{"tags":["profile::beta::motd","profile","beta","motd","profile::locales::base","locales","base","profile::pki::client","pki","client","profile::rsyslog::kafka_shipper","rsyslog","kafka_shipper","role::cache::text","role","cache","text","settings","default","role::wmcs::instance","wmcs","instance","profile::base::labs","labs","profile::base","profile::adduser","adduser","profile::puppet::agent","puppet","agent","debian","puppet::agent","puppet_statsd","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::client_bucket","client_bucket","profile::base::certificates","certificates","sslcert","sslcert::trusted_ca","trusted_ca","profile::apt","apt","profile::systemd::timesyncd","systemd","timesyncd","systemd::timesyncd","grub::defaults","grub","defaults","passwords::root","passwords","root","network::constants","network","constants","profile::resolving","resolving","resolvconf","profile::mail::default_mail_relay","mail","default_mail_relay","exim4","profile::logrotate","logrotate","profile::prometheus::node_exporter","node_exporter","prometheus::node_exporter","profile::rsyslog","profile::syslog::remote","syslog","remote","profile::prometheus::rsyslog_exporter","rsyslog_exporter","profile::prometheus::cadvisor","cadvisor","prometheus::cadvisor","profile::prometheus::ethtool_exporter","ethtool_exporter","base::sysctl","sysctl","motd::defaults","base::standard_packages","standard_packages","profile::environment","environment","base::sysctl::core_dumps","core_dumps","profile::ssh::client","ssh","ssh::client","profile::ssh::server","server","ssh::server","base::kernel","kernel","profile::debdeploy::client","debdeploy","debdeploy::client","base::initramfs","initramfs","profile::auto_restarts","auto_restarts","prometheus::node_debian_version","node_debian_version","prometheus::node_dpkg_success","node_dpkg_success","apt::unattendedupgrades","unattendedupgrades","profile::openstack::eqiad1::observerenv","openstack","eqiad1","observerenv","profile::openstack::base::observerenv","profile::openstack::eqiad1::clientpackages::vms","clientpackages","vms","profile::openstack::base::clientpackages::vms","openstack::clientpackages::vms::common","common","profile::openstack::eqiad1::cumin::target","cumin","target","cumin::selector","selector","profile::wmcs::instance","sudo","profile::ldap::client::labs","ldap","profile::ldap::client::utils","utils","ldap::client::config","config","ldap::client::sssd","sssd","prometheus::node_ssh_open_sessions","node_ssh_open_sessions","cinderutils","security::access","security","access","cfssl::client","cfssl","profile::base::production","production","profile::cache::base","profile::conftool::client","conftool","passwords::etcd","etcd","etcd::client::globalconfig","globalconfig","conftool::config","profile::base::systemd","systemd::config","profile::cache::kafka::webrequest","kafka","webrequest","profile::cache::kafka::certificate","certificate","profile::prometheus::varnishkafka_exporter","varnishkafka_exporter","prometheus::varnishkafka_exporter","profile::cache::purge","purge","purged","conftool::scripts","scripts","geoip","geoip::bin","bin","geoip::dev","dev","varnish::common","varnish","varnish::common::errorpage","errorpage","varnish::common::browsersec","browsersec","varnish::netmapper_update_common","netmapper_update_common","varnish::logging","logging","cacheproxy::traffic_pool","cacheproxy","traffic_pool","profile::tcp_fast_open","tcp_fast_open","profile::cache::haproxy","haproxy","sslcert::dhparam","dhparam","profile::cache::varnish::frontend","frontend","varnish::common::vcl","vcl","prometheus::node_varnishd_mmap_count","node_varnishd_mmap_count","prometheus::node_sysctl","node_sysctl","profile::prometheus::varnish_exporter","varnish_exporter","profile::cache::varnish::frontend::text","esitest","profile::trafficserver::backend","trafficserver","backend","profile::lvs::realserver::ipip","lvs","realserver","ipip","wmflib::service::catalog","wmflib","service","catalog","profile::cache::kafka::statsv","statsv","profile::cache::haproxykafka","haproxykafka","security::pam","pam","varnishkafka","acme_chief","mtail","confd","monitoring","prometheus::instances","instances","udev","node","class"],"name":"deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","version":"(6757b1c603) JHathaway - profile::postfix::mx: Mark the SMTP port as intentionally open","code_id":null,"catalog_uuid":"8e5d9bfe-3b35-46bb-9e8d-a9e0bd9704ae","catalog_format":2,"environment":"production","resources":[{"type":"Stage","title":"main","tags":["stage"],"exported":false,"kind":"compilable_type","parameters":{"name":"main"}},{"type":"Class","title":"Settings","tags":["class","settings"],"exported":false,"kind":"unknown"},{"type":"Class","title":"main","tags":["class"],"exported":false,"kind":"unknown","parameters":{"name":"main"}},{"type":"Node","title":"default","tags":["node","default","class"],"exported":false,"kind":"unknown","parameters":{"require":["Class[Role::Wmcs::Instance]"]}},{"type":"Class","title":"Role::Wmcs::Instance","tags":["class","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Profile::Base::Labs","tags":["class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"unattended_wmf":"present","unattended_distro":"present","unattended_osbpo":"present","send_puppet_failure_emails":false,"cleanup_puppet_client_bucket":false,"client_bucket_file_age":14}},{"type":"Class","title":"Profile::Base","tags":["class","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"overlayfs":true,"enable_contacts":false,"core_dump_pattern":"/data/project/cores/deployment-cache-text08-core.%h.%e.%p.%t","unprivileged_userns_clone":false,"additional_purged_packages":[],"no_cron":true,"wikimedia_clusters":{"cache_text":{"description":"Text caches","id":20,"sites":{"codfw":[],"eqiad":[],"eqsin":[],"esams":[],"ulsfo":[]}},"misc":{"description":"Miscellaneous","id":8,"sites":{"codfw":[],"eqiad":[],"eqsin":[],"esams":[],"ulsfo":[]}}},"cluster":"cache_text","remove_python2_on_bullseye":true,"manage_resolvconf":true,"rp_filter":true,"use_linux612_on_bookworm":false,"use_linux_from_bpo_on_trixie":false,"tighten_ptrace":false}},{"type":"File","title":"/usr/local/sbin","tags":["file","class","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":45,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/usr/local/share/bash","tags":["file","class","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":45,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"Class","title":"Profile::Adduser","tags":["class","profile::adduser","profile","adduser","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Adduser","tags":["class","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/adduser.pp","line":4,"exported":false,"kind":"class","parameters":{"default_shell":"/bin/bash","default_home":"/home","use_group_homes":false,"use_letter_homes":false,"skel_dir":"/etc/skel","first_system_uid":100,"last_system_uid":499,"first_system_gid":100,"last_system_gid":499,"first_uid":1000,"last_uid":59999,"first_gid":1000,"last_gid":59999,"use_usergroups":true,"users_gid":100,"dir_mode":"0755","home_setgid":false,"quota_user":"","skel_ignore_regex":"dpkg-(old|new|dist|save)","extra_groups":[],"before":["Package[puppet]","Package[facter]","Package[augeas-tools]","Package[virt-what]","Package[puppet-module-puppetlabs-augeas-core]","Package[python3-prometheus-client]","Package[python3-yaml]","Package[ruby-net-ssh]","Package[openssl]","Package[ssl-cert]","Package[ca-certificates]","Package[ntp]","Package[systemd-timesyncd]","Package[exim4-config]","Package[exim4-daemon-light]","Package[logrotate]","Package[prometheus-node-exporter]","Package[rsyslog]","Package[cadvisor]","Package[acct]","Package[byobu]","Package[colordiff]","Package[curl]","Package[debian-goodies]","Package[ethtool]","Package[gdb]","Package[gdisk]","Package[git]","Package[htop]","Package[httpry]","Package[iotop]","Package[iperf]","Package[jq]","Package[libtemplate-perl]","Package[lldpd]","Package[lshw]","Package[molly-guard]","Package[moreutils]","Package[net-tools]","Package[numactl]","Package[ncdu]","Package[ngrep]","Package[pigz]","Package[psmisc]","Package[pv]","Package[python3]","Package[screen]","Package[strace]","Package[sysstat]","Package[tcpdump]","Package[tmux]","Package[tree]","Package[vim]","Package[vim-addon-manager]","Package[vim-scripts]","Package[wipe]","Package[xfsprogs]","Package[zsh]","Package[icdiff]","Package[linux-perf]","Package[bsd-mailx]","Package[ack]","Package[netcat-openbsd]","Package[tshark]","Package[fzf]","Package[ripgrep]","Package[fd-find]","Package[kitty-terminfo]","Package[mtr-tiny]","Package[bat]","Package[efibootmgr]","Package[bind9-dnsutils]","Package[tzdata]","Package[python3-wmflib]","Package[quickstack]","Package[dstat]","Package[apport]","Package[command-not-found]","Package[command-not-found-data]","Package[ecryptfs-utils]","Package[mlocate]","Package[os-prober]","Package[python3-apport]","Package[wpasupplicant]","Package[apt-listchanges]","Package[atop]","Package[libpython2.7]","Package[libpython2.7-dev]","Package[libpython2.7-minimal]","Package[python2.7]","Package[libpython2.7-stdlib]","Package[python2.7-dev]","Package[python2.7-minimal]","Package[python2.7-dbg]","Package[python2.7-doc]","Package[python2.7-examples]","Package[libpython2.7-testsuite]","Package[libsnmp30]","Package[libdns-export1104]","Package[libdns1104]","Package[libisc-export1100]","Package[libisc1100]","Package[multiarch-support]","Package[libjson-c3]","Package[libpython3.7]","Package[libpython3.7-minimal]","Package[libpython3.7-stdlib]","Package[python3.7]","Package[python3.7-minimal]","Package[libevent-2.1-6]","Package[libwireshark11]","Package[libwiretap8]","Package[libwsutil9]","Package[libwscodecs2]","Package[libperl5.28]","Package[libmpdec2]","Package[perl-modules-5.28]","Package[libhogweed4]","Package[libnettle6]","Package[libprocps7]","Package[libip6tc0]","Package[libip4tc0]","Package[libiptc0]","Package[openssh-client]","Package[python3-ldap]","Package[openssh-server]","Package[debdeploy-client]","Package[python3-dateutil]","Package[unattended-upgrades]","Package[python3-apt]","Package[python3-novaclient]","Package[python3-glanceclient]","Package[python3-keystoneauth1]","Package[python3-keystoneclient]","Package[python3-openstackclient]","Package[python3-designateclient]","Package[python3-neutronclient]","Package[python3-tenacity]","Package[python3-troveclient]","Package[python3-netaddr]","Package[isc-dhcp-client]","Package[cloud-init]","Package[sudo]","Package[ldap-utils]","Package[libpam-sss]","Package[libnss-sss]","Package[libsss-sudo]","Package[sssd]","Package[nscd]","Package[nslcd]","Package[sudo-ldap]","Package[libpam-ldapd]","Package[smartmontools]","Package[ruby-sys-filesystem]","Package[prometheus-rsyslog-exporter]","Package[initramfs-tools]","Package[golang-cfssl]","Package[rsyslog-kafka]","Package[python3-conftool]","Package[prometheus-varnishkafka-exporter]","Package[purged]","Package[geoip-bin]","Package[mmdb-bin]","Package[libgeoip-dev]","Package[libmaxminddb-dev]","Package[python3-logstash]","Package[socat]","Package[haproxy]","Package[python3-pystemd]","Package[lua5.3-maxminddb]","Package[python3-jsonschema]","Package[python3-requests]","Package[libvmod-netmapper]","Package[libvmod-querysort]","Package[libvmod-wmfuniq]","Package[varnish]","Package[varnish-modules]","Package[varnish-re2]","Package[libsodium-dev]","Package[python3-nacl]","Package[tcp-mss-clamper]","Package[haproxykafka]","Package[varnishkafka]","Package[python3-click]","Package[python3-box]","Package[mtail]","Package[confd]","Package[python3-toml]","Package[prometheus-varnish-exporter]","Package[trafficserver]","Package[trafficserver-experimental-plugins]","Package[lua-busted]"]}},{"type":"File","title":"/etc/adduser.conf","tags":["file","class","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/adduser/manifests/init.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0644","content":"### MANAGED BY PUPPET\nDSHELL=/bin/bash\nDHOME=/home\nGROUPHOMES=no\nLETTERHOMES=no\nSKEL=/etc/skel\nFIRST_SYSTEM_UID=100\nLAST_SYSTEM_UID=499\nFIRST_SYSTEM_GID=100\nLAST_SYSTEM_GID=499\nFIRST_UID=1000\nLAST_UID=59999\nFIRST_GID=1000\nLAST_GID=59999\nUSERGROUPS=yes\nUSERS_GID=100\nDIR_MODE=0755\nSETGID_HOME=no\nQUOTAUSER=\"\"\nSKEL_IGNORE_REGEX=\"dpkg-(old|new|dist|save)\"\n","owner":"root","group":"root"}},{"type":"Systemd::Sysuser","title":"sysusers-base-config","tags":["systemd::sysuser","systemd","sysuser","sysusers-base-config","class","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/adduser/manifests/init.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"usertype":"range","username":"-","id":"100-499","ensure":"present","allow_login":false,"additional_groups":[]}},{"type":"File_line","title":"login.defs-SYS_UID_MAX","tags":["file_line","login.defs-sys_uid_max","class","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/adduser/manifests/init.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"path":"/etc/login.defs","match":"#?SYS_UID_MAX\\b","line":"SYS_UID_MAX               499"}},{"type":"File_line","title":"login.defs-SYS_GID_MAX","tags":["file_line","login.defs-sys_gid_max","class","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/adduser/manifests/init.pp","line":64,"exported":false,"kind":"compilable_type","parameters":{"path":"/etc/login.defs","match":"#?SYS_GID_MAX\\b","line":"SYS_GID_MAX               499"}},{"type":"Class","title":"Profile::Puppet::Agent","tags":["class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"use_srv_records":false,"interval":30,"environment":"production","serialization_format":"pson","dns_alt_names":[],"puppetmaster":"deployment-puppetserver-1.deployment-prep.eqiad1.wikimedia.cloud","ca_server":"deployment-puppetserver-1.deployment-prep.eqiad1.wikimedia.cloud","site_nearest_core":{"eqiad":"codfw","codfw":"eqiad","esams":"eqiad","ulsfo":"codfw","eqsin":"codfw","drmrs":"eqiad","magru":"eqiad"},"facts_soft_limit":2048,"create_timer":true}},{"type":"Class","title":"Debian","tags":["class","debian"],"exported":false,"kind":"unknown"},{"type":"Apt::Package_from_component","title":"puppet","tags":["apt::package_from_component","apt","package_from_component","puppet","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":33,"exported":false,"kind":"defined_type","parameters":{"component":"component/puppet7","priority":1002,"ensure":"present","packages":["puppet"],"distro":"bullseye-wikimedia","uri":"http://apt.wikimedia.org/wikimedia","ensure_packages":true}},{"type":"Apt::Package_from_component","title":"ruby-sys-filesystem","tags":["apt::package_from_component","apt","package_from_component","ruby-sys-filesystem","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":39,"exported":false,"kind":"defined_type","parameters":{"component":"component/puppet7","packages":["ruby-sys-filesystem"],"ensure":"present","distro":"bullseye-wikimedia","uri":"http://apt.wikimedia.org/wikimedia","priority":1001,"ensure_packages":true}},{"type":"Class","title":"Puppet::Agent","tags":["class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":76,"exported":false,"kind":"class","parameters":{"server":"deployment-puppetserver-1.deployment-prep.eqiad1.wikimedia.cloud","ca_server":"deployment-puppetserver-1.deployment-prep.eqiad1.wikimedia.cloud","use_srv_records":false,"srv_domain":"eqiad.wmnet","dns_alt_names":[],"environment":"production","certificate_revocation":"leaf","facts_soft_limit":2048,"serialization_format":"json"}},{"type":"Package","title":"puppet","tags":["package","puppet","class","puppet::agent","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":32,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"facter","tags":["package","facter","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":32,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"augeas-tools","tags":["package","augeas-tools","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":32,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"virt-what","tags":["package","virt-what","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":32,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"puppet-module-puppetlabs-augeas-core","tags":["package","puppet-module-puppetlabs-augeas-core","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":35,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/etc/facter","tags":["file","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":37,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","mode":"0555","owner":"root","group":"root"}},{"type":"File","title":"/etc/facter/facter.conf","tags":["file","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":42,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0444","source":"puppet:///modules/puppet/facter.conf","owner":"root","group":"root"}},{"type":"File","title":"/etc/puppetlabs","tags":["file","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":48,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","force":true,"recurse":true,"mode":"0555","owner":"root","group":"root"}},{"type":"Concat","title":"/etc/puppet/puppet.conf","tags":["concat","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":55,"exported":false,"kind":"defined_type","parameters":{"owner":"root","group":"root","mode":"0444","ensure":"present","path":"/etc/puppet/puppet.conf","warn":false,"show_diff":true,"backup":"puppet","replace":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat::Fragment","title":"main","tags":["concat::fragment","concat","fragment","main","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/puppet/puppet.conf","order":"10","content":"#####################################################################\n##### THIS FILE IS MANAGED BY PUPPET\n#####  as template('base/puppet.conf.d/10-main.conf.erb')\n######################################################################\n\n[main]\nlogdir = /var/log/puppet\nvardir = /var/lib/puppet\nssldir = /var/lib/puppet/ssl\nrundir = /var/run/puppet\nfactpath = $vardir/lib/facter\ncertificate_revocation = leaf\n\n[agent]\nserver = deployment-puppetserver-1.deployment-prep.eqiad1.wikimedia.cloud\nca_server = deployment-puppetserver-1.deployment-prep.eqiad1.wikimedia.cloud\ndaemonize = false\nhttp_connect_timeout = 60\nhttp_read_timeout = 960\nusecacheonfailure = false\nsplay = true\npluginsync = true\nreport = true\nstringify_facts = false\npreferred_serialization_format = json\nenvironment = production\nnumber_of_facts_soft_limit = 2048\n"}},{"type":"Service","title":"puppet","tags":["service","puppet","class","puppet::agent","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet/manifests/agent.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"stopped","enable":false}},{"type":"Class","title":"Puppet_statsd","tags":["class","puppet_statsd","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":87,"exported":false,"kind":"class"},{"type":"File","title":"/etc/puppet/statsd.yaml","tags":["file","class","puppet_statsd","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/puppet_statsd/manifests/init.pp","line":4,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Class","title":"Prometheus::Node_puppet_agent","tags":["class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":90,"exported":false,"kind":"class","parameters":{"ensure":"present","outfile":"/var/lib/prometheus/node.d/puppet_agent.prom","debug":false}},{"type":"Package","title":"python3-prometheus-client","tags":["package","python3-prometheus-client","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_puppet_agent.pp","line":15,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-yaml","tags":["package","python3-yaml","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_puppet_agent.pp","line":15,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/usr/local/bin/prometheus-puppet-agent-stats","tags":["file","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_puppet_agent.pp","line":17,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/prometheus/usr/local/bin/prometheus-puppet-agent-stats.py"}},{"type":"Systemd::Timer::Job","title":"prometheus_puppet_agent_stats","tags":["systemd::timer::job","systemd","timer","job","prometheus_puppet_agent_stats","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_puppet_agent.pp","line":26,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"Regular job to collect puppet agent stats","user":"root","interval":{"start":"OnCalendar","interval":"minutely"},"command":"/usr/local/bin/prometheus-puppet-agent-stats --outfile /var/lib/prometheus/node.d/puppet_agent.prom","after":"puppet-agent-timer.service","require":"File[/var/lib/prometheus/node.d]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Systemd::Unit","title":"prometheus-puppet-agent-stats","tags":["systemd::unit","systemd","unit","prometheus-puppet-agent-stats","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_puppet_agent.pp","line":40,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Service to collect puppet agent stats\nAfter=puppet-agent-timer.service\n\n[Service]\nUser=root\nType=oneshot\nExecStart=/usr/local/bin/prometheus-puppet-agent-stats --outfile /var/lib/prometheus/node.d/puppet_agent.prom\n\n[Install]\nWantedBy=puppet-agent-timer.service\n","require":["File[/var/lib/prometheus/node.d]","Class[Systemd]"],"unit":"prometheus-puppet-agent-stats","restart":false,"override":false,"override_filename":"puppet-override.conf"}},{"type":"Exec","title":"enable prometheus-puppet-agent-stats","tags":["exec","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_puppet_agent.pp","line":47,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl enable prometheus-puppet-agent-stats","unless":"/bin/systemctl -q is-enabled prometheus-puppet-agent-stats","require":"Systemd::Unit[prometheus-puppet-agent-stats]"}},{"type":"Class","title":"Profile::Puppet::Client_bucket","tags":["class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"ensure":"absent","file_age":14,"max_size":"100M"}},{"type":"File","title":"/var/lib/puppet/clientbucket","tags":["file","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/client_bucket.pp","line":8,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","mode":"0750","owner":"root","group":"root"}},{"type":"Systemd::Timer::Job","title":"clean_puppet_client_bucket","tags":["systemd::timer::job","systemd","timer","job","clean_puppet_client_bucket","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/client_bucket.pp","line":13,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"Delete old files from the puppet client bucket","command":"/usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -atime +14 -delete","interval":{"start":"OnUnitInactiveSec","interval":"24h"},"logging_enabled":false,"monitoring_enabled":false,"user":"root","require":"File[/var/lib/puppet/clientbucket]","environment":{},"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Nrpe::Plugin","title":"check_client_bucket","tags":["nrpe::plugin","nrpe","plugin","check_client_bucket","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/client_bucket.pp","line":37,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"#!/bin/bash\nif [ -z \"$(/usr/bin/find /var/lib/puppet/clientbucket -type f -size +100M | head -c1)\" ]\nthen\n    printf \"OK: client bucket file ok\\n\"\n    exit 0\nfi\nprintf \"WARNING: large files in client bucket\\n\"\nexit 2\n"}},{"type":"Package","title":"ruby-net-ssh","tags":["package","ruby-net-ssh","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":93,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/var/lib/puppet","tags":["file","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":102,"kind":"compilable_type","exported":false,"parameters":{"ensure":"directory","owner":"puppet","group":"puppet","mode":"0751"}},{"type":"File","title":"/usr/local/share/bash/puppet-common.sh","tags":["file","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/profile/puppet/bin/puppet-common.sh"}},{"type":"File","title":"/usr/local/sbin/puppet-run","tags":["file","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/profile/puppet/bin/puppet-run.sh"}},{"type":"File","title":"/usr/local/bin/puppet-enabled","tags":["file","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/profile/puppet/bin/puppet-enabled"}},{"type":"File","title":"/usr/local/sbin/disable-puppet","tags":["file","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0550","owner":"root","group":"root","source":"puppet:///modules/profile/puppet/bin/disable-puppet"}},{"type":"File","title":"/usr/local/sbin/enable-puppet","tags":["file","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0550","owner":"root","group":"root","source":"puppet:///modules/profile/puppet/bin/enable-puppet"}},{"type":"File","title":"/usr/local/sbin/run-puppet-agent","tags":["file","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0550","owner":"root","group":"root","source":"puppet:///modules/profile/puppet/bin/run-puppet-agent"}},{"type":"File","title":"/usr/local/sbin/run-no-puppet","tags":["file","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0550","owner":"root","group":"root","source":"puppet:///modules/profile/puppet/bin/run-no-puppet"}},{"type":"File","title":"/usr/local/sbin/locate-unmanaged","tags":["file","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0550","owner":"root","group":"root","source":"puppet:///modules/profile/puppet/bin/locate-unmanaged.py"}},{"type":"Systemd::Timer::Job","title":"puppet-agent-timer","tags":["systemd::timer::job","systemd","timer","job","puppet-agent-timer","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":145,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Run Puppet agent every 30 minutes","user":"root","ignore_errors":true,"command":"/usr/local/sbin/puppet-run","interval":[{"start":"OnCalendar","interval":"*:21/30:00"},{"start":"OnStartupSec","interval":"1min"}],"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Logrotate::Rule","title":"puppet","tags":["logrotate::rule","logrotate","rule","puppet","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":158,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","file_glob":"/var/log/puppet /var/log/puppet.log","frequency":"daily","compress":true,"missing_ok":true,"not_if_empty":true,"rotate":7,"post_rotate":["/usr/lib/rsyslog/rsyslog-rotate"],"date_yesterday":false,"copy_truncate":false,"date_ext":false,"no_create":false}},{"type":"Rsyslog::Conf","title":"puppet-agent","tags":["rsyslog::conf","rsyslog","conf","puppet-agent","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":169,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/profile/puppet/rsyslog.conf","priority":10,"require":"File[/etc/logrotate.d/puppet]","ensure":"present","mode":"0444"}},{"type":"Motd::Script","title":"last-puppet-run","tags":["motd::script","motd","script","last-puppet-run","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/puppet/agent.pp","line":174,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":97,"source":"puppet:///modules/profile/puppet/97-last-puppet-run"}},{"type":"Class","title":"Profile::Base::Certificates","tags":["class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"puppet_ca_content":{},"include_bundle_jks":false,"trusted_certs":{"bundle":"/etc/ssl/certs/wmf-ca-certificates.crt","certs":["/var/lib/puppet/ssl/certs/ca.pem","/etc/ssl/certs/WMF_TEST_CA.pem"]},"puppetmaster_key":"deployment-puppetserver-1.deployment-prep.eqiad1.wikimedia.cloud"}},{"type":"Class","title":"Sslcert","tags":["class","sslcert","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Package","title":"openssl","tags":["package","openssl","class","sslcert","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/init.pp","line":14,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"ssl-cert","tags":["package","ssl-cert","class","sslcert","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/init.pp","line":14,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"ca-certificates","tags":["package","ca-certificates","class","sslcert","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/init.pp","line":14,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Exec","title":"update-ca-certificates","tags":["exec","update-ca-certificates","class","sslcert","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/init.pp","line":16,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/sbin/update-ca-certificates","refreshonly":true,"require":"Package[ca-certificates]"}},{"type":"File","title":"/etc/ssl/localcerts","tags":["file","class","sslcert","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/init.pp","line":25,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"ssl-cert","mode":"0755","require":"Package[ssl-cert]"}},{"type":"File","title":"/etc/ssl/private","tags":["file","class","sslcert","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/init.pp","line":35,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"ssl-cert","mode":"0711","require":"Package[ssl-cert]"}},{"type":"File","title":"/usr/local/sbin/x509-bundle","tags":["file","class","sslcert","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/init.pp","line":44,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0755","source":"puppet:///modules/sslcert/x509-bundle.py"}},{"type":"Sslcert::Ca","title":"wmf_ca_2017_2020","tags":["sslcert::ca","sslcert","ca","wmf_ca_2017_2020","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":15,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/wmf_ca_2017_2020.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"RapidSSL_SHA256_CA_-_G3","tags":["sslcert::ca","sslcert","ca","rapidssl_sha256_ca_-_g3","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":18,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/RapidSSL_SHA256_CA_-_G3.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"DigiCert_High_Assurance_CA-3","tags":["sslcert::ca","sslcert","ca","digicert_high_assurance_ca-3","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":21,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/DigiCert_High_Assurance_CA-3.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"DigiCert_SHA2_High_Assurance_Server_CA","tags":["sslcert::ca","sslcert","ca","digicert_sha2_high_assurance_server_ca","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":24,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/DigiCert_SHA2_High_Assurance_Server_CA.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"DigiCert_TLS_RSA_SHA256_2020_CA1","tags":["sslcert::ca","sslcert","ca","digicert_tls_rsa_sha256_2020_ca1","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":27,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/DigiCert_TLS_RSA_SHA256_2020_CA1.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"DigiCert_TLS_Hybrid_ECC_SHA384_2020_CA1","tags":["sslcert::ca","sslcert","ca","digicert_tls_hybrid_ecc_sha384_2020_ca1","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":30,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/DigiCert_TLS_Hybrid_ECC_SHA384_2020_CA1.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"DigiCert_Global_G2_TLS_RSA_SHA256_2020_CA1.crt","tags":["sslcert::ca","sslcert","ca","digicert_global_g2_tls_rsa_sha256_2020_ca1.crt","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":33,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/DigiCert_Global_G2_TLS_RSA_SHA256_2020_CA1.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"GlobalSign_Organization_Validation_CA_-_SHA256_-_G2","tags":["sslcert::ca","sslcert","ca","globalsign_organization_validation_ca_-_sha256_-_g2","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":36,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/GlobalSign_Organization_Validation_CA_-_SHA256_-_G2.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"GlobalSign_RSA_OV_SSL_CA_2018.crt","tags":["sslcert::ca","sslcert","ca","globalsign_rsa_ov_ssl_ca_2018.crt","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":39,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/GlobalSign_RSA_OV_SSL_CA_2018.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"GlobalSign_ECC_OV_SSL_CA_2018.crt","tags":["sslcert::ca","sslcert","ca","globalsign_ecc_ov_ssl_ca_2018.crt","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":42,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/GlobalSign_ECC_OV_SSL_CA_2018.crt","ensure":"present"}},{"type":"Sslcert::Ca","title":"GlobalSign_ECC_Root_CA_R5_R3_Cross.crt","tags":["sslcert::ca","sslcert","ca","globalsign_ecc_root_ca_r5_r3_cross.crt","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":47,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/base/ca/GlobalSign_ECC_Root_CA_R5_R3_Cross.crt","ensure":"present"}},{"type":"Class","title":"Sslcert::Trusted_ca","tags":["class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":51,"exported":false,"kind":"class","parameters":{"trusted_certs":{"bundle":"/etc/ssl/certs/wmf-ca-certificates.crt","certs":["/var/lib/puppet/ssl/certs/ca.pem","/etc/ssl/certs/WMF_TEST_CA.pem"]},"include_bundle_jks":false,"ensure":"present","truststore_password":"changeit","owner":"root","group":"root"}},{"type":"Concat","title":"/etc/ssl/certs/wmf-ca-certificates.crt","tags":["concat","class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/trusted_ca.pp","line":30,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0644","notify":"Exec[generate trusted_ca]","path":"/etc/ssl/certs/wmf-ca-certificates.crt","warn":false,"show_diff":true,"backup":"puppet","replace":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"File","title":"/etc/ssl/localcerts/ca.pem","tags":["file","class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/trusted_ca.pp","line":39,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Concat::Fragment","title":"ssl-ca-/var/lib/puppet/ssl/certs/ca.pem","tags":["concat::fragment","concat","fragment","class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/trusted_ca.pp","line":43,"exported":false,"kind":"defined_type","parameters":{"source":"/var/lib/puppet/ssl/certs/ca.pem","target":"/etc/ssl/certs/wmf-ca-certificates.crt","order":0,"notify":"Exec[generate trusted_ca]"}},{"type":"File","title":"/etc/ssl/localcerts/WMF_TEST_CA.pem","tags":["file","class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/trusted_ca.pp","line":39,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Concat::Fragment","title":"ssl-ca-/etc/ssl/certs/WMF_TEST_CA.pem","tags":["concat::fragment","concat","fragment","class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/trusted_ca.pp","line":43,"exported":false,"kind":"defined_type","parameters":{"source":"/etc/ssl/certs/WMF_TEST_CA.pem","target":"/etc/ssl/certs/wmf-ca-certificates.crt","order":1,"notify":"Exec[generate trusted_ca]"}},{"type":"Exec","title":"generate trusted_ca","tags":["exec","class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/trusted_ca.pp","line":52,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/true","refreshonly":true}},{"type":"Sslcert::Ca","title":"Puppet_Internal_CA","tags":["sslcert::ca","sslcert","ca","puppet_internal_ca","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/certificates.pp","line":70,"exported":false,"kind":"defined_type","parameters":{"source":"/var/lib/puppet/ssl/certs/ca.pem","ensure":"present"}},{"type":"Class","title":"Profile::Apt","tags":["class","profile::apt","profile","apt","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"purge_sources":true,"purge_preferences":false,"use_proxy":false,"install_audit_installed":false,"mirror":"deb.debian.org","use_private_repo":false,"private_components":[],"before":["Package[puppet]","Package[facter]","Package[augeas-tools]","Package[virt-what]","Package[puppet-module-puppetlabs-augeas-core]","Package[python3-prometheus-client]","Package[python3-yaml]","Package[ruby-net-ssh]","Package[openssl]","Package[ssl-cert]","Package[ca-certificates]","Package[ntp]","Package[systemd-timesyncd]","Package[exim4-config]","Package[exim4-daemon-light]","Package[logrotate]","Package[prometheus-node-exporter]","Package[rsyslog]","Package[cadvisor]","Package[acct]","Package[byobu]","Package[colordiff]","Package[curl]","Package[debian-goodies]","Package[ethtool]","Package[gdb]","Package[gdisk]","Package[git]","Package[htop]","Package[httpry]","Package[iotop]","Package[iperf]","Package[jq]","Package[libtemplate-perl]","Package[lldpd]","Package[lshw]","Package[molly-guard]","Package[moreutils]","Package[net-tools]","Package[numactl]","Package[ncdu]","Package[ngrep]","Package[pigz]","Package[psmisc]","Package[pv]","Package[python3]","Package[screen]","Package[strace]","Package[sysstat]","Package[tcpdump]","Package[tmux]","Package[tree]","Package[vim]","Package[vim-addon-manager]","Package[vim-scripts]","Package[wipe]","Package[xfsprogs]","Package[zsh]","Package[icdiff]","Package[linux-perf]","Package[bsd-mailx]","Package[ack]","Package[netcat-openbsd]","Package[tshark]","Package[fzf]","Package[ripgrep]","Package[fd-find]","Package[kitty-terminfo]","Package[mtr-tiny]","Package[bat]","Package[efibootmgr]","Package[bind9-dnsutils]","Package[tzdata]","Package[python3-wmflib]","Package[quickstack]","Package[dstat]","Package[apport]","Package[command-not-found]","Package[command-not-found-data]","Package[ecryptfs-utils]","Package[mlocate]","Package[os-prober]","Package[python3-apport]","Package[wpasupplicant]","Package[apt-listchanges]","Package[atop]","Package[libpython2.7]","Package[libpython2.7-dev]","Package[libpython2.7-minimal]","Package[python2.7]","Package[libpython2.7-stdlib]","Package[python2.7-dev]","Package[python2.7-minimal]","Package[python2.7-dbg]","Package[python2.7-doc]","Package[python2.7-examples]","Package[libpython2.7-testsuite]","Package[libsnmp30]","Package[libdns-export1104]","Package[libdns1104]","Package[libisc-export1100]","Package[libisc1100]","Package[multiarch-support]","Package[libjson-c3]","Package[libpython3.7]","Package[libpython3.7-minimal]","Package[libpython3.7-stdlib]","Package[python3.7]","Package[python3.7-minimal]","Package[libevent-2.1-6]","Package[libwireshark11]","Package[libwiretap8]","Package[libwsutil9]","Package[libwscodecs2]","Package[libperl5.28]","Package[libmpdec2]","Package[perl-modules-5.28]","Package[libhogweed4]","Package[libnettle6]","Package[libprocps7]","Package[libip6tc0]","Package[libip4tc0]","Package[libiptc0]","Package[openssh-client]","Package[python3-ldap]","Package[openssh-server]","Package[debdeploy-client]","Package[python3-dateutil]","Package[unattended-upgrades]","Package[python3-apt]","Package[python3-novaclient]","Package[python3-glanceclient]","Package[python3-keystoneauth1]","Package[python3-keystoneclient]","Package[python3-openstackclient]","Package[python3-designateclient]","Package[python3-neutronclient]","Package[python3-tenacity]","Package[python3-troveclient]","Package[python3-netaddr]","Package[isc-dhcp-client]","Package[cloud-init]","Package[sudo]","Package[ldap-utils]","Package[libpam-sss]","Package[libnss-sss]","Package[libsss-sudo]","Package[sssd]","Package[nscd]","Package[nslcd]","Package[sudo-ldap]","Package[libpam-ldapd]","Package[smartmontools]","Package[ruby-sys-filesystem]","Package[prometheus-rsyslog-exporter]","Package[initramfs-tools]","Package[golang-cfssl]","Package[rsyslog-kafka]","Package[python3-conftool]","Package[prometheus-varnishkafka-exporter]","Package[purged]","Package[geoip-bin]","Package[mmdb-bin]","Package[libgeoip-dev]","Package[libmaxminddb-dev]","Package[python3-logstash]","Package[socat]","Package[haproxy]","Package[python3-pystemd]","Package[lua5.3-maxminddb]","Package[python3-jsonschema]","Package[python3-requests]","Package[libvmod-netmapper]","Package[libvmod-querysort]","Package[libvmod-wmfuniq]","Package[varnish]","Package[varnish-modules]","Package[varnish-re2]","Package[libsodium-dev]","Package[python3-nacl]","Package[tcp-mss-clamper]","Package[haproxykafka]","Package[varnishkafka]","Package[python3-click]","Package[python3-box]","Package[mtail]","Package[confd]","Package[python3-toml]","Package[prometheus-varnish-exporter]","Package[trafficserver]","Package[trafficserver-experimental-plugins]","Package[lua-busted]"]}},{"type":"Class","title":"Apt","tags":["class","apt","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/apt.pp","line":12,"exported":false,"kind":"class","parameters":{"use_proxy":false,"purge_sources":true,"purge_preferences":false,"mirror":"deb.debian.org","install_audit_installed":false,"use_private_repo":false,"private_components":[]}},{"type":"Exec","title":"apt-get update","tags":["exec","class","apt","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":17,"exported":false,"kind":"compilable_type","parameters":{"path":"/usr/bin","timeout":240,"returns":[0,100],"refreshonly":true}},{"type":"File","title":"/etc/apt/keyrings","tags":["file","class","apt","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":25,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","mode":"0755","recurse":true,"purge":true,"owner":"root","group":"root"}},{"type":"File","title":"/var/lib/apt/keys","tags":["file","class","apt","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":32,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","recurse":true,"purge":true,"force":true,"owner":"root","group":"root"}},{"type":"Apt::Pin","title":"wikimedia","tags":["apt::pin","apt","pin","wikimedia","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":40,"exported":false,"kind":"defined_type","parameters":{"package":"*","pin":"release o=Wikimedia","priority":1001,"ensure":"present"}},{"type":"File","title":"/etc/apt/sources.list","tags":["file","class","apt","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":89,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","content":"##\n## This file is managed by puppet.\n## Any local changes will be swiftly overwritten\n##\n## Most cloud-vps projects can make persistent changes to apt sources\n## by adding a new .list file in /etc/apt/sources.list.d.\n##\n## Some cloud-vps projects have 'profile::apt::purge_sources'\n## set to 'true', in which case apt sources can only be managed\n## via puppet.\n##\n\ndeb http://deb.debian.org/debian/ bullseye main contrib non-free\ndeb-src http://deb.debian.org/debian/ bullseye main contrib non-free\n\ndeb http://security.debian.org/debian-security bullseye-security main contrib non-free\ndeb-src http://security.debian.org/debian-security bullseye-security main contrib non-free\n\n# -updates, previously known as 'volatile'\ndeb http://deb.debian.org/debian/ bullseye-updates main contrib non-free\ndeb-src http://deb.debian.org/debian/ bullseye-updates main contrib non-free\n\n","notify":"Exec[apt-get update]","before":["Exec[apt_repository_wikimedia]","Exec[apt_repository_wikimedia-private]","Exec[apt_repository_debian-debug]","Exec[apt_repository_component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia]","Exec[apt_repository_component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia]","Exec[apt_repository_thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"]}},{"type":"File","title":"/etc/apt/sources.list.d","tags":["file","class","apt","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":101,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","recurse":true,"purge":true}},{"type":"File","title":"/etc/apt/preferences.d","tags":["file","class","apt","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":109,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","recurse":false,"purge":false}},{"type":"Apt::Repository","title":"wikimedia","tags":["apt::repository","apt","repository","wikimedia","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":156,"exported":false,"kind":"defined_type","parameters":{"uri":"http://apt.wikimedia.org/wikimedia","dist":"bullseye-wikimedia","components":"main","bin":true,"source":true,"ensure":"present","trust_repo":false,"allow_releaseinfo_change":false}},{"type":"Apt::Repository","title":"wikimedia-private","tags":["apt::repository","apt","repository","wikimedia-private","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":171,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","uri":"http://apt.wikimedia.org:8080","dist":"bullseye-wikimedia-private","components":"thirdparty/hwraid","bin":true,"source":true,"trust_repo":false,"allow_releaseinfo_change":false}},{"type":"Apt::Repository","title":"debian-debug","tags":["apt::repository","apt","repository","debian-debug","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":188,"exported":false,"kind":"defined_type","parameters":{"uri":"http://deb.debian.org/debian-debug","dist":"bullseye-debug","components":"main contrib non-free","source":false,"keyfile_path":"/usr/share/keyrings/debian-archive-keyring.gpg","bin":true,"ensure":"present","trust_repo":false,"allow_releaseinfo_change":false}},{"type":"Apt::Conf","title":"InstallRecommends","tags":["apt::conf","apt","conf","installrecommends","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":196,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":"00","key":"APT::Install-Recommends","value":false,"before":"File[/etc/apt/apt.conf]"}},{"type":"Apt::Conf","title":"apt-harden","tags":["apt::conf","apt","conf","apt-harden","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":204,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":"30","key":"APT::Sandbox::Seccomp","value":true,"before":"File[/etc/apt/apt.conf]"}},{"type":"File","title":"/etc/apt/apt.conf","tags":["file","class","apt","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":215,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","notify":"Exec[apt-get update]","owner":"root","group":"root"}},{"type":"File","title":"/usr/local/sbin/dist-upgrade","tags":["file","class","apt","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/init.pp","line":227,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0755","source":"puppet:///modules/apt/dist-upgrade.sh"}},{"type":"Class","title":"Profile::Systemd::Timesyncd","tags":["class","profile::systemd::timesyncd","profile","systemd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"ensure":"present","ntp_servers":["ntp-5.cloudinfra.eqiad1.wikimedia.cloud","ntp-6.cloudinfra.eqiad1.wikimedia.cloud"],"site_nearest_core":{"eqiad":"codfw","codfw":"eqiad","esams":"eqiad","ulsfo":"codfw","eqsin":"codfw","drmrs":"eqiad","magru":"eqiad"},"ntp_peers":{"eqiad":["ntp-5.cloudinfra.eqiad1.wikimedia.cloud","ntp-6.cloudinfra.eqiad1.wikimedia.cloud"],"codfw":[],"ulsfo":[],"eqsin":[],"drmrs":[],"esams":[]},"ntp_anycast_peers":["ntp-a.anycast.wmnet","ntp-b.anycast.wmnet","ntp-c.anycast.wmnet"]}},{"type":"Class","title":"Systemd::Timesyncd","tags":["class","systemd::timesyncd","systemd","timesyncd","profile::systemd::timesyncd","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/systemd/timesyncd.pp","line":19,"exported":false,"kind":"class","parameters":{"ensure":"present","ntp_servers":["ntp-5.cloudinfra.eqiad1.wikimedia.cloud","ntp-6.cloudinfra.eqiad1.wikimedia.cloud"]}},{"type":"Package","title":"ntp","tags":["package","ntp","class","systemd::timesyncd","systemd","timesyncd","profile::systemd::timesyncd","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timesyncd.pp","line":10,"kind":"compilable_type","exported":false,"parameters":{"ensure":"purged","provider":"apt"}},{"type":"Package","title":"systemd-timesyncd","tags":["package","systemd-timesyncd","class","systemd::timesyncd","systemd","timesyncd","profile::systemd::timesyncd","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timesyncd.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt","before":["File[/etc/systemd/timesyncd.conf]"]}},{"type":"File","title":"/etc/systemd/timesyncd.conf","tags":["file","class","systemd::timesyncd","systemd","timesyncd","profile::systemd::timesyncd","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timesyncd.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0444","owner":"root","group":"root","content":"## THIS FILE IS MANAGED BY PUPPET\n\n[Time]\nServers=ntp-5.cloudinfra.eqiad1.wikimedia.cloud ntp-6.cloudinfra.eqiad1.wikimedia.cloud\n","notify":["Service[systemd-timesyncd]"]}},{"type":"Service","title":"systemd-timesyncd","tags":["service","systemd-timesyncd","class","systemd::timesyncd","systemd","timesyncd","profile::systemd::timesyncd","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timesyncd.pp","line":27,"exported":false,"kind":"compilable_type","parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Unit","title":"systemd-timesyncd.service","tags":["systemd::unit","systemd","unit","systemd-timesyncd.service","class","profile::systemd::timesyncd","profile","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/systemd/timesyncd.pp","line":25,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Service]\nInaccessiblePaths=-/mnt\n","restart":true,"override":true,"unit":"systemd-timesyncd.service","override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Unit","title":"systemd-timedated.service","tags":["systemd::unit","systemd","unit","systemd-timedated.service","class","profile::systemd::timesyncd","profile","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/systemd/timesyncd.pp","line":31,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Service]\nInaccessiblePaths=-/mnt\n","restart":true,"override":true,"unit":"systemd-timedated.service","override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Profile::Auto_restarts::Service","title":"systemd-timesyncd","tags":["profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","systemd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/systemd/timesyncd.pp","line":37,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Class","title":"Grub::Defaults","tags":["class","grub::defaults","grub","defaults","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":60,"exported":false,"kind":"class"},{"type":"Class","title":"Grub","tags":["class","grub","grub::defaults","defaults","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Exec","title":"update-grub","tags":["exec","update-grub","class","grub","grub::defaults","defaults","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/grub/manifests/init.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"refreshonly":true,"path":"/bin:/usr/bin:/sbin:/usr/sbin"}},{"type":"Augeas","title":"grub2","tags":["augeas","grub2","class","grub::defaults","grub","defaults","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/grub/manifests/defaults.pp","line":17,"exported":false,"kind":"compilable_type","parameters":{"incl":"/etc/default/grub","lens":"Shellvars_list.lns","changes":["set GRUB_TERMINAL/quote '\"'","set GRUB_TERMINAL/value[1] console","set GRUB_TERMINAL/value[2] serial","rm GRUB_CMDLINE_LINUX_DEFAULT/value[. = \"quiet\"]","rm GRUB_CMDLINE_LINUX_DEFAULT/value[. = \"splash\"]"],"notify":"Exec[update-grub]"}},{"type":"Class","title":"Passwords::Root","tags":["class","passwords::root","passwords","root","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Network::Constants","tags":["class","network::constants","network","constants","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Profile::Resolving","tags":["class","profile::resolving","profile","resolving","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"timeout":1,"ndots":1,"attempts":3,"disable_resolvconf":true,"disable_dhcpupdates":true,"domain_search":["deployment-prep.eqiad1.wikimedia.cloud","deployment-prep.eqiad1.wikimedia.cloud"],"nameservers":["172.20.255.1"]}},{"type":"Class","title":"Resolvconf","tags":["class","resolvconf","profile::resolving","profile","resolving","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/resolving.pp","line":11,"exported":false,"kind":"class","parameters":{"domain_search":["deployment-prep.eqiad1.wikimedia.cloud","deployment-prep.eqiad1.wikimedia.cloud"],"nameservers":["172.20.255.1"],"timeout":1,"attempts":3,"ndots":1,"disable_resolvconf":true,"disable_dhcpupdates":true,"manage_resolv_conf":true}},{"type":"File","title":"/sbin/resolvconf","tags":["file","class","resolvconf","profile::resolving","profile","resolving","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/resolvconf/manifests/init.pp","line":23,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0555","source":"puppet:///modules/resolvconf/resolvconf.dummy"}},{"type":"File","title":"/etc/dhcp/dhclient-enter-hooks.d","tags":["file","class","resolvconf","profile::resolving","profile","resolving","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/resolvconf/manifests/init.pp","line":31,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root"}},{"type":"File","title":"/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate","tags":["file","class","resolvconf","profile::resolving","profile","resolving","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/resolvconf/manifests/init.pp","line":35,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0555","source":"puppet:///modules/resolvconf/nodnsupdate"}},{"type":"File","title":"/etc/resolv.conf","tags":["file","class","resolvconf","profile::resolving","profile","resolving","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/resolvconf/manifests/init.pp","line":48,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"#####################################################################\n#### THIS FILE IS MANAGED BY PUPPET\n####  as template('resolvconf/resolv.conf.erb')\n#####################################################################\nsearch deployment-prep.eqiad1.wikimedia.cloud \noptions timeout:1 attempts:3 ndots:1\nnameserver 172.20.255.1\n"}},{"type":"Class","title":"Profile::Mail::Default_mail_relay","tags":["class","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"enabled":true,"template":"profile/mail/default_mail_relay/exim4.minimal.wmcs.erb","smarthosts":["mx-out-a.wmcloud.org","mx-out-b.wmcloud.org"],"mediawiki_smarthosts":["deployment-mx04.deployment-prep.eqiad1.wikimedia.cloud"]}},{"type":"Class","title":"Exim4","tags":["class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/mail/default_mail_relay.pp","line":13,"exported":false,"kind":"class","parameters":{"queuerunner":"combined","config":"# Minimal Exim 4 configuration file for Wikimedia Labs\n\n# Main configuration options\n\ncheck_spool_space = 50M\nremote_max_parallel = 10\n\n# Allow the -f cli option to work\nuntrusted_set_sender = *\nlocal_from_check = false\n\n# No frozen messages please\nignore_bounce_errors_after = 0h\n\nadd_environment = <; PATH=/bin:/usr/bin\nkeep_environment =\n\n# 4.87+ defaults to *, which errors if tls_certificate etc. is not present\ntls_advertise_hosts =\n\n# Logging\nlog_selector = +address_rewrite +all_parents +delivery_size +deliver_time +incoming_interface +incoming_port +smtp_confirmation +smtp_protocol_error +smtp_syntax_error\nmessage_logs = false\n\n# ACL\nacl_smtp_rcpt = acl_check_rcpt\n\nbegin acl\n\nacl_check_rcpt:\n\n\t# Accept from local interfaces\n\taccept hosts = @[]\n\nbegin routers\n\n# Redirect using /etc/aliases if it exists, blackhole otherwise\n\nsystem_aliases:\n\tdriver = redirect\n\tdomains = @\n\tdata = ${lookup{$local_part}lsearch{/etc/aliases}{$value}{:blackhole:}}\n\tqualify_domain = wmflabs.org\n\tallow_fail\n\tallow_defer\n\tforbid_file\n\nwiki_mail:\n\tdriver = manualroute\n\tcondition = ${if eqi{$header_X-Mailer:}{MediaWiki mailer}}\n\ttransport = remote_smtp\n\troute_list = * deployment-mx04.deployment-prep.eqiad1.wikimedia.cloud\n\n# Send all mail via a set of mail relays (\"smart hosts\")\n\nsmart_route:\n\tdriver = manualroute\n\ttransport = remote_smtp\n\troute_list = *\tmx-out-a.wmcloud.org:mx-out-b.wmcloud.org\n\n\nbegin transports\n\n# Generic remote SMTP transport\n\nremote_smtp:\n\tdriver = smtp\n\thosts_avoid_tls = <; 0.0.0.0/0 ; 0::0/0\n\n\nbegin retry\n\n*\t*\tF,2h,5m; F,1d,15m\n\n\nbegin rewrite\n\n# Rewrite the envelope From for mails from internal servers in *.wmnet,\n# as they are usually rejected by sender domain address verification.\n\n*@$primary_hostname\troot@wmcloud.org      F\n","variant":"light","config_dir":"/etc/exim4"}},{"type":"Package","title":"exim4-config","tags":["package","exim4-config","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"exim4-daemon-light","tags":["package","exim4-daemon-light","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","provider":"apt"}},{"type":"Service","title":"exim4","tags":["service","exim4","class","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":53,"exported":false,"kind":"compilable_type","parameters":{"ensure":"running","hasstatus":true,"require":"Package[exim4-daemon-light]"}},{"type":"File","title":"/etc/exim4/update-exim4.conf.conf","tags":["file","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":100,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"dc_eximconfig_configtype=none\n","require":"Package[exim4-config]"}},{"type":"File","title":"/etc/default/exim4","tags":["file","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":108,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# /etc/default/exim4\n# THIS FILE IS MANAGED BY PUPPET\n\nEX4DEF_VERSION=''\n\n# 'combined' -\t one daemon running queue and listening on SMTP port\n# 'no'       -\t no daemon running the queue\n# 'separate' -\t two separate daemons\n# 'ppp'      -   only run queue with /etc/ppp/ip-up.d/exim4.\n# 'nodaemon' - no daemon is started at all.\n# 'queueonly' - only a queue running daemon is started, no SMTP listener.\n# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4\nQUEUERUNNER='combined'\n# how often should we run the queue\nQUEUEINTERVAL='1m'\n# options common to quez-runner and listening daemon\nCOMMONOPTIONS=''\n# more options for the daemon/process running the queue (applies to the one\n# started in /etc/ppp/ip-up.d/exim4, too.\nQUEUERUNNEROPTIONS=''\n# special flags given to exim directly after the -q. See exim(8)\nQFLAGS=''\n# options for daemon listening on port 25\nSMTPLISTENEROPTIONS=''\n","require":"Package[exim4-config]"}},{"type":"File","title":"/etc/exim4/aliases","tags":["file","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":117,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"Debian-exim","mode":"0755","require":"Package[exim4-config]"}},{"type":"File","title":"/etc/exim4/dkim","tags":["file","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":125,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","purge":true,"owner":"root","group":"Debian-exim","mode":"0750","require":"Package[exim4-config]"}},{"type":"File","title":"/etc/exim4/system_filter","tags":["file","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":139,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"Debian-exim","mode":"0444","require":"Package[exim4-config]"}},{"type":"File","title":"/etc/exim4/exim4.conf","tags":["file","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":148,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"Debian-exim","mode":"0440","content":"# Minimal Exim 4 configuration file for Wikimedia Labs\n\n# Main configuration options\n\ncheck_spool_space = 50M\nremote_max_parallel = 10\n\n# Allow the -f cli option to work\nuntrusted_set_sender = *\nlocal_from_check = false\n\n# No frozen messages please\nignore_bounce_errors_after = 0h\n\nadd_environment = <; PATH=/bin:/usr/bin\nkeep_environment =\n\n# 4.87+ defaults to *, which errors if tls_certificate etc. is not present\ntls_advertise_hosts =\n\n# Logging\nlog_selector = +address_rewrite +all_parents +delivery_size +deliver_time +incoming_interface +incoming_port +smtp_confirmation +smtp_protocol_error +smtp_syntax_error\nmessage_logs = false\n\n# ACL\nacl_smtp_rcpt = acl_check_rcpt\n\nbegin acl\n\nacl_check_rcpt:\n\n\t# Accept from local interfaces\n\taccept hosts = @[]\n\nbegin routers\n\n# Redirect using /etc/aliases if it exists, blackhole otherwise\n\nsystem_aliases:\n\tdriver = redirect\n\tdomains = @\n\tdata = ${lookup{$local_part}lsearch{/etc/aliases}{$value}{:blackhole:}}\n\tqualify_domain = wmflabs.org\n\tallow_fail\n\tallow_defer\n\tforbid_file\n\nwiki_mail:\n\tdriver = manualroute\n\tcondition = ${if eqi{$header_X-Mailer:}{MediaWiki mailer}}\n\ttransport = remote_smtp\n\troute_list = * deployment-mx04.deployment-prep.eqiad1.wikimedia.cloud\n\n# Send all mail via a set of mail relays (\"smart hosts\")\n\nsmart_route:\n\tdriver = manualroute\n\ttransport = remote_smtp\n\troute_list = *\tmx-out-a.wmcloud.org:mx-out-b.wmcloud.org\n\n\nbegin transports\n\n# Generic remote SMTP transport\n\nremote_smtp:\n\tdriver = smtp\n\thosts_avoid_tls = <; 0.0.0.0/0 ; 0::0/0\n\n\nbegin retry\n\n*\t*\tF,2h,5m; F,1d,15m\n\n\nbegin rewrite\n\n# Rewrite the envelope From for mails from internal servers in *.wmnet,\n# as they are usually rejected by sender domain address verification.\n\n*@$primary_hostname\troot@wmcloud.org      F\n","require":"Package[exim4-config]","notify":"Service[exim4]"}},{"type":"Logrotate::Conf","title":"exim4-paniclog","tags":["logrotate::conf","logrotate","conf","exim4-paniclog","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/exim4/manifests/init.pp","line":159,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","source":"puppet:///modules/exim4/logrotate/exim4-paniclog"}},{"type":"Profile::Auto_restarts::Service","title":"exim4","tags":["profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/mail/default_mail_relay.pp","line":18,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Class","title":"Profile::Logrotate","tags":["class","profile::logrotate","profile","logrotate","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"hourly":false}},{"type":"Class","title":"Logrotate","tags":["class","logrotate","profile::logrotate","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/logrotate.pp","line":7,"exported":false,"kind":"class","parameters":{"hourly":false}},{"type":"Package","title":"logrotate","tags":["package","logrotate","class","profile::logrotate","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/init.pp","line":7,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Systemd::Unit","title":"logrotate.timer:hourly-override","tags":["systemd::unit","systemd","unit","logrotate.timer:hourly-override","class","logrotate","profile::logrotate","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/init.pp","line":15,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit":"logrotate.timer","override":true,"content":"[Unit]\nDescription=Rotation of log files\n[Timer]\nOnCalendar=\nOnCalendar=hourly\n","restart":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Class","title":"Profile::Prometheus::Node_exporter","tags":["class","profile::prometheus::node_exporter","profile","prometheus","node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Prometheus::Node_exporter","tags":["class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"ignored_fs_types":"^(overlay|autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|nfs.*|nsfs|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$","ignored_mount_points":"^/(sys|proc|dev|var/lib/docker/.+|var/lib/kubelet/.+|var/lib/containerd/.+|run/credentials)($|/)","netstat_fields":"^(.*)","vmstat_fields":"^(.*)","collectors_extra":[],"collector_ntp_server":"127.0.0.1","web_listen_address":":9100"}},{"type":"Package","title":"prometheus-node-exporter","tags":["package","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_exporter.pp","line":47,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"File","title":"/etc/default/prometheus-node-exporter","tags":["file","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_exporter.pp","line":54,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0444","owner":"root","group":"root","content":"# Generated by Puppet -- do not modify\nARGS=\"--collector.buddyinfo \\\n --collector.conntrack \\\n --collector.diskstats \\\n --collector.edac \\\n --collector.entropy \\\n --collector.filefd \\\n --collector.filesystem \\\n --collector.filesystem.ignored-fs-types=^(overlay|autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|nfs.*|nsfs|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$ \\\n --collector.filesystem.ignored-mount-points=^/(sys|proc|dev|var/lib/docker/.+|var/lib/kubelet/.+|var/lib/containerd/.+|run/credentials)($|/) \\\n --collector.hwmon \\\n --collector.loadavg \\\n --collector.mdadm \\\n --collector.meminfo \\\n --collector.netdev \\\n --collector.netstat \\\n --collector.netstat.fields=^(.*) \\\n --collector.sockstat \\\n --collector.stat \\\n --collector.systemd.enable-restarts-metrics \\\n --collector.systemd.unit-exclude=.+\\.(automount|device|mount|scope|slice|target|timer) \\\n --collector.tcpstat \\\n --collector.textfile \\\n --collector.textfile.directory=/var/lib/prometheus/node.d \\\n --collector.time \\\n --collector.uname \\\n --collector.vmstat \\\n --collector.vmstat.fields=^(.*) \\\n --web.listen-address=:9100\"\n","notify":"Service[prometheus-node-exporter]"}},{"type":"Group","title":"prometheus-node-exporter","tags":["group","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_exporter.pp","line":66,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present"}},{"type":"File","title":"/var/lib/prometheus/node.d","tags":["file","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_exporter.pp","line":70,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","mode":"0770","owner":"prometheus","group":"prometheus-node-exporter","require":["Package[prometheus-node-exporter]","Group[prometheus-node-exporter]"]}},{"type":"Base::Service_unit","title":"prometheus-node-exporter","tags":["base::service_unit","base","service_unit","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_exporter.pp","line":79,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","refresh":true,"systemd_override":"[Service]\nGroup=prometheus-node-exporter\n","require":"Package[prometheus-node-exporter]","declare_service":true,"mask":false,"service_params":{}}},{"type":"Profile::Auto_restarts::Service","title":"prometheus-node-exporter","tags":["profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_exporter.pp","line":86,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Class","title":"Profile::Rsyslog","tags":["class","profile::rsyslog","profile","rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"logrotate_source":"puppet:///modules/profile/rsyslog/logrotate.conf"}},{"type":"Class","title":"Rsyslog","tags":["class","rsyslog","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/rsyslog.pp","line":7,"exported":false,"kind":"class"},{"type":"Package","title":"rsyslog","tags":["package","rsyslog","class","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/init.pp","line":8,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/etc/rsyslog.d","tags":["file","class","rsyslog","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/init.pp","line":10,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","source":"puppet:///modules/rsyslog/rsyslog.d-empty","owner":"root","group":"root","mode":"0755","recurse":true,"purge":true,"force":true,"ignore":"50-default.conf","require":"Package[rsyslog]","notify":"Service[rsyslog]"}},{"type":"Service","title":"rsyslog","tags":["service","rsyslog","class","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/init.