Compilation results for releases1003.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3427
Resources added:	44
Resources removed:	0
Resources modified:	112
Change percentage:	4.55%

Resources only in the new catalog

Rsync::Server::Module[srv-org-wikimedia-releases-releases1003.eqiad.wmnet]
Concat::Fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet]
Concat::Fragment[/etc/rsyncd.conf-header]
File[/usr/local/sbin/sync-srv-patches-releases-primary-ssl-wrapper]
Concat_fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet]
Rsync::Server::Module[var-lib-jenkins-releases1003.eqiad.wmnet]
Class[Rsync::Server]
Service[stunnel4]
Concat_fragment[/etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet]
Concat_file[/etc/rsyncd.conf]
Firewall::Service[rsyncd_access_var-lib-jenkins-releases1003.eqiad.wmnet]
File[/etc/rsync.d]
Concat::Fragment[/etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet]
Rsync::Server::Module[srv-org-wikimedia-releases-releases2003.codfw.wmnet]
Concat_fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet]
File[/etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet]
Ferm::Service[rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet]
Ferm::Service[rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet]
Concat::Fragment[/etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet]
Firewall::Service[rsyncd_access_srv-org-wikimedia-releases-releases1003.eqiad.wmnet]
File[/etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet]
File[/etc/default/rsync]
Class[Rsync::Server::Stunnel]
Ferm::Service[rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet]
Concat_fragment[/etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet]
Service[rsync]
Concat::Fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet]
File_line[enable_stunnel]
File[/usr/local/sbin/sync-srv-mediawiki-private-primary]
File[/usr/local/sbin/sync-srv-patches-releases-primary]
Rsync::Server::Module[var-lib-jenkins-releases2003.codfw.wmnet]
File[/etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet]
File[/etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet]
Nftables::Service[rsyncd_access_srv-org-wikimedia-releases-releases1003.eqiad.wmnet]
Prometheus::Blackbox::Check::Http[releases-jenkins.wikimedia.org]
Concat[/etc/rsyncd.conf]
Nftables::Service[rsyncd_access_var-lib-jenkins-releases2003.codfw.wmnet]
Nftables::Service[rsyncd_access_srv-org-wikimedia-releases-releases2003.codfw.wmnet]
Nftables::Service[rsyncd_access_var-lib-jenkins-releases1003.eqiad.wmnet]
Ferm::Service[rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet]
Firewall::Service[rsyncd_access_var-lib-jenkins-releases2003.codfw.wmnet]
File[/etc/stunnel/rsync.conf]
Concat_fragment[/etc/rsyncd.conf-header]
Firewall::Service[rsyncd_access_srv-org-wikimedia-releases-releases2003.codfw.wmnet]

Resources modified

Rsync::Quickdatacopy[srv-patches-releases2003.codfw.wmnet]

Parameters differences:

--- Rsync::Quickdatacopy[srv-patches-releases2003.codfw.wmnet].orig
+++ Rsync::Quickdatacopy[srv-patches-releases2003.codfw.wmnet]

+    chown  => jenkins:705
@@
-    ensure => absent
+    ensure => present

File[/etc/rsyslog.d/40-rsync-srv-patches-releases1003-eqiad-wmnet.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-rsync-srv-patches-releases1003-eqiad-wmnet.conf].orig
+++ File[/etc/rsyslog.d/40-rsync-srv-patches-releases1003-eqiad-wmnet.conf]

@@
-    ensure => present
+    ensure => absent

Class[Profile::Releases::Common]

Parameters differences:

--- Class[Profile::Releases::Common].orig
+++ Class[Profile::Releases::Common]

@@
-    primary_server    => releases2003.codfw.wmnet
+    primary_server    => releases1003.eqiad.wmnet
@@
-    secondary_servers => ['releases1003.eqiad.wmnet']
+    secondary_servers => ['releases2003.codfw.wmnet']

Service[wmf_auto_restart_rsync.timer]

Parameters differences:

--- Service[wmf_auto_restart_rsync.timer].orig
+++ Service[wmf_auto_restart_rsync.timer]

-    before => ['Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]']
@@
-    ensure => stopped
+    ensure => running
@@
-    enable => False
+    enable => True

File[/usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet-ssl-wrapper]

Parameters differences:

--- File[/usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet-ssl-wrapper].orig
+++ File[/usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet-ssl-wrapper]

@@
-    ensure => present
+    ensure => absent

Systemd::Service[rsync-srv-patches-releases-primary]

Parameters differences:

--- Systemd::Service[rsync-srv-patches-releases-primary].orig
+++ Systemd::Service[rsync-srv-patches-releases-primary]

@@
-    ensure => absent
+    ensure => present

Exec[systemd daemon-reload for rsync-srv-patches-releases-primary.timer (rsync-srv-patches-releases-primary.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-srv-patches-releases-primary.timer (rsync-srv-patches-releases-primary.timer)].orig
+++ Exec[systemd daemon-reload for rsync-srv-patches-releases-primary.timer (rsync-srv-patches-releases-primary.timer)]

+    before => ['Service[rsync-srv-patches-releases-primary.timer]']

Systemd::Unit[wmf_auto_restart_rsync.service]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_rsync.service].orig
+++ Systemd::Unit[wmf_auto_restart_rsync.service]

@@
-    ensure => absent
+    ensure => present

Service[rsync]

Parameters differences:

--- Service[rsync].orig
+++ Service[rsync]

+    require   => Package[rsync]
+    subscribe => ['Concat[/etc/rsyncd.conf]', 'File[/etc/default/rsync]']
+    ensure    => running
+    enable    => True

File[/usr/local/sbin/sync-srv-mediawiki-private-primary]

Parameters differences:

--- File[/usr/local/sbin/sync-srv-mediawiki-private-primary].orig
+++ File[/usr/local/sbin/sync-srv-mediawiki-private-primary]

+    mode   => 0755
+    ensure => present
+    group  => root
+    owner  => root

Content differences:

--- /usr/local/sbin/sync-srv-mediawiki-private-primary.orig
+++ /usr/local/sbin/sync-srv-mediawiki-private-primary
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/rsync  --delete -a    rsync://deploy1003.eqiad.wmnet/srv-mediawiki-private-primary /srv/mediawiki-staging/private/

Rsync::Quickdatacopy[srv-mediawiki-private-releases1003.eqiad.wmnet]

Parameters differences:

--- Rsync::Quickdatacopy[srv-mediawiki-private-releases1003.eqiad.wmnet].orig
+++ Rsync::Quickdatacopy[srv-mediawiki-private-releases1003.eqiad.wmnet]

@@
-    ensure => present
+    ensure => absent

Ferm::Service[rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet]

Parameters differences:

