Compilation results for gerrit1003.wikimedia.org: System changes detected
You can retrieve this result from host.json.Catalog differences
Summary
| Total Resources: | 3484 |
|---|---|
| Resources added: | 38 |
| Resources removed: | 22 |
| Resources modified: | 62 |
| Change percentage: | 3.50% |
Resources only in the new catalog
- File[/var/log/rsync-gerrit-home]
- Rsync::Quickdatacopy[gerrit-home]
- File[/var/log/rsync-gerrit-data]
- File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]
- File[/lib/systemd/system/rsync-gerrit-home.service]
- File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]
- Service[rsync-gerrit-data.timer]
- Systemd::Service[rsync-gerrit-data]
- Systemd::Timer[rsync-gerrit-home]
- Rsyslog::Conf[rsync-gerrit-data]
- Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]
- Systemd::Timer[rsync-gerrit-data]
- File[/lib/systemd/system/rsync-gerrit-data.service]
- Systemd::Syslog[rsync-gerrit-home]
- Systemd::Unit[rsync-gerrit-home.service]
- Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]
- File[/etc/logrotate.d/rsync-gerrit-data]
- Systemd::Service[rsync-gerrit-home]
- File[/lib/systemd/system/rsync-gerrit-home.timer]
- Systemd::Unit[rsync-gerrit-home.timer]
- Logrotate::Conf[rsync-gerrit-home]
- Rsync::Quickdatacopy[gerrit-data]
- Systemd::Unit[rsync-gerrit-data.timer]
- Systemd::Unit[rsync-gerrit-data.service]
- File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]
- Logrotate::Conf[rsync-gerrit-data]
- Systemd::Timer::Job[rsync-gerrit-home]
- Rsyslog::Conf[rsync-gerrit-home]
- File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]
- Systemd::Timer::Job[rsync-gerrit-data]
- File[/usr/local/sbin/sync-gerrit-home]
- File[/lib/systemd/system/rsync-gerrit-data.timer]
- File[/usr/local/sbin/sync-gerrit-data]
- Service[rsync-gerrit-home.timer]
- Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]
- File[/etc/logrotate.d/rsync-gerrit-home]
- Systemd::Syslog[rsync-gerrit-data]
- Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]
Resources only in the old catalog
- Service[rsync]
- Concat[/etc/rsyncd.conf]
- Concat_fragment[/etc/rsyncd.conf-header]
- Nftables::Service[rsyncd_access_gerrit-data]
- File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]
- Firewall::Service[rsyncd_access_gerrit-home]
- Concat::Fragment[/etc/rsyncd.conf-header]
- Concat_file[/etc/rsyncd.conf]
- Concat::Fragment[/etc/rsyncd.conf-gerrit-data]
- Ferm::Service[rsyncd_access_gerrit_data]
- File[/etc/rsync.d]
- Concat_fragment[/etc/rsyncd.conf-gerrit-data]
- Rsync::Server::Module[gerrit-home]
- File[/etc/default/rsync]
- Ferm::Service[rsyncd_access_gerrit_home]
- Concat_fragment[/etc/rsyncd.conf-gerrit-home]
- Class[Rsync::Server]
- Firewall::Service[rsyncd_access_gerrit-data]
- File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]
- Rsync::Server::Module[gerrit-data]
- Concat::Fragment[/etc/rsyncd.conf-gerrit-home]
- Nftables::Service[rsyncd_access_gerrit-home]
Resources modified
- File[/etc/rsync.d]
- Parameters differences:
--- File[/etc/rsync.d].orig +++ File[/etc/rsync.d] - ensure => absent - group => root - owner => root - purge => True - recurse => True - force => True
- Systemd::Syslog[rsync-gerrit-data]
- Parameters differences:
--- Systemd::Syslog[rsync-gerrit-data].orig +++ Systemd::Syslog[rsync-gerrit-data] + owner => root + readable_by => all + programname_comparison => startswith + ensure => absent + log_filename => syslog.log + group => root + force_stop => True + base_dir => /var/log
- File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]
- Parameters differences:
--- File[/etc/rsyslog.d/40-rsync-gerrit-data.conf].orig +++ File[/etc/rsyslog.d/40-rsync-gerrit-data.conf] + mode => 0444 + ensure => absent + group => root + owner => root + notify => Service[rsyslog]
- Content differences:
--- /etc/rsyslog.d/40-rsync-gerrit-data.conf.orig +++ /etc/rsyslog.d/40-rsync-gerrit-data.conf @@ -0,0 +1,10 @@ +# rsyslog.conf(5) configuration file for services. +# This file is managed by Puppet. +if $programname startswith "rsync-gerrit-data" then { + action( + type="omfile" file="/var/log/rsync-gerrit-data/syslog.log" + fileOwner="root" fileGroup="root" + fileCreateMode="0644" + ) + & stop +}- Rsyslog::Conf[rsync-gerrit-data]
- Parameters differences:
--- Rsyslog::Conf[rsync-gerrit-data].orig +++ Rsyslog::Conf[rsync-gerrit-data] + mode => 0444 + require => File[/var/log/rsync-gerrit-data] + ensure => absent + priority => 40
- Systemd::Timer[rsync-gerrit-data]
- Parameters differences:
--- Systemd::Timer[rsync-gerrit-data].orig +++ Systemd::Timer[rsync-gerrit-data] + splay => 0 + ensure => absent + accuracy => 15sec + fixed_random_delay => False + unit_name => rsync-gerrit-data.service + timer_intervals => [{'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}]- Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]
- Parameters differences:
--- Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)].orig +++ Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)] + command => /bin/systemctl daemon-reload + refreshonly => True
- Service[rsync-gerrit-data.timer]
- Parameters differences:
--- Service[rsync-gerrit-data.timer].orig +++ Service[rsync-gerrit-data.timer] + enable => False + ensure => stopped + provider => systemd + before => ['Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]']
- Concat_file[/etc/rsyncd.conf]
- Parameters differences:
--- Concat_file[/etc/rsyncd.conf].orig +++ Concat_file[/etc/rsyncd.conf] - mode => 0444 - tag => _etc_rsyncd.conf - order => alpha - owner => root - ensure_newline => False - backup => puppet - force => False - replace => True - group => root - show_diff => True - format => plain
- Rsync::Server::Module[gerrit-home]
- Parameters differences:
--- Rsync::Server::Module[gerrit-home].orig +++ Rsync::Server::Module[gerrit-home] - write_only => no - hosts_allow => ['gerrit2003.wikimedia.org'] - lock_file => /var/run/rsyncd.lock - read_only => no - uid => 0 - path => /srv/home-gerrit2003.wikimedia.org - qos_low => False - auto_firewall => True - ensure => present - chroot => True - gid => 0 - list => yes - max_connections => 0
- Nftables::Service[rsyncd_access_gerrit-data]
- Parameters differences:
--- Nftables::Service[rsyncd_access_gerrit-data].orig +++ Nftables::Service[rsyncd_access_gerrit-data] - desc => - unrestricted_access => False - src_ips => ['208.80.153.116', '2620:0:860:4:208:80:153:116'] - prio => 10 - proto => tcp - notrack => False - ensure => present - port => [873, 1873]
- Systemd::Unit[rsync-gerrit-data.timer]
- Parameters differences:
--- Systemd::Unit[rsync-gerrit-data.timer].orig +++ Systemd::Unit[rsync-gerrit-data.timer] + restart => False + ensure => absent + require => ['Class[Systemd]'] + override => False + unit => rsync-gerrit-data.timer + override_filename => puppet-override.conf
- File[/etc/default/rsync]
- Parameters differences:
--- File[/etc/default/rsync].orig +++ File[/etc/default/rsync] - mode => 0444 - ensure => present - group => root - owner => root
- Content differences:
--- /etc/default/rsync.orig +++ /etc/default/rsync @@ -1,46 +0,0 @@ -##################################################################### -### THIS FILE IS MANAGED BY PUPPET -### puppet:///rsync/rsync.default.erb -##################################################################### - -# defaults file for rsync daemon mode - -# start rsync in daemon mode from init.d script? -# only allowed values are "true", "false", and "inetd" -# Use "inetd" if you want to start the rsyncd from inetd, -# all this does is prevent the init.d script from printing a message -# about not starting rsyncd (you still need to modify inetd's config