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"running","require":"Package[rsyslog]"}},{"type":"File","title":"/etc/rsyslog.d/00-abort-unclean-config.conf","tags":["file","class","rsyslog","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/init.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","notify":"Service[rsyslog]","owner":"root","group":"root"}},{"type":"Profile::Auto_restarts::Service","title":"rsyslog","tags":["profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/init.pp","line":34,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Concat","title":"/etc/rsyslog.d/00-global.conf","tags":["concat","class","rsyslog","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/init.pp","line":37,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","order":"alpha","notify":"Service[rsyslog]","path":"/etc/rsyslog.d/00-global.conf","warn":false,"show_diff":true,"backup":"puppet","replace":true,"ensure_newline":false,"format":"plain","force":false}},{"type":"Concat::Fragment","title":"/etc/rsyslog.d/00-global.conf-header","tags":["concat::fragment","concat","fragment","class","rsyslog","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/init.pp","line":45,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/rsyslog.d/00-global.conf","order":"000","content":"global(\n"}},{"type":"Concat::Fragment","title":"/etc/rsyslog.d/00-global.conf-trailer","tags":["concat::fragment","concat","fragment","class","rsyslog","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/init.pp","line":50,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/rsyslog.d/00-global.conf","order":"zzz","content":")\n"}},{"type":"Concat::Fragment","title":"/etc/rsyslog.d/00-global.conf-parser.permitSlashInProgramName","tags":["concat::fragment","concat","fragment","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/functions/global_entry.pp","line":9,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/rsyslog.d/00-global.conf","order":"parser.permitSlashInProgramName","content":"  parser.permitSlashInProgramName=\"on\"\n"}},{"type":"Logrotate::Conf","title":"rsyslog","tags":["logrotate::conf","logrotate","conf","rsyslog","class","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/rsyslog.pp","line":9,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","source":"puppet:///modules/profile/rsyslog/logrotate.conf"}},{"type":"Class","title":"Profile::Syslog::Remote","tags":["class","profile::syslog::remote","profile","syslog","remote","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"enable":false,"central_hosts_tls":{},"send_logs":"auth-logs","queue_size":10000,"mtls_provider":"disabled","tls_server_auth":"x509/name","tls_netstream_driver":"ossl","tls_trusted_ca":"/etc/ssl/certs/ca-certificates.crt"}},{"type":"Class","title":"Profile::Prometheus::Rsyslog_exporter","tags":["class","profile::prometheus::rsyslog_exporter","profile","prometheus","rsyslog_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Prometheus::Rsyslog_exporter","title":"base","tags":["prometheus::rsyslog_exporter","prometheus","rsyslog_exporter","base","class","profile::prometheus::rsyslog_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/prometheus/rsyslog_exporter.pp","line":3,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","listen_address":"172.16.3.164","listen_port":9105}},{"type":"Class","title":"Profile::Prometheus::Cadvisor","tags":["class","profile::prometheus::cadvisor","profile","prometheus","cadvisor","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"ensure":"absent","metrics_enabled_extra":[]}},{"type":"Class","title":"Prometheus::Cadvisor","tags":["class","prometheus::cadvisor","prometheus","cadvisor","profile::prometheus::cadvisor","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/prometheus/cadvisor.pp","line":6,"exported":false,"kind":"class","parameters":{"port":4194,"ensure":"absent","metrics_enabled_extra":[],"listen_address":"172.16.3.164"}},{"type":"Package","title":"cadvisor","tags":["package","cadvisor","class","prometheus::cadvisor","prometheus","profile::prometheus::cadvisor","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/cadvisor.pp","line":27,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Systemd::Service","title":"cadvisor","tags":["systemd::service","systemd","service","cadvisor","class","prometheus::cadvisor","prometheus","profile::prometheus::cadvisor","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/cadvisor.pp","line":31,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# Disable Docker to stop collecting extra labels/info T337856\n[Service]\nExecStart=\nExecStart=/usr/bin/cadvisor --listen_ip=172.16.3.164 --port=4194 --enable_metrics=app,cpu,disk,diskIO,memory,network,oom_event,perf_event --docker=/dev/null\n","override":true,"restart":true,"subscribe":"Package[cadvisor]","unit_type":"service","monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Class","title":"Profile::Prometheus::Ethtool_exporter","tags":["class","profile::prometheus::ethtool_exporter","profile","prometheus","ethtool_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Base::Sysctl","tags":["class","base::sysctl","base","sysctl","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":115,"exported":false,"kind":"class","parameters":{"unprivileged_userns_clone":false,"default_rp_filter":1,"all_rp_filter":1,"tighten_ptrace":false}},{"type":"Sysctl::Parameters","title":"ubuntu defaults","tags":["sysctl::parameters","sysctl","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/sysctl.pp","line":12,"exported":false,"kind":"defined_type","parameters":{"values":{"kernel.printk":[4,4,1,7],"kernel.kptr_restrict":1,"net.ipv4.conf.default.rp_filter":1,"net.ipv4.conf.all.rp_filter":1,"net.ipv4.tcp_syncookies":1,"kernel.yama.ptrace_scope":1,"fs.protected_hardlinks":1,"fs.protected_symlinks":1,"vm.mmap_min_addr":65536},"priority":51,"ensure":"present","no_priority_prefix":false}},{"type":"Sysctl::Parameters","title":"wikimedia base","tags":["sysctl::parameters","sysctl","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/sysctl.pp","line":50,"exported":false,"kind":"defined_type","parameters":{"values":{"net.core.rmem_max":16777216,"net.core.wmem_max":16777216,"net.ipv4.tcp_rmem":[4096,87380,16777216],"net.ipv4.tcp_wmem":[4096,65536,16777216],"net.ipv4.tcp_no_metrics_save":1,"net.core.netdev_max_backlog":2500,"net.core.somaxconn":1024,"net.ipv4.tcp_max_syn_backlog":4096,"vm.swappiness":0,"net.ipv4.tcp_keepalive_time":300,"net.ipv4.tcp_keepalive_intvl":1,"net.ipv4.tcp_keepalive_probes":2,"net.ipv6.route.max_size":131072,"net.ipv4.tcp_challenge_ack_limit":987654321},"priority":60,"ensure":"present","no_priority_prefix":false}},{"type":"Sysctl::Parameters","title":"disable_unprivileged_bpf","tags":["sysctl::parameters","sysctl","parameters","disable_unprivileged_bpf","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/sysctl.pp","line":104,"exported":false,"kind":"defined_type","parameters":{"values":{"kernel.unprivileged_bpf_disabled":"1"},"ensure":"present","priority":70,"no_priority_prefix":false}},{"type":"Sysctl::Parameters","title":"unprivileged_userns_clone","tags":["sysctl::parameters","sysctl","parameters","unprivileged_userns_clone","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/sysctl.pp","line":115,"exported":false,"kind":"defined_type","parameters":{"values":{"kernel.unprivileged_userns_clone":"0"},"ensure":"present","priority":70,"no_priority_prefix":false}},{"type":"Sysctl::Parameters","title":"fastopen","tags":["sysctl::parameters","sysctl","parameters","fastopen","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/sysctl.pp","line":131,"exported":false,"kind":"defined_type","parameters":{"values":{"net.ipv4.tcp_fastopen_blackhole_timeout_sec":3600},"ensure":"present","priority":70,"no_priority_prefix":false}},{"type":"Sysctl::Parameters","title":"tcp_min_snd_mss","tags":["sysctl::parameters","sysctl","parameters","tcp_min_snd_mss","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/sysctl.pp","line":168,"exported":false,"kind":"defined_type","parameters":{"values":{"net.ipv4.route.min_pmtu":"576","net.ipv4.tcp_min_snd_mss":"536","net.ipv4.tcp_sack":1},"ensure":"present","priority":70,"no_priority_prefix":false}},{"type":"Class","title":"Motd","tags":["class","motd","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":121,"exported":false,"kind":"class","parameters":{"messages":{}}},{"type":"File","title":"/etc/motd","tags":["file","class","motd","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/motd/manifests/init.pp","line":10,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/etc/update-motd.d","tags":["file","class","motd","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/motd/manifests/init.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","recurse":true,"purge":true}},{"type":"Class","title":"Motd::Defaults","tags":["class","motd::defaults","motd","defaults","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Motd::Script","title":"header","tags":["motd::script","motd","script","header","class","motd::defaults","defaults","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/motd/manifests/defaults.pp","line":12,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":0,"content":"#!/bin/sh\nuname -snrvm\nlsb_release -s -d\n\n"}},{"type":"Motd::Script","title":"footer","tags":["motd::script","motd","script","footer","class","motd::defaults","defaults","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/motd/manifests/defaults.pp","line":19,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":99,"content":"#!/bin/sh\n[ -f /etc/motd.tail ] && cat /etc/motd.tail || true\n"}},{"type":"Motd::Script","title":"Check for restarts","tags":["motd::script","motd","script","class","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":123,"exported":false,"kind":"defined_type","parameters":{"priority":99,"source":"puppet:///modules/profile/motd/check_restarts.sh","ensure":"present"}},{"type":"Class","title":"Base::Standard_packages","tags":["class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":127,"exported":false,"kind":"class","parameters":{"remove_python2":true,"additional_purged_packages":[],"no_cron":true}},{"type":"Package","title":"acct","tags":["package","acct","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"byobu","tags":["package","byobu","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"colordiff","tags":["package","colordiff","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"curl","tags":["package","curl","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"debian-goodies","tags":["package","debian-goodies","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"ethtool","tags":["package","ethtool","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"gdb","tags":["package","gdb","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"gdisk","tags":["package","gdisk","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"git","tags":["package","git","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"htop","tags":["package","htop","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"httpry","tags":["package","httpry","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"iotop","tags":["package","iotop","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"iperf","tags":["package","iperf","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"jq","tags":["package","jq","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"libtemplate-perl","tags":["package","libtemplate-perl","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"lldpd","tags":["package","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"lshw","tags":["package","lshw","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"molly-guard","tags":["package","molly-guard","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"moreutils","tags":["package","moreutils","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"net-tools","tags":["package","net-tools","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"numactl","tags":["package","numactl","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"ncdu","tags":["package","ncdu","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"ngrep","tags":["package","ngrep","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"pigz","tags":["package","pigz","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"psmisc","tags":["package","psmisc","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"pv","tags":["package","pv","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3","tags":["package","python3","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"screen","tags":["package","screen","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"strace","tags":["package","strace","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"sysstat","tags":["package","sysstat","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"tcpdump","tags":["package","tcpdump","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"tmux","tags":["package","tmux","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"tree","tags":["package","tree","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"vim","tags":["package","vim","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"vim-addon-manager","tags":["package","vim-addon-manager","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"vim-scripts","tags":["package","vim-scripts","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"wipe","tags":["package","wipe","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"xfsprogs","tags":["package","xfsprogs","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"zsh","tags":["package","zsh","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"icdiff","tags":["package","icdiff","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"linux-perf","tags":["package","linux-perf","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"bsd-mailx","tags":["package","bsd-mailx","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"ack","tags":["package","ack","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"netcat-openbsd","tags":["package","netcat-openbsd","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"tshark","tags":["package","tshark","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"fzf","tags":["package","fzf","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"ripgrep","tags":["package","ripgrep","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"fd-find","tags":["package","fd-find","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"kitty-terminfo","tags":["package","kitty-terminfo","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"mtr-tiny","tags":["package","mtr-tiny","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"bat","tags":["package","bat","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"efibootmgr","tags":["package","efibootmgr","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"bind9-dnsutils","tags":["package","bind9-dnsutils","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":11,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"tzdata","tags":["package","tzdata","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":20,"exported":false,"kind":"compilable_type","parameters":{"ensure":"latest","provider":"apt"}},{"type":"Package","title":"python3-wmflib","tags":["package","python3-wmflib","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":22,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"quickstack","tags":["package","quickstack","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":43,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"dstat","tags":["package","dstat","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":55,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"apport","tags":["package","apport","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"command-not-found","tags":["package","command-not-found","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"command-not-found-data","tags":["package","command-not-found-data","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"ecryptfs-utils","tags":["package","ecryptfs-utils","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"mlocate","tags":["package","mlocate","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"os-prober","tags":["package","os-prober","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"python3-apport","tags":["package","python3-apport","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"wpasupplicant","tags":["package","wpasupplicant","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"apt-listchanges","tags":["package","apt-listchanges","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"purged","provider":"apt"}},{"type":"Package","title":"atop","tags":["package","atop","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":73,"exported":false,"kind":"compilable_type","parameters":{"ensure":"purged","provider":"apt"}},{"type":"Package","title":"libpython2.7","tags":["package","libpython2.7","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libpython2.7-dev","tags":["package","libpython2.7-dev","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libpython2.7-minimal","tags":["package","libpython2.7-minimal","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"python2.7","tags":["package","python2.7","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libpython2.7-stdlib","tags":["package","libpython2.7-stdlib","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"python2.7-dev","tags":["package","python2.7-dev","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"python2.7-minimal","tags":["package","python2.7-minimal","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"python2.7-dbg","tags":["package","python2.7-dbg","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"python2.7-doc","tags":["package","python2.7-doc","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"python2.7-examples","tags":["package","python2.7-examples","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libpython2.7-testsuite","tags":["package","libpython2.7-testsuite","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":83,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libsnmp30","tags":["package","libsnmp30","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libdns-export1104","tags":["package","libdns-export1104","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libdns1104","tags":["package","libdns1104","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libisc-export1100","tags":["package","libisc-export1100","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libisc1100","tags":["package","libisc1100","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"multiarch-support","tags":["package","multiarch-support","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libjson-c3","tags":["package","libjson-c3","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libpython3.7","tags":["package","libpython3.7","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libpython3.7-minimal","tags":["package","libpython3.7-minimal","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libpython3.7-stdlib","tags":["package","libpython3.7-stdlib","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"python3.7","tags":["package","python3.7","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"python3.7-minimal","tags":["package","python3.7-minimal","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libevent-2.1-6","tags":["package","libevent-2.1-6","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libwireshark11","tags":["package","libwireshark11","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libwiretap8","tags":["package","libwiretap8","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libwsutil9","tags":["package","libwsutil9","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libwscodecs2","tags":["package","libwscodecs2","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libperl5.28","tags":["package","libperl5.28","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libmpdec2","tags":["package","libmpdec2","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"perl-modules-5.28","tags":["package","perl-modules-5.28","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libhogweed4","tags":["package","libhogweed4","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libnettle6","tags":["package","libnettle6","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libprocps7","tags":["package","libprocps7","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libip6tc0","tags":["package","libip6tc0","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libip4tc0","tags":["package","libip4tc0","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"libiptc0","tags":["package","libiptc0","class","base::standard_packages","base","standard_packages","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":137,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Profile::Auto_restarts::Service","title":"lldpd","tags":["profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":140,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Profile::Auto_restarts::Service","title":"systemd-journald","tags":["profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/standard_packages.pp","line":155,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Class","title":"Profile::Environment","tags":["class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"ls_aliases":false,"export_systemd_env":true,"editor":"use_default","custom_skel_bashrc":"base/environment/skel/bashrc.erb","custom_skel_zshrc":"base/environment/skel/zshrc.erb","custom_bashrc":"base/environment/bash.bashrc.erb","wikimedia_domains":[],"no_proxy_domains":[],"skip_domains":[],"profile_scripts":{"field.sh":"puppet:///modules/base/environment/field.sh"},"variables":{}}},{"type":"File","title":"/etc/bash.bashrc","tags":["file","class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/environment.pp","line":52,"exported":false,"kind":"compilable_type","parameters":{"content":"#####################################################################\n#### THIS FILE IS MANAGED BY PUPPET\n####  as template('base/environment/bash.bashrc')\n#####################################################################\n\n# System-wide .bashrc file for interactive bash(1) shells.\n\n# To enable the settings / commands in this file for login shells as well,\n# this file has to be sourced in /etc/profile.\n\n# If not running interactively, don't do anything\n[ -z \"$PS1\" ] && return\n\n# check the window size after each command and, if necessary,\n# update the values of LINES and COLUMNS.\nshopt -s checkwinsize\n\n# make the larger history file, record a timestamp\nHISTSIZE=1000\nHISTFILESIZE=4000\nHISTTIMEFORMAT='%F %T '\n\n\n# set variable identifying the chroot you work in (used in the prompt below)\nif [ -z \"$debian_chroot\" ] && [ -r /etc/debian_chroot ]; then\n    debian_chroot=$(cat /etc/debian_chroot)\nfi\n\n# set a fancy prompt (non-color, overwrite the one in /etc/profile)\n\n\nexport INSTANCENAME=deployment-cache-text08\n\nPS1='${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ '\n\n\nexport INSTANCEPROJECT=deployment-prep\n\n\n# Commented out, don't overwrite xterm -T \"title\" -n \"icontitle\" by default.\n# If this is an xterm set the title to user@host:dir\n#case \"$TERM\" in\n#xterm*|rxvt*)\n#    PROMPT_COMMAND='echo -ne \"\\033]0;${USER}@${HOSTNAME}: ${PWD}\\007\"'\n#    ;;\n#*)\n#    ;;\n#esac\n\n# enable bash completion in interactive shells\n#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then\n#    . /etc/bash_completion\n#fi\n\n# sudo hint\nif [ ! -e \"$HOME/.sudo_as_admin_successful\" ]; then\n    case \" $(groups) \" in *\\ admin\\ *)\n    if [ -x /usr/bin/sudo ]; then\n\tcat <<-EOF\n\tTo run a command as administrator (user \"root\"), use \"sudo <command>\".\n\tSee \"man sudo_root\" for details.\n\t\n\tEOF\n    fi\n    esac\nfi\n\n# if the command-not-found package is installed, use it\nif [ -x /usr/lib/command-not-found -o -x /usr/share/command-not-found ]; then\n\tfunction command_not_found_handle {\n\t        # check because c-n-f could've been removed in the meantime\n                if [ -x /usr/lib/command-not-found ]; then\n\t\t   /usr/bin/python /usr/lib/command-not-found -- $1\n                   return $?\n                elif [ -x /usr/share/command-not-found ]; then\n\t\t   /usr/bin/python /usr/share/command-not-found -- $1\n                   return $?\n\t\telse\n\t\t   return 127\n\t\tfi\n\t}\nfi\n","owner":"root","group":"root","mode":"0644"}},{"type":"File","title":"/etc/skel/.bashrc","tags":["file","class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/environment.pp","line":60,"exported":false,"kind":"compilable_type","parameters":{"content":"# ~/.bashrc: executed by bash(1) for non-login shells.\n# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)\n# for examples\n\n# If not running interactively, don't do anything\n[ -z \"$PS1\" ] && return\n\n# don't put duplicate lines in the history. See bash(1) for more options\n# ... or force ignoredups and ignorespace\nHISTCONTROL=ignoredups:ignorespace\n\n# append to the history file, don't overwrite it\nshopt -s histappend\n\n# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)\nHISTSIZE=1000\nHISTFILESIZE=2000\n\n# include timestamps in the history file\nHISTTIMEFORMAT='%F %T '\n\n# check the window size after each command and, if necessary,\n# update the values of LINES and COLUMNS.\nshopt -s checkwinsize\n\n# make less more friendly for non-text input files, see lesspipe(1)\n[ -x /usr/bin/lesspipe ] && eval \"$(SHELL=/bin/sh lesspipe)\"\n\n# set variable identifying the chroot you work in (used in the prompt below)\nif [ -z \"$debian_chroot\" ] && [ -r /etc/debian_chroot ]; then\n    debian_chroot=$(cat /etc/debian_chroot)\nfi\n\n# set a fancy prompt (non-color, unless we know we \"want\" color)\ncase \"$TERM\" in\n    xterm-color) color_prompt=yes;;\n    xterm-256color) color_prompt=yes;;\nesac\n\n# uncomment for a colored prompt, if the terminal has the capability; turned\n# off by default to not distract the user: the focus in a terminal window\n# should be on the output of commands, not on the prompt\n#force_color_prompt=yes\n\nif [ -n \"$force_color_prompt\" ]; then\n    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then\n\t# We have color support; assume it's compliant with Ecma-48\n\t# (ISO/IEC-6429). (Lack of such support is extremely rare, and such\n\t# a case would tend to support setf rather than setaf.)\n\tcolor_prompt=yes\n    else\n\tcolor_prompt=\n    fi\nfi\n\nif [ \"$color_prompt\" = yes ]; then\n    PS1='${debian_chroot:+($debian_chroot)}\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '\nelse\n    PS1='${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ '\nfi\nunset color_prompt force_color_prompt\n\n# If this is an xterm set the title to user@host:dir\ncase \"$TERM\" in\nxterm*|rxvt*)\n    PS1=\"\\[\\e]0;${debian_chroot:+($debian_chroot)}\\u@\\h: \\w\\a\\]$PS1\"\n    ;;\n*)\n    ;;\nesac\n\n# enable color support of ls and also add handy aliases\nif [ -x /usr/bin/dircolors ]; then\n    test -r ~/.dircolors && eval \"$(dircolors -b ~/.dircolors)\" || eval \"$(dircolors -b)\"\n    alias ls='ls --color=auto'\n    #alias dir='dir --color=auto'\n    #alias vdir='vdir --color=auto'\n\n    alias grep='grep --color=auto'\n    alias fgrep='fgrep --color=auto'\n    alias egrep='egrep --color=auto'\nfi\n\n# some more ls aliases\nalias ll='ls -alF'\nalias la='ls -A'\nalias l='ls -CF'\n\n# Alias definitions.\n# You may want to put all your additions into a separate file like\n# ~/.bash_aliases, instead of adding them here directly.\n# See /usr/share/doc/bash-doc/examples in the bash-doc package.\n\nif [ -f ~/.bash_aliases ]; then\n    . ~/.bash_aliases\nfi\n\n# enable programmable completion features (you don't need to enable\n# this, if it's already enabled in /etc/bash.bashrc and /etc/profile\n# sources /etc/bash.bashrc).\nif [ -f /etc/bash_completion ] && ! shopt -oq posix; then\n    . /etc/bash_completion\nfi\n","owner":"root","group":"root","mode":"0644"}},{"type":"File","title":"/etc/skel/.zshrc","tags":["file","class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/environment.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"content":"autoload -Uz promptinit\npromptinit\nautoload -Uz compinit\ncompinit\n\nbindkey -e\n\nPROMPT='%F{cyan}%m%f %F{green}%2~%f %(?.%F{green}.%F{red})%#%f '\nRPROMPT='[%F{yellow}%*%f]'\n\nsetopt histignorealldups sharehistory\n\n# Keep a jillion lines of history within the shell and save it to ~/.zsh_history:\nHISTSIZE=1000000\nSAVEHIST=1000000\nHISTFILE=~/.zsh_history\n\nsetopt appendhistory\nsetopt incappendhistory\nsetopt extended_history\nsetopt hist_expire_dups_first\nsetopt hist_ignore_space\n\n# slashes are words.\nWORDCHARS=${WORDCHARS/\\/}\n\n# Use modern completion system\nautoload -Uz compinit\ncompinit\n\neval \"$(dircolors -b)\"\nzstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}\nzstyle ':completion:*' list-colors ''\nzstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'\nzstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'\n\n### Functions imported from oh-my-ssh\n\n# ------------------------------------------------------------------------------\n# Description\n# -----------\n#\n# sudo or sudoedit will be inserted before the command\n#\n# ------------------------------------------------------------------------------\n# Authors\n# -------\n#\n# * Dongweiming <ciici123@gmail.com>\n#\n# ------------------------------------------------------------------------------\n\nsudo-command-line() {\n    [[ -z $BUFFER ]] && zle up-history\n    if [[ $BUFFER == sudo\\ * ]]; then\n        LBUFFER=\"${LBUFFER#sudo }\"\n    elif [[ $BUFFER == $EDITOR\\ * ]]; then\n        LBUFFER=\"${LBUFFER#$EDITOR }\"\n        LBUFFER=\"sudoedit $LBUFFER\"\n    elif [[ $BUFFER == sudoedit\\ * ]]; then\n        LBUFFER=\"${LBUFFER#sudoedit }\"\n        LBUFFER=\"$EDITOR $LBUFFER\"\n    else\n        LBUFFER=\"sudo $LBUFFER\"\n    fi\n}\nzle -N sudo-command-line\n# Defined shortcut keys: [Esc] [Esc]\nbindkey \"\\e\\e\" sudo-command-line\n\n# bind C-x C-e / C-x e to opening an editor for the current command\nautoload -U edit-command-line\nzle -N edit-command-line\nbindkey '^xe' edit-command-line\nbindkey '^x^e' edit-command-line\n","owner":"root","group":"root","mode":"0644"}},{"type":"File","title":"/etc/profile.d/field.sh","tags":["file","class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/environment.pp","line":84,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","source":"puppet:///modules/base/environment/field.sh"}},{"type":"File","title":"/etc/zsh/zshenv","tags":["file","class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/environment.pp","line":94,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","require":"Package[zsh]","content":"# /etc/zsh/zshenv: system-wide .zshenv file for zsh(1).\n#\n# This file is sourced on all invocations of the shell.\n# If the -f flag is present or if the NO_RCS option is\n# set within this file, all other initialization files\n# are skipped.\n#\n# This file should contain commands to set the command\n# search path, plus other important environment variables.\n# This file should not contain commands that produce\n# output or assume the shell is attached to a tty.\n#\n# Global Order: zshenv, zprofile, zshrc, zlogin\n\nif [[ -z \"$PATH\" || \"$PATH\" == \"/bin:/usr/bin\" ]]\nthen\n    export PATH=\"/usr/local/bin:/usr/bin:/bin:/usr/games\"\nfi\nsystemd_vars=$(/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator)\nif [ -n \"${systemd_vars}\" ]\nthen\n    export $systemd_vars\nfi\nfunction set-proxy {\n    export HTTP_PROXY=http://webproxy:8080\n    export HTTPS_PROXY=http://webproxy:8080\n    export http_proxy=http://webproxy:8080\n    export https_proxy=http://webproxy:8080\n    echo \"Proxy set\"\n}\nfunction unset-proxy {\n    unset HTTP_PROXY\n    unset HTTPS_PROXY\n    unset http_proxy\n    unset https_proxy\n    echo \"Proxy unset\"\n}"}},{"type":"File","title":"/etc/profile.d/systemd-environment.sh","tags":["file","class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/environment.pp","line":102,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","source":"puppet:///modules/profile/environment/systemd-environment.sh"}},{"type":"File","title":"/etc/wikimedia-cluster","tags":["file","class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/environment.pp","line":117,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"labs\n"}},{"type":"File","title":"/usr/local/bin/gen_fingerprints","tags":["file","class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/environment.pp","line":125,"exported":false,"kind":"compilable_type","parameters":{"source":"puppet:///modules/base/environment/gen_fingerprints","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/etc/vim/vimrc.local","tags":["file","class","profile::environment","profile","environment","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/environment.pp","line":133,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","source":"puppet:///modules/base/environment/vimrc.local","require":"Package[vim]"}},{"type":"Class","title":"Base::Sysctl::Core_dumps","tags":["class","base::sysctl::core_dumps","base","sysctl","core_dumps","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":134,"exported":false,"kind":"class","parameters":{"core_dump_pattern":"/data/project/cores/deployment-cache-text08-core.%h.%e.%p.%t"}},{"type":"File","title":"/var/tmp/core","tags":["file","class","base::sysctl::core_dumps","base","sysctl","core_dumps","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/sysctl/core_dumps.pp","line":4,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"1773"}},{"type":"Sysctl::Parameters","title":"core_dumps","tags":["sysctl::parameters","sysctl","parameters","core_dumps","class","base::sysctl::core_dumps","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/sysctl/core_dumps.pp","line":12,"exported":false,"kind":"defined_type","parameters":{"values":{"kernel.core_pattern":"/data/project/cores/deployment-cache-text08-core.%h.%e.%p.%t"},"require":"File[/var/tmp/core]","ensure":"present","priority":70,"no_priority_prefix":false}},{"type":"Tidy","title":"/var/tmp/core","tags":["tidy","class","base::sysctl::core_dumps","base","sysctl","core_dumps","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/sysctl/core_dumps.pp","line":19,"exported":false,"kind":"compilable_type","parameters":{"age":"1w","recurse":1,"matches":"core.*"}},{"type":"Class","title":"Profile::Ssh::Client","tags":["class","profile::ssh::client","profile","ssh","client","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"manage_ssh_keys":true,"manage_ssh_config":false,"hash_known_hosts":true,"gss_api_authentication":true,"gss_api_delegate_credentials":false,"send_env":["LANG","LC_*"],"extra_ssh_keys":{}}},{"type":"Class","title":"Ssh::Client","tags":["class","ssh::client","ssh","client","profile::ssh::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ssh/client.pp","line":23,"exported":false,"kind":"class","parameters":{"known_hosts":{},"manage_ssh_keys":true,"manage_ssh_config":false,"hash_known_hosts":true,"gss_api_authentication":true,"gss_api_delegate_credentials":false,"send_env":["LANG","LC_*"]}},{"type":"Package","title":"openssh-client","tags":["package","openssh-client","class","ssh::client","ssh","client","profile::ssh::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/client.pp","line":19,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/etc/ssh","tags":["file","class","ssh::client","ssh","client","profile::ssh::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/client.pp","line":21,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"Class","title":"Profile::Ssh::Server","tags":["class","profile::ssh::server","profile","ssh","server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"listen_ports":[22],"listen_addresses":[],"permit_root":true,"authorized_keys_file":["/etc/ssh/userkeys/%u","/etc/ssh/userkeys/%u.d/cumin"],"lookup_keys_from_ldap":true,"explicit_macs":true,"enable_kerberos":false,"disable_agent_forwarding":true,"gateway_ports":false,"accept_env":["LANG","LC_*"],"match_config":[],"enabled_key_types":["rsa","ecdsa","ed25519"],"puppetserver_ca_host_certs":true,"trusted_user_ca_keys":[],"host_keys":{},"host_certs":{},"authorized_principals":[]}},{"type":"Package","title":"python3-ldap","tags":["package","python3-ldap","class","profile::ssh::server","profile","ssh","server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ssh/server.pp","line":47,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/usr/sbin/ssh-key-ldap-lookup","tags":["file","class","profile::ssh::server","profile","ssh","server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ssh/server.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0555","source":"puppet:///modules/profile/ssh/server/ssh-key-ldap-lookup.py"}},{"type":"User","title":"ssh-key-ldap-lookup","tags":["user","ssh-key-ldap-lookup","class","profile::ssh::server","profile","ssh","server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ssh/server.pp","line":63,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","system":true,"home":"/nonexistent","shell":"/bin/false"}},{"type":"Class","title":"Ssh::Server","tags":["class","ssh::server","ssh","server","profile::ssh::server","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ssh/server.pp","line":87,"exported":false,"kind":"class","parameters":{"listen_ports":[22],"listen_addresses":[],"permit_root":true,"authorized_keys_file":["/etc/ssh/userkeys/%u","/etc/ssh/userkeys/%u.d/cumin"],"explicit_macs":true,"enable_kerberos":false,"disable_agent_forwarding":true,"gateway_ports":false,"accept_env":["LANG","LC_*"],"match_config":[],"enabled_key_types":["rsa","ecdsa","ed25519"],"puppetserver_ca_host_certs":true,"trusted_user_ca_keys":[],"host_keys":{},"host_certs":{},"authorized_keys_command":"/usr/sbin/ssh-key-ldap-lookup","authorized_keys_command_user":"ssh-key-ldap-lookup"}},{"type":"Package","title":"openssh-server","tags":["package","openssh-server","class","ssh::server","ssh","server","profile::ssh::server","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/server.pp","line":123,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Service","title":"ssh","tags":["service","ssh","class","ssh::server","server","profile::ssh::server","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/server.pp","line":127,"exported":false,"kind":"compilable_type","parameters":{"ensure":"running","subscribe":"File[/etc/ssh/sshd_config]"}},{"type":"Profile::Auto_restarts::Service","title":"ssh","tags":["profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/server.pp","line":132,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"File","title":"/etc/ssh/userkeys","tags":["file","class","ssh::server","ssh","server","profile::ssh::server","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/server.pp","line":134,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0444","recurse":true,"purge":true}},{"type":"File","title":"/run/sshd","tags":["file","class","ssh::server","ssh","server","profile::ssh::server","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/server.pp","line":146,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","mode":"0755","owner":"root","group":"root"}},{"type":"File","title":"/etc/ssh/sshd_config","tags":["file","class","ssh::server","ssh","server","profile::ssh::server","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/server.pp","line":189,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","content":"# This file is managed by puppet!\n# Package generated configuration file\n# See the sshd_config(5) manpage for details\n\n# What ports, IPs and protocols we listen for\nPort 22\n# Use these options to restrict which interfaces/protocols sshd will bind to\n#ListenAddress ::\n#ListenAddress 0.0.0.0\n# HostKeys for protocol version 2\nHostKey /etc/ssh/ssh_host_rsa_key\nHostKey /etc/ssh/ssh_host_ecdsa_key\nHostKey /etc/ssh/ssh_host_ed25519_key\n\n# Logging\nSyslogFacility AUTH\nLogLevel VERBOSE\n\n# Authentication:\nLoginGraceTime 120\nPermitRootLogin yes\n\n# Message Authentication codes\nMACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com\n\nStrictModes yes\n\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n\nPubkeyAuthentication yes\nAuthorizedKeysFile\t/etc/ssh/userkeys/%u /etc/ssh/userkeys/%u.d/cumin\n\n# Don't read the user's ~/.rhosts and ~/.shosts files\nIgnoreRhosts yes\n\nHostbasedAuthentication no\nIgnoreUserKnownHosts yes\n\n# To enable empty passwords, change to yes (NOT RECOMMENDED)\nPermitEmptyPasswords no\n\nChallengeResponseAuthentication no\n\n# Globally deny logon via password, only allow SSH-key login.\nPasswordAuthentication no\n\n# Don't allow people to forward their agents either.\nAllowAgentForwarding no\n\n# GSSAPIAuthentication off by default, GSSAPICleanupCredentials enabled by default\n\nX11DisplayOffset 10\nPrintMotd no\nPrintLastLog yes\nTCPKeepAlive yes\n\n\n#Banner /etc/issue.net\n\nAcceptEnv LANG LC_*\n\nSubsystem sftp /usr/lib/openssh/sftp-server\n\nUsePAM yes\n\nMatch user *,!root\n  AuthorizedKeysCommand /usr/sbin/ssh-key-ldap-lookup\n  AuthorizedKeysCommandUser ssh-key-ldap-lookup\n##\n## Anything below this point must start with a match declaration\n## or will only apply to the previous Matches above.\n##\n","validate_cmd":"/usr/sbin/sshd -t -f %","require":"Package[openssh-server]"}},{"type":"Class","title":"Base::Kernel","tags":["class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":142,"exported":false,"kind":"class","parameters":{"overlayfs":true}},{"type":"Kmod::Blacklist","title":"wmf_overlay","tags":["kmod::blacklist","kmod","blacklist","wmf_overlay","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/kernel.pp","line":19,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","modules":[],"rmmod":false}},{"type":"Kmod::Module","title":"overlay","tags":["kmod::module","kmod","module","overlay","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/kernel.pp","line":31,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Kmod::Blacklist","title":"wmf","tags":["kmod::blacklist","kmod","blacklist","wmf","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/kernel.pp","line":36,"exported":false,"kind":"defined_type","parameters":{"modules":["asn1_decoder","aufs","usbip-core","usbip-host","vhci-hcd","dccp","dccp_ipv6","dccp_ipv4","dccp_probe","dccp_diag","n_hdlc","intel_cstate","intel_rapl_perf","intel_uncore","macsec","parport","parport_pc","ppdev","acpi_power_meter","bluetooth","v4l2-common","floppy","cdrom","binder_linux","n_gsm","algif_aead","appletalk","rxrpc","nfc","esp4","esp6","tipc","atm","slip","slhc"],"ensure":"present","rmmod":false}},{"type":"Kmod::Blacklist","title":"wmf-filesystems","tags":["kmod::blacklist","kmod","blacklist","wmf-filesystems","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/kernel.pp","line":77,"exported":false,"kind":"defined_type","parameters":{"modules":["btrfs","erofs","exfat","f2fs","hfs","hfsplus","jfs","jffs2","nilfs2","orangefs","squashfs"],"ensure":"present","rmmod":false}},{"type":"Kmod::Blacklist","title":"wmf-network-schedulers","tags":["kmod::blacklist","kmod","blacklist","wmf-network-schedulers","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/kernel.pp","line":94,"exported":false,"kind":"defined_type","parameters":{"modules":["act_connmark","act_pedit","sch_red","sch_taprio"],"ensure":"present","rmmod":false}},{"type":"File","title":"/usr/local/bin/kernel-purge","tags":["file","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/kernel.pp","line":103,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0755","source":"puppet:///modules/base/kernel/kernel-purge.sh","owner":"root","group":"root"}},{"type":"Systemd::Timer::Job","title":"kernel-purge","tags":["systemd::timer::job","systemd","timer","job","kernel-purge","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/kernel.pp","line":109,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Purge unused kernels","user":"root","command":"/usr/local/bin/kernel-purge -p","interval":{"start":"OnCalendar","interval":"monthly"},"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Class","title":"Profile::Debdeploy::Client","tags":["class","profile::debdeploy::client","profile","debdeploy","client","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"ensure":"present","exclude_mounts":[],"exclude_filesystems":["nfs","nfs4"],"filter_services":{"qemu-system-x86":["*"]}}},{"type":"Class","title":"Debdeploy::Client","tags":["class","debdeploy::client","debdeploy","client","profile::debdeploy::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/debdeploy/client.pp","line":8,"exported":false,"kind":"class","parameters":{"ensure":"present","exclude_mounts":[],"exclude_filesystems":["nfs","nfs4"],"filter_services":{"qemu-system-x86":["*"]}}},{"type":"Package","title":"debdeploy-client","tags":["package","debdeploy-client","class","debdeploy::client","debdeploy","client","profile::debdeploy::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/debdeploy/manifests/client.pp","line":46,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-dateutil","tags":["package","python3-dateutil","class","debdeploy::client","debdeploy","client","profile::debdeploy::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/debdeploy/manifests/client.pp","line":46,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/usr/local/bin/apt-upgrade-activity","tags":["file","class","debdeploy::client","debdeploy","client","profile::debdeploy::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/debdeploy/manifests/client.pp","line":52,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","source":"puppet:///modules/base/apt-upgrade-activity.py","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/etc/debdeploy-client","tags":["file","class","debdeploy::client","debdeploy","client","profile::debdeploy::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/debdeploy/manifests/client.pp","line":62,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","recurse":true,"purge":true,"force":true,"owner":"root","group":"root"}},{"type":"File","title":"/etc/debdeploy-client/config.json","tags":["file","class","debdeploy::client","debdeploy","client","profile::debdeploy::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/debdeploy/manifests/client.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","content":"{\n  \"exclude_mounts\": [\n\n  ],\n  \"exclude_filesystems\": [\n    \"nfs\",\n    \"nfs4\"\n  ],\n  \"filter_services\": {\n    \"qemu-system-x86\": [\n      \"*\"\n    ]\n  }\n}\n","owner":"root","group":"root"}},{"type":"File","title":"/etc/debdeploy-client/autorestarts.conf","tags":["file","class","debdeploy::client","debdeploy","client","profile::debdeploy::client","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/debdeploy/manifests/client.pp","line":73,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0544"}},{"type":"Class","title":"Base::Initramfs","tags":["class","base::initramfs","base","initramfs","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":149,"exported":false,"kind":"class","parameters":{"sleep":"5s"}},{"type":"Initramfs::Script","title":"mdadm-sleep","tags":["initramfs::script","initramfs","script","mdadm-sleep","class","base::initramfs","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/initramfs.pp","line":2,"exported":false,"kind":"defined_type","parameters":{"boot_stage":"init-premount","content":"#!/bin/sh\n#\n# Workaround for boot-time race condition assembling raid arrays:\n# https://phabricator.wikimedia.org/T131961\n#\n# This file is managed by Puppet.\n\necho \"Waiting 5s for disks to show up (T131961)\"\nsleep 5s\nexit 0\n"}},{"type":"Class","title":"Profile::Auto_restarts","tags":["class","profile::auto_restarts","profile","auto_restarts","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"with_debdeploy":false}},{"type":"File","title":"/usr/local/sbin/wmf-auto-restart","tags":["file","class","profile::auto_restarts","profile","auto_restarts","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts.pp","line":10,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/base/wmf-auto-restart.py","owner":"root","group":"root","mode":"0555"}},{"type":"Class","title":"Prometheus::Node_debian_version","tags":["class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":152,"exported":false,"kind":"class","parameters":{"ensure":"present","outfile":"/var/lib/prometheus/node.d/debian_version.prom"}},{"type":"File","title":"/usr/local/bin/prometheus-debian-version","tags":["file","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_debian_version.pp","line":12,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/prometheus/usr/local/bin/prometheus-debian-version.sh"}},{"type":"Systemd::Timer::Job","title":"prometheus-debian-version-textfile","tags":["systemd::timer::job","systemd","timer","job","prometheus-debian-version-textfile","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_debian_version.pp","line":20,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Update Debian version stat exported by node_exporter","command":"/usr/local/bin/prometheus-debian-version /var/lib/prometheus/node.d/debian_version.prom","user":"root","logging_enabled":false,"require":["File[/usr/local/bin/prometheus-debian-version]"],"interval":{"start":"OnUnitInactiveSec","interval":"300s"},"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Class","title":"Prometheus::Node_dpkg_success","tags":["class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base.pp","line":153,"exported":false,"kind":"class","parameters":{"ensure":"present","outfile":"/var/lib/prometheus/node.d/dpkg.prom"}},{"type":"File","title":"/usr/local/bin/prometheus-dpkg-success","tags":["file","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_dpkg_success.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/prometheus/usr/local/bin/prometheus-dpkg-success.sh"}},{"type":"Systemd::Timer::Job","title":"prometheus-dpkg-success-textfile","tags":["systemd::timer::job","systemd","timer","job","prometheus-dpkg-success-textfile","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_dpkg_success.pp","line":21,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Update dpkg status exported by node_exporter","command":"/usr/local/bin/prometheus-dpkg-success /var/lib/prometheus/node.d/dpkg.prom","user":"prometheus","logging_enabled":false,"require":["File[/usr/local/bin/prometheus-dpkg-success]"],"interval":{"start":"OnCalendar","interval":"*:00/30:00"},"splay":1800,"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Class","title":"Apt::Unattendedupgrades","tags":["class","apt::unattendedupgrades","apt","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/labs.pp","line":16,"exported":false,"kind":"class","parameters":{"unattended_wmf":"present","unattended_distro":"present","unattended_osbpo":"present"}},{"type":"Package","title":"unattended-upgrades","tags":["package","unattended-upgrades","class","apt::unattendedupgrades","apt","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"File","title":"/etc/cron.daily/apt-show-versions","tags":["file","class","apt::unattendedupgrades","apt","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":18,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Package","title":"python3-apt","tags":["package","python3-apt","class","apt::unattendedupgrades","apt","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":22,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Apt::Conf","title":"dpkg-force-confdef","tags":["apt::conf","apt","conf","dpkg-force-confdef","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":28,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":"00","key":"Dpkg::Options::","value":"--force-confdef"}},{"type":"Apt::Conf","title":"dpkg-force-confold","tags":["apt::conf","apt","conf","dpkg-force-confold","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":37,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":"00","key":"Dpkg::Options::","value":"--force-confold"}},{"type":"Apt::Conf","title":"auto-upgrades","tags":["apt::conf","apt","conf","auto-upgrades","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":44,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":"20","key":"APT::Periodic::Unattended-Upgrade","value":"1"}},{"type":"Apt::Conf","title":"unattended-upgrades-updates","tags":["apt::conf","apt","conf","unattended-upgrades-updates","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":53,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":"52","key":"Unattended-Upgrade::Origins-Pattern::","value":"origin=${distro_id},codename=${distro_codename}-updates"}},{"type":"Apt::Conf","title":"unattended-upgrades-wikimedia","tags":["apt::conf","apt","conf","unattended-upgrades-wikimedia","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":66,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":"51","key":"Unattended-Upgrade::Origins-Pattern::","value":"origin=Wikimedia,codename=${distro_codename}-wikimedia"}},{"type":"Apt::Conf","title":"unattended-upgrades-osbpo","tags":["apt::conf","apt","conf","unattended-upgrades-osbpo","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":76,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":"52","key":"Unattended-Upgrade::Origins-Pattern::","value":"origin=osbpo"}},{"type":"Apt::Conf","title":"apt-autoclean","tags":["apt::conf","apt","conf","apt-autoclean","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":85,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":"52","key":"APT::Periodic::AutocleanInterval:","value":7}},{"type":"File","title":"/usr/local/sbin/report-pending-upgrades","tags":["file","class","apt::unattendedupgrades","apt","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":92,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/usr/local/sbin/apt-upgrade","tags":["file","class","apt::unattendedupgrades","apt","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/unattendedupgrades.pp","line":96,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0755","source":"puppet:///modules/apt/apt-upgrade.py","require":"Package[python3-apt]"}},{"type":"File","title":"/etc/default/acct","tags":["file","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/labs.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","source":"puppet:///modules/base/labs-acct.default"}},{"type":"File","title":"/etc/wikimedia","tags":["file","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/labs.pp","line":36,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root"}},{"type":"File","title":"/etc/default/nfs-common","tags":["file","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/labs.pp","line":41,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","source":"puppet:///modules/base/labs/nfs-common.default"}},{"type":"File","title":"/usr/local/sbin/notify_maintainers.py","tags":["file","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/labs.pp","line":49,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0544","source":"puppet:///modules/base/labs/notify_maintainers.py","before":"File[/usr/local/sbin/puppet_alert.py]"}},{"type":"File","title":"/usr/local/sbin/puppet_alert.py","tags":["file","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/labs.pp","line":58,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0544","source":"puppet:///modules/base/labs/puppet_alert.py"}},{"type":"Systemd::Timer::Job","title":"send_puppet_failure_emails","tags":["systemd::timer::job","systemd","timer","job","send_puppet_failure_emails","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/labs.pp","line":71,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"Send emails about Puppet failures","command":"/usr/local/sbin/puppet_alert.py","interval":{"start":"OnCalendar","interval":"*-*-* 08:15:00"},"logging_enabled":false,"user":"root","require":"File[/usr/local/sbin/puppet_alert.py]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Systemd::Timer::Job","title":"cleanup_puppet_client_bucket","tags":["systemd::timer::job","systemd","timer","job","cleanup_puppet_client_bucket","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/labs.pp","line":85,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"Delete old files from the puppet client bucket","command":"/usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -atime +14 -delete","interval":{"start":"OnUnitInactiveSec","interval":"24h"},"logging_enabled":false,"monitoring_enabled":false,"user":"root","environment":{},"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Class","title":"Profile::Openstack::Eqiad1::Observerenv","tags":["class","profile::openstack::eqiad1::observerenv","profile","openstack","eqiad1","observerenv","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"region":"eqiad1-r","keystone_api_fqdn":"openstack.eqiad1.wikimediacloud.org","observer_password":"Fs6Dq2RtG8KwmM2Z"}},{"type":"Class","title":"Profile::Openstack::Base::Observerenv","tags":["class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/eqiad1/observerenv.pp","line":7,"exported":false,"kind":"class","parameters":{"region":"eqiad1-r","keystone_api_fqdn":"openstack.eqiad1.wikimediacloud.org","os_password":"Fs6Dq2RtG8KwmM2Z","os_user":"novaobserver","os_project":"observer"}},{"type":"File","title":"/root/.config","tags":["file","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/wmflib/functions/dir/mkdir_p.pp","line":71,"kind":"compilable_type","exported":false,"parameters":{"ensure":"directory","mode":"0700","owner":"root","group":"root"}},{"type":"File","title":"/root/.config/openstack","tags":["file","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/wmflib/functions/dir/mkdir_p.pp","line":71,"kind":"compilable_type","exported":false,"parameters":{"ensure":"directory","mode":"0700","owner":"root","group":"root"}},{"type":"Concat","title":"/root/.config/openstack/clouds.yaml","tags":["concat","class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/base/observerenv.pp","line":15,"exported":false,"kind":"defined_type","parameters":{"mode":"0400","show_diff":false,"ensure":"present","path":"/root/.config/openstack/clouds.yaml","warn":false,"backup":"puppet","replace":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat::Fragment","title":"root_clouds_file_header","tags":["concat::fragment","concat","fragment","root_clouds_file_header","class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/base/observerenv.pp","line":20,"exported":false,"kind":"defined_type","parameters":{"target":"/root/.config/openstack/clouds.yaml","order":"01","content":"clouds:\n"}},{"type":"File","title":"/etc/openstack","tags":["file","class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/base/observerenv.pp","line":27,"kind":"compilable_type","exported":false,"parameters":{"ensure":"directory","mode":"0755","owner":"root","group":"root"}},{"type":"Concat","title":"/etc/openstack/clouds.yaml","tags":["concat","class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/base/observerenv.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"mode":"0444","show_diff":false,"ensure":"present","path":"/etc/openstack/clouds.yaml","warn":false,"backup":"puppet","replace":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat::Fragment","title":"observer_clouds_file_header","tags":["concat::fragment","concat","fragment","observer_clouds_file_header","class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/base/observerenv.pp","line":33,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/openstack/clouds.yaml","order":"01","content":"clouds:\n"}},{"type":"Openstack::Util::Envscript","title":"novaobserver","tags":["openstack::util::envscript","openstack","util","envscript","novaobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/base/observerenv.pp","line":39,"exported":false,"kind":"defined_type","parameters":{"region":"eqiad1-r","keystone_api_fqdn":"openstack.eqiad1.wikimediacloud.org","keystone_api_port":25000,"keystone_api_interface":"public","os_user":"novaobserver","os_password":"Fs6Dq2RtG8KwmM2Z","os_project":"observer","os_project_domain_id":"default","os_user_domain_id":"default","scriptpath":"/usr/local/bin/observerenv.sh","yaml_mode":"0444","clouds_files":["/etc/openstack/clouds.yaml","/root/.config/openstack/clouds.yaml"],"os_db_password":"","do_script":true}},{"type":"Openstack::Util::Envscript","title":"ossystemobserver","tags":["openstack::util::envscript","openstack","util","envscript","ossystemobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/base/observerenv.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"region":"eqiad1-r","keystone_api_fqdn":"openstack.eqiad1.wikimediacloud.org","keystone_api_port":25000,"keystone_api_interface":"public","os_user":"novaobserver","os_password":"Fs6Dq2RtG8KwmM2Z","os_project_domain_id":"default","os_user_domain_id":"default","scriptpath":"/usr/local/bin/osobserverenv.sh","yaml_mode":"0444","clouds_files":["/etc/openstack/clouds.yaml","/root/.config/openstack/clouds.yaml"],"os_system_scope":"all","os_db_password":"","do_script":true}},{"type":"Class","title":"Profile::Openstack::Eqiad1::Clientpackages::Vms","tags":["class","profile::openstack::eqiad1::clientpackages::vms","profile","openstack","eqiad1","clientpackages","vms","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Profile::Openstack::Base::Clientpackages::Vms","tags":["class","profile::openstack::base::clientpackages::vms","profile","openstack","base","clientpackages","vms","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/eqiad1/clientpackages/vms.pp","line":6,"exported":false,"kind":"class"},{"type":"Class","title":"Openstack::Clientpackages::Vms::Common","tags":["class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/base/clientpackages/vms.pp","line":5,"exported":false,"kind":"class"},{"type":"Package","title":"python3-novaclient","tags":["package","python3-novaclient","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-glanceclient","tags":["package","python3-glanceclient","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-keystoneauth1","tags":["package","python3-keystoneauth1","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-keystoneclient","tags":["package","python3-keystoneclient","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-openstackclient","tags":["package","python3-openstackclient","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-designateclient","tags":["package","python3-designateclient","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-neutronclient","tags":["package","python3-neutronclient","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-tenacity","tags":["package","python3-tenacity","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-troveclient","tags":["package","python3-troveclient","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-netaddr","tags":["package","python3-netaddr","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/usr/lib/python3/dist-packages/mwopenstackclients.py","tags":["file","class","openstack::clientpackages::vms::common","openstack","clientpackages","vms","common","profile::openstack::base::clientpackages::vms","profile","base","profile::openstack::eqiad1::clientpackages::vms","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/clientpackages/vms/common.pp","line":22,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/openstack/clientpackages/mwopenstackclients.py","mode":"0755","owner":"root","group":"root"}},{"type":"Class","title":"Profile::Openstack::Eqiad1::Cumin::Target","tags":["class","profile::openstack::eqiad1::cumin::target","profile","openstack","eqiad1","cumin","target","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown","parameters":{"project_masters":["172.16.2.62"],"project_pub_key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHMS6pXywYSw1kaZQivozB8qUx0vd1gqiAnVqJuS365B root@deployment-cumin","cluster":"cache_text","site":"eqiad","cumin_masters":["172.16.1.220"],"permit_port_forwarding":false,"require":["Class[Network::Constants]"]}},{"type":"Class","title":"Cumin::Selector","tags":["class","cumin::selector","cumin","selector","profile::openstack::eqiad1::cumin::target","profile","openstack","eqiad1","target","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/eqiad1/cumin/target.pp","line":26,"exported":false,"kind":"class","parameters":{"cluster":"cache_text","site":"eqiad"}},{"type":"Ssh::Userkey","title":"root-cumin","tags":["ssh::userkey","ssh","userkey","root-cumin","class","profile::openstack::eqiad1::cumin::target","profile","openstack","eqiad1","cumin","target","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/eqiad1/cumin/target.pp","line":35,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","skey":"cumin","content":"# Cumin Masters.\nfrom=\"172.16.1.220\",no-agent-forwarding,no-port-forwarding,no-x11-forwarding,no-user-rc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcav+ECiF6hW2XRuP7R8nqDw4hPlD0OChsGvB6K27jK root@cloudinfra-internal-puppetmaster-02\n\nfrom=\"172.16.2.62\",no-agent-forwarding,no-port-forwarding,no-x11-forwarding,no-user-rc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHMS6pXywYSw1kaZQivozB8qUx0vd1gqiAnVqJuS365B root@deployment-cumin\n"}},{"type":"Firewall::Service","title":"ssh-from-cumin-project-masters","tags":["firewall::service","firewall","service","ssh-from-cumin-project-masters","class","profile::openstack::eqiad1::cumin::target","profile","openstack","eqiad1","cumin","target","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/eqiad1/cumin/target.pp","line":43,"exported":false,"kind":"defined_type","parameters":{"proto":"tcp","port":22,"srange":["172.16.2.62"],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false}},{"type":"File","title":"/usr/local/sbin/reboot-host","tags":["file","class","profile::openstack::eqiad1::cumin::target","profile","openstack","eqiad1","cumin","target","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/openstack/eqiad1/cumin/target.pp","line":51,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0550","source":"puppet:///modules/cumin/reboot-host"}},{"type":"Class","title":"Profile::Wmcs::Instance","tags":["class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"exported":false,"kind":"unknown","parameters":{"mount_nfs":false,"metricsinfra_prometheus_nodes":["metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud","metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud"],"root_extra_keys":{"alex":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYxCqZkGys8gZB6Mq61Fw08CB7m1huxpnpII2ay3e0H krenair@gmail.com inspiron","bd808":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb8nsxA3thqd87nLu+1mA0Jc1KY90t5qW7N+jRQksc4NLzlFqBTrld+Qm2FRVbLm37HZ9TRBZb2nuTYJIZhkNU7rRPEKs3cIUbh1pB7BbYv0aJ3F0qBD6UtHqOUIJhqVNYJ/ssobzFh2QrcrOM3eS8PrIPtL/CQSUmKmUjG8zhCocAiQZDFeIQLSyGyCWVrRg14SPjED0+wIQTGoTtCabL4B5AlLcTf2L5ztDUtaoXDObUpDJ5Tw6VUUzDoUjV+Y5AtxK4erwLRHeFEcSzmWWl0Sruhnp/TzaF4vGijl6Wcyi2O9TClBhGmp7gTl4CtMj8MDDm+7NO3dQmQMseded1 bd808+labs@wmf-bd808-mbp01.local","hashar":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD4ubnKSlwi8C1V1JraoztiIae79gfD3s+n9l2EVNkgA6R/kcnJqi/2/oBkUaX1CpOLLWoj7TAQfNAnEt+O6HyQvNpJ8taA1RcssNwek+hDevg+YthBEQRpMhLIhC8WuW2fytc+ELQ903WL2+MKzeni5qH22LLSILkqYSHsb/aViE1JUo59PFLG26mcEluqpm8MogFCqYuFbfsM7RLzSTTZwHPhoKTpb7lPHKrdqfQP4q18SjcrRRf2HkkknF5iDRQv0ngHLAXG5o6H1iPVrDDc1lNY98eBYBwNlcSb73LQIvKDXvbLnpZZDExS6XJoZqHpyQPMtoNWHyJ2EN3RW7l hashar@postwater_labs","mobrovac":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr04C1g3grQJRwhOyrAic/xzW+2lxlxwjdTIY12HJs6aBvKTeUhwMLTxSMQ0nsFacnCcdTU1YcDYn0ypXxpd/v62uX4nbnw3goYSgKysmYlrHiQ+87GbQnBSe/j/0SvAF+oV9bB4EKGpGDK0hokfNKVzTpI2+0IbEAHK+Ag7+yIGYwWshLeoj1rTSzQCyFb1ELaXPt1OyAq37EYa+D9INA2aP4qHWHNSrAeG1FtJ3M4QDOIB/vB1UYE5i+XYeuugXlZzHXEkL5M1KbI5utPcBjpfncAmPGDLuiUKuBnDo85V75xpTmHQb485M4K1ZnqJ9XKnZT3NWDW2Fo+lvKU7VTw== doorman@istria-wifi.irisa.fr","samtar":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLCTKca4D7k/ta8wk5hdnxo8nLFRWnmDCwpM13/fi3W samtar@theresnotime.co.uk","taavi":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8XhfD1WmaiQuRG63R6pn+dhvVlyO9JPoDiA8vzcKer taavi@runko","twentyafterfour":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPe9i/PI48Xk3BwCBSJ3L/o4n8noRBEFrINAPLVw4SDPmMOgPu5/HyvdxWkS47li2PQnDx4EobYE4WErxdQ0nB/Fe43ZzWEFQ6RvWuuPAxUwEFcGhraDHFFQc/TLh7adtNA247jUhLCQN/O3Nb6Qq1RPuAZgF59UuWKPNwnSOCOyLV0zHvqhjUkWmDcCI7sln1Kbv+JiEKBrVyokpv18pgCgyKL54UvFRbVD/aU7qu1DyJCFZ0GTitqFX0OMHjEyCo2bGPFUAHBkbKn/lsNz4hXNjF9iorxBvl1ZXLCRMkdRJBA6xGgLGWPXBQOXbUTc+9ow05KH0kHmQu5lXez7CZ twentyafterfour@wikiafterfour"}}},{"type":"Package","title":"isc-dhcp-client","tags":["package","isc-dhcp-client","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":8,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"cloud-init","tags":["package","cloud-init","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":14,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Class","title":"Sudo","tags":["class","sudo","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":17,"exported":false,"kind":"class","parameters":{"purge_sudoers_d":false}},{"type":"Package","title":"sudo","tags":["package","sudo","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sudo/manifests/init.pp","line":7,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/etc/sudoers","tags":["file","class","sudo","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sudo/manifests/init.pp","line":11,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0440","owner":"root","group":"root","source":"puppet:///modules/sudo/sudoers","require":"Package[sudo]","validate_cmd":"/usr/sbin/visudo -c -f %"}},{"type":"File","title":"/etc/sudoers.d","tags":["file","class","sudo","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sudo/manifests/init.pp","line":21,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","purge":false,"recurse":false}},{"type":"File","title":"/etc/sudoers.d/README","tags":["file","class","sudo","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sudo/manifests/init.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Ssh::Userkey","title":"root","tags":["ssh::userkey","ssh","userkey","root","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":27,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# andrew\nssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApK6IC2VOrv0wvfmpf2gnoC0XnRX5R1lqb8gpdEhxzoKfDBG/56KDbsNXK8r2jqCJoaHjicDPQLsyjh00F4am62jzath0mC10iw2V/FhkmIZ3XP/43cmYrLBo9NAMxyYzX5pf6zwsmijkhPlbdUYe8Rd/4MWsFP9dOZ6l4d0mq3m/oEbcX5E27wAvwwDK6NJHRA5FCLLtCBKHVHa9yKAjtRJpv8uQ+9BiuEuLUGN5oAUWHtfsKY7FuaZq24rAwI3D2JAmgwI6Umv4zsv5uhwEIPBYyiMxrHb8li93vV/tPZlAHeOyId8mHfbUm5ZP+StuT0E1oG/y1O//yO4ph2c8kw== andrew@AndrewMacbook-5.local\n# ariel\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDcP8oXoJNHBmTowY1DlRWhK7N62sm3/9shxiRRSsdszLQ2erlYnyf+BTlIWsHMdZ07QjFJLGyLpt+KZxiYzS6ySUzRA4Ko/M6oziVM27woq7eOT7M6SvcbTXYoBc1IKz7ALl82duRKTakND8Vg3ZE0McMxopCa2EOx7CJlTjwNYRlu/wsfm6TbtmZ3fCKs+MnhIH+zn8SB0kejdAH1CFu971T7evZyB6AFH1+8n11JSX92VnNh4kV4Y6fHtDiFMivmWh8sI8XIVH6G1RLCwQp1I08VJ+C1kFDS/B1+C2q9akHt4ipcdlFFUX2q36Dw/AM5K5epN4ZUaWaQ4W9mRGR ariel@trouble.localdomain\n# bblack\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWW9uwYcsipz9usC1lypoB9c8ABd5AaSL1FcNWK4/FkInwlwEKRlaZXKHCY+g1vxhmKJgpr1qMnxgFf7msifCaVGrCk6gGy0wpsF8PJCrw+gKgWjjsxcp7p/BbHMxR13Ur+FNTMXq/eDburf6Namlu8BU6u677aJVjcpIpEH4IJvludSukOL12f2mmD+Hn3PljvqjLDg2APHcn/z2VKNEFAP8LCSXSFZWxoqn3oV3wlNXZgEsdP6Y4BZiNNLDpSyysMWFaE3Fr6vyQQTclj+gm9ZG8PUEvhO2Aa1O6bOojr6ZhFYjVRf9wr+4vs1M1GVjvFXr/k8XwXCf1R97S3mcl bb@neo-1\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCGhItrIJaWASfPf9rOdxixwgAAXYYJmmm0UOxcsTKzlls0EX/MMhDPrtm0iNX9l1IbKia6+OKDeSAdNoWVN56dqBXwRej/83vApawpAM1T9lBoWiCQXR2vwK96dp5EotStLW7iBgob57T7QpV2OPng4/G7q1PdRBOo8/vErD4tlxDiAhWDAXwRMypXfLPQePxaIv0vkpUQYsRB3vx7NX+rRpTtDDHz3Wm/37EeOqE3RqvLAfvOPUQ0739wgFUcYDDXNlD6C0sxMeZSUyKwWvAawIt+r4C6IgMVlt2l7J6CF5lUjmzJCL5DwtwF1Sw6xM0CEEaWbKPNQ44yv4kaPCKp bb@neo-2\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCPwFMvPEqUCks63fD+0UjgPjoIfkqoECOiJ3Cl1PJMwLADldAMZEPBhwjyJT11sKP4bvCqcVb/HVooED1zmQmF1urSycopkMj02FMIXZRSfvOWA2evTHNPeNR+/7dvSGgRqYggI5r+8d7gRB1YNedRoHq9d+1lWv5TpZ+TKr1ns0DekiFHXP4JCRC2U8/QxAriMcRywrbQ9Wpib5UCDKjlg7YmP29K9g7XdTkczyQCCOFSqEk2qRw4/lm1IACZXh9PBxy0CW2LuiNkkij5TBWMc+KDBqWwpETfIGFdSE0yzX9nCH9IsADj9MyaIMxS+Vtc96zS9ZR2HaFMaWIGFB2h bb@neo-3\n# oblivian\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCf8yZc/+/LiiIXkweNACUDMYNezKpexv7W8d4xlUweCcnZeyVvdiVl/LoFySvf7G08shDXQrxhqnc9xA6ulGokfHLOjAoqEuwlVwA1Xjbyb7KSOA2PNLDG9kzQ36wQyaSIgSDZegA+3O1oi3Jp/oVfSaqN1zk+8/Jl1kUAsv5S2264lsQR1y34AHhL4txkn6lH4nxjBBl+nvspU/FPInsLrCprCvecR7OT5+kUJF4rEeiGqx1gu7Etd/4AQzb+csYXp3LKUYhW+6kxEhUbGhFRG+GYtwD5oYFwSR7CmqrYvthfaMmnG9JzvIJvGmEv9gIFAivNsodlJzR0ZZ1ya24UvEwpnHmgcPBgLI1tPGJT//p8P7Xd04KPHgbN1VG21s89gjNCvEErwR8lkTveFRBZ8I0D/ipVFP4fHcA+jx6Lit/krIcexZ3CN0Bfpr9rEiFOGMx081HvD6R3x2ZablNb3GA/lscUs3r18QdQDGazj2+4PkrgbCAl0pt52Pun9/uajQpfHEgkaO6CHMrdX9FR169D86ZDf3W7lV0SPjITDeHHFBFzzrVrju4xt01ybYsUiWaS+PZAeQEDgZ1156sH8RSm7/Oi18U++S/upN7csJfDwSwOss9ReJNn+tXMr+uEjnuIL+Z2v0oCfujAcJIauX5UpEt5oXlhK+8BClRzXQ== joe@wikimedia.org\n# filippo\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAKIn//imkSjgvRePVLLZNZFjCVMNxixkzAWH+UAnKPetUCHka1EyywyQGK373fB0nQj90L5gkcChZ5iua991PG0wdQNBZYbRbgHXGVut8FdfbAKqqDE7TYCJGE23i+0LO+6mtnEqgaNjd9pAdBBflj/Nfb15qiwvWS1LwGK2bKHEtIDbW+KqmTnjLvirhqIVpQEiOYgqfsmjECcWYvx/V4hZ/QkLLhxkTPp48zDe+aw7UVP31eWcLTRlEfL5S5jePNWsW3GWRttinb22PQwbiZ3PX5Ecb6uu0hvRjzYXmgk39/bultguIKX7rcBby3vC+OZxjCQ0XHwx7aYMd8Mwb fgiunchedi@wikimedia.org\n# gehel\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCex3gl0aBMD0eklv4jzNGjfZDjuffqinvaJ4j4lHfxA9YqcxyupxOpv/MRmb92sfOXsHY33RgfNTZ8dVFwMumbCLNMG53t+ugE0Cpg9X/Z7XvnASqW7+fMxUa7BjRGOIMANlJ77l0F2uDAh+6xdr2NjXk2kmRlS/whiz7E9hKa/Rrvs/pk5ocyYusxrBZlwA6a4PjvbE8majx5fB7266A0x8NWs2YDHJjHtTEx80y75bxo3mxw4LacLCSTNZDTeKVuMoglPR9u+2X0d3XtVpUkzHlcMjqg+AlU+AB116c8G1Vm2ha27e+v7yltE23mbkWGaN3izBrvPOv/B/ZVBRDV glederrey@wikimedia.org\n# bd808\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb8nsxA3thqd87nLu+1mA0Jc1KY90t5qW7N+jRQksc4NLzlFqBTrld+Qm2FRVbLm37HZ9TRBZb2nuTYJIZhkNU7rRPEKs3cIUbh1pB7BbYv0aJ3F0qBD6UtHqOUIJhqVNYJ/ssobzFh2QrcrOM3eS8PrIPtL/CQSUmKmUjG8zhCocAiQZDFeIQLSyGyCWVrRg14SPjED0+wIQTGoTtCabL4B5AlLcTf2L5ztDUtaoXDObUpDJ5Tw6VUUzDoUjV+Y5AtxK4erwLRHeFEcSzmWWl0Sruhnp/TzaF4vGijl6Wcyi2O9TClBhGmp7gTl4CtMj8MDDm+7NO3dQmQMseded1 bd808+labs@wmf-bd808-mbp01.local\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPMEDLnrPDVrPPfDHyrzse/UbZwqm9TYmvnPoTVl4Nzd bd808+wmcsroot@wmf-bd808-mbp02.local\n# herron\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHO09HkC/OUk+sWmDx0O15qiQXPHMM97zEC19o7tc8mh4vGTXCzbcIGj2Z18thLQZ9e2N5hzr2vmcQ4gOkiPsHEiIQXtIUK6zomSqrV3qFryaFAd2FCynsK2/xS1Lw7WXy+uCgjnsc8nckQS3rsJzQswucAQmXno65tvg/t+UbJOKZpxIofZAWwsCcZfhnNt65Mtt4PGHPy+STfL3E3aj47xHMk/TqZv7bj4QR++NLu2qpWwwnnG7SWgoqS3x/2m/OU8ui3UxKWEMvZouIZVblY50E0OG+Xs/bcndLhqKl0FSVPQVVWh9ZPJKCHXVoc1Ja3ZFFNcgBmuC/XqjnsDCGlcKWKiW0CbWRzGrJ0BCkydOf72cDB4EseGV3KeZLbxfEUVt1EOYuDEEmAXQVXTTBX3A5vyq9C1Bx1H7wSmzVUImZfw09236+Lzqr98SWV+pHOglSHgYfDq8CEJxjIo8oADmAoGu9uclOQJ/7Sp0XigUgUE44SPMRKUymwC9TTrblKtUR49gyoVHMtnH1blTUqNwFt5dcvLtHMKzDeXAlWILhdcDP7Ys+VBwOXsJ+txSLiktiI4+CKgz4XMY58jmSKPkbMBEQjzFDhujpsybUdswMEd2GcSidqw338MsCNTgDGlUPmB5LV4LQl7zh+hlHqCgfxNhIl9+zwIuw5IlnYQ==\n# volans\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGEc35gnlkmFVNRpZPFpUD6BE0ztk81TiqKcJaaTWwG rcoccioli@wikimedia.org\n# dzahn\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeSUaBOLv3ObiOPJ+72mTfOXOdSrRnzRnCV6vrVDTu803v/UkISPw77NW7kASkVAJmndGBM2g4l0garvfCACf4kAULfM7qvtblLRcKCLWmqNycEbUCqVmBh794yJryjsdZ1I3yxEJ2BsN68/Gu5H+S2lbf2v/LDHCAFS6kcwonbdZiKc+KHoePW53LsGU4J9f4tV+a4+7Rxus015yZcwga2gC8zySDoJUqbKJ4roXkFtJxC2Iv2tld7vO6/C2jl5dt18hDmi14h8L4Qogju4Ew4orDqjc06ErFayIsu4sOnmKYhK8zc+2+bB4jQpGjOtyeOzapXJgbDoSA/nfRa+8N dzahn@wikimedia.org\n# krenair\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjyQjatHRgTqYDmKtdneyNM8ujhXx2eso3U2oFIqTsyBCH6Svn7BU/xAGfXjgWSh75h7SjwsUmXWE9eyE/BF1rypsOVC5Tjy56i7anul6f0ffGKgnMWN8gKlIdiQY4WTCi+3UQiv5vLXKsFAPLvPOQIrcWZKHARJzjx0M5lcHxC95TXn8e85S9ZCXdBNSgQfPQU2/0oVH0E2IsHbxcA/WJBxCUc1YNGxFUNk3O4JbBZX4QXFa8K9HMxoGMuhVHmiF/RHu06JJdaPt0bvHLfYoSvnvEoW6zM16wLQpVeS46ZH7ED+dgKC/DZ1Y9uL2Q6BkYeWI4hu8ojh1VpVOTihLl Alex Monk Cloud VPS root\n# reedy\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCrbx9PQlWVrvYAw280ypYulMffcIUJnAXTgU7fWCEWD/k91133TJ15u5KhT6Kx1tS3aE+6Vb/5LpCxsre16OuVLZUH5qj+klAymysYpp1tR1UNKLNN8jQT07juPeHvsjjkixxwKRQeyojLnb+JdgTv8j7KztrdgcisB0o5hbLDiHSsMrRvFCDbTfDEKZgbWVHbLWztwy22RwYXZJm5YTRiW8YpuqZ1/PMAARku9B8Grm18JUZ53HwfLSiEWPOKo6vAfTxQHWhUYn+PV63oNhgWOtzLowaJ3OuiSTHF9YDKEV/6yzgHECjVSG+TO2eBkE1FKyEtfcU54z0Ej5jS5iu+P/GVhZNrw2CddxkgASRHUDw1sjeAtFP1bfQoFp0fmdHPTIJ84YqRTX6mVCVuG61gCgjgw3LxEPNRD52eDlkhk1f73sn7fbZQJ8lzSWj59r0mDt2Ja4hRYPjyJy1gr3Br6mjEdvCgRG9IUe12vAGdhxJFYJVSaD3y7HJHS1j5cyBdPNlnjlmpUfotoriAli9m01+0BEpkix80t4KzCF/q0o8lLcFviHzinmlP2Lfa9VrqMERNBokCREof1Emiv2o5g8yHLZgx6tb4pnKaBFk9AnnxyxlcX0ZwwVwaHZE7CQpBz+FmKIukei/+m3IMXWLdW7oZs3HUoxmMgRqq8BnP+w== sam@reedyboy.net\n# dcaro\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRLt5Ss9ykeA6uUfQdB+LeO80zqHND6FiG6aNZ79FaJwGSnVB0QdIvjZUbn6ubllLo/Xx0SfmWvbqp6HLwi5J5xZP21dkUAVDyWqHIbUvDwHrsxYhHw25OnkGE4i/uKzoT1LCCJHt8OF0tgcPLSQZwK9De4xVLgAmZrxWAUzPxLvHnTVsN6qOS6nRG3mgcol90Ny2F1lxIMrsbJEPd3Iso8l2GqCABIXatPPNjiqBel4mJ1VR88gx2vDg2Y8hJqeQ5EYFWincJENq8D812HnunkjKaej5VMK1vCq5H4Q+9UESBWQcT0qNfyRbzfaUuvgxrH0ZslT86yurejusxC8QV/stFzUSoPb7F+8bKkCJL7GmxjBGHOBZWh1Ez7fWys+lkA8Z/gIbq1mRuENkGFnxPazUykH+FV2dpc1x6FrMLpMf4yYKgvQzRTPFK/W9anAp/2CRrECIK21zG+pgARYWnXeWOhrfi5l0Glf5mgVBKmbSJhLPGzmVyfaPkdceLXNM= david@magnum\n# legoktm\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmqXuFvgPkaqh6tvQZK1ytr1QlD6bOeUubu+590pln8 legoktm@dev\n# taavi\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8XhfD1WmaiQuRG63R6pn+dhvVlyO9JPoDiA8vzcKer taavi@runko\nsk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGKMx+9WZk90oPWb+hTrZuMAtT59FEhhIao44FWerlC+AAAABHNzaDo= taavi@runko wmcs yk1\nsk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDOncihf8FADe8qnja41tv0naqemyOaevzNFZZxZF04xAAAABHNzaDo= taavi@runko wmcs yk2\n# cwhite\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCGUkHiLD7wRcTaDDOqTNwsTSuvmIAaBSggy7EXR/tQVhXPpRc91t/xl8nLtB4OBs9fG9R21HR4grjcSFxxSeFYguc5XDERtohLLIOu9nQcvYaYbRvOn2mh3y2Xonq2Jv/uHCZ1b76bp9fwA8rC/to5f6iOVz+ozSTEUwLVFr0310fXmgy7yt5QfXgT2iw4izEUv6n8aQFpUCojfzds58M2pw7vcuX2C/qVWX6MeF+n/SWTX4GNYk6CHfJ5dN+Kvq6d9KXk3xrsuE1y0cz7gUb1T0E8oMBxklTxvJgjFgBmjgkrV0w5bFUW66S0JNCW+Opw5wQVVTLxncCsvw6SrlRl6vMJoV5wId4uzEaJh4HCQrwkD+Uk7FwspexYkZvTsq2qTBr6l2UvL3GXxD01TcnKBgcsKtI4wciW6chGj/mxsQw8vFC0WFx/YrHa/0Ia3S5fpq/U1ZtmLuthgHW4Eg1TI2v2/DC9FJANwq9BBWodI4ODVbQ2K5VfAeSJdmIJ2PNjj+Asoc9Sa9pY6WKAhG/NH5Tf7DXlx8JLiHCYht+u7o/qvLDGcCguZW/+55vN3BD2Zl0xgTC86uE+/bCtMy5K3j8RYhxrjUkh67EwGYAgpTTEyUS/VBXxzsNJnlamPxvbU452YA/zPH8nWH5LfjLR6qzd+DPYwt9cO6QV6Vlxw== cwhite@wikimedia-org\n# fnegri\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaTGwp3a7MKGiA+N0biMiwlREs4nMcmKZRNvxZfgywA6saIu5VazlFqZWCNVamTUgVuyLD7vsbqYghHEOVkaDZSvvA+W3TYSNiqi/xff/aGhT8eDH8i8IFaV4UQEPW+HwM4qZmdikCsgoFQKpK7DQFcqYqDSsf0TGRh/qyZPmfC4MqUUFkV42eZxwlRhHOubxgG888rRlbebcekDW+Nx6g8aZowOYho0CiLOJT+nc6onWLsRZHg63kq9Ee3TVrm/RyY31NIOCOxBHqZ//TWyTZqOL4zwjyID2FMrtyXcA1+oav7MZYdz3zAcTR4TdHMM8fNfZsbF/jFEihiuslXwHA3kUM969h3WOEMhY2Gi9keweGA9VIx7251HBuLCJXkMmLbjzHLzWn0AxI4i26RMBMQq0WI3Qm3fcu6ItsjoTn6NxQya+o/HcDgj31E9gfujNAezJmXnKcR7PV52hDKX+fLTz/NlfDZSIN9WcZ+rQecTHbEo7rOj4SKNqlYla4eCc= fnegri@wikimedia.org\n# tstarling\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gmwMhe6S4EualYJVcisxJ+kH/VQdqtV0j0OHdj3ZBGtCop50DzMwDaVj5Hc/H+yxOjghd8lOODg5t5TT+GcBCRkbYA0ICspkpWepjHLVdYK/Y+hm3+UcWZ3yJMn6gL01KxvMQtvWqfpoGANitocteMiUh6quJ7uhU2DDdbs2wvocpZ/EvTo2kJoQqP3snf9qwDOhr5oES031asV8TZG6Zn9AQDOyrrYaVaxabYKgAz9gQfHsIi+xGYLQHDxG7AULbHQfStZvYHhyuuJt9i45fb7z1k9oRCb3XBaICjyhBFgTRLTPtdcOU5yHDRbpIZBmhZhARE4diek6JN0XJDhl yubikey2\n# alex\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYxCqZkGys8gZB6Mq61Fw08CB7m1huxpnpII2ay3e0H krenair@gmail.com inspiron\n# hashar\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD4ubnKSlwi8C1V1JraoztiIae79gfD3s+n9l2EVNkgA6R/kcnJqi/2/oBkUaX1CpOLLWoj7TAQfNAnEt+O6HyQvNpJ8taA1RcssNwek+hDevg+YthBEQRpMhLIhC8WuW2fytc+ELQ903WL2+MKzeni5qH22LLSILkqYSHsb/aViE1JUo59PFLG26mcEluqpm8MogFCqYuFbfsM7RLzSTTZwHPhoKTpb7lPHKrdqfQP4q18SjcrRRf2HkkknF5iDRQv0ngHLAXG5o6H1iPVrDDc1lNY98eBYBwNlcSb73LQIvKDXvbLnpZZDExS6XJoZqHpyQPMtoNWHyJ2EN3RW7l hashar@postwater_labs\n# mobrovac\nssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr04C1g3grQJRwhOyrAic/xzW+2lxlxwjdTIY12HJs6aBvKTeUhwMLTxSMQ0nsFacnCcdTU1YcDYn0ypXxpd/v62uX4nbnw3goYSgKysmYlrHiQ+87GbQnBSe/j/0SvAF+oV9bB4EKGpGDK0hokfNKVzTpI2+0IbEAHK+Ag7+yIGYwWshLeoj1rTSzQCyFb1ELaXPt1OyAq37EYa+D9INA2aP4qHWHNSrAeG1FtJ3M4QDOIB/vB1UYE5i+XYeuugXlZzHXEkL5M1KbI5utPcBjpfncAmPGDLuiUKuBnDo85V75xpTmHQb485M4K1ZnqJ9XKnZT3NWDW2Fo+lvKU7VTw== doorman@istria-wifi.irisa.fr\n# samtar\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLCTKca4D7k/ta8wk5hdnxo8nLFRWnmDCwpM13/fi3W samtar@theresnotime.co.uk\n# twentyafterfour\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPe9i/PI48Xk3BwCBSJ3L/o4n8noRBEFrINAPLVw4SDPmMOgPu5/HyvdxWkS47li2PQnDx4EobYE4WErxdQ0nB/Fe43ZzWEFQ6RvWuuPAxUwEFcGhraDHFFQc/TLh7adtNA247jUhLCQN/O3Nb6Qq1RPuAZgF59UuWKPNwnSOCOyLV0zHvqhjUkWmDcCI7sln1Kbv+JiEKBrVyokpv18pgCgyKL54UvFRbVD/aU7qu1DyJCFZ0GTitqFX0OMHjEyCo2bGPFUAHBkbKn/lsNz4hXNjF9iorxBvl1ZXLCRMkdRJBA6xGgLGWPXBQOXbUTc+9ow05KH0kHmQu5lXez7CZ twentyafterfour@wikiafterfour\n","user":"root"}},{"type":"Sudo::Group","title":"ops","tags":["sudo::group","sudo","group","ops","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":32,"exported":false,"kind":"defined_type","parameters":{"privileges":["ALL=(ALL) NOPASSWD: ALL"],"ensure":"present","group":"ops","require":["Class[Sudo]"]}},{"type":"File","title":"/etc/sudoers.d/T205463-disable-sudo-password-prompts","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":36,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0440","content":"Defaults passwd_tries=0,lecture=\"never\"\n","validate_cmd":"/usr/sbin/visudo -cqf %","require":"Class[Sudo]"}},{"type":"Class","title":"Profile::Ldap::Client::Labs","tags":["class","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":46,"exported":false,"kind":"class"},{"type":"Class","title":"Profile::Ldap::Client::Utils","tags":["class","profile::ldap::client::utils","profile","ldap","client","utils","profile::ldap::client::labs","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"exported":false,"kind":"unknown","parameters":{"labsldapconfig":{"proxypass":"Eche0ieng8UaNoo","script_user_pass":"ueThe7moh7Hah","hostname":"ldap-ro.eqiad.wikimedia.org"}}},{"type":"Class","title":"Ldap::Client::Config","tags":["class","ldap::client::config","ldap","client","config","profile::ldap::client::utils","profile","utils","profile::ldap::client::labs","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ldap/client/utils.pp","line":35,"exported":false,"kind":"class","parameters":{"servers":["ldap-ro.eqiad.wikimedia.org"],"base_dn":"dc=wikimedia,dc=org","proxy_pass":"Eche0ieng8UaNoo"}},{"type":"File","title":"/etc/ldap","tags":["file","class","ldap::client::config","ldap","client","config","profile::ldap::client::utils","profile","utils","profile::ldap::client::labs","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/config.pp","line":11,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/ldap/ldap.conf","tags":["file","class","ldap::client::config","ldap","client","config","profile::ldap::client::utils","profile","utils","profile::ldap::client::labs","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/config.pp","line":18,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"\nBASE            dc=wikimedia,dc=org\nURI             ldap://ldap-ro.eqiad.wikimedia.org:389\n# The next settings are not honored by OpenLDAP but are honored by sudo-ldap and /etc/sudo-ldap.conf is a symlink to /etc/ldap/ldap.conf\nBINDDN          cn=proxyagent,ou=profile,dc=wikimedia,dc=org\nBINDPW          Eche0ieng8UaNoo\n\nSSL             start_tls\nTLS_CHECKPEER   yes\nTLS_REQCERT     demand\nTLS_CACERTDIR   /etc/ssl/certs\nTLS_CACERTFILE  /etc/ssl/certs/ca-certificates.crt\nTLS_CACERT      /etc/ssl/certs/ca-certificates.crt\n"}},{"type":"Package","title":"ldap-utils","tags":["package","ldap-utils","class","profile::ldap::client::utils","profile","ldap","client","utils","profile::ldap::client::labs","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ldap/client/utils.pp","line":41,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Security::Access::Config","title":"labs-local","tags":["security::access::config","security","access","config","labs-local","class","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ldap/client/labs.pp","line":13,"exported":false,"kind":"defined_type","parameters":{"content":"+:ALL:LOCAL\n","priority":0,"ensure":"present"}},{"type":"Security::Access::Config","title":"labs-restrict-to-project","tags":["security::access::config","security","access","config","labs-restrict-to-project","class","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ldap/client/labs.pp","line":48,"exported":false,"kind":"defined_type","parameters":{"content":"-:ALL EXCEPT (project-deployment-prep) root:ALL\n","priority":99,"ensure":"present"}},{"type":"Class","title":"Ldap::Client::Sssd","tags":["class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ldap/client/labs.pp","line":54,"exported":false,"kind":"class","parameters":{"servers":["ldap-ro.eqiad.wikimedia.org"],"base_dn":"dc=wikimedia,dc=org","proxy_pass":"Eche0ieng8UaNoo","sudo_base_dn":"ou=sudoers,cn=deployment-prep,ou=projects,dc=wikimedia,dc=org","page_size":2000,"ca_file":"ca-certificates.crt"}},{"type":"File","title":"/etc/ldap.yaml","tags":["file","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":22,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","content":"---\nservers:\n- ldap-ro.eqiad.wikimedia.org\nbasedn: dc=wikimedia,dc=org\nuser: cn=proxyagent,ou=profile,dc=wikimedia,dc=org\npassword: Eche0ieng8UaNoo\n","owner":"root","group":"root"}},{"type":"Exec","title":"pam-auth-enable-mkhomedir","tags":["exec","pam-auth-enable-mkhomedir","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":44,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/sbin/pam-auth-update --force --enable mkhomedir","unless":"/bin/grep pam_mkhomedir.so /etc/pam.d/common-session","require":["Package[sssd]","Package[libpam-sss]"]}},{"type":"Package","title":"libpam-sss","tags":["package","libpam-sss","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Package","title":"libnss-sss","tags":["package","libnss-sss","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Package","title":"libsss-sudo","tags":["package","libsss-sudo","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Package","title":"sssd","tags":["package","sssd","class","ldap::client::sssd","ldap","client","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"File","title":"/etc/nsswitch.conf","tags":["file","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":54,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"passwd:         files sss\ngroup:          files sss\nshadow:         files sss\n\nhosts:          files dns\nnetworks:       files\n\nprotocols:      db files\nservices:       db files sss\nethers:         db files\nrpc:            db files\n\nnetgroup:       sss\nsudoers:        files sss\nautomount:      files sss\n","owner":"root","group":"root"}},{"type":"File","title":"/etc/sssd/sssd.conf","tags":["file","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0600","content":"[sssd]\n#debug_level=10\ndomains = wikimedia.org\ndefault_domain_suffix = wikimedia.org\nfull_name_format = %1$s\nconfig_file_version = 2\ntimeout = 30\n\n[sudo]\n#debug_level=10\ntimeout = 30\n\n[nss]\n#debug_level=10\nfilter_groups = root\nfilter_users = root\ntimeout = 30\n\n[pam]\n#debug_level=10\n# default to 0 days (no expiration)\noffline_credentials_expiration = 1\ntimeout = 30\n\n[ssh]\n#debug_level=10\ntimeout = 30\n\n[be]\ntimeout = 30\n\n[domain/wikimedia.org]\n#debug_level=10\nid_provider = ldap\nauth_provider = ldap\nldap_uri = ldap://ldap-ro.eqiad.wikimedia.org:389 , \nldap_default_bind_dn = cn=proxyagent,ou=profile,dc=wikimedia,dc=org\nldap_default_authtok = Eche0ieng8UaNoo\nldap_search_base = dc=wikimedia,dc=org\nldap_tls_reqcert = demand\nldap_id_use_start_tls = False\nldap_tls_cacertdir = /etc/openldap/cacerts\nldap_schema = rfc2307bis\nuse_fully_qualified_names = True\nldap_page_size = 2000\n# https://linux.die.net/man/5/sudoers.ldap\nsudo_provider = ldap\nldap_sudo_search_base = ou=sudoers,cn=deployment-prep,ou=projects,dc=wikimedia,dc=org\n# disable stuff not provided by LDAP (value of id_provider is used by default)\nselinux_provider = none\nautofs_provider = none\nsubdomains_provider = none\nhostid_provider = none\nldap_referrals = false\n#\n# cache options\n#\n# default to false, but make it explicit\ncache_credentials = False\n# default to false, but make it explicit\nenumerate = False\n# these next 2 are carried over from nscd\nentry_cache_user_timeout = 3600\nentry_cache_group_timeout = 300\n# sudo rules cache\nentry_cache_sudo_timeout = 3600\n## 5 minutes because new tools won't work until new sudoer rules are seen\n## Should stay in sync with entry_cache_group_timeout which is related\nldap_sudo_smart_refresh_interval = 300\nldap_sudo_full_refresh_interval = 5400\n# 5400 seconds (90 mins) is the default, but make it explicit\nentry_cache_timeout = 5400\nentry_cache_ssh_host_timeout = 5400\n# 1 day max time accounts can be in cache, default is 0 days (unlimited)\naccount_cache_expiration = 1\ntimeout = 30\n","notify":["Service[sssd]","Service[sssd-nss]","Service[sssd-pam]","Service[sssd-ssh]","Service[sssd-sudo]"],"require":"Package[sssd]"}},{"type":"Service","title":"sssd-nss","tags":["service","sssd-nss","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":82,"exported":false,"kind":"compilable_type"},{"type":"Service","title":"sssd-nss.socket","tags":["service","sssd-nss.socket","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":85,"exported":false,"kind":"compilable_type","parameters":{"enable":true}},{"type":"Service","title":"sssd-pam","tags":["service","sssd-pam","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":82,"exported":false,"kind":"compilable_type"},{"type":"Service","title":"sssd-pam.socket","tags":["service","sssd-pam.socket","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":85,"exported":false,"kind":"compilable_type","parameters":{"enable":true}},{"type":"Service","title":"sssd-ssh","tags":["service","sssd-ssh","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":82,"exported":false,"kind":"compilable_type"},{"type":"Service","title":"sssd-ssh.socket","tags":["service","sssd-ssh.socket","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":85,"exported":false,"kind":"compilable_type","parameters":{"enable":true}},{"type":"Service","title":"sssd-sudo","tags":["service","sssd-sudo","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":82,"exported":false,"kind":"compilable_type"},{"type":"Service","title":"sssd-sudo.socket","tags":["service","sssd-sudo.socket","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":85,"exported":false,"kind":"compilable_type","parameters":{"enable":true}},{"type":"Systemd::Override","title":"sssd-nss-auto-restart","tags":["systemd::override","systemd","override","sssd-nss-auto-restart","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":90,"exported":false,"kind":"defined_type","parameters":{"unit":"sssd-nss.service","source":"puppet:///modules/ldap/client/sssd/sssd-nss-auto-restart.override.service","ensure":"present","restart":false}},{"type":"Service","title":"sssd","tags":["service","sssd","class","ldap::client::sssd","ldap","client","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":95,"exported":false,"kind":"compilable_type","parameters":{"ensure":"running"}},{"type":"File","title":"/etc/ldap.conf","tags":["file","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":99,"exported":false,"kind":"compilable_type","parameters":{"content":"uri             ldap://ldap-ro.eqiad.wikimedia.org:389 \nbase            dc=wikimedia,dc=org\nbinddn          cn=proxyagent,ou=profile,dc=wikimedia,dc=org\nbindpw          Eche0ieng8UaNoo\npam_filter      objectclass=posixAccount\nnss_base_passwd ou=people,dc=wikimedia,dc=org\nnss_base_shadow ou=people,dc=wikimedia,dc=org\nnss_base_group  ou=groups,dc=wikimedia,dc=org\nnss_base_hosts  ou=hosts,dc=wikimedia,dc=org\nnss_base_netgroup     ou=netgroup,dc=wikimedia,dc=org\nnss_schema      rfc2307bis\nnss_map_attribute   uniquemember member\nnss_map_objectclass groupofuniquenames groupofnames\ntls_checkpeer   yes\ntls_cacertfile  /etc/ssl/certs/ca-certificates.crt\ntls_cacertdir   /etc/ssl/certs\nssl             start_tls\npam_password    clear\n","owner":"root","group":"root"}},{"type":"Package","title":"nscd","tags":["package","nscd","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":111,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"nslcd","tags":["package","nslcd","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":111,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Package","title":"sudo-ldap","tags":["package","sudo-ldap","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":111,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"File","title":"/etc/nscd.conf","tags":["file","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":121,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/etc/nslcd.conf","tags":["file","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":121,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/etc/sudo-ldap.conf","tags":["file","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ldap/manifests/client/sssd.pp","line":121,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Package","title":"libpam-ldapd","tags":["package","libpam-ldapd","class","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/ldap/client/labs.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"File","title":"/etc/wmcs-instancename","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":48,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"deployment-cache-text08\n"}},{"type":"File","title":"/etc/wmcs-project","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":54,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"deployment-prep\n"}},{"type":"File","title":"/etc/wmflabs-project","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":62,"exported":false,"kind":"compilable_type","parameters":{"ensure":"link","target":"/etc/wmcs-project","owner":"root","group":"root"}},{"type":"File","title":"/etc/wmflabs-instancename","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"ensure":"link","target":"/etc/wmcs-instancename","owner":"root","group":"root"}},{"type":"File","title":"/etc/wmcs-imageversion","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":75,"exported":false,"kind":"compilable_type","parameters":{"ensure":"link","target":"/etc/wmflabs_imageversion","owner":"root","group":"root"}},{"type":"File","title":"/etc/mailname","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":81,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud\n","owner":"root","group":"root","mode":"0444"}},{"type":"Exec","title":"enable_sites_local","tags":["exec","enable_sites_local","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/mkdir -m0755 /etc/apache2/sites-local && \\\n                    /usr/bin/touch /etc/apache2/sites-local/dummy.conf && \\\n                    /bin/echo \"Include sites-local/*\" >> /etc/apache2/apache2.conf","onlyif":"/usr/bin/test -e /etc/apache2/apache2.conf -a ! -d /etc/apache2/sites-local"}},{"type":"Class","title":"Prometheus::Node_ssh_open_sessions","tags":["class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":120,"exported":false,"kind":"class","parameters":{"ensure":"present","outfile":"/var/lib/prometheus/node.d/ssh_open_sessions.prom"}},{"type":"File","title":"/usr/local/bin/prometheus-ssh_open_sessions","tags":["file","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_ssh_open_sessions.pp","line":10,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/prometheus/usr/local/bin/prometheus-ssh_open_sessions"}},{"type":"Systemd::Timer::Job","title":"prometheus_ssh_open_sessions","tags":["systemd::timer::job","systemd","timer","job","prometheus_ssh_open_sessions","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_ssh_open_sessions.pp","line":19,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Regular job to collect active shell session information","user":"root","command":"/usr/local/bin/prometheus-ssh_open_sessions /var/lib/prometheus/node.d/ssh_open_sessions.prom","interval":{"start":"OnCalendar","interval":"*-*-* *:0/5:0"},"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"File","title":"/root/firstboot_done","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":127,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"","owner":"root","group":"root"}},{"type":"Exec","title":"cloud-init refresh /etc/hosts","tags":["exec","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":141,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/cloud-init single -n cc_update_etc_hosts","onlyif":"/usr/bin/test -f /usr/bin/cloud-init","refreshonly":true}},{"type":"File","title":"/etc/cloud","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":147,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/cloud/templates","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":147,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/cloud/templates/hosts.debian.tmpl","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":153,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"## template:jinja\n{#\nThis is an override of the default file included in upstream debian\nimages. It's used by cloud-init to generate /etc/hosts when\nmanage_etc_hosts = True in the cloud config.\n\nWe're overriding the standard template by replacing the first\nline, which looked like this:\n\n127.0.1.1 {{fqdn}} {{hostname}}\n\nThe 127.0.1.1 entry is standard on debian as documented here:\n\nhttps://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution\n\n> The IP address 127.0.1.1 in the second line of this example may not\n> be found on some other Unix-like systems. The Debian Installer creates\n> this entry for a system without a permanent IP address as a workaround\n> for some software (e.g., GNOME) as documented in the bug #719621.\n\nI think we don't care about that use case. Instead we'll use\nthe actual IP.  Hard coding local IP in a cloud-init template\nsort of defeats the purpose of cloud-init but since we're only\ndoing it on an up and running VM it seems harmless, and better\nthan trying to fight cloud-init's constant attempts to update.\n\nMore context at https://phabricator.wikimedia.org/T277866\n\n-#}\n# Your system has configured 'manage_etc_hosts' as True.\n# As a result, if you wish for changes to this file to persist\n# then you will need to either\n# a.) make changes to the master file in /etc/cloud/templates/hosts.debian.tmpl\n# b.) change or remove the value of 'manage_etc_hosts' in\n#     /etc/cloud/cloud.cfg or cloud-config from user-data\n#\n{# The value '{{hostname}}' will be replaced with the local-hostname -#}\n172.16.3.164 {{fqdn}} {{hostname}}\n127.0.0.1 localhost\n\n# The following lines are desirable for IPv6 capable hosts\n::1 ip6-localhost ip6-loopback\nfe00::0 ip6-localnet\nff00::0 ip6-mcastprefix\nff02::1 ip6-allnodes\nff02::2 ip6-allrouters\nff02::3 ip6-allhosts\n","owner":"root","group":"root","require":["File[/etc/cloud]","File[/etc/cloud/templates]"],"notify":"Exec[cloud-init refresh /etc/hosts]","mode":"0644"}},{"type":"File","title":"/etc/sudoers.d/90-cloud-init-users","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":164,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/etc/sudoers.d/debian-cloud-init","tags":["file","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":164,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Package","title":"smartmontools","tags":["package","smartmontools","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":170,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","notify":"Exec[reset-failed for smartmontools]","provider":"apt"}},{"type":"Exec","title":"reset-failed for smartmontools","tags":["exec","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":174,"exported":false,"kind":"compilable_type","parameters":{"command":"systemctl reset-failed smartd.service","path":["/bin","/usr/bin"],"refreshonly":true}},{"type":"Class","title":"Cinderutils","tags":["class","cinderutils","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":180,"exported":false,"kind":"class"},{"type":"File","title":"/usr/local/sbin/wmcs-prepare-cinder-volume","tags":["file","class","cinderutils","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cinderutils/manifests/init.pp","line":3,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/cinderutils/wmcs-prepare-cinder-volume.py","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/usr/local/sbin/prepare_cinder_volume","tags":["file","class","cinderutils","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cinderutils/manifests/init.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"link","target":"/usr/local/sbin/wmcs-prepare-cinder-volume","owner":"root","group":"root"}},{"type":"Firewall::Service","title":"metricsinfra-prometheus-all-tcp","tags":["firewall::service","firewall","service","metricsinfra-prometheus-all-tcp","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":183,"exported":false,"kind":"defined_type","parameters":{"proto":"tcp","port_range":[1,65535],"srange":["metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud","metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud"],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false}},{"type":"Firewall::Service","title":"metricsinfra-prometheus-all-udp","tags":["firewall::service","firewall","service","metricsinfra-prometheus-all-udp","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":188,"exported":false,"kind":"defined_type","parameters":{"proto":"udp","port_range":[1,65535],"srange":["metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud","metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud"],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false}},{"type":"Firewall::Service","title":"dhcp6-response","tags":["firewall::service","firewall","service","dhcp6-response","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/wmcs/instance.pp","line":196,"exported":false,"kind":"defined_type","parameters":{"proto":"udp","port":546,"srange":["fe80::/10"],"drange":["fe80::/10"],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false}},{"type":"Class","title":"Profile::Beta::Motd","tags":["class","profile::beta::motd","profile","beta","motd","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Profile::Locales::Base","tags":["class","profile::locales::base","profile","locales","base","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Profile::Pki::Client","tags":["class","profile::pki::client","profile","pki","client","node","default"],"exported":false,"kind":"unknown","parameters":{"ensure":"present","signer_host":"pki-intermediate.pki.eqiad1.wikimedia.cloud","signer_port":443,"auth_key":"aaaabbbbccccdddd","enable_proxy":false,"listen_addr":"127.0.0.1","listen_port":8888,"bundles_source":"puppet:///modules/profile/pki/wmcs-intermediates","root_ca_cn":"WMF_TEST_CA","root_ca_source":"puppet:///modules/profile/pki/ROOT/WMF_TEST_CA.pem","mutual_tls_client_cert":"/var/lib/puppet/ssl/certs/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem","mutual_tls_client_key":"/var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem","tls_remote_ca":"/etc/ssl/localcerts/pki_api_CA.pem","tls_remote_ca_source":"puppet:///modules/profile/pki/cloud/pki_api_ca.pem","certs":{}},"sensitive_parameters":["auth_key"]},{"type":"Class","title":"Profile::Rsyslog::Kafka_shipper","tags":["class","profile::rsyslog::kafka_shipper","profile","rsyslog","kafka_shipper","node","default"],"exported":false,"kind":"unknown","parameters":{"enable":true,"queue_enabled_sites":[],"kafka_destination_clusters":{"eqiad":"logging-eqiad"}}},{"type":"Class","title":"Role::Cache::Text","tags":["class","role::cache::text","role","cache","text","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Systemd","tags":["class","systemd","systemd::sysuser","sysuser","sysusers-base-config","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"File","title":"/etc/sysusers.d","tags":["file","class","systemd","systemd::sysuser","sysuser","sysusers-base-config","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/init.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","purge":true,"recurse":true,"owner":"root","group":"root"}},{"type":"Exec","title":"Refresh sysusers","tags":["exec","class","systemd","systemd::sysuser","sysuser","sysusers-base-config","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/init.pp","line":21,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemd-sysusers","user":"root","refreshonly":true}},{"type":"Nrpe::Plugin","title":"check_journal_pattern","tags":["nrpe::plugin","nrpe","plugin","check_journal_pattern","class","systemd","systemd::sysuser","sysuser","sysusers-base-config","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/init.pp","line":28,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/systemd/check_journal_pattern","ensure":"present"}},{"type":"File","title":"/usr/local/bin/systemd-timer-mail-wrapper","tags":["file","class","systemd","systemd::sysuser","sysuser","sysusers-base-config","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/init.pp","line":32,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/systemd/systemd-timer-mail-wrapper.py"}},{"type":"File","title":"/etc/sysusers.d/sysusers-base-config.conf","tags":["file","systemd::sysuser","systemd","sysuser","sysusers-base-config","class","adduser","profile::adduser","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/sysuser.pp","line":73,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","content":"r\t-\t100-499\t-\t-\t-\n","owner":"root","group":"root","mode":"0444","require":"File[/etc/sysusers.d]","notify":["Exec[Refresh sysusers]"]}},{"type":"Apt::Repository","title":"component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia","tags":["apt::repository","apt","repository","component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::package_from_component","package_from_component","puppet","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":75,"kind":"defined_type","exported":false,"parameters":{"uri":"http://apt.wikimedia.org/wikimedia","dist":"bullseye-wikimedia","components":"component/puppet7","ensure":"present","bin":true,"source":true,"trust_repo":false,"allow_releaseinfo_change":false}},{"type":"Exec","title":"apt_package_from_component_puppet","tags":["exec","apt_package_from_component_puppet","apt::package_from_component","apt","package_from_component","puppet","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":98,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update","refreshonly":true,"before":["Package[puppet]"],"subscribe":"Apt::Repository[component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"}},{"type":"Apt::Pin","title":"apt_pin_puppet","tags":["apt::pin","apt","pin","apt_pin_puppet","apt::package_from_component","package_from_component","puppet","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":107,"exported":false,"kind":"defined_type","parameters":{"pin":"release c=component/puppet7","priority":1002,"package":"puppet","notify":"Exec[apt_package_from_component_puppet]","before":["Package[puppet]"],"ensure":"present"}},{"type":"Exec","title":"apt_package_from_component_ruby-sys-filesystem","tags":["exec","apt_package_from_component_ruby-sys-filesystem","apt::package_from_component","apt","package_from_component","ruby-sys-filesystem","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":98,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update","refreshonly":true,"before":["Package[ruby-sys-filesystem]"],"subscribe":"Apt::Repository[component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"}},{"type":"Package","title":"ruby-sys-filesystem","tags":["package","ruby-sys-filesystem","apt::package_from_component","apt","package_from_component","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":126,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Concat_file","title":"/etc/puppet/puppet.conf","tags":["_etc_puppet_puppet.conf","concat_file","concat","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/init.pp","line":122,"exported":false,"kind":"compilable_type","parameters":{"tag":"_etc_puppet_puppet.conf","owner":"root","group":"root","mode":"0444","replace":true,"backup":"puppet","show_diff":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat_fragment","title":"main","tags":["_etc_puppet_puppet.conf","concat_fragment","main","concat::fragment","concat","fragment","class","puppet::agent","puppet","agent","profile::puppet::agent","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/puppet/puppet.conf","tag":"_etc_puppet_puppet.conf","order":"10","content":"#####################################################################\n##### THIS FILE IS MANAGED BY PUPPET\n#####  as template('base/puppet.conf.d/10-main.conf.erb')\n######################################################################\n\n[main]\nlogdir = /var/log/puppet\nvardir = /var/lib/puppet\nssldir = /var/lib/puppet/ssl\nrundir = /var/run/puppet\nfactpath = $vardir/lib/facter\ncertificate_revocation = leaf\n\n[agent]\nserver = deployment-puppetserver-1.deployment-prep.eqiad1.wikimedia.cloud\nca_server = deployment-puppetserver-1.deployment-prep.eqiad1.wikimedia.cloud\ndaemonize = false\nhttp_connect_timeout = 60\nhttp_read_timeout = 960\nusecacheonfailure = false\nsplay = true\npluginsync = true\nreport = true\nstringify_facts = false\npreferred_serialization_format = json\nenvironment = production\nnumber_of_facts_soft_limit = 2048\n"}},{"type":"Systemd::Unit","title":"prometheus_puppet_agent_stats.service","tags":["systemd::unit","systemd","unit","prometheus_puppet_agent_stats.service","systemd::timer::job","timer","job","prometheus_puppet_agent_stats","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Regular job to collect puppet agent stats\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\nAfter=puppet-agent-timer.service\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-puppet-agent-stats --outfile /var/lib/prometheus/node.d/puppet_agent.prom\n","unit":"prometheus_puppet_agent_stats.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"prometheus_puppet_agent_stats","tags":["systemd::timer","systemd","timer","prometheus_puppet_agent_stats","systemd::timer::job","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnCalendar","interval":"minutely"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"prometheus_puppet_agent_stats.service"}},{"type":"Systemd::Syslog","title":"prometheus_puppet_agent_stats","tags":["systemd::syslog","systemd","syslog","prometheus_puppet_agent_stats","systemd::timer::job","timer","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/lib/systemd/system/prometheus-puppet-agent-stats.service","tags":["file","systemd::unit","systemd","unit","prometheus-puppet-agent-stats","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Service to collect puppet agent stats\nAfter=puppet-agent-timer.service\n\n[Service]\nUser=root\nType=oneshot\nExecStart=/usr/local/bin/prometheus-puppet-agent-stats --outfile /var/lib/prometheus/node.d/puppet_agent.prom\n\n[Install]\nWantedBy=puppet-agent-timer.service\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus-puppet-agent-stats.service (prometheus-puppet-agent-stats)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus-puppet-agent-stats.service (prometheus-puppet-agent-stats)","tags":["exec","systemd::unit","systemd","unit","prometheus-puppet-agent-stats","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Unit","title":"clean_puppet_client_bucket.service","tags":["systemd::unit","systemd","unit","clean_puppet_client_bucket.service","systemd::timer::job","timer","job","clean_puppet_client_bucket","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Delete old files from the puppet client bucket\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -atime +14 -delete\n","unit":"clean_puppet_client_bucket.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"clean_puppet_client_bucket","tags":["systemd::timer","systemd","timer","clean_puppet_client_bucket","systemd::timer::job","job","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnUnitInactiveSec","interval":"24h"},{"interval":"1s","start":"OnActiveSec"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"clean_puppet_client_bucket.service"}},{"type":"Systemd::Unit","title":"puppet-agent-timer.service","tags":["systemd::unit","systemd","unit","puppet-agent-timer.service","systemd::timer::job","timer","job","puppet-agent-timer","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Run Puppet agent every 30 minutes\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=-/usr/local/sbin/puppet-run\n","unit":"puppet-agent-timer.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"puppet-agent-timer","tags":["systemd::timer","systemd","timer","puppet-agent-timer","systemd::timer::job","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"*:21/30:00"},{"start":"OnStartupSec","interval":"1min"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"puppet-agent-timer.service"}},{"type":"Systemd::Syslog","title":"puppet-agent-timer","tags":["systemd::syslog","systemd","syslog","puppet-agent-timer","systemd::timer::job","timer","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Logrotate::Conf","title":"puppet","tags":["logrotate::conf","logrotate","conf","puppet","logrotate::rule","rule","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/rule.pp","line":55,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# This file is managed by Puppet.\n# puppet:///logrotate/logrotate.erb\n\n/var/log/puppet /var/log/puppet.log {\n    notifempty\n    daily\n    rotate 7\n    compress\n    delaycompress\n    missingok\n    sharedscripts\n    postrotate\n        /usr/lib/rsyslog/rsyslog-rotate\n    endscript\n}\n"}},{"type":"File","title":"/etc/rsyslog.d/10-puppet-agent.conf","tags":["file","rsyslog::conf","rsyslog","conf","puppet-agent","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/profile/puppet/rsyslog.conf","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/update-motd.d/97-last-puppet-run","tags":["file","motd::script","motd","script","last-puppet-run","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/motd/manifests/script.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/profile/puppet/97-last-puppet-run","mode":"0555","owner":"root","group":"root"}},{"type":"File","title":"/usr/local/share/ca-certificates/wmf_ca_2017_2020.crt","tags":["file","sslcert::ca","sslcert","ca","wmf_ca_2017_2020","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/wmf_ca_2017_2020.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/RapidSSL_SHA256_CA_-_G3.crt","tags":["file","sslcert::ca","sslcert","ca","rapidssl_sha256_ca_-_g3","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/RapidSSL_SHA256_CA_-_G3.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/DigiCert_High_Assurance_CA-3.crt","tags":["file","sslcert::ca","sslcert","ca","digicert_high_assurance_ca-3","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/DigiCert_High_Assurance_CA-3.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/DigiCert_SHA2_High_Assurance_Server_CA.crt","tags":["file","sslcert::ca","sslcert","ca","digicert_sha2_high_assurance_server_ca","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/DigiCert_SHA2_High_Assurance_Server_CA.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/DigiCert_TLS_RSA_SHA256_2020_CA1.crt","tags":["file","sslcert::ca","sslcert","ca","digicert_tls_rsa_sha256_2020_ca1","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/DigiCert_TLS_RSA_SHA256_2020_CA1.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/DigiCert_TLS_Hybrid_ECC_SHA384_2020_CA1.crt","tags":["file","sslcert::ca","sslcert","ca","digicert_tls_hybrid_ecc_sha384_2020_ca1","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/DigiCert_TLS_Hybrid_ECC_SHA384_2020_CA1.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/DigiCert_Global_G2_TLS_RSA_SHA256_2020_CA1.crt.crt","tags":["file","sslcert::ca","sslcert","ca","digicert_global_g2_tls_rsa_sha256_2020_ca1.crt","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/DigiCert_Global_G2_TLS_RSA_SHA256_2020_CA1.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/GlobalSign_Organization_Validation_CA_-_SHA256_-_G2.crt","tags":["file","sslcert::ca","sslcert","ca","globalsign_organization_validation_ca_-_sha256_-_g2","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/GlobalSign_Organization_Validation_CA_-_SHA256_-_G2.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/GlobalSign_RSA_OV_SSL_CA_2018.crt.crt","tags":["file","sslcert::ca","sslcert","ca","globalsign_rsa_ov_ssl_ca_2018.crt","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/GlobalSign_RSA_OV_SSL_CA_2018.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/GlobalSign_ECC_OV_SSL_CA_2018.crt.crt","tags":["file","sslcert::ca","sslcert","ca","globalsign_ecc_ov_ssl_ca_2018.crt","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/GlobalSign_ECC_OV_SSL_CA_2018.crt"}},{"type":"File","title":"/usr/local/share/ca-certificates/GlobalSign_ECC_Root_CA_R5_R3_Cross.crt.crt","tags":["file","sslcert::ca","sslcert","ca","globalsign_ecc_root_ca_r5_r3_cross.crt","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/base/ca/GlobalSign_ECC_Root_CA_R5_R3_Cross.crt"}},{"type":"Concat_file","title":"/etc/ssl/certs/wmf-ca-certificates.crt","tags":["_etc_ssl_certs_wmf-ca-certificates.crt","concat_file","concat","class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/init.pp","line":122,"exported":false,"kind":"compilable_type","parameters":{"tag":"_etc_ssl_certs_wmf-ca-certificates.crt","owner":"root","group":"root","mode":"0644","replace":true,"backup":"puppet","show_diff":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat_fragment","title":"ssl-ca-/var/lib/puppet/ssl/certs/ca.pem","tags":["_etc_ssl_certs_wmf-ca-certificates.crt","concat_fragment","concat::fragment","concat","fragment","class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/ssl/certs/wmf-ca-certificates.crt","tag":"_etc_ssl_certs_wmf-ca-certificates.crt","order":0,"source":"/var/lib/puppet/ssl/certs/ca.pem"}},{"type":"Concat_fragment","title":"ssl-ca-/etc/ssl/certs/WMF_TEST_CA.pem","tags":["_etc_ssl_certs_wmf-ca-certificates.crt","concat_fragment","concat::fragment","concat","fragment","class","sslcert::trusted_ca","sslcert","trusted_ca","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/ssl/certs/wmf-ca-certificates.crt","tag":"_etc_ssl_certs_wmf-ca-certificates.crt","order":1,"source":"/etc/ssl/certs/WMF_TEST_CA.pem"}},{"type":"File","title":"/usr/local/share/ca-certificates/Puppet_Internal_CA.crt","tags":["file","sslcert::ca","sslcert","ca","puppet_internal_ca","class","profile::base::certificates","profile","base","certificates","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"/var/lib/puppet/ssl/certs/ca.pem"}},{"type":"Exec","title":"apt_pin_wikimedia","tags":["exec","apt_pin_wikimedia","apt::pin","apt","pin","wikimedia","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/pin.pp","line":19,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update","refreshonly":true}},{"type":"File","title":"/etc/apt/preferences.d/wikimedia.pref","tags":["file","apt::pin","apt","pin","wikimedia","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/pin.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"Package: *\nPin: release o=Wikimedia\nPin-Priority: 1001\n","notify":"Exec[apt_pin_wikimedia]"}},{"type":"Exec","title":"apt_repository_wikimedia","tags":["exec","apt_repository_wikimedia","apt::repository","apt","repository","wikimedia","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":36,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update ","refreshonly":true}},{"type":"File","title":"/etc/apt/sources.list.d/wikimedia.list","tags":["file","apt::repository","apt","repository","wikimedia","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":130,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","content":"deb http://apt.wikimedia.org/wikimedia bullseye-wikimedia main\ndeb-src http://apt.wikimedia.org/wikimedia bullseye-wikimedia main\n","notify":"Exec[apt_repository_wikimedia]"}},{"type":"Exec","title":"apt_repository_wikimedia-private","tags":["exec","apt_repository_wikimedia-private","apt::repository","apt","repository","wikimedia-private","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":36,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update ","refreshonly":true}},{"type":"File","title":"/etc/apt/sources.list.d/wikimedia-private.list","tags":["file","apt::repository","apt","repository","wikimedia-private","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":130,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0444","content":"deb http://apt.wikimedia.org:8080 bullseye-wikimedia-private thirdparty/hwraid\ndeb-src http://apt.wikimedia.org:8080 bullseye-wikimedia-private thirdparty/hwraid\n","notify":"Exec[apt_repository_wikimedia-private]"}},{"type":"Exec","title":"apt_repository_debian-debug","tags":["exec","apt_repository_debian-debug","apt::repository","apt","repository","debian-debug","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":36,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update ","refreshonly":true}},{"type":"File","title":"/etc/apt/sources.list.d/debian-debug.list","tags":["file","apt::repository","apt","repository","debian-debug","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":130,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","content":"deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian-debug bullseye-debug main contrib non-free\n","notify":"Exec[apt_repository_debian-debug]"}},{"type":"File","title":"/etc/apt/apt.conf.d/00InstallRecommends","tags":["file","apt::conf","apt","conf","installrecommends","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/conf.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"APT::Install-Recommends \"false\";\n","notify":"Exec[apt-get update]"}},{"type":"File","title":"/etc/apt/apt.conf.d/30apt-harden","tags":["file","apt::conf","apt","conf","apt-harden","class","profile::apt","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/conf.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"APT::Sandbox::Seccomp \"true\";\n","notify":"Exec[apt-get update]"}},{"type":"File","title":"/etc/systemd/system/systemd-timesyncd.service.d","tags":["file","systemd::unit","systemd","unit","systemd-timesyncd.service","class","profile::systemd::timesyncd","profile","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":61,"kind":"compilable_type","exported":false,"parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/etc/systemd/system/systemd-timesyncd.service.d/puppet-override.conf","tags":["file","systemd::unit","systemd","unit","systemd-timesyncd.service","class","profile::systemd::timesyncd","profile","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Service]\nInaccessiblePaths=-/mnt\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for systemd-timesyncd.service (systemd-timesyncd.service)]"}},{"type":"Exec","title":"systemd daemon-reload for systemd-timesyncd.service (systemd-timesyncd.service)","tags":["exec","systemd::unit","systemd","unit","systemd-timesyncd.service","class","profile::systemd::timesyncd","profile","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/etc/systemd/system/systemd-timedated.service.d","tags":["file","systemd::unit","systemd","unit","systemd-timedated.service","class","profile::systemd::timesyncd","profile","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":61,"kind":"compilable_type","exported":false,"parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/etc/systemd/system/systemd-timedated.service.d/puppet-override.conf","tags":["file","systemd::unit","systemd","unit","systemd-timedated.service","class","profile::systemd::timesyncd","profile","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Service]\nInaccessiblePaths=-/mnt\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for systemd-timedated.service (systemd-timedated.service)]"}},{"type":"Exec","title":"systemd daemon-reload for systemd-timedated.service (systemd-timedated.service)","tags":["exec","systemd::unit","systemd","unit","systemd-timedated.service","class","profile::systemd::timesyncd","profile","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_systemd-timesyncd","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_systemd-timesyncd","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: systemd-timesyncd","command":"/usr/local/sbin/wmf-auto-restart -s systemd-timesyncd","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 3:54:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"File","title":"/etc/logrotate.d/exim4-paniclog","tags":["file","logrotate::conf","logrotate","conf","exim4-paniclog","class","exim4","profile::mail::default_mail_relay","profile","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","source":"puppet:///modules/exim4/logrotate/exim4-paniclog"}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_exim4","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_exim4","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: exim4","command":"/usr/local/sbin/wmf-auto-restart -s exim4","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 17:52:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"File","title":"/etc/systemd/system/logrotate.timer.d/puppet-override.conf","tags":["file","systemd::unit","systemd","unit","logrotate.timer:hourly-override","class","logrotate","profile::logrotate","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Rotation of log files\n[Timer]\nOnCalendar=\nOnCalendar=hourly\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for logrotate.timer (logrotate.timer:hourly-override)]"}},{"type":"Exec","title":"systemd daemon-reload for logrotate.timer (logrotate.timer:hourly-override)","tags":["exec","systemd::unit","systemd","unit","logrotate.timer:hourly-override","class","logrotate","profile::logrotate","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/etc/systemd/system/prometheus-node-exporter.service.d","tags":["file","base::service_unit","base","service_unit","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":80,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0555","before":"File[/etc/systemd/system/prometheus-node-exporter.service.d/puppet-override.conf]"}},{"type":"File","title":"/etc/systemd/system/prometheus-node-exporter.service.d/puppet-override.conf","tags":["file","base::service_unit","base","service_unit","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":89,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Service]\nGroup=prometheus-node-exporter\n","mode":"0444","owner":"root","group":"root","notify":["Service[prometheus-node-exporter]"]}},{"type":"Exec","title":"systemd reload for prometheus-node-exporter","tags":["exec","base::service_unit","base","service_unit","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":114,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"subscribe":"File[/etc/systemd/system/prometheus-node-exporter.service.d/puppet-override.conf]","before":["Service[prometheus-node-exporter]"]}},{"type":"Service","title":"prometheus-node-exporter","tags":["service","prometheus-node-exporter","base::service_unit","base","service_unit","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":134,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_prometheus-node-exporter","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_prometheus-node-exporter","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: prometheus-node-exporter","command":"/usr/local/sbin/wmf-auto-restart -s prometheus-node-exporter","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 0:16:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_rsyslog","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_rsyslog","profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: rsyslog","command":"/usr/local/sbin/wmf-auto-restart -s rsyslog","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 8:17:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Concat_file","title":"/etc/rsyslog.d/00-global.conf","tags":["_etc_rsyslog.d_00-global.conf","concat_file","concat","class","rsyslog","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/init.pp","line":122,"exported":false,"kind":"compilable_type","parameters":{"tag":"_etc_rsyslog.d_00-global.conf","owner":"root","group":"root","mode":"0444","replace":true,"backup":"puppet","show_diff":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat_fragment","title":"/etc/rsyslog.d/00-global.conf-header","tags":["_etc_rsyslog.d_00-global.conf","concat_fragment","concat::fragment","concat","fragment","class","rsyslog","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/rsyslog.d/00-global.conf","tag":"_etc_rsyslog.d_00-global.conf","order":"000","content":"global(\n"}},{"type":"Concat_fragment","title":"/etc/rsyslog.d/00-global.conf-trailer","tags":["_etc_rsyslog.d_00-global.conf","concat_fragment","concat::fragment","concat","fragment","class","rsyslog","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/rsyslog.d/00-global.conf","tag":"_etc_rsyslog.d_00-global.conf","order":"zzz","content":")\n"}},{"type":"Concat_fragment","title":"/etc/rsyslog.d/00-global.conf-parser.permitSlashInProgramName","tags":["_etc_rsyslog.d_00-global.conf","concat_fragment","concat::fragment","concat","fragment","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/rsyslog.d/00-global.conf","tag":"_etc_rsyslog.d_00-global.conf","order":"parser.permitSlashInProgramName","content":"  parser.permitSlashInProgramName=\"on\"\n"}},{"type":"File","title":"/etc/logrotate.d/rsyslog","tags":["file","logrotate::conf","logrotate","conf","rsyslog","class","profile::rsyslog","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","source":"puppet:///modules/profile/rsyslog/logrotate.conf"}},{"type":"Package","title":"prometheus-rsyslog-exporter","tags":["package","prometheus-rsyslog-exporter","prometheus::rsyslog_exporter","prometheus","rsyslog_exporter","base","class","profile::prometheus::rsyslog_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/rsyslog_exporter.pp","line":10,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Rsyslog::Conf","title":"exporter-base","tags":["rsyslog::conf","rsyslog","conf","exporter-base","prometheus::rsyslog_exporter","prometheus","rsyslog_exporter","base","class","profile::prometheus::rsyslog_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/rsyslog_exporter.pp","line":14,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"module(\n  load=\"impstats\"\n  interval=\"10\"\n  format=\"json\"\n  resetCounters=\"off\"\n  ruleset=\"process_stats\"\n)\n\nmodule(\n  load=\"omprog\"\n)\n\nruleset(name=\"process_stats\") {\n  action(\n    type=\"omprog\"\n    name=\"to_exporter\"\n    # forceSingleInstance has been fixed in rsyslog 8.38\n    # https://github.com/rsyslog/rsyslog/commit/a978072b864324a3a6678660983779b3d2410a1b\n    forceSingleInstance=\"on\"\n    binary=\"/usr/bin/prometheus-rsyslog-exporter -silent -web.listen-address 172.16.3.164:9105\"\n  )\n}\n","priority":10,"mode":"0444"}},{"type":"Rsyslog::Conf","title":"exporter","tags":["rsyslog::conf","rsyslog","conf","exporter","prometheus::rsyslog_exporter","prometheus","rsyslog_exporter","base","class","profile::prometheus::rsyslog_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/rsyslog_exporter.pp","line":23,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","priority":10,"mode":"0444"}},{"type":"Service","title":"cadvisor","tags":["service","cadvisor","systemd::service","systemd","class","prometheus::cadvisor","prometheus","profile::prometheus::cadvisor","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"before":["Exec[systemd daemon-reload for cadvisor.service (cadvisor)]"]}},{"type":"Systemd::Unit","title":"cadvisor","tags":["systemd::unit","systemd","unit","cadvisor","systemd::service","service","class","prometheus::cadvisor","prometheus","profile::prometheus::cadvisor","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# Disable Docker to stop collecting extra labels/info T337856\n[Service]\nExecStart=\nExecStart=/usr/bin/cadvisor --listen_ip=172.16.3.164 --port=4194 --enable_metrics=app,cpu,disk,diskIO,memory,network,oom_event,perf_event --docker=/dev/null\n","override":true,"override_filename":"puppet-override.conf","restart":true,"unit":"cadvisor","require":["Class[Systemd]"]}},{"type":"Sysctl::Conffile","title":"ubuntu defaults","tags":["sysctl::conffile","sysctl","conffile","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/parameters.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nfs.protected_hardlinks = 1\nfs.protected_symlinks = 1\nkernel.kptr_restrict = 1\nkernel.printk = 4 4 1 7\nkernel.yama.ptrace_scope = 1\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\nnet.ipv4.tcp_syncookies = 1\nvm.mmap_min_addr = 65536\n","priority":51,"no_priority_prefix":false}},{"type":"Sysctl::Conffile","title":"wikimedia base","tags":["sysctl::conffile","sysctl","conffile","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/parameters.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nnet.core.netdev_max_backlog = 2500\nnet.core.rmem_max = 16777216\nnet.core.somaxconn = 1024\nnet.core.wmem_max = 16777216\nnet.ipv4.tcp_challenge_ack_limit = 987654321\nnet.ipv4.tcp_keepalive_intvl = 1\nnet.ipv4.tcp_keepalive_probes = 2\nnet.ipv4.tcp_keepalive_time = 300\nnet.ipv4.tcp_max_syn_backlog = 4096\nnet.ipv4.tcp_no_metrics_save = 1\nnet.ipv4.tcp_rmem = 4096 87380 16777216\nnet.ipv4.tcp_wmem = 4096 65536 16777216\nnet.ipv6.route.max_size = 131072\nvm.swappiness = 0\n","priority":60,"no_priority_prefix":false}},{"type":"Sysctl::Conffile","title":"disable_unprivileged_bpf","tags":["sysctl::conffile","sysctl","conffile","disable_unprivileged_bpf","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/parameters.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nkernel.unprivileged_bpf_disabled = 1\n","priority":70,"no_priority_prefix":false}},{"type":"Sysctl::Conffile","title":"unprivileged_userns_clone","tags":["sysctl::conffile","sysctl","conffile","unprivileged_userns_clone","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/parameters.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nkernel.unprivileged_userns_clone = 0\n","priority":70,"no_priority_prefix":false}},{"type":"Sysctl::Conffile","title":"fastopen","tags":["sysctl::conffile","sysctl","conffile","fastopen","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/parameters.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nnet.ipv4.tcp_fastopen_blackhole_timeout_sec = 3600\n","priority":70,"no_priority_prefix":false}},{"type":"Sysctl::Conffile","title":"tcp_min_snd_mss","tags":["sysctl::conffile","sysctl","conffile","tcp_min_snd_mss","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/parameters.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nnet.ipv4.route.min_pmtu = 576\nnet.ipv4.tcp_min_snd_mss = 536\nnet.ipv4.tcp_sack = 1\n","priority":70,"no_priority_prefix":false}},{"type":"File","title":"/etc/update-motd.d/00-header","tags":["file","motd::script","motd","script","header","class","motd::defaults","defaults","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/motd/manifests/script.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"#!/bin/sh\nuname -snrvm\nlsb_release -s -d\n\n","mode":"0555","owner":"root","group":"root"}},{"type":"File","title":"/etc/update-motd.d/99-footer","tags":["file","motd::script","motd","script","footer","class","motd::defaults","defaults","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/motd/manifests/script.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"#!/bin/sh\n[ -f /etc/motd.tail ] && cat /etc/motd.tail || true\n","mode":"0555","owner":"root","group":"root"}},{"type":"File","title":"/etc/update-motd.d/99-check-for-restarts","tags":["file","motd::script","motd","script","class","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/motd/manifests/script.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/profile/motd/check_restarts.sh","mode":"0555","owner":"root","group":"root"}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_lldpd","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_lldpd","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: lldpd","command":"/usr/local/sbin/wmf-auto-restart -s lldpd","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 11:36:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_systemd-journald","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_systemd-journald","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: systemd-journald","command":"/usr/local/sbin/wmf-auto-restart -s systemd-journald","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 5:4:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Sysctl::Conffile","title":"core_dumps","tags":["sysctl::conffile","sysctl","conffile","core_dumps","sysctl::parameters","parameters","class","base::sysctl::core_dumps","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/parameters.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nkernel.core_pattern = /data/project/cores/deployment-cache-text08-core.%h.%e.%p.%t\n","priority":70,"no_priority_prefix":false}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_ssh","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_ssh","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: ssh","command":"/usr/local/sbin/wmf-auto-restart -s ssh","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 20:19:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"File","title":"/etc/modprobe.d/blacklist-wmf_overlay.conf","tags":["file","kmod::blacklist","kmod","blacklist","wmf_overlay","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/kmod/manifests/blacklist.pp","line":42,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0444","content":"# wmf_overlay - blacklisted kernel modules\n# This file is managed by Puppet\n#\n","notify":["Exec[update-initramfs]"]}},{"type":"File","title":"/etc/modules-load.d/overlay.conf","tags":["file","kmod::module","kmod","module","overlay","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/kmod/manifests/module.pp","line":20,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"overlay\n","notify":"Exec[/sbin/modprobe overlay]"}},{"type":"Exec","title":"/sbin/modprobe overlay","tags":["exec","kmod::module","kmod","module","overlay","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/kmod/manifests/module.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"unless":"/bin/lsmod | /bin/grep -q '^overlay '","refreshonly":true}},{"type":"File","title":"/etc/modprobe.d/blacklist-wmf.conf","tags":["file","kmod::blacklist","kmod","blacklist","wmf","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/kmod/manifests/blacklist.pp","line":42,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# wmf - blacklisted kernel modules\n# This file is managed by Puppet\n#\nblacklist acpi_power_meter\ninstall acpi_power_meter /bin/true\nblacklist algif_aead\ninstall algif_aead /bin/true\nblacklist appletalk\ninstall appletalk /bin/true\nblacklist asn1_decoder\ninstall asn1_decoder /bin/true\nblacklist atm\ninstall atm /bin/true\nblacklist aufs\ninstall aufs /bin/true\nblacklist binder_linux\ninstall binder_linux /bin/true\nblacklist bluetooth\ninstall bluetooth /bin/true\nblacklist cdrom\ninstall cdrom /bin/true\nblacklist dccp\ninstall dccp /bin/true\nblacklist dccp_diag\ninstall dccp_diag /bin/true\nblacklist dccp_ipv4\ninstall dccp_ipv4 /bin/true\nblacklist dccp_ipv6\ninstall dccp_ipv6 /bin/true\nblacklist dccp_probe\ninstall dccp_probe /bin/true\nblacklist esp4\ninstall esp4 /bin/true\nblacklist esp6\ninstall esp6 /bin/true\nblacklist floppy\ninstall floppy /bin/true\nblacklist intel_cstate\ninstall intel_cstate /bin/true\nblacklist intel_rapl_perf\ninstall intel_rapl_perf /bin/true\nblacklist intel_uncore\ninstall intel_uncore /bin/true\nblacklist macsec\ninstall macsec /bin/true\nblacklist n_gsm\ninstall n_gsm /bin/true\nblacklist n_hdlc\ninstall n_hdlc /bin/true\nblacklist nfc\ninstall nfc /bin/true\nblacklist parport\ninstall parport /bin/true\nblacklist parport_pc\ninstall parport_pc /bin/true\nblacklist ppdev\ninstall ppdev /bin/true\nblacklist rxrpc\ninstall rxrpc /bin/true\nblacklist slhc\ninstall slhc /bin/true\nblacklist slip\ninstall slip /bin/true\nblacklist tipc\ninstall tipc /bin/true\nblacklist usbip-core\ninstall usbip-core /bin/true\nblacklist usbip-host\ninstall usbip-host /bin/true\nblacklist v4l2-common\ninstall v4l2-common /bin/true\nblacklist vhci-hcd\ninstall vhci-hcd /bin/true\n","notify":["Exec[update-initramfs]"]}},{"type":"File","title":"/etc/modprobe.d/blacklist-wmf-filesystems.conf","tags":["file","kmod::blacklist","kmod","blacklist","wmf-filesystems","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/kmod/manifests/blacklist.pp","line":42,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# wmf-filesystems - blacklisted kernel modules\n# This file is managed by Puppet\n#\nblacklist btrfs\ninstall btrfs /bin/true\nblacklist erofs\ninstall erofs /bin/true\nblacklist exfat\ninstall exfat /bin/true\nblacklist f2fs\ninstall f2fs /bin/true\nblacklist hfs\ninstall hfs /bin/true\nblacklist hfsplus\ninstall hfsplus /bin/true\nblacklist jffs2\ninstall jffs2 /bin/true\nblacklist jfs\ninstall jfs /bin/true\nblacklist nilfs2\ninstall nilfs2 /bin/true\nblacklist orangefs\ninstall orangefs /bin/true\nblacklist squashfs\ninstall squashfs /bin/true\n","notify":["Exec[update-initramfs]"]}},{"type":"File","title":"/etc/modprobe.d/blacklist-wmf-network-schedulers.conf","tags":["file","kmod::blacklist","kmod","blacklist","wmf-network-schedulers","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/kmod/manifests/blacklist.pp","line":42,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# wmf-network-schedulers - blacklisted kernel modules\n# This file is managed by Puppet\n#\nblacklist act_connmark\ninstall act_connmark /bin/true\nblacklist act_pedit\ninstall act_pedit /bin/true\nblacklist sch_red\ninstall sch_red /bin/true\nblacklist sch_taprio\ninstall sch_taprio /bin/true\n","notify":["Exec[update-initramfs]"]}},{"type":"Systemd::Unit","title":"kernel-purge.service","tags":["systemd::unit","systemd","unit","kernel-purge.service","systemd::timer::job","timer","job","kernel-purge","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Purge unused kernels\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/kernel-purge -p\n","unit":"kernel-purge.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"kernel-purge","tags":["systemd::timer","systemd","timer","kernel-purge","systemd::timer::job","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"monthly"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"kernel-purge.service"}},{"type":"Systemd::Syslog","title":"kernel-purge","tags":["systemd::syslog","systemd","syslog","kernel-purge","systemd::timer::job","timer","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Class","title":"Initramfs","tags":["class","initramfs","initramfs::script","script","mdadm-sleep","base::initramfs","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"Package","title":"initramfs-tools","tags":["package","initramfs-tools","class","initramfs","initramfs::script","script","mdadm-sleep","base::initramfs","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/initramfs/manifests/init.pp","line":3,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","provider":"apt"}},{"type":"Exec","title":"update-initramfs","tags":["exec","update-initramfs","class","initramfs","initramfs::script","script","mdadm-sleep","base::initramfs","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/initramfs/manifests/init.pp","line":7,"exported":false,"kind":"compilable_type","parameters":{"command":"update-initramfs -u -k all","refreshonly":true,"path":"/bin:/usr/bin:/sbin:/usr/sbin","require":"Package[initramfs-tools]"}},{"type":"File","title":"/etc/initramfs-tools/scripts/init-premount/mdadm-sleep","tags":["file","initramfs::script","initramfs","script","mdadm-sleep","class","base::initramfs","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/initramfs/manifests/script.pp","line":10,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0544","content":"#!/bin/sh\n#\n# Workaround for boot-time race condition assembling raid arrays:\n# https://phabricator.wikimedia.org/T131961\n#\n# This file is managed by Puppet.\n\necho \"Waiting 5s for disks to show up (T131961)\"\nsleep 5s\nexit 0\n","require":"Package[initramfs-tools]","notify":"Exec[update-initramfs]"}},{"type":"Systemd::Unit","title":"prometheus-debian-version-textfile.service","tags":["systemd::unit","systemd","unit","prometheus-debian-version-textfile.service","systemd::timer::job","timer","job","prometheus-debian-version-textfile","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Update Debian version stat exported by node_exporter\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-debian-version /var/lib/prometheus/node.d/debian_version.prom\n","unit":"prometheus-debian-version-textfile.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"prometheus-debian-version-textfile","tags":["systemd::timer","systemd","timer","prometheus-debian-version-textfile","systemd::timer::job","job","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnUnitInactiveSec","interval":"300s"},{"interval":"1s","start":"OnActiveSec"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"prometheus-debian-version-textfile.service"}},{"type":"Systemd::Unit","title":"prometheus-dpkg-success-textfile.service","tags":["systemd::unit","systemd","unit","prometheus-dpkg-success-textfile.service","systemd::timer::job","timer","job","prometheus-dpkg-success-textfile","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Update dpkg status exported by node_exporter\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=prometheus\nExecStart=/usr/local/bin/prometheus-dpkg-success /var/lib/prometheus/node.d/dpkg.prom\n","unit":"prometheus-dpkg-success-textfile.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"prometheus-dpkg-success-textfile","tags":["systemd::timer","systemd","timer","prometheus-dpkg-success-textfile","systemd::timer::job","job","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"*:00/30:00"}],"splay":1800,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"prometheus-dpkg-success-textfile.service"}},{"type":"File","title":"/etc/apt/apt.conf.d/00dpkg-force-confdef","tags":["file","apt::conf","apt","conf","dpkg-force-confdef","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/conf.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"Dpkg::Options:: \"--force-confdef\";\n","notify":"Exec[apt-get update]"}},{"type":"File","title":"/etc/apt/apt.conf.d/00dpkg-force-confold","tags":["file","apt::conf","apt","conf","dpkg-force-confold","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/conf.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"Dpkg::Options:: \"--force-confold\";\n","notify":"Exec[apt-get update]"}},{"type":"File","title":"/etc/apt/apt.conf.d/20auto-upgrades","tags":["file","apt::conf","apt","conf","auto-upgrades","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/conf.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"APT::Periodic::Unattended-Upgrade \"1\";\n","notify":"Exec[apt-get update]"}},{"type":"File","title":"/etc/apt/apt.conf.d/52unattended-upgrades-updates","tags":["file","apt::conf","apt","conf","unattended-upgrades-updates","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/conf.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"Unattended-Upgrade::Origins-Pattern:: \"origin=${distro_id},codename=${distro_codename}-updates\";\n","notify":"Exec[apt-get update]"}},{"type":"File","title":"/etc/apt/apt.conf.d/51unattended-upgrades-wikimedia","tags":["file","apt::conf","apt","conf","unattended-upgrades-wikimedia","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/conf.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"Unattended-Upgrade::Origins-Pattern:: \"origin=Wikimedia,codename=${distro_codename}-wikimedia\";\n","notify":"Exec[apt-get update]"}},{"type":"File","title":"/etc/apt/apt.conf.d/52unattended-upgrades-osbpo","tags":["file","apt::conf","apt","conf","unattended-upgrades-osbpo","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/conf.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"Unattended-Upgrade::Origins-Pattern:: \"origin=osbpo\";\n","notify":"Exec[apt-get update]"}},{"type":"File","title":"/etc/apt/apt.conf.d/52apt-autoclean","tags":["file","apt::conf","apt","conf","apt-autoclean","class","apt::unattendedupgrades","unattendedupgrades","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/conf.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"APT::Periodic::AutocleanInterval: 7;\n","notify":"Exec[apt-get update]"}},{"type":"Systemd::Unit","title":"send_puppet_failure_emails.service","tags":["systemd::unit","systemd","unit","send_puppet_failure_emails.service","systemd::timer::job","timer","job","send_puppet_failure_emails","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Send emails about Puppet failures\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/puppet_alert.py\n","unit":"send_puppet_failure_emails.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"send_puppet_failure_emails","tags":["systemd::timer","systemd","timer","send_puppet_failure_emails","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnCalendar","interval":"*-*-* 08:15:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"send_puppet_failure_emails.service"}},{"type":"Systemd::Unit","title":"cleanup_puppet_client_bucket.service","tags":["systemd::unit","systemd","unit","cleanup_puppet_client_bucket.service","systemd::timer::job","timer","job","cleanup_puppet_client_bucket","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Delete old files from the puppet client bucket\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -atime +14 -delete\n","unit":"cleanup_puppet_client_bucket.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"cleanup_puppet_client_bucket","tags":["systemd::timer","systemd","timer","cleanup_puppet_client_bucket","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnUnitInactiveSec","interval":"24h"},{"interval":"1s","start":"OnActiveSec"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"cleanup_puppet_client_bucket.service"}},{"type":"Concat_file","title":"/root/.config/openstack/clouds.yaml","tags":["_root_.config_openstack_clouds.yaml","concat_file","concat","class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/init.pp","line":122,"exported":false,"kind":"compilable_type","parameters":{"tag":"_root_.config_openstack_clouds.yaml","mode":"0400","replace":true,"backup":"puppet","show_diff":false,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat_fragment","title":"root_clouds_file_header","tags":["_root_.config_openstack_clouds.yaml","concat_fragment","root_clouds_file_header","concat::fragment","concat","fragment","class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/root/.config/openstack/clouds.yaml","tag":"_root_.config_openstack_clouds.yaml","order":"01","content":"clouds:\n"}},{"type":"Concat_file","title":"/etc/openstack/clouds.yaml","tags":["_etc_openstack_clouds.yaml","concat_file","concat","class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/init.pp","line":122,"exported":false,"kind":"compilable_type","parameters":{"tag":"_etc_openstack_clouds.yaml","mode":"0444","replace":true,"backup":"puppet","show_diff":false,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat_fragment","title":"observer_clouds_file_header","tags":["_etc_openstack_clouds.yaml","concat_fragment","observer_clouds_file_header","concat::fragment","concat","fragment","class","profile::openstack::base::observerenv","profile","openstack","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/openstack/clouds.yaml","tag":"_etc_openstack_clouds.yaml","order":"01","content":"clouds:\n"}},{"type":"Concat::Fragment","title":"/etc/openstack/clouds.yaml_novaobserver","tags":["concat::fragment","concat","fragment","openstack::util::envscript","openstack","util","envscript","novaobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/util/envscript.pp","line":21,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/openstack/clouds.yaml","content":"# SPDX-License-Identifier: Apache-2.0\n  novaobserver:\n    auth:\n      auth_url: https://openstack.eqiad1.wikimediacloud.org:25000/v3\n      username: novaobserver\n      password: Fs6Dq2RtG8KwmM2Z\n      project_id: observer\n      user_domain_id: default\n      project_domain_id: default\n    region_name: eqiad1-r\n    identity_api_version: 3\n","order":"10"}},{"type":"Concat::Fragment","title":"/root/.config/openstack/clouds.yaml_novaobserver","tags":["concat::fragment","concat","fragment","openstack::util::envscript","openstack","util","envscript","novaobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/util/envscript.pp","line":21,"exported":false,"kind":"defined_type","parameters":{"target":"/root/.config/openstack/clouds.yaml","content":"# SPDX-License-Identifier: Apache-2.0\n  novaobserver:\n    auth:\n      auth_url: https://openstack.eqiad1.wikimediacloud.org:25000/v3\n      username: novaobserver\n      password: Fs6Dq2RtG8KwmM2Z\n      project_id: observer\n      user_domain_id: default\n      project_domain_id: default\n    region_name: eqiad1-r\n    identity_api_version: 3\n","order":"10"}},{"type":"File","title":"/etc/novaobserver.yaml","tags":["file","openstack::util::envscript","openstack","util","envscript","novaobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/util/envscript.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"content":"# These settings are duplicates of the 'novaobserver' section\n#  in [\"/etc/openstack/clouds.yaml\", \"/root/.config/openstack/clouds.yaml\"]. They're left here for easy discovery\n#  and for tools that need access to the raw values but don't\n#  want to parse clouds.yaml\n\nOS_USERNAME: novaobserver\nOS_USER_DOMAIN_ID: default\nOS_PASSWORD: \"Fs6Dq2RtG8KwmM2Z\"\nOS_AUTH_URL: \"https://openstack.eqiad1.wikimediacloud.org:25000/v3\"\nOS_REGION_NAME: \"eqiad1-r\"\nOS_NO_CACHE: 1\nOS_IDENTITY_API_VERSION: 3\nOS_INTERFACE: public\nPYTHONIOENCODING: utf-8\nOS_PROJECT_NAME: \"observer\"\nOS_PROJECT_ID: \"observer\"\nOS_PROJECT_DOMAIN_ID: default\nOS_DOMAIN_ID: default\n\nOS_VOLUME_API_VERSION: 3.44\n","mode":"0444","owner":"root","group":"root"}},{"type":"File","title":"/usr/local/bin/observerenv.sh","tags":["file","openstack::util::envscript","openstack","util","envscript","novaobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/util/envscript.pp","line":41,"exported":false,"kind":"compilable_type","parameters":{"content":"#!/bin/bash\n\necho \"remember, all this does is set OS_CLOUD=novaobserver\"\nexport OS_CLOUD=novaobserver\n","mode":"0555","owner":"root","group":"root"}},{"type":"Concat::Fragment","title":"/etc/openstack/clouds.yaml_ossystemobserver","tags":["concat::fragment","concat","fragment","openstack::util::envscript","openstack","util","envscript","ossystemobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/util/envscript.pp","line":21,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/openstack/clouds.yaml","content":"# SPDX-License-Identifier: Apache-2.0\n  ossystemobserver:\n    auth:\n      auth_url: https://openstack.eqiad1.wikimediacloud.org:25000/v3\n      username: novaobserver\n      password: Fs6Dq2RtG8KwmM2Z\n      user_domain_id: default\n      project_domain_id: default\n      system_scope: all\n    region_name: eqiad1-r\n    identity_api_version: 3\n","order":"10"}},{"type":"Concat::Fragment","title":"/root/.config/openstack/clouds.yaml_ossystemobserver","tags":["concat::fragment","concat","fragment","openstack::util::envscript","openstack","util","envscript","ossystemobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/util/envscript.pp","line":21,"exported":false,"kind":"defined_type","parameters":{"target":"/root/.config/openstack/clouds.yaml","content":"# SPDX-License-Identifier: Apache-2.0\n  ossystemobserver:\n    auth:\n      auth_url: https://openstack.eqiad1.wikimediacloud.org:25000/v3\n      username: novaobserver\n      password: Fs6Dq2RtG8KwmM2Z\n      user_domain_id: default\n      project_domain_id: default\n      system_scope: all\n    region_name: eqiad1-r\n    identity_api_version: 3\n","order":"10"}},{"type":"File","title":"/etc/ossystemobserver.yaml","tags":["file","openstack::util::envscript","openstack","util","envscript","ossystemobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/util/envscript.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"content":"# These settings are duplicates of the 'ossystemobserver' section\n#  in [\"/etc/openstack/clouds.yaml\", \"/root/.config/openstack/clouds.yaml\"]. They're left here for easy discovery\n#  and for tools that need access to the raw values but don't\n#  want to parse clouds.yaml\n\nOS_USERNAME: novaobserver\nOS_USER_DOMAIN_ID: default\nOS_PASSWORD: \"Fs6Dq2RtG8KwmM2Z\"\nOS_AUTH_URL: \"https://openstack.eqiad1.wikimediacloud.org:25000/v3\"\nOS_REGION_NAME: \"eqiad1-r\"\nOS_NO_CACHE: 1\nOS_IDENTITY_API_VERSION: 3\nOS_INTERFACE: public\nPYTHONIOENCODING: utf-8\nOS_PROJECT_NAME: UNSET\nOS_PROJECT_ID: UNSET\nOS_PROJECT_DOMAIN_ID: default\nOS_DOMAIN_ID: default\n\nOS_VOLUME_API_VERSION: 3.44\n","mode":"0444","owner":"root","group":"root"}},{"type":"File","title":"/usr/local/bin/osobserverenv.sh","tags":["file","openstack::util::envscript","openstack","util","envscript","ossystemobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/openstack/manifests/util/envscript.pp","line":41,"exported":false,"kind":"compilable_type","parameters":{"content":"#!/bin/bash\n\necho \"remember, all this does is set OS_CLOUD=ossystemobserver\"\nexport OS_CLOUD=ossystemobserver\n","mode":"0555","owner":"root","group":"root"}},{"type":"File","title":"/etc/ssh/userkeys/root.d/","tags":["file","ssh::userkey","ssh","userkey","root-cumin","class","profile::openstack::eqiad1::cumin::target","profile","openstack","eqiad1","cumin","target","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/userkey.pp","line":44,"exported":false,"kind":"compilable_type","parameters":{"path":"/etc/ssh/userkeys/root.d","ensure":"directory","force":true,"owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/ssh/userkeys/root.d/cumin","tags":["file","ssh::userkey","ssh","userkey","root-cumin","class","profile::openstack::eqiad1::cumin::target","profile","openstack","eqiad1","cumin","target","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/userkey.pp","line":57,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","force":true,"owner":"root","group":"root","mode":"0444","content":"# Cumin Masters.\nfrom=\"172.16.1.220\",no-agent-forwarding,no-port-forwarding,no-x11-forwarding,no-user-rc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcav+ECiF6hW2XRuP7R8nqDw4hPlD0OChsGvB6K27jK root@cloudinfra-internal-puppetmaster-02\n\nfrom=\"172.16.2.62\",no-agent-forwarding,no-port-forwarding,no-x11-forwarding,no-user-rc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHMS6pXywYSw1kaZQivozB8qUx0vd1gqiAnVqJuS365B root@deployment-cumin\n","show_diff":false}},{"type":"Ferm::Service","title":"ssh_from_cumin_project_masters","tags":["ferm::service","ferm","service","ssh_from_cumin_project_masters","firewall::service","firewall","ssh-from-cumin-project-masters","class","profile::openstack::eqiad1::cumin::target","profile","openstack","eqiad1","cumin","target","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/firewall/manifests/service.pp","line":57,"exported":false,"kind":"defined_type","parameters":{"proto":"tcp","port":22,"srange":["172.16.2.62"],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false}},{"type":"Nftables::Service","title":"ssh-from-cumin-project-masters","tags":["nftables::service","nftables","service","ssh-from-cumin-project-masters","firewall::service","firewall","class","profile::openstack::eqiad1::cumin::target","profile","openstack","eqiad1","cumin","target","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/firewall/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"proto":"tcp","port":22,"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false,"src_ips":["172.16.2.62"]}},{"type":"File","title":"/etc/ssh/userkeys/root","tags":["file","ssh::userkey","ssh","userkey","root","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/ssh/manifests/userkey.pp","line":57,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","force":true,"owner":"root","group":"root","mode":"0444","content":"# andrew\nssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApK6IC2VOrv0wvfmpf2gnoC0XnRX5R1lqb8gpdEhxzoKfDBG/56KDbsNXK8r2jqCJoaHjicDPQLsyjh00F4am62jzath0mC10iw2V/FhkmIZ3XP/43cmYrLBo9NAMxyYzX5pf6zwsmijkhPlbdUYe8Rd/4MWsFP9dOZ6l4d0mq3m/oEbcX5E27wAvwwDK6NJHRA5FCLLtCBKHVHa9yKAjtRJpv8uQ+9BiuEuLUGN5oAUWHtfsKY7FuaZq24rAwI3D2JAmgwI6Umv4zsv5uhwEIPBYyiMxrHb8li93vV/tPZlAHeOyId8mHfbUm5ZP+StuT0E1oG/y1O//yO4ph2c8kw== andrew@AndrewMacbook-5.local\n# ariel\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDcP8oXoJNHBmTowY1DlRWhK7N62sm3/9shxiRRSsdszLQ2erlYnyf+BTlIWsHMdZ07QjFJLGyLpt+KZxiYzS6ySUzRA4Ko/M6oziVM27woq7eOT7M6SvcbTXYoBc1IKz7ALl82duRKTakND8Vg3ZE0McMxopCa2EOx7CJlTjwNYRlu/wsfm6TbtmZ3fCKs+MnhIH+zn8SB0kejdAH1CFu971T7evZyB6AFH1+8n11JSX92VnNh4kV4Y6fHtDiFMivmWh8sI8XIVH6G1RLCwQp1I08VJ+C1kFDS/B1+C2q9akHt4ipcdlFFUX2q36Dw/AM5K5epN4ZUaWaQ4W9mRGR ariel@trouble.localdomain\n# bblack\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWW9uwYcsipz9usC1lypoB9c8ABd5AaSL1FcNWK4/FkInwlwEKRlaZXKHCY+g1vxhmKJgpr1qMnxgFf7msifCaVGrCk6gGy0wpsF8PJCrw+gKgWjjsxcp7p/BbHMxR13Ur+FNTMXq/eDburf6Namlu8BU6u677aJVjcpIpEH4IJvludSukOL12f2mmD+Hn3PljvqjLDg2APHcn/z2VKNEFAP8LCSXSFZWxoqn3oV3wlNXZgEsdP6Y4BZiNNLDpSyysMWFaE3Fr6vyQQTclj+gm9ZG8PUEvhO2Aa1O6bOojr6ZhFYjVRf9wr+4vs1M1GVjvFXr/k8XwXCf1R97S3mcl bb@neo-1\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCGhItrIJaWASfPf9rOdxixwgAAXYYJmmm0UOxcsTKzlls0EX/MMhDPrtm0iNX9l1IbKia6+OKDeSAdNoWVN56dqBXwRej/83vApawpAM1T9lBoWiCQXR2vwK96dp5EotStLW7iBgob57T7QpV2OPng4/G7q1PdRBOo8/vErD4tlxDiAhWDAXwRMypXfLPQePxaIv0vkpUQYsRB3vx7NX+rRpTtDDHz3Wm/37EeOqE3RqvLAfvOPUQ0739wgFUcYDDXNlD6C0sxMeZSUyKwWvAawIt+r4C6IgMVlt2l7J6CF5lUjmzJCL5DwtwF1Sw6xM0CEEaWbKPNQ44yv4kaPCKp bb@neo-2\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCPwFMvPEqUCks63fD+0UjgPjoIfkqoECOiJ3Cl1PJMwLADldAMZEPBhwjyJT11sKP4bvCqcVb/HVooED1zmQmF1urSycopkMj02FMIXZRSfvOWA2evTHNPeNR+/7dvSGgRqYggI5r+8d7gRB1YNedRoHq9d+1lWv5TpZ+TKr1ns0DekiFHXP4JCRC2U8/QxAriMcRywrbQ9Wpib5UCDKjlg7YmP29K9g7XdTkczyQCCOFSqEk2qRw4/lm1IACZXh9PBxy0CW2LuiNkkij5TBWMc+KDBqWwpETfIGFdSE0yzX9nCH9IsADj9MyaIMxS+Vtc96zS9ZR2HaFMaWIGFB2h bb@neo-3\n# oblivian\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCf8yZc/+/LiiIXkweNACUDMYNezKpexv7W8d4xlUweCcnZeyVvdiVl/LoFySvf7G08shDXQrxhqnc9xA6ulGokfHLOjAoqEuwlVwA1Xjbyb7KSOA2PNLDG9kzQ36wQyaSIgSDZegA+3O1oi3Jp/oVfSaqN1zk+8/Jl1kUAsv5S2264lsQR1y34AHhL4txkn6lH4nxjBBl+nvspU/FPInsLrCprCvecR7OT5+kUJF4rEeiGqx1gu7Etd/4AQzb+csYXp3LKUYhW+6kxEhUbGhFRG+GYtwD5oYFwSR7CmqrYvthfaMmnG9JzvIJvGmEv9gIFAivNsodlJzR0ZZ1ya24UvEwpnHmgcPBgLI1tPGJT//p8P7Xd04KPHgbN1VG21s89gjNCvEErwR8lkTveFRBZ8I0D/ipVFP4fHcA+jx6Lit/krIcexZ3CN0Bfpr9rEiFOGMx081HvD6R3x2ZablNb3GA/lscUs3r18QdQDGazj2+4PkrgbCAl0pt52Pun9/uajQpfHEgkaO6CHMrdX9FR169D86ZDf3W7lV0SPjITDeHHFBFzzrVrju4xt01ybYsUiWaS+PZAeQEDgZ1156sH8RSm7/Oi18U++S/upN7csJfDwSwOss9ReJNn+tXMr+uEjnuIL+Z2v0oCfujAcJIauX5UpEt5oXlhK+8BClRzXQ== joe@wikimedia.org\n# filippo\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAKIn//imkSjgvRePVLLZNZFjCVMNxixkzAWH+UAnKPetUCHka1EyywyQGK373fB0nQj90L5gkcChZ5iua991PG0wdQNBZYbRbgHXGVut8FdfbAKqqDE7TYCJGE23i+0LO+6mtnEqgaNjd9pAdBBflj/Nfb15qiwvWS1LwGK2bKHEtIDbW+KqmTnjLvirhqIVpQEiOYgqfsmjECcWYvx/V4hZ/QkLLhxkTPp48zDe+aw7UVP31eWcLTRlEfL5S5jePNWsW3GWRttinb22PQwbiZ3PX5Ecb6uu0hvRjzYXmgk39/bultguIKX7rcBby3vC+OZxjCQ0XHwx7aYMd8Mwb fgiunchedi@wikimedia.org\n# gehel\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCex3gl0aBMD0eklv4jzNGjfZDjuffqinvaJ4j4lHfxA9YqcxyupxOpv/MRmb92sfOXsHY33RgfNTZ8dVFwMumbCLNMG53t+ugE0Cpg9X/Z7XvnASqW7+fMxUa7BjRGOIMANlJ77l0F2uDAh+6xdr2NjXk2kmRlS/whiz7E9hKa/Rrvs/pk5ocyYusxrBZlwA6a4PjvbE8majx5fB7266A0x8NWs2YDHJjHtTEx80y75bxo3mxw4LacLCSTNZDTeKVuMoglPR9u+2X0d3XtVpUkzHlcMjqg+AlU+AB116c8G1Vm2ha27e+v7yltE23mbkWGaN3izBrvPOv/B/ZVBRDV glederrey@wikimedia.org\n# bd808\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb8nsxA3thqd87nLu+1mA0Jc1KY90t5qW7N+jRQksc4NLzlFqBTrld+Qm2FRVbLm37HZ9TRBZb2nuTYJIZhkNU7rRPEKs3cIUbh1pB7BbYv0aJ3F0qBD6UtHqOUIJhqVNYJ/ssobzFh2QrcrOM3eS8PrIPtL/CQSUmKmUjG8zhCocAiQZDFeIQLSyGyCWVrRg14SPjED0+wIQTGoTtCabL4B5AlLcTf2L5ztDUtaoXDObUpDJ5Tw6VUUzDoUjV+Y5AtxK4erwLRHeFEcSzmWWl0Sruhnp/TzaF4vGijl6Wcyi2O9TClBhGmp7gTl4CtMj8MDDm+7NO3dQmQMseded1 bd808+labs@wmf-bd808-mbp01.local\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPMEDLnrPDVrPPfDHyrzse/UbZwqm9TYmvnPoTVl4Nzd bd808+wmcsroot@wmf-bd808-mbp02.local\n# herron\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHO09HkC/OUk+sWmDx0O15qiQXPHMM97zEC19o7tc8mh4vGTXCzbcIGj2Z18thLQZ9e2N5hzr2vmcQ4gOkiPsHEiIQXtIUK6zomSqrV3qFryaFAd2FCynsK2/xS1Lw7WXy+uCgjnsc8nckQS3rsJzQswucAQmXno65tvg/t+UbJOKZpxIofZAWwsCcZfhnNt65Mtt4PGHPy+STfL3E3aj47xHMk/TqZv7bj4QR++NLu2qpWwwnnG7SWgoqS3x/2m/OU8ui3UxKWEMvZouIZVblY50E0OG+Xs/bcndLhqKl0FSVPQVVWh9ZPJKCHXVoc1Ja3ZFFNcgBmuC/XqjnsDCGlcKWKiW0CbWRzGrJ0BCkydOf72cDB4EseGV3KeZLbxfEUVt1EOYuDEEmAXQVXTTBX3A5vyq9C1Bx1H7wSmzVUImZfw09236+Lzqr98SWV+pHOglSHgYfDq8CEJxjIo8oADmAoGu9uclOQJ/7Sp0XigUgUE44SPMRKUymwC9TTrblKtUR49gyoVHMtnH1blTUqNwFt5dcvLtHMKzDeXAlWILhdcDP7Ys+VBwOXsJ+txSLiktiI4+CKgz4XMY58jmSKPkbMBEQjzFDhujpsybUdswMEd2GcSidqw338MsCNTgDGlUPmB5LV4LQl7zh+hlHqCgfxNhIl9+zwIuw5IlnYQ==\n# volans\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGEc35gnlkmFVNRpZPFpUD6BE0ztk81TiqKcJaaTWwG rcoccioli@wikimedia.org\n# dzahn\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeSUaBOLv3ObiOPJ+72mTfOXOdSrRnzRnCV6vrVDTu803v/UkISPw77NW7kASkVAJmndGBM2g4l0garvfCACf4kAULfM7qvtblLRcKCLWmqNycEbUCqVmBh794yJryjsdZ1I3yxEJ2BsN68/Gu5H+S2lbf2v/LDHCAFS6kcwonbdZiKc+KHoePW53LsGU4J9f4tV+a4+7Rxus015yZcwga2gC8zySDoJUqbKJ4roXkFtJxC2Iv2tld7vO6/C2jl5dt18hDmi14h8L4Qogju4Ew4orDqjc06ErFayIsu4sOnmKYhK8zc+2+bB4jQpGjOtyeOzapXJgbDoSA/nfRa+8N dzahn@wikimedia.org\n# krenair\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjyQjatHRgTqYDmKtdneyNM8ujhXx2eso3U2oFIqTsyBCH6Svn7BU/xAGfXjgWSh75h7SjwsUmXWE9eyE/BF1rypsOVC5Tjy56i7anul6f0ffGKgnMWN8gKlIdiQY4WTCi+3UQiv5vLXKsFAPLvPOQIrcWZKHARJzjx0M5lcHxC95TXn8e85S9ZCXdBNSgQfPQU2/0oVH0E2IsHbxcA/WJBxCUc1YNGxFUNk3O4JbBZX4QXFa8K9HMxoGMuhVHmiF/RHu06JJdaPt0bvHLfYoSvnvEoW6zM16wLQpVeS46ZH7ED+dgKC/DZ1Y9uL2Q6BkYeWI4hu8ojh1VpVOTihLl Alex Monk Cloud VPS root\n# reedy\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCrbx9PQlWVrvYAw280ypYulMffcIUJnAXTgU7fWCEWD/k91133TJ15u5KhT6Kx1tS3aE+6Vb/5LpCxsre16OuVLZUH5qj+klAymysYpp1tR1UNKLNN8jQT07juPeHvsjjkixxwKRQeyojLnb+JdgTv8j7KztrdgcisB0o5hbLDiHSsMrRvFCDbTfDEKZgbWVHbLWztwy22RwYXZJm5YTRiW8YpuqZ1/PMAARku9B8Grm18JUZ53HwfLSiEWPOKo6vAfTxQHWhUYn+PV63oNhgWOtzLowaJ3OuiSTHF9YDKEV/6yzgHECjVSG+TO2eBkE1FKyEtfcU54z0Ej5jS5iu+P/GVhZNrw2CddxkgASRHUDw1sjeAtFP1bfQoFp0fmdHPTIJ84YqRTX6mVCVuG61gCgjgw3LxEPNRD52eDlkhk1f73sn7fbZQJ8lzSWj59r0mDt2Ja4hRYPjyJy1gr3Br6mjEdvCgRG9IUe12vAGdhxJFYJVSaD3y7HJHS1j5cyBdPNlnjlmpUfotoriAli9m01+0BEpkix80t4KzCF/q0o8lLcFviHzinmlP2Lfa9VrqMERNBokCREof1Emiv2o5g8yHLZgx6tb4pnKaBFk9AnnxyxlcX0ZwwVwaHZE7CQpBz+FmKIukei/+m3IMXWLdW7oZs3HUoxmMgRqq8BnP+w== sam@reedyboy.net\n# dcaro\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRLt5Ss9ykeA6uUfQdB+LeO80zqHND6FiG6aNZ79FaJwGSnVB0QdIvjZUbn6ubllLo/Xx0SfmWvbqp6HLwi5J5xZP21dkUAVDyWqHIbUvDwHrsxYhHw25OnkGE4i/uKzoT1LCCJHt8OF0tgcPLSQZwK9De4xVLgAmZrxWAUzPxLvHnTVsN6qOS6nRG3mgcol90Ny2F1lxIMrsbJEPd3Iso8l2GqCABIXatPPNjiqBel4mJ1VR88gx2vDg2Y8hJqeQ5EYFWincJENq8D812HnunkjKaej5VMK1vCq5H4Q+9UESBWQcT0qNfyRbzfaUuvgxrH0ZslT86yurejusxC8QV/stFzUSoPb7F+8bKkCJL7GmxjBGHOBZWh1Ez7fWys+lkA8Z/gIbq1mRuENkGFnxPazUykH+FV2dpc1x6FrMLpMf4yYKgvQzRTPFK/W9anAp/2CRrECIK21zG+pgARYWnXeWOhrfi5l0Glf5mgVBKmbSJhLPGzmVyfaPkdceLXNM= david@magnum\n# legoktm\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmqXuFvgPkaqh6tvQZK1ytr1QlD6bOeUubu+590pln8 legoktm@dev\n# taavi\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8XhfD1WmaiQuRG63R6pn+dhvVlyO9JPoDiA8vzcKer taavi@runko\nsk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGKMx+9WZk90oPWb+hTrZuMAtT59FEhhIao44FWerlC+AAAABHNzaDo= taavi@runko wmcs yk1\nsk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDOncihf8FADe8qnja41tv0naqemyOaevzNFZZxZF04xAAAABHNzaDo= taavi@runko wmcs yk2\n# cwhite\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCGUkHiLD7wRcTaDDOqTNwsTSuvmIAaBSggy7EXR/tQVhXPpRc91t/xl8nLtB4OBs9fG9R21HR4grjcSFxxSeFYguc5XDERtohLLIOu9nQcvYaYbRvOn2mh3y2Xonq2Jv/uHCZ1b76bp9fwA8rC/to5f6iOVz+ozSTEUwLVFr0310fXmgy7yt5QfXgT2iw4izEUv6n8aQFpUCojfzds58M2pw7vcuX2C/qVWX6MeF+n/SWTX4GNYk6CHfJ5dN+Kvq6d9KXk3xrsuE1y0cz7gUb1T0E8oMBxklTxvJgjFgBmjgkrV0w5bFUW66S0JNCW+Opw5wQVVTLxncCsvw6SrlRl6vMJoV5wId4uzEaJh4HCQrwkD+Uk7FwspexYkZvTsq2qTBr6l2UvL3GXxD01TcnKBgcsKtI4wciW6chGj/mxsQw8vFC0WFx/YrHa/0Ia3S5fpq/U1ZtmLuthgHW4Eg1TI2v2/DC9FJANwq9BBWodI4ODVbQ2K5VfAeSJdmIJ2PNjj+Asoc9Sa9pY6WKAhG/NH5Tf7DXlx8JLiHCYht+u7o/qvLDGcCguZW/+55vN3BD2Zl0xgTC86uE+/bCtMy5K3j8RYhxrjUkh67EwGYAgpTTEyUS/VBXxzsNJnlamPxvbU452YA/zPH8nWH5LfjLR6qzd+DPYwt9cO6QV6Vlxw== cwhite@wikimedia-org\n# fnegri\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaTGwp3a7MKGiA+N0biMiwlREs4nMcmKZRNvxZfgywA6saIu5VazlFqZWCNVamTUgVuyLD7vsbqYghHEOVkaDZSvvA+W3TYSNiqi/xff/aGhT8eDH8i8IFaV4UQEPW+HwM4qZmdikCsgoFQKpK7DQFcqYqDSsf0TGRh/qyZPmfC4MqUUFkV42eZxwlRhHOubxgG888rRlbebcekDW+Nx6g8aZowOYho0CiLOJT+nc6onWLsRZHg63kq9Ee3TVrm/RyY31NIOCOxBHqZ//TWyTZqOL4zwjyID2FMrtyXcA1+oav7MZYdz3zAcTR4TdHMM8fNfZsbF/jFEihiuslXwHA3kUM969h3WOEMhY2Gi9keweGA9VIx7251HBuLCJXkMmLbjzHLzWn0AxI4i26RMBMQq0WI3Qm3fcu6ItsjoTn6NxQya+o/HcDgj31E9gfujNAezJmXnKcR7PV52hDKX+fLTz/NlfDZSIN9WcZ+rQecTHbEo7rOj4SKNqlYla4eCc= fnegri@wikimedia.org\n# tstarling\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/gmwMhe6S4EualYJVcisxJ+kH/VQdqtV0j0OHdj3ZBGtCop50DzMwDaVj5Hc/H+yxOjghd8lOODg5t5TT+GcBCRkbYA0ICspkpWepjHLVdYK/Y+hm3+UcWZ3yJMn6gL01KxvMQtvWqfpoGANitocteMiUh6quJ7uhU2DDdbs2wvocpZ/EvTo2kJoQqP3snf9qwDOhr5oES031asV8TZG6Zn9AQDOyrrYaVaxabYKgAz9gQfHsIi+xGYLQHDxG7AULbHQfStZvYHhyuuJt9i45fb7z1k9oRCb3XBaICjyhBFgTRLTPtdcOU5yHDRbpIZBmhZhARE4diek6JN0XJDhl yubikey2\n# alex\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICYxCqZkGys8gZB6Mq61Fw08CB7m1huxpnpII2ay3e0H krenair@gmail.com inspiron\n# hashar\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD4ubnKSlwi8C1V1JraoztiIae79gfD3s+n9l2EVNkgA6R/kcnJqi/2/oBkUaX1CpOLLWoj7TAQfNAnEt+O6HyQvNpJ8taA1RcssNwek+hDevg+YthBEQRpMhLIhC8WuW2fytc+ELQ903WL2+MKzeni5qH22LLSILkqYSHsb/aViE1JUo59PFLG26mcEluqpm8MogFCqYuFbfsM7RLzSTTZwHPhoKTpb7lPHKrdqfQP4q18SjcrRRf2HkkknF5iDRQv0ngHLAXG5o6H1iPVrDDc1lNY98eBYBwNlcSb73LQIvKDXvbLnpZZDExS6XJoZqHpyQPMtoNWHyJ2EN3RW7l hashar@postwater_labs\n# mobrovac\nssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr04C1g3grQJRwhOyrAic/xzW+2lxlxwjdTIY12HJs6aBvKTeUhwMLTxSMQ0nsFacnCcdTU1YcDYn0ypXxpd/v62uX4nbnw3goYSgKysmYlrHiQ+87GbQnBSe/j/0SvAF+oV9bB4EKGpGDK0hokfNKVzTpI2+0IbEAHK+Ag7+yIGYwWshLeoj1rTSzQCyFb1ELaXPt1OyAq37EYa+D9INA2aP4qHWHNSrAeG1FtJ3M4QDOIB/vB1UYE5i+XYeuugXlZzHXEkL5M1KbI5utPcBjpfncAmPGDLuiUKuBnDo85V75xpTmHQb485M4K1ZnqJ9XKnZT3NWDW2Fo+lvKU7VTw== doorman@istria-wifi.irisa.fr\n# samtar\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLCTKca4D7k/ta8wk5hdnxo8nLFRWnmDCwpM13/fi3W samtar@theresnotime.co.uk\n# twentyafterfour\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPe9i/PI48Xk3BwCBSJ3L/o4n8noRBEFrINAPLVw4SDPmMOgPu5/HyvdxWkS47li2PQnDx4EobYE4WErxdQ0nB/Fe43ZzWEFQ6RvWuuPAxUwEFcGhraDHFFQc/TLh7adtNA247jUhLCQN/O3Nb6Qq1RPuAZgF59UuWKPNwnSOCOyLV0zHvqhjUkWmDcCI7sln1Kbv+JiEKBrVyokpv18pgCgyKL54UvFRbVD/aU7qu1DyJCFZ0GTitqFX0OMHjEyCo2bGPFUAHBkbKn/lsNz4hXNjF9iorxBvl1ZXLCRMkdRJBA6xGgLGWPXBQOXbUTc+9ow05KH0kHmQu5lXez7CZ twentyafterfour@wikiafterfour\n","show_diff":false}},{"type":"File","title":"/etc/sudoers.d/ops","tags":["file","sudo::group","sudo","group","ops","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sudo/manifests/group.pp","line":35,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0440","content":"# This file is managed by Puppet!\n\n%ops ALL=(ALL) NOPASSWD: ALL\n","validate_cmd":"/usr/sbin/visudo -cqf %"}},{"type":"Class","title":"Security::Access","tags":["class","security::access","security","access","security::access::config","config","labs-local","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"exported":false,"kind":"unknown"},{"type":"Concat","title":"/etc/security/access.conf","tags":["concat","class","security::access","security","access","security::access::config","config","labs-local","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/security/manifests/access.pp","line":10,"exported":false,"kind":"defined_type","parameters":{"owner":"root","group":"root","mode":"0444","ensure":"present","path":"/etc/security/access.conf","warn":false,"show_diff":true,"backup":"puppet","replace":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"File","title":"/etc/security/access.conf.d","tags":["file","class","security::access","security","access","security::access::config","config","labs-local","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/security/manifests/access.pp","line":16,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","recurse":true,"purge":true,"force":true,"owner":"root","group":"root"}},{"type":"Security::Pam::Config","title":"local-pam-access","tags":["security::pam::config","security","pam","config","local-pam-access","class","security::access","access","security::access::config","labs-local","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/security/manifests/access.pp","line":23,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/security/local-pam-access","ensure":"present"}},{"type":"Concat::Fragment","title":"security-access-labs-local","tags":["concat::fragment","concat","fragment","security-access-labs-local","security::access::config","security","access","config","labs-local","class","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/security/manifests/access/config.pp","line":44,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/security/access.conf","content":"+:ALL:LOCAL\n","order":0}},{"type":"Concat::Fragment","title":"security-access-labs-restrict-to-project","tags":["concat::fragment","concat","fragment","security-access-labs-restrict-to-project","security::access::config","security","access","config","labs-restrict-to-project","class","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/security/manifests/access/config.pp","line":44,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/security/access.conf","content":"-:ALL EXCEPT (project-deployment-prep) root:ALL\n","order":99}},{"type":"Systemd::Unit","title":"sssd-nss.service-sssd-nss-auto-restart","tags":["systemd::unit","systemd","unit","sssd-nss.service-sssd-nss-auto-restart","systemd::override","override","sssd-nss-auto-restart","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/override.pp","line":14,"exported":false,"kind":"defined_type","parameters":{"override_filename":"sssd-nss-auto-restart","override":true,"unit":"sssd-nss.service","source":"puppet:///modules/ldap/client/sssd/sssd-nss-auto-restart.override.service","ensure":"present","restart":false,"require":["Class[Systemd]"]}},{"type":"Systemd::Unit","title":"prometheus_ssh_open_sessions.service","tags":["systemd::unit","systemd","unit","prometheus_ssh_open_sessions.service","systemd::timer::job","timer","job","prometheus_ssh_open_sessions","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Regular job to collect active shell session information\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-ssh_open_sessions /var/lib/prometheus/node.d/ssh_open_sessions.prom\n","unit":"prometheus_ssh_open_sessions.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"prometheus_ssh_open_sessions","tags":["systemd::timer","systemd","timer","prometheus_ssh_open_sessions","systemd::timer::job","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"*-*-* *:0/5:0"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"prometheus_ssh_open_sessions.service"}},{"type":"Systemd::Syslog","title":"prometheus_ssh_open_sessions","tags":["systemd::syslog","systemd","syslog","prometheus_ssh_open_sessions","systemd::timer::job","timer","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Ferm::Service","title":"metricsinfra_prometheus_all_tcp","tags":["ferm::service","ferm","service","metricsinfra_prometheus_all_tcp","firewall::service","firewall","metricsinfra-prometheus-all-tcp","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/firewall/manifests/service.pp","line":57,"exported":false,"kind":"defined_type","parameters":{"proto":"tcp","port_range":[1,65535],"srange":["metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud","metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud"],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false}},{"type":"Nftables::Service","title":"metricsinfra-prometheus-all-tcp","tags":["nftables::service","nftables","service","metricsinfra-prometheus-all-tcp","firewall::service","firewall","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/firewall/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"proto":"tcp","port_range":[1,65535],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false,"src_ips":["172.16.0.229","172.16.6.65"]}},{"type":"Ferm::Service","title":"metricsinfra_prometheus_all_udp","tags":["ferm::service","ferm","service","metricsinfra_prometheus_all_udp","firewall::service","firewall","metricsinfra-prometheus-all-udp","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/firewall/manifests/service.pp","line":57,"exported":false,"kind":"defined_type","parameters":{"proto":"udp","port_range":[1,65535],"srange":["metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud","metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud"],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false}},{"type":"Nftables::Service","title":"metricsinfra-prometheus-all-udp","tags":["nftables::service","nftables","service","metricsinfra-prometheus-all-udp","firewall::service","firewall","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/firewall/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"proto":"udp","port_range":[1,65535],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false,"src_ips":["172.16.0.229","172.16.6.65"]}},{"type":"Ferm::Service","title":"dhcp6_response","tags":["ferm::service","ferm","service","dhcp6_response","firewall::service","firewall","dhcp6-response","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/firewall/manifests/service.pp","line":57,"exported":false,"kind":"defined_type","parameters":{"proto":"udp","port":546,"srange":["fe80::/10"],"drange":["fe80::/10"],"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false}},{"type":"Nftables::Service","title":"dhcp6-response","tags":["nftables::service","nftables","service","dhcp6-response","firewall::service","firewall","class","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/firewall/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"proto":"udp","port":546,"ensure":"present","desc":"","prio":10,"unrestricted_access":false,"notrack":false,"src_ips":["fe80::/10"],"dst_ips":["fe80::/10"]}},{"type":"Motd::Script","title":"beta_warning_and_terms","tags":["motd::script","motd","script","beta_warning_and_terms","class","profile::beta::motd","profile","beta","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/beta/motd.pp","line":2,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","priority":1,"source":"puppet:///modules/profile/beta/beta_warning_and_terms.motd"}},{"type":"File_line","title":"locale-en_US.UTF-8","tags":["file_line","locale-en_us.utf-8","class","profile::locales::base","profile","locales","base","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/locales/base.pp","line":6,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","path":"/etc/locale.gen","line":"en_US.UTF-8 UTF-8","notify":"Exec[base-locale-gen]"}},{"type":"Exec","title":"base-locale-gen","tags":["exec","base-locale-gen","class","profile::locales::base","profile","locales","base","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/locales/base.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/sbin/locale-gen --purge","refreshonly":true}},{"type":"File","title":"/etc/ssl/certs/WMF_TEST_CA.pem","tags":["file","class","profile::pki::client","profile","pki","client","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/pki/client.pp","line":37,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","source":"puppet:///modules/profile/pki/ROOT/WMF_TEST_CA.pem"}},{"type":"File","title":"/etc/ssl/localcerts/pki_api_CA.pem","tags":["file","class","profile::pki::client","profile","pki","client","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/pki/client.pp","line":49,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0440","source":"puppet:///modules/profile/pki/cloud/pki_api_ca.pem"}},{"type":"Concat","title":"/etc/cfssl/mutual_tls_client_cert.pem","tags":["concat","class","profile::pki::client","profile","pki","client","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/pki/client.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","path":"/etc/cfssl/mutual_tls_client_cert.pem","mode":"0644","warn":false,"show_diff":true,"backup":"puppet","replace":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat::Fragment","title":"mtls_client_cert_leaf","tags":["concat::fragment","concat","fragment","mtls_client_cert_leaf","class","profile::pki::client","profile","pki","client","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/pki/client.pp","line":64,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/cfssl/mutual_tls_client_cert.pem","order":"01","source":"/var/lib/puppet/ssl/certs/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem"}},{"type":"Concat::Fragment","title":"mtls_client_cert_chain","tags":["concat::fragment","concat","fragment","mtls_client_cert_chain","class","profile::pki::client","profile","pki","client","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/pki/client.pp","line":74,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/cfssl/mutual_tls_client_cert.pem","order":"02","source":"/var/lib/puppet/ssl/certs/ca.pem"}},{"type":"Class","title":"Cfssl::Client","tags":["class","cfssl::client","cfssl","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/pki/client.pp","line":82,"exported":false,"kind":"class","parameters":{"ensure":"present","signer":"https://pki-intermediate.pki.eqiad1.wikimedia.cloud:443","bundles_source":"puppet:///modules/profile/pki/wmcs-intermediates","auth_key":"aaaabbbbccccdddd","enable_proxy":false,"listen_addr":"127.0.0.1","listen_port":8888,"mutual_tls_client_cert":"/etc/cfssl/mutual_tls_client_cert.pem","mutual_tls_client_key":"/var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem","tls_remote_ca":"/etc/ssl/localcerts/pki_api_CA.pem","log_level":"info"},"sensitive_parameters":["auth_key"]},{"type":"Class","title":"Cfssl","tags":["class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"exported":false,"kind":"unknown","parameters":{"conf_dir":"/etc/cfssl","signer_dir":"/etc/cfssl/signers","csr_dir":"/etc/cfssl/csr","ocsp_dir":"/etc/cfssl/ocsp","ssl_dir":"/etc/cfssl/ssl","bundles_dir":"/etc/cfssl/ssl/bundles","packages":["golang-cfssl"]}},{"type":"Package","title":"golang-cfssl","tags":["package","golang-cfssl","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":13,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/etc/cfssl","tags":["file","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","require":["Package[golang-cfssl]"],"ensure":"directory","purge":true,"recurse":true,"force":true,"mode":"0550"}},{"type":"File","title":"/usr/local/share/cfssl","tags":["file","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","require":["Package[golang-cfssl]"],"ensure":"directory","purge":true,"recurse":true,"force":true,"mode":"0550"}},{"type":"File","title":"/etc/cfssl/signers","tags":["file","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","require":["Package[golang-cfssl]"],"ensure":"directory","purge":true,"recurse":true,"force":true,"mode":"0550"}},{"type":"File","title":"/etc/cfssl/csr","tags":["file","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","require":["Package[golang-cfssl]"],"ensure":"directory","purge":true,"recurse":true,"force":true,"mode":"0550"}},{"type":"File","title":"/etc/cfssl/ssl","tags":["file","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","require":["Package[golang-cfssl]"],"ensure":"directory","purge":true,"recurse":true,"force":true,"mode":"0550"}},{"type":"File","title":"/etc/cfssl/ocsp","tags":["file","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","require":["Package[golang-cfssl]"],"ensure":"directory","mode":"0550"}},{"type":"File","title":"/etc/cfssl/ssl/bundles","tags":["file","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","require":["Package[golang-cfssl]"],"ensure":"directory","mode":"0550"}},{"type":"File","title":"/usr/local/share/cfssl/sqlite_initdb.sql","tags":["file","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","require":["Package[golang-cfssl]"],"ensure":"file","mode":"0440","source":"puppet:///modules/cfssl/sqlite_initdb.sql"}},{"type":"File","title":"/usr/local/share/cfssl/mysql_initdb.sql","tags":["file","class","cfssl","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/init.pp","line":15,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","require":["Package[golang-cfssl]"],"ensure":"file","mode":"0440","source":"puppet:///modules/cfssl/mysql_initdb.sql"}},{"type":"Cfssl::Config","title":"client-cfssl","tags":["cfssl::config","cfssl","config","client-cfssl","class","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/client.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","default_auth_remote":{"remote":"default_remote","auth_key":"default_auth"},"auth_keys":{"default_auth":{"type":"standard","key":"aaaabbbbccccdddd"}},"remotes":{"default_remote":"https://pki-intermediate.pki.eqiad1.wikimedia.cloud:443"},"path":"/etc/cfssl/client-cfssl.conf","default_auth_key":"default_auth","default_usages":[],"profiles":{}}},{"type":"File","title":"/usr/local/sbin/cfssl-client","tags":["file","class","cfssl::client","cfssl","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/client.pp","line":36,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0550","content":"#!/bin/sh\n/usr/bin/cfssl \"$@\" -config /etc/cfssl/client-cfssl.conf"}},{"type":"Systemd::Service","title":"cfssl-serve@proxy-client","tags":["systemd::service","systemd","service","class","cfssl::client","cfssl","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/client.pp","line":43,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Cloudflare SSL (cfssl::client)\nAfter=network.target remote-fs.target nss-lookup.target\nDocumentation=https://github.com/cloudflare/cfssl/tree/master/doc\n\n[Service]\nExecStart=/usr/bin/cfssl serve \\\n          -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem \\\n          -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem \\\n          -config /etc/cfssl/client-cfssl.conf \\\n          -address 127.0.0.1 \\\n          -port 8888\nRestart=always\nRestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK\n\n[Install]\nWantedBy=multi-user.target\n","restart":true,"unit_type":"service","override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Package","title":"rsyslog-kafka","tags":["package","rsyslog-kafka","class","profile::rsyslog::kafka_shipper","profile","rsyslog","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/rsyslog/kafka_shipper.pp","line":20,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/etc/rsyslog.lookup.d","tags":["file","class","profile::rsyslog::kafka_shipper","profile","rsyslog","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/rsyslog/kafka_shipper.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root"}},{"type":"File","title":"/etc/rsyslog.lookup.d/lookup_table_output.json","tags":["file","class","profile::rsyslog::kafka_shipper","profile","rsyslog","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/rsyslog/kafka_shipper.pp","line":33,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","source":"puppet:///modules/profile/rsyslog/lookup_table_output.json","require":"File[/etc/rsyslog.lookup.d]","notify":"Service[rsyslog]","owner":"root","group":"root"}},{"type":"Concat::Fragment","title":"/etc/rsyslog.d/00-global.conf-maxMessageSize","tags":["concat::fragment","concat","fragment","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/functions/global_entry.pp","line":9,"exported":false,"kind":"defined_type","parameters":{"target":"/etc/rsyslog.d/00-global.conf","order":"maxMessageSize","content":"  maxMessageSize=\"64k\"\n"}},{"type":"Rsyslog::Conf","title":"lookup_output","tags":["rsyslog::conf","rsyslog","conf","lookup_output","class","profile::rsyslog::kafka_shipper","profile","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/rsyslog/kafka_shipper.pp","line":45,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"\n# define lookup table for log outputs\nlookup_table(name=\"output_lookup\" file=\"/etc/rsyslog.lookup.d/lookup_table_output.json\" reloadOnHUP=\"on\")\n\n# perform lookup of programname against table \"output_lookup\"\n# this is used later to determine which output actions to apply\nset $.log_outputs = lookup(\"output_lookup\", $programname);\n","priority":10,"require":"File[/etc/rsyslog.lookup.d/lookup_table_output.json]","mode":"0444"}},{"type":"Rsyslog::Conf","title":"template_syslog_json","tags":["rsyslog::conf","rsyslog","conf","template_syslog_json","class","profile::rsyslog::kafka_shipper","profile","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/rsyslog/kafka_shipper.pp","line":52,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","source":"puppet:///modules/profile/rsyslog/template_syslog_json.conf","priority":10,"mode":"0444"}},{"type":"Rsyslog::Conf","title":"output_kafka","tags":["rsyslog::conf","rsyslog","conf","output_kafka","class","profile::rsyslog::kafka_shipper","profile","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/rsyslog/kafka_shipper.pp","line":62,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# this is the kafka output config, so load the kafka output module\nmodule(load=\"omkafka\")\n\n# load mmrm1stspace to remove leading space from msg field in output\n# (leading space breaks existing grok/regex message filters)\nmodule(load=\"mmrm1stspace\")\n\n# load mmutf8fix to convert non-utf8 charsets to utf8\nmodule(load=\"mmutf8fix\")\n\n# parse json messages when @cee cookie is found\nmodule(load=\"mmjsonparse\")\n\n# define a template to be used by omkafka dynatopic\ntemplate(name=\"kafka_topic\" type=\"string\" string=\"rsyslog-%syslogseverity-text%\")\n\n# Event Platform support (T291645): messages that carry a 'meta.stream' field are\n# Event Platform events (e.g. ECS formatted logs). Produce them to the\n# '<datacenter>.<meta.stream>' topic so they can be ingested into the Data Lake.\n# The datacenter prefix is supplied by puppet; the stream suffix is read from the\n# parsed json message via the '%!meta!stream%' property.\ntemplate(name=\"event_platform_topic\" type=\"string\" string=\"eqiad.%!meta!stream%\")\n\n# Emit the parsed json message verbatim (with $schema, meta and dt intact) so the\n# event remains valid for Event Platform / Data Lake ingestion.\ntemplate(name=\"event_platform_json\" type=\"list\") {\n  property(name=\"$!all-json\")\n}\n\n# send to kafka if lookup table contains \"kafka\" for relevant programname\n# $.log_outputs defined by lookup table in lookup_output.conf\nif ( $.log_outputs contains \"kafka\" ) then {\n\n    # remove leading white space from msg field\n    action(type=\"mmrm1stspace\")\n\n    # attempt to convert log charset to utf8\n    action(type=\"mmutf8fix\")\n\n    # try parsing the message as json if @cee cookie is found\n    action(type=\"mmjsonparse\" name=\"mmjsonparse_kafka\")\n\n    # if parsing of @cee cookie fails, try parsing raw message as json\n    if $parsesuccess != \"OK\" then {\n        action(type=\"mmjsonparse\" name=\"mmjsonparse_kafka_raw\" cookie=\"\" useRawMsg=\"on\")\n    }\n\n    # if parsing of @cee cookie AND raw message fails, try parsing \"msg\" field as json\n    # https://www.rsyslog.com/doc/v8-stable/configuration/modules/mmjsonparse.html\n    if $parsesuccess != \"OK\" then {\n        action(type=\"mmjsonparse\" name=\"mmjsonparse_kafka_msg\" cookie=\"\")\n    }\n\n    # the message is json, use a different template (syslog_cee vs syslog_json)\n    # unfortunately rsyslog doesn't allow variables to be used as template\n    # names, so the kafka action is duplicated here.\n    if $parsesuccess == \"OK\" then {\n        # Event Platform events carry a 'meta.stream' field. Produce these only to\n        # the '<datacenter>.<meta.stream>' topic (T291645). Logstash consumes this\n        # topic via an explicit kafka input rather than the 'rsyslog-*' pattern.\n        # We also need to unset the $!msg field here, which is left over from the\n        # failed mmjsonparse_kafka_raw parsing attempt.\n        if ($!meta!stream != \"\") then {\n            unset $!msg;\n            action(type=\"omkafka\"\n                   name=\"omkafka_event_platform\"\n                   broker=[\"deployment-kafka-logging01.deployment-prep.eqiad1.wikimedia.cloud:9093\"]\n                   topic=\"event_platform_topic\"\n                   dynatopic=\"on\"\n                   dynatopic.cachesize=\"1000\"\n                   partitions.auto=\"on\"\n                   template=\"event_platform_json\"\n                   confParam=[ \"security.protocol=ssl\",\n                               \"ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt\",\n                               \"compression.codec=snappy\",\n                               \"socket.timeout.ms=10000\",\n                               \"socket.keepalive.enable=true\",\n                               \"queue.buffering.max.ms=50\",\n                               \"batch.num.messages=1000\" ]\n            )\n        } else {\n        action(type=\"omkafka\"\n               name=\"omkafka_syslog_cee\"\n               broker=[\"deployment-kafka-logging01.deployment-prep.eqiad1.wikimedia.cloud:9093\"]\n               topic=\"kafka_topic\"\n               dynatopic=\"on\"\n               dynatopic.cachesize=\"1000\"\n               partitions.auto=\"on\"\n               template=\"syslog_cee\"\n               confParam=[ \"security.protocol=ssl\",\n                           \"ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt\",\n                           \"compression.codec=snappy\",\n                           \"socket.timeout.ms=10000\",\n                           \"socket.keepalive.enable=true\",\n                           \"queue.buffering.max.ms=50\",\n                           \"batch.num.messages=1000\" ]\n        )\n        }\n    } else {\n        # if ecs_170 in log_outputs, use that template to format\n        # non-json-formatted syslog events into an ecs-compatible form\n        if ( $.log_outputs contains \"ecs_170\" ) then {\n            action(type=\"omkafka\"\n                   name=\"omkafka_ecs_170\"\n                   broker=[\"deployment-kafka-logging01.deployment-prep.eqiad1.wikimedia.cloud:9093\"]\n                   topic=\"kafka_topic\"\n                   dynatopic=\"on\"\n                   dynatopic.cachesize=\"1000\"\n                   partitions.auto=\"on\"\n                   template=\"ecs_170\"\n                   confParam=[ \"security.protocol=ssl\",\n                               \"ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt\",\n                               \"compression.codec=snappy\",\n                               \"socket.timeout.ms=10000\",\n                               \"socket.keepalive.enable=true\",\n                               \"queue.buffering.max.ms=50\",\n                               \"batch.num.messages=1000\" ]\n            )\n        } else {\n            # fall back to legacy json format\n            action(type=\"omkafka\"\n                   name=\"omkafka_syslog_json\"\n                   broker=[\"deployment-kafka-logging01.deployment-prep.eqiad1.wikimedia.cloud:9093\"]\n                   topic=\"kafka_topic\"\n                   dynatopic=\"on\"\n                   dynatopic.cachesize=\"1000\"\n                   partitions.auto=\"on\"\n                   template=\"syslog_json\"\n                   confParam=[ \"security.protocol=ssl\",\n                               \"ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt\",\n                               \"compression.codec=snappy\",\n                               \"socket.timeout.ms=10000\",\n                               \"socket.keepalive.enable=true\",\n                               \"queue.buffering.max.ms=50\",\n                               \"batch.num.messages=1000\" ]\n            )\n        }\n    }\n\n}\n","priority":30,"mode":"0444"}},{"type":"Rsyslog::Conf","title":"output_local","tags":["rsyslog::conf","rsyslog","conf","output_local","class","profile::rsyslog::kafka_shipper","profile","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/rsyslog/kafka_shipper.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# Use lookup table to determine if log continues on to local outputs (defined\n# in rsyslog.conf). If there is no entry in the lookup table for $programname,\n# the default value defined by \"nomatch\" is \"local\".\n# See https://www.rsyslog.com/doc/master/configuration/lookup_tables.html#lookup-table-file-format\n#\n# Note that the lookup is done at priority 10 by 10-lookup-output.conf, so\n# setting $.log_outputs in a configuration with higher priority overrides the\n# lookup.\nif ( not ($.log_outputs contains \"local\") ) then {\n    stop\n}\n","priority":95,"mode":"0444"}},{"type":"Class","title":"Profile::Base::Production","tags":["class","profile::base::production","profile","base","production","role::cache::text","role","cache","text","node","default"],"exported":false,"kind":"unknown","parameters":{"enable":false,"enable_ip6_mapped":false}},{"type":"Class","title":"Profile::Cache::Base","tags":["class","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"performance_tweaks":false,"use_geo_ip":false,"cache_cluster":"text","logstash_host":"logstash.svc.deployment-prep.eqiad1.wikimedia.cloud","logstash_syslog_port":10514,"logstash_json_lines_port":11514,"log_slow_request_threshold":60.0,"allow_iptables":false,"extra_trust":[],"conftool_prefix":"/conftool/v1","use_ip_reputation":false,"enable_monitoring":false,"use_noflow_iface_preup":false,"require":["Class[Network::Constants]","Class[Profile::Conftool::Client]","Class[Profile::Prometheus::Cadvisor]","Class[Profile::Base::Production]","Class[Profile::Base::Systemd]","Class[Profile::Cache::Purge]"]}},{"type":"Apt::Package_from_component","title":"lshw-backport","tags":["apt::package_from_component","apt","package_from_component","lshw-backport","class","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":37,"exported":false,"kind":"defined_type","parameters":{"component":"component/lshw","packages":["lshw"],"ensure":"present","distro":"bullseye-wikimedia","uri":"http://apt.wikimedia.org/wikimedia","priority":1001,"ensure_packages":true}},{"type":"Class","title":"Profile::Conftool::Client","tags":["class","profile::conftool::client","profile","conftool","client","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"srv_domain":"conftool.svc.deployment-prep.eqiad1.wikimedia.cloud","namespace":"/conftool","tcpircbot_host":"icinga.wikimedia.org","tcpircbot_port":9200,"host":"deployment-etcd05.deployment-prep.eqiad1.wikimedia.cloud","port":2379,"pool_pwd_seed":"","etcd_user":"__auto__","conftool2git_bind_addr":"0.0.0.0:1312","require":["Class[Passwords::Etcd]"]}},{"type":"Package","title":"python3-conftool","tags":["package","python3-conftool","class","profile::conftool::client","profile","conftool","client","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/conftool/client.pp","line":35,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Class","title":"Passwords::Etcd","tags":["class","passwords::etcd","passwords","etcd","profile::conftool::client","profile","conftool","client","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown"},{"type":"Class","title":"Etcd::Client::Globalconfig","tags":["class","etcd::client::globalconfig","etcd","client","globalconfig","profile::conftool::client","profile","conftool","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/conftool/client.pp","line":40,"exported":false,"kind":"class","parameters":{"srv_domain":"conftool.svc.deployment-prep.eqiad1.wikimedia.cloud","host":"deployment-etcd05.deployment-prep.eqiad1.wikimedia.cloud","port":2379}},{"type":"File","title":"/etc/etcd","tags":["file","class","etcd::client::globalconfig","etcd","client","globalconfig","profile::conftool::client","profile","conftool","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/etcd/manifests/client/globalconfig.pp","line":11,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","mode":"0755","owner":"root","group":"root"}},{"type":"Etcd::Client::Config","title":"/etc/etcd/etcdrc","tags":["etcd::client::config","etcd","client","config","class","etcd::client::globalconfig","globalconfig","profile::conftool::client","profile","conftool","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/etcd/manifests/client/globalconfig.pp","line":16,"exported":false,"kind":"defined_type","parameters":{"world_readable":true,"settings":{"host":"deployment-etcd05.deployment-prep.eqiad1.wikimedia.cloud","port":2379,"srv_domain":"conftool.svc.deployment-prep.eqiad1.wikimedia.cloud","ca_cert":"/etc/ssl/certs/wmf-ca-certificates.crt","protocol":"https","allow_reconnect":true},"ensure":"present","owner":"root","group":"root"}},{"type":"Etcd::Client::Config","title":"/root/.etcdrc","tags":["etcd::client::config","etcd","client","config","class","profile::conftool::client","profile","conftool","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/conftool/client.pp","line":70,"exported":false,"kind":"defined_type","parameters":{"settings":{"username":"conftool","password":"another_secret"},"ensure":"present","owner":"root","group":"root","world_readable":false}},{"type":"Class","title":"Conftool::Config","tags":["class","conftool::config","conftool","config","profile::conftool::client","profile","client","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/conftool/client.pp","line":81,"exported":false,"kind":"class","parameters":{"namespace":"/conftool","tcpircbot_host":"icinga.wikimedia.org","tcpircbot_port":9200,"hosts":[],"conftool2git_address":""}},{"type":"File","title":"/etc/conftool","tags":["file","class","conftool::config","conftool","config","profile::conftool::client","profile","client","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/conftool/manifests/config.pp","line":18,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/conftool/config.yaml","tags":["file","class","conftool::config","conftool","config","profile::conftool::client","profile","client","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/conftool/manifests/config.pp","line":48,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"---\nhosts: []\ntcpircbot_host: icinga.wikimedia.org\ntcpircbot_port: 9200\ndriver_options:\n  allow_reconnect: true\n  suppress_san_warnings: false\nnamespace: \"/conftool\"\nextensions_config:\n  reqconfig:\n    haproxy_reserved_slots:\n    - 0\n    varnish_acl_ipblocks: []\n"}},{"type":"File","title":"/etc/conftool/schema.yaml","tags":["file","class","profile::conftool::client","profile","conftool","client","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/conftool/client.pp","line":90,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","source":"puppet:///modules/profile/conftool/schema.yaml","owner":"root","group":"root","mode":"0444"}},{"type":"File","title":"/etc/conftool/json-schema/","tags":["file","class","profile::conftool::client","profile","conftool","client","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/conftool/client.pp","line":99,"exported":false,"kind":"compilable_type","parameters":{"path":"/etc/conftool/json-schema","ensure":"directory","source":"puppet:///modules/profile/conftool/json-schema/","owner":"root","group":"root","mode":"0555","recurse":true}},{"type":"Class","title":"Profile::Base::Systemd","tags":["class","profile::base::systemd","profile","base","systemd","profile::cache::base","cache","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"systemd_cpu_accounting":"no","systemd_blockio_accounting":"no","systemd_memory_accounting":"no","systemd_ip_accounting":"no"}},{"type":"Class","title":"Systemd::Config","tags":["class","systemd::config","systemd","config","profile::base::systemd","profile","base","profile::cache::base","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/base/systemd.pp","line":8,"exported":false,"kind":"class","parameters":{"cpu_accounting":"no","blockio_accounting":"no","memory_accounting":"no","ip_accounting":"no","ensure":"present"}},{"type":"File","title":"/etc/systemd/system.conf","tags":["file","class","systemd::config","systemd","config","profile::base::systemd","profile","base","profile::cache::base","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/config.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# systemd global configuration file. See systemd-system.conf(5) and\n# systemd.resource-control(5).\n#\n# This file is managed by Puppet!\n#\n\n[Manager]\nDefaultCPUAccounting=no\nDefaultBlockIOAccounting=no\nDefaultMemoryAccounting=no\n# If true, turns on IPv4 and IPv6 network traffic accounting for packets sent\n# or received by units. When this option is turned on, all IPv4 and IPv6\n# sockets created by any process of the unit are accounted for.\nDefaultIPAccounting=no\n","mode":"0444","owner":"root","group":"root"}},{"type":"Class","title":"Profile::Cache::Kafka::Webrequest","tags":["class","profile::cache::kafka::webrequest","profile","cache","kafka","webrequest","profile::cache::base","base","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"kafka_cluster_name":"jumbo-deployment-prep","ssl_enabled":true,"cache_cluster":"text","varnishkafka_enabled":false,"monitoring_enabled":false,"atskafka_enabled":false}},{"type":"Class","title":"Profile::Cache::Kafka::Certificate","tags":["class","profile::cache::kafka::certificate","profile","cache","kafka","certificate","profile::cache::kafka::webrequest","webrequest","profile::cache::base","base","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"certificate_name":"varnishkafka-deployment-prep","ssl_key_pass":"qwerty","ssl_cipher_suites":"ECDHE-ECDSA-AES256-GCM-SHA384","ssl_curves_list":"P-256","ssl_sigalgs_list":"ECDSA+SHA256"}},{"type":"Cfssl::Cert","title":"kafka__varnishkafka-deployment-prep_kafka_11","tags":["cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/functions/pki/get_cert.pp","line":28,"kind":"defined_type","exported":false,"parameters":{"outdir":"/etc/varnishkafka/ssl","owner":"root","group":"root","profile":"kafka_11","notify":"Service[varnishkafka-all]","common_name":"varnishkafka-deployment-prep","label":"kafka","provide_chain":true,"names":[],"key":{"algo":"ecdsa","size":256},"ensure":"present","auto_renew":true,"renew_seconds":952200,"mode":"0740","environment":["GODEBUG=x509ignoreCN=0"],"notify_services":[],"before_services":[],"hosts":[]}},{"type":"Varnishkafka::Instance","title":"webrequest","tags":["varnishkafka::instance","varnishkafka","instance","webrequest","class","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/kafka/webrequest.pp","line":132,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","brokers":["deployment-kafka-jumbo-5.deployment-prep.eqiad1.wikimedia.cloud:9093","deployment-kafka-jumbo-8.deployment-prep.eqiad1.wikimedia.cloud:9093","deployment-kafka-jumbo-9.deployment-prep.eqiad1.wikimedia.cloud:9093"],"topic":"webrequest_text","format_type":"json","compression_codec":"snappy","varnish_name":"frontend","varnish_svc_name":"varnish-frontend","varnish_opts":{"q":"ReqMethod ne \"PURGE\" and not Timestamp:Pipe and not Timestamp:Restart and not ReqHeader:Upgrade ~ \"[wW]ebsocket\" and not HttpGarbage","T":"1500","L":"10000"},"format":"%{fake_tag0@hostname?deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud}x %{@sequence!num?0}n %{end:%FT%TZ@dt}t %{Varnish:time_firstbyte@time_firstbyte!num?0.0}x %{X-Client-IP@ip}o %{X-Cache-Status@cache_status}o %{@http_status}s %{@response_size!num?0}b %{@http_method}m %{Host@uri_host}i %{@uri_path}U %{@uri_query}q %{Content-Type@content_type}o %{Referer@referer}i %{User-Agent@user_agent}i %{Accept-Language@accept_language}i %{X-Analytics@x_analytics}o %{Range@range}i %{X-Cache@x_cache}o %{Accept@accept}i %{Server@backend}o %{VCL_Log:tls@tls}x","message_send_max_retries":3,"queue_buffering_max_messages":720000,"batch_num_messages":9000,"topic_request_timeout_ms":2000,"topic_request_required_acks":"1","log_statistics_interval":15,"ssl_enabled":true,"ssl_ca_location":"/etc/ssl/certs/wmf-ca-certificates.crt","ssl_key_password":"qwerty","ssl_key_location":"/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11-key.pem","ssl_certificate_location":"/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chained.pem","ssl_cipher_suites":"ECDHE-ECDSA-AES256-GCM-SHA384","ssl_curves_list":"P-256","ssl_sigalgs_list":"ECDSA+SHA256","ssl_keystore_password":"qwerty","sequence_number":0,"output":"kafka","format_key_type":"string","partition":-1,"queue_buffering_max_ms":1000,"topic_message_timeout_ms":300000,"socket_send_buffer_bytes":0,"tag_size_max":2048,"logline_scratch_size":4096,"logline_hash_size":5000,"logline_hash_max":5,"logline_data_copy":true,"log_level":6,"log_stderr":false,"log_syslog":true,"log_statistics_file":"/var/cache/varnishkafka/webrequest.stats.json","should_subscribe":true,"conf_template":"varnishkafka/varnishkafka.conf.erb","require":["Class[Varnishkafka]"]}},{"type":"Class","title":"Profile::Prometheus::Varnishkafka_exporter","tags":["class","profile::prometheus::varnishkafka_exporter","profile","prometheus","varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"stats_default":{"kafka":{"metadata_cache_cnt":{"type":"GaugeMetricFamily","name":"rdkafka_producer_metadata_cache_cnt","description":"Number of topics in the metadata cache.","labels":["client_id"]}}}}},{"type":"Class","title":"Prometheus::Varnishkafka_exporter","tags":["class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/prometheus/varnishkafka_exporter.pp","line":5,"exported":false,"kind":"class","parameters":{"stats_default":{"kafka":{"metadata_cache_cnt":{"type":"GaugeMetricFamily","name":"rdkafka_producer_metadata_cache_cnt","description":"Number of topics in the metadata cache.","labels":["client_id"]}}},"config":{"num_entries_to_get":2,"required_entries":["kafka","varnishkafka"],"stats_files":["/var/cache/varnishkafka/webrequest.stats.json"]},"ensure":"present"}},{"type":"Package","title":"prometheus-varnishkafka-exporter","tags":["package","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/varnishkafka_exporter.pp","line":17,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/etc/prometheus-varnishkafka-exporter.yaml","tags":["file","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/varnishkafka_exporter.pp","line":21,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0444","content":"---\nstats_files:\n- \"/var/cache/varnishkafka/webrequest.stats.json\"\nrequired_entries:\n- kafka\n- varnishkafka\nnum_entries_to_get: 2\nstats:\n  kafka:\n    metadata_cache_cnt:\n      type: GaugeMetricFamily\n      name: rdkafka_producer_metadata_cache_cnt\n      description: Number of topics in the metadata cache.\n      labels:\n      - client_id\n","require":["Package[prometheus-varnishkafka-exporter]"],"notify":["Service[prometheus-varnishkafka-exporter]"],"owner":"root","group":"root"}},{"type":"Service","title":"prometheus-varnishkafka-exporter","tags":["service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/varnishkafka_exporter.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"running","enable":true}},{"type":"Profile::Auto_restarts::Service","title":"prometheus-varnishkafka-exporter","tags":["profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/varnishkafka_exporter.pp","line":34,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Class","title":"Profile::Cache::Purge","tags":["class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"frontend_addr":"/run/varnish-privileged.socket","backend_addr":"127.0.0.1:3128","kafka_topics":["eqiad.resource-purge"],"kafka_tls":true,"kafka_cluster_name":"main-deployment-prep","tls_key_password":"from_my_checks_this_is_unused_but_if_you_dont_set_it_puppet_breaks_amir"}},{"type":"File","title":"/etc/purged","tags":["file","class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/purge.pp","line":32,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/etc/purged/ssl","tags":["file","class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/purge.pp","line":42,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/etc/purged/ssl/private","tags":["file","class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/purge.pp","line":49,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0500"}},{"type":"Cfssl::Cert","title":"discovery2026__purged","tags":["cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/functions/pki/get_cert.pp","line":28,"kind":"defined_type","exported":false,"parameters":{"owner":"root","group":"root","notify_services":["purged"],"outdir":"/etc/purged/ssl","common_name":"purged","label":"discovery2026","provide_chain":true,"names":[],"key":{"algo":"ecdsa","size":256},"ensure":"present","auto_renew":true,"renew_seconds":952200,"mode":"0740","environment":["GODEBUG=x509ignoreCN=0"],"before_services":[],"hosts":[]}},{"type":"Class","title":"Purged","tags":["class","purged","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/purge.pp","line":81,"exported":false,"kind":"class","parameters":{"backend_addr":"127.0.0.1:3128","frontend_addr":"/run/varnish-privileged.socket","prometheus_addr":":2112","frontend_workers":4,"backend_workers":2,"is_active":true,"kafka_topics":["eqiad.resource-purge"],"brokers":["deployment-kafka-main-5.deployment-prep.eqiad1.wikimedia.cloud:9093","deployment-kafka-main-6.deployment-prep.eqiad1.wikimedia.cloud:9093"],"tls":{"ca_location":"/etc/ssl/certs/wmf-ca-certificates.crt","key_location":"/etc/purged/ssl/discovery2026__purged-key.pem","key_password":"from_my_checks_this_is_unused_but_if_you_dont_set_it_puppet_breaks_amir","certificate_location":"/etc/purged/ssl/discovery2026__purged.pem","cipher_suites":"ECDHE-ECDSA-AES256-GCM-SHA384","curves_list":"P-256","sigalgs_list":"ECDSA+SHA256"},"kafka_conf_file":"/etc/purged/purged-kafka.conf","stats_interval_ms":60000}},{"type":"Package","title":"purged","tags":["package","purged","class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/purged/manifests/init.pp","line":19,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"File","title":"/etc/purged/purged-kafka.conf","tags":["file","class","purged","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/purged/manifests/init.pp","line":34,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"{\n  \"security.protocol\":        \"SSL\",\n  \"ssl.ca.location\":          \"/etc/ssl/certs/wmf-ca-certificates.crt\",\n  \"ssl.cipher.suites\":        \"ECDHE-ECDSA-AES256-GCM-SHA384\",\n  \"ssl.curves.list\":          \"P-256\",\n  \"ssl.sigalgs.list\":         \"ECDSA+SHA256\",\n  \"client.id\":                \"purged\",\n  \"bootstrap.servers\":        \"deployment-kafka-main-5.deployment-prep.eqiad1.wikimedia.cloud:9093,deployment-kafka-main-6.deployment-prep.eqiad1.wikimedia.cloud:9093\",\n  \"statistics.interval.ms\":   60000,\n  \"group.id\":                 \"deployment-cache-text08\",\n  \"go.events.channel.enable\": true\n}\n","mode":"0444","notify":"Service[purged]","owner":"root","group":"root"}},{"type":"Systemd::Service","title":"purged","tags":["systemd::service","systemd","service","purged","class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/purged/manifests/init.pp","line":42,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Purger for ATS and Varnish\n\n[Service]\nExecStart=/usr/bin/purged -backend_addr \"127.0.0.1:3128\" -frontend_addr \"/run/varnish-privileged.socket\" -prometheus_addr :2112 -frontend_workers 4 -backend_workers 2  -topics eqiad.resource-purge -kafkaConfig /etc/purged/purged-kafka.conf\nRestart=on-failure\n# Allocate a user for purged on-the-fly. This turns off write access to most\n# directories. See http://0pointer.net/blog/dynamic-users-with-systemd.html\nDynamicUser=yes\n\n","subscribe":"Package[purged]","restart":true,"unit_type":"service","override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Profile::Auto_restarts::Service","title":"purged","tags":["profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/purged/manifests/init.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Kmod::Blacklist","title":"cp-bl","tags":["kmod::blacklist","kmod","blacklist","cp-bl","class","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":64,"exported":false,"kind":"defined_type","parameters":{"modules":["x_tables"],"ensure":"present","rmmod":false}},{"type":"Class","title":"Conftool::Scripts","tags":["class","conftool::scripts","conftool","scripts","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":69,"exported":false,"kind":"class"},{"type":"File","title":"/usr/local/bin/pooler-loop","tags":["file","class","conftool::scripts","conftool","scripts","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/conftool/manifests/scripts.pp","line":16,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/conftool/pooler_loop.rb"}},{"type":"File","title":"/usr/local/bin/pool","tags":["file","class","conftool::scripts","conftool","scripts","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/conftool/manifests/scripts.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/conftool/conftool-simple-command.sh"}},{"type":"File","title":"/usr/local/bin/depool","tags":["file","class","conftool::scripts","conftool","scripts","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/conftool/manifests/scripts.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/conftool/conftool-simple-command.sh"}},{"type":"File","title":"/usr/local/bin/drain","tags":["file","class","conftool::scripts","conftool","scripts","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/conftool/manifests/scripts.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/conftool/conftool-simple-command.sh"}},{"type":"File","title":"/usr/local/bin/decommission","tags":["file","class","conftool::scripts","conftool","scripts","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/conftool/manifests/scripts.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/conftool/conftool-simple-command.sh"}},{"type":"File","title":"/usr/local/bin/safe-service-restart","tags":["file","class","conftool::scripts","conftool","scripts","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/conftool/manifests/scripts.pp","line":37,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/conftool/safe-service-restart.py"}},{"type":"File","title":"/usr/local/bin/ispooled","tags":["file","class","conftool::scripts","conftool","scripts","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/conftool/manifests/scripts.pp","line":45,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/conftool/ispooled.sh"}},{"type":"Class","title":"Geoip","tags":["class","geoip","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":80,"exported":false,"kind":"class","parameters":{"load_data_from_puppetserver":false,"fetch_ipinfo_dbs":false}},{"type":"Class","title":"Geoip::Bin","tags":["class","geoip::bin","geoip","bin","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown"},{"type":"Package","title":"geoip-bin","tags":["package","geoip-bin","class","geoip::bin","geoip","bin","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/geoip/manifests/bin.pp","line":5,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Package","title":"mmdb-bin","tags":["package","mmdb-bin","class","geoip::bin","geoip","bin","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/geoip/manifests/bin.pp","line":5,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Class","title":"Geoip::Dev","tags":["class","geoip::dev","geoip","dev","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":84,"exported":false,"kind":"class"},{"type":"Package","title":"libgeoip-dev","tags":["package","libgeoip-dev","class","geoip::dev","geoip","dev","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/geoip/manifests/dev.pp","line":5,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Package","title":"libmaxminddb-dev","tags":["package","libmaxminddb-dev","class","geoip::dev","geoip","dev","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/geoip/manifests/dev.pp","line":5,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Class","title":"Varnish::Common","tags":["class","varnish::common","varnish","common","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":88,"exported":false,"kind":"class","parameters":{"log_slow_request_threshold":60.0,"logstash_host":"logstash.svc.deployment-prep.eqiad1.wikimedia.cloud","logstash_json_lines_port":11514}},{"type":"File","title":"/usr/local/sbin/reload-vcl","tags":["file","class","varnish::common","varnish","common","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"source":"puppet:///modules/varnish/reload-vcl.py","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/usr/local/sbin/varnish-frontend-restart","tags":["file","class","varnish::common","varnish","common","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common.pp","line":21,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0555","source":"puppet:///modules/varnish/varnish-frontend-restart.sh"}},{"type":"File","title":"/usr/local/bin/vlogdump","tags":["file","class","varnish::common","varnish","common","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"source":"puppet:///modules/varnish/vlogdump","owner":"root","group":"root","mode":"0555"}},{"type":"Nrpe::Plugin","title":"check_varnish_uds","tags":["nrpe::plugin","nrpe","plugin","check_varnish_uds","class","varnish::common","varnish","common","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common.pp","line":37,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/varnish/check_varnish_uds.py","ensure":"present"}},{"type":"Class","title":"Varnish::Common::Errorpage","tags":["class","varnish::common::errorpage","varnish","common","errorpage","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":94,"exported":false,"kind":"class"},{"type":"File","title":"/etc/varnish/errorpage.inc.vcl","tags":["file","class","varnish::common::errorpage","varnish","common","errorpage","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common/errorpage.pp","line":9,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"sub backend_error_errorpage {\n    set beresp.http.Content-Type = \"text/html; charset=utf-8\";\n\n    synthetic(regsub(regsub({\"<!DOCTYPE html>\n<html lang=\"en\">\n<meta charset=\"utf-8\">\n<title>Wikimedia Error</title>\n<style>\n* { margin: 0; padding: 0; }\nbody { background: #fff; font: 15px/1.6 sans-serif; color: #333; }\n.content { margin: 7% auto 0; padding: 2em 1em 1em; max-width: 640px; display: flex; flex-direction: row; flex-wrap: wrap; }\n.footer { clear: both; margin-top: 14%; border-top: 1px solid #e5e5e5; background: #f9f9f9; padding: 2em 0; font-size: 0.8em; text-align: center; }\nimg { margin: 0 2em 2em 0; }\na img { border: 0; }\nh1 { margin-top: 1em; font-size: 1.2em; }\n.content-text { flex: 1; }\np { margin: 0.7em 0 1em 0; }\na { color: #0645ad; text-decoration: none; }\na:hover { text-decoration: underline; }\ncode { font-family: sans-serif; }\nsummary { font-weight: bold; cursor: pointer; }\ndetails[open] { background: #970302; color: #dfdedd; }\n.text-muted { color: #777; }\n@media (prefers-color-scheme: dark) {\n  a { color: #9e9eff; }\n  body { background: transparent; color: #ddd; }\n  .footer { border-top: 1px solid #444; background: #060606; }\n  #logo { filter: invert(1) hue-rotate(180deg); }\n  .text-muted { color: #888; }\n}\n</style>\n<meta name=\"color-scheme\" content=\"light dark\">\n<div class=\"content\" role=\"main\">\n<a href=\"https://www.wikimedia.org\"><img id=\"logo\" src=\"https://www.wikimedia.org/static/images/wmf-logo.png\" srcset=\"https://www.wikimedia.org/static/images/wmf-logo-2x.png 2x\" alt=\"Wikimedia\" width=\"135\" height=\"101\">\n</a>\n<div class=\"content-text\">\n<h1>Error</h1>\n\n<p>%error_body_content%</p>\n</div>\n</div>\n<div class=\"footer\"><p>If you report this error to the Wikimedia System Administrators, please include the details below.</p><p class=\"text-muted\"><code>%error%</code></p>\n</div>\n</html>\n\"}, \"%error_body_content%\",\n        \"Our servers are currently under maintenance or experiencing a technical issue\"),\n        \"%error%\",\n        \"Request served via \" + server.hostname + \" \" + server.identity +\n            \", Varnish XID \" + bereq.xid + \"<br>\" +\n            regsub(beresp.http.X-Cache, \".+\", \"Upstream caches: \\0<br>\") +\n            \"Error: \" + beresp.status + \", \" +\n            beresp.reason +\n            \" at \" + now + \"<br>\" +\n            \"<details><summary>Sensitive client information</summary>\" +\n            \"IP address: \" + bereq.http.X-Client-IP +\n            \"</details>\"\n    ));\n}\n\nsub synth_errorpage {\n    set resp.http.Content-Type = \"text/html; charset=utf-8\";\n\n    if (resp.status == 403 && resp.reason == \"Sitemap Restricted\") {\n        var.set(\"error_body_content\", {\"Sitemap Restricted. Refer to <a href=\"https://wikitech.wikimedia.org/wiki/Sitemap_access\">wikitech.wikimedia.org/wiki/Sitemap_access</a> or contact bot-traffic@wikimedia.org\"});\n    } else if (resp.status < 500) {\n        var.set(\"error_body_content\", resp.reason);\n    } else {\n        var.set(\"error_body_content\", \"Our servers are currently under maintenance or experiencing a technical issue\");\n    }\n    synthetic(regsub(regsub({\"<!DOCTYPE html>\n<html lang=\"en\">\n<meta charset=\"utf-8\">\n<title>Wikimedia Error</title>\n<style>\n* { margin: 0; padding: 0; }\nbody { background: #fff; font: 15px/1.6 sans-serif; color: #333; }\n.content { margin: 7% auto 0; padding: 2em 1em 1em; max-width: 640px; display: flex; flex-direction: row; flex-wrap: wrap; }\n.footer { clear: both; margin-top: 14%; border-top: 1px solid #e5e5e5; background: #f9f9f9; padding: 2em 0; font-size: 0.8em; text-align: center; }\nimg { margin: 0 2em 2em 0; }\na img { border: 0; }\nh1 { margin-top: 1em; font-size: 1.2em; }\n.content-text { flex: 1; }\np { margin: 0.7em 0 1em 0; }\na { color: #0645ad; text-decoration: none; }\na:hover { text-decoration: underline; }\ncode { font-family: sans-serif; }\nsummary { font-weight: bold; cursor: pointer; }\ndetails[open] { background: #970302; color: #dfdedd; }\n.text-muted { color: #777; }\n@media (prefers-color-scheme: dark) {\n  a { color: #9e9eff; }\n  body { background: transparent; color: #ddd; }\n  .footer { border-top: 1px solid #444; background: #060606; }\n  #logo { filter: invert(1) hue-rotate(180deg); }\n  .text-muted { color: #888; }\n}\n</style>\n<meta name=\"color-scheme\" content=\"light dark\">\n<div class=\"content\" role=\"main\">\n<a href=\"https://www.wikimedia.org\"><img id=\"logo\" src=\"https://www.wikimedia.org/static/images/wmf-logo.png\" srcset=\"https://www.wikimedia.org/static/images/wmf-logo-2x.png 2x\" alt=\"Wikimedia\" width=\"135\" height=\"101\">\n</a>\n<div class=\"content-text\">\n<h1>Error</h1>\n\n<p>%error_body_content%</p>\n</div>\n</div>\n<div class=\"footer\"><p>If you report this error to the Wikimedia System Administrators, please include the details below.</p><p class=\"text-muted\"><code>%error%</code></p>\n</div>\n</html>\n\"}, \"%error_body_content%\",\n        var.get(\"error_body_content\")),\n        \"%error%\",\n        \"Request served via \" + server.hostname + \" \" + server.identity +\n            \", Varnish XID \" + req.xid + \"<br>\" +\n            regsub(resp.http.X-Cache, \".+\", \"Upstream caches: \\0<br>\") +\n            \"Error: \" + resp.status + \", \" +\n            resp.reason +\n            \" at \" + now + \"<br>\" +\n            \"<details><summary>Sensitive client information</summary>\" +\n            \"IP address: \" + req.http.X-Client-IP +\n            \"</details>\"\n    ));\n}\n"}},{"type":"Class","title":"Varnish::Common::Browsersec","tags":["class","varnish::common::browsersec","varnish","common","browsersec","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":94,"exported":false,"kind":"class"},{"type":"File","title":"/etc/varnish/browsersec.inc.vcl","tags":["file","class","varnish::common::browsersec","varnish","common","browsersec","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common/browsersec.pp","line":10,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"sub browser_sec_synth {\n    set resp.http.Content-Type = \"text/html; charset=utf-8\";\n    synthetic({\"<!DOCTYPE html>\n<html lang=\"en\">\n<!-- Client security settings are inadequate. Review requirements at https://wikitech.wikimedia.org/wiki/HTTPS -->\n<meta charset=\"utf-8\">\n<title>Browser Connection Security Issues</title>\n<style>\n* { margin: 0; padding: 0; }\nbody { background: #fff; font: 15px/1.6 sans-serif; color: #333; }\n.content { margin: 7% auto 0; padding: 2em 1em 1em; max-width: 640px; display: flex; flex-direction: row; flex-wrap: wrap; }\n.footer { clear: both; margin-top: 14%; border-top: 1px solid #e5e5e5; background: #f9f9f9; padding: 2em 0; font-size: 0.8em; text-align: center; }\nimg { margin: 0 2em 2em 0; }\na img { border: 0; }\nh1 { margin-top: 1em; font-size: 1.2em; }\n.content-text { flex: 1; }\np { margin: 0.7em 0 1em 0; }\na { color: #0645ad; text-decoration: none; }\na:hover { text-decoration: underline; }\ncode { font-family: sans-serif; }\nsummary { font-weight: bold; cursor: pointer; }\ndetails[open] { background: #970302; color: #dfdedd; }\n.text-muted { color: #777; }\n@media (prefers-color-scheme: dark) {\n  a { color: #9e9eff; }\n  body { background: transparent; color: #ddd; }\n  .footer { border-top: 1px solid #444; background: #060606; }\n  #logo { filter: invert(1) hue-rotate(180deg); }\n  .text-muted { color: #888; }\n}\n</style>\n<meta name=\"color-scheme\" content=\"light dark\">\n<div class=\"content\" role=\"main\">\n<a href=\"https://www.wikimedia.org\"><img id=\"logo\" src=\"https://www.wikimedia.org/static/images/wmf-logo.png\" srcset=\"https://www.wikimedia.org/static/images/wmf-logo-2x.png 2x\" alt=\"Wikimedia\" width=\"135\" height=\"101\">\n</a>\n<div class=\"content-text\">\n<h1>Your Browser's Connection Security is Outdated</h1>\n\n<hr>\n<p lang=\"en\" dir=\"ltr\"><strong>English:</strong> Wikimedia projects, including Wikipedia, are getting more secure. You are using an old web browser that will not be able to connect to Wikimedia projects in the future. Please update your device or contact your IT administrator.</p>\n<p lang=\"zh-Hans\" dir=\"ltr\"><strong>简体中文：</strong>维基媒体各计划（包括维基百科）将会进行安全性更新。您现在使用的浏览器版本过旧，未来将无法连接至维基媒体计划。请更新您的设备，或联系您的IT管理员。</p>\n<p lang=\"zh-Hant\" dir=\"ltr\"><strong>繁體中文：</strong>維基媒體各計劃（包括維基百科）將會進行安全性更新。您現在使用的瀏覽器版本過舊，未來將無法連線至維基媒體計劃。請更新您的裝置，或聯絡您的IT管理員。</p>\n<p lang=\"es\" dir=\"ltr\"><strong>Español:</strong> Los proyectos Wikimedia, incluyendo Wikipedia, se están volviendo más seguros. Estás usando un navegador web muy antiguo, el cual no te permitirá conectarte a los proyectos Wikimedia en el futuro. Actualiza tu dispositivo o contacta a tu administrador TI o de informática</p>\n<p lang=\"ar\" dir=\"rtl\"><strong>العربية:</strong> مشاريع ويكيميديا بما فيها ويكيبيديا تسعى لتكون أكثر أمنا. أنت تستخدم متصفح ويب قديم لن يستطيع الاتصال بمشاريع ويكيميديا في المستقبل. من فضلك حدث جهازك أو اتصل بإداري تقنية المعلومات الخاص بك.</p>\n<p lang=\"fr\" dir=\"ltr\"><strong>Français:</strong> Les projets Wikimédia, dont Wikipédia, vont prochainement augmenter la sécurité de leurs sites. Vous utilisez actuellement un navigateur web ancien, qui ne pourra plus se connecter aux projets WIkimédia quand ce sera fait. Merci de mettre à jour votre appareil ou de contacter votre administrateur informatique à cette fin. Des informations supplémentaires plus techniques et en anglais sont disponibles ci-dessous.</p>\n<p lang=\"ja\" dir=\"ltr\"><strong>日本語:</strong> ウィキペディアを含むウィキメディアプロジェクトでは、日々安全を強化しています。現在お使いの古いブラウザーでは、将来的にウィキメディアプロジェクトに接続することができなくなります。デバイスをアップデートするか、システム管理者にご相談ください。</p>\n<p lang=\"de\" dir=\"ltr\"><strong>Deutsch:</strong> Die Wikimedia-Projekte, darunter auch Wikipedia, erhöhen die Sicherheit ihrer Webseiten. Du benutzt einen alten Webbrowser, der in Zukunft nicht mehr auf Wikimedia-Projekte zugreifen können wird. Bitte aktualisiere dein Gerät oder sprich deinen IT-Administrator an. Ausführlichere (und technisch detailliertere) Hinweise findest Du unten in englischer Sprache.</p>\n<p lang=\"it\" dir=\"ltr\"><strong>Italiano:</strong> I progetti Wikimedia, tra cui Wikipedia, aumentano la sicurezza dei propri siti. Stai usando un browser web che non sarà in grado di connettersi ai progetti Wikimedia in futuro. Per favore, aggiorna il tuo dispositivo o contatta il tuo amministratore informatico. Più in basso è disponibile un aggiornamento più dettagliato e tecnico in inglese.</p>\n<p lang=\"hu\" dir=\"ltr\"><strong>Magyar:</strong> Biztonságosabbak lesznek a Wikimédia projektjei, beleértve a Wikipédiát. A böngésző, amit használsz, nem lesz képes kapcsolódni a jövőben. Használj modernebb szoftvert vagy jelezd a problémát a rendszergazdádnak. Alább olvashatod a részletesebb magyarázatot (angolul).</p>\n<p lang=\"sv\" dir=\"ltr\"><strong>Svenska:</strong> Wikimediaprojekten, inklusive Wikipedia, blir säkrare. Du använder en gammal webbläsare som inte kommer att kunna ansluta till Wikimedias sajter i framtiden. Uppdatera din dator, platta eller mobil, eller kontakta din IT-administratör.</p>\n<p lang=\"hi\" dir=\"ltr\"><strong>हिन्दी:</strong> विकिपीडिया सहित विकिमीडिया परियोजनाएँ अधिक सुरक्षित हो रही हैं। आप एक पुराने वेब ब्राउज़र का उपयोग कर रहे हैं जो भविष्य में विकिमीडिया परियोजनाओं से जुड़ने में सक्षम नहीं होगा। कृपया अपना उपकरण अपडेट करें या अपने IT व्यवस्थापक से संपर्क करें।<p>\n<p>We are removing support for RSA-based HTTPS certificates, specifically rsa-2048, which your browser software relies on to connect to our sites. This is usually caused by outdated browsers, or older Android smartphones. It could also be interference from corporate or personal \"Web Security\" software which might downgrade your connection security.</p>\n<p>You must upgrade your web browser or otherwise fix this issue to access our sites. This message will remain until December 2, 2024. After that date, your browser will not be able to establish a connection to our servers.</p>\n<p>See the <a href=\"https://wikitech.wikimedia.org/wiki/HTTPS/Browser_Recommendations\">HTTPS Browser Recommendations</a> page for more-detailed information.</p>\n\n</div>\n</div>\n</html>\n\"});\n}\n","show_diff":false}},{"type":"Class","title":"Varnish::Netmapper_update_common","tags":["class","varnish::netmapper_update_common","varnish","netmapper_update_common","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":104,"exported":false,"kind":"class"},{"type":"Group","title":"netmap","tags":["group","netmap","class","varnish::netmapper_update_common","varnish","netmapper_update_common","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/netmapper_update_common.pp","line":3,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present"}},{"type":"User","title":"netmap","tags":["user","netmap","class","varnish::netmapper_update_common","varnish","netmapper_update_common","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/netmapper_update_common.pp","line":7,"exported":false,"kind":"compilable_type","parameters":{"home":"/var/netmapper","gid":"netmap","system":true,"managehome":false,"shell":"/bin/false","require":"Group[netmap]"}},{"type":"File","title":"/var/netmapper","tags":["file","class","varnish::netmapper_update_common","varnish","netmapper_update_common","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/netmapper_update_common.pp","line":16,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"netmap","group":"netmap","require":"User[netmap]","mode":"0755"}},{"type":"Class","title":"Varnish::Logging","tags":["class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":135,"exported":false,"kind":"class","parameters":{"default_mtail_programs":["varnishreqstats","varnishttfb","varnishxcache","varnishrls"],"internal_mtail_programs":["varnishprocessing","varnisherrors","varnishsli"]}},{"type":"Package","title":"python3-logstash","tags":["package","python3-logstash","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":17,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Rsyslog::Conf","title":"varnish","tags":["rsyslog::conf","rsyslog","conf","varnish","class","varnish::logging","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":19,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","priority":80,"mode":"0444"}},{"type":"Rsyslog::Conf","title":"varnish_pipeline","tags":["rsyslog::conf","rsyslog","conf","varnish_pipeline","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":24,"exported":false,"kind":"defined_type","parameters":{"content":"# rsyslog configuration for Varnish\n# This file is managed by Puppet\n\n# Forward Varnish logs to logging pipeline\nif $programname contains \"varnish\" then {\n    set $.log_outputs = \"kafka local\";\n}\n","priority":20,"ensure":"present","mode":"0444"}},{"type":"Exec","title":"mask_default_mtail","tags":["exec","mask_default_mtail","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl mask mtail.service","creates":"/etc/systemd/system/mtail.service"}},{"type":"File","title":"/usr/local/bin/varnishmtail-wrapper","tags":["file","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":35,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/varnish/varnishmtail-wrapper.sh"}},{"type":"Varnish::Logging::Mtail","title":"default","tags":["varnish::logging::mtail","varnish","logging","mtail","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":43,"exported":false,"kind":"defined_type","parameters":{"mtail_programs":["varnishreqstats","varnishttfb","varnishxcache","varnishrls"],"mtail_port":3903}},{"type":"Varnish::Logging::Mtail","title":"internal","tags":["varnish::logging::mtail","varnish","logging","mtail","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":48,"exported":false,"kind":"defined_type","parameters":{"mtail_programs":["varnishprocessing","varnisherrors","varnishsli"],"mtail_port":3913}},{"type":"File","title":"/usr/local/lib/python3.9/dist-packages/wikimedia_varnishlogconsumer.py","tags":["file","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":53,"exported":false,"kind":"compilable_type","parameters":{"source":"puppet:///modules/varnish/wikimedia_varnishlogconsumer.py","owner":"root","group":"root","mode":"0644"}},{"type":"File","title":"/usr/local/bin/varnishslowlog","tags":["file","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":60,"exported":false,"kind":"compilable_type","parameters":{"source":"puppet:///modules/varnish/varnishslowlog.py","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/usr/local/bin/varnishospital","tags":["file","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"source":"puppet:///modules/varnish/varnishospital.py","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/usr/local/bin/varnishfetcherr","tags":["file","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":74,"exported":false,"kind":"compilable_type","parameters":{"source":"puppet:///modules/varnish/varnishfetcherr.py","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/usr/local/bin/varnishtlsinspector","tags":["file","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":81,"exported":false,"kind":"compilable_type","parameters":{"source":"puppet:///modules/varnish/varnishtlsinspector.py","owner":"root","group":"root","mode":"0555"}},{"type":"Systemd::Service","title":"varnish-frontend-tlsinspector","tags":["systemd::service","systemd","service","varnish-frontend-tlsinspector","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging.pp","line":88,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Varnish frontend TLS ciphersuite inspector\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishtlsinspector --varnishd-instance-name frontend\nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","restart":true,"service_params":{"require":"Service[varnish-frontend]","enable":false},"subscribe":["File[/usr/local/bin/varnishtlsinspector]","File[/usr/local/lib/python3.9/dist-packages/wikimedia_varnishlogconsumer.py]"],"unit_type":"service","override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"migration_task":"T407130"}},{"type":"Class","title":"Cacheproxy::Traffic_pool","tags":["class","cacheproxy::traffic_pool","cacheproxy","traffic_pool","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/base.pp","line":141,"exported":false,"kind":"class"},{"type":"Systemd::Unit","title":"traffic-pool.service","tags":["systemd::unit","systemd","unit","traffic-pool.service","class","cacheproxy::traffic_pool","cacheproxy","traffic_pool","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cacheproxy/manifests/traffic_pool.pp","line":12,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# traffic-pool.service\n#\n# On shutdown, *before* trafficserver-tls/varnish are stopped, this will depool the node\n# for all services and then sleep 45 seconds\n#\n# On startup, *after* trafficserver-tls/varnish have been started successfully, iff the\n# file /var/lib/traffic-pool/pool-once exists, this will delete that file,\n# sleep 45 seconds, and then pool the node for all services.  The file is\n# expected to only be created by human action when immediate repool after a\n# successful reboot is desired.  The default should always be to stay\n# depooled when booting up under unknown conditions (e.g. post-crash, or\n# after being offline for a long period for hardware repairs).\n#\n\n[Unit]\nDescription=Traffic Services Pool Control\nAfter=haproxy.service varnish-frontend.service trafficserver.service\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/bin/sh -c 'if test -f /var/lib/traffic-pool/pool-once; then rm -f /var/lib/traffic-pool/pool-once; sleep 45; /usr/local/bin/pool; fi'\nExecStop=/usr/local/bin/depool ; /bin/sleep 45\n\n[Install]\nWantedBy=multi-user.target\n","unit":"traffic-pool.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"File","title":"/var/lib/traffic-pool","tags":["file","class","cacheproxy::traffic_pool","cacheproxy","traffic_pool","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cacheproxy/manifests/traffic_pool.pp","line":17,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","mode":"0755","owner":"root","group":"root"}},{"type":"Exec","title":"systemd enable traffic-pool","tags":["exec","class","cacheproxy::traffic_pool","cacheproxy","traffic_pool","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cacheproxy/manifests/traffic_pool.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl enable traffic-pool.service","unless":"/bin/systemctl is-enabled traffic-pool.service","require":["Systemd::Unit[traffic-pool.service]","File[/var/lib/traffic-pool]"]}},{"type":"Class","title":"Profile::Tcp_fast_open","tags":["class","profile::tcp_fast_open","profile","tcp_fast_open","role::cache::text","role","cache","text","node","default"],"exported":false,"kind":"unknown"},{"type":"Sysctl::Parameters","title":"TCP Fast Open","tags":["sysctl::parameters","sysctl","parameters","class","profile::tcp_fast_open","profile","tcp_fast_open","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/tcp_fast_open.pp","line":13,"exported":false,"kind":"defined_type","parameters":{"values":{"net.ipv4.tcp_fastopen":3},"ensure":"present","priority":70,"no_priority_prefix":false}},{"type":"Class","title":"Profile::Cache::Haproxy","tags":["class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"tls_port":443,"available_certificates":{"unified":{"cert_paths":["/etc/acmecerts/unified/live/ec-prime256v1.chained.crt.key"],"critical_threshold":15,"server_names":["beta.wmcloud.org","*.wikibooks.beta.wmcloud.org","*.wikidata.beta.wmcloud.org","*.wikimedia.beta.wmcloud.org","*.wikinews.beta.wmcloud.org","*.wikipedia.beta.wmcloud.org","*.wikiquote.beta.wmcloud.org","*.wikisource.beta.wmcloud.org","*.wikiversity.beta.wmcloud.org","*.wikivoyage.beta.wmcloud.org","*.wiktionary.beta.wmcloud.org","*.m.wikibooks.beta.wmcloud.org","*.m.wikimedia.beta.wmcloud.org","*.m.wikinews.beta.wmcloud.org","*.m.wikipedia.beta.wmcloud.org","*.m.wikiquote.beta.wmcloud.org","*.m.wikisource.beta.wmcloud.org","*.m.wikiversity.beta.wmcloud.org","*.m.wikivoyage.beta.wmcloud.org","*.m.wiktionary.beta.wmcloud.org","w.beta.wmcloud.org","wikidata.beta.wmcloud.org","wikimedia.beta.wmcloud.org","wikipedia.beta.wmcloud.org","beta.wmflabs.org","*.wikibooks.beta.wmflabs.org","*.wikidata.beta.wmflabs.org","*.wikimedia.beta.wmflabs.org","*.wikinews.beta.wmflabs.org","*.wikipedia.beta.wmflabs.org","*.wikiquote.beta.wmflabs.org","*.wikisource.beta.wmflabs.org","*.wikiversity.beta.wmflabs.org","*.wikivoyage.beta.wmflabs.org","*.wiktionary.beta.wmflabs.org","*.m.wikibooks.beta.wmflabs.org","*.m.wikimedia.beta.wmflabs.org","*.m.wikinews.beta.wmflabs.org","*.m.wikipedia.beta.wmflabs.org","*.m.wikiquote.beta.wmflabs.org","*.m.wikisource.beta.wmflabs.org","*.m.wikiversity.beta.wmflabs.org","*.m.wikivoyage.beta.wmflabs.org","*.m.wiktionary.beta.wmflabs.org","wikidata.beta.wmflabs.org","wikimedia.beta.wmflabs.org","wikipedia.beta.wmflabs.org"],"warning_threshold":21}},"enabled_certificates":["unified"],"tls_ciphers":"-ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256","tls13_ciphers":"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256","tls_cachesize":512000,"tls_session_lifetime":86400,"timeout":{"client":120,"client_fin":120,"connect":3,"http_request":3600,"keep_alive":120,"server":180,"tunnel":3600},"h2settings":{"header_table_size":4096,"initial_window_size":65535,"max_concurrent_streams":100},"monitoring_enabled":false,"redirection_timeout":{"client":3,"client_fin":1,"connect":0,"http_request":3,"keep_alive":3,"server":0,"tunnel":0},"use_haproxykafka":false,"use_benthos":false,"allowed_methods":["DELETE","GET","HEAD","OPTIONS","PATCH","POST","PUT"],"cache_cluster":"text","prometheus_port":9422,"backend":{"address":"/run/varnish-privileged.socket","prefix":"unix"},"http_disable_keepalive":false,"mtail_dir":"/etc/haproxymtail","mtail_port":3906,"mtail_fifo":"/var/log/haproxy.fifo","haproxy_version":"haproxy28","do_systemd_hardening":false,"enable_coredumps":false,"enable_mlock":false,"http_redirection_port":80,"dedicated_hc_backend":false,"haproxykafka_socket":"/var/run/haproxykafka/haproxykafka.sock","hc_sources":[],"log_length":8192,"use_etcd_req_filters":false,"numa_networking":true,"benthos_socket":"127.0.0.1:1221","conftool_prefix":"/conftool/v1","use_tls_tmpfiles":false,"report_ja3n":false,"report_ja4h":false,"use_datacenter_provenance":false,"use_res_proxy_provenance":false,"use_private_data":false,"use_etcd_known_client_ident":false,"media_qos":false,"use_etcd_moat_scope":false,"use_cidergrinder":false,"use_webrequest_ipreputation":false}},{"type":"Class","title":"Sslcert::Dhparam","tags":["class","sslcert::dhparam","sslcert","dhparam","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":51,"exported":false,"kind":"class"},{"type":"File","title":"/etc/ssl/dhparam.pem","tags":["file","class","sslcert::dhparam","sslcert","dhparam","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/dhparam.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","source":"puppet:///modules/sslcert/dhparam.pem"}},{"type":"Apt::Package_from_component","title":"haproxy","tags":["apt::package_from_component","apt","package_from_component","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":65,"exported":false,"kind":"defined_type","parameters":{"component":"thirdparty/haproxy28","before":"Class[Haproxy]","priority":1002,"ensure_packages":false,"ensure":"present","packages":["haproxy"],"distro":"bullseye-wikimedia","uri":"http://apt.wikimedia.org/wikimedia"}},{"type":"Class","title":"Haproxy","tags":["class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":104,"exported":false,"kind":"class","parameters":{"package_name":"haproxy","config_content":"# Note: This file is managed by puppet.\nglobal\n    user haproxy\n    group haproxy\n    stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level admin\n    log /var/lib/haproxy/dev/log local0 info\n    # do not keep old processes longer than 1m after a reload\n    hard-stop-after 1m\n    set-dumpable\n    nbthread 2\n    warn-blocked-traffic-after 500ms\n    # NB: mapping too many cores (>~60) will cause HAProxy to complain about\n    # too long of a line and fail to start\n    cpu-map 1/1- 0 1\n\n    lua-load-per-thread /etc/haproxy/lua/maxmind-lookup.lua\n    lua-load-per-thread /etc/haproxy/lua/utf8ps.lua\n    lua-load-per-thread /etc/haproxy/lua/contact_info.lua\n\n    ssl-default-bind-options ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3\n    ssl-default-bind-ciphers -ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256\n    ssl-default-bind-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\n    ssl-dh-param-file /etc/ssl/dhparam.pem\n    tune.ssl.cachesize 512000\n    tune.ssl.lifetime 86400\n    maxconn 200000\n\n\n    tune.h2.header-table-size 4096\n    tune.h2.initial-window-size 65535\n    tune.h2.max-concurrent-streams 100\n\n\ndefaults\n    mode       http\n    log-format \"%rt %Tr %Tw %Tc %ST {%[capture.req.hdr(0)]} {%[capture.res.hdr(0)]} %ts\"\n    log-format-sd %{+E}o\\ [haproxykafka@0\\ server_pid=\\\"%pid\\\"\\ ip=\\\"%ci\\\"\\ sequence=\\\"%rt\\\"\\ dt=\\\"%tr\\\"\\ time_backend_response=\\\"%Tr\\\"\\ http_status=\\\"%ST\\\"\\ response_size=\\\"%B\\\"\\ termination_state=\\\"%ts\\\"\\ uri_host=\\\"%[capture.req.hdr(0),lua.utf8ps]\\\"\\ referer=\\\"%[capture.req.hdr(1),lua.utf8ps]\\\"\\ user_agent=\\\"%[capture.req.hdr(2),lua.utf8ps]\\\"\\ accept_language=\\\"%[capture.req.hdr(3),lua.utf8ps]\\\"\\ range=\\\"%[capture.req.hdr(4),lua.utf8ps]\\\"\\ accept=\\\"%[capture.req.hdr(5),lua.utf8ps]\\\"\\ tls=\\\"%[var(txn.tls)]\\\"\\ cache_status=\\\"%[var(txn.x_cache_status)]\\\"\\ content_type=\\\"%[var(txn.content_type)]\\\"\\ x_analytics=\\\"%[var(txn.x_analytics)]\\\"\\ x_cache=\\\"%[var(txn.x_cache)]\\\"\\ backend=\\\"%[var(txn.server)]\\\"\\ http_method=\\\"%HM\\\"\\ uri_path=\\\"%HPO\\\"\\ uri_query=\\\"%HQ\\\"]\n\n    option     dontlognull\n    option     accept-invalid-http-request\n    option     accept-invalid-http-response\n    option     http-ignore-probes\n    retries    1\n    timeout    connect 50000\n    timeout    client 500000\n    timeout    server 500000\n","systemd_content":"[Unit]\nDescription=HAProxy Load Balancer\nDocumentation=man:haproxy(1)\nDocumentation=file:/usr/share/doc/haproxy/configuration.txt.gz\nAfter=network-online.target syslog.service\nWants=network-online.target syslog.service\n\n[Service]\nEnvironment=\"CONFIG=/etc/haproxy/haproxy.cfg\" \"PIDFILE=/run/haproxy/haproxy.pid\"\nEnvironmentFile=-/etc/default/haproxy\nExecStartPre=/usr/local/sbin/tls-check /etc/haproxy-tls-check.cfg\nExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q $EXTRAOPTS\nExecStart=/usr/sbin/haproxy -Ws -f ${CONFIG} -p $PIDFILE $EXTRAOPTS\nExecReload=/usr/sbin/haproxy -f ${CONFIG} -c -q $EXTRAOPTS\nExecReload=/bin/kill -USR2 $MAINPID\nKillMode=mixed\nRestart=always\nSuccessExitStatus=143\nType=notify\nLimitNOFILE=500000\n\n[Install]\nWantedBy=multi-user.target\n","logging":false,"monitor_check_haproxy":false,"template":"haproxy/haproxy.cfg.erb","socket":"/run/haproxy/haproxy.sock","pid":"/run/haproxy/haproxy.pid","monitor":true,"logrotate_config":"puppet:///modules/haproxy/haproxy.logrotate","systemd_override":false}},{"type":"Package","title":"socat","tags":["package","socat","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Package","title":"haproxy","tags":["package","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Systemd::Tmpfile","title":"haproxy","tags":["systemd::tmpfile","systemd","tmpfile","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":64,"exported":false,"kind":"defined_type","parameters":{"content":"d /run/haproxy 0775 root haproxy","ensure":"present","owner":"root","group":"root"}},{"type":"File","title":"/etc/haproxy","tags":["file","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":72,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/haproxy/conf.d","tags":["file","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":72,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/haproxy/haproxy.cfg","tags":["file","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":84,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0444","owner":"root","group":"root","content":"# Note: This file is managed by puppet.\nglobal\n    user haproxy\n    group haproxy\n    stats socket /run/haproxy/haproxy.sock mode 600 expose-fd listeners level admin\n    log /var/lib/haproxy/dev/log local0 info\n    # do not keep old processes longer than 1m after a reload\n    hard-stop-after 1m\n    set-dumpable\n    nbthread 2\n    warn-blocked-traffic-after 500ms\n    # NB: mapping too many cores (>~60) will cause HAProxy to complain about\n    # too long of a line and fail to start\n    cpu-map 1/1- 0 1\n\n    lua-load-per-thread /etc/haproxy/lua/maxmind-lookup.lua\n    lua-load-per-thread /etc/haproxy/lua/utf8ps.lua\n    lua-load-per-thread /etc/haproxy/lua/contact_info.lua\n\n    ssl-default-bind-options ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3\n    ssl-default-bind-ciphers -ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256\n    ssl-default-bind-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\n    ssl-dh-param-file /etc/ssl/dhparam.pem\n    tune.ssl.cachesize 512000\n    tune.ssl.lifetime 86400\n    maxconn 200000\n\n\n    tune.h2.header-table-size 4096\n    tune.h2.initial-window-size 65535\n    tune.h2.max-concurrent-streams 100\n\n\ndefaults\n    mode       http\n    log-format \"%rt %Tr %Tw %Tc %ST {%[capture.req.hdr(0)]} {%[capture.res.hdr(0)]} %ts\"\n    log-format-sd %{+E}o\\ [haproxykafka@0\\ server_pid=\\\"%pid\\\"\\ ip=\\\"%ci\\\"\\ sequence=\\\"%rt\\\"\\ dt=\\\"%tr\\\"\\ time_backend_response=\\\"%Tr\\\"\\ http_status=\\\"%ST\\\"\\ response_size=\\\"%B\\\"\\ termination_state=\\\"%ts\\\"\\ uri_host=\\\"%[capture.req.hdr(0),lua.utf8ps]\\\"\\ referer=\\\"%[capture.req.hdr(1),lua.utf8ps]\\\"\\ user_agent=\\\"%[capture.req.hdr(2),lua.utf8ps]\\\"\\ accept_language=\\\"%[capture.req.hdr(3),lua.utf8ps]\\\"\\ range=\\\"%[capture.req.hdr(4),lua.utf8ps]\\\"\\ accept=\\\"%[capture.req.hdr(5),lua.utf8ps]\\\"\\ tls=\\\"%[var(txn.tls)]\\\"\\ cache_status=\\\"%[var(txn.x_cache_status)]\\\"\\ content_type=\\\"%[var(txn.content_type)]\\\"\\ x_analytics=\\\"%[var(txn.x_analytics)]\\\"\\ x_cache=\\\"%[var(txn.x_cache)]\\\"\\ backend=\\\"%[var(txn.server)]\\\"\\ http_method=\\\"%HM\\\"\\ uri_path=\\\"%HPO\\\"\\ uri_query=\\\"%HQ\\\"]\n\n    option     dontlognull\n    option     accept-invalid-http-request\n    option     accept-invalid-http-response\n    option     http-ignore-probes\n    retries    1\n    timeout    connect 50000\n    timeout    client 500000\n    timeout    server 500000\n","notify":"Service[haproxy]"}},{"type":"File","title":"/usr/local/bin/generate_haproxy_default.sh","tags":["file","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":95,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/etc/default/haproxy","tags":["file","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":99,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0644","owner":"root","group":"root","content":"EXTRAOPTS=\"-f /etc/haproxy/conf.d\"\n","notify":"Service[haproxy]"}},{"type":"Systemd::Service","title":"haproxy","tags":["systemd::service","systemd","service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":113,"exported":false,"kind":"defined_type","parameters":{"override":false,"content":"[Unit]\nDescription=HAProxy Load Balancer\nDocumentation=man:haproxy(1)\nDocumentation=file:/usr/share/doc/haproxy/configuration.txt.gz\nAfter=network-online.target syslog.service\nWants=network-online.target syslog.service\n\n[Service]\nEnvironment=\"CONFIG=/etc/haproxy/haproxy.cfg\" \"PIDFILE=/run/haproxy/haproxy.pid\"\nEnvironmentFile=-/etc/default/haproxy\nExecStartPre=/usr/local/sbin/tls-check /etc/haproxy-tls-check.cfg\nExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q $EXTRAOPTS\nExecStart=/usr/sbin/haproxy -Ws -f ${CONFIG} -p $PIDFILE $EXTRAOPTS\nExecReload=/usr/sbin/haproxy -f ${CONFIG} -c -q $EXTRAOPTS\nExecReload=/bin/kill -USR2 $MAINPID\nKillMode=mixed\nRestart=always\nSuccessExitStatus=143\nType=notify\nLimitNOFILE=500000\n\n[Install]\nWantedBy=multi-user.target\n","service_params":{"restart":"/bin/systemctl reload haproxy.service"},"ensure":"present","unit_type":"service","restart":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"migration_task":"T407130"}},{"type":"File","title":"/usr/lib/nagios/plugins/check_haproxy","tags":["file","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":120,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Nrpe::Plugin","title":"check_haproxy","tags":["nrpe::plugin","nrpe","plugin","check_haproxy","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":124,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"#!/bin/bash\n\nOK=\"OK\"\nEOK=0\nWARN=\"WARNING\"\nEWARN=1\nCRIT=\"CRITICAL\"\nECRIT=2\n\nsocket=\"/run/haproxy/haproxy.sock\"\ncheck=\"check_alive\"\n\nfor var in \"$@\"; do\n\n    if [[ \"$var\" =~ ^--check=(.+) ]]; then\n        check=\"check_${BASH_REMATCH[1]}\"\n    fi\n\n    if [[ \"$var\" =~ ^--socket=(.+) ]]; then\n        socket=\"${BASH_REMATCH[1]}\"\n    fi\n\ndone\n\n# Check service normal response\nif [ \"$check\" == \"check_alive\" ]; then\n\n    up=$(echo \"show info\" | socat stdio \"$socket\" | grep -E '^Uptime_sec' | awk '{print $2}')\n\n    if [[ \"$up\" =~ ^[0-9]+$ ]]; then\n\n        if [ \"$up\" -lt 300 ]; then\n            echo \"${WARN} ${check} recent restart ${up}s\"\n            exit $EWARN\n        fi\n\n        echo \"${OK} ${check} uptime ${up}s\"\n        exit $EOK\n    fi\n\n    echo \"${CRIT} ${check} invalid response\"\n    exit $ECRIT\n\nfi\n\nif [ \"$check\" != \"check_failover\" ] && [ \"$check\" != \"check_someup\" ] ; then\n    echo \"${CRIT} unkown check ${check} \"\n    exit $ECRIT\nfi\n\nOUTPUT=$(echo \"show stat\" | socat stdio \"$socket\")\nup=$(grep -c L7OK <<< \"$OUTPUT\")\ndown=$(grep -c DOWN <<< \"$OUTPUT\")\ndown_string=$(grep DOWN <<< \"$OUTPUT\" | awk -F',' '{print $1\",\"$2}')\nmsg=\"servers up ${up} down ${down}:\\n${down_string}\"\n\nif [ \"$check\" == \"check_failover\" ] && [ \"$down\" -eq 0 ] ; then\n    # Check a primary/secondary pair for failover\n    echo -e \"${OK} ${check} ${msg}\"\n    exit $EOK\nfi\nif [ \"$check\" == \"check_someup\" ] && [ \"$up\" -gt 0 ] ; then\n    # Check at least some backends are UP\n    echo -e \"${OK} ${check} ${msg}\"\n    exit $EOK\nfi\n\necho -e \"${CRIT} ${check} ${msg}\"\nexit $ECRIT\n"}},{"type":"Nrpe::Monitor_service","title":"haproxy","tags":["nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":129,"exported":false,"kind":"defined_type","parameters":{"description":"haproxy process","nrpe_command":"/usr/lib/nagios/plugins/check_procs -c 1: -C haproxy","notes_url":"https://wikitech.wikimedia.org/wiki/HAProxy","migration_task":"T357099","ensure":"present","contact_group":"admins","retries":3,"timeout":10,"critical":false,"check_interval":1,"retry_interval":1,"enable_nrpe2nodexp":false,"enable_icinga_check":true,"nrpe2nodexp_parse_perf_data":false,"alertmanager_team":"observability"}},{"type":"Nrpe::Monitor_service","title":"haproxy_alive","tags":["nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/init.pp","line":136,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"haproxy alive","nrpe_command":"/usr/local/lib/nagios/plugins/check_haproxy --check=alive","notes_url":"https://wikitech.wikimedia.org/wiki/HAProxy","migration_task":"T407137","enable_nrpe2nodexp":true,"contact_group":"admins","retries":3,"timeout":10,"critical":false,"check_interval":1,"retry_interval":1,"enable_icinga_check":true,"nrpe2nodexp_parse_perf_data":false,"alertmanager_team":"observability"}},{"type":"Package","title":"python3-pystemd","tags":["package","python3-pystemd","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":112,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/usr/local/sbin/haproxy-stek-manager","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":113,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","source":"puppet:///modules/profile/cache/haproxy_stek_manager.py","owner":"root","group":"root","mode":"0544"}},{"type":"Systemd::Tmpfile","title":"haproxy_secrets_tmpfile","tags":["systemd::tmpfile","systemd","tmpfile","haproxy_secrets_tmpfile","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":121,"exported":false,"kind":"defined_type","parameters":{"content":"d /run/haproxy-secrets 0700 haproxy haproxy -","ensure":"present","owner":"root","group":"root"}},{"type":"Systemd::Timer::Job","title":"haproxy_stek_job","tags":["systemd::timer::job","systemd","timer","job","haproxy_stek_job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":126,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"HAProxy STEK manager","command":"/usr/local/sbin/haproxy-stek-manager /run/haproxy-secrets/stek.keys","interval":[{"start":"OnCalendar","interval":"*-*-* 00/8:00:00"},{"start":"OnBootSec","interval":"0sec"}],"user":"root","require":"File[/usr/local/sbin/haproxy-stek-manager]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Systemd::Tmpfile","title":"haproxy_tls_material","tags":["systemd::tmpfile","systemd","tmpfile","haproxy_tls_material","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":150,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"d  0700 haproxy haproxy -","owner":"root","group":"root"}},{"type":"Acme_chief::Cert","title":"unified","tags":["acme_chief::cert","acme_chief","cert","unified","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":179,"exported":false,"kind":"defined_type","parameters":{"puppet_svc":"haproxy","key_group":"haproxy","certs_path":"/etc/acmecerts","ensure":"present","require":["Class[Acme_chief]"]}},{"type":"File","title":"/etc/haproxy-tls-check.cfg","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":198,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0444","owner":"root","group":"root","content":"CERT_LIST=\"/etc/acmecerts/unified/live/ec-prime256v1.chained.crt.key\"\n"}},{"type":"File","title":"/usr/local/sbin/tls-check","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":206,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","content":"#!/bin/sh\n# SPDX-License-Identifier: Apache-2.0\nCERT_LIST_FILE=$1\nif [ -z \"$CERT_LIST_FILE\" ]; then\n    echo \"ERR: no configuration file provided\"\n    exit 255\nfi\nif [ ! -e \"$CERT_LIST_FILE\" ]; then\n    echo \"ERR: \\$CERT_LIST_FILE ($CERT_LIST_FILE) does not exist\"\n    exit 254\nfi\n# shellcheck source=/dev/null\n. \"$CERT_LIST_FILE\"\nif [ -z \"$CERT_LIST\" ]; then\n    echo \"ERR: \\$CERT_LIST variable is empty, invalid config file?\"\n    exit 253\nfi\nEXIT_CODE=0\nfor cert in $CERT_LIST; do\n    if [ ! -e \"$cert\" ]; then\n        # Exit early if a certificate in the list doesn't exist\n        echo \"ERR: certificate $cert does not exist\"\n        exit 252\n    fi\n    # Check with openssl -checkend option\n    # Using 0 seconds to verify if the certificate is already expired\n    /usr/bin/openssl x509 -in \"$cert\" -checkend 0 -noout > /dev/null\n    retval=$?\n    if [ $retval -ne 0 ]; then\n        echo \"ERR: $cert is expired\"\n        EXIT_CODE=$((EXIT_CODE + 1))\n    fi\ndone\nexit $EXIT_CODE\n"}},{"type":"File","title":"/etc/haproxy/jwt","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":225,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","recurse":true,"source":"puppet:///modules/profile/cache/haproxy/jwt/","owner":"haproxy","group":"haproxy","mode":"0644","purge":"true","force":"true"}},{"type":"File","title":"/etc/haproxy/crt-list.cfg","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":248,"exported":false,"kind":"compilable_type","parameters":{"mode":"0444","content":"/etc/acmecerts/unified/live/ec-prime256v1.chained.crt.key [alpn h2,http/1.1 curves X25519:P-256] beta.wmcloud.org *.wikibooks.beta.wmcloud.org *.wikidata.beta.wmcloud.org *.wikimedia.beta.wmcloud.org *.wikinews.beta.wmcloud.org *.wikipedia.beta.wmcloud.org *.wikiquote.beta.wmcloud.org *.wikisource.beta.wmcloud.org *.wikiversity.beta.wmcloud.org *.wikivoyage.beta.wmcloud.org *.wiktionary.beta.wmcloud.org *.m.wikibooks.beta.wmcloud.org *.m.wikimedia.beta.wmcloud.org *.m.wikinews.beta.wmcloud.org *.m.wikipedia.beta.wmcloud.org *.m.wikiquote.beta.wmcloud.org *.m.wikisource.beta.wmcloud.org *.m.wikiversity.beta.wmcloud.org *.m.wikivoyage.beta.wmcloud.org *.m.wiktionary.beta.wmcloud.org w.beta.wmcloud.org wikidata.beta.wmcloud.org wikimedia.beta.wmcloud.org wikipedia.beta.wmcloud.org beta.wmflabs.org *.wikibooks.beta.wmflabs.org *.wikidata.beta.wmflabs.org *.wikimedia.beta.wmflabs.org *.wikinews.beta.wmflabs.org *.wikipedia.beta.wmflabs.org *.wikiquote.beta.wmflabs.org *.wikisource.beta.wmflabs.org *.wikiversity.beta.wmflabs.org *.wikivoyage.beta.wmflabs.org *.wiktionary.beta.wmflabs.org *.m.wikibooks.beta.wmflabs.org *.m.wikimedia.beta.wmflabs.org *.m.wikinews.beta.wmflabs.org *.m.wikipedia.beta.wmflabs.org *.m.wikiquote.beta.wmflabs.org *.m.wikisource.beta.wmflabs.org *.m.wikiversity.beta.wmflabs.org *.m.wikivoyage.beta.wmflabs.org *.m.wiktionary.beta.wmflabs.org wikidata.beta.wmflabs.org wikimedia.beta.wmflabs.org wikipedia.beta.wmflabs.org\n","notify":"Service[haproxy]","owner":"root","group":"root"}},{"type":"Mediawiki::Errorpage","title":"/etc/haproxy/tls-terminator-tls-plaintext-error.html","tags":["mediawiki::errorpage","mediawiki","errorpage","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":254,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"<p>Insecure request forbidden, use HTTPS instead. For details see <a href=\"https://lists.wikimedia.org/hyperkitty/list/mediawiki-api-announce@lists.wikimedia.org/message/VKQJRS36NXLIMHOWBOXJPUH35KETQCG5/\">https://lists.wikimedia.org/hyperkitty/list/mediawiki-api-announce@lists.wikimedia.org/message/VKQJRS36NXLIMHOWBOXJPUH35KETQCG5/</a>.</p>","before":"Haproxy::Site[tls]","filepath":"/etc/haproxy/tls-terminator-tls-plaintext-error.html","owner":"root","group":"root","mode":"0444","doctitle":"Wikimedia Error","pagetitle":"Error","logo_link":"https://www.wikimedia.org","logo_src":"https://www.wikimedia.org/static/images/wmf-logo.png","logo_srcset":"https://www.wikimedia.org/static/images/wmf-logo-2x.png 2x","logo_width":135,"logo_height":101,"logo_alt":"Wikimedia"}},{"type":"File","title":"/etc/haproxy/allowed-hc-sources.lst","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":261,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","mode":"0444","owner":"root","group":"root","content":"# This file is managed by puppet\n","notify":"Service[haproxy]"}},{"type":"File","title":"/etc/haproxy/allowed-hosts.map","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":271,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0444","owner":"root","group":"root","source":"puppet:///modules/profile/cache/allowed-hosts.map","notify":"Service[haproxy]"}},{"type":"File","title":"/etc/haproxy/ipblocks.d/","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":282,"exported":false,"kind":"compilable_type","parameters":{"path":"/etc/haproxy/ipblocks.d","ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/haproxy/ip-reputation.d/","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":289,"exported":false,"kind":"compilable_type","parameters":{"path":"/etc/haproxy/ip-reputation.d","ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/usr/local/bin/check-haproxy-map","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":296,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/profile/cache/check-haproxy-map.sh"}},{"type":"File","title":"/etc/haproxy/lua/private/","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":304,"exported":false,"kind":"compilable_type","parameters":{"path":"/etc/haproxy/lua/private","ensure":"absent","owner":"haproxy","group":"haproxy","recurse":true,"purge":true}},{"type":"File","title":"/etc/haproxy/ipblocks.d/all.map","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":380,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","content":"93.184.216.34/32      abuse=blocked_nets\n1.186.0.0/16      abuse=blocked_nets\n2.0.0.0/11      abuse=blocked_nets\n2.32.0.0/12      abuse=blocked_nets\n2.48.0.0/14      abuse=blocked_nets\n2.52.0.0/15      abuse=blocked_nets\n2.55.0.0/16      abuse=blocked_nets\n2.56.0.0/13      abuse=blocked_nets\n2.58.103.0/24      abuse=blocked_nets\n2.64.0.0/10      abuse=blocked_nets\n2.128.0.0/9      abuse=blocked_nets\n4.144.0.0/12      abuse=blocked_nets\n4.160.0.0/11      abuse=blocked_nets\n4.192.0.0/10      abuse=blocked_nets\n4.192.0.0/12      abuse=blocked_nets\n5.0.0.0/8      abuse=blocked_nets\n5.23.34.0/24      abuse=blocked_nets\n5.102.37.0/24      abuse=blocked_nets\n9.141.0.0/16      abuse=blocked_nets\n9.145.0.0/16      abuse=blocked_nets\n9.146.0.0/16      abuse=blocked_nets\n9.160.0.0/16      abuse=blocked_nets\n9.163.0.0/16      abuse=blocked_nets\n9.169.0.0/16      abuse=blocked_nets\n9.205.0.0/16      abuse=blocked_nets\n9.223.0.0/16      abuse=blocked_nets\n9.234.0.0/15      abuse=blocked_nets\n13.0.0.0/8      abuse=blocked_nets\n13.64.0.0/11      abuse=blocked_nets\n13.104.0.0/14      abuse=blocked_nets\n13.254.0.0/24      abuse=blocked_nets\n13.254.4.0/24      abuse=blocked_nets\n14.0.0.0/9      abuse=blocked_nets\n14.128.0.0/11      abuse=blocked_nets\n14.160.0.0/12      abuse=blocked_nets\n14.176.0.0/13      abuse=blocked_nets\n14.184.0.0/14      abuse=blocked_nets\n14.188.0.0/15      abuse=blocked_nets\n14.190.0.0/16      abuse=blocked_nets\n14.191.0.0/17      abuse=blocked_nets\n14.191.128.0/18      abuse=blocked_nets\n14.191.192.0/20      abuse=blocked_nets\n14.191.224.0/19      abuse=blocked_nets\n14.192.0.0/10      abuse=blocked_nets\n17.0.0.0/8      abuse=blocked_nets\n20.0.0.0/11      abuse=blocked_nets\n20.33.0.0/16      abuse=blocked_nets\n20.34.0.0/15      abuse=blocked_nets\n20.36.0.0/14      abuse=blocked_nets\n20.40.0.0/13      abuse=blocked_nets\n20.48.0.0/12      abuse=blocked_nets\n20.64.0.0/10      abuse=blocked_nets\n20.128.0.0/16      abuse=blocked_nets\n20.135.0.0/16      abuse=blocked_nets\n20.136.0.0/17      abuse=blocked_nets\n20.143.0.0/16      abuse=blocked_nets\n20.150.0.0/15      abuse=blocked_nets\n20.152.0.0/15      abuse=blocked_nets\n20.157.0.0/16      abuse=blocked_nets\n20.160.0.0/12      abuse=blocked_nets\n20.184.0.0/13      abuse=blocked_nets\n20.192.0.0/10      abuse=blocked_nets\n23.96.0.0/14      abuse=blocked_nets\n23.100.0.0/15      abuse=blocked_nets\n23.102.0.0/16      abuse=blocked_nets\n23.103.64.0/18      abuse=blocked_nets\n23.103.128.0/17      abuse=blocked_nets\n24.16.0.0/12      abuse=blocked_nets\n24.32.0.0/11      abuse=blocked_nets\n24.64.0.0/10      abuse=blocked_nets\n24.128.0.0/14      abuse=blocked_nets\n24.132.0.0/16      abuse=blocked_nets\n24.133.0.0/17      abuse=blocked_nets\n24.133.128.0/18      abuse=blocked_nets\n24.133.192.0/19      abuse=blocked_nets\n24.133.224.0/23      abuse=blocked_nets\n24.133.226.0/24      abuse=blocked_nets\n24.133.228.0/22      abuse=blocked_nets\n24.133.232.0/21      abuse=blocked_nets\n24.133.240.0/20      abuse=blocked_nets\n24.134.0.0/15      abuse=blocked_nets\n24.136.0.0/13      abuse=blocked_nets\n24.144.0.0/12      abuse=blocked_nets\n24.160.0.0/11      abuse=blocked_nets\n24.192.0.0/10      abuse=blocked_nets\n27.0.0.0/8      abuse=blocked_nets\n31.0.0.0/12      abuse=blocked_nets\n31.16.0.0/15      abuse=blocked_nets\n31.19.0.0/16      abuse=blocked_nets\n31.20.0.0/14      abuse=blocked_nets\n31.24.0.0/13      abuse=blocked_nets\n31.32.0.0/11      abuse=blocked_nets\n31.56.106.0/24      abuse=blocked_nets\n31.58.221.0/24      abuse=blocked_nets\n31.59.230.0/24      abuse=blocked_nets\n31.64.0.0/10      abuse=blocked_nets\n31.128.0.0/10      abuse=blocked_nets\n31.192.0.0/12      abuse=blocked_nets\n31.208.0.0/13      abuse=blocked_nets\n31.216.0.0/14      abuse=blocked_nets\n31.220.0.0/16      abuse=blocked_nets\n31.221.0.0/17      abuse=blocked_nets\n31.222.0.0/15      abuse=blocked_nets\n31.224.0.0/11      abuse=blocked_nets\n37.0.0.0/12      abuse=blocked_nets\n37.16.0.0/13      abuse=blocked_nets\n37.24.0.0/14      abuse=blocked_nets\n37.28.0.0/15      abuse=blocked_nets\n37.30.0.0/16      abuse=blocked_nets\n37.32.0.0/11      abuse=blocked_nets\n37.64.0.0/11      abuse=blocked_nets\n37.96.0.0/12      abuse=blocked_nets\n37.112.0.0/15      abuse=blocked_nets\n37.114.0.0/17      abuse=blocked_nets\n37.114.128.0/19      abuse=blocked_nets\n37.114.192.0/18      abuse=blocked_nets\n37.115.0.0/16      abuse=blocked_nets\n37.116.0.0/14      abuse=blocked_nets\n37.120.128.0/17      abuse=blocked_nets\n37.121.0.0/16      abuse=blocked_nets\n37.122.0.0/15      abuse=blocked_nets\n37.124.0.0/14      abuse=blocked_nets\n37.128.0.0/11      abuse=blocked_nets\n37.160.0.0/12      abuse=blocked_nets\n37.176.0.0/13      abuse=blocked_nets\n37.184.0.0/14      abuse=blocked_nets\n37.188.0.0/17      abuse=blocked_nets\n37.189.0.0/16      abuse=blocked_nets\n37.190.0.0/15      abuse=blocked_nets\n37.192.0.0/11      abuse=blocked_nets\n37.224.0.0/12      abuse=blocked_nets\n37.228.121.0/24      abuse=blocked_nets\n37.228.126.0/24      abuse=blocked_nets\n37.240.0.0/14      abuse=blocked_nets\n37.244.0.0/17      abuse=blocked_nets\n37.245.0.0/16      abuse=blocked_nets\n37.246.0.0/16      abuse=blocked_nets\n37.247.0.0/19      abuse=blocked_nets\n37.247.32.0/20      abuse=blocked_nets\n37.247.48.0/21      abuse=blocked_nets\n37.247.56.0/22      abuse=blocked_nets\n37.247.64.0/18      abuse=blocked_nets\n37.247.128.0/17      abuse=blocked_nets\n37.248.0.0/13      abuse=blocked_nets\n38.128.0.0/10      abuse=blocked_nets\n38.192.0.0/11      abuse=blocked_nets\n38.224.0.0/12      abuse=blocked_nets\n38.240.0.0/15      abuse=blocked_nets\n38.242.0.0/17      abuse=blocked_nets\n38.242.128.0/19      abuse=blocked_nets\n38.242.160.0/20      abuse=blocked_nets\n38.242.180.0/22      abuse=blocked_nets\n38.242.184.0/22      abuse=blocked_nets\n38.242.189.0/24      abuse=blocked_nets\n38.242.190.0/23      abuse=blocked_nets\n38.242.192.0/18      abuse=blocked_nets\n38.243.0.0/16      abuse=blocked_nets\n38.244.0.0/14      abuse=blocked_nets\n38.248.0.0/13      abuse=blocked_nets\n40.0.0.0/8      abuse=blocked_nets\n40.47.0.0/16      abuse=blocked_nets\n40.64.0.0/15      abuse=blocked_nets\n40.66.0.0/17      abuse=blocked_nets\n40.67.0.0/16      abuse=blocked_nets\n40.68.0.0/14      abuse=blocked_nets\n40.74.0.0/15      abuse=blocked_nets\n40.76.0.0/14      abuse=blocked_nets\n40.80.0.0/12      abuse=blocked_nets\n40.96.0.0/13      abuse=blocked_nets\n40.104.0.0/14      abuse=blocked_nets\n40.108.128.0/17      abuse=blocked_nets\n40.110.0.0/15      abuse=blocked_nets\n40.112.0.0/13      abuse=blocked_nets\n40.120.0.0/14      abuse=blocked_nets\n40.124.0.0/16      abuse=blocked_nets\n40.125.0.0/17      abuse=blocked_nets\n40.126.0.0/18      abuse=blocked_nets\n40.126.128.0/17      abuse=blocked_nets\n40.127.0.0/16      abuse=blocked_nets\n40.146.0.0/16      abuse=blocked_nets\n40.148.0.0/16      abuse=blocked_nets\n40.155.0.0/16      abuse=blocked_nets\n40.159.0.0/16      abuse=blocked_nets\n40.169.0.0/16      abuse=blocked_nets\n40.170.0.0/15      abuse=blocked_nets\n40.212.0.0/16      abuse=blocked_nets\n40.253.0.0/16      abuse=blocked_nets\n41.0.0.0/10      abuse=blocked_nets\n41.64.0.0/13      abuse=blocked_nets\n41.72.0.0/15      abuse=blocked_nets\n41.74.0.0/17      abuse=blocked_nets\n41.74.128.0/19      abuse=blocked_nets\n41.74.160.0/20      abuse=blocked_nets\n41.74.192.0/18      abuse=blocked_nets\n41.75.0.0/16      abuse=blocked_nets\n41.76.0.0/14      abuse=blocked_nets\n41.80.0.0/13      abuse=blocked_nets\n41.88.0.0/15      abuse=blocked_nets\n41.91.0.0/16      abuse=blocked_nets\n41.92.0.0/14      abuse=blocked_nets\n41.96.0.0/11      abuse=blocked_nets\n41.128.0.0/9      abuse=blocked_nets\n43.0.0.0/8      abuse=blocked_nets\n45.0.0.0/12      abuse=blocked_nets\n45.8.43.0/24      abuse=blocked_nets\n45.32.0.0/12      abuse=blocked_nets\n45.48.0.0/13      abuse=blocked_nets\n45.56.0.0/14      abuse=blocked_nets\n45.60.0.0/15      abuse=blocked_nets\n45.62.0.0/18      abuse=blocked_nets\n45.62.64.0/19      abuse=blocked_nets\n45.62.96.0/20      abuse=blocked_nets\n45.62.120.0/21      abuse=blocked_nets\n45.62.128.0/17      abuse=blocked_nets\n45.63.0.0/16      abuse=blocked_nets\n45.64.0.0/10      abuse=blocked_nets\n45.66.80.0/24      abuse=blocked_nets\n45.128.0.0/12      abuse=blocked_nets\n45.143.224.0/23      abuse=blocked_nets\n45.144.0.0/14      abuse=blocked_nets\n45.148.0.0/17      abuse=blocked_nets\n45.148.128.0/19      abuse=blocked_nets\n45.148.160.0/21      abuse=blocked_nets\n45.148.170.0/23      abuse=blocked_nets\n45.148.172.0/22      abuse=blocked_nets\n45.148.176.0/20      abuse=blocked_nets\n45.148.192.0/18      abuse=blocked_nets\n45.149.0.0/16      abuse=blocked_nets\n45.150.0.0/15      abuse=blocked_nets\n45.152.0.0/13      abuse=blocked_nets\n45.156.164.0/23      abuse=blocked_nets\n45.157.47.0/24      abuse=blocked_nets\n45.160.0.0/11      abuse=blocked_nets\n45.192.0.0/10      abuse=blocked_nets\n46.0.0.0/12      abuse=blocked_nets\n46.16.0.0/13      abuse=blocked_nets\n46.24.0.0/14      abuse=blocked_nets\n46.28.0.0/18      abuse=blocked_nets\n46.28.64.0/20      abuse=blocked_nets\n46.28.88.0/21      abuse=blocked_nets\n46.28.96.0/19      abuse=blocked_nets\n46.28.128.0/17      abuse=blocked_nets\n46.29.0.0/16      abuse=blocked_nets\n46.29.242.0/24      abuse=blocked_nets\n46.30.0.0/15      abuse=blocked_nets\n46.32.0.0/12      abuse=blocked_nets\n46.48.0.0/13      abuse=blocked_nets\n46.56.0.0/15      abuse=blocked_nets\n46.58.0.0/16      abuse=blocked_nets\n46.59.128.0/17      abuse=blocked_nets\n46.60.0.0/14      abuse=blocked_nets\n46.64.0.0/11      abuse=blocked_nets\n46.96.0.0/13      abuse=blocked_nets\n46.104.0.0/14      abuse=blocked_nets\n46.108.0.0/15      abuse=blocked_nets\n46.110.0.0/20      abuse=blocked_nets\n46.110.16.0/21      abuse=blocked_nets\n46.110.24.0/22      abuse=blocked_nets\n46.110.28.0/23      abuse=blocked_nets\n46.110.30.0/24      abuse=blocked_nets\n46.110.32.0/19      abuse=blocked_nets\n46.110.64.0/18      abuse=blocked_nets\n46.110.128.0/17      abuse=blocked_nets\n46.111.0.0/16      abuse=blocked_nets\n46.112.0.0/15      abuse=blocked_nets\n46.114.0.0/17      abuse=blocked_nets\n46.114.128.0/18      abuse=blocked_nets\n46.114.192.0/20      abuse=blocked_nets\n46.114.216.0/21      abuse=blocked_nets\n46.114.224.0/19      abuse=blocked_nets\n46.115.0.0/16      abuse=blocked_nets\n46.116.0.0/14      abuse=blocked_nets\n46.120.0.0/13      abuse=blocked_nets\n46.129.0.0/16      abuse=blocked_nets\n46.130.0.0/15      abuse=blocked_nets\n46.132.0.0/14      abuse=blocked_nets\n46.136.0.0/13      abuse=blocked_nets\n46.144.0.0/12      abuse=blocked_nets\n46.160.0.0/11      abuse=blocked_nets\n46.192.0.0/10      abuse=blocked_nets\n46.254.176.0/21      abuse=blocked_nets\n47.0.0.0/9      abuse=blocked_nets\n47.128.0.0/12      abuse=blocked_nets\n47.160.0.0/12      abuse=blocked_nets\n47.176.0.0/13      abuse=blocked_nets\n47.185.0.0/16      abuse=blocked_nets\n47.186.0.0/15      abuse=blocked_nets\n47.189.0.0/16      abuse=blocked_nets\n47.190.0.0/15      abuse=blocked_nets\n47.192.0.0/16      abuse=blocked_nets\n47.193.128.0/17      abuse=blocked_nets\n47.200.0.0/13      abuse=blocked_nets\n47.208.0.0/12      abuse=blocked_nets\n47.224.0.0/14      abuse=blocked_nets\n47.228.0.0/15      abuse=blocked_nets\n47.230.0.0/16      abuse=blocked_nets\n47.231.0.0/19      abuse=blocked_nets\n47.231.64.0/18      abuse=blocked_nets\n47.231.128.0/18      abuse=blocked_nets\n47.231.192.0/20      abuse=blocked_nets\n47.231.216.0/21      abuse=blocked_nets\n47.231.224.0/19      abuse=blocked_nets\n47.232.0.0/13      abuse=blocked_nets\n47.240.0.0/12      abuse=blocked_nets\n48.192.0.0/11      abuse=blocked_nets\n49.0.0.0/11      abuse=blocked_nets\n49.48.0.0/12      abuse=blocked_nets\n49.64.0.0/10      abuse=blocked_nets\n49.128.0.0/10      abuse=blocked_nets\n49.192.0.0/13      abuse=blocked_nets\n49.200.0.0/14      abuse=blocked_nets\n49.204.0.0/15      abuse=blocked_nets\n49.206.0.0/16      abuse=blocked_nets\n49.208.0.0/12      abuse=blocked_nets\n49.224.0.0/11      abuse=blocked_nets\n50.85.0.0/16      abuse=blocked_nets\n50.117.58.0/24      abuse=blocked_nets\n50.117.87.0/24      abuse=blocked_nets\n51.1.0.0/16      abuse=blocked_nets\n51.4.0.0/15      abuse=blocked_nets\n51.8.0.0/16      abuse=blocked_nets\n51.10.0.0/15      abuse=blocked_nets\n51.12.0.0/15      abuse=blocked_nets\n51.42.0.0/16      abuse=blocked_nets\n51.51.0.0/16      abuse=blocked_nets\n51.53.0.0/16      abuse=blocked_nets\n51.56.0.0/14      abuse=blocked_nets\n51.103.0.0/16      abuse=blocked_nets\n51.104.0.0/15      abuse=blocked_nets\n51.107.0.0/16      abuse=blocked_nets\n51.109.0.0/16      abuse=blocked_nets\n51.111.0.0/16      abuse=blocked_nets\n51.116.0.0/16      abuse=blocked_nets\n51.120.0.0/16      abuse=blocked_nets\n51.124.0.0/16      abuse=blocked_nets\n51.126.0.0/16      abuse=blocked_nets\n51.132.0.0/16      abuse=blocked_nets\n51.136.0.0/15      abuse=blocked_nets\n51.138.0.0/16      abuse=blocked_nets\n51.140.0.0/14      abuse=blocked_nets\n51.144.0.0/15      abuse=blocked_nets\n52.96.0.0/12      abuse=blocked_nets\n52.112.0.0/14      abuse=blocked_nets\n52.120.0.0/14      abuse=blocked_nets\n52.125.0.0/16      abuse=blocked_nets\n52.132.0.0/14      abuse=blocked_nets\n52.136.0.0/13      abuse=blocked_nets\n52.145.0.0/16      abuse=blocked_nets\n52.146.0.0/15      abuse=blocked_nets\n52.148.0.0/14      abuse=blocked_nets\n52.152.0.0/13      abuse=blocked_nets\n52.160.0.0/11      abuse=blocked_nets\n52.224.0.0/11      abuse=blocked_nets\n57.141.0.0/16      abuse=blocked_nets\n57.150.0.0/15      abuse=blocked_nets\n57.152.0.0/13      abuse=blocked_nets\n57.160.0.0/12      abuse=blocked_nets\n62.12.56.0/22      abuse=blocked_nets\n62.12.60.0/23      abuse=blocked_nets\n62.97.228.0/24      abuse=blocked_nets\n62.132.26.0/23      abuse=blocked_nets\n62.164.204.0/23      abuse=blocked_nets\n62.231.53.0/24      abuse=blocked_nets\n63.116.158.0/24      abuse=blocked_nets\n64.4.0.0/18      abuse=blocked_nets\n64.5.116.0/24      abuse=blocked_nets\n64.13.130.0/23      abuse=blocked_nets\n64.15.23.0/24      abuse=blocked_nets\n64.15.25.0/24      abuse=blocked_nets\n64.40.128.0/24      abuse=blocked_nets\n64.40.142.0/23      abuse=blocked_nets\n64.52.107.0/24      abuse=blocked_nets\n64.72.206.0/24      abuse=blocked_nets\n64.112.188.0/24      abuse=blocked_nets\n64.236.0.0/16      abuse=blocked_nets\n65.18.198.0/24      abuse=blocked_nets\n65.52.0.0/14      abuse=blocked_nets\n66.0.0.0/10      abuse=blocked_nets\n66.9.47.0/24      abuse=blocked_nets\n66.45.92.0/24      abuse=blocked_nets\n66.64.0.0/12      abuse=blocked_nets\n66.80.0.0/16      abuse=blocked_nets\n66.81.0.0/17      abuse=blocked_nets\n66.81.128.0/19      abuse=blocked_nets\n66.81.160.0/21      abuse=blocked_nets\n66.81.176.0/20      abuse=blocked_nets\n66.81.192.0/18      abuse=blocked_nets\n66.82.0.0/15      abuse=blocked_nets\n66.84.0.0/14      abuse=blocked_nets\n66.88.0.0/13      abuse=blocked_nets\n66.94.52.0/23      abuse=blocked_nets\n66.96.0.0/11      abuse=blocked_nets\n66.119.144.0/20      abuse=blocked_nets\n66.128.0.0/15      abuse=blocked_nets\n66.132.0.0/14      abuse=blocked_nets\n66.132.204.0/22      abuse=blocked_nets\n66.136.0.0/13      abuse=blocked_nets\n66.144.0.0/12      abuse=blocked_nets\n66.160.0.0/11      abuse=blocked_nets\n66.178.148.0/23      abuse=blocked_nets\n66.185.137.0/24      abuse=blocked_nets\n66.185.138.0/23      abuse=blocked_nets\n66.185.140.0/23      abuse=blocked_nets\n66.185.142.0/24      abuse=blocked_nets\n66.192.0.0/10      abuse=blocked_nets\n66.235.159.0/24      abuse=blocked_nets\n67.210.82.0/24      abuse=blocked_nets\n67.210.98.0/23      abuse=blocked_nets\n67.210.128.0/23      abuse=blocked_nets\n68.154.0.0/15      abuse=blocked_nets\n68.210.0.0/15      abuse=blocked_nets\n68.218.0.0/15      abuse=blocked_nets\n68.220.0.0/15      abuse=blocked_nets\n69.15.0.0/16      abuse=blocked_nets\n69.25.57.151/32      abuse=blocked_nets\n69.52.192.0/23      abuse=blocked_nets\n69.52.198.0/23      abuse=blocked_nets\n69.52.200.0/24      abuse=blocked_nets\n69.52.204.0/23      abuse=blocked_nets\n69.52.206.0/24      abuse=blocked_nets\n69.59.17.0/24      abuse=blocked_nets\n69.72.71.0/24      abuse=blocked_nets\n69.84.180.0/23      abuse=blocked_nets\n69.89.60.0/24      abuse=blocked_nets\n69.89.63.0/24      abuse=blocked_nets\n70.35.156.0/24      abuse=blocked_nets\n70.37.0.0/17      abuse=blocked_nets\n70.37.128.0/18      abuse=blocked_nets\n70.152.0.0/15      abuse=blocked_nets\n70.156.0.0/15      abuse=blocked_nets\n72.16.128.0/17      abuse=blocked_nets\n72.54.0.0/16      abuse=blocked_nets\n72.144.0.0/14      abuse=blocked_nets\n72.152.0.0/14      abuse=blocked_nets\n74.7.0.0/16      abuse=blocked_nets\n74.116.254.0/23      abuse=blocked_nets\n74.117.19.0/24      abuse=blocked_nets\n74.144.0.0/12      abuse=blocked_nets\n74.160.0.0/14      abuse=blocked_nets\n74.176.0.0/14      abuse=blocked_nets\n74.200.130.0/24      abuse=blocked_nets\n74.224.0.0/14      abuse=blocked_nets\n74.234.0.0/15      abuse=blocked_nets\n74.235.192.0/18      abuse=blocked_nets\n74.240.0.0/14      abuse=blocked_nets\n74.243.224.0/19      abuse=blocked_nets\n74.248.0.0/15      abuse=blocked_nets\n76.0.0.0/10      abuse=blocked_nets\n76.64.0.0/14      abuse=blocked_nets\n76.68.0.0/16      abuse=blocked_nets\n76.69.0.0/17      abuse=blocked_nets\n76.69.128.0/18      abuse=blocked_nets\n76.69.192.0/19      abuse=blocked_nets\n76.69.224.0/22      abuse=blocked_nets\n76.69.228.0/23      abuse=blocked_nets\n76.69.231.0/24      abuse=blocked_nets\n76.69.232.0/21      abuse=blocked_nets\n76.69.240.0/20      abuse=blocked_nets\n76.70.0.0/15      abuse=blocked_nets\n76.72.0.0/13      abuse=blocked_nets\n76.80.0.0/12      abuse=blocked_nets\n76.96.0.0/11      abuse=blocked_nets\n76.128.0.0/12      abuse=blocked_nets\n76.144.0.0/13      abuse=blocked_nets\n76.152.0.0/14      abuse=blocked_nets\n76.156.0.0/16      abuse=blocked_nets\n76.158.0.0/15      abuse=blocked_nets\n76.160.0.0/11      abuse=blocked_nets\n76.192.0.0/10      abuse=blocked_nets\n78.0.0.0/12      abuse=blocked_nets\n78.16.0.0/14      abuse=blocked_nets\n78.24.0.0/13      abuse=blocked_nets\n78.32.0.0/11      abuse=blocked_nets\n78.64.0.0/10      abuse=blocked_nets\n78.128.0.0/9      abuse=blocked_nets\n79.0.0.0/10      abuse=blocked_nets\n79.64.0.0/11      abuse=blocked_nets\n79.96.0.0/12      abuse=blocked_nets\n79.112.0.0/14      abuse=blocked_nets\n79.117.0.0/16      abuse=blocked_nets\n79.118.0.0/15      abuse=blocked_nets\n79.120.0.0/13      abuse=blocked_nets\n79.128.0.0/10      abuse=blocked_nets\n79.170.98.0/24      abuse=blocked_nets\n80.247.56.0/24      abuse=blocked_nets\n81.22.128.0/24      abuse=blocked_nets\n82.0.0.0/11      abuse=blocked_nets\n82.33.0.0/16      abuse=blocked_nets\n82.34.0.0/15      abuse=blocked_nets\n82.36.0.0/14      abuse=blocked_nets\n82.40.0.0/13      abuse=blocked_nets\n82.48.0.0/12      abuse=blocked_nets\n82.68.0.0/14      abuse=blocked_nets\n82.72.0.0/13      abuse=blocked_nets\n82.80.0.0/12      abuse=blocked_nets\n82.87.0.0/16      abuse=blocked_nets\n82.96.0.0/11      abuse=blocked_nets\n82.128.0.0/10      abuse=blocked_nets\n82.171.0.0/16      abuse=blocked_nets\n82.192.0.0/12      abuse=blocked_nets\n82.208.0.0/13      abuse=blocked_nets\n82.217.0.0/16      abuse=blocked_nets\n82.218.0.0/15      abuse=blocked_nets\n82.220.0.0/14      abuse=blocked_nets\n82.224.0.0/11      abuse=blocked_nets\n83.218.234.0/24      abuse=blocked_nets\n84.0.0.0/9      abuse=blocked_nets\n84.81.0.0/16      abuse=blocked_nets\n84.128.0.0/10      abuse=blocked_nets\n84.192.0.0/11      abuse=blocked_nets\n84.222.0.0/15      abuse=blocked_nets\n84.224.0.0/15      abuse=blocked_nets\n84.227.0.0/16      abuse=blocked_nets\n84.228.0.0/14      abuse=blocked_nets\n84.232.0.0/13      abuse=blocked_nets\n84.240.0.0/12      abuse=blocked_nets\n85.0.0.0/10      abuse=blocked_nets\n85.64.0.0/12      abuse=blocked_nets\n85.80.0.0/13      abuse=blocked_nets\n85.88.0.0/14      abuse=blocked_nets\n85.92.0.0/15      abuse=blocked_nets\n85.94.0.0/18      abuse=blocked_nets\n85.94.64.0/20      abuse=blocked_nets\n85.94.80.0/22      abuse=blocked_nets\n85.94.88.0/21      abuse=blocked_nets\n85.94.96.0/19      abuse=blocked_nets\n85.94.128.0/17      abuse=blocked_nets\n85.95.0.0/16      abuse=blocked_nets\n85.96.0.0/11      abuse=blocked_nets\n85.128.0.0/14      abuse=blocked_nets\n85.132.0.0/15      abuse=blocked_nets\n85.134.0.0/17      abuse=blocked_nets\n85.135.0.0/16      abuse=blocked_nets\n85.136.0.0/13      abuse=blocked_nets\n85.144.0.0/15      abuse=blocked_nets\n85.146.128.0/17      abuse=blocked_nets\n85.147.0.0/16      abuse=blocked_nets\n85.148.0.0/14      abuse=blocked_nets\n85.152.0.0/13      abuse=blocked_nets\n85.160.0.0/11      abuse=blocked_nets\n85.192.0.0/10      abuse=blocked_nets\n85.204.120.0/23      abuse=blocked_nets\n85.210.0.0/15      abuse=blocked_nets\n85.212.0.0/16      abuse=blocked_nets\n86.1.0.0/16      abuse=blocked_nets\n86.2.0.0/15      abuse=blocked_nets\n86.4.0.0/14      abuse=blocked_nets\n86.8.0.0/13      abuse=blocked_nets\n86.16.0.0/12      abuse=blocked_nets\n86.32.0.0/11      abuse=blocked_nets\n86.64.0.0/10      abuse=blocked_nets\n86.128.0.0/9      abuse=blocked_nets\n86.91.0.0/16      abuse=blocked_nets\n88.0.0.0/10      abuse=blocked_nets\n88.64.0.0/11      abuse=blocked_nets\n88.96.0.0/12      abuse=blocked_nets\n88.116.0.0/14      abuse=blocked_nets\n88.120.0.0/13      abuse=blocked_nets\n88.128.0.0/11      abuse=blocked_nets\n88.160.0.0/14      abuse=blocked_nets\n88.164.0.0/16      abuse=blocked_nets\n88.165.0.0/17      abuse=blocked_nets\n88.165.128.0/18      abuse=blocked_nets\n88.165.224.0/19      abuse=blocked_nets\n88.166.0.0/15      abuse=blocked_nets\n88.168.0.0/14      abuse=blocked_nets\n88.172.0.0/15      abuse=blocked_nets\n88.188.0.0/14      abuse=blocked_nets\n88.192.0.0/10      abuse=blocked_nets\n89.0.0.0/13      abuse=blocked_nets\n89.8.0.0/14      abuse=blocked_nets\n89.16.0.0/12      abuse=blocked_nets\n89.28.187.0/24      abuse=blocked_nets\n89.32.0.0/11      abuse=blocked_nets\n89.64.0.0/12      abuse=blocked_nets\n89.96.0.0/11      abuse=blocked_nets\n89.128.0.0/11      abuse=blocked_nets\n89.160.0.0/14      abuse=blocked_nets\n89.164.0.0/15      abuse=blocked_nets\n89.166.0.0/17      abuse=blocked_nets\n89.167.0.0/16      abuse=blocked_nets\n89.168.0.0/13      abuse=blocked_nets\n89.176.0.0/12      abuse=blocked_nets\n89.192.0.0/11      abuse=blocked_nets\n89.224.0.0/12      abuse=blocked_nets\n89.242.0.0/15      abuse=blocked_nets\n89.244.0.0/14      abuse=blocked_nets\n89.248.0.0/13      abuse=blocked_nets\n90.0.0.0/10      abuse=blocked_nets\n90.64.0.0/12      abuse=blocked_nets\n90.80.0.0/13      abuse=blocked_nets\n90.88.0.0/14      abuse=blocked_nets\n90.93.0.0/16      abuse=blocked_nets\n90.94.0.0/15      abuse=blocked_nets\n90.96.0.0/11      abuse=blocked_nets\n90.128.0.0/10      abuse=blocked_nets\n90.192.0.0/11      abuse=blocked_nets\n90.224.0.0/12      abuse=blocked_nets\n90.240.0.0/13      abuse=blocked_nets\n90.252.0.0/14      abuse=blocked_nets\n91.68.0.0/14      abuse=blocked_nets\n91.72.0.0/13      abuse=blocked_nets\n91.80.0.0/12      abuse=blocked_nets\n91.96.0.0/11      abuse=blocked_nets\n91.128.0.0/12      abuse=blocked_nets\n91.144.0.0/13      abuse=blocked_nets\n91.176.0.0/14      abuse=blocked_nets\n91.180.0.0/15      abuse=blocked_nets\n91.183.0.0/16      abuse=blocked_nets\n91.184.0.0/13      abuse=blocked_nets\n91.192.0.0/10      abuse=blocked_nets\n91.203.230.0/24      abuse=blocked_nets\n91.216.184.0/24      abuse=blocked_nets\n91.234.239.0/24      abuse=blocked_nets\n91.242.222.0/24      abuse=blocked_nets\n91.244.201.0/24      abuse=blocked_nets\n91.245.215.0/24      abuse=blocked_nets\n92.0.0.0/9      abuse=blocked_nets\n92.112.9.0/24      abuse=blocked_nets\n92.118.22.0/23      abuse=blocked_nets\n92.128.0.0/10      abuse=blocked_nets\n92.192.0.0/11      abuse=blocked_nets\n92.232.0.0/13      abuse=blocked_nets\n92.240.0.0/13      abuse=blocked_nets\n92.248.0.0/14      abuse=blocked_nets\n92.252.128.0/17      abuse=blocked_nets\n92.253.0.0/16      abuse=blocked_nets\n92.254.0.0/15      abuse=blocked_nets\n93.0.0.0/11      abuse=blocked_nets\n93.32.0.0/13      abuse=blocked_nets\n93.40.0.0/15      abuse=blocked_nets\n93.43.0.0/16      abuse=blocked_nets\n93.44.0.0/14      abuse=blocked_nets\n93.48.0.0/12      abuse=blocked_nets\n93.64.0.0/15      abuse=blocked_nets\n93.66.0.0/16      abuse=blocked_nets\n93.68.0.0/14      abuse=blocked_nets\n93.72.0.0/13      abuse=blocked_nets\n93.80.0.0/12      abuse=blocked_nets\n93.96.0.0/11      abuse=blocked_nets\n93.94.32.0/21      abuse=blocked_nets\n93.128.0.0/11      abuse=blocked_nets\n93.160.0.0/12      abuse=blocked_nets\n93.176.0.0/17      abuse=blocked_nets\n93.176.192.0/18      abuse=blocked_nets\n93.177.0.0/16      abuse=blocked_nets\n93.178.0.0/15      abuse=blocked_nets\n93.180.0.0/14      abuse=blocked_nets\n93.184.0.0/13      abuse=blocked_nets\n93.174.64.0/21      abuse=blocked_nets\n94.0.0.0/14      abuse=blocked_nets\n94.8.0.0/13      abuse=blocked_nets\n94.16.0.0/13      abuse=blocked_nets\n94.24.0.0/14      abuse=blocked_nets\n94.28.0.0/15      abuse=blocked_nets\n94.30.0.0/16      abuse=blocked_nets\n94.31.0.0/18      abuse=blocked_nets\n94.31.64.0/19      abuse=blocked_nets\n94.31.96.0/20      abuse=blocked_nets\n94.31.112.0/22      abuse=blocked_nets\n94.31.120.0/21      abuse=blocked_nets\n94.31.128.0/17      abuse=blocked_nets\n94.32.0.0/15      abuse=blocked_nets\n94.35.0.0/16      abuse=blocked_nets\n94.36.0.0/14      abuse=blocked_nets\n94.40.0.0/13      abuse=blocked_nets\n94.48.0.0/12      abuse=blocked_nets\n94.64.0.0/11      abuse=blocked_nets\n94.96.0.0/13      abuse=blocked_nets\n94.112.0.0/12      abuse=blocked_nets\n94.128.0.0/14      abuse=blocked_nets\n94.132.0.0/15      abuse=blocked_nets\n94.136.0.0/15      abuse=blocked_nets\n94.138.0.0/16      abuse=blocked_nets\n94.139.0.0/20      abuse=blocked_nets\n94.139.32.0/19      abuse=blocked_nets\n94.139.64.0/18      abuse=blocked_nets\n94.139.128.0/17      abuse=blocked_nets\n94.140.0.0/15      abuse=blocked_nets\n94.140.16.0/24      abuse=blocked_nets\n94.142.0.0/17      abuse=blocked_nets\n94.142.128.0/18      abuse=blocked_nets\n94.142.192.0/20      abuse=blocked_nets\n94.142.216.0/21      abuse=blocked_nets\n94.142.224.0/19      abuse=blocked_nets\n94.143.0.0/16      abuse=blocked_nets\n94.143.105.0/24      abuse=blocked_nets\n94.143.106.0/23      abuse=blocked_nets\n94.143.108.0/23      abuse=blocked_nets\n94.143.110.0/24      abuse=blocked_nets\n94.144.0.0/12      abuse=blocked_nets\n94.160.0.0/11      abuse=blocked_nets\n94.192.0.0/12      abuse=blocked_nets\n94.212.0.0/14      abuse=blocked_nets\n94.216.0.0/13      abuse=blocked_nets\n94.224.0.0/13      abuse=blocked_nets\n94.232.0.0/15      abuse=blocked_nets\n94.235.0.0/16      abuse=blocked_nets\n94.236.0.0/14      abuse=blocked_nets\n94.240.0.0/12      abuse=blocked_nets\n94.245.64.0/18      abuse=blocked_nets\n95.0.0.0/10      abuse=blocked_nets\n95.64.0.0/12      abuse=blocked_nets\n95.80.0.0/13      abuse=blocked_nets\n95.92.0.0/14      abuse=blocked_nets\n95.96.0.0/11      abuse=blocked_nets\n95.128.0.0/10      abuse=blocked_nets\n95.192.0.0/12      abuse=blocked_nets\n95.208.0.0/13      abuse=blocked_nets\n95.216.0.0/21      abuse=blocked_nets\n95.216.8.0/22      abuse=blocked_nets\n95.216.12.0/25      abuse=blocked_nets\n95.216.12.128/27      abuse=blocked_nets\n95.216.12.160/29      abuse=blocked_nets\n95.216.12.168/31      abuse=blocked_nets\n95.216.12.171/32      abuse=blocked_nets\n95.216.12.172/30      abuse=blocked_nets\n95.216.12.176/28      abuse=blocked_nets\n95.216.12.192/26      abuse=blocked_nets\n95.216.13.0/24      abuse=blocked_nets\n95.216.14.0/23      abuse=blocked_nets\n95.216.16.0/20      abuse=blocked_nets\n95.216.32.0/19      abuse=blocked_nets\n95.216.64.0/18      abuse=blocked_nets\n95.216.128.0/17      abuse=blocked_nets\n95.217.0.0/16      abuse=blocked_nets\n95.218.0.0/15      abuse=blocked_nets\n95.220.0.0/14      abuse=blocked_nets\n95.224.0.0/11      abuse=blocked_nets\n98.64.0.0/14      abuse=blocked_nets\n98.70.0.0/15      abuse=blocked_nets\n98.142.122.0/23      abuse=blocked_nets\n101.0.0.0/8      abuse=blocked_nets\n102.0.0.0/10      abuse=blocked_nets\n102.64.0.0/12      abuse=blocked_nets\n102.80.0.0/13      abuse=blocked_nets\n102.96.0.0/11      abuse=blocked_nets\n102.128.0.0/11      abuse=blocked_nets\n102.133.0.0/16      abuse=blocked_nets\n102.160.0.0/12      abuse=blocked_nets\n102.176.0.0/14      abuse=blocked_nets\n102.180.0.0/15      abuse=blocked_nets\n102.183.0.0/16      abuse=blocked_nets\n102.184.0.0/13      abuse=blocked_nets\n102.192.0.0/10      abuse=blocked_nets\n102.211.187.0/24      abuse=blocked_nets\n102.223.214.0/24      abuse=blocked_nets\n103.0.0.0/11      abuse=blocked_nets\n103.32.0.0/12      abuse=blocked_nets\n103.48.0.0/16      abuse=blocked_nets\n103.49.0.0/17      abuse=blocked_nets\n103.49.128.0/18      abuse=blocked_nets\n103.49.192.0/21      abuse=blocked_nets\n103.49.200.0/23      abuse=blocked_nets\n103.49.202.0/24      abuse=blocked_nets\n103.49.204.0/22      abuse=blocked_nets\n103.49.208.0/20      abuse=blocked_nets\n103.49.224.0/19      abuse=blocked_nets\n103.50.0.0/15      abuse=blocked_nets\n103.52.0.0/14      abuse=blocked_nets\n103.56.0.0/13      abuse=blocked_nets\n103.8.80.0/24      abuse=blocked_nets\n103.36.129.0/24      abuse=blocked_nets\n103.58.119.0/24      abuse=blocked_nets\n103.61.61.0/24      abuse=blocked_nets\n103.61.62.0/23      abuse=blocked_nets\n103.64.0.0/11      abuse=blocked_nets\n103.96.0.0/15      abuse=blocked_nets\n103.98.0.0/16      abuse=blocked_nets\n103.99.0.0/17      abuse=blocked_nets\n103.99.128.0/18      abuse=blocked_nets\n103.99.192.0/20      abuse=blocked_nets\n103.99.208.0/21      abuse=blocked_nets\n103.99.217.0/24      abuse=blocked_nets\n103.99.218.0/23      abuse=blocked_nets\n103.99.220.0/22      abuse=blocked_nets\n103.99.224.0/19      abuse=blocked_nets\n103.100.0.0/14      abuse=blocked_nets\n103.103.44.0/22      abuse=blocked_nets\n103.104.0.0/13      abuse=blocked_nets\n103.112.0.0/12      abuse=blocked_nets\n103.128.0.0/12      abuse=blocked_nets\n103.131.148.0/23      abuse=blocked_nets\n103.144.0.0/13      abuse=blocked_nets\n103.152.0.0/14      abuse=blocked_nets\n103.156.0.0/15      abuse=blocked_nets\n103.158.0.0/16      abuse=blocked_nets\n103.159.0.0/17      abuse=blocked_nets\n103.159.128.0/18      abuse=blocked_nets\n103.159.192.0/20      abuse=blocked_nets\n103.159.208.0/21      abuse=blocked_nets\n103.159.216.0/23      abuse=blocked_nets\n103.159.219.0/24      abuse=blocked_nets\n103.159.220.0/22      abuse=blocked_nets\n103.159.224.0/19      abuse=blocked_nets\n103.160.0.0/11      abuse=blocked_nets\n103.164.237.0/24      abuse=blocked_nets\n103.192.0.0/14      abuse=blocked_nets\n103.196.0.0/16      abuse=blocked_nets\n103.197.0.0/17      abuse=blocked_nets\n103.197.128.0/20      abuse=blocked_nets\n103.197.144.0/21      abuse=blocked_nets\n103.197.152.0/24      abuse=blocked_nets\n103.197.154.0/23      abuse=blocked_nets\n103.197.156.0/22      abuse=blocked_nets\n103.197.160.0/19      abuse=blocked_nets\n103.197.192.0/18      abuse=blocked_nets\n103.198.0.0/15      abuse=blocked_nets\n103.200.0.0/13      abuse=blocked_nets\n103.204.21.0/24      abuse=blocked_nets\n103.204.22.0/24      abuse=blocked_nets\n103.208.0.0/12      abuse=blocked_nets\n103.224.0.0/14      abuse=blocked_nets\n103.228.0.0/15      abuse=blocked_nets\n103.230.0.0/18      abuse=blocked_nets\n103.230.64.0/19      abuse=blocked_nets\n103.230.96.0/21      abuse=blocked_nets\n103.230.105.0/24      abuse=blocked_nets\n103.230.106.0/23      abuse=blocked_nets\n103.230.108.0/22      abuse=blocked_nets\n103.230.112.0/20      abuse=blocked_nets\n103.230.128.0/17      abuse=blocked_nets\n103.231.0.0/16      abuse=blocked_nets\n103.232.0.0/13      abuse=blocked_nets\n103.240.0.0/13      abuse=blocked_nets\n103.248.0.0/16      abuse=blocked_nets\n103.249.0.0/19      abuse=blocked_nets\n103.249.32.0/22      abuse=blocked_nets\n103.249.40.0/21      abuse=blocked_nets\n103.249.48.0/20      abuse=blocked_nets\n103.249.62.0/23      abuse=blocked_nets\n103.249.64.0/18      abuse=blocked_nets\n103.249.128.0/17      abuse=blocked_nets\n103.250.0.0/15      abuse=blocked_nets\n103.252.0.0/14      abuse=blocked_nets\n103.254.7.0/24      abuse=blocked_nets\n104.40.0.0/13      abuse=blocked_nets\n104.146.128.0/17      abuse=blocked_nets\n104.193.12.0/23      abuse=blocked_nets\n104.193.126.0/24      abuse=blocked_nets\n104.204.254.0/24      abuse=blocked_nets\n104.208.0.0/13      abuse=blocked_nets\n104.237.40.0/24      abuse=blocked_nets\n105.0.0.0/9      abuse=blocked_nets\n105.128.0.0/11      abuse=blocked_nets\n105.160.0.0/15      abuse=blocked_nets\n105.162.0.0/16      abuse=blocked_nets\n105.163.0.0/23      abuse=blocked_nets\n105.163.3.0/24      abuse=blocked_nets\n105.163.4.0/22      abuse=blocked_nets\n105.163.8.0/21      abuse=blocked_nets\n105.163.16.0/20      abuse=blocked_nets\n105.163.32.0/19      abuse=blocked_nets\n105.163.64.0/18      abuse=blocked_nets\n105.163.128.0/17      abuse=blocked_nets\n105.164.0.0/14      abuse=blocked_nets\n105.168.0.0/13      abuse=blocked_nets\n105.176.0.0/12      abuse=blocked_nets\n105.192.0.0/10      abuse=blocked_nets\n108.140.0.0/14      abuse=blocked_nets\n108.161.110.0/24      abuse=blocked_nets\n109.0.0.0/9      abuse=blocked_nets\n109.128.0.0/14      abuse=blocked_nets\n109.132.0.0/15      abuse=blocked_nets\n109.135.0.0/16      abuse=blocked_nets\n109.136.0.0/13      abuse=blocked_nets\n109.160.0.0/11      abuse=blocked_nets\n109.192.0.0/10      abuse=blocked_nets\n109.246.0.0/16      abuse=blocked_nets\n110.0.0.0/8      abuse=blocked_nets\n111.0.0.0/8      abuse=blocked_nets\n111.221.16.0/21      abuse=blocked_nets\n111.221.24.0/22      abuse=blocked_nets\n111.221.29.0/24      abuse=blocked_nets\n111.221.30.0/23      abuse=blocked_nets\n111.221.64.0/18      abuse=blocked_nets\n113.0.0.0/12      abuse=blocked_nets\n113.16.0.0/14      abuse=blocked_nets\n113.20.0.0/15      abuse=blocked_nets\n113.22.0.0/19      abuse=blocked_nets\n113.22.32.0/20      abuse=blocked_nets\n113.22.49.0/24      abuse=blocked_nets\n113.22.50.0/23      abuse=blocked_nets\n113.22.52.0/22      abuse=blocked_nets\n113.22.56.0/21      abuse=blocked_nets\n113.22.64.0/18      abuse=blocked_nets\n113.22.128.0/17      abuse=blocked_nets\n113.23.0.0/16      abuse=blocked_nets\n113.24.0.0/13      abuse=blocked_nets\n113.32.0.0/11      abuse=blocked_nets\n113.64.0.0/10      abuse=blocked_nets\n113.130.0.0/15      abuse=blocked_nets\n113.132.0.0/14      abuse=blocked_nets\n113.136.0.0/13      abuse=blocked_nets\n113.144.0.0/12      abuse=blocked_nets\n113.160.0.0/11      abuse=blocked_nets\n113.192.0.0/10      abuse=blocked_nets\n113.197.64.0/22      abuse=blocked_nets\n115.42.47.0/24      abuse=blocked_nets\n117.121.247.0/24      abuse=blocked_nets\n119.0.0.0/8      abuse=blocked_nets\n122.0.0.0/9      abuse=blocked_nets\n122.128.0.0/11      abuse=blocked_nets\n122.149.0.0/16      abuse=blocked_nets\n122.160.0.0/12      abuse=blocked_nets\n122.176.0.0/13      abuse=blocked_nets\n122.184.0.0/15      abuse=blocked_nets\n122.186.0.0/16      abuse=blocked_nets\n122.187.0.0/18      abuse=blocked_nets\n122.187.128.0/17      abuse=blocked_nets\n122.188.0.0/14      abuse=blocked_nets\n122.192.0.0/10      abuse=blocked_nets\n123.0.0.0/8      abuse=blocked_nets\n124.0.0.0/9      abuse=blocked_nets\n124.128.0.0/11      abuse=blocked_nets\n124.160.0.0/13      abuse=blocked_nets\n124.168.0.0/17      abuse=blocked_nets\n124.168.128.0/18      abuse=blocked_nets\n124.168.192.0/19      abuse=blocked_nets\n124.168.224.0/20      abuse=blocked_nets\n124.168.240.0/21      abuse=blocked_nets\n124.169.0.0/16      abuse=blocked_nets\n124.170.0.0/15      abuse=blocked_nets\n124.172.0.0/14      abuse=blocked_nets\n124.176.0.0/12      abuse=blocked_nets\n124.192.0.0/10      abuse=blocked_nets\n124.252.0.0/16      abuse=blocked_nets\n128.24.0.0/16      abuse=blocked_nets\n128.36.15.0/24      abuse=blocked_nets\n128.85.0.0/16      abuse=blocked_nets\n128.94.0.0/16      abuse=blocked_nets\n128.127.76.0/24      abuse=blocked_nets\n128.127.79.0/24      abuse=blocked_nets\n128.203.0.0/16      abuse=blocked_nets\n128.241.0.0/16      abuse=blocked_nets\n128.251.0.0/16      abuse=blocked_nets\n129.35.19.0/24      abuse=blocked_nets\n129.135.0.0/16      abuse=blocked_nets\n130.17.64.0/22      abuse=blocked_nets\n130.17.73.0/24      abuse=blocked_nets\n130.17.80.0/23      abuse=blocked_nets\n130.17.84.0/24      abuse=blocked_nets\n130.17.86.0/24      abuse=blocked_nets\n130.17.88.0/22      abuse=blocked_nets\n130.17.94.0/24      abuse=blocked_nets\n130.33.0.0/16      abuse=blocked_nets\n130.107.0.0/16      abuse=blocked_nets\n130.115.248.0/21      abuse=blocked_nets\n130.131.0.0/16      abuse=blocked_nets\n130.213.0.0/16      abuse=blocked_nets\n131.0.0.0/8      abuse=blocked_nets\n131.145.0.0/16      abuse=blocked_nets\n131.163.0.0/16      abuse=blocked_nets\n131.176.228.0/22      abuse=blocked_nets\n131.189.0.0/16      abuse=blocked_nets\n131.253.1.0/24      abuse=blocked_nets\n131.253.5.0/24      abuse=blocked_nets\n131.253.6.0/24      abuse=blocked_nets\n131.253.8.0/24      abuse=blocked_nets\n131.253.12.0/22      abuse=blocked_nets\n131.253.24.0/21      abuse=blocked_nets\n131.253.32.0/20      abuse=blocked_nets\n131.253.61.0/24      abuse=blocked_nets\n131.253.62.0/23      abuse=blocked_nets\n131.253.128.0/17      abuse=blocked_nets\n132.164.0.0/16      abuse=blocked_nets\n132.196.0.0/16      abuse=blocked_nets\n132.220.0.0/16      abuse=blocked_nets\n132.245.0.0/16      abuse=blocked_nets\n134.33.0.0/16      abuse=blocked_nets\n134.112.0.0/16      abuse=blocked_nets\n134.138.0.0/16      abuse=blocked_nets\n134.149.0.0/16      abuse=blocked_nets\n134.170.0.0/16      abuse=blocked_nets\n134.217.7.0/24      abuse=blocked_nets\n135.4.0.0/16      abuse=blocked_nets\n135.6.0.0/15      abuse=blocked_nets\n135.13.0.0/16      abuse=blocked_nets\n135.18.0.0/16      abuse=blocked_nets\n135.56.0.0/24      abuse=blocked_nets\n135.56.2.0/24      abuse=blocked_nets\n135.56.4.0/23      abuse=blocked_nets\n135.56.6.0/24      abuse=blocked_nets\n135.56.8.0/24      abuse=blocked_nets\n135.85.0.0/16      abuse=blocked_nets\n135.86.0.0/16      abuse=blocked_nets\n135.88.0.0/16      abuse=blocked_nets\n135.93.0.0/16      abuse=blocked_nets\n135.116.0.0/16      abuse=blocked_nets\n135.119.0.0/16      abuse=blocked_nets\n135.130.0.0/16      abuse=blocked_nets\n135.149.0.0/16      abuse=blocked_nets\n135.171.0.0/16      abuse=blocked_nets\n135.183.0.0/16      abuse=blocked_nets\n135.185.0.0/16      abuse=blocked_nets\n135.220.0.0/15      abuse=blocked_nets\n135.222.0.0/16      abuse=blocked_nets\n135.224.0.0/15      abuse=blocked_nets\n135.226.0.0/16      abuse=blocked_nets\n135.228.0.0/15      abuse=blocked_nets\n135.230.0.0/16      abuse=blocked_nets\n135.232.0.0/14      abuse=blocked_nets\n135.236.0.0/15      abuse=blocked_nets\n135.240.0.0/15      abuse=blocked_nets\n135.244.0.0/16      abuse=blocked_nets\n135.246.0.0/15      abuse=blocked_nets\n135.254.0.0/15      abuse=blocked_nets\n136.243.220.0/24      abuse=blocked_nets\n137.70.152.0/24      abuse=blocked_nets\n137.70.154.0/24      abuse=blocked_nets\n137.116.0.0/15      abuse=blocked_nets\n137.132.48.0/23      abuse=blocked_nets\n137.135.0.0/16      abuse=blocked_nets\n137.162.0.0/16      abuse=blocked_nets\n138.0.0.0/9      abuse=blocked_nets\n138.32.108.0/22      abuse=blocked_nets\n138.32.112.0/24      abuse=blocked_nets\n138.32.114.0/24      abuse=blocked_nets\n138.91.0.0/16      abuse=blocked_nets\n138.105.0.0/16      abuse=blocked_nets\n138.128.0.0/10      abuse=blocked_nets\n138.128.250.0/23      abuse=blocked_nets\n138.192.0.0/13      abuse=blocked_nets\n138.200.0.0/16      abuse=blocked_nets\n138.202.0.0/15      abuse=blocked_nets\n138.204.0.0/14      abuse=blocked_nets\n138.208.0.0/12      abuse=blocked_nets\n138.213.0.0/16      abuse=blocked_nets\n138.224.0.0/11      abuse=blocked_nets\n138.239.0.0/16      abuse=blocked_nets\n139.188.0.0/16      abuse=blocked_nets\n140.150.226.0/23      abuse=blocked_nets\n141.11.196.0/24      abuse=blocked_nets\n141.59.240.0/21      abuse=blocked_nets\n141.193.248.0/24      abuse=blocked_nets\n141.206.200.0/24      abuse=blocked_nets\n142.0.188.0/23      abuse=blocked_nets\n142.55.22.0/24      abuse=blocked_nets\n142.147.54.0/24      abuse=blocked_nets\n142.147.61.0/24      abuse=blocked_nets\n142.225.36.0/23      abuse=blocked_nets\n142.229.194.0/23      abuse=blocked_nets\n142.249.95.0/24      abuse=blocked_nets\n143.0.0.0/11      abuse=blocked_nets\n143.32.0.0/12      abuse=blocked_nets\n143.48.0.0/13      abuse=blocked_nets\n143.56.0.0/15      abuse=blocked_nets\n143.58.0.0/17      abuse=blocked_nets\n143.59.0.0/16      abuse=blocked_nets\n143.60.0.0/14      abuse=blocked_nets\n143.64.0.0/10      abuse=blocked_nets\n143.128.0.0/11      abuse=blocked_nets\n143.160.0.0/12      abuse=blocked_nets\n143.176.0.0/16      abuse=blocked_nets\n143.178.0.0/16      abuse=blocked_nets\n143.180.0.0/14      abuse=blocked_nets\n143.184.0.0/13      abuse=blocked_nets\n143.188.148.0/22      abuse=blocked_nets\n143.188.152.0/21      abuse=blocked_nets\n143.188.160.0/23      abuse=blocked_nets\n143.192.0.0/10      abuse=blocked_nets\n143.209.0.0/16      abuse=blocked_nets\n143.226.0.0/16      abuse=blocked_nets\n143.241.0.0/16      abuse=blocked_nets\n144.77.160.0/23      abuse=blocked_nets\n144.77.162.0/24      abuse=blocked_nets\n144.203.152.0/23      abuse=blocked_nets\n145.46.160.0/22      abuse=blocked_nets\n145.46.164.0/23      abuse=blocked_nets\n145.69.64.0/20      abuse=blocked_nets\n145.83.4.0/22      abuse=blocked_nets\n145.129.0.0/16      abuse=blocked_nets\n145.130.0.0/16      abuse=blocked_nets\n145.132.0.0/15      abuse=blocked_nets\n145.190.0.0/15      abuse=blocked_nets\n145.219.18.0/23      abuse=blocked_nets\n145.219.20.0/22      abuse=blocked_nets\n145.219.24.0/21      abuse=blocked_nets\n145.219.32.0/23      abuse=blocked_nets\n146.116.249.0/24      abuse=blocked_nets\n146.174.160.0/19      abuse=blocked_nets\n146.225.0.0/21      abuse=blocked_nets\n147.79.26.0/24      abuse=blocked_nets\n147.140.72.0/23      abuse=blocked_nets\n147.140.74.0/24      abuse=blocked_nets\n147.145.0.0/16      abuse=blocked_nets\n147.160.48.0/24      abuse=blocked_nets\n147.214.0.0/16      abuse=blocked_nets\n147.243.0.0/16      abuse=blocked_nets\n148.7.0.0/16      abuse=blocked_nets\n148.53.0.0/16      abuse=blocked_nets\n148.59.127.0/24      abuse=blocked_nets\n149.1.0.0/16      abuse=blocked_nets\n149.175.0.0/16      abuse=blocked_nets\n149.198.0.0/16      abuse=blocked_nets\n149.204.0.0/16      abuse=blocked_nets\n150.0.0.0/8      abuse=blocked_nets\n150.171.0.0/16      abuse=blocked_nets\n150.212.0.0/16      abuse=blocked_nets\n151.129.0.0/16      abuse=blocked_nets\n151.206.0.0/16      abuse=blocked_nets\n151.241.36.0/23      abuse=blocked_nets\n151.242.202.0/23      abuse=blocked_nets\n151.242.205.0/24      abuse=blocked_nets\n151.243.36.0/24      abuse=blocked_nets\n151.243.47.0/24      abuse=blocked_nets\n151.244.14.0/24      abuse=blocked_nets\n151.244.66.0/23      abuse=blocked_nets\n152.0.0.0/16      abuse=blocked_nets\n152.2.0.0/15      abuse=blocked_nets\n152.4.0.0/15      abuse=blocked_nets\n152.6.0.0/16      abuse=blocked_nets\n152.8.0.0/14      abuse=blocked_nets\n152.12.0.0/15      abuse=blocked_nets\n152.15.0.0/16      abuse=blocked_nets\n152.16.0.0/12      abuse=blocked_nets\n152.32.0.0/14      abuse=blocked_nets\n152.36.0.0/16      abuse=blocked_nets\n152.37.0.0/18      abuse=blocked_nets\n152.37.128.0/17      abuse=blocked_nets\n152.38.0.0/15      abuse=blocked_nets\n152.38.156.0/24      abuse=blocked_nets\n152.40.0.0/13      abuse=blocked_nets\n152.48.0.0/13      abuse=blocked_nets\n152.60.0.0/14      abuse=blocked_nets\n152.64.0.0/10      abuse=blocked_nets\n152.128.0.0/10      abuse=blocked_nets\n152.138.0.0/16      abuse=blocked_nets\n152.192.0.0/11      abuse=blocked_nets\n152.224.0.0/14      abuse=blocked_nets\n152.228.0.0/15      abuse=blocked_nets\n152.230.0.0/16      abuse=blocked_nets\n152.231.0.0/19      abuse=blocked_nets\n152.231.32.0/20      abuse=blocked_nets\n152.231.64.0/18      abuse=blocked_nets\n152.231.128.0/17      abuse=blocked_nets\n152.232.0.0/13      abuse=blocked_nets\n152.240.0.0/13      abuse=blocked_nets\n152.248.0.0/16      abuse=blocked_nets\n152.250.0.0/15      abuse=blocked_nets\n152.252.0.0/14      abuse=blocked_nets\n153.65.20.0/24      abuse=blocked_nets\n153.65.71.0/24      abuse=blocked_nets\n155.55.192.0/22      abuse=blocked_nets\n155.60.224.0/23      abuse=blocked_nets\n155.60.226.0/24      abuse=blocked_nets\n155.60.232.0/23      abuse=blocked_nets\n155.60.234.0/24      abuse=blocked_nets\n155.60.240.0/23      abuse=blocked_nets\n155.60.242.0/24      abuse=blocked_nets\n155.62.0.0/16      abuse=blocked_nets\n155.103.184.0/24      abuse=blocked_nets\n155.231.208.0/23      abuse=blocked_nets\n156.20.22.0/23      abuse=blocked_nets\n156.23.0.0/16      abuse=blocked_nets\n156.29.16.0/24      abuse=blocked_nets\n157.31.0.0/16      abuse=blocked_nets\n157.55.0.0/16      abuse=blocked_nets\n157.56.0.0/16      abuse=blocked_nets\n157.81.0.0/16      abuse=blocked_nets\n157.95.0.0/16      abuse=blocked_nets\n157.172.0.0/16      abuse=blocked_nets\n157.176.0.0/16      abuse=blocked_nets\n157.207.4.0/23      abuse=blocked_nets\n157.252.0.0/16      abuse=blocked_nets\n158.23.0.0/16      abuse=blocked_nets\n158.24.0.0/16      abuse=blocked_nets\n158.53.0.0/16      abuse=blocked_nets\n158.58.136.0/21      abuse=blocked_nets\n158.86.31.0/24      abuse=blocked_nets\n158.86.95.0/24      abuse=blocked_nets\n158.116.129.0/24      abuse=blocked_nets\n158.158.0.0/16      abuse=blocked_nets\n159.0.0.0/9      abuse=blocked_nets\n159.14.174.0/24      abuse=blocked_nets\n159.14.176.0/24      abuse=blocked_nets\n159.105.18.0/24      abuse=blocked_nets\n159.128.0.0/10      abuse=blocked_nets\n159.128.0.0/16      abuse=blocked_nets\n159.192.0.0/14      abuse=blocked_nets\n159.196.0.0/17      abuse=blocked_nets\n159.196.128.0/22      abuse=blocked_nets\n159.196.136.0/21      abuse=blocked_nets\n159.196.144.0/20      abuse=blocked_nets\n159.196.160.0/21      abuse=blocked_nets\n159.196.172.0/22      abuse=blocked_nets\n159.196.176.0/20      abuse=blocked_nets\n159.196.192.0/18      abuse=blocked_nets\n159.197.0.0/16      abuse=blocked_nets\n159.198.0.0/15      abuse=blocked_nets\n159.200.0.0/13      abuse=blocked_nets\n159.208.0.0/12      abuse=blocked_nets\n159.222.162.0/24      abuse=blocked_nets\n159.224.0.0/11      abuse=blocked_nets\n160.0.0.0/8      abuse=blocked_nets\n160.4.0.0/16      abuse=blocked_nets\n160.92.192.0/24      abuse=blocked_nets\n160.187.9.0/24      abuse=blocked_nets\n160.207.0.0/16      abuse=blocked_nets\n160.234.0.0/16      abuse=blocked_nets\n161.131.104.0/24      abuse=blocked_nets\n161.131.217.0/24      abuse=blocked_nets\n161.157.0.0/16      abuse=blocked_nets\n161.195.96.0/21      abuse=blocked_nets\n161.195.152.0/24      abuse=blocked_nets\n161.195.155.0/24      abuse=blocked_nets\n161.195.188.0/23      abuse=blocked_nets\n161.195.248.0/24      abuse=blocked_nets\n161.220.0.0/16      abuse=blocked_nets\n161.221.0.0/22      abuse=blocked_nets\n161.221.4.0/23      abuse=blocked_nets\n161.221.6.0/24      abuse=blocked_nets\n162.0.0.0/8      abuse=blocked_nets\n162.131.1.0/24      abuse=blocked_nets\n162.131.2.0/24      abuse=blocked_nets\n162.253.106.0/24      abuse=blocked_nets\n162.254.245.0/24      abuse=blocked_nets\n162.254.247.0/24      abuse=blocked_nets\n163.57.0.0/16      abuse=blocked_nets\n163.61.89.0/24      abuse=blocked_nets\n163.199.84.0/23      abuse=blocked_nets\n164.47.80.0/23      abuse=blocked_nets\n164.75.128.0/22      abuse=blocked_nets\n164.75.132.0/23      abuse=blocked_nets\n165.15.0.0/16      abuse=blocked_nets\n165.17.0.0/16      abuse=blocked_nets\n165.99.141.0/24      abuse=blocked_nets\n165.125.48.0/21      abuse=blocked_nets\n165.130.253.0/24      abuse=blocked_nets\n165.224.64.0/22      abuse=blocked_nets\n166.0.0.0/11      abuse=blocked_nets\n166.32.0.0/12      abuse=blocked_nets\n166.48.0.0/17      abuse=blocked_nets\n166.48.144.0/20      abuse=blocked_nets\n166.48.160.0/19      abuse=blocked_nets\n166.48.192.0/18      abuse=blocked_nets\n166.49.0.0/16      abuse=blocked_nets\n166.50.0.0/15      abuse=blocked_nets\n166.52.0.0/14      abuse=blocked_nets\n166.56.0.0/13      abuse=blocked_nets\n166.64.0.0/10      abuse=blocked_nets\n166.98.6.0/23      abuse=blocked_nets\n166.128.0.0/9      abuse=blocked_nets\n167.21.32.0/21      abuse=blocked_nets\n167.21.152.0/21      abuse=blocked_nets\n167.92.211.0/24      abuse=blocked_nets\n167.92.212.0/24      abuse=blocked_nets\n167.105.0.0/16      abuse=blocked_nets\n167.162.0.0/16      abuse=blocked_nets\n167.186.0.0/16      abuse=blocked_nets\n167.231.0.0/16      abuse=blocked_nets\n167.253.12.0/22      abuse=blocked_nets\n168.0.0.0/10      abuse=blocked_nets\n168.61.0.0/16      abuse=blocked_nets\n168.62.0.0/15      abuse=blocked_nets\n168.64.0.0/11      abuse=blocked_nets\n168.96.0.0/12      abuse=blocked_nets\n168.98.112.0/21      abuse=blocked_nets\n168.112.0.0/14      abuse=blocked_nets\n168.116.0.0/15      abuse=blocked_nets\n168.118.0.0/16      abuse=blocked_nets\n168.120.0.0/13      abuse=blocked_nets\n168.128.0.0/11      abuse=blocked_nets\n168.137.64.0/20      abuse=blocked_nets\n168.160.0.0/12      abuse=blocked_nets\n168.176.0.0/13      abuse=blocked_nets\n168.184.0.0/18      abuse=blocked_nets\n168.184.64.0/20      abuse=blocked_nets\n168.184.80.0/22      abuse=blocked_nets\n168.184.85.0/24      abuse=blocked_nets\n168.184.86.0/23      abuse=blocked_nets\n168.184.88.0/21      abuse=blocked_nets\n168.184.96.0/19      abuse=blocked_nets\n168.184.128.0/17      abuse=blocked_nets\n168.185.0.0/16      abuse=blocked_nets\n168.186.0.0/15      abuse=blocked_nets\n168.188.0.0/14      abuse=blocked_nets\n168.192.0.0/10      abuse=blocked_nets\n169.138.0.0/16      abuse=blocked_nets\n169.224.0.0/16      abuse=blocked_nets\n170.0.0.0/8      abuse=blocked_nets\n170.22.154.0/23      abuse=blocked_nets\n170.22.156.0/23      abuse=blocked_nets\n170.39.84.0/23      abuse=blocked_nets\n170.39.86.0/24      abuse=blocked_nets\n170.62.37.0/24      abuse=blocked_nets\n170.75.176.0/24      abuse=blocked_nets\n170.110.250.0/24      abuse=blocked_nets\n170.114.56.0/23      abuse=blocked_nets\n170.165.0.0/16      abuse=blocked_nets\n170.170.120.0/22      abuse=blocked_nets\n170.170.127.0/24      abuse=blocked_nets\n170.176.133.0/24      abuse=blocked_nets\n170.176.140.0/24      abuse=blocked_nets\n170.176.147.0/24      abuse=blocked_nets\n170.176.205.0/24      abuse=blocked_nets\n172.0.0.0/8      abuse=blocked_nets\n172.128.0.0/10      abuse=blocked_nets\n172.192.0.0/12      abuse=blocked_nets\n172.208.0.0/13      abuse=blocked_nets\n173.200.0.0/16      abuse=blocked_nets\n173.241.37.0/24      abuse=blocked_nets\n173.241.44.0/24      abuse=blocked_nets\n176.8.0.0/13      abuse=blocked_nets\n176.16.0.0/12      abuse=blocked_nets\n176.32.0.0/11      abuse=blocked_nets\n176.64.0.0/12      abuse=blocked_nets\n176.80.0.0/14      abuse=blocked_nets\n176.84.0.0/15      abuse=blocked_nets\n176.87.0.0/16      abuse=blocked_nets\n176.88.0.0/13      abuse=blocked_nets\n176.96.0.0/11      abuse=blocked_nets\n176.116.123.0/24      abuse=blocked_nets\n176.128.0.0/9      abuse=blocked_nets\n177.0.0.0/10      abuse=blocked_nets\n177.64.0.0/11      abuse=blocked_nets\n177.96.0.0/14      abuse=blocked_nets\n177.100.0.0/15      abuse=blocked_nets\n177.104.0.0/13      abuse=blocked_nets\n177.112.0.0/12      abuse=blocked_nets\n177.128.0.0/9      abuse=blocked_nets\n178.93.137.0/24      abuse=blocked_nets\n178.93.138.0/24      abuse=blocked_nets\n178.251.21.0/24      abuse=blocked_nets\n178.255.242.0/24      abuse=blocked_nets\n179.0.0.0/9      abuse=blocked_nets\n179.128.0.0/15      abuse=blocked_nets\n179.130.0.0/23      abuse=blocked_nets\n179.130.2.0/24      abuse=blocked_nets\n179.130.4.0/22      abuse=blocked_nets\n179.130.8.0/21      abuse=blocked_nets\n179.130.16.0/20      abuse=blocked_nets\n179.130.32.0/19      abuse=blocked_nets\n179.130.64.0/18      abuse=blocked_nets\n179.130.128.0/17      abuse=blocked_nets\n179.131.0.0/16      abuse=blocked_nets\n179.132.0.0/14      abuse=blocked_nets\n179.136.0.0/13      abuse=blocked_nets\n179.144.0.0/12      abuse=blocked_nets\n179.160.0.0/11      abuse=blocked_nets\n179.192.0.0/11      abuse=blocked_nets\n179.224.0.0/13      abuse=blocked_nets\n179.236.0.0/14      abuse=blocked_nets\n179.240.0.0/12      abuse=blocked_nets\n181.0.0.0/10      abuse=blocked_nets\n181.64.0.0/11      abuse=blocked_nets\n181.96.0.0/15      abuse=blocked_nets\n181.99.0.0/16      abuse=blocked_nets\n181.100.0.0/14      abuse=blocked_nets\n181.104.0.0/13      abuse=blocked_nets\n181.112.0.0/12      abuse=blocked_nets\n181.128.0.0/11      abuse=blocked_nets\n181.162.0.0/15      abuse=blocked_nets\n181.164.0.0/14      abuse=blocked_nets\n181.168.0.0/13      abuse=blocked_nets\n181.176.0.0/12      abuse=blocked_nets\n181.192.0.0/10      abuse=blocked_nets\n185.0.0.0/10      abuse=blocked_nets\n185.12.10.0/24      abuse=blocked_nets\n185.34.84.0/22      abuse=blocked_nets\n185.34.250.0/24      abuse=blocked_nets\n185.42.70.0/24      abuse=blocked_nets\n185.45.122.0/24      abuse=blocked_nets\n185.52.203.0/24      abuse=blocked_nets\n185.64.0.0/13      abuse=blocked_nets\n185.70.160.0/23      abuse=blocked_nets\n185.72.0.0/16      abuse=blocked_nets\n185.73.0.0/17      abuse=blocked_nets\n185.73.128.0/19      abuse=blocked_nets\n185.73.160.0/21      abuse=blocked_nets\n185.73.172.0/22      abuse=blocked_nets\n185.73.176.0/20      abuse=blocked_nets\n185.73.192.0/18      abuse=blocked_nets\n185.74.0.0/15      abuse=blocked_nets\n185.76.0.0/14      abuse=blocked_nets\n185.76.37.0/24      abuse=blocked_nets\n185.76.182.0/23      abuse=blocked_nets\n185.80.0.0/12      abuse=blocked_nets\n185.87.134.0/24      abuse=blocked_nets\n185.89.200.0/22      abuse=blocked_nets\n185.90.154.0/24      abuse=blocked_nets\n185.96.0.0/13      abuse=blocked_nets\n185.104.0.0/17      abuse=blocked_nets\n185.104.128.0/21      abuse=blocked_nets\n185.104.136.0/23      abuse=blocked_nets\n185.104.138.0/24      abuse=blocked_nets\n185.104.140.0/22      abuse=blocked_nets\n185.104.144.0/20      abuse=blocked_nets\n185.104.160.0/19      abuse=blocked_nets\n185.104.192.0/18      abuse=blocked_nets\n185.105.0.0/16      abuse=blocked_nets\n185.106.0.0/15      abuse=blocked_nets\n185.108.0.0/14      abuse=blocked_nets\n185.112.0.0/12      abuse=blocked_nets\n185.113.189.0/24      abuse=blocked_nets\n185.115.155.0/24      abuse=blocked_nets\n185.116.168.0/23      abuse=blocked_nets\n185.117.95.0/24      abuse=blocked_nets\n185.117.183.0/24      abuse=blocked_nets\n185.117.230.0/24      abuse=blocked_nets\n185.128.0.0/12      abuse=blocked_nets\n185.135.58.0/24      abuse=blocked_nets\n185.144.0.0/13      abuse=blocked_nets\n185.149.54.0/24      abuse=blocked_nets\n185.152.0.0/14      abuse=blocked_nets\n185.154.80.0/22      abuse=blocked_nets\n185.156.0.0/16      abuse=blocked_nets\n185.157.0.0/21      abuse=blocked_nets\n185.157.8.0/22      abuse=blocked_nets\n185.157.12.0/23      abuse=blocked_nets\n185.157.15.0/24      abuse=blocked_nets\n185.157.16.0/20      abuse=blocked_nets\n185.157.16.0/22      abuse=blocked_nets\n185.157.32.0/19      abuse=blocked_nets\n185.157.64.0/18      abuse=blocked_nets\n185.157.128.0/17      abuse=blocked_nets\n185.158.0.0/15      abuse=blocked_nets\n185.160.0.0/11      abuse=blocked_nets\n185.187.104.0/23      abuse=blocked_nets\n185.187.123.0/24      abuse=blocked_nets\n185.192.0.0/13      abuse=blocked_nets\n185.192.184.0/23      abuse=blocked_nets\n185.195.244.0/23      abuse=blocked_nets\n185.200.0.0/18      abuse=blocked_nets\n185.200.64.0/19      abuse=blocked_nets\n185.200.96.0/22      abuse=blocked_nets\n185.200.100.0/23      abuse=blocked_nets\n185.200.103.0/24      abuse=blocked_nets\n185.200.104.0/21      abuse=blocked_nets\n185.200.112.0/20      abuse=blocked_nets\n185.200.128.0/17      abuse=blocked_nets\n185.201.0.0/16      abuse=blocked_nets\n185.202.0.0/15      abuse=blocked_nets\n185.204.0.0/14      abuse=blocked_nets\n185.208.0.0/12      abuse=blocked_nets\n185.209.208.0/23      abuse=blocked_nets\n185.211.208.0/24      abuse=blocked_nets\n185.222.140.0/22      abuse=blocked_nets\n185.224.0.0/13      abuse=blocked_nets\n185.232.0.0/16      abuse=blocked_nets\n185.233.0.0/18      abuse=blocked_nets\n185.233.64.0/19      abuse=blocked_nets\n185.233.96.0/21      abuse=blocked_nets\n185.233.108.0/22      abuse=blocked_nets\n185.233.112.0/20      abuse=blocked_nets\n185.233.128.0/17      abuse=blocked_nets\n185.234.0.0/15      abuse=blocked_nets\n185.236.0.0/14      abuse=blocked_nets\n185.236.221.0/24      abuse=blocked_nets\n185.238.165.0/24      abuse=blocked_nets\n185.240.0.0/12      abuse=blocked_nets\n185.242.137.0/24      abuse=blocked_nets\n185.242.139.0/24      abuse=blocked_nets\n186.0.0.0/11      abuse=blocked_nets\n186.32.0.0/13      abuse=blocked_nets\n186.40.0.0/17      abuse=blocked_nets\n186.41.0.0/16      abuse=blocked_nets\n186.42.0.0/15      abuse=blocked_nets\n186.44.0.0/14      abuse=blocked_nets\n186.48.0.0/12      abuse=blocked_nets\n186.64.0.0/10      abuse=blocked_nets\n186.128.0.0/9      abuse=blocked_nets\n187.0.0.0/9      abuse=blocked_nets\n187.128.0.0/11      abuse=blocked_nets\n187.160.0.0/12      abuse=blocked_nets\n187.176.0.0/13      abuse=blocked_nets\n187.184.0.0/14      abuse=blocked_nets\n187.191.0.0/16      abuse=blocked_nets\n187.192.0.0/10      abuse=blocked_nets\n188.0.0.0/12      abuse=blocked_nets\n188.16.0.0/13      abuse=blocked_nets\n188.26.0.0/15      abuse=blocked_nets\n188.28.0.0/14      abuse=blocked_nets\n188.32.0.0/11      abuse=blocked_nets\n188.64.0.0/11      abuse=blocked_nets\n188.94.190.0/24      abuse=blocked_nets\n188.96.0.0/12      abuse=blocked_nets\n188.112.0.0/13      abuse=blocked_nets\n188.120.0.0/15      abuse=blocked_nets\n188.122.0.0/17      abuse=blocked_nets\n188.122.128.0/18      abuse=blocked_nets\n188.122.224.0/19      abuse=blocked_nets\n188.123.0.0/16      abuse=blocked_nets\n188.124.0.0/14      abuse=blocked_nets\n188.128.0.0/12      abuse=blocked_nets\n188.144.0.0/14      abuse=blocked_nets\n188.152.0.0/13      abuse=blocked_nets\n188.160.0.0/14      abuse=blocked_nets\n188.164.0.0/15      abuse=blocked_nets\n188.166.0.0/17      abuse=blocked_nets\n188.166.128.0/17      abuse=blocked_nets\n188.167.0.0/16      abuse=blocked_nets\n188.168.0.0/13      abuse=blocked_nets\n188.176.0.0/13      abuse=blocked_nets\n188.184.0.0/14      abuse=blocked_nets\n188.190.0.0/15      abuse=blocked_nets\n188.192.0.0/12      abuse=blocked_nets\n188.208.0.0/14      abuse=blocked_nets\n188.212.0.0/15      abuse=blocked_nets\n188.214.0.0/21      abuse=blocked_nets\n188.214.16.0/20      abuse=blocked_nets\n188.214.32.0/19      abuse=blocked_nets\n188.214.64.0/18      abuse=blocked_nets\n188.214.128.0/17      abuse=blocked_nets\n188.215.0.0/16      abuse=blocked_nets\n188.216.0.0/13      abuse=blocked_nets\n188.224.0.0/12      abuse=blocked_nets\n188.240.0.0/13      abuse=blocked_nets\n188.248.0.0/14      abuse=blocked_nets\n188.252.0.0/16      abuse=blocked_nets\n188.253.0.0/17      abuse=blocked_nets\n188.253.128.0/18      abuse=blocked_nets\n188.253.192.0/20      abuse=blocked_nets\n188.253.208.0/21      abuse=blocked_nets\n188.253.220.0/22      abuse=blocked_nets\n188.253.224.0/19      abuse=blocked_nets\n188.254.0.0/15      abuse=blocked_nets\n188.255.174.0/23      abuse=blocked_nets\n189.0.0.0/9      abuse=blocked_nets\n189.128.0.0/10      abuse=blocked_nets\n189.192.0.0/11      abuse=blocked_nets\n189.224.0.0/12      abuse=blocked_nets\n189.240.0.0/13      abuse=blocked_nets\n189.248.0.0/15      abuse=blocked_nets\n189.250.0.0/17      abuse=blocked_nets\n189.250.128.0/18      abuse=blocked_nets\n189.250.208.0/20      abuse=blocked_nets\n189.250.224.0/19      abuse=blocked_nets\n189.251.0.0/16      abuse=blocked_nets\n189.252.0.0/14      abuse=blocked_nets\n190.0.0.0/11      abuse=blocked_nets\n190.32.0.0/12      abuse=blocked_nets\n190.48.0.0/13      abuse=blocked_nets\n190.56.0.0/14      abuse=blocked_nets\n190.60.0.0/19      abuse=blocked_nets\n190.60.32.0/20      abuse=blocked_nets\n190.60.48.0/21      abuse=blocked_nets\n190.60.56.0/22      abuse=blocked_nets\n190.60.60.0/23      abuse=blocked_nets\n190.60.62.0/24      abuse=blocked_nets\n190.60.64.0/18      abuse=blocked_nets\n190.60.128.0/17      abuse=blocked_nets\n190.61.0.0/16      abuse=blocked_nets\n190.62.0.0/15      abuse=blocked_nets\n190.64.0.0/10      abuse=blocked_nets\n190.128.0.0/10      abuse=blocked_nets\n190.192.0.0/12      abuse=blocked_nets\n190.208.0.0/13      abuse=blocked_nets\n190.216.0.0/16      abuse=blocked_nets\n190.217.0.0/20      abuse=blocked_nets\n190.217.16.0/22      abuse=blocked_nets\n190.217.20.0/27      abuse=blocked_nets\n190.217.20.48/28      abuse=blocked_nets\n190.217.20.64/26      abuse=blocked_nets\n190.217.20.128/25      abuse=blocked_nets\n190.217.21.0/24      abuse=blocked_nets\n190.217.22.0/23      abuse=blocked_nets\n190.217.24.0/21      abuse=blocked_nets\n190.217.32.0/19      abuse=blocked_nets\n190.217.64.0/18      abuse=blocked_nets\n190.217.128.0/17      abuse=blocked_nets\n190.218.0.0/15      abuse=blocked_nets\n190.220.0.0/14      abuse=blocked_nets\n190.224.0.0/11      abuse=blocked_nets\n191.0.0.0/12      abuse=blocked_nets\n191.16.0.0/15      abuse=blocked_nets\n191.18.0.0/16      abuse=blocked_nets\n191.19.128.0/17      abuse=blocked_nets\n191.20.0.0/14      abuse=blocked_nets\n191.24.0.0/13      abuse=blocked_nets\n191.32.0.0/11      abuse=blocked_nets\n191.64.0.0/12      abuse=blocked_nets\n191.80.0.0/17      abuse=blocked_nets\n191.80.128.0/18      abuse=blocked_nets\n191.81.0.0/16      abuse=blocked_nets\n191.82.0.0/15      abuse=blocked_nets\n191.84.0.0/14      abuse=blocked_nets\n191.88.0.0/13      abuse=blocked_nets\n191.96.0.0/11      abuse=blocked_nets\n191.128.0.0/11      abuse=blocked_nets\n191.160.0.0/12      abuse=blocked_nets\n191.176.0.0/16      abuse=blocked_nets\n191.178.0.0/15      abuse=blocked_nets\n191.180.0.0/14      abuse=blocked_nets\n191.184.0.0/13      abuse=blocked_nets\n191.192.0.0/10      abuse=blocked_nets\n191.232.0.0/13      abuse=blocked_nets\n192.0.0.0/8      abuse=blocked_nets\n192.0.58.0/23      abuse=blocked_nets\n192.28.24.0/23      abuse=blocked_nets\n192.34.34.0/24      abuse=blocked_nets\n192.40.76.0/22      abuse=blocked_nets\n192.48.225.0/24      abuse=blocked_nets\n192.64.201.0/24      abuse=blocked_nets\n192.71.41.0/24      abuse=blocked_nets\n192.80.239.0/24      abuse=blocked_nets\n192.80.246.0/23      abuse=blocked_nets\n192.84.160.0/23      abuse=blocked_nets\n192.94.1.0/24      abuse=blocked_nets\n192.100.104.0/21      abuse=blocked_nets\n192.100.112.0/20      abuse=blocked_nets\n192.100.128.0/22      abuse=blocked_nets\n192.102.165.0/24      abuse=blocked_nets\n192.131.254.0/24      abuse=blocked_nets\n192.132.27.0/24      abuse=blocked_nets\n192.133.85.0/24      abuse=blocked_nets\n192.160.145.0/24      abuse=blocked_nets\n192.160.194.0/24      abuse=blocked_nets\n192.195.98.0/24      abuse=blocked_nets\n192.197.157.0/24      abuse=blocked_nets\n192.243.86.0/23      abuse=blocked_nets\n193.8.43.0/24      abuse=blocked_nets\n193.17.104.0/23      abuse=blocked_nets\n193.17.106.0/24      abuse=blocked_nets\n193.17.108.0/23      abuse=blocked_nets\n193.17.110.0/24      abuse=blocked_nets\n193.17.112.0/23      abuse=blocked_nets\n193.17.116.0/23      abuse=blocked_nets\n193.17.120.0/23      abuse=blocked_nets\n193.17.124.0/23      abuse=blocked_nets\n193.29.158.0/24      abuse=blocked_nets\n193.53.155.0/24      abuse=blocked_nets\n193.134.96.0/24      abuse=blocked_nets\n193.135.41.0/24      abuse=blocked_nets\n193.149.64.0/19      abuse=blocked_nets\n193.187.72.0/24      abuse=blocked_nets\n193.189.114.0/23      abuse=blocked_nets\n193.221.113.0/24      abuse=blocked_nets\n194.33.109.0/24      abuse=blocked_nets\n194.41.19.0/24      abuse=blocked_nets\n194.44.235.0/24      abuse=blocked_nets\n194.45.24.0/23      abuse=blocked_nets\n194.49.206.0/24      abuse=blocked_nets\n194.50.21.0/24      abuse=blocked_nets\n194.50.22.0/23      abuse=blocked_nets\n194.61.106.0/24      abuse=blocked_nets\n194.76.102.0/24      abuse=blocked_nets\n194.110.197.0/24      abuse=blocked_nets\n194.113.230.0/24      abuse=blocked_nets\n194.150.192.0/24      abuse=blocked_nets\n194.180.131.0/24      abuse=blocked_nets\n195.8.43.0/24      abuse=blocked_nets\n195.43.44.0/24      abuse=blocked_nets\n195.43.46.0/24      abuse=blocked_nets\n195.85.113.0/24      abuse=blocked_nets\n195.88.21.0/24      abuse=blocked_nets\n195.104.228.0/22      abuse=blocked_nets\n195.105.26.0/24      abuse=blocked_nets\n195.114.140.0/24      abuse=blocked_nets\n195.191.211.0/24      abuse=blocked_nets\n195.222.105.0/24      abuse=blocked_nets\n196.0.0.0/8      abuse=blocked_nets\n197.0.0.0/13      abuse=blocked_nets\n197.8.0.0/14      abuse=blocked_nets\n197.12.0.0/15      abuse=blocked_nets\n197.14.0.0/20      abuse=blocked_nets\n197.14.48.0/20      abuse=blocked_nets\n197.14.64.0/18      abuse=blocked_nets\n197.14.128.0/17      abuse=blocked_nets\n197.15.0.0/16      abuse=blocked_nets\n197.16.0.0/12      abuse=blocked_nets\n197.32.0.0/11      abuse=blocked_nets\n197.64.0.0/10      abuse=blocked_nets\n197.128.0.0/10      abuse=blocked_nets\n197.192.0.0/11      abuse=blocked_nets\n197.224.0.0/13      abuse=blocked_nets\n197.232.0.0/19      abuse=blocked_nets\n197.232.32.0/20      abuse=blocked_nets\n197.232.48.0/21      abuse=blocked_nets\n197.232.56.0/22      abuse=blocked_nets\n197.232.60.0/23      abuse=blocked_nets\n197.232.63.0/24      abuse=blocked_nets\n197.232.64.0/18      abuse=blocked_nets\n197.232.128.0/17      abuse=blocked_nets\n197.233.0.0/16      abuse=blocked_nets\n197.234.0.0/15      abuse=blocked_nets\n197.236.0.0/14      abuse=blocked_nets\n197.240.0.0/12      abuse=blocked_nets\n198.8.73.0/24      abuse=blocked_nets\n198.22.19.0/24      abuse=blocked_nets\n198.47.13.0/24      abuse=blocked_nets\n198.49.8.0/24      abuse=blocked_nets\n198.49.178.0/24      abuse=blocked_nets\n198.51.0.0/24      abuse=blocked_nets\n198.52.0.0/24      abuse=blocked_nets\n198.91.39.0/24      abuse=blocked_nets\n198.99.146.0/24      abuse=blocked_nets\n198.167.255.0/24      abuse=blocked_nets\n198.185.5.0/24      abuse=blocked_nets\n198.186.138.0/24      abuse=blocked_nets\n198.186.172.0/24      abuse=blocked_nets\n198.200.130.0/24      abuse=blocked_nets\n198.202.23.0/24      abuse=blocked_nets\n198.202.27.0/24      abuse=blocked_nets\n198.206.164.0/24      abuse=blocked_nets\n198.245.174.0/24      abuse=blocked_nets\n198.252.211.0/24      abuse=blocked_nets\n199.0.185.0/24      abuse=blocked_nets\n199.21.128.0/24      abuse=blocked_nets\n199.26.109.0/24      abuse=blocked_nets\n199.27.231.0/24      abuse=blocked_nets\n199.30.16.0/20      abuse=blocked_nets\n199.34.122.0/24      abuse=blocked_nets\n199.38.175.0/24      abuse=blocked_nets\n199.50.0.0/16      abuse=blocked_nets\n199.60.28.0/24      abuse=blocked_nets\n199.65.27.0/24      abuse=blocked_nets\n199.65.29.0/24      abuse=blocked_nets\n199.65.30.0/23      abuse=blocked_nets\n199.65.40.0/24      abuse=blocked_nets\n199.65.243.0/24      abuse=blocked_nets\n199.65.247.0/24      abuse=blocked_nets\n199.65.251.0/24      abuse=blocked_nets\n199.103.90.0/23      abuse=blocked_nets\n199.103.122.0/24      abuse=blocked_nets\n199.118.0.0/16      abuse=blocked_nets\n199.181.32.0/24      abuse=blocked_nets\n199.181.34.0/24      abuse=blocked_nets\n199.181.39.0/24      abuse=blocked_nets\n199.189.36.0/23      abuse=blocked_nets\n199.189.38.0/24      abuse=blocked_nets\n199.229.48.0/21      abuse=blocked_nets\n199.233.162.0/24      abuse=blocked_nets\n199.242.32.0/20      abuse=blocked_nets\n199.242.48.0/21      abuse=blocked_nets\n199.247.205.0/24      abuse=blocked_nets\n199.248.124.0/24      abuse=blocked_nets\n200.0.0.0/8      abuse=blocked_nets\n201.0.0.0/9      abuse=blocked_nets\n201.128.0.0/13      abuse=blocked_nets\n201.136.0.0/14      abuse=blocked_nets\n201.140.0.0/16      abuse=blocked_nets\n201.141.0.0/18      abuse=blocked_nets\n201.141.64.0/19      abuse=blocked_nets\n201.141.96.0/21      abuse=blocked_nets\n201.141.108.0/22      abuse=blocked_nets\n201.141.112.0/20      abuse=blocked_nets\n201.141.128.0/17      abuse=blocked_nets\n201.142.0.0/15      abuse=blocked_nets\n201.144.0.0/12      abuse=blocked_nets\n201.160.0.0/11      abuse=blocked_nets\n201.192.0.0/10      abuse=blocked_nets\n202.0.0.0/8      abuse=blocked_nets\n202.12.70.0/24      abuse=blocked_nets\n202.14.81.0/24      abuse=blocked_nets\n202.22.173.0/24      abuse=blocked_nets\n202.27.49.0/24      abuse=blocked_nets\n202.89.224.0/21      abuse=blocked_nets\n202.90.34.0/23      abuse=blocked_nets\n202.130.203.0/24      abuse=blocked_nets\n202.155.124.0/22      abuse=blocked_nets\n203.2.220.0/22      abuse=blocked_nets\n203.10.24.0/23      abuse=blocked_nets\n203.10.27.0/24      abuse=blocked_nets\n203.10.28.0/22      abuse=blocked_nets\n203.17.220.0/23      abuse=blocked_nets\n203.20.128.0/23      abuse=blocked_nets\n203.21.152.0/23      abuse=blocked_nets\n203.28.214.0/23      abuse=blocked_nets\n203.32.8.0/24      abuse=blocked_nets\n203.32.10.0/23      abuse=blocked_nets\n203.84.134.0/23      abuse=blocked_nets\n204.14.180.0/22      abuse=blocked_nets\n204.76.110.0/23      abuse=blocked_nets\n204.79.135.0/24      abuse=blocked_nets\n204.79.179.0/24      abuse=blocked_nets\n204.79.195.0/24      abuse=blocked_nets\n204.79.252.0/24      abuse=blocked_nets\n204.80.33.0/24      abuse=blocked_nets\n204.80.58.0/24      abuse=blocked_nets\n204.87.58.0/24      abuse=blocked_nets\n204.95.96.0/20      abuse=blocked_nets\n204.152.95.0/24      abuse=blocked_nets\n204.152.140.0/23      abuse=blocked_nets\n204.154.190.0/24      abuse=blocked_nets\n204.194.56.0/22      abuse=blocked_nets\n204.209.219.0/24      abuse=blocked_nets\n204.239.11.0/24      abuse=blocked_nets\n204.239.54.0/24      abuse=blocked_nets\n205.132.192.0/23      abuse=blocked_nets\n205.135.211.0/24      abuse=blocked_nets\n205.135.212.0/23      abuse=blocked_nets\n205.143.44.0/23      abuse=blocked_nets\n206.109.76.0/24      abuse=blocked_nets\n206.130.81.0/24      abuse=blocked_nets\n206.138.168.0/21      abuse=blocked_nets\n206.191.224.0/19      abuse=blocked_nets\n206.195.220.0/24      abuse=blocked_nets\n206.203.88.0/22      abuse=blocked_nets\n206.203.92.0/23      abuse=blocked_nets\n206.203.123.0/24      abuse=blocked_nets\n206.251.32.0/23      abuse=blocked_nets\n207.46.0.0/19      abuse=blocked_nets\n207.46.36.0/22      abuse=blocked_nets\n207.46.40.0/21      abuse=blocked_nets\n207.46.48.0/20      abuse=blocked_nets\n207.46.64.0/18      abuse=blocked_nets\n207.46.128.0/17      abuse=blocked_nets\n207.68.128.0/18      abuse=blocked_nets\n207.103.0.0/16      abuse=blocked_nets\n207.174.51.0/24      abuse=blocked_nets\n208.56.2.0/24      abuse=blocked_nets\n208.64.87.0/24      abuse=blocked_nets\n208.66.231.0/24      abuse=blocked_nets\n208.68.136.0/21      abuse=blocked_nets\n208.74.229.0/24      abuse=blocked_nets\n208.74.231.0/24      abuse=blocked_nets\n208.76.45.0/24      abuse=blocked_nets\n208.76.46.0/24      abuse=blocked_nets\n208.80.20.0/23      abuse=blocked_nets\n208.80.134.0/23      abuse=blocked_nets\n208.83.106.0/24      abuse=blocked_nets\n208.84.0.0/21      abuse=blocked_nets\n208.88.70.0/24      abuse=blocked_nets\n208.90.118.0/24      abuse=blocked_nets\n208.90.236.0/23      abuse=blocked_nets\n208.91.245.0/24      abuse=blocked_nets\n208.103.174.0/24      abuse=blocked_nets\n208.122.60.0/24      abuse=blocked_nets\n209.51.100.0/24      abuse=blocked_nets\n209.94.81.0/24      abuse=blocked_nets\n209.127.190.0/24      abuse=blocked_nets\n209.143.212.0/23      abuse=blocked_nets\n209.151.121.0/24      abuse=blocked_nets\n209.199.0.0/16      abuse=blocked_nets\n209.240.192.0/19      abuse=blocked_nets\n209.251.248.0/24      abuse=blocked_nets\n212.1.218.0/23      abuse=blocked_nets\n212.1.222.0/23      abuse=blocked_nets\n212.46.57.0/24      abuse=blocked_nets\n212.103.45.0/24      abuse=blocked_nets\n212.207.0.0/16      abuse=blocked_nets\n212.237.120.0/22      abuse=blocked_nets\n213.54.0.0/16      abuse=blocked_nets\n213.109.150.0/24      abuse=blocked_nets\n213.156.248.0/23      abuse=blocked_nets\n213.199.128.0/18      abuse=blocked_nets\n213.218.36.0/23      abuse=blocked_nets\n213.218.48.0/22      abuse=blocked_nets\n216.0.0.0/8      abuse=blocked_nets\n216.9.196.0/24      abuse=blocked_nets\n216.32.180.0/22      abuse=blocked_nets\n216.73.183.0/24      abuse=blocked_nets\n216.83.54.0/23      abuse=blocked_nets\n216.99.143.0/24      abuse=blocked_nets\n216.126.214.0/24      abuse=blocked_nets\n216.183.110.0/23      abuse=blocked_nets\n216.220.203.0/24      abuse=blocked_nets\n216.220.204.0/24      abuse=blocked_nets\n216.220.208.0/20      abuse=blocked_nets\n216.238.128.0/24      abuse=blocked_nets\n216.238.135.0/24      abuse=blocked_nets\n216.238.141.0/24      abuse=blocked_nets\n217.11.173.0/24      abuse=blocked_nets\n217.71.189.0/24      abuse=blocked_nets\n217.147.172.0/24      abuse=blocked_nets\n217.169.202.0/24      abuse=blocked_nets\n217.176.0.0/16      abuse=blocked_nets\n192.0.2.0/24      abuse=text_abuse_nets\n192.241.194.113/32      abuse=bot_blocked_nets\n192.241.194.113/32      abuse=bot_posts_blocked_nets\n18.208.0.0/13      abuse=public_cloud_nets\n192.0.2.42/32      abuse=phabricator_abusers\n198.51.100.0/24      abuse=phabricator_abusers\n203.0.113.0/25      abuse=phabricator_abusers\n2001:db8::/64      abuse=phabricator_abusers\n2001:db8:1::1/128      abuse=phabricator_abusers\n","validate_cmd":"/usr/local/bin/check-haproxy-map %","owner":"root","group":"root"}},{"type":"Haproxy::Site","title":"tls","tags":["haproxy::site","haproxy","site","tls","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":386,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# Pseudo-backends used only for statistics tracking.\nbackend httpreqrate\n    stick-table type ipv6  size 1m expire 300s store http_req_rate(10s),gpc_rate(10,300s)\n\n## LOGGING RINGS ##\n## END LOGGING RINGS ##\n\nlisten tls\n    log global\n    maxconn 199000\n    bind :443 tfo ssl crt-list /etc/haproxy/crt-list.cfg tls-ticket-keys /run/haproxy-secrets/stek.keys\n\n    bind :::443 tfo v6only ssl crt-list /etc/haproxy/crt-list.cfg tls-ticket-keys /run/haproxy-secrets/stek.keys\n\n    http-reuse always\n\n    # time to wait for a complete HTTP request, It only applies to the header part of the HTTP request (unless option http-buffer-request is used)\n    timeout http-request 3600s\n    # set the maximum allowed time to wait for a new HTTP request to appear\n    timeout http-keep-alive 120s\n    # set the maximum inactivity time on the client side\n    timeout client 120s\n    # inactivity timeout on the client side for half-closed connections\n    timeout client-fin 120s\n    # connect timeout against a backend server\n    timeout connect 3s\n    # set the maximum inactivity time on the server side\n    timeout server 180s\n    # timeout used after upgrading a connection (websockets) or after the first response when no keepalive/close option is specified\n    timeout tunnel 3600s\n\n    acl too_much_recent_concurrency sc0_gpc0_rate(httpreqrate) gt 0\n    http-request track-sc0 src table httpreqrate\n    http-request set-log-level silent if too_much_recent_concurrency\n    http-request silent-drop if too_much_recent_concurrency\n\n    capture request header Host len 255\n    capture request header Referer len 1024\n    capture request header User-Agent len 1024\n    capture request header Accept-Language len 1024\n    capture request header Range len 10\n    capture request header Accept len 64\n\n    # store a copy of the client headers before header normalization\n    http-request set-var(req.pristine_hdrs) req.hdrs\n\n    # populate txn variables used for logging purposes\n    http-response set-var(txn.content_type) res.fhdr(Content-Type)\n\n    # default values for x-cache and x-cache-status\n    http-request set-var(txn.x_cache) str(\"deployment-cache-text08 int\")\n    http-request set-var(txn.x_cache_status) str(\"int-tls\")\n    # override them with upstream headers\n    http-response set-var(txn.x_cache) res.fhdr(X-Cache) if { res.fhdr(X-Cache) -m found }\n    http-response set-var(txn.x_cache_status) res.fhdr(X-Cache-Status) if { res.fhdr(X-Cache-Status) -m found }\n\n    # default value for server\n    http-request set-var(txn.server) str(\"HAProxy\")\n    # override it with upstream header\n    http-response set-var(txn.server) res.fhdr(Server) if { res.fhdr(Server) -m found }\n\n\n    # Host normalization\n    # Use the host_only converter to remove eventual trailing port and\n    # lowercase it. Also, remove eventual trailing dot\n    http-request set-header Host %[req.fhdr(Host),host_only,rtrim(.)]\n\n    http-request set-var(txn.xwd_count) req.fhdr_cnt(X-Wikimedia-Debug)\n    http-request set-var(req.ciph) ssl_fc_cipher,regsub('^ECDHE-ECDSA-',''),regsub('^TLS_',''),regsub('_','-','g'),regsub('^CHACHA20-POLY1305$','CHACHA20-POLY1305-SHA256')\n    http-request set-var(req.auth) str(ECDSA)\n\n\n    # Bandwidth limiting filters\n\n    # Allowlist ACLs\n    acl wikimedia_trust src 172.16.0.0/12 127.0.0.0/8 ::1/128\n\n    # ACLs\n    acl too_many_concurrent_queries sc0_trackers(httpreqrate) ge 300\n    acl too_high_reqrate sc0_http_req_rate(httpreqrate) ge 5000\n    acl almost_too_many_concurrent_queries sc0_trackers(httpreqrate) ge 100\n    acl mark_as_too_much_concurrency sc0_inc_gpc0(httpreqrate) gt 0\n    acl missing_xwd var(txn.xwd_count) -m int eq 0\n    acl mathoid_as_a_service path -m beg /api/rest_v1/media/math/\n    acl allowed_methods method DELETE GET HEAD OPTIONS PATCH POST PUT\n\n    http-request set-var(req.h2) fc_http_major,even\n    http-request set-var-fmt(req.h2s) %[var(req.h2),iif(h2,h1)]\n    http-request set-var(req.sess) ssl_fc_is_resumed,iif(reused,new)\n\n    http-request set-header X-Client-IP \"%[src]\"\n    http-request set-header X-Client-Port \"%[src_port]\"\n    http-request set-header X-Forwarded-Proto \"https\"\n    http-request set-header X-Connection-Properties \"H2=%[var(req.h2)]; SSR=%[ssl_fc_is_resumed]; SSL=%[ssl_fc_protocol]; C=%[ssl_fc_cipher]; EC=UNKNOWN; KA=%[var(req.auth)];\"\n    http-request set-var-fmt(txn.tls) \"vers=%[ssl_fc_protocol];keyx=UNKNOWN;auth=%[var(req.auth)];ciph=%[var(req.ciph)];prot=%[var(req.h2s)];sess=%[var(req.sess)]\"\n    # avoid that external users can inject arbitrary X-Requestctl values\n    http-request set-header X-Requestctl \" \"\n\n    http-request set-var(txn.req_id,ifnotempty) req.fhdr(X-Request-Id) if wikimedia_trust\n    http-request set-var(txn.req_id,ifnotset) uuid()\n    http-request set-header X-Request-Id %[var(txn.req_id)]\n    http-after-response set-header X-Request-Id %[var(txn.req_id)]\n\n    http-request del-header tracestate if !wikimedia_trust\n    http-request del-header traceparent if !wikimedia_trust\n    http-request del-header X-Experiment-Enrollments\n    http-request del-header X-JWT-Sub\n\n    # Copy X-Analytics hdr into var to safely log it after deletion\n    http-response set-var(txn.x_analytics,ifnotempty) res.fhdr(X-Analytics)\n    http-response del-header X-Analytics if missing_xwd\n\n    http-response del-header Backend-Timing if missing_xwd\n    http-response del-header X-ATS-Timestamp if missing_xwd\n    http-response del-header X-Envoy-Upstream-Service-Time if missing_xwd\n    http-response del-header X-OpenStack-Request-ID if missing_xwd\n    http-response del-header X-Powered-By if missing_xwd\n    http-response del-header X-Timestamp if missing_xwd\n    http-response del-header X-Trans-Id if missing_xwd\n    http-response del-header X-Varnish if missing_xwd\n    http-response del-header traceparent if missing_xwd\n    http-response del-header tracestate if missing_xwd\n\n\n    # Provide Server header\n    http-after-response set-header Server %[var(txn.server)] unless { res.fhdr(Server) -m found }\n    # Provide X-Cache headers\n    http-after-response set-header X-Cache %[var(txn.x_cache)] unless { res.fhdr(X-Cache) -m found }\n    http-after-response set-header X-Cache-Status %[var(txn.x_cache_status)] unless { res.fhdr(X-Cache-Status) -m found }\n\n    # Allow only a subset of methods\n    http-after-response set-header Allow \"DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT\" unless allowed_methods\n    http-request deny deny_status 405 unless allowed_methods\n    # Allow OPTIONS method only with Origin header\n    http-request deny deny_status 405 if { method OPTIONS } !{ hdr(Origin) -m found }\n\n    # Set x-provenance\n    # First, we check if the request comes from our ring of trust, or is internal. We set:\n    # * net=wikimedia-trust if the request is coming from the wikimedia-trust subnet\n    # * net=internal if the request is coming from a private network\n    # If neither condition is met, the value will be looked up a map containing all\n    # requestctl-defined ipblocks, resulting in:\n    # * abuse=<value> if the request is coming from a known abuser\n    # * client=<value> if the request is coming from a known client ipblock\n    # * cloud=<value> if the request is coming from a known cloud\n    # If all of the above fails, we look up the ip in maxmind to fetch an isp value\n    # * isp=<value> if the IP matches the isp lookup in maxmind\n    # If this also fails, we have no information on the request and we'll set\n    # * net=unknown\n    # We only set the variable once\n    # Set X-Trusted-Request\n    # Provide a trust score from A to F, currently solely based on the source of the request\n    # A for net=wikimedia_trust|internal\n    # F for abuse=\n    # E otherwise\n    http-request set-var(req.provenance,ifnotexists) str('net=wikimedia-trust') if wikimedia_trust\n    acl is_private_network src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8 ::1\n    http-request set-var(req.provenance,ifnotexists) str('net=internal') if is_private_network\n    # AWS Elastic IPs used by the Wikimedia Enterprise project reported in the following tasks over time:\n    # T255524 T294798 T370294\n    acl is_wme_client src 3.23.12.83/32 3.211.48.168/32 44.206.140.241/32 35.168.168.219/32 35.172.30.169/32 3.222.74.115/32\n    http-request set-var(req.provenance,ifnotexists) str('net=wme') if is_wme_client\n    http-request set-var(req.trusted_request) str(A) if { var(req.provenance) -m found }\n    # check if the IP is included in one of our ipblocks\n    http-request set-var(req.provenance,ifnotexists,ifnotempty) src,map_ip(/etc/haproxy/ipblocks.d/all.map)\n    # ensure that WMCS is marked as trusted.\n    http-request set-var(req.trusted_request,ifnotexists) str(A) if { var(req.provenance) -m sub \"cloud=wmcs\" }\n    http-request set-var(req.trusted_request,ifnotexists) str(F) if { var(req.provenance) -m beg \"abuse=\" }\n    # If everything else failed, find an isp in maxmind\n    http-request set-var(req.provenance,ifnotexists,ifnotempty) lua.fetch_isp,lower,bytes(0,64)\n\n    # lookup failed\n    http-request set-var(req.provenance,ifnotset) str('net=unknown')\n\n    # Check if the request originates from a known datacenter.\n\n\n\n\n\n    # Set X-Provenance to its final authoritative value, if available.\n    http-request set-header X-Provenance %[var(req.provenance)] if { var(req.provenance) -m found }\n\n    # Image provenance.\n    # Set image link generator, possible values are defined by MediaWiki, See:\n    # https://wikitech.wikimedia.org/wiki/X-Image-Generator\n    http-request set-header X-Image-Generator %[url_param(utm_campaign)] if { url_param(utm_campaign) -m reg ^(parser|imageinfo|index|api|rest)$ }\n\n    # Requests with a valid token or coming from our web of trust don't get filtered at this layer.\n    acl is_trusted_request var(req.trusted_request) -m str A\n    acl is_identified_bot_request var(req.trusted_request) -m str B\n    acl is_auth_request var(req.trusted_request) -m str C\n\n    http-request set-var(req.bearer) http_auth_bearer if { req.fhdr(Authorization) -m found }\n    http-request set-var(req.bearer,ifnotset) req.cook(sessionJwt)\n    http-request set-var(req.jwt_alg) var(req.bearer),jwt_header_query('$.alg')\n    http-request set-var(req.exp,ifnotempty) var(req.bearer),jwt_payload_query('$.exp','int')\n    http-request set-var(req.exp,ifnotset) var(req.bearer),jwt_payload_query('$.sxp','int')\n    http-request set-var(req.now) date()\n    # validate the algorithm\n    acl is_valid_jwt_alg var(req.jwt_alg) -m str \"RS256\"\n    # validate the signature\n    acl is_valid_jwt_sig var(req.bearer),jwt_verify(req.jwt_alg,\"/etc/haproxy/jwt/mw-oauth-2025-07-31.key\") 1\n    # validate the exp date: this is part of the JWT payload so it should be validated after ensuring that the signature is valid\n    acl is_valid_jwt_exp_date var(req.exp),sub(req.now) -m int ge 0\n    # We exclude trusted (A) and bot (B) requests here to avoid downgrading to C, but we open the\n    # door for potential upgrades from F to C.\n    http-request set-var(req.trusted_request) str(C) if !is_trusted_request !is_identified_bot_request is_valid_jwt_alg is_valid_jwt_sig is_valid_jwt_exp_date\n    # If the jwt is correctly signed, save the subject in a header we will remove in varnish. This also applies to trusted requests.\n    http-request set-header X-JWT-Sub %[var(req.bearer),jwt_payload_query('$.sub')] if is_valid_jwt_alg is_valid_jwt_sig is_valid_jwt_exp_date\n\n    # Following configuration is used to classify clients as \"user|robot|other\" based on UA string\n    # Initialize req.ua_class\n    http-request set-var(req.ua_class) str(\"other\") if !is_trusted_request !is_identified_bot_request\n    # If UA contains a valid email or URL or User: info, extract it and save to a custom header\n    # Set the ua_class accordingly\n    http-request lua.set_contact_info if !is_trusted_request !is_identified_bot_request\n    acl has_contact_info var(req.contact_info) -m found\n    # Cleanup X-UA-Contact header\n    http-request del-header X-UA-Contact unless has_contact_info\n    http-request set-header X-UA-Contact %[var(req.contact_info)] if has_contact_info\n    http-request set-var(req.ua_class) str(\"robot\") if has_contact_info !is_trusted_request !is_identified_bot_request\n    # If UA matches the usual browser format set the ua_class accordingly\n    # (if it doesn't match a robot already)\n    http-request set-var(req.ua_class) str(\"user\") if !{ var(req.ua_class) -m str \"robot\" } { req.fhdr(User-Agent) -m reg -i \"^(Opera|Mozilla\\/[0-9]\\.[0-9].+\\(.+\\).*)\" } !is_trusted_request !is_identified_bot_request || !{ var(req.ua_class) -m str \"robot\" } { req.fhdr(User-Agent) -m reg \"MediaWiki\\/[0-9]\\.[0-9]+\" }\n    # bots that honour our UA and so have contact info go in class D, unless set to another value before. This means that requests coming from abusive networks will\n    # still get an F score.\n    http-request set-var(req.trusted_request,ifnotexists) str(D) if { var(req.ua_class) -m str \"robot\" }\n\n    # Fall back to E if no trust score has been determined yet and set X-Trusted-Request to its\n    # final authoritative value.\n    http-request set-var(req.trusted_request,ifnotexists) str(E)\n    http-request set-header X-Trusted-Request %[var(req.trusted_request)]\n\n    # Global concurrency enforcement\n    http-request set-var-fmt(req.dummy_silent_drop) \"src=%[src];ja3n=%[var(sess.fingerprint_ja3n)]\" if !is_trusted_request !mathoid_as_a_service !too_much_recent_concurrency too_many_concurrent_queries\n    http-request set-var-fmt(req.dummy_silent_drop) \"src=%[src];ja3n=%[var(sess.fingerprint_ja3n)]\" if !is_trusted_request !mathoid_as_a_service !too_much_recent_concurrency too_high_reqrate almost_too_many_concurrent_queries\n    http-request set-var(req.dummy_silent_drop) var(req.dummy_silent_drop),debug(silent-drop_for_300s,stderr) if !is_trusted_request !mathoid_as_a_service !too_much_recent_concurrency too_many_concurrent_queries   # exists only for logging side-effect\n    http-request set-var(req.dummy_silent_drop) var(req.dummy_silent_drop),debug(silent-drop_for_300s,stderr) if !is_trusted_request !mathoid_as_a_service !too_much_recent_concurrency too_high_reqrate almost_too_many_concurrent_queries   # exists only for logging side-effect\n    # TO DISABLE CONCURRENCY ENFORCEMENT, JUST COMMENT THE FOLLOWING LINES\n    http-request silent-drop if !is_trusted_request !mathoid_as_a_service too_many_concurrent_queries mark_as_too_much_concurrency\n    http-request silent-drop if !is_trusted_request !mathoid_as_a_service too_high_reqrate almost_too_many_concurrent_queries mark_as_too_much_concurrency\n\n\n\n\n\n\n    option forwardfor\n\n    server backend_server unix@/run/varnish-privileged.socket\n\n\n\n\nfrontend stats\n    no log\n    maxconn 1000\n    bind :9422\n    bind :::9422 v6only\n    http-request use-service prometheus-exporter if { path /metrics }\n    stats enable\n    stats uri /stats\n    stats refresh 10s\n    # Explicitly avoid keep-alive to prevent Prometheus scrapers from\n    # reusing indefinitelly the same TCP connection. See T343000\n    http-after-response set-header Connection Close\n"}},{"type":"Haproxy::Site","title":"redirection_port","tags":["haproxy::site","haproxy","site","redirection_port","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":392,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"backend httpreqrate_http\n    stick-table type ipv6  size 1m expire 300s store http_req_rate(10s),gpc_rate(10,300s)\n\nfrontend http\n    log global\n    maxconn 2000\n    bind :80\n    bind :::80 v6only\n\n    # Needed for logging purposes\n    capture request header Host len 255\n    capture request header Referer len 1024\n    capture request header User-Agent len 1024\n    capture request header Accept-Language len 1024\n    capture request header Range len 10\n    capture request header Accept len 64\n\n    http-request set-var(txn.server) str(\"HAProxy\")\n    http-request set-var(txn.x_cache) str(\"deployment-cache-text08 int\")\n    http-request set-var(txn.x_cache_status) str(\"int-tls\")\n\n    # we can be rather aggresive regarding timeouts here as only impact http to https redirections\n    # time to wait for a complete HTTP request, It only applies to the header part of the HTTP request (unless option http-buffer-request is used)\n    timeout http-request 3s\n    # set the maximum allowed time to wait for a new HTTP request to appear\n    timeout http-keep-alive 3s\n    # set the maximum inactivity time on the client side\n    timeout client 3s\n    # inactivity timeout on the client side for half-closed connections\n    timeout client-fin 1s\n\n    acl too_many_concurrent_queries sc0_trackers(httpreqrate_http) ge 400\n    acl too_much_recent_concurrency sc0_gpc0_rate(httpreqrate_http) gt 0\n    acl mark_as_too_much_concurrency sc0_inc_gpc0(httpreqrate_http) gt 0\n\n    http-request set-var(req.dummy_silent_drop_port80) src,debug(silent-drop_port80_for_300s,stderr) if too_many_concurrent_queries !too_much_recent_concurrency\n\n    http-request track-sc0 src table httpreqrate_http\n    # TO DISABLE CONCURRENCY ENFORCEMENT, COMMENT THE FOLLOWING LINE\n    http-request silent-drop if too_much_recent_concurrency || too_many_concurrent_queries mark_as_too_much_concurrency\n\n    # Populate x_analytics variable for logging purpose\n    # set the var to 1 if client didn't sent any cookie\n    http-request set-var(req.nocookies) req.cook_cnt,bool,not\n    http-request set-var-fmt(txn.x_analytics) \"https=0;client_port=%[src_port];nocookies=%[var(req.nocookies)]\"\n\n\n    # Provide Server header\n    http-after-response set-header Server %[var(txn.server)]\n    # Provide X-Cache headers\n    http-after-response set-header X-Cache %[var(txn.x_cache)]\n    http-after-response set-header X-Cache-Status %[var(txn.x_cache_status)]\n\n    # METH_GET is a predefined ACL that includes GET and HEAD requests\n    # http://docs.haproxy.org/2.6/configuration.html#7.4\n    http-request redirect scheme https code 301 if METH_GET\n    http-request deny status 403 content-type text/html file /etc/haproxy/tls-terminator-tls-plaintext-error.html\n"}},{"type":"Systemd::Service","title":"haproxy-mtail@tls.socket","tags":["systemd::service","systemd","service","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":405,"exported":false,"kind":"defined_type","parameters":{"content":"[Unit]\nDescription=rsyslog<->mtail FIFO (instance %i)\n# rsyslog requires the fifo to be created before it's started\n# https://www.rsyslog.com/doc/v8-stable/configuration/modules/ompipe.html\nBefore=rsyslog.service\n\n[Socket]\nListenFIFO=/var/log/haproxy.fifo\nSocketMode=700\nSocketUser=root\nPipeSize=1M\n","ensure":"present","unit_type":"service","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Systemd::Service","title":"haproxy-mtail@tls","tags":["systemd::service","systemd","service","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":409,"exported":false,"kind":"defined_type","parameters":{"content":"[Unit]\nDescription=HAProxy mtail instance %i\nAfter=haproxy-mtail@%i.socket\nRequires=haproxy-mtail@%i.socket\n\n[Service]\nType=simple\nExecStart=/usr/bin/mtail --progs /etc/haproxymtail --port 3906 -logs /var/log/haproxy.fifo -disable_fsnotify --logtostderr\nExecReload=/bin/kill -SIGHUP $MAINPID\nRestart=on-failure\n\n[Install]\nWantedBy=multi-user.target\n","ensure":"present","unit_type":"service","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Rsyslog::Conf","title":"haproxy@tls","tags":["rsyslog::conf","rsyslog","conf","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":413,"exported":false,"kind":"defined_type","parameters":{"priority":20,"content":"input(type=\"imuxsock\"\n      Socket=\"/var/lib/haproxy/dev/log\"\n      CreatePath=\"on\"\n)\n# forward haproxy logs to the FIFO and stop them from being logged on disk if severity is lower than emergency\nif $programname == \"haproxy\" then {\n    action(type=\"ompipe\" Pipe=\"/var/log/haproxy.fifo\")\n    if $syslogseverity > 0 then {\n        stop\n    }\n}\n","ensure":"present","mode":"0444"}},{"type":"Mtail::Program","title":"cache_haproxy","tags":["mtail::program","mtail","program","cache_haproxy","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":418,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/mtail/programs/cache_haproxy.mtail","destination":"/etc/haproxymtail","notify":"Service[haproxy-mtail@tls]","ensure":"present"}},{"type":"File","title":"/usr/local/sbin/haproxy-restart","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":424,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","content":"#!/bin/bash\n# SPDX-License-Identifier: Apache-2.0\n\nset -e\n\nscript=\"$(basename \"$0\")\"\nhostname=\"$(hostname -f)\"\nconftool_service=\"cdn\"\nselector=\"name=${hostname},service=${conftool_service}\"\n\n# Exit immediately if the service is not pooled\nif confctl --quiet select \"${selector}\" get |\n        jq \".[\\\"${hostname}\\\"].pooled\" | grep -q '\"no\"'; then\n    echo \"${conftool_service} is depooled. Exiting.\" | logger -t \"$script\" --stderr\n    exit 1\nfi\n\necho \"Depooling ${selector}\" | logger -t \"$script\"\nconfctl --host --quiet select \"${selector}\" set/pooled=no\n\n# Wait a bit for the service to be drained\nsleep 30\n\n/usr/bin/systemctl restart haproxy.service\n\nsleep 30\n\necho \"Repooling ${selector}\" | logger -t \"$script\"\nconfctl --host --quiet select \"${selector}\" set/pooled=yes\n"}},{"type":"File","title":"/etc/haproxy/lua","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":443,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"haproxy","group":"haproxy","mode":"0755","require":"File[/etc/haproxy]"}},{"type":"Package","title":"lua5.3-maxminddb","tags":["package","lua5.3-maxminddb","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":462,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"File","title":"/etc/haproxy/lua/maxmind-lookup.lua","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":491,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0644","owner":"haproxy","group":"haproxy","content":"-- SPDX-License-Identifier: MIT\n-- This file is managed by puppet\nlocal maxminddb = require(\"maxminddb\")\n\nlocal isp_dbpath = \"/usr/share/GeoIP/GeoIP2-ISP.mmdb\"\nlocal datacenter_dbpath = \"/usr/share/GeoIP/datacenter.mmdb\"\nlocal proxy_dbpath = \"/usr/share/GeoIP/proxy.mmdb\"\n\nlocal error_response = \"\"\nlocal isp_db, err = maxminddb.open(isp_dbpath)\nlocal datacenter_db, dc_err = maxminddb.open(datacenter_dbpath)\nlocal proxy_db, proxy_db_err = maxminddb.open(proxy_dbpath)\n\nif not isp_db then\n    core.Alert(\"Error opening MaxMind ISP DB: \" .. err)\n    return\nend\n\nif not datacenter_db then\n   core.Warning(\"Error opening Datacenter DB:\" .. dc_err)\nend\n\nif not proxy_db then\n   core.Warning(\"Error opening Proxy DB:\" .. proxy_db_err)\nend\n\n\nfunction fetch_isp(txn)\n   local ip_address = txn.f:src()\n   local ok, result, status = pcall(isp_db.lookup, isp_db, ip_address)\n   if not ok then\n      return error_response\n   end\n\n   local ok, isp = pcall(result.get, result, \"isp\")\n   if not ok or isp == nil or isp == '' then\n      return error_response\n   end\n\n   return 'isp=' .. isp:gsub(\";\", \",\")\nend\n\nfunction is_datacenter(txn)\n   if not datacenter_db then\n      return\n   end\n\n   local ip_address = txn.f:src()\n   local ok, result, status = pcall(datacenter_db.lookup, datacenter_db, ip_address)\n   if not ok then\n      return\n   end\n   local ok, org = pcall(result.get, result, \"autonomous_system_organization\")\n   if ok and org then\n      txn:set_var('txn.is_datacenter', true)\n   end\nend\n\nfunction is_res_proxy(txn)\n   if not proxy_db then\n      return\n   end\n\n   local ip_address = txn.f:src()\n   local ok, result, status = pcall(proxy_db.lookup, proxy_db, ip_address)\n   if not ok then\n      return\n   end\n   local ok, org = pcall(result.get, result, \"callbackProxy\")\n   if ok and org then\n      txn:set_var('txn.res_proxy', \"proxy=\" .. org:gsub(\"_PROXY\", \"\"):lower())\n   end\nend\n\ncore.register_fetches(\"fetch_isp\", fetch_isp)\ncore.register_action('is_datacenter', {'http-req'}, is_datacenter)\ncore.register_action('res_proxy', {'http-req'}, is_res_proxy)\n","require":["File[/etc/haproxy/lua]","Package[lua5.3-maxminddb]"],"notify":"Service[haproxy]","before":"Service[haproxy]"}},{"type":"File","title":"/etc/haproxy/lua/ja3n.lua","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":519,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","mode":"0644","owner":"haproxy","group":"haproxy","content":"-- SPDX-License-Identifier: MIT\n-- Source: https://github.com/O-X-L/haproxy-ja3n\n-- Copyright (C) 2024 Rath Pascal\n-- License: MIT\n-- Algorithm License: BSD 3-Clause\n\n-- JA3N = sorted extensions to tackle browsers randomizing their order\n-- see: https://github.com/salesforce/ja3/issues/88\n-- examples:\n--   before (JA3): 51-27-0-16-17513-65281-23-65037-11-45-43-5-35-10-18-13\n--   after (JA3N): 0-5-10-11-13-16-18-23-27-35-43-45-51-17513-65037-65281\n-- usage:\n--   register: lua-load /etc/haproxy/lua/ja3n.lua (in global)\n--   run: http-request lua.fingerprint_ja3n\n--   log: http-request capture var(sess.fingerprint_ja3n) len 32\n--   acl: var(sess.fingerprint_ja3n) -m str a195b9c006fcb23ab9a2343b0871e362\n\nlocal function split_string(str, delimiter)\n    local result = {}\n    local from  = 1\n    local delim_from, delim_to = string.find(str, delimiter, from)\n    while delim_from do\n        table.insert(result, string.sub(str, from , delim_from-1))\n        from  = delim_to + 1\n        delim_from, delim_to = string.find(str, delimiter, from)\n    end\n    table.insert(result, string.sub(str, from))\n    return result\nend\n\nlocal function sortNumbers(a, b)\n    if (a == nil or b == nil)\n    then\n        return false\n    end\n\n    return tonumber(a) < tonumber(b)\nend\n\nfunction fingerprint_ja3n(txn)\n    local p1 = tostring(txn.f:ssl_fc_protocol_hello_id())\n    local p2 = tostring(txn.c:be2dec(txn.f:ssl_fc_cipherlist_bin(1), '-', 2))\n\n    local p3u = tostring(txn.c:be2dec(txn.f:ssl_fc_extlist_bin(1), '-', 2))\n    local p3l = split_string(p3u, '-')\n    table.sort(p3l, sortNumbers)\n    local p3 = table.concat(p3l, '-')\n\n    local p4 = tostring(txn.c:be2dec(txn.f:ssl_fc_eclist_bin(1),'-',2))\n    local p5 = tostring(txn.c:be2dec(txn.f:ssl_fc_ecformats_bin(),'-',1))\n\n    local c = core.concat()\n    c:add(p1)\n    c:add(',')\n    c:add(p2)\n    c:add(',')\n    c:add(p3)\n    c:add(',')\n    c:add(p4)\n    c:add(',')\n    c:add(p5)\n    local fingerprint = c:dump()\n    local fingerprint_hash = string.lower(txn.c:hex(txn.c:digest(fingerprint, 'md5')))\n\n--    txn:set_var('sess.fingerprint_ja3n_raw', fingerprint)\n    txn:set_var('sess.fingerprint_ja3n', fingerprint_hash)\nend\n\ncore.register_action('fingerprint_ja3n', {'http-req'}, fingerprint_ja3n)\n","require":"File[/etc/haproxy/lua]","notify":"Service[haproxy]","before":"Service[haproxy]"}},{"type":"File","title":"/etc/haproxy/lua/ja4h.lua","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":530,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","mode":"0644","owner":"haproxy","group":"haproxy","content":"-- SPDX-License-Identifier: MIT\n-- Copyright (C) 2025 Chris Danis & Wikimedia Foundation\n-- modified from: https://github.com/O-X-L/haproxy-ja4h-fingerprint\n-- Copyright (C) 2024 Rath Pascal\n-- License: MIT\n-- Algorithm License: FoxIO License (https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE)\n\n\n-- Implements a modified version of the JA4H fingerprinting algorithm\n-- specialized for Wikimedia use cases.\n--\n-- see: https://github.com/FoxIO-LLC/ja4\n-- use in haproxy:\n--   register: lua-load /etc/haproxy/lua/ja4h.lua (in global)\n--   run: http-request lua.fingerprint_ja4h\n--   log: http-request capture var(txn.fingerprint_ja4h) len 38\n--   acl: var(txn.fingerprint_ja4h) -m str ge11cr05enus_75583abecd62_d02f42d4a372\n\n\nlocal function http_version(txn)\n    local v = txn.f:req_ver()\n    if (v == '3.0') then\n        return '30'\n    elseif (v == '2.0') then\n        return '20'\n    else\n        return '11'\n    end\nend\n\nlocal function method_code(txn)\n    return string.lower(string.sub(txn.f:method(), 1, 2))\nend\n\nlocal function referer_is_set(txn)\n    local r = txn.f:req_fhdr('referer')\n    if (not r) then\n        return 'n'\n    end\n    return 'r'\nend\n\nlocal function cookie_is_set(txn)\n    local c = txn.f:req_fhdr('cookie')\n    if (not c) then\n        return 'n'\n    end\n    return 'c'\nend\n\n-- https://github.com/FoxIO-LLC/ja4/blob/main/python/ja4h.py#L12\nlocal function accept_lang_beg(txn)\n    local al = txn.f:req_fhdr('accept-language')\n    if (not al) then\n        return '0000'\n    end\n    al = al:gsub('%W','')\n    return string.rep('0', 4 - #al) .. string.lower(string.sub(al, 1, 4))\nend\n\nlocal function split_string(str, delimiter)\n    local delimiter = delimiter or ','\n    local result = {}\n    local from = 1\n    local delim_from, delim_to = string.find(str, delimiter, from, true)\n    while delim_from do\n        table.insert(result, string.sub(str, from, delim_from-1))\n        from = delim_to + 1\n        delim_from, delim_to = string.find(str, delimiter, from, true)\n    end\n    table.insert(result, string.sub(str, from))\n    return result\nend\n\nlocal function truncated_sha256(txn, value)\n    if (not value or #value == 0) then\n        return '000000000000'\n    else\n        return string.lower(string.sub(txn.c:hex(txn.c:digest(value, 'sha256')), 1, 12))\n    end\nend\n\n-- Don't count cookie or referer headers, max 99, stringified with leading zero\nlocal function count_headers(txn, header_names)\n    local count = 0\n    for _, h in ipairs(header_names) do\n        if (h ~= 'cookie' and h ~= 'referer') then\n            count = count + 1\n        end\n        if (count >= 99) then\n            break\n        end\n    end\n    return string.format('%02d', count)\nend\n\n\n-- called from haproxy as `http-request lua.fingerprint_ja4h`\n-- sets variables `txn.fingerprint_ja4h`,\n--                `txn.fingerprint_ja4h_hdrs`,\n--                `txn.fingerprint_ja4h_hdrs_ordered`\nfunction fingerprint_ja4h(txn)\n    local method = method_code(txn)\n    local ver = http_version(txn)\n\n    local hdrs_str = txn.f:req_hdr_names()\n    local header_names = split_string(hdrs_str)\n    table.sort(header_names)\n\n    local header_count = count_headers(txn, header_names)\n\n    local rv = core.concat()\n\n    local sorted_hdrs_hash = truncated_sha256(txn, table.concat(header_names, ','))\n    local ordered_hdrs_hash = truncated_sha256(txn, hdrs_str)\n\n    rv:add(method)\n    rv:add(ver)\n    rv:add(cookie_is_set(txn))\n    rv:add(referer_is_set(txn))\n    rv:add(header_count)\n    rv:add(accept_lang_beg(txn))\n    rv:add(\"_\")\n    rv:add(sorted_hdrs_hash)\n    rv:add(\"_\")\n    rv:add(ordered_hdrs_hash)\n\n    local fprint = rv:dump()\n    txn:set_var('txn.fingerprint_ja4h', fprint)\n    txn:set_var('txn.fingerprint_ja4h_hdrs', sorted_hdrs_hash)\n    txn:set_var('txn.fingerprint_ja4h_hdrs_ordered', ordered_hdrs_hash)\nend\n\ncore.register_action('fingerprint_ja4h', {'http-req'}, fingerprint_ja4h)\n","require":"File[/etc/haproxy/lua]","notify":"Service[haproxy]","before":"Service[haproxy]"}},{"type":"File","title":"/etc/haproxy/lua/utf8ps.lua","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":541,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0644","owner":"haproxy","group":"haproxy","content":"-- SPDX-License-Identifier: Apache-2.0\n-- Lua port of the utf8ps decoder embedded in HAProxy json() converter\n-- https://github.com/haproxy/haproxy/blob/6cf2401edaf80806828526d214d1a9d5e25ba5d9/src/sample.c#L2687\n\nlocal utf8 = require \"utf8\"\n-- isprint() port\nfunction is_printable(c)\n    if c >= 32 and c <= 126 then\n        return true\n    end\n\n    -- basic multilingual blocks\n    if c >= 0xa0 and c <= 0xd7ff then\n        return true\n    end\n\n    -- private use and other alphabet\n    if c >= 0xe000 and c <= 0xfdcf then\n        return true\n    end\n\n    return false\nend\n\n-- function to determine the byte length of a UTF-8 character\nfunction utf8_char_length(s, pos)\n    local byte = string.byte(s, pos)\n    if byte < 128 then\n        return 1\n    elseif byte < 224 then\n        return 2\n    elseif byte < 240 then\n        return 3\n    elseif byte < 248 then\n        return 4\n    else\n        return 1  -- Invalid, treat as single byte\n    end\nend\n\nfunction utf8ps(payload)\n    local result = {}\n    local pos = 1\n    local len = #payload\n\n    while pos <= len do\n        local success, codepoint = pcall(utf8.codepoint, payload, pos)\n        if not success then\n            -- Invalid UTF-8 sequence, process as raw byte\n            local c = string.byte(payload, pos)\n            table.insert(result, string.format(\"\\\\u%04x\", c))\n            pos = pos + 1\n        else\n            local str\n            local char_len = utf8_char_length(payload, pos)\n            if not is_printable(codepoint) then\n                if codepoint <= 0xffff then\n                    str = string.format(\"\\\\u%04x\", codepoint)\n                 else\n                    str = string.format(\"\\\\U%08x\", codepoint)\n                 end\n            else\n                -- Get the actual UTF-8 character\n                str = string.sub(payload, pos, pos + char_len -1)\n            end\n            table.insert(result, str)\n            pos = pos + char_len\n        end\n    end\n\n    return table.concat(result)\nend\n\ncore.register_converters(\"utf8ps\", utf8ps)\n","require":"File[/etc/haproxy/lua]","notify":"Service[haproxy]","before":"Service[haproxy]"}},{"type":"File","title":"/etc/haproxy/lua/contact_info.lua","tags":["file","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxy.pp","line":552,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0644","owner":"haproxy","group":"haproxy","content":"-- SPDX-License-Identifier: Apache-2.0\n-- Copyright 2026 Giuseppe Lavagetto, Wikimedia Foundation Inc.\n-- Extract contact information from the User-Agent string according to our UA policy\n-- usage:\n--   register: lua-load /etc/haproxy/lua/contact_info.lua (in global)\n--   run: http-request lua.set_contact_info\n--   log: http-request capture var(req.contact_info) len 64\n--   acl: var(txn.contact_info) -m found\n\n-- Extract email address from User-Agent string\n-- returns the email address if found, otherwise nil\nlocal function extract_email_address(ua_string)\n    if ua_string == nil then\n        return nil\n    end\n    -- Quite liberal email pattern matching.\n    -- The reason to do this is we don't really care about the email being valid,\n    -- but rather to capture what the user provided in the UA string.\n    local email_pattern = \"[%w%.%+%-_]+@[%w%-_]*%a[%w%-_]*%.[%a][%a]+\"\n    local email = string.match(ua_string, email_pattern)\n    -- Check for suspiciously long email addresses that are likely not real.\n    local parts = {}\n    for part in string.gmatch(email or \"\", \"[^@]+\") do\n        table.insert(parts, part)\n    end\n    if #parts == 2 and #parts[1] <= 64 and #parts[2] <= 255 then\n        return email\n    end\n    return nil\nend\n\n\n-- Extract url domain from User-Agent string\n-- returns the url schema+domain if found, otherwise nil\nlocal function extract_url_domain(ua_string)\n    if ua_string == nil then\n        return nil\n    end\n    -- Very liberal URL domain pattern matching.\n    -- The reason to do this is we don't really care about the URL being valid,\n    -- but rather to capture what the user provided in the UA string.\n    local url_pattern = \"https?://[%w%-_/%.%%]+\"\n    return string.match(ua_string, url_pattern)\nend\n\nlocal function extract_wiki_username(ua_string)\n    if ua_string == nil then\n        return nil\n    end\n    -- Pattern to match Wikimedia wiki usernames in the UA string as provided by pywikibot.\n    -- See https://phabricator.wikimedia.org/T414173#11507767\n    -- Also match [[User:Username]] as provided by various community bots. See https://phabricator.wikimedia.org/T423992\n    local wiki_user_patterns = {\n        \"%(%w+:[%w%-]+; [Uu]ser:([%w%s_%-%.%(%)]+)%)\",\n        \"%[%[[Uu]ser:([%w%s_%-%.%(%)]+)%]%]\",\n    }\n    for _, pattern in ipairs(wiki_user_patterns) do\n        local username = string.match(ua_string, pattern)\n        if username then\n            return username\n        end\n    end\n    return nil\nend\n\n-- Main function to be registered in HAProxy\n-- We look for contact info in the User-Agent string in this order:\n-- 1. email address\n-- 2. URL domain\n-- 3. wiki username\n-- We do prefer the email address over the URL domain because it's more specific,\n-- and often the URL can be for a generic site (like: the github repo of the software);\n-- similarly, we prefer the URL domain over the wiki username, which is an exception we're\n-- making to the letter of the UA policy.\nfunction set_contact_info(txn)\n    local MAX_UA_LENGTH = 512\n    local ua_string = txn.f:req_fhdr(\"User-Agent\")\n    if ua_string == nil then\n        return\n    end\n    if #ua_string > MAX_UA_LENGTH then\n        return\n    end\n\n\n    local email = extract_email_address(ua_string)\n    if email then\n        txn:set_var(\"req.contact_info\", email)\n        return\n    end\n\n    local url_domain = extract_url_domain(ua_string)\n    if url_domain then\n        txn:set_var(\"req.contact_info\", url_domain)\n        return\n    end\n\n    local wiki_username = extract_wiki_username(ua_string)\n    if wiki_username then\n        txn:set_var(\"req.contact_info\", wiki_username)\n    end\nend\n\ncore.register_action(\"set_contact_info\", { \"http-req\" }, set_contact_info)\n","notify":"Service[haproxy]","before":"Service[haproxy]"}},{"type":"Class","title":"Profile::Cache::Varnish::Frontend","tags":["class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"single_backend":false,"fe_vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144},"backends_in_etcd":false,"fe_extra_vcl":["normalize_path","geoip"],"runtime_params":["default_ttl=3600"],"packages_component":"main","separate_vcl":["misc"],"listen_uds":["/run/varnish-frontend-0.socket","/run/varnish-frontend-1.socket","/run/varnish-frontend-2.socket","/run/varnish-frontend-3.socket","/run/varnish-frontend-4.socket","/run/varnish-frontend-5.socket","/run/varnish-frontend-6.socket","/run/varnish-frontend-7.socket"],"uds_owner":"haproxy","uds_group":"root","uds_mode":"700","use_etcd_req_filters":false,"use_ip_reputation":false,"enable_monitoring":false,"thread_pool_max":5000,"check_min_fe_mem":false,"do_edge_uniques":true,"conftool_prefix":"/conftool/v1","has_lvs":false,"cache_nodes":{"text":{"eqiad":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"]}},"cache_cluster":"text","req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_cache_be_opts":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"fe_transient_gb":0,"privileged_uds":"/run/varnish-privileged.socket","use_private_repo":false,"do_esitest":false,"vsl_size":"160M","fe_mem_gb_reserved":170,"check_min_fe_mem_value":150,"fe_beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","edge_uniques_key_dir":"/etc/varnish/uniques.d","edge_uniques_cfg_path":"/etc/varnish/uniques.json","rate_limiting_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false}}},{"type":"Package","title":"python3-jsonschema","tags":["package","python3-jsonschema","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":98,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-requests","tags":["package","python3-requests","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":98,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Systemd::Mask","title":"varnishncsa.service","tags":["systemd::mask","systemd","mask","varnishncsa.service","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":101,"exported":false,"kind":"defined_type","parameters":{"unit":"varnishncsa.service"}},{"type":"Systemd::Mask","title":"varnishlog.service","tags":["systemd::mask","systemd","mask","varnishlog.service","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":102,"exported":false,"kind":"defined_type","parameters":{"unit":"varnishlog.service"}},{"type":"Package","title":"libvmod-netmapper","tags":["package","libvmod-netmapper","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":105,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","before":"Mount[/var/lib/varnish]","require":["Systemd::Mask[varnishncsa.service]","Systemd::Mask[varnishlog.service]"],"provider":"apt"}},{"type":"Package","title":"libvmod-querysort","tags":["package","libvmod-querysort","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":105,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","before":"Mount[/var/lib/varnish]","require":["Systemd::Mask[varnishncsa.service]","Systemd::Mask[varnishlog.service]"],"provider":"apt"}},{"type":"Package","title":"libvmod-wmfuniq","tags":["package","libvmod-wmfuniq","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":105,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","before":"Mount[/var/lib/varnish]","require":["Systemd::Mask[varnishncsa.service]","Systemd::Mask[varnishlog.service]"],"provider":"apt"}},{"type":"Package","title":"varnish","tags":["package","varnish","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":105,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","before":"Mount[/var/lib/varnish]","require":["Systemd::Mask[varnishncsa.service]","Systemd::Mask[varnishlog.service]"],"provider":"apt"}},{"type":"Package","title":"varnish-modules","tags":["package","varnish-modules","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":105,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","before":"Mount[/var/lib/varnish]","require":["Systemd::Mask[varnishncsa.service]","Systemd::Mask[varnishlog.service]"],"provider":"apt"}},{"type":"Package","title":"varnish-re2","tags":["package","varnish-re2","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":105,"exported":false,"kind":"compilable_type","parameters":{"ensure":"installed","before":"Mount[/var/lib/varnish]","require":["Systemd::Mask[varnishncsa.service]","Systemd::Mask[varnishlog.service]"],"provider":"apt"}},{"type":"File","title":"/etc/varnish/uniques.d","tags":["file","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":127,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"varnish","mode":"0750","show_diff":false,"backup":false}},{"type":"File","title":"/etc/varnish/uniques.d/keys.cfg","tags":["file","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":138,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"varnish","mode":"0640","show_diff":false,"backup":false,"content":{"__ptype":"Binary","__pvalue":"RDkwMzpDOi9ldGMvdmFybmlzaC91bmlxdWVzLmQvd21mdW5pcS0yMDI1LTA0LmtleQo="}}},{"type":"File","title":"/etc/varnish/uniques.d/wmfuniq-2025-04.key","tags":["file","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":138,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"varnish","mode":"0640","show_diff":false,"backup":false,"content":{"__ptype":"Binary","__pvalue":"U05BS0VPSUwK"}}},{"type":"File","title":"/usr/local/bin/wmfuniq-experiment-fetcher","tags":["file","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":149,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0755","source":"puppet:///modules/profile/cache/wmfuniq_experiment_fetcher.py"}},{"type":"Systemd::Timer::Job","title":"wmfuniq-experiment-fetcher","tags":["systemd::timer::job","systemd","timer","job","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":157,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"fetch edge uniques experiments configuration","user":"root","monitoring_enabled":true,"send_mail":true,"environment":{"MAILTO":"sre-traffic@wikimedia.org"},"interval":{"start":"OnCalendar","interval":"minutely"},"accuracy":"1s","splay":59,"fixed_random_delay":true,"command":"/usr/local/bin/wmfuniq-experiment-fetcher /etc/varnish/uniques.json","require":["File[/usr/local/bin/wmfuniq-experiment-fetcher]","Package[python3-jsonschema]"],"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"success_exit_status":[]}},{"type":"Mount","title":"/var/lib/varnish","tags":["mount","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":174,"exported":false,"kind":"compilable_type","parameters":{"ensure":"mounted","device":"tmpfs","fstype":"tmpfs","options":"noatime,defaults,size=512M","pass":0,"dump":0}},{"type":"Class","title":"Varnish::Common::Vcl","tags":["class","varnish::common::vcl","varnish","common","vcl","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":223,"exported":false,"kind":"class","parameters":{"vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"private_repo":false,"require":["Class[Varnish::Common]","Class[Varnish::Common::Errorpage]","Class[Varnish::Common::Browsersec]"]}},{"type":"File","title":"/etc/varnish/translation-engine.inc.vcl","tags":["file","class","varnish::common::vcl","varnish","common","vcl","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common/vcl.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"// Identify translation engine for later handling\n\nsub translation_engine_recv {\n    if (req.http.Via ~ \"(?i)translate\\.google\\.com\") {\n        var.set(\"translation_engine\", \"GT\");\n        // T212197\n        if (req.http.User-Agent !~ \"Googlebot\" && req.http.Host ~ \"\\.wikipedia\\.org$\") {\n            var.set_int(\"gt_redirect_scoped\", 1);\n            std.log(\"gt_redirect_scoped=1\");\n        }\n    }\n}\n"}},{"type":"File","title":"/etc/varnish/analytics.inc.vcl","tags":["file","class","varnish::common::vcl","varnish","common","vcl","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common/vcl.pp","line":20,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"\n/*****************************************************************************\n * Varnish VCL for WMF-Last-Access Cookie\n * Please see what this cookie is trying to acomplish:\n * https://wikitech.wikimedia.org/wiki/Analytics/Unique_clients/Last_visit_solution\n *\n * General notes on timestamp format strings used here:\n * \"now\" stringifies as \"Wed, 01 Jan 2000 01:01:01 GMT\", which is the same\n * format used by Set-Cookie \"Expires\" data.  The format for the last access\n * value, and thus \"now_day\" and \"last_stamp\" variables as well, is \"01-Jan-2000\"\n * (because the other info is redundant or too-specific, and cookie values\n * shouldn't have whitespace or commas).\n ****************************************************************************/\n\n/*****************************************************************************\n * This must be called *before* any vcl_recv cookie munging.  It more-properly\n * belongs in _deliver, but putting it here avoids all of the issues\n * surrounding consistent access to Cookie vs X-Orig-Cookie in vcl_deliver\n * Note we don't validate that the cookie's 3-letter month abbreviation is\n * legal, or that the numeric values for the date/year are legal, just that\n * they have the right count of the right kinds of characters.\n ****************************************************************************/\nsub analytics_last_access_recv_ {\n    if (req.http.Cookie ~ \"(^|;\\s*)WMF-Last-Access=[0-9]{2}-[A-Za-z]{3}-[0-9]{4}(;|$)\") {\n        // Save the value for use later in _deliver\n        var.set(\n            \"last_stamp\",\n            regsub(\n                req.http.Cookie,\n                \"^(?:.*;\\s*)?WMF-Last-Access=([^;]+).*$\",\n                \"\\1\"\n            )\n        );\n    }\n}\n\nsub analytics_last_access_global_recv_ {\n    if (req.http.Cookie ~ \"(^|;\\s*)WMF-Last-Access-Global=[0-9]{2}-[A-Za-z]{3}-[0-9]{4}(;|$)\") {\n        // Save the value for use later in _deliver\n        var.set(\n            \"last_global_stamp\",\n            regsub(\n                req.http.Cookie,\n                \"^(?:.*;\\s*)?WMF-Last-Access-Global=([^;]+).*$\",\n                \"\\1\"\n            )\n        );\n    }\n}\n\n/*****************************************************************************\n * !!! private to analytics_last_access_deliver !!!!\n * Use a 12h-resolution expiry so people cannot infer an exact request time.\n ****************************************************************************/\nsub set_last_access_cookie__ {\n    header.append(resp.http.Set-Cookie,\n        \"WMF-Last-Access=\"\n        + var.get(\"now_day\")\n        + \";Path=/;HttpOnly;secure;Expires=\"\n        + std.time(std.time2integer(now + 32d, 0) / 43200 * 43200, now)\n    );\n}\n\n/******************************************************************************\n * Same as set_last_access_cookie__ but with Domain attribute\n * (eg: Domain=.wikipedia.org)\n ******************************************************************************/\nsub set_last_access_global_cookie__ {\n    header.append(resp.http.Set-Cookie,\n        \"WMF-Last-Access-Global=\"\n        + var.get(\"now_day\")\n        + \";Path=/;Domain=.\"\n        + regsub(req.http.X-Cookie-Host, \"^([a-z0-9-]+\\.)*([a-z0-9-]+\\.beta.wmcloud.org)$\", \"\\2\")\n        + \";HttpOnly;secure;Expires=\"\n        + std.time(std.time2integer(now + 32d, 0) / 43200 * 43200, now)\n    );\n}\n\n// Call from vcl_deliver near other X-Analytics code\nsub analytics_last_access_deliver_ {\n    // Create now_day in \"01-Jan-2000\" form, from \"now\"\n    var.set(\"now_day\", regsub(now, \"^..., (..) (...) (....) .*$\", \"\\1-\\2-\\3\"));\n\n    /*\n     * WMF-Last-Access\n     */\n    if(req.http.X-Cookie-Host != \"api.wikimedia.org\") {\n        if(var.get(\"last_stamp\")) {\n            set resp.http.X-Analytics = resp.http.X-Analytics\n                + \";WMF-Last-Access=\"\n                + var.get(\"last_stamp\");\n\n            if (var.get(\"now_day\") != var.get(\"last_stamp\")) {\n                std.log(\"Resetting WMF-Last-Access\");\n                call set_last_access_cookie__;\n            }\n\n        }\n        else {\n            // sets the initial cookie if no valid one existed\n            call set_last_access_cookie__;\n        }\n    }\n\n    /*\n     * WMF-Last-Access-Global (not for wikimedia.org)\n     */\n    if(req.http.X-Cookie-Host !~ \"\\.wikimedia\\.org$\") {\n        if(var.get(\"last_global_stamp\")) {\n            set resp.http.X-Analytics = resp.http.X-Analytics\n                + \";WMF-Last-Access-Global=\"\n                + var.get(\"last_global_stamp\");\n\n            if (var.get(\"now_day\") != var.get(\"last_global_stamp\")) {\n                std.log(\"Resetting WMF-Last-Access-Global\");\n                call set_last_access_global_cookie__;\n            }\n        }\n        else {\n            // sets the initial cookie if no valid one existed\n            call set_last_access_global_cookie__;\n        }\n    }\n}\n\n/*****************************************************************************\n * Analytics for \"wprov\" Provenance data\n * See https://www.mediawiki.org/wiki/Provenance for reserved values.\n ****************************************************************************/\n\nsub analytics_provenance_recv_ {\n    // Avoid cache fragmentation for well-formed provenance parameters\n    // Refer to discussion starting from\n    // https://lists.wikimedia.org/pipermail/analytics/2015-February/003426.html\n    // Look for wprov parameter with a value\n    if (req.url ~ \"(?i)[?&]wprov=[^&]+\") {\n        // Ready a variable for later X-Analytics tagging in vcl_deliver.\n\n        // Grab just the value of the wprov parameter, excluding the rest of the URL\n        var.set(\"wprov\", regsub(req.url, \"(?i).+[?&]wprov=([^&]+).*\", \"\\1\"));\n\n        // Remove the wprov=X parameter from req.url to avoid cache\n        // fragmentation using two regexes to cover distinct cases:\n\n        // (1) Simple strip if final query arg:\n        set req.url = regsub(req.url, \"(?i)[?&]wprov=[^&]+$\", \"\");\n\n        // (2) When not the final arg, we need to capture the leading\n        //     [?&] to reuse with the parameter that follows:\n        set req.url = regsub(req.url, \"(?i)([?&])wprov=[^&]+&\", \"\\1\");\n    }\n}\n\nsub analytics_provenance_deliver_ {\n    // In case there was a provenance parameter with a value, add it to X-Analytics\n    if (var.get(\"wprov\")) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";wprov=\" + var.get(\"wprov\");\n    }\n}\n\n/*****************************************************************************\n * Combined analytics recv and deliver hooks, to be included directly in\n * vcl_recv and vcl_deliver in common wikimedia.vcl - these are the only\n * \"public\" interfaces in this file!\n ****************************************************************************/\n\nsub analytics_recv {\n    if(req.http.Cookie && req.http.Cookie ~ \"([sS]ession|Token)=\")\n    {\n        var.set_int(\"has_sessioncookie\", 1);\n    }\n\n    if (req.http.Authorization) {\n        if (req.http.Authorization ~ \"^OAuth \") {\n            var.set(\"auth_scheme\", \"OAuth\");\n        } else if (req.http.Authorization ~ \"^Bearer \") {\n            var.set(\"auth_scheme\", \"Bearer\");\n        } else if (req.http.Authorization ~ \"^Basic \") {\n            var.set(\"auth_scheme\", \"Basic\");\n        } else if (req.http.Authorization ~ \"^CentralAuthToken \") {\n            var.set(\"auth_scheme\", \"CentralAuthToken\");\n        } else if (req.http.Authorization ~ \"^NetworkSession \") {\n            var.set(\"auth_scheme\", \"NetworkSession\");\n        } else {\n            var.set(\"auth_scheme\", \"unknown\");\n        }\n    }\n\n    call analytics_provenance_recv_;\n}\n\n// Not all hosts using analytics_recv need to use the \"WMF-Last-Access\" cookie,\n// so split this into its own subroutine.\nsub analytics_last_access_recv {\n    call analytics_last_access_recv_;\n    // Global last access cookies not used w/ wikimedia.org\n    if(req.http.X-Cookie-Host !~ \"\\.wikimedia\\.org$\") {\n        call analytics_last_access_global_recv_;\n    }\n\n}\n\nsub analytics_deliver_pre {\n    // Create empty header if none, to avoid tons of if/else clauses; will\n    // clean up at the end.  Note that if we defined one of the k=v pairs as\n    // required (having a real value for the false/negative case), we could\n    // set that one first and this would get a bit cleaner...\n    if (!resp.http.X-Analytics) {\n        set resp.http.X-Analytics = \"\";\n    }\n}\n\nsub analytics_deliver_last_access {\n    call analytics_last_access_deliver_;\n}\n\nsub analytics_deliver_post {\n    call analytics_provenance_deliver_;\n\n    # We check allowed values inbound in X-Analytics header\n    #\n    # At this time there are only two values we let clients send:\n    # pageview=1 and preview=1 and they are mutually exclusive\n    # https://wikitech.wikimedia.org/wiki/X-Analytics#Keys\n\n    # Any value that we decide clients can send in the future should be\n    # whitelisted here\n    if (req.http.X-Analytics ~ \"(^|;)pageview=1(;|$)\") {\n            set resp.http.X-Analytics = resp.http.X-Analytics + \";pageview=1\";\n    } else if (req.http.X-Analytics ~ \"(^|;)preview=1(;|$)\") {\n            set resp.http.X-Analytics = resp.http.X-Analytics + \";preview=1\";\n    }\n\n    if (req.http.X-Forwarded-Proto) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";https=1\";\n    }\n\n    if (req.http.X-WMF-UUID) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";wmfuuid=\" + req.http.X-WMF-UUID;\n    }\n\n    # The \"X-Subdomain\" header is added before the cache and request,\n    # in vcl_recv/cluster_fe_recv_pre_purge.\n    # We are now after the response, in vcl_deliver/deliver_synth_\n    if (req.http.X-Subdomain) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";ismobile=1\";\n    }\n\n    # We set debug=1, so analytics won't count those requests as real pageviews.\n    if (req.http.X-Wikimedia-Debug) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";debug=1\";\n    }\n\n    # Add client TCP source port to webrequest (T271953, T181368)\n    if (req.http.X-Client-Port) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";client_port=\" + req.http.X-Client-Port;\n    }\n\n    // Add proxy=IORG X-Analytics tag if appropriate.\n    // Although Via: Internet.org usually comes via proxying, it isn't guaranteed to come that way.\n    // Nonetheless, as it is tagged with Via and the equipment is under Internet.org, we proxy tag.\n    if (req.http.Via ~ \"(?i)Internet\\.org\") {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";proxy=IORG\";\n    }\n\n    // Add Google Translate translationengine X-Analytics tag for measuring impact.\n    // Via is largely standardized and is likely to stay. Other characteristics of the\n    // request, including the Referer, can be combined for greater confidence.\n    if (var.get(\"translation_engine\")) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";translationengine=\" + var.get(\"translation_engine\");\n    }\n\n    if (var.get(\"auth_scheme\")) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";authorization=\" + var.get(\"auth_scheme\");\n    }\n\n    if (var.get_int(\"nocookies\")) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";nocookies=1\";\n    }\n\n    if (var.get_int(\"has_sessioncookie\")) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";sessioncookie=1\";\n    }\n\n    if (var.get_int(\"wmfuniq_days\")) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";wmfuniq_days=\" + var.get_int(\"wmfuniq_days\");\n    } else {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";wmfuniq_days=0\";\n    }\n    if (var.get_int(\"wmfuniq_weeks\")) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";wmfuniq_weeks=\" + var.get_int(\"wmfuniq_weeks\");\n    } else {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";wmfuniq_weeks=0\";\n    }\n    if (var.get_int(\"wmfuniq_freq\")) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";wmfuniq_freq=\" + var.get_int(\"wmfuniq_freq\");\n    } else {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";wmfuniq_freq=0\";\n    }\n\n    if (req.http.X-Provenance ~ \"cloud=\\w+\") {\n        // do we still need this considering X-Provenance content?\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";public_cloud=1\";\n    }\n\n    // Add to X-Analytics the matching requestctl patterns, comma separated. T305582\n    if (req.http.X-Requestctl && req.http.X-Requestctl != \"\") {\n        // Remove the comma at the start of the line, if present.\n        set req.http.X-Requestctl = regsub(req.http.X-Requestctl, \"^,\", \"\");\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";requestctl=\" + req.http.X-Requestctl;\n    }\n\n    if (req.http.X-Is-Browser) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";x_is_browser=\" + req.http.X-Is-Browser;\n    }\n\n    if (req.http.X-Trusted-Request) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";trusted_req=\" + req.http.X-Trusted-Request;\n    }\n\n    if (resp.http.X-WMF-Ratelimit-Class) {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";rl_class=\" + resp.http.X-WMF-Ratelimit-Class;\n        unset resp.http.X-WMF-Ratelimit-Class;\n    }\n\n    // Add to X-Analytics whether Sec-Purpose HTTP header present. T346463\n    if (req.http.Sec-Purpose) {\n        if (std.tolower(regsuball(req.http.Sec-Purpose, \" \", \"\")) == \"prefetch;anonymous-client-ip\") {\n            set resp.http.X-Analytics = resp.http.X-Analytics + \";prefetch_sec_purpose=chrome_private_prefetch;chrome_private_prefetch_version=1\";\n        }\n        else if (req.http.Sec-Purpose && req.http.Sec-Purpose == \"prefetch\") {\n            set resp.http.X-Analytics = resp.http.X-Analytics + \";prefetch_sec_purpose=1\";\n        }\n        else if (req.http.Sec-Purpose && req.http.Sec-Purpose == \"prefetch;prerender\") {\n            set resp.http.X-Analytics = resp.http.X-Analytics + \";prefetch_sec_purpose=chrome_prerender\";\n        }\n        else if (req.http.Sec-Purpose && req.http.Sec-Purpose == \"prefetch;prerender;preview\") {\n            set resp.http.X-Analytics = resp.http.X-Analytics + \";prefetch_sec_purpose=chrome_preview\";\n        }\n        else {\n            set resp.http.X-Analytics = resp.http.X-Analytics + \";prefetch_sec_purpose=nonstandard\";\n        }\n    }\n\n    // Add to X-Analytics whether historical de facto prefetch Purpose: prefetch header present. T346463\n    if (req.http.Purpose && req.http.Purpose == \"prefetch\") {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";prefetch_purpose=1\";\n    }\n\n    // Add to X-Analytics whether pre-FF115 X-Moz: prefetch header present. T346463\n    if (req.http.X-Moz && req.http.X-Moz == \"prefetch\") {\n        set resp.http.X-Analytics = resp.http.X-Analytics + \";prefetch_x_moz=1\";\n    }\n\n    // Clean up header from setting to empty at the start...\n    if (resp.http.X-Analytics == \"\") {\n        unset resp.http.X-Analytics;\n    } else {\n        set resp.http.X-Analytics = regsub(resp.http.X-Analytics, \"^;\", \"\");\n    }\n}\n"}},{"type":"File","title":"/etc/varnish/analytics-dp-helper.vcl","tags":["file","class","varnish::common::vcl","varnish","common","vcl","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common/vcl.pp","line":27,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"C{\n    #include <fcntl.h>\n    #include <string.h>\n    #include <unistd.h>\n    #include <sodium.h>\n\n    #define KEY_FILE \"/etc/varnish/dp.daily.key\"\n\n    unsigned char key[crypto_shorthash_KEYBYTES];\n\n    static void dp_hash(const struct vrt_ctx *ctx) {\n        // define hash output buffer and key buffer\n        unsigned char hash[crypto_shorthash_BYTES];\n        char hexhash[2 * crypto_shorthash_BYTES + 1];\n        char outputhash[4] = { 0 };\n\n        struct vmod_priv *dp_hash_var_pt = VRT_priv_task_get(ctx, &VGC_vmod_var);\n        if (dp_hash_var_pt == NULL) {\n            VRT_fail(ctx, \"failed to get task priv for vmod var\");\n            return;\n        }\n        const char *page_id = Vmod_vmod_var_Func.get_string(ctx, dp_hash_var_pt, \"page_id\");\n        if (!page_id)\n            return;\n\n        // hash the page ID and put results into output buffer\n        crypto_shorthash(hash, (unsigned char*) page_id, strlen(page_id), key);\n\n        // convert hash to hex and shorten it to 3 chars\n        sodium_bin2hex(hexhash, sizeof(hexhash), hash, sizeof(hash));\n        memcpy(outputhash, hexhash, 3);\n\n        // pass hash to the header to make sure it's accessible outside of this C{} block\n        const struct gethdr_s shdr = {\n            HDR_REQ,\n            \"\\007X-Hash:\" // length prefixed string, in octal\n        };\n        VRT_SetHdr(ctx, &shdr, NULL, TOSTRAND(outputhash));\n    }\n}C\n\nsub vcl_init {\n    C{\n        if (sodium_init() == -1) {\n            VRT_fail(ctx, \"sodium_init() failed!\");\n            return;\n        }\n    }C\n    call reload_hash_key_vcl;\n}\n\nsub dp_hash_vcl {\n    C{dp_hash(ctx);}C\n}\n\nsub reload_hash_key_vcl {\n    C{\n        const int key_fd = open(KEY_FILE, O_CLOEXEC | O_RDONLY);\n        if (key_fd < 0) {\n            VRT_fail(ctx, \"unable to open diffpriv key file!\");\n            return;\n        }\n        const ssize_t readrv = read(key_fd, key, crypto_shorthash_KEYBYTES);\n        int error = 0;\n        if (readrv != crypto_shorthash_KEYBYTES) {\n            error = 1;\n        }\n        if (close(key_fd) != 0) {\n            error = 1;\n        }\n        if (error) {\n            VRT_fail(ctx, \"unable to read diffpriv key\");\n            return;\n        }\n    }C\n}\n"}},{"type":"File","title":"/etc/varnish/alternate-domains.inc.vcl","tags":["file","class","varnish::common::vcl","varnish","common","vcl","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common/vcl.pp","line":34,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"import re2;\n\nsub wm_domains_init {\n       // Domains for which we need to switch to an alternate VCL file T164609\n       new alternate_domains = re2.set(anchor=both, case_sensitive=false, literal=false);\n       alternate_domains.add(\"\\Qconfig-master.wikimedia.beta.wmcloud.org\\E\");\n       alternate_domains.add(\"\\Qperformance.wikimedia.beta.wmcloud.org\\E\");\n       alternate_domains.add(\"\\Qstream.wikimedia.beta.wmcloud.org\\E\");\n       alternate_domains.add(\"\\Qstream.wikimedia.beta.wmflabs.org\\E\");\n\n       alternate_domains.compile();\n}\n"}},{"type":"File","title":"/usr/share/varnish/tests","tags":["file","class","varnish::common::vcl","varnish","common","vcl","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/common/vcl.pp","line":53,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"Confd::File","title":"/etc/varnish/directors.frontend.vcl","tags":["confd::file","confd","file","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":252,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","reload":"/usr/local/bin/confd-reload-vcl varnish-frontend -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl","before":"Service[varnish-frontend]","watch_keys":["/conftool/v1/pools/eqiad/cache_text/ats-be"],"content":"new cache_local = directors.shard();\nnew cache_local_random = directors.random();\n\n{{range $node := ls \"/conftool/v1/pools/eqiad/cache_text/ats-be/\"}}{{ $key := printf \"/conftool/v1/pools/eqiad/cache_text/ats-be/%s\" $node }}{{ $data := json (getv $key) }}{{ if eq $data.pooled \"yes\" }}\ncache_local.add_backend(be_{{ $parts := split $node \".\" }}{{ join $parts \"_\" }});\ncache_local_random.add_backend(be_{{ $parts := split $node \".\" }}{{ join $parts \"_\" }}, {{ $data.weight }});\n{{end}}{{end}}\n\n\ncache_local.reconfigure();\n","instance":"main","mode":"0444","relative_prefix":true,"notify":["Service[confd]"]}},{"type":"File","title":"/etc/varnish/requestctl-filters.inc.vcl","tags":["file","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":277,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/etc/varnish/requestctl-filters-hit.inc.vcl","tags":["file","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":277,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/etc/varnish/blocked-nets.inc.vcl","tags":["file","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":277,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Sysctl::Parameters","title":"maximum map count","tags":["sysctl::parameters","sysctl","parameters","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":296,"exported":false,"kind":"defined_type","parameters":{"values":{"vm.max_map_count":262120},"ensure":"present","priority":70,"no_priority_prefix":false}},{"type":"Class","title":"Prometheus::Node_varnishd_mmap_count","tags":["class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":302,"exported":false,"kind":"class","parameters":{"service":"varnish-frontend.service","ensure":"present","outfile":"/var/lib/prometheus/node.d/varnishd_mmap_count.prom"}},{"type":"File","title":"/usr/local/bin/prometheus-varnishd_mmap_count","tags":["file","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_varnishd_mmap_count.pp","line":11,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/prometheus/usr/local/bin/prometheus-varnishd_mmap_count"}},{"type":"Systemd::Timer::Job","title":"prometheus_varnishd_mmap_count","tags":["systemd::timer::job","systemd","timer","job","prometheus_varnishd_mmap_count","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_varnishd_mmap_count.pp","line":20,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Regular job to collect number of varnishd memory map areas","user":"root","command":"/usr/local/bin/prometheus-varnishd_mmap_count varnish-frontend.service /var/lib/prometheus/node.d/varnishd_mmap_count.prom","interval":{"start":"OnCalendar","interval":"minutely"},"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Class","title":"Prometheus::Node_sysctl","tags":["class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":307,"exported":false,"kind":"class","parameters":{"ensure":"present","outfile":"/var/lib/prometheus/node.d/sysctl.prom"}},{"type":"File","title":"/usr/local/bin/prometheus-sysctl","tags":["file","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_sysctl.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/prometheus/usr/local/bin/prometheus-sysctl.py"}},{"type":"Systemd::Timer::Job","title":"prometheus_sysctl","tags":["systemd::timer::job","systemd","timer","job","prometheus_sysctl","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_sysctl.pp","line":21,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","require":["File[/usr/local/bin/prometheus-sysctl]","Package[python3-prometheus-client]"],"description":"Regular job to collect select sysctl keys/values","user":"root","command":"/usr/local/bin/prometheus-sysctl /var/lib/prometheus/node.d/sysctl.prom","interval":{"start":"OnCalendar","interval":"*:0/5"},"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Prometheus::Node_varnish_params","title":"prometheus-varnish-params","tags":["prometheus::node_varnish_params","prometheus","node_varnish_params","prometheus-varnish-params","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":309,"exported":false,"kind":"defined_type","parameters":{"param_thread_pool_max":5000,"outfile":"/var/lib/prometheus/node.d/varnish_params.prom","ensure":"present"}},{"type":"Prometheus::Node_file_count","title":"track vcache fds","tags":["prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":316,"exported":false,"kind":"defined_type","parameters":{"paths":["/proc/$(pgrep -u vcache)/fd"],"outfile":"/var/lib/prometheus/node.d/vcache_fds.prom","metric":"node_varnish_filedescriptors_total","ensure":"present"}},{"type":"Varnish::Instance","title":"text-frontend","tags":["varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend.pp","line":322,"exported":false,"kind":"defined_type","parameters":{"instance_name":"frontend","vcl":"text-frontend","separate_vcl":["misc-frontend"],"extra_vcl":["normalize_path","geoip"],"tcp_addrs":["127.0.0.1:3127"],"admin_port":6082,"runtime_params":"-p default_ttl=3600","storage":"-s malloc,1G ","backend_caches":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"],"backend_options":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"backends_in_etcd":false,"vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"wikimedia_nets":["172.16.0.0/12","127.0.0.0/8","::1/128","172.16.0.0/12"],"wikimedia_trust":["172.16.0.0/12","127.0.0.0/8","::1/128"],"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"listen_uds":["/run/varnish-frontend-0.socket","/run/varnish-frontend-1.socket","/run/varnish-frontend-2.socket","/run/varnish-frontend-3.socket","/run/varnish-frontend-4.socket","/run/varnish-frontend-5.socket","/run/varnish-frontend-6.socket","/run/varnish-frontend-7.socket"],"uds_owner":"haproxy","uds_group":"root","uds_mode":"700","privileged_uds":"/run/varnish-privileged.socket","enable_monitoring":false,"thread_pool_max":5000,"vsl_size":"160M","etcd_filters":false,"ip_reputation":false,"private_repo":false,"ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false}}},{"type":"Class","title":"Profile::Prometheus::Varnish_exporter","tags":["class","profile::prometheus::varnish_exporter","profile","prometheus","varnish_exporter","role::cache::text","role","cache","text","node","default"],"exported":false,"kind":"unknown"},{"type":"Prometheus::Varnish_exporter","title":"frontend","tags":["prometheus::varnish_exporter","prometheus","varnish_exporter","frontend","class","profile::prometheus::varnish_exporter","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/prometheus/varnish_exporter.pp","line":11,"exported":false,"kind":"defined_type","parameters":{"instance":"frontend","listen_address":":9331"}},{"type":"Class","title":"Profile::Cache::Varnish::Frontend::Text","tags":["class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"exported":false,"kind":"unknown","parameters":{"esitest_ensure":"absent"}},{"type":"Class","title":"Esitest","tags":["class","esitest","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend/text.pp","line":8,"exported":false,"kind":"class","parameters":{"ensure":"absent","numa_iface":"ens3"}},{"type":"Systemd::Tmpfile","title":"esitest","tags":["systemd::tmpfile","systemd","tmpfile","esitest","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/esitest/manifests/init.pp","line":23,"exported":false,"kind":"defined_type","parameters":{"content":"d /run/esitest 0775 root haproxy","ensure":"present","owner":"root","group":"root"}},{"type":"File","title":"/etc/haproxy/esitest.cfg","tags":["file","class","esitest","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/esitest/manifests/init.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","mode":"0444","owner":"root","group":"root","content":"global\n    user haproxy\n    group haproxy\n    # we need to expose FDs to achieve hitless reload\n    stats socket /run/esitest/esitest.sock mode 600 expose-fd listeners level admin\n    # do not keep old processes longer than 5m after a reload\n    hard-stop-after 5m\n    nbthread 2\n    cpu-map 1/1- 0 1\n    maxconn 200000\n\ndefaults\n    mode http\n\n# VG: just as a note for the future [about all the http-request inline content below], if we need to add more headers or a more complex content we could leverage \"http-request return errorfile /full/path\" where /full/path is a file that contains the content of the whole HTTP response, both headers and body\n\n# This is the default responder for all unknown paths, to avoid small errors or\n# mismatches from resulting in ESI recursions:\nbackend default_output\n    http-request return status 404 hdr Cache-Control 'public, max-age=900' content-type 'text/html' string \"<html><body>\\n<p>Invalid URI for ESI testing</p>\\n</body></html>\\n\"\n\n# This is the minimal ESI includer for manual testing using this service for\n# both the includer *and* the content in two seperate requests:\nbackend esi_includer\n    http-request return status 200 hdr Cache-Control 'public, max-age=180' content-type 'text/html' string \"<html><body>\\n<p>Pre-ESI content</p>\\n<!--esi <esi:include src=\\\"/esitest-fa8a495983347898/content\\\" /> -->\\n<p>Post-ESI content</p>\\n</body></html>\\n\"\n\n# The ESI content itself is a comment, so that it doesn't impact rendering when\n# included in real outputs for users later\nbackend esi_content\n    http-request return status 200 hdr Cache-Control 'private, no-store, no-cache, max-age=0' content-type 'text/html' string \"<!-- Test comment included via ESI tag -->\\n\"\n\nfrontend esitest\n    bind 127.0.0.1:4321\n    timeout http-request 5s\n    timeout http-keep-alive 10s\n    timeout client 5s\n    default_backend default_output\n    # This will be routed (in ats-be) and enabled (in varnish) for all\n    # domainnames based on the unique prefix \"/esitest-fa8a495983347898/\" to\n    # avoid collisions with any existing path on any service we host.  The hex\n    # part is made from: \"echo -n esitest|md5sum|cut -c-16\"\n    use_backend esi_content if { path /esitest-fa8a495983347898/content }\n    use_backend esi_includer if { path /esitest-fa8a495983347898/includer }\n","require":"Systemd::Tmpfile[esitest]","notify":"Service[esitest]"}},{"type":"Systemd::Service","title":"esitest","tags":["systemd::service","systemd","service","esitest","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/esitest/manifests/init.pp","line":39,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=HAProxy special instance for ESI testing\nAfter=network.target syslog.service\nWants=syslog.service\nBefore=trafficserver.service\n\n[Service]\nEnvironment=\"CONFIG=/etc/haproxy/esitest.cfg\" \"PIDFILE=/run/esitest/haproxy.pid\"\nExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q\nExecStart=/usr/sbin/haproxy -Ws -f ${CONFIG} -p $PIDFILE\nExecReload=/usr/sbin/haproxy -f ${CONFIG} -c\nExecReload=/bin/kill -USR2 $MAINPID\nKillMode=mixed\nRestart=always\nSuccessExitStatus=143\nType=notify\nLimitNOFILE=500000\n\n[Install]\nWantedBy=multi-user.target\n","service_params":{"restart":"/bin/systemctl reload esitest.service"},"require":["Systemd::Tmpfile[esitest]","File[/etc/haproxy/esitest.cfg]"],"unit_type":"service","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"migration_task":"T407130"}},{"type":"Package","title":"libsodium-dev","tags":["package","libsodium-dev","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend/text.pp","line":15,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-nacl","tags":["package","python3-nacl","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend/text.pp","line":18,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/usr/local/sbin/varnish-dp-key-generator","tags":["file","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend/text.pp","line":20,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/profile/cache/varnish_dp_key_generator.py"}},{"type":"File","title":"/etc/varnish/dp.master.key","tags":["file","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend/text.pp","line":31,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0600","show_diff":false,"backup":false,"content":{"__ptype":"Binary","__pvalue":"X1qs9YTp0+vS32+aFpAxvDbDRfIaxkmA2xQpPjqJYvAZirk/lZyP0C/P0+EOnTOpDTbUeAER1ztHxGIxRhV7VA=="}}},{"type":"Exec","title":"/usr/local/sbin/varnish-dp-key-generator /etc/varnish/dp.master.key /etc/varnish/dp.daily.key","tags":["exec","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend/text.pp","line":42,"exported":false,"kind":"compilable_type","parameters":{"creates":"/etc/varnish/dp.daily.key","require":"Package[python3-nacl]"}},{"type":"Systemd::Timer::Job","title":"refresh-dp-key","tags":["systemd::timer::job","systemd","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/varnish/frontend/text.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Refresh DP key used by varnish daily","user":"root","command":"/usr/local/sbin/varnish-dp-key-generator /etc/varnish/dp.master.key /etc/varnish/dp.daily.key","syslog_identifier":"timer-refresh-dp-key","interval":{"start":"OnCalendar","interval":"*-*-* 00:15:00"},"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Class","title":"Profile::Trafficserver::Backend","tags":["class","profile::trafficserver::backend","profile","trafficserver","backend","role::cache::text","role","cache","text","node","default"],"exported":false,"kind":"unknown","parameters":{"outbound_tls_settings":{"cacert_dirpath":"/etc/ssl/certs","cacert_filename":"Puppet_Internal_CA.pem","common":{"cipher_suite":"-ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384","enable_tlsv1":0,"enable_tlsv1_1":0,"enable_tlsv1_2":1,"enable_tlsv1_3":0},"verify_origin":true,"verify_server_policy":"ENFORCED"},"mapping_rules":[{"params":["@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/normalize-path.lua","@pparam=\"2F\"","@pparam=\"21 24 26 27 28 29 2A 2B 2C 3A 3B 3D 40 5B 5D\"","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/x-mediawiki-original.lua"],"replacement":"http://deployment-ms-fe04.deployment-prep.eqiad1.wikimedia.cloud","target":"http://upload.wikimedia.beta.wmcloud.org","type":"map"},{"replacement":"http://deployment-webperf21.deployment-prep.eqiad1.wikimedia.cloud","target":"http://performance.wikimedia.beta.wmcloud.org","type":"map"},{"replacement":"http://deployment-eventgate-4.deployment-prep.eqiad1.wikimedia.cloud:8492","target":"http://intake-analytics.wikimedia.beta.wmflabs.org","type":"map"},{"replacement":"http://deployment-eventgate-4.deployment-prep.eqiad1.wikimedia.cloud:8492/v1/events","target":"http://(.*)/evt-103e/v2/events","type":"regex_map"},{"replacement":"http://deployment-eventgate-4.deployment-prep.eqiad1.wikimedia.cloud:8992","target":"http://intake-logging.wikimedia.beta.wmflabs.org","type":"map"},{"replacement":"http://deployment-eventstreams-2.deployment-prep.eqiad1.wikimedia.cloud:8092","target":"http://stream.wikimedia.beta.wmcloud.org","type":"map"},{"replacement":"http://deployment-eventstreams-2.deployment-prep.eqiad1.wikimedia.cloud:8092","target":"http://stream.wikimedia.beta.wmflabs.org","type":"map"},{"replacement":"https://deployment-puppetmaster04.deployment-prep.eqiad1.wikimedia.cloud","target":"http://config-master.wikimedia.beta.wmcloud.org","type":"map"},{"params":["@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/normalize-path.lua","@pparam=\"3A 40 21 24 28 29 2A 2C 3B 27\"","@pparam=\"5B 5D 26 2B 3D\"","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling-beta.lua","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling.lua","@plugin=/usr/lib/trafficserver/modules/conf_remap.so","@pparam=proxy.config.http.server_session_sharing.match=ip"],"replacement":"http://deployment-restbase05.deployment-prep.eqiad1.wikimedia.cloud:7231/api/rest_v1","target":"http://(.*)/api/rest_v1","type":"regex_map"},{"params":["@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling-beta.lua","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling.lua"],"replacement":"http://deployment-mediawiki13.deployment-prep.eqiad1.wikimedia.cloud/w/api.php","target":"http://(.*)/w/api.php","type":"regex_map"},{"params":["@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/normalize-path.lua","@pparam=\"3A 2F 40 21 24 28 29 2A 2C 3B\"","@pparam=\"5B 5D 26 27 2B 3D\"","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling-beta.lua","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling.lua"],"replacement":"http://deployment-mediawiki14.deployment-prep.eqiad1.wikimedia.cloud","target":"/","type":"map"}],"default_lua_script":"default","ram_cache_size":134217728,"log_formats":[{"name":"wmf","format":"Date:%<cqtd> Time:%<cqtt> ConnAttempts:%<sca> ConnReuse:%<sstc> TTFetchHeaders:%<{TS_MILESTONE_SERVER_READ_HEADER_DONE-TS_MILESTONE_SM_START}msdms> OriginServer:%<shn> OriginServerTime:%<stms> CacheResultCode:%<crc> CacheWriteResult:%<cwr> ReqMethod:%<cqhm> RespStatus:%<pssc> OriginStatus:%<sssc> ReqURL:%<cquuc> BereqURL:%<cqtx> ReqHeader:User-Agent:%<{User-agent}cqh> ReqHeader:Host:%<{Host}cqh> ReqHeader:X-Client-IP:%<{X-Client-IP}cqh> ReqHeader:Cookie:%<{Cookie}cqh> RespHeader:X-Cache-Int:%<{X-Cache-Int}psh> RespHeader:Backend-Timing:%<{Backend-Timing}psh>"}],"log_filters":[{"name":"notpurge","action":"reject","condition":"cqhm MATCH PURGE"},{"name":"notvarnishcheck","action":"reject","condition":"%<{User-agent}cqh> MATCH Varnish backend check"}],"logs":[{"filename":"notpurge","format":"wmf","filters":["notpurge","notvarnishcheck"],"mode":"ascii_pipe","ensure":"present"}],"trusted_ca_source":"/var/lib/puppet/ssl/certs/ca.pem","trusted_ca_path":"/etc/ssl/certs/ats_trusted_ca.pem","monitor_enable":false,"user":"trafficserver","max_lua_states":256,"http_port":3128,"enable_xdebug":false,"enable_compress":true,"origin_coalescing":true,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"storage":[{"devname":"vdb"},{"pathname":"/var/cache/trafficserver","size":"256M"}],"prometheus_exporter_port":9122,"atsmtail_backend_progs":"/etc/atsmtail-backend","atsmtail_backend_port":3904,"mtail_args":"","systemd_hardening":true,"cache_volumes":1,"single_backend":true}},{"type":"File","title":"/etc/trafficserver/lua/default.lua.conf","tags":["file","class","profile::trafficserver::backend","profile","trafficserver","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":45,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"lua_hostname = 'deployment-cache-text08'\n","notify":"Service[trafficserver]"}},{"type":"Nrpe::Plugin","title":"check_default_ats_lua_conf","tags":["nrpe::plugin","nrpe","plugin","check_default_ats_lua_conf","class","profile::trafficserver::backend","profile","trafficserver","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"content":"#!/usr/bin/lua\ndofile('/etc/trafficserver/lua/default.lua.conf')\nassert(lua_hostname)\nprint('OK')\n","require":"File[/etc/trafficserver/lua/default.lua.conf]","ensure":"present"}},{"type":"File","title":"/etc/ssl/certs/ats_trusted_ca.pem","tags":["file","class","profile::trafficserver::backend","profile","trafficserver","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","source":"/var/lib/puppet/ssl/certs/ca.pem"}},{"type":"Trafficserver::Instance","title":"backend","tags":["trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":95,"exported":false,"kind":"defined_type","parameters":{"paths":{"base_path":null,"prefix":"/usr","exec_prefix":"/usr","bindir":"/usr/bin","sbindir":"/usr/sbin","sysconfdir":"/etc/trafficserver","datadir":"/var/cache/trafficserver","includedir":"/usr/include","libdir":"/usr/lib/trafficserver","libexecdir":"/usr/lib/trafficserver/modules","localstatedir":"/run","runtimedir":"/run/trafficserver","logdir":"/var/log/trafficserver","cachedir":"/var/cache/trafficserver","records":"/etc/trafficserver/records.config","secretsdir":"/run/trafficserver-backend-secrets","stekfile":"/run/trafficserver-backend-secrets/tickets.key"},"conftool_service":"cdn","default_instance":true,"http_port":3128,"outbound_tls_settings":{"cacert_dirpath":"/etc/ssl/certs","cacert_filename":"Puppet_Internal_CA.pem","common":{"cipher_suite":"-ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384","enable_tlsv1":0,"enable_tlsv1_1":0,"enable_tlsv1_2":1,"enable_tlsv1_3":0},"verify_origin":true,"verify_server_policy":"ENFORCED"},"enable_xdebug":false,"enable_compress":true,"origin_coalescing":true,"global_lua_script":"/etc/trafficserver/lua/default.lua","max_lua_states":256,"storage":[{"devname":"vdb"},{"pathname":"/var/cache/trafficserver","size":"256M"}],"ram_cache_size":134217728,"mapping_rules":[{"params":["@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/normalize-path.lua","@pparam=\"2F\"","@pparam=\"21 24 26 27 28 29 2A 2B 2C 3A 3B 3D 40 5B 5D\"","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/x-mediawiki-original.lua"],"replacement":"http://deployment-ms-fe04.deployment-prep.eqiad1.wikimedia.cloud","target":"http://upload.wikimedia.beta.wmcloud.org","type":"map"},{"replacement":"http://deployment-webperf21.deployment-prep.eqiad1.wikimedia.cloud","target":"http://performance.wikimedia.beta.wmcloud.org","type":"map"},{"replacement":"http://deployment-eventgate-4.deployment-prep.eqiad1.wikimedia.cloud:8492","target":"http://intake-analytics.wikimedia.beta.wmflabs.org","type":"map"},{"replacement":"http://deployment-eventgate-4.deployment-prep.eqiad1.wikimedia.cloud:8492/v1/events","target":"http://(.*)/evt-103e/v2/events","type":"regex_map"},{"replacement":"http://deployment-eventgate-4.deployment-prep.eqiad1.wikimedia.cloud:8992","target":"http://intake-logging.wikimedia.beta.wmflabs.org","type":"map"},{"replacement":"http://deployment-eventstreams-2.deployment-prep.eqiad1.wikimedia.cloud:8092","target":"http://stream.wikimedia.beta.wmcloud.org","type":"map"},{"replacement":"http://deployment-eventstreams-2.deployment-prep.eqiad1.wikimedia.cloud:8092","target":"http://stream.wikimedia.beta.wmflabs.org","type":"map"},{"replacement":"https://deployment-puppetmaster04.deployment-prep.eqiad1.wikimedia.cloud","target":"http://config-master.wikimedia.beta.wmcloud.org","type":"map"},{"params":["@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/normalize-path.lua","@pparam=\"3A 40 21 24 28 29 2A 2C 3B 27\"","@pparam=\"5B 5D 26 2B 3D\"","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling-beta.lua","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling.lua","@plugin=/usr/lib/trafficserver/modules/conf_remap.so","@pparam=proxy.config.http.server_session_sharing.match=ip"],"replacement":"http://deployment-restbase05.deployment-prep.eqiad1.wikimedia.cloud:7231/api/rest_v1","target":"http://(.*)/api/rest_v1","type":"regex_map"},{"params":["@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling-beta.lua","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling.lua"],"replacement":"http://deployment-mediawiki13.deployment-prep.eqiad1.wikimedia.cloud/w/api.php","target":"http://(.*)/w/api.php","type":"regex_map"},{"params":["@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/normalize-path.lua","@pparam=\"3A 2F 40 21 24 28 29 2A 2C 3B\"","@pparam=\"5B 5D 26 27 2B 3D\"","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling-beta.lua","@plugin=/usr/lib/trafficserver/modules/tslua.so","@pparam=/etc/trafficserver/lua/rb-mw-mangling.lua"],"replacement":"http://deployment-mediawiki14.deployment-prep.eqiad1.wikimedia.cloud","target":"/","type":"map"}],"guaranteed_max_lifetime":86400,"caching_rules":[{"primary_destination":"dest_host","value":"deployment-puppetmaster04.deployment-prep.eqiad1.wikimedia.cloud","action":"never-cache"}],"log_formats":[{"name":"wmf","format":"Date:%<cqtd> Time:%<cqtt> ConnAttempts:%<sca> ConnReuse:%<sstc> TTFetchHeaders:%<{TS_MILESTONE_SERVER_READ_HEADER_DONE-TS_MILESTONE_SM_START}msdms> OriginServer:%<shn> OriginServerTime:%<stms> CacheResultCode:%<crc> CacheWriteResult:%<cwr> ReqMethod:%<cqhm> RespStatus:%<pssc> OriginStatus:%<sssc> ReqURL:%<cquuc> BereqURL:%<cqtx> ReqHeader:User-Agent:%<{User-agent}cqh> ReqHeader:Host:%<{Host}cqh> ReqHeader:X-Client-IP:%<{X-Client-IP}cqh> ReqHeader:Cookie:%<{Cookie}cqh> RespHeader:X-Cache-Int:%<{X-Cache-Int}psh> RespHeader:Backend-Timing:%<{Backend-Timing}psh>"}],"log_filters":[{"name":"notpurge","action":"reject","condition":"cqhm MATCH PURGE"},{"name":"notvarnishcheck","action":"reject","condition":"%<{User-agent}cqh> MATCH Varnish backend check"}],"logs":[{"filename":"notpurge","format":"wmf","filters":["notpurge","notvarnishcheck"],"mode":"ascii_pipe","ensure":"present"}],"error_page":"<!DOCTYPE html>\n<html lang=\"en\">\n<meta charset=\"utf-8\">\n<title>Wikimedia Error</title>\n<style>\n* { margin: 0; padding: 0; }\nbody { background: #fff; font: 15px/1.6 sans-serif; color: #333; }\n.content { margin: 7% auto 0; padding: 2em 1em 1em; max-width: 640px; display: flex; flex-direction: row; flex-wrap: wrap; }\n.footer { clear: both; margin-top: 14%; border-top: 1px solid #e5e5e5; background: #f9f9f9; padding: 2em 0; font-size: 0.8em; text-align: center; }\nimg { margin: 0 2em 2em 0; }\na img { border: 0; }\nh1 { margin-top: 1em; font-size: 1.2em; }\n.content-text { flex: 1; }\np { margin: 0.7em 0 1em 0; }\na { color: #0645ad; text-decoration: none; }\na:hover { text-decoration: underline; }\ncode { font-family: sans-serif; }\nsummary { font-weight: bold; cursor: pointer; }\ndetails[open] { background: #970302; color: #dfdedd; }\n.text-muted { color: #777; }\n@media (prefers-color-scheme: dark) {\n  a { color: #9e9eff; }\n  body { background: transparent; color: #ddd; }\n  .footer { border-top: 1px solid #444; background: #060606; }\n  #logo { filter: invert(1) hue-rotate(180deg); }\n  .text-muted { color: #888; }\n}\n</style>\n<meta name=\"color-scheme\" content=\"light dark\">\n<div class=\"content\" role=\"main\">\n<a href=\"https://www.wikimedia.org\"><img id=\"logo\" src=\"https://www.wikimedia.org/static/images/wmf-logo.png\" srcset=\"https://www.wikimedia.org/static/images/wmf-logo-2x.png 2x\" alt=\"Wikimedia\" width=\"135\" height=\"101\">\n</a>\n<div class=\"content-text\">\n<h1>Error</h1>\n<p>Our servers are currently under maintenance or experiencing a technical problem.\n\nPlease <a href=\"\" title=\"Reload this page\" onclick=\"window.location.reload(false); return false\">try again</a> in a few&nbsp;minutes.</p>\n\n<p>See the error message at the bottom of this page for more&nbsp;information.</p>\n</div>\n</div>\n<div class=\"footer\"><p>If you report this error to the Wikimedia System Administrators, please include the details below.</p><p class='text-muted'><code>Request from %<{X-Client-IP}cqh> via deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud, %<{Server}psh><br>Error: %<pssc>, %<prrp> at %<cqtd> %<cqtt> GMT</code></p></div>\n</html>\n","systemd_hardening":true,"cache_volumes":1,"disable_dns_resolution":0,"collapsed_forwarding":false,"enable_caching":true,"x_forwarded_for":0,"require":["Class[Trafficserver]"]}},{"type":"Trafficserver::Lua_script","title":"default","tags":["trafficserver::lua_script","trafficserver","lua_script","default","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":125,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/profile/trafficserver/default.lua","unit_test":"puppet:///modules/profile/trafficserver/default_test.lua","ensure":"present","service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"Trafficserver::Lua_script","title":"x-mediawiki-original","tags":["trafficserver::lua_script","trafficserver","lua_script","x-mediawiki-original","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":131,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/profile/trafficserver/x-mediawiki-original.lua","unit_test":"puppet:///modules/profile/trafficserver/x-mediawiki-original_test.lua","ensure":"present","service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"Trafficserver::Lua_script","title":"normalize-path","tags":["trafficserver::lua_script","trafficserver","lua_script","normalize-path","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":136,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/profile/trafficserver/normalize-path.lua","ensure":"present","service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"Trafficserver::Lua_script","title":"rb-mw-mangling","tags":["trafficserver::lua_script","trafficserver","lua_script","rb-mw-mangling","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":140,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/profile/trafficserver/rb-mw-mangling.lua","ensure":"present","service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"Trafficserver::Lua_script","title":"x-wikimedia-debug-routing","tags":["trafficserver::lua_script","trafficserver","lua_script","x-wikimedia-debug-routing","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":144,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/profile/trafficserver/x-wikimedia-debug-routing.lua","ensure":"present","service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"Trafficserver::Lua_script","title":"multi-dc","tags":["trafficserver::lua_script","trafficserver","lua_script","multi-dc","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":148,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/profile/trafficserver/multi-dc.lua","unit_test":"puppet:///modules/profile/trafficserver/multi-dc_test.lua","config":"puppet:///modules/profile/trafficserver/multi-dc.lua.conf","ensure":"present","service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"Trafficserver::Lua_script","title":"gateway-check","tags":["trafficserver::lua_script","trafficserver","lua_script","gateway-check","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":154,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/profile/trafficserver/gateway-check.lua","unit_test":"puppet:///modules/profile/trafficserver/gateway-check_test.lua","config":"puppet:///modules/profile/trafficserver/gateway-check.lua.conf","ensure":"present","service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"Trafficserver::Lua_script","title":"mw-next-routing","tags":["trafficserver::lua_script","trafficserver","lua_script","mw-next-routing","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":160,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/profile/trafficserver/mw-next-routing.lua","unit_test":"puppet:///modules/profile/trafficserver/mw-next-routing_test.lua","config":"puppet:///modules/profile/trafficserver/mw-next-routing.lua.conf","ensure":"present","service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"Trafficserver::Lua_script","title":"rb-mw-mangling-beta","tags":["trafficserver::lua_script","trafficserver","lua_script","rb-mw-mangling-beta","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":166,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","source":"puppet:///modules/profile/trafficserver/rb-mw-mangling-beta.lua","service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"Exec","title":"mask_default_varnish","tags":["exec","mask_default_varnish","class","profile::trafficserver::backend","profile","trafficserver","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/trafficserver/backend.pp","line":216,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl mask varnish.service","creates":"/etc/systemd/system/varnish.service"}},{"type":"Class","title":"Profile::Lvs::Realserver::Ipip","tags":["class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"exported":false,"kind":"unknown","parameters":{"enabled":false,"interfaces":["lo"],"pools":{},"clamping_enabled":true,"ipv4_mss":1400,"ipv6_mss":1400,"firewall_provider":"ferm"}},{"type":"Class","title":"Wmflib::Service::Catalog","tags":["class","wmflib::service::catalog","wmflib","service","catalog"],"exported":false,"kind":"unknown"},{"type":"Interface::Ipip","title":"ipip_ipv4","tags":["interface::ipip","interface","ipip","ipip_ipv4","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":41,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","interface":"ipip0","family":"inet","address":"127.0.0.42"}},{"type":"Interface::Ipip","title":"ipip_ipv6","tags":["interface::ipip","interface","ipip","ipip_ipv6","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":47,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","interface":"ipip60","family":"inet6"}},{"type":"Interface::Clsact","title":"clsact_lo","tags":["interface::clsact","interface","clsact","clsact_lo","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","interface":"lo"}},{"type":"Package","title":"tcp-mss-clamper","tags":["package","tcp-mss-clamper","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":77,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"Systemd::Service","title":"tcp-mss-clamper","tags":["systemd::service","systemd","service","tcp-mss-clamper","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":82,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=eBPF based TCP MSS clamper\nAfter=network.target\n\n[Install]\nWantedBy=multi-user.target\n\n[Service]\nLimitMEMLOCK=infinity\nExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1400 --ipv6-mss 1400 -p :2200 -s \"\" -i lo\nRestart=on-failure\n","monitoring_enabled":true,"monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments","restart":false,"unit_type":"service","override":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Ferm::Rule","title":"ipip","tags":["ferm::rule","ferm","rule","ipip","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":105,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","rule":"saddr 172.16.0.0/12 proto ipencap ACCEPT;","domain":"(ip)","table":"filter","chain":"INPUT","desc":"","prio":"10"}},{"type":"Ferm::Rule","title":"ip6ip6","tags":["ferm::rule","ferm","rule","ip6ip6","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":110,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","rule":"saddr 0100::/64 proto ipv6 ACCEPT;","domain":"(ip6)","table":"filter","chain":"INPUT","desc":"","prio":"10"}},{"type":"Ferm::Rule","title":"clamp-mss-ipv4","tags":["ferm::rule","ferm","rule","clamp-mss-ipv4","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":134,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","chain":"OUTPUT","rule":"outerface (lo) saddr @ipfilter(()) proto tcp sport () tcp-flags (SYN) SYN TCPMSS set-mss 1400;","domain":"(ip)","table":"filter","desc":"","prio":"10"}},{"type":"Ferm::Rule","title":"clamp-mss-ipv6","tags":["ferm::rule","ferm","rule","clamp-mss-ipv6","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":140,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","chain":"OUTPUT","rule":"outerface (lo) saddr @ipfilter(()) proto tcp sport () tcp-flags (SYN) SYN TCPMSS set-mss 1400;","domain":"(ip6)","table":"filter","desc":"","prio":"10"}},{"type":"Prometheus::Node_lvs_realserver_mss","title":"lvs_clamped_ipport","tags":["prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":148,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","clamped_ipport":[],"outfile":"/var/lib/prometheus/node.d/lvs-realserver-mss.prom"}},{"type":"Prometheus::Node_ferm_mss","title":"ferm_clamped_ipport","tags":["prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/lvs/realserver/ipip.pp","line":152,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","clamped_ipport":[],"outfile":"/var/lib/prometheus/node.d/ferm-mss.prom"}},{"type":"Class","title":"Profile::Cache::Kafka::Statsv","tags":["class","profile::cache::kafka::statsv","profile","cache","kafka","statsv","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"kafka_cluster_name":"main-deployment-prep","monitoring_enabled":false,"ssl_enabled":false}},{"type":"Varnishkafka::Instance","title":"statsv","tags":["varnishkafka::instance","varnishkafka","instance","statsv","class","profile::cache::kafka::statsv","profile","cache","kafka","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/kafka/statsv.pp","line":59,"exported":false,"kind":"defined_type","parameters":{"brokers":["deployment-kafka-main-5.deployment-prep.eqiad1.wikimedia.cloud","deployment-kafka-main-6.deployment-prep.eqiad1.wikimedia.cloud"],"format":"%{fake_tag0@hostname?deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud}x %{%FT%T@dt}t %{X-Client-IP@ip}o %{@uri_path}U %{@uri_query}q %{User-Agent@user_agent}i","format_type":"json","topic":"statsv","varnish_name":"frontend","varnish_svc_name":"varnish-frontend","varnish_opts":{"q":"ReqURL ~ \"^/beacon/statsv\\?\""},"topic_request_required_acks":"-1","ssl_enabled":false,"ensure":"present","sequence_number":0,"output":"kafka","format_key_type":"string","partition":-1,"queue_buffering_max_messages":100000,"queue_buffering_max_ms":1000,"batch_num_messages":1000,"message_send_max_retries":3,"topic_message_timeout_ms":300000,"topic_request_timeout_ms":5000,"socket_send_buffer_bytes":0,"compression_codec":"none","tag_size_max":2048,"logline_scratch_size":4096,"logline_hash_size":5000,"logline_hash_max":5,"logline_data_copy":true,"log_level":6,"log_stderr":false,"log_syslog":true,"log_statistics_file":"/var/cache/varnishkafka/statsv.stats.json","log_statistics_interval":60,"should_subscribe":true,"conf_template":"varnishkafka/varnishkafka.conf.erb","require":["Class[Varnishkafka]"]}},{"type":"Class","title":"Profile::Cache::Haproxykafka","tags":["class","profile::cache::haproxykafka","profile","cache","haproxykafka","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"ensure":"absent","kafka_cluster_name":"main-deployment-prep","workers":2,"message_buffer":1000000.0,"sdid":"haproxykafka@0","hostname":"deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","socket":{"path":"/var/run/haproxykafka/haproxykafka.sock","mode":"0622","user":"haproxykafka","group":"haproxykafka","batch_size":102400,"batch_deadline":"1000ms"},"logparser":{"batch_size":102400,"batch_deadline":"1000ms"},"kafka":{"topic":"webrequest_undefined","dlq_topic":"webrequest_errors","flush_timeout":1000,"batch_size":102400,"batch_deadline":"1000ms","rdkafka":{"acks":"all","client.id":"deployment-cache-text08","security.protocol":"SSL","ssl.ca.location":"/etc/ssl/certs/wmf-ca-certificates.crt","ssl.cipher.suites":"ECDHE-ECDSA-AES256-GCM-SHA384","ssl.curves.list":"P-256","ssl.sigalgs.list":"ECDSA+SHA256","queue.buffering.max.messages":720000,"queue.buffering.max.ms":1000,"batch.num.messages":9000,"compression.codec":"snappy","topic.request.required.acks":1}},"monitoring":{"enable_pprof":true,"enable_prometheus":true,"server_bind":":9341","prometheus_prefix":"haproxykafka_","prometheus_parsing_buckets":[5.0e-06,1.0e-05,5.0e-05,0.0001,0.0005,0.001,0.005],"prometheus_processing_buckets":[1.0e-06,5.0e-06,1.0e-05,2.0e-05,3.0e-05,5.0e-05,0.0001,0.0005,0.001]},"transform_rules":{"haproxy_format":"02/Jan/2006:15:04:05.000","date_format":"2006-01-02T15:04:05Z","date_tz":"UTC"},"haproxykafka_user":"haproxykafka"}},{"type":"File","title":"/etc/haproxykafka/ssl","tags":["file","class","profile::cache::haproxykafka","profile","cache","haproxykafka","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxykafka.pp","line":39,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","force":true,"owner":"root","group":"root"}},{"type":"Class","title":"Haproxykafka","tags":["class","haproxykafka","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/cache/haproxykafka.pp","line":76,"exported":false,"kind":"class","parameters":{"ensure":"absent","config":{"workers":2,"message_buffer":1000000.0,"sdid":"haproxykafka@0","hostname":"deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","socket":{"path":"/var/run/haproxykafka/haproxykafka.sock","mode":"0622","user":"haproxykafka","group":"haproxykafka","batch_size":102400,"batch_deadline":"1000ms"},"logparser":{"batch_size":102400,"batch_deadline":"1000ms"},"kafka":{"topic":"webrequest_undefined","dlq_topic":"webrequest_errors","flush_timeout":1000,"batch_size":102400,"batch_deadline":"1000ms","rdkafka":{"acks":"all","client.id":"deployment-cache-text08","security.protocol":"SSL","ssl.ca.location":"/etc/ssl/certs/wmf-ca-certificates.crt","ssl.cipher.suites":"ECDHE-ECDSA-AES256-GCM-SHA384","ssl.curves.list":"P-256","ssl.sigalgs.list":"ECDSA+SHA256","queue.buffering.max.messages":720000,"queue.buffering.max.ms":1000,"batch.num.messages":9000,"compression.codec":"snappy","topic.request.required.acks":1,"bootstrap.servers":"deployment-kafka-main-5.deployment-prep.eqiad1.wikimedia.cloud:9093,deployment-kafka-main-6.deployment-prep.eqiad1.wikimedia.cloud:9093"}},"monitoring":{"enable_pprof":true,"enable_prometheus":true,"server_bind":":9341","prometheus_prefix":"haproxykafka_","prometheus_parsing_buckets":[5.0e-06,1.0e-05,5.0e-05,0.0001,0.0005,0.001,0.005],"prometheus_processing_buckets":[1.0e-06,5.0e-06,1.0e-05,2.0e-05,3.0e-05,5.0e-05,0.0001,0.0005,0.001]},"transform_rules":{"haproxy_format":"02/Jan/2006:15:04:05.000","date_format":"2006-01-02T15:04:05Z","date_tz":"UTC"}},"user":"haproxykafka"}},{"type":"Package","title":"haproxykafka","tags":["package","haproxykafka","class","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxykafka/manifests/init.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","provider":"apt"}},{"type":"User","title":"haproxykafka","tags":["user","haproxykafka","class","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxykafka/manifests/init.pp","line":28,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","shell":"/bin/false","home":"/nonexistent","system":true}},{"type":"File","title":"/var/run/haproxykafka","tags":["file","class","haproxykafka","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxykafka/manifests/init.pp","line":38,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"haproxykafka","group":"haproxykafka","mode":"0755","force":true}},{"type":"File","title":"/etc/haproxykafka","tags":["file","class","haproxykafka","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxykafka/manifests/init.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","force":true,"owner":"root","group":"root"}},{"type":"File","title":"/etc/haproxykafka/config.yaml","tags":["file","class","haproxykafka","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxykafka/manifests/init.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"haproxykafka","mode":"0444","content":"---\nworkers: 2\nmessage_buffer: 1000000.0\nsdid: haproxykafka@0\nhostname: deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud\nsocket:\n  path: \"/var/run/haproxykafka/haproxykafka.sock\"\n  mode: '0622'\n  user: haproxykafka\n  group: haproxykafka\n  batch_size: 102400\n  batch_deadline: 1000ms\nlogparser:\n  batch_size: 102400\n  batch_deadline: 1000ms\nkafka:\n  topic: webrequest_undefined\n  dlq_topic: webrequest_errors\n  flush_timeout: 1000\n  batch_size: 102400\n  batch_deadline: 1000ms\n  rdkafka:\n    acks: all\n    client.id: deployment-cache-text08\n    security.protocol: SSL\n    ssl.ca.location: \"/etc/ssl/certs/wmf-ca-certificates.crt\"\n    ssl.cipher.suites: ECDHE-ECDSA-AES256-GCM-SHA384\n    ssl.curves.list: P-256\n    ssl.sigalgs.list: ECDSA+SHA256\n    queue.buffering.max.messages: 720000\n    queue.buffering.max.ms: 1000\n    batch.num.messages: 9000\n    compression.codec: snappy\n    topic.request.required.acks: 1\n    bootstrap.servers: deployment-kafka-main-5.deployment-prep.eqiad1.wikimedia.cloud:9093,deployment-kafka-main-6.deployment-prep.eqiad1.wikimedia.cloud:9093\nmonitoring:\n  enable_pprof: true\n  enable_prometheus: true\n  server_bind: \":9341\"\n  prometheus_prefix: haproxykafka_\n  prometheus_parsing_buckets:\n  - 5.0e-06\n  - 1.0e-05\n  - 5.0e-05\n  - 0.0001\n  - 0.0005\n  - 0.001\n  - 0.005\n  prometheus_processing_buckets:\n  - 1.0e-06\n  - 5.0e-06\n  - 1.0e-05\n  - 2.0e-05\n  - 3.0e-05\n  - 5.0e-05\n  - 0.0001\n  - 0.0005\n  - 0.001\ntransform_rules:\n  haproxy_format: 02/Jan/2006:15:04:05.000\n  date_format: '2006-01-02T15:04:05Z'\n  date_tz: UTC\n","require":["File[/etc/haproxykafka]","Package[haproxykafka]"],"group":"root"}},{"type":"Systemd::Service","title":"haproxykafka","tags":["systemd::service","systemd","service","haproxykafka","class","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxykafka/manifests/init.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","restart":true,"override":true,"content":"[Service]\nUser=haproxykafka\nGroup=haproxykafka\nExecStart=\nExecStart=/usr/bin/haproxykafka -c /etc/haproxykafka/config.yaml\nRestart=always\nMemoryHigh=4.5%\nMemoryMax=5%\n# Hardening\nNoNewPrivileges=true\nPrivateTmp=true\nAmbientCapabilities=CAP_CHOWN\nCapabilityBoundingSet=CAP_CHOWN\nProtectSystem=strict\nReadWritePaths=/var/run/haproxykafka\nPrivateDevices=true\nProtectKernelModules=true\nProtectKernelLogs=true\nProtectHome=true\nProtectClock=true\nRestrictNamespaces=true\nRestrictSUIDSGID=true\nLockPersonality=true\n","require":"File[/etc/haproxykafka/config.yaml]","unit_type":"service","monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Exec","title":"apt_repository_component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia","tags":["exec","apt_repository_component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::repository","apt","repository","component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::package_from_component","package_from_component","puppet","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":36,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update ","refreshonly":true}},{"type":"File","title":"/etc/apt/sources.list.d/component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia.list","tags":["file","apt::repository","apt","repository","component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::package_from_component","package_from_component","puppet","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":130,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","content":"deb http://apt.wikimedia.org/wikimedia bullseye-wikimedia component/puppet7\ndeb-src http://apt.wikimedia.org/wikimedia bullseye-wikimedia component/puppet7\n","notify":"Exec[apt_repository_component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"}},{"type":"Exec","title":"apt_pin_apt_pin_puppet","tags":["exec","apt_pin_apt_pin_puppet","apt::pin","apt","pin","apt_pin_puppet","apt::package_from_component","package_from_component","puppet","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/pin.pp","line":19,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update","refreshonly":true}},{"type":"File","title":"/etc/apt/preferences.d/apt_pin_puppet.pref","tags":["file","apt::pin","apt","pin","apt_pin_puppet","apt::package_from_component","package_from_component","puppet","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/pin.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"Package: puppet\nPin: release c=component/puppet7\nPin-Priority: 1002\n","notify":"Exec[apt_package_from_component_puppet]"}},{"type":"File","title":"/lib/systemd/system/prometheus_puppet_agent_stats.service","tags":["file","systemd::unit","systemd","unit","prometheus_puppet_agent_stats.service","systemd::timer::job","timer","job","prometheus_puppet_agent_stats","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Regular job to collect puppet agent stats\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\nAfter=puppet-agent-timer.service\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-puppet-agent-stats --outfile /var/lib/prometheus/node.d/puppet_agent.prom\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_puppet_agent_stats.service (prometheus_puppet_agent_stats.service)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_puppet_agent_stats.service (prometheus_puppet_agent_stats.service)","tags":["exec","systemd::unit","systemd","unit","prometheus_puppet_agent_stats.service","systemd::timer::job","timer","job","prometheus_puppet_agent_stats","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"prometheus_puppet_agent_stats","tags":["systemd::service","systemd","service","prometheus_puppet_agent_stats","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of prometheus_puppet_agent_stats.service\n\n[Timer]\nUnit=prometheus_puppet_agent_stats.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[prometheus_puppet_agent_stats.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/prometheus_puppet_agent_stats","tags":["file","systemd::syslog","systemd","syslog","prometheus_puppet_agent_stats","systemd::timer::job","timer","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"prometheus_puppet_agent_stats","tags":["rsyslog::conf","rsyslog","conf","prometheus_puppet_agent_stats","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_puppet_agent_stats\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_puppet_agent_stats/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/prometheus_puppet_agent_stats]","mode":"0444"}},{"type":"Logrotate::Conf","title":"prometheus_puppet_agent_stats","tags":["logrotate::conf","logrotate","conf","prometheus_puppet_agent_stats","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# logrotate(8) config for prometheus_puppet_agent_stats\n\n/var/log/prometheus_puppet_agent_stats/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/clean_puppet_client_bucket.service","tags":["file","systemd::unit","systemd","unit","clean_puppet_client_bucket.service","systemd::timer::job","timer","job","clean_puppet_client_bucket","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Delete old files from the puppet client bucket\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -atime +14 -delete\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for clean_puppet_client_bucket.service (clean_puppet_client_bucket.service)]"}},{"type":"Exec","title":"systemd daemon-reload for clean_puppet_client_bucket.service (clean_puppet_client_bucket.service)","tags":["exec","systemd::unit","systemd","unit","clean_puppet_client_bucket.service","systemd::timer::job","timer","job","clean_puppet_client_bucket","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"clean_puppet_client_bucket","tags":["systemd::service","systemd","service","clean_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of clean_puppet_client_bucket.service\n\n[Timer]\nUnit=clean_puppet_client_bucket.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=24h\nOnActiveSec=1s\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[clean_puppet_client_bucket.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/lib/systemd/system/puppet-agent-timer.service","tags":["file","systemd::unit","systemd","unit","puppet-agent-timer.service","systemd::timer::job","timer","job","puppet-agent-timer","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Run Puppet agent every 30 minutes\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=-/usr/local/sbin/puppet-run\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for puppet-agent-timer.service (puppet-agent-timer.service)]"}},{"type":"Exec","title":"systemd daemon-reload for puppet-agent-timer.service (puppet-agent-timer.service)","tags":["exec","systemd::unit","systemd","unit","puppet-agent-timer.service","systemd::timer::job","timer","job","puppet-agent-timer","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"puppet-agent-timer","tags":["systemd::service","systemd","service","puppet-agent-timer","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of puppet-agent-timer.service\n\n[Timer]\nUnit=puppet-agent-timer.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:21/30:00\nOnStartupSec=1min\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[puppet-agent-timer.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/puppet-agent-timer","tags":["file","systemd::syslog","systemd","syslog","puppet-agent-timer","systemd::timer::job","timer","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"puppet-agent-timer","tags":["rsyslog::conf","rsyslog","conf","puppet-agent-timer","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"puppet-agent-timer\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/puppet-agent-timer/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/puppet-agent-timer]","mode":"0444"}},{"type":"Logrotate::Conf","title":"puppet-agent-timer","tags":["logrotate::conf","logrotate","conf","puppet-agent-timer","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for puppet-agent-timer\n\n/var/log/puppet-agent-timer/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/etc/logrotate.d/puppet","tags":["file","logrotate::conf","logrotate","conf","puppet","logrotate::rule","rule","class","profile::puppet::agent","profile","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# This file is managed by Puppet.\n# puppet:///logrotate/logrotate.erb\n\n/var/log/puppet /var/log/puppet.log {\n    notifempty\n    daily\n    rotate 7\n    compress\n    delaycompress\n    missingok\n    sharedscripts\n    postrotate\n        /usr/lib/rsyslog/rsyslog-rotate\n    endscript\n}\n"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_systemd-timesyncd.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_systemd-timesyncd.service","systemd::timer::job","timer","job","wmf_auto_restart_systemd-timesyncd","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: systemd-timesyncd\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s systemd-timesyncd\n","unit":"wmf_auto_restart_systemd-timesyncd.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_systemd-timesyncd","tags":["systemd::timer","systemd","timer","wmf_auto_restart_systemd-timesyncd","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 3:54:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_systemd-timesyncd.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_systemd-timesyncd","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_systemd-timesyncd","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_exim4.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_exim4.service","systemd::timer::job","timer","job","wmf_auto_restart_exim4","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: exim4\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s exim4\n","unit":"wmf_auto_restart_exim4.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_exim4","tags":["systemd::timer","systemd","timer","wmf_auto_restart_exim4","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 17:52:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_exim4.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_exim4","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_exim4","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_prometheus-node-exporter.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_prometheus-node-exporter.service