--- Ferm::Service[rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet].orig
+++ Ferm::Service[rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet]

+    port                => [873, 1873]
+    srange              => ['releases1003.eqiad.wmnet']
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    ensure              => present
+    notrack             => False

Nftables::Service[rsyncd_access_srv-org-wikimedia-releases-releases2003.codfw.wmnet]

Parameters differences:

--- Nftables::Service[rsyncd_access_srv-org-wikimedia-releases-releases2003.codfw.wmnet].orig
+++ Nftables::Service[rsyncd_access_srv-org-wikimedia-releases-releases2003.codfw.wmnet]

+    port                => [873, 1873]
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    src_ips             => ['10.192.16.72', '2620:0:860:102:10:192:16:72']
+    ensure              => present
+    notrack             => False

File[/var/log/rsync-srv-patches-releases-primary]

Parameters differences:

--- File[/var/log/rsync-srv-patches-releases-primary].orig
+++ File[/var/log/rsync-srv-patches-releases-primary]

@@
-    ensure => absent
+    ensure => directory

Class[Profile::Releases::Mediawiki::Security]

Parameters differences:

--- Class[Profile::Releases::Mediawiki::Security].orig
+++ Class[Profile::Releases::Mediawiki::Security]

@@
-    primary_server    => releases2003.codfw.wmnet
+    primary_server    => releases1003.eqiad.wmnet
@@
-    secondary_servers => ['releases1003.eqiad.wmnet']
+    secondary_servers => ['releases2003.codfw.wmnet']

File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf].orig
+++ File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]

@@
-    ensure => absent
+    ensure => present

Class[Rsync::Server]

Parameters differences:

--- Class[Rsync::Server].orig
+++ Class[Rsync::Server]

+    use_chroot     => yes
+    address        => 0.0.0.0
+    rsyncd_conf    => {}
+    rsync_opts     => []
+    timeout        => 300
+    ensure_service => running

File[/etc/rsync.d]

Parameters differences:

--- File[/etc/rsync.d].orig
+++ File[/etc/rsync.d]

+    group   => root
+    force   => True
+    recurse => True
+    ensure  => absent
+    purge   => True
+    owner   => root

Class[Rsync::Server::Stunnel]

Parameters differences:

--- Class[Rsync::Server::Stunnel].orig
+++ Class[Rsync::Server::Stunnel]

+    ensure         => present
+    ensure_service => running

File[/usr/local/sbin/sync-srv-patches-releases-primary-ssl-wrapper]

Parameters differences:

--- File[/usr/local/sbin/sync-srv-patches-releases-primary-ssl-wrapper].orig
+++ File[/usr/local/sbin/sync-srv-patches-releases-primary-ssl-wrapper]

+    mode   => 0755
+    ensure => present
+    group  => root
+    owner  => root

Content differences:

--- /usr/local/sbin/sync-srv-patches-releases-primary-ssl-wrapper.orig
+++ /usr/local/sbin/sync-srv-patches-releases-primary-ssl-wrapper
@@ -0,0 +1,29 @@
+#!/bin/sh
+# This file is managed by Puppet
+#
+# This script is expected to be used as the --rsh argument to rsync.
+# It will wrap rsync's communication in stunnel, and validate the
+# server's cert vs the Puppet CA.
+
+set -eu
+
+cleanup() {
+    [ -f "$CONFIG" ] && rm -f "$CONFIG"
+}
+trap cleanup EXIT
+
+CONFIG=$(mktemp -t sync-ssl-wrapper.stunnel.conf.XXXXXXXX)
+
+RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-1873}
+
+cat > "$CONFIG" <<EOF
+foreground  = yes
+client      = yes
+connect     = $1:$RSYNC_SSL_PORT
+CAfile      = /var/lib/puppet/ssl/certs/ca.pem
+cert        = /var/lib/puppet/ssl/certs/releases1003.eqiad.wmnet.pem
+key         = /var/lib/puppet/ssl/private_keys/releases1003.eqiad.wmnet.pem
+verifyChain = yes
+EOF
+
+/usr/bin/stunnel4 "$CONFIG"

File[/etc/logrotate.d/rsync-srv-patches-releases-primary]

Parameters differences:

--- File[/etc/logrotate.d/rsync-srv-patches-releases-primary].orig
+++ File[/etc/logrotate.d/rsync-srv-patches-releases-primary]

@@
-    ensure => absent
+    ensure => present

File[/etc/logrotate.d/rsync-srv-patches-releases1003_eqiad_wmnet]

Parameters differences:

--- File[/etc/logrotate.d/rsync-srv-patches-releases1003_eqiad_wmnet].orig
+++ File[/etc/logrotate.d/rsync-srv-patches-releases1003_eqiad_wmnet]

@@
-    ensure => present
+    ensure => absent

File[/etc/rsyslog.d/40-rsync-srv-patches-releases-primary.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-rsync-srv-patches-releases-primary.conf].orig
+++ File[/etc/rsyslog.d/40-rsync-srv-patches-releases-primary.conf]

@@
-    ensure => absent
+    ensure => present

File[/usr/local/sbin/sync-srv-mediawiki-private-releases1003.eqiad.wmnet]

Parameters differences:

--- File[/usr/local/sbin/sync-srv-mediawiki-private-releases1003.eqiad.wmnet].orig
+++ File[/usr/local/sbin/sync-srv-mediawiki-private-releases1003.eqiad.wmnet]

@@
-    ensure => present
+    ensure => absent

File[/usr/local/sbin/sync-srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

Content differences:

--- /usr/local/sbin/sync-srv-org-wikimedia-releases-releases1003.eqiad.wmnet.orig
+++ /usr/local/sbin/sync-srv-org-wikimedia-releases-releases1003.eqiad.wmnet
@@ -1,2 +1,2 @@
 #!/bin/sh
-/usr/bin/rsync --rsh /usr/local/sbin/sync-srv-org-wikimedia-releases-releases1003.eqiad.wmnet-ssl-wrapper --delete -a    rsync://releases2003.codfw.wmnet/srv-org-wikimedia-releases-releases1003.eqiad.wmnet /srv/org/wikimedia/releases/
+/usr/bin/rsync --rsh /usr/local/sbin/sync-srv-org-wikimedia-releases-releases1003.eqiad.wmnet-ssl-wrapper --delete -a    rsync://releases1003.eqiad.wmnet/srv-org-wikimedia-releases-releases1003.eqiad.wmnet /srv/org/wikimedia/releases/

Rsyslog::Conf[rsync-srv-patches-releases-primary]

Parameters differences:

--- Rsyslog::Conf[rsync-srv-patches-releases-primary].orig
+++ Rsyslog::Conf[rsync-srv-patches-releases-primary]