yourself). -RSYNC_ENABLE=true - -# which file should be used as the configuration file for rsync. -# This file is used instead of the default /etc/rsyncd.conf -# Warning: This option has no effect if the daemon is accessed -# using a remote shell. When using a different file for -# rsync you might want to symlink /etc/rsyncd.conf to -# that file. -RSYNC_CONFIG_FILE=/etc/rsyncd.conf - -# what extra options to give rsync --daemon? -# that excludes the --daemon; that's always done in the init.d script -# Possibilities are: -# --address=123.45.67.89 (bind to a specific IP address) -# --port=8730 (bind to specified port; default 873) -RSYNC_OPTS='' - -# run rsyncd at a nice level? -# the rsync daemon can impact performance due to much I/O and CPU usage, -# so you may want to run it at a nicer priority than the default priority. -# Allowed values are 0 - 19 inclusive; 10 is a reasonable value. -RSYNC_NICE='' - -# run rsyncd with ionice? -# "ionice" does for IO load what "nice" does for CPU load. -# As rsync is often used for backups which aren't all that time-critical, -# reducing the rsync IO priority will benefit the rest of the system. -# See the manpage for ionice for allowed options. -# -c3 is recommended, this will run rsync IO at "idle" priority. Uncomment -# the next line to activate this. -# RSYNC_IONICE='-c3' - -# Don't forget to create an appropriate config file, -# else the daemon will not start.
- Class[Rsync::Server]
- Parameters differences:
--- Class[Rsync::Server].orig +++ Class[Rsync::Server] - ensure_service => running - timeout => 300 - rsync_opts => [] - address => 0.0.0.0 - rsyncd_conf => {} - use_chroot => yes- File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]
- Parameters differences:
--- File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper].orig +++ File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper] + mode => 0755 + ensure => present + group => root + owner => root
- Content differences:
--- /usr/local/sbin/sync-gerrit-data-ssl-wrapper.orig +++ /usr/local/sbin/sync-gerrit-data-ssl-wrapper @@ -0,0 +1,29 @@ +#!/bin/sh +# This file is managed by Puppet +# +# This script is expected to be used as the --rsh argument to rsync. +# It will wrap rsync's communication in stunnel, and validate the +# server's cert vs the Puppet CA. + +set -eu + +cleanup() { + [ -f "$CONFIG" ] && rm -f "$CONFIG" +} +trap cleanup EXIT + +CONFIG=$(mktemp -t sync-ssl-wrapper.stunnel.conf.XXXXXXXX) + +RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-1873} + +cat > "$CONFIG" <<EOF +foreground = yes +client = yes +connect = $1:$RSYNC_SSL_PORT +CAfile = /var/lib/puppet/ssl/certs/ca.pem +cert = /var/lib/puppet/ssl/certs/gerrit1003.wikimedia.org.pem +key = /var/lib/puppet/ssl/private_keys/gerrit1003.wikimedia.org.pem +verifyChain = yes +EOF + +/usr/bin/stunnel4 "$CONFIG"- File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft]
- Parameters differences:
--- File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft].orig +++ File[/etc/nftables/input/10_rsyncd_access_gerrit-home.nft] - tag => nft - mode => 0444 - ensure => present - group => root - owner => root - notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/input/10_rsyncd_access_gerrit-home.nft.orig +++ /etc/nftables/input/10_rsyncd_access_gerrit-home.nft @@ -1,4 +0,0 @@ -# Managed by puppet -# -ip saddr { 208.80.153.116 } tcp dport { 873, 1873 } accept -ip6 saddr { 2620:0:860:4:208:80:153:116 } tcp dport { 873, 1873 } accept- Systemd::Unit[rsync-gerrit-data.service]
- Parameters differences:
--- Systemd::Unit[rsync-gerrit-data.service].orig +++ Systemd::Unit[rsync-gerrit-data.service] + restart => False + ensure => absent + require => ['Class[Systemd]'] + override => False + unit => rsync-gerrit-data.service + override_filename => puppet-override.conf
- File[/etc/logrotate.d/rsync-gerrit-data]
- Parameters differences:
--- File[/etc/logrotate.d/rsync-gerrit-data].orig +++ File[/etc/logrotate.d/rsync-gerrit-data] + mode => 0444 + ensure => absent + group => root + owner => root
- Content differences:
--- /etc/logrotate.d/rsync-gerrit-data.orig +++ /etc/logrotate.d/rsync-gerrit-data @@ -0,0 +1,12 @@ +# logrotate(8) config for rsync-gerrit-data + +/var/log/rsync-gerrit-data/*.log { + daily + copytruncate + missingok + compress + delaycompress + notifempty + rotate 15 + size 256M +}- File[/usr/local/sbin/sync-gerrit-data]
- Parameters differences:
--- File[/usr/local/sbin/sync-gerrit-data].orig +++ File[/usr/local/sbin/sync-gerrit-data] + mode => 0755 + ensure => present + group => root + owner => root
- Content differences:
--- /usr/local/sbin/sync-gerrit-data.orig +++ /usr/local/sbin/sync-gerrit-data @@ -0,0 +1,2 @@ +#!/bin/sh +/usr/bin/rsync --rsh /usr/local/sbin/sync-gerrit-data-ssl-wrapper -a --chown=gerrit:gerrit rsync://gerrit2003.wikimedia.org/gerrit-data /srv/gerrit/
- File[/usr/local/sbin/sync-gerrit-home]
- Parameters differences:
--- File[/usr/local/sbin/sync-gerrit-home].orig +++ File[/usr/local/sbin/sync-gerrit-home] + mode => 0755 + ensure => present + group => root + owner => root
- Content differences:
--- /usr/local/sbin/sync-gerrit-home.orig +++ /usr/local/sbin/sync-gerrit-home @@ -0,0 +1,2 @@ +#!/bin/sh +/usr/bin/rsync --rsh /usr/local/sbin/sync-gerrit-home-ssl-wrapper -a --chown=gerrit:gerrit rsync://gerrit2003.wikimedia.org/gerrit-home /srv/home-gerrit2003.wikimedia.org/
- File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft]
- Parameters differences:
--- File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft].orig +++ File[/etc/nftables/input/10_rsyncd_access_gerrit-data.nft] - tag => nft - mode => 0444 - ensure => present - group => root - owner => root - notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/input/10_rsyncd_access_gerrit-data.nft.orig +++ /etc/nftables/input/10_rsyncd_access_gerrit-data.nft @@ -1,4 +0,0 @@ -# Managed by puppet -# -ip saddr { 208.80.153.116 } tcp dport { 873, 1873 } accept -ip6 saddr { 2620:0:860:4:208:80:153:116 } tcp dport { 873, 1873 } accept- Class[Profile::Apt]
- Parameters differences:
--- Class[Profile::Apt].orig +++ Class[Profile::Apt] @@ - before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-fd]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[openjdk-17-dbg]', 'Package[python3-virtualenv]', 'Package[virtualenv]', 'Package[python3-pip]', 'Package[apache2]', 'Package[links]', 'Package[rsync]', 'Package[envoyproxy]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[openjdk-17-jdk]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[stunnel4]', 'Package[mtail]', 'Package[prometheus-apache-exporter]'] + before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-fd]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[openjdk-17-dbg]', 'Package[python3-virtualenv]', 'Package[virtualenv]', 'Package[python3-pip]', 'Package[apache2]', 'Package[links]', 'Package[envoyproxy]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[openjdk-17-jdk]', 'Package[git-lfs]', 'Package[rsync]', 'Package[python3-venv]', 'Package[stunnel4]', 'Package[mtail]', 'Package[prometheus-apache-exporter]']
- File[/lib/systemd/system/rsync-gerrit-home.timer]
- Parameters differences:
--- File[/lib/systemd/system/rsync-gerrit-home.timer].orig +++ File[/lib/systemd/system/rsync-gerrit-home.timer] + mode => 0444 + ensure => absent + group => root + owner => root + notify => Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]
- Content differences:
--- /lib/systemd/system/rsync-gerrit-home.timer.orig +++ /lib/systemd/system/rsync-gerrit-home.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Periodic execution of rsync-gerrit-home.service + +[Timer] +Unit=rsync-gerrit-home.service +# Accuracy sets the maximum time interval around the execution time we want to allow +AccuracySec=15sec +OnCalendar=*-*-* *:00/10:00 +RandomizedDelaySec=0 + +[Install] +WantedBy=multi-user.target
- File[/var/log/rsync-gerrit-data]
- Parameters differences:
--- File[/var/log/rsync-gerrit-data].orig +++ File[/var/log/rsync-gerrit-data] + mode => 0755 + ensure => absent + group => root + owner => root + backup => False + force => True
- File[/lib/systemd/system/rsync-gerrit-home.service]
- Parameters differences:
--- File[/lib/systemd/system/rsync-gerrit-home.service].orig +++ File[/lib/systemd/system/rsync-gerrit-home.service] + mode => 0444 + ensure => absent + group => root + owner => root + notify => Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]
- Content differences:
--- /lib/systemd/system/rsync-gerrit-home.service.orig +++ /lib/systemd/system/rsync-gerrit-home.service @@ -0,0 +1,9 @@ +[Unit] +Description=Transfer data periodically between hosts +Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state + +[Service] +Type=oneshot +User=root +ExecStart=/usr/local/sbin/sync-gerrit-home +SuccessExitStatus=24
- Concat[/etc/rsyncd.conf]
- Parameters differences:
--- Concat[/etc/rsyncd.conf].orig +++ Concat[/etc/rsyncd.conf] - mode => 0444 - order => alpha - owner => root - warn => False - backup => puppet - ensure_newline => False - path => /etc/rsyncd.conf - replace => True - force => False - ensure => present - group => root - show_diff => True - format => plain
- Concat_fragment[/etc/rsyncd.conf-gerrit-data]
- Parameters differences:
--- Concat_fragment[/etc/rsyncd.conf-gerrit-data].orig +++ Concat_fragment[/etc/rsyncd.conf-gerrit-data] - tag => _etc_rsyncd.conf - order => 10 - target => /etc/rsyncd.conf
- Content differences:
--- /etc/rsyncd.conf-gerrit-data.orig +++ /etc/rsyncd.conf-gerrit-data @@ -1,20 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT - -[ gerrit-data ] -path = /srv/gerrit -read only = no -write only = no -list = yes -uid = 0 -gid = 0 -use chroot = yes - - -max connections = 0 - - - - -hosts allow = gerrit2003.wikimedia.org localhost -
- Ferm::Service[rsyncd_access_gerrit_data]
- Parameters differences:
--- Ferm::Service[rsyncd_access_gerrit_data].orig +++ Ferm::Service[rsyncd_access_gerrit_data] - desc => - unrestricted_access => False - prio => 10 - proto => tcp - notrack => False - ensure => present - port => [873, 1873] - srange => ['gerrit2003.wikimedia.org']
- File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]
- Parameters differences:
--- File[/etc/rsyslog.d/40-rsync-gerrit-home.conf].orig +++ File[/etc/rsyslog.d/40-rsync-gerrit-home.conf] + mode => 0444 + ensure => absent + group => root + owner => root + notify => Service[rsyslog]
- Content differences:
--- /etc/rsyslog.d/40-rsync-gerrit-home.conf.orig +++ /etc/rsyslog.d/40-rsync-gerrit-home.conf @@ -0,0 +1,10 @@ +# rsyslog.conf(5) configuration file for services. +# This file is managed by Puppet. +if $programname startswith "rsync-gerrit-home" then { + action( + type="omfile" file="/var/log/rsync-gerrit-home/syslog.log" + fileOwner="root" fileGroup="root" + fileCreateMode="0644" + ) + & stop +}- File[/lib/systemd/system/rsync-gerrit-data.timer]
- Parameters differences:
--- File[/lib/systemd/system/rsync-gerrit-data.timer].orig +++ File[/lib/systemd/system/rsync-gerrit-data.timer] + mode => 0444 + ensure => absent + group => root + owner => root + notify => Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]
- Content differences:
--- /lib/systemd/system/rsync-gerrit-data.timer.orig +++ /lib/systemd/system/rsync-gerrit-data.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Periodic execution of rsync-gerrit-data.service + +[Timer] +Unit=rsync-gerrit-data.service +# Accuracy sets the maximum time interval around the execution time we want to allow +AccuracySec=15sec +OnCalendar=*-*-* *:00/10:00 +RandomizedDelaySec=0 + +[Install] +WantedBy=multi-user.target
- Rsync::Quickdatacopy[gerrit-home]
- Parameters differences:
--- Rsync::Quickdatacopy[gerrit-home].orig +++ Rsync::Quickdatacopy[gerrit-home] + ignore_missing_file_errors => True + dest_host => gerrit1003.wikimedia.org + module_path => /srv/home-gerrit2003.wikimedia.org + progress => False + auto_sync => False + chown => gerrit:gerrit + delete => False + ensure => present + source_host => gerrit2003.wikimedia.org + server_uses_stunnel => True + auto_interval => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'}- Systemd::Syslog[rsync-gerrit-home]
- Parameters differences:
--- Systemd::Syslog[rsync-gerrit-home].orig +++ Systemd::Syslog[rsync-gerrit-home] + owner => root + readable_by => all + programname_comparison => startswith + ensure => absent + log_filename => syslog.log + group => root + force_stop => True + base_dir => /var/log
- Systemd::Service[rsync-gerrit-home]
- Parameters differences:
--- Systemd::Service[rsync-gerrit-home].orig +++ Systemd::Service[rsync-gerrit-home] + restart => False + monitoring_enabled => False + monitoring_critical => False + service_params => {} + require => Systemd::Unit[rsync-gerrit-home.service] + ensure => absent + migration_task => T407130 + override => False + monitoring_contact_group => admins + unit_type => timer- Systemd::Timer::Job[rsync-gerrit-data]
- Parameters differences:
--- Systemd::Timer::Job[rsync-gerrit-data].orig +++ Systemd::Timer::Job[rsync-gerrit-data] + success_exit_status => [24] + environment => {} + command => /usr/local/sbin/sync-gerrit-data + syslog_match_startswith => True + monitoring_enabled => False + logfile_perms => all + syslog_force_stop => True + ignore_errors => False + send_mail_to => root@gerrit1003.wikimedia.org + ensure => absent + interval => {'start': 'OnCalendar', 'interval': '*-*-* *:00/10:00'} + logfile_name => syslog.log + fixed_random_delay => False + description => Transfer data periodically between hosts + user => root + monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state + send_mail_only_on_error => True + private_tmp => False + logfile_group => root + monitoring_contact_groups => admins + send_mail => False + logging_enabled => True + logfile_basedir => /var/log- Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]
- Parameters differences:
--- Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)].orig +++ Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)] + command => /bin/systemctl daemon-reload + refreshonly => True
- File[/lib/systemd/system/rsync-gerrit-data.service]
- Parameters differences:
--- File[/lib/systemd/system/rsync-gerrit-data.service].orig +++ File[/lib/systemd/system/rsync-gerrit-data.service] + mode => 0444 + ensure => absent + group => root + owner => root + notify => Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]
- Content differences:
--- /lib/systemd/system/rsync-gerrit-data.service.orig +++ /lib/systemd/system/rsync-gerrit-data.service @@ -0,0 +1,9 @@ +[Unit] +Description=Transfer data periodically between hosts +Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state + +[Service] +Type=oneshot +User=root +ExecStart=/usr/local/sbin/sync-gerrit-data +SuccessExitStatus=24
- Firewall::Service[rsyncd_access_gerrit-data]
- Parameters differences:
--- Firewall::Service[rsyncd_access_gerrit-data].orig +++ Firewall::Service[rsyncd_access_gerrit-data] - desc => - unrestricted_access => False - prio => 10 - proto => tcp - notrack => False - ensure => present - port => [873, 1873] - srange => ['gerrit2003.wikimedia.org']
- File[/etc/logrotate.d/rsync-gerrit-home]
- Parameters differences:
--- File[/etc/logrotate.d/rsync-gerrit-home].orig +++ File[/etc/logrotate.d/rsync-gerrit-home] + mode => 0444 + ensure => absent + group => root + owner => root
- Content differences:
--- /etc/logrotate.d/rsync-gerrit-home.orig +++ /etc/logrotate.d/rsync-gerrit-home @@ -0,0 +1,12 @@ +# logrotate(8) config for rsync-gerrit-home + +/var/log/rsync-gerrit-home/*.log { + daily + copytruncate + missingok + compress + delaycompress + notifempty + rotate 15 + size 256M +}- Class[Adduser]
- Parameters differences:
--- Class[Adduser].orig +++ Class[Adduser] @@ - before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-fd]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[openjdk-17-dbg]', 'Package[python3-virtualenv]', 'Package[virtualenv]', 'Package[python3-pip]', 'Package[apache2]', 'Package[links]', 'Package[rsync]', 'Package[envoyproxy]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[openjdk-17-jdk]', 'Package[git-lfs]', 'Package[python3-venv]', 'Package[gerrit/gerrit]', 'Package[gervert/deploy]', 'Package[stunnel4]', 'Package[mtail]', 'Package[prometheus-apache-exporter]'] + before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[megacli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[bacula-fd]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[openjdk-17-dbg]', 'Package[python3-virtualenv]', 'Package[virtualenv]', 'Package[python3-pip]', 'Package[apache2]', 'Package[links]', 'Package[envoyproxy]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[openjdk-17-jdk]', 'Package[git-lfs]', 'Package[rsync]', 'Package[python3-venv]', 'Package[gerrit/gerrit]', 'Package[gervert/deploy]', 'Package[stunnel4]', 'Package[mtail]', 'Package[prometheus-apache-exporter]']
- Concat::Fragment[/etc/rsyncd.conf-gerrit-data]
- Parameters differences:
--- Concat::Fragment[/etc/rsyncd.conf-gerrit-data].orig +++ Concat::Fragment[/etc/rsyncd.conf-gerrit-data] - order => 10 - target => /etc/rsyncd.conf
- Concat::Fragment[/etc/rsyncd.conf-header]
- Parameters differences:
--- Concat::Fragment[/etc/rsyncd.conf-header].orig +++ Concat::Fragment[/etc/rsyncd.conf-header] - order => 01 - target => /etc/rsyncd.conf
- Rsyslog::Conf[rsync-gerrit-home]
- Parameters differences:
--- Rsyslog::Conf[rsync-gerrit-home].orig +++ Rsyslog::Conf[rsync-gerrit-home] + mode => 0444 + require => File[/var/log/rsync-gerrit-home] + ensure => absent + priority => 40
- Ferm::Service[rsyncd_access_gerrit_home]
- Parameters differences:
--- Ferm::Service[rsyncd_access_gerrit_home].orig +++ Ferm::Service[rsyncd_access_gerrit_home] - desc => - unrestricted_access => False - prio => 10 - proto => tcp - notrack => False - ensure => present - port => [873, 1873] - srange => ['gerrit2003.wikimedia.org']
- Concat::Fragment[/etc/rsyncd.conf-gerrit-home]
- Parameters differences:
--- Concat::Fragment[/etc/rsyncd.conf-gerrit-home].orig +++ Concat::Fragment[/etc/rsyncd.conf-gerrit-home] - order => 10 - target => /etc/rsyncd.conf
- Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]
- Parameters differences:
--- Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)].orig +++ Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)] + command => /bin/systemctl daemon-reload + refreshonly => True
- File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]
- Parameters differences:
--- File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper].orig +++ File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper] + mode => 0755 + ensure => present + group => root + owner => root
- Content differences:
--- /usr/local/sbin/sync-gerrit-home-ssl-wrapper.orig +++ /usr/local/sbin/sync-gerrit-home-ssl-wrapper @@ -0,0 +1,29 @@ +#!/bin/sh +# This file is managed by Puppet +# +# This script is expected to be used as the --rsh argument to rsync. +# It will wrap rsync's communication in stunnel, and validate the +# server's cert vs the Puppet CA. + +set -eu + +cleanup() { + [ -f "$CONFIG" ] && rm -f "$CONFIG" +} +trap cleanup EXIT + +CONFIG=$(mktemp -t sync-ssl-wrapper.stunnel.conf.XXXXXXXX) + +RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-1873} + +cat > "$CONFIG" <<EOF +foreground = yes +client = yes +connect = $1:$RSYNC_SSL_PORT +CAfile = /var/lib/puppet/ssl/certs/ca.pem +cert = /var/lib/puppet/ssl/certs/gerrit1003.wikimedia.org.pem +key = /var/lib/puppet/ssl/private_keys/gerrit1003.wikimedia.org.pem +verifyChain = yes +EOF + +/usr/bin/stunnel4 "$CONFIG"- Firewall::Service[rsyncd_access_gerrit-home]
- Parameters differences:
--- Firewall::Service[rsyncd_access_gerrit-home].orig +++ Firewall::Service[rsyncd_access_gerrit-home] - desc => - unrestricted_access => False - prio => 10 - proto => tcp - notrack => False - ensure => present - port => [873, 1873] - srange => ['gerrit2003.wikimedia.org']
- Logrotate::Conf[rsync-gerrit-data]
- Parameters differences:
--- Logrotate::Conf[rsync-gerrit-data].orig +++ Logrotate::Conf[rsync-gerrit-data] + ensure => absent
- Service[rsync-gerrit-home.timer]
- Parameters differences:
--- Service[rsync-gerrit-home.timer].orig +++ Service[rsync-gerrit-home.timer] + enable => False + ensure => stopped + provider => systemd + before => ['Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]']
- Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]
- Parameters differences:
--- Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)].orig +++ Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)] + command => /bin/systemctl daemon-reload + refreshonly => True
- File[/var/log/rsync-gerrit-home]
- Parameters differences:
--- File[/var/log/rsync-gerrit-home].orig +++ File[/var/log/rsync-gerrit-home] + mode => 0755 + ensure => absent + group => root + owner => root + backup => False + force => True
- Concat_fragment[/etc/rsyncd.conf-header]
- Concat_fragment[/etc/rsyncd.conf-header]
- File[/var/log/rsync-gerrit-home]
- Exec[systemd daemon-reload for rsync-gerrit-home.timer (rsync-gerrit-home.timer)]
- Service[rsync-gerrit-home.timer]
- Logrotate::Conf[rsync-gerrit-data]
- Content differences:
- File[/usr/local/sbin/sync-gerrit-home-ssl-wrapper]
- Exec[systemd daemon-reload for rsync-gerrit-home.service (rsync-gerrit-home.service)]
- Concat::Fragment[/etc/rsyncd.conf-gerrit-home]
- Ferm::Service[rsyncd_access_gerrit_home]
- Rsyslog::Conf[rsync-gerrit-home]
- Concat::Fragment[/etc/rsyncd.conf-header]
- Concat::Fragment[/etc/rsyncd.conf-gerrit-data]
- Content differences:
- File[/etc/logrotate.d/rsync-gerrit-home]
- Content differences:
- File[/lib/systemd/system/rsync-gerrit-data.service]
- Exec[systemd daemon-reload for rsync-gerrit-data.timer (rsync-gerrit-data.timer)]
- Systemd::Timer::Job[rsync-gerrit-data]
- Systemd::Service[rsync-gerrit-home]
- Systemd::Syslog[rsync-gerrit-home]
- Content differences:
- Content differences:
- File[/etc/rsyslog.d/40-rsync-gerrit-home.conf]
- Content differences:
- Concat_fragment[/etc/rsyncd.conf-gerrit-data]
- Content differences:
- File[/lib/systemd/system/rsync-gerrit-home.service]
- Content differences:
- File[/lib/systemd/system/rsync-gerrit-home.timer]
- Content differences:
- Content differences:
- Content differences:
- Content differences:
- File[/etc/logrotate.d/rsync-gerrit-data]
- Content differences:
- Content differences:
- File[/usr/local/sbin/sync-gerrit-data-ssl-wrapper]
- Content differences:
- File[/etc/default/rsync]
- Systemd::Unit[rsync-gerrit-data.timer]
- Nftables::Service[rsyncd_access_gerrit-data]
- Rsync::Server::Module[gerrit-home]
- Concat_file[/etc/rsyncd.conf]
- Service[rsync-gerrit-data.timer]
- Exec[systemd daemon-reload for rsync-gerrit-data.service (rsync-gerrit-data.service)]
- Systemd::Timer[rsync-gerrit-data]
- Content differences:
- File[/etc/rsyslog.d/40-rsync-gerrit-data.conf]
- Systemd::Syslog[rsync-gerrit-data]
- Parameters differences: