-gerrit-data.timer]", "parameters": "--- Service[rsync-gerrit-data.timer].orig\n+++ Service[rsync-gerrit-data.timer]\n\n+ enable => False\n+ provider => systemd\n+ before => ['Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]']\n+ ensure => stopped\n"}], "perc_changed": "3.05%"}, "core": {"total": 3481, "only_in_self": [], "only_in_other": ["Concat_fragment[/etc/rsyncd.conf-gerrit-data]", "Concat_fragment[/etc/rsyncd.conf-gerrit-home]", "Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]", "Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]", "Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]", "Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]", "File[/etc/logrotate.d/rsync-gerrit-data]", "File[/etc/logrotate.d/rsync-gerrit-home]", "File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]", "File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]", "File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]", "File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]", "File[/lib/systemd/system/rsync-gerrit-data.service]", "File[/lib/systemd/system/rsync-gerrit-data.timer]", "File[/lib/systemd/system/rsync-gerrit-home.service]", "File[/lib/systemd/system/rsync-gerrit-home.timer]", "File[/srv/home-gerrit2003.wikimedia.org/]", "File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]", "File[/usr/local/sbin/sync-gerrit-data]", "File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]", "File[/usr/local/sbin/sync-gerrit-home]", "File[/var/log/rsync-gerrit-data]", "File[/var/log/rsync-gerrit-home]", "Service[rsync-gerrit-data.timer]", "Service[rsync-gerrit-home.timer]"], "resource_diffs": [], "perc_changed": "0.72%"}, "main": {"total": 3481, "only_in_self": [], "only_in_other": ["Concat::Fragment[/etc/rsyncd.conf-gerrit-data]", "Concat::Fragment[/etc/rsyncd.conf-gerrit-home]", "Concat_fragment[/etc/rsyncd.conf-gerrit-data]", "Concat_fragment[/etc/rsyncd.conf-gerrit-home]", "Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]", "Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]", "Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]", "Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]", "Ferm::Service[rsyncd_access_gerrit_data]", "Ferm::Service[rsyncd_access_gerrit_home]", "File[/etc/logrotate.d/rsync-gerrit-data]", "File[/etc/logrotate.d/rsync-gerrit-home]", "File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]", "File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]", "File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]", "File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]", "File[/lib/systemd/system/rsync-gerrit-data.service]", "File[/lib/systemd/system/rsync-gerrit-data.timer]", "File[/lib/systemd/system/rsync-gerrit-home.service]", "File[/lib/systemd/system/rsync-gerrit-home.timer]", "File[/srv/home-gerrit2003.wikimedia.org/]", "File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]", "File[/usr/local/sbin/sync-gerrit-data]", "File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]", "File[/usr/local/sbin/sync-gerrit-home]", "File[/var/log/rsync-gerrit-data]", "File[/var/log/rsync-gerrit-home]", "Firewall::Service[rsyncd_access_gerrit-data]", "Firewall::Service[rsyncd_access_gerrit-home]", "Logrotate::Conf[rsync-gerrit-data]", "Logrotate::Conf[rsync-gerrit-home]", "Nftables::Service[rsyncd_access_gerrit-data]", "Nftables::Service[rsyncd_access_gerrit-home]", "Rsync::Quickdatacopy[gerrit-data]", "Rsync::Quickdatacopy[gerrit-home]", "Rsync::Server::Module[gerrit-data]", "Rsync::Server::Module[gerrit-home]", "Rsyslog::Conf[rsync-gerrit-data]", "Rsyslog::Conf[rsync-gerrit-home]", "Service[rsync-gerrit-data.timer]", "Service[rsync-gerrit-home.timer]", "Systemd::Service[rsync-gerrit-data]", "Systemd::Service[rsync-gerrit-home]", "Systemd::Syslog[rsync-gerrit-data]", "Systemd::Syslog[rsync-gerrit-home]", "Systemd::Timer::Job[rsync-gerrit-data]", "Systemd::Timer::Job[rsync-gerrit-home]", "Systemd::Timer[rsync-gerrit-data]", "Systemd::Timer[rsync-gerrit-home]", "Systemd::Unit[rsync-gerrit-data.service]", "Systemd::Unit[rsync-gerrit-data.timer]", "Systemd::Unit[rsync-gerrit-home.service]", "Systemd::Unit[rsync-gerrit-home.timer]"], "resource_diffs": [], "perc_changed": "1.52%"}}}