@@
-    ensure => absent
+    ensure => present

File[/usr/local/sbin/sync-srv-patches-releases-primary]

Parameters differences:

--- File[/usr/local/sbin/sync-srv-patches-releases-primary].orig
+++ File[/usr/local/sbin/sync-srv-patches-releases-primary]

+    mode   => 0755
+    ensure => present
+    group  => root
+    owner  => root

Content differences:

--- /usr/local/sbin/sync-srv-patches-releases-primary.orig
+++ /usr/local/sbin/sync-srv-patches-releases-primary
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/rsync --rsh /usr/local/sbin/sync-srv-patches-releases-primary-ssl-wrapper --delete -a  --chown=jenkins:705  rsync://deploy1003.eqiad.wmnet/srv-patches-releases-primary /srv/patches/

Exec[systemd daemon-reload for rsync-srv-patches-releases1003.eqiad.wmnet.timer (rsync-srv-patches-releases1003.eqiad.wmnet.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for rsync-srv-patches-releases1003.eqiad.wmnet.timer (rsync-srv-patches-releases1003.eqiad.wmnet.timer)].orig
+++ Exec[systemd daemon-reload for rsync-srv-patches-releases1003.eqiad.wmnet.timer (rsync-srv-patches-releases1003.eqiad.wmnet.timer)]

-    before => ['Service[rsync-srv-patches-releases1003.eqiad.wmnet.timer]']

Systemd::Syslog[rsync-srv-patches-releases1003_eqiad_wmnet]

Parameters differences:

--- Systemd::Syslog[rsync-srv-patches-releases1003_eqiad_wmnet].orig
+++ Systemd::Syslog[rsync-srv-patches-releases1003_eqiad_wmnet]

@@
-    ensure => present
+    ensure => absent

Rsync::Server::Module[var-lib-jenkins-releases1003.eqiad.wmnet]

Parameters differences:

--- Rsync::Server::Module[var-lib-jenkins-releases1003.eqiad.wmnet].orig
+++ Rsync::Server::Module[var-lib-jenkins-releases1003.eqiad.wmnet]

+    max_connections => 0
+    auto_firewall   => True
+    qos_low         => False
+    write_only      => no
+    lock_file       => /var/run/rsyncd.lock
+    read_only       => yes
+    uid             => 0
+    chroot          => True
+    list            => yes
+    hosts_allow     => ['releases1003.eqiad.wmnet']
+    gid             => 0
+    ensure          => present
+    path            => /var/lib/jenkins

Concat_file[/etc/rsyncd.conf]

Parameters differences:

--- Concat_file[/etc/rsyncd.conf].orig
+++ Concat_file[/etc/rsyncd.conf]

+    group          => root
+    format         => plain
+    tag            => _etc_rsyncd.conf
+    mode           => 0444
+    show_diff      => True
+    backup         => puppet
+    order          => alpha
+    replace        => True
+    force          => False
+    ensure_newline => False
+    owner          => root

File[/usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet]

Parameters differences:

--- File[/usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet].orig
+++ File[/usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet]

@@
-    ensure => present
+    ensure => absent

Content differences:

--- /usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet.orig
+++ /usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet
@@ -1,2 +1,2 @@
 #!/bin/sh
-/usr/bin/rsync --rsh /usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet-ssl-wrapper --delete -a  --chown=jenkins:705  rsync://deploy1003.eqiad.wmnet/srv-patches-releases1003.eqiad.wmnet /srv/patches/
+/usr/bin/rsync --rsh /usr/local/sbin/sync-srv-patches-releases1003.eqiad.wmnet-ssl-wrapper --delete -a    rsync://deploy1003.eqiad.wmnet/srv-patches-releases1003.eqiad.wmnet /srv/patches/

Logrotate::Conf[wmf_auto_restart_rsync]

Parameters differences:

--- Logrotate::Conf[wmf_auto_restart_rsync].orig
+++ Logrotate::Conf[wmf_auto_restart_rsync]

@@
-    ensure => absent
+    ensure => present

Rsync::Server::Module[srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

Parameters differences:

--- Rsync::Server::Module[srv-org-wikimedia-releases-releases1003.eqiad.wmnet].orig
+++ Rsync::Server::Module[srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

+    max_connections => 0
+    auto_firewall   => True
+    qos_low         => False
+    write_only      => no
+    lock_file       => /var/run/rsyncd.lock
+    read_only       => yes
+    uid             => 0
+    chroot          => True
+    list            => yes
+    hosts_allow     => ['releases1003.eqiad.wmnet']
+    gid             => 0
+    ensure          => present
+    path            => /srv/org/wikimedia/releases

Service[rsync-srv-patches-releases-primary.timer]

Parameters differences:

--- Service[rsync-srv-patches-releases-primary.timer].orig
+++ Service[rsync-srv-patches-releases-primary.timer]

-    before => ['Exec[systemd daemon-reload for rsync-srv-patches-releases-primary.timer (rsync-srv-patches-releases-primary.timer)]']
@@
-    ensure => stopped
+    ensure => running
@@
-    enable => False
+    enable => True

Systemd::Unit[rsync-srv-patches-releases-primary.service]

Parameters differences:

--- Systemd::Unit[rsync-srv-patches-releases-primary.service].orig
+++ Systemd::Unit[rsync-srv-patches-releases-primary.service]

@@
-    ensure => absent
+    ensure => present

File[/etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet]

Parameters differences:

--- File[/etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet].orig
+++ File[/etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet]

+    notify  => Service[ferm]
+    tag     => ferm
+    group   => root
+    require => File[/etc/ferm/conf.d]
+    mode    => 0400
+    ensure  => present
+    owner   => root

Content differences:

--- /etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet.orig
+++ /etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases1003_eqiad_wmnet
@@ -0,0 +1,6 @@
+# Autogenerated by puppet. DO NOT EDIT BY HAND!
+#
+# 
+&R_SERVICE(tcp, (873 1873), (10.64.48.34 2620:0:861:107:10:64:48:34));
+
+

Rsync::Quickdatacopy[srv-mediawiki-private-releases2003.codfw.wmnet]

Parameters differences:

--- Rsync::Quickdatacopy[srv-mediawiki-private-releases2003.codfw.wmnet].orig
+++ Rsync::Quickdatacopy[srv-mediawiki-private-releases2003.codfw.wmnet]

@@
-    ensure => absent
+    ensure => present

Rsync::Quickdatacopy[srv-mediawiki-private-primary]

Parameters differences:

--- Rsync::Quickdatacopy[srv-mediawiki-private-primary].orig
+++ Rsync::Quickdatacopy[srv-mediawiki-private-primary]

@@
-    dest_host => releases2003.codfw.wmnet
+    dest_host => releases1003.eqiad.wmnet

Systemd::Unit[rsync-srv-patches-releases1003.eqiad.wmnet.service]

Parameters differences:

--- Systemd::Unit[rsync-srv-patches-releases1003.eqiad.wmnet.service].orig
+++ Systemd::Unit[rsync-srv-patches-releases1003.eqiad.wmnet.service]

@@
-    ensure => present
+    ensure => absent

Systemd::Timer[rsync-srv-patches-releases-primary]

Parameters differences:

--- Systemd::Timer[rsync-srv-patches-releases-primary].orig
+++ Systemd::Timer[rsync-srv-patches-releases-primary]

@@
-    ensure => absent
+    ensure => present

Systemd::Service[rsync-srv-patches-releases1003.eqiad.wmnet]

Parameters differences:

--- Systemd::Service[rsync-srv-patches-releases1003.eqiad.wmnet].orig
+++ Systemd::Service[rsync-srv-patches-releases1003.eqiad.wmnet]

@@
-    ensure => present
+    ensure => absent

File[/etc/logrotate.d/wmf_auto_restart_rsync]

Parameters differences:

--- File[/etc/logrotate.d/wmf_auto_restart_rsync].orig
+++ File[/etc/logrotate.d/wmf_auto_restart_rsync]

@@
-    ensure => absent
+    ensure => present

Rsync::Quickdatacopy[srv-patches-releases-primary]

Parameters differences:

--- Rsync::Quickdatacopy[srv-patches-releases-primary].orig
+++ Rsync::Quickdatacopy[srv-patches-releases-primary]

@@
-    dest_host => releases2003.codfw.wmnet
+    dest_host => releases1003.eqiad.wmnet

Ferm::Service[rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet]

Parameters differences:

--- Ferm::Service[rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet].orig
+++ Ferm::Service[rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet]

+    port                => [873, 1873]
+    srange              => ['releases1003.eqiad.wmnet']
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    ensure              => present
+    notrack             => False

Rsyslog::Conf[rsync-srv-patches-releases1003_eqiad_wmnet]

Parameters differences:

--- Rsyslog::Conf[rsync-srv-patches-releases1003_eqiad_wmnet].orig
+++ Rsyslog::Conf[rsync-srv-patches-releases1003_eqiad_wmnet]

@@
-    ensure => present
+    ensure => absent

Nftables::Service[rsyncd_access_var-lib-jenkins-releases1003.eqiad.wmnet]

Parameters differences:

--- Nftables::Service[rsyncd_access_var-lib-jenkins-releases1003.eqiad.wmnet].orig
+++ Nftables::Service[rsyncd_access_var-lib-jenkins-releases1003.eqiad.wmnet]

+    port                => [873, 1873]
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    src_ips             => ['10.64.48.34', '2620:0:861:107:10:64:48:34']
+    ensure              => present
+    notrack             => False

Concat_fragment[/etc/rsyncd.conf-header]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-header].orig
+++ Concat_fragment[/etc/rsyncd.conf-header]

+    tag    => _etc_rsyncd.conf
+    order  => 01
+    target => /etc/rsyncd.conf

Content differences:

--- /etc/rsyncd.conf-header.orig
+++ /etc/rsyncd.conf-header
@@ -0,0 +1,11 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+uid = nobody
+gid = nogroup
+use chroot = yes
+
+log format = %t %a %m %f %b
+syslog facility = local3
+timeout = 300
+address = 0.0.0.0

File[/etc/default/rsync]

Parameters differences:

--- File[/etc/default/rsync].orig
+++ File[/etc/default/rsync]

+    mode   => 0444
+    ensure => present
+    group  => root
+    owner  => root

Content differences:

--- /etc/default/rsync.orig
+++ /etc/default/rsync
@@ -0,0 +1,46 @@
+#####################################################################
+### THIS FILE IS MANAGED BY PUPPET
+### puppet:///rsync/rsync.default.erb
+#####################################################################
+
+# defaults file for rsync daemon mode
+
+# start rsync in daemon mode from init.d script?
+#  only allowed values are "true", "false", and "inetd"
+#  Use "inetd" if you want to start the rsyncd from inetd,
+#  all this does is prevent the init.d script from printing a message
+#  about not starting rsyncd (you still need to modify inetd's config yourself).
+RSYNC_ENABLE=true
+
+# which file should be used as the configuration file for rsync.
+# This file is used instead of the default /etc/rsyncd.conf
+# Warning: This option has no effect if the daemon is accessed
+#          using a remote shell. When using a different file for
+#          rsync you might want to symlink /etc/rsyncd.conf to
+#          that file.
+RSYNC_CONFIG_FILE=/etc/rsyncd.conf
+
+# what extra options to give rsync --daemon?
+#  that excludes the --daemon; that's always done in the init.d script
+#  Possibilities are:
+#   --address=123.45.67.89		(bind to a specific IP address)
+#   --port=8730				(bind to specified port; default 873)
+RSYNC_OPTS=''
+
+# run rsyncd at a nice level?
+#  the rsync daemon can impact performance due to much I/O and CPU usage,
+#  so you may want to run it at a nicer priority than the default priority.
+#  Allowed values are 0 - 19 inclusive; 10 is a reasonable value.
+RSYNC_NICE=''
+
+# run rsyncd with ionice?
+#  "ionice" does for IO load what "nice" does for CPU load.
+#  As rsync is often used for backups which aren't all that time-critical,
+#  reducing the rsync IO priority will benefit the rest of the system.
+#  See the manpage for ionice for allowed options.
+#  -c3 is recommended, this will run rsync IO at "idle" priority. Uncomment
+#  the next line to activate this.
+# RSYNC_IONICE='-c3'
+
+# Don't forget to create an appropriate config file,
+# else the daemon will not start.

Concat[/etc/rsyncd.conf]

Parameters differences:

--- Concat[/etc/rsyncd.conf].orig
+++ Concat[/etc/rsyncd.conf]

+    group          => root
+    format         => plain
+    mode           => 0444
+    warn           => False
+    show_diff      => True
+    backup         => puppet
+    order          => alpha
+    replace        => True
+    owner          => root
+    force          => False
+    ensure_newline => False
+    ensure         => present
+    path           => /etc/rsyncd.conf

File_line[auto_restart_file_presence_rsync]

Parameters differences:

--- File_line[auto_restart_file_presence_rsync].orig
+++ File_line[auto_restart_file_presence_rsync]

@@
-    ensure => absent
+    ensure => present

Service[stunnel4]

Parameters differences:

--- Service[stunnel4].orig
+++ Service[stunnel4]

+    enable    => True
+    ensure    => running
+    subscribe => ['Concat[/etc/rsyncd.conf]', 'File[/etc/default/rsync]', 'File[/etc/stunnel/rsync.conf]', 'File_line[enable_stunnel]', 'Package[stunnel4]']

File[/lib/systemd/system/rsync-srv-patches-releases1003.eqiad.wmnet.service]

Parameters differences:

--- File[/lib/systemd/system/rsync-srv-patches-releases1003.eqiad.wmnet.service].orig
+++ File[/lib/systemd/system/rsync-srv-patches-releases1003.eqiad.wmnet.service]

@@
-    ensure => present
+    ensure => absent

Systemd::Timer[wmf_auto_restart_rsync]

Parameters differences:

--- Systemd::Timer[wmf_auto_restart_rsync].orig
+++ Systemd::Timer[wmf_auto_restart_rsync]

@@
-    ensure => absent
+    ensure => present

Concat::Fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet].orig
+++ Concat::Fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

+    order  => 10
+    target => /etc/rsyncd.conf

Nftables::Service[rsyncd_access_srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

Parameters differences:

--- Nftables::Service[rsyncd_access_srv-org-wikimedia-releases-releases1003.eqiad.wmnet].orig
+++ Nftables::Service[rsyncd_access_srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

+    port                => [873, 1873]
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    src_ips             => ['10.64.48.34', '2620:0:861:107:10:64:48:34']
+    ensure              => present
+    notrack             => False

Class[Profile::Releases::Mediawiki::Private]

Parameters differences:

--- Class[Profile::Releases::Mediawiki::Private].orig
+++ Class[Profile::Releases::Mediawiki::Private]

@@
-    primary_server    => releases2003.codfw.wmnet
+    primary_server    => releases1003.eqiad.wmnet
@@
-    secondary_servers => ['releases1003.eqiad.wmnet']
+    secondary_servers => ['releases2003.codfw.wmnet']

Rsync::Quickdatacopy[srv-patches-releases1003.eqiad.wmnet]

Parameters differences:

--- Rsync::Quickdatacopy[srv-patches-releases1003.eqiad.wmnet].orig
+++ Rsync::Quickdatacopy[srv-patches-releases1003.eqiad.wmnet]

-    chown  => jenkins:705
@@
-    ensure => present
+    ensure => absent

Ferm::Service[rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet]

Parameters differences:

--- Ferm::Service[rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet].orig
+++ Ferm::Service[rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet]

+    port                => [873, 1873]
+    srange              => ['releases2003.codfw.wmnet']
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    ensure              => present
+    notrack             => False

Concat_fragment[/etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet].orig
+++ Concat_fragment[/etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet]

+    tag    => _etc_rsyncd.conf
+    order  => 10
+    target => /etc/rsyncd.conf

Content differences:

--- /etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet.orig
+++ /etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet
@@ -0,0 +1,20 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+[ var-lib-jenkins-releases2003.codfw.wmnet ]
+path            = /var/lib/jenkins
+read only       = yes
+write only      = no
+list            = yes
+uid             = 0
+gid             = 0
+use chroot      = yes
+
+
+max connections = 0
+
+
+
+
+hosts allow = releases2003.codfw.wmnet localhost
+

Concat_fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet].orig
+++ Concat_fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

+    tag    => _etc_rsyncd.conf
+    order  => 10
+    target => /etc/rsyncd.conf

Content differences:

--- /etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet.orig
+++ /etc/rsyncd.conf-srv-org-wikimedia-releases-releases1003.eqiad.wmnet
@@ -0,0 +1,20 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+[ srv-org-wikimedia-releases-releases1003.eqiad.wmnet ]
+path            = /srv/org/wikimedia/releases
+read only       = yes
+write only      = no
+list            = yes
+uid             = 0
+gid             = 0
+use chroot      = yes
+
+
+max connections = 0
+
+
+
+
+hosts allow = releases1003.eqiad.wmnet localhost
+

File[/var/log/wmf_auto_restart_rsync]

Parameters differences:

--- File[/var/log/wmf_auto_restart_rsync].orig
+++ File[/var/log/wmf_auto_restart_rsync]

@@
-    ensure => absent
+    ensure => directory

Systemd::Unit[wmf_auto_restart_rsync.timer]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_rsync.timer].orig
+++ Systemd::Unit[wmf_auto_restart_rsync.timer]

@@
-    ensure => absent
+    ensure => present

Systemd::Syslog[wmf_auto_restart_rsync]

Parameters differences:

--- Systemd::Syslog[wmf_auto_restart_rsync].orig
+++ Systemd::Syslog[wmf_auto_restart_rsync]

@@
-    ensure => absent
+    ensure => present

Rsyslog::Conf[wmf_auto_restart_rsync]

Parameters differences:

--- Rsyslog::Conf[wmf_auto_restart_rsync].orig
+++ Rsyslog::Conf[wmf_auto_restart_rsync]

@@
-    ensure => absent
+    ensure => present

Concat::Fragment[/etc/rsyncd.conf-header]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-header].orig
+++ Concat::Fragment[/etc/rsyncd.conf-header]

+    order  => 01
+    target => /etc/rsyncd.conf

Firewall::Service[rsyncd_access_srv-org-wikimedia-releases-releases2003.codfw.wmnet]

Parameters differences:

--- Firewall::Service[rsyncd_access_srv-org-wikimedia-releases-releases2003.codfw.wmnet].orig
+++ Firewall::Service[rsyncd_access_srv-org-wikimedia-releases-releases2003.codfw.wmnet]

+    port                => [873, 1873]
+    srange              => ['releases2003.codfw.wmnet']
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    ensure              => present
+    notrack             => False

Service[rsync-srv-patches-releases1003.eqiad.wmnet.timer]

Parameters differences:

--- Service[rsync-srv-patches-releases1003.eqiad.wmnet.timer].orig
+++ Service[rsync-srv-patches-releases1003.eqiad.wmnet.timer]

+    before => ['Exec[systemd daemon-reload for rsync-srv-patches-releases1003.eqiad.wmnet.timer (rsync-srv-patches-releases1003.eqiad.wmnet.timer)]']
@@
-    ensure => running
+    ensure => stopped
@@
-    enable => True
+    enable => False

Rsync::Quickdatacopy[var-lib-jenkins-releases1003.eqiad.wmnet]

Parameters differences:

--- Rsync::Quickdatacopy[var-lib-jenkins-releases1003.eqiad.wmnet].orig
+++ Rsync::Quickdatacopy[var-lib-jenkins-releases1003.eqiad.wmnet]

@@
-    source_host => releases2003.codfw.wmnet
+    source_host => releases1003.eqiad.wmnet

Profile::Auto_restarts::Service[rsync]

Parameters differences:

--- Profile::Auto_restarts::Service[rsync].orig
+++ Profile::Auto_restarts::Service[rsync]

@@
-    ensure => absent
+    ensure => present

Systemd::Timer::Job[rsync-srv-patches-releases1003.eqiad.wmnet]

Parameters differences:

--- Systemd::Timer::Job[rsync-srv-patches-releases1003.eqiad.wmnet].orig
+++ Systemd::Timer::Job[rsync-srv-patches-releases1003.eqiad.wmnet]

@@
-    ensure => present
+    ensure => absent

File[/etc/scap.secondary]

Parameters differences:

--- File[/etc/scap.secondary].orig
+++ File[/etc/scap.secondary]

@@
-    ensure => present
+    ensure => absent

Ferm::Service[rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet]

Parameters differences:

--- Ferm::Service[rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet].orig
+++ Ferm::Service[rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet]

+    port                => [873, 1873]
+    srange              => ['releases2003.codfw.wmnet']
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    ensure              => present
+    notrack             => False

Firewall::Service[rsyncd_access_srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

Parameters differences:

--- Firewall::Service[rsyncd_access_srv-org-wikimedia-releases-releases1003.eqiad.wmnet].orig
+++ Firewall::Service[rsyncd_access_srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

+    port                => [873, 1873]
+    srange              => ['releases1003.eqiad.wmnet']
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    ensure              => present
+    notrack             => False

Rsync::Server::Module[srv-org-wikimedia-releases-releases2003.codfw.wmnet]

Parameters differences:

--- Rsync::Server::Module[srv-org-wikimedia-releases-releases2003.codfw.wmnet].orig
+++ Rsync::Server::Module[srv-org-wikimedia-releases-releases2003.codfw.wmnet]

+    max_connections => 0
+    auto_firewall   => True
+    qos_low         => False
+    write_only      => no
+    lock_file       => /var/run/rsyncd.lock
+    read_only       => yes
+    uid             => 0
+    chroot          => True
+    list            => yes
+    hosts_allow     => ['releases2003.codfw.wmnet']
+    gid             => 0
+    ensure          => present
+    path            => /srv/org/wikimedia/releases

Motd::Script[rsync_source_warning]

Parameters differences:

--- Motd::Script[rsync_source_warning].orig
+++ Motd::Script[rsync_source_warning]

@@
-    ensure => present
+    ensure => absent

File[/lib/systemd/system/wmf_auto_restart_rsync.timer]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_rsync.timer].orig
+++ File[/lib/systemd/system/wmf_auto_restart_rsync.timer]

@@
-    ensure => absent
+    ensure => present

File[/etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet]

Parameters differences:

--- File[/etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet].orig
+++ File[/etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet]

+    notify  => Service[ferm]
+    tag     => ferm
+    group   => root
+    require => File[/etc/ferm/conf.d]
+    mode    => 0400
+    ensure  => present
+    owner   => root

Content differences:

--- /etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet.orig
+++ /etc/ferm/conf.d/10_rsyncd_access_var_lib_jenkins_releases2003_codfw_wmnet
@@ -0,0 +1,6 @@
+# Autogenerated by puppet. DO NOT EDIT BY HAND!
+#
+# 
+&R_SERVICE(tcp, (873 1873), (10.192.16.72 2620:0:860:102:10:192:16:72));
+
+

File[/lib/systemd/system/rsync-srv-patches-releases-primary.timer]

Parameters differences:

--- File[/lib/systemd/system/rsync-srv-patches-releases-primary.timer].orig
+++ File[/lib/systemd/system/rsync-srv-patches-releases-primary.timer]

@@
-    ensure => absent
+    ensure => present

Concat::Fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet].orig
+++ Concat::Fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet]

+    order  => 10
+    target => /etc/rsyncd.conf

Systemd::Timer::Job[rsync-srv-patches-releases-primary]

Parameters differences:

--- Systemd::Timer::Job[rsync-srv-patches-releases-primary].orig
+++ Systemd::Timer::Job[rsync-srv-patches-releases-primary]

@@
-    ensure => absent
+    ensure => present

Systemd::Unit[rsync-srv-patches-releases-primary.timer]

Parameters differences:

--- Systemd::Unit[rsync-srv-patches-releases-primary.timer].orig
+++ Systemd::Unit[rsync-srv-patches-releases-primary.timer]

@@
-    ensure => absent
+    ensure => present

Prometheus::Blackbox::Check::Http[releases-jenkins.wikimedia.org]

Parameters differences:

--- Prometheus::Blackbox::Check::Http[releases-jenkins.wikimedia.org].orig
+++ Prometheus::Blackbox::Check::Http[releases-jenkins.wikimedia.org]

+    instance_label          => releases1003
+    method                  => GET
+    body                    => {}
+    force_tls               => False
+    body_regex_matches      => ['<title>Dashboard - Jenkins<.title>']
+    team                    => collaboration-services
+    header_matches          => []
+    client_auth_key         => /etc/prometheus/ssl/server.key
+    ssl_expired_description => The certificate presented by service {{ $labels.instance }} is going to expire in {{ $value | humanizeDuration }}
+    ssl_expired_dashboard   => https://grafana.wikimedia.org/d/K1dRhGCnz/probes-tls-dashboard
+    client_auth_cert        => /etc/prometheus/ssl/cert.pem
+    ip4                     => 10.64.48.34
+    insecure_tls            => False
+    status_matches          => []
+    prometheus_instance     => ops
+    alert_after             => 2m
+    port                    => 8080
+    ip_families             => ['ip4', 'ip6']
+    server_name             => releases-jenkins.wikimedia.org
+    ssl_expired_runbook     => https://wikitech.wikimedia.org/wiki/TLS/Runbook#{{ $labels.instance }}
+    follow_redirects        => False
+    header_not_matches      => []
+    req_headers             => {}
+    site                    => eqiad
+    body_regex_not_matches  => []
+    probe_runbook           => https://wikitech.wikimedia.org/wiki/Runbook#{{ $labels.instance }}
+    probe_dashboard         => https://grafana.wikimedia.org/d/O0nHhdhnz/network-probes-overview?var-job={{ $labels.job }}&var-module=All
+    ip6                     => 2620:0:861:107:10:64:48:34
+    probe_description       => {{ $labels.instance }} failed when probed by {{ $labels.module }} from {{ $externalLabels.site }}. Availability is {{ $value }}%.
+    certificate_expiry_days => 10
+    use_client_auth         => False
+    severity                => task
+    timeout                 => 3s
+    probe_summary           => Service {{ $labels.instance }} has failed probes ({{ $labels.module }})
+    ssl_expired_summary     => Certificate for service {{ $labels.instance }} is about to expire
+    path                    => /

File[/etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet]

Parameters differences:

--- File[/etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet].orig
+++ File[/etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet]

+    notify  => Service[ferm]
+    tag     => ferm
+    group   => root
+    require => File[/etc/ferm/conf.d]
+    mode    => 0400
+    ensure  => present
+    owner   => root

Content differences:

--- /etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet.orig
+++ /etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases2003_codfw_wmnet
@@ -0,0 +1,6 @@
+# Autogenerated by puppet. DO NOT EDIT BY HAND!
+#
+# 
+&R_SERVICE(tcp, (873 1873), (10.192.16.72 2620:0:860:102:10:192:16:72));
+
+

Systemd::Service[wmf_auto_restart_rsync]

Parameters differences:

--- Systemd::Service[wmf_auto_restart_rsync].orig
+++ Systemd::Service[wmf_auto_restart_rsync]

@@
-    ensure => absent
+    ensure => present

Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)].orig
+++ Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]

+    before => ['Service[wmf_auto_restart_rsync.timer]']

File[/etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet]

Parameters differences:

--- File[/etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet].orig
+++ File[/etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet]

+    notify  => Service[ferm]
+    tag     => ferm
+    group   => root
+    require => File[/etc/ferm/conf.d]
+    mode    => 0400
+    ensure  => present
+    owner   => root

Content differences:

--- /etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet.orig
+++ /etc/ferm/conf.d/10_rsyncd_access_srv_org_wikimedia_releases_releases1003_eqiad_wmnet
@@ -0,0 +1,6 @@
+# Autogenerated by puppet. DO NOT EDIT BY HAND!
+#
+# 
+&R_SERVICE(tcp, (873 1873), (10.64.48.34 2620:0:861:107:10:64:48:34));
+
+

File[/lib/systemd/system/wmf_auto_restart_rsync.service]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_rsync.service].orig
+++ File[/lib/systemd/system/wmf_auto_restart_rsync.service]

@@
-    ensure => absent
+    ensure => present

Rsync::Quickdatacopy[srv-org-wikimedia-releases-releases2003.codfw.wmnet]

Parameters differences:

--- Rsync::Quickdatacopy[srv-org-wikimedia-releases-releases2003.codfw.wmnet].orig
+++ Rsync::Quickdatacopy[srv-org-wikimedia-releases-releases2003.codfw.wmnet]

@@
-    source_host => releases2003.codfw.wmnet
+    source_host => releases1003.eqiad.wmnet

Logrotate::Conf[rsync-srv-patches-releases1003_eqiad_wmnet]

Parameters differences:

--- Logrotate::Conf[rsync-srv-patches-releases1003_eqiad_wmnet].orig
+++ Logrotate::Conf[rsync-srv-patches-releases1003_eqiad_wmnet]

@@
-    ensure => present
+    ensure => absent

Rsync::Server::Module[var-lib-jenkins-releases2003.codfw.wmnet]

Parameters differences:

--- Rsync::Server::Module[var-lib-jenkins-releases2003.codfw.wmnet].orig
+++ Rsync::Server::Module[var-lib-jenkins-releases2003.codfw.wmnet]

+    max_connections => 0
+    auto_firewall   => True
+    qos_low         => False
+    write_only      => no
+    lock_file       => /var/run/rsyncd.lock
+    read_only       => yes
+    uid             => 0
+    chroot          => True
+    list            => yes
+    hosts_allow     => ['releases2003.codfw.wmnet']
+    gid             => 0
+    ensure          => present
+    path            => /var/lib/jenkins

File[/lib/systemd/system/rsync-srv-patches-releases1003.eqiad.wmnet.timer]

Parameters differences:

--- File[/lib/systemd/system/rsync-srv-patches-releases1003.eqiad.wmnet.timer].orig
+++ File[/lib/systemd/system/rsync-srv-patches-releases1003.eqiad.wmnet.timer]

@@
-    ensure => present
+    ensure => absent

File[/lib/systemd/system/rsync-srv-patches-releases-primary.service]

Parameters differences:

--- File[/lib/systemd/system/rsync-srv-patches-releases-primary.service].orig
+++ File[/lib/systemd/system/rsync-srv-patches-releases-primary.service]

@@
-    ensure => absent
+    ensure => present

Nftables::Service[rsyncd_access_var-lib-jenkins-releases2003.codfw.wmnet]

Parameters differences:

--- Nftables::Service[rsyncd_access_var-lib-jenkins-releases2003.codfw.wmnet].orig
+++ Nftables::Service[rsyncd_access_var-lib-jenkins-releases2003.codfw.wmnet]

+    port                => [873, 1873]
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    src_ips             => ['10.192.16.72', '2620:0:860:102:10:192:16:72']
+    ensure              => present
+    notrack             => False

Rsync::Quickdatacopy[var-lib-jenkins-releases2003.codfw.wmnet]

Parameters differences:

--- Rsync::Quickdatacopy[var-lib-jenkins-releases2003.codfw.wmnet].orig
+++ Rsync::Quickdatacopy[var-lib-jenkins-releases2003.codfw.wmnet]

@@
-    source_host => releases2003.codfw.wmnet
+    source_host => releases1003.eqiad.wmnet

File[/etc/update-motd.d/01-rsync-source-warning]

Parameters differences:

--- File[/etc/update-motd.d/01-rsync-source-warning].orig
+++ File[/etc/update-motd.d/01-rsync-source-warning]

@@
-    ensure => present
+    ensure => absent

Content differences:

--- /etc/update-motd.d/01-rsync-source-warning.orig
+++ /etc/update-motd.d/01-rsync-source-warning
@@ -21,6 +21,6 @@
 
 DO NOT UPLOAD FILES HERE.
 
-Upload to 'releases2003.codfw.wmnet' instead.
+Upload to 'releases1003.eqiad.wmnet' instead.
 
 MOTD

File_line[enable_stunnel]

Parameters differences:

--- File_line[enable_stunnel].orig
+++ File_line[enable_stunnel]

+    match    => ^ENABLED=
+    multiple => False
+    line     => ENABLED=1  # Managed by puppet
+    ensure   => present
+    path     => /etc/default/stunnel4

Firewall::Service[rsyncd_access_var-lib-jenkins-releases1003.eqiad.wmnet]

Parameters differences:

--- Firewall::Service[rsyncd_access_var-lib-jenkins-releases1003.eqiad.wmnet].orig
+++ Firewall::Service[rsyncd_access_var-lib-jenkins-releases1003.eqiad.wmnet]

+    port                => [873, 1873]
+    srange              => ['releases1003.eqiad.wmnet']
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    ensure              => present
+    notrack             => False

Firewall::Service[rsyncd_access_var-lib-jenkins-releases2003.codfw.wmnet]

Parameters differences:

--- Firewall::Service[rsyncd_access_var-lib-jenkins-releases2003.codfw.wmnet].orig
+++ Firewall::Service[rsyncd_access_var-lib-jenkins-releases2003.codfw.wmnet]

+    port                => [873, 1873]
+    srange              => ['releases2003.codfw.wmnet']
+    desc                => 
+    unrestricted_access => False
+    proto               => tcp
+    prio                => 10
+    ensure              => present
+    notrack             => False

File[/usr/local/sbin/sync-var-lib-jenkins-releases1003.eqiad.wmnet]

Content differences:

--- /usr/local/sbin/sync-var-lib-jenkins-releases1003.eqiad.wmnet.orig
+++ /usr/local/sbin/sync-var-lib-jenkins-releases1003.eqiad.wmnet
@@ -1,2 +1,2 @@
 #!/bin/sh
-/usr/bin/rsync --rsh /usr/local/sbin/sync-var-lib-jenkins-releases1003.eqiad.wmnet-ssl-wrapper --delete -a    rsync://releases2003.codfw.wmnet/var-lib-jenkins-releases1003.eqiad.wmnet /var/lib/jenkins/
+/usr/bin/rsync --rsh /usr/local/sbin/sync-var-lib-jenkins-releases1003.eqiad.wmnet-ssl-wrapper --delete -a    rsync://releases1003.eqiad.wmnet/var-lib-jenkins-releases1003.eqiad.wmnet /var/lib/jenkins/

Rsync::Quickdatacopy[srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

Parameters differences:

--- Rsync::Quickdatacopy[srv-org-wikimedia-releases-releases1003.eqiad.wmnet].orig
+++ Rsync::Quickdatacopy[srv-org-wikimedia-releases-releases1003.eqiad.wmnet]

@@
-    source_host => releases2003.codfw.wmnet
+    source_host => releases1003.eqiad.wmnet

Concat_fragment[/etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet].orig
+++ Concat_fragment[/etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet]

+    tag    => _etc_rsyncd.conf
+    order  => 10
+    target => /etc/rsyncd.conf

Content differences:

--- /etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet.orig
+++ /etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet
@@ -0,0 +1,20 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+[ var-lib-jenkins-releases1003.eqiad.wmnet ]
+path            = /var/lib/jenkins
+read only       = yes
+write only      = no
+list            = yes
+uid             = 0
+gid             = 0
+use chroot      = yes
+
+
+max connections = 0
+
+
+
+
+hosts allow = releases1003.eqiad.wmnet localhost
+

Systemd::Syslog[rsync-srv-patches-releases-primary]

Parameters differences:

--- Systemd::Syslog[rsync-srv-patches-releases-primary].orig
+++ Systemd::Syslog[rsync-srv-patches-releases-primary]

@@
-    ensure => absent
+    ensure => present

Systemd::Timer::Job[wmf_auto_restart_rsync]

Parameters differences:

--- Systemd::Timer::Job[wmf_auto_restart_rsync].orig
+++ Systemd::Timer::Job[wmf_auto_restart_rsync]

@@
-    ensure => absent
+    ensure => present

File[/etc/stunnel/rsync.conf]

Parameters differences:

--- File[/etc/stunnel/rsync.conf].orig
+++ File[/etc/stunnel/rsync.conf]

+    mode   => 0444
+    ensure => present
+    group  => root
+    owner  => root

Content differences:

--- /etc/stunnel/rsync.conf.orig
+++ /etc/stunnel/rsync.conf
@@ -0,0 +1,14 @@
+# This file is managed by puppet
+
+[rsync]
+accept = :::1873
+client = no
+
+CAfile = /var/lib/puppet/ssl/certs/ca.pem
+cert   = /var/lib/puppet/ssl/certs/releases1003.eqiad.wmnet.pem
+key    = /var/lib/puppet/ssl/private_keys/releases1003.eqiad.wmnet.pem
+
+verifyChain = yes
+
+exec = /usr/bin/rsync
+execargs = rsync --daemon --config /etc/rsyncd.conf

Concat_fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet]

Parameters differences:

--- Concat_fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet].orig
+++ Concat_fragment[/etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet]

+    tag    => _etc_rsyncd.conf
+    order  => 10
+    target => /etc/rsyncd.conf

Content differences:

--- /etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet.orig
+++ /etc/rsyncd.conf-srv-org-wikimedia-releases-releases2003.codfw.wmnet
@@ -0,0 +1,20 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+
+[ srv-org-wikimedia-releases-releases2003.codfw.wmnet ]
+path            = /srv/org/wikimedia/releases
+read only       = yes
+write only      = no
+list            = yes
+uid             = 0
+gid             = 0
+use chroot      = yes
+
+
+max connections = 0
+
+
+
+
+hosts allow = releases2003.codfw.wmnet localhost
+

Logrotate::Conf[rsync-srv-patches-releases-primary]

Parameters differences:

--- Logrotate::Conf[rsync-srv-patches-releases-primary].orig
+++ Logrotate::Conf[rsync-srv-patches-releases-primary]

@@
-    ensure => absent
+    ensure => present

Systemd::Timer[rsync-srv-patches-releases1003.eqiad.wmnet]

Parameters differences:

--- Systemd::Timer[rsync-srv-patches-releases1003.eqiad.wmnet].orig
+++ Systemd::Timer[rsync-srv-patches-releases1003.eqiad.wmnet]

@@
-    ensure => present
+    ensure => absent

File[/var/log/rsync-srv-patches-releases1003_eqiad_wmnet]

Parameters differences:

--- File[/var/log/rsync-srv-patches-releases1003_eqiad_wmnet].orig
+++ File[/var/log/rsync-srv-patches-releases1003_eqiad_wmnet]

@@
-    ensure => directory
+    ensure => absent

Concat::Fragment[/etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet].orig
+++ Concat::Fragment[/etc/rsyncd.conf-var-lib-jenkins-releases2003.codfw.wmnet]

+    order  => 10
+    target => /etc/rsyncd.conf

Systemd::Unit[rsync-srv-patches-releases1003.eqiad.wmnet.timer]

Parameters differences:

--- Systemd::Unit[rsync-srv-patches-releases1003.eqiad.wmnet.timer].orig
+++ Systemd::Unit[rsync-srv-patches-releases1003.eqiad.wmnet.timer]

@@
-    ensure => present
+    ensure => absent

Concat::Fragment[/etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet]

Parameters differences:

--- Concat::Fragment[/etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet].orig
+++ Concat::Fragment[/etc/rsyncd.conf-var-lib-jenkins-releases1003.eqiad.wmnet]

+    order  => 10
+    target => /etc/rsyncd.conf

Compilation results for releases1003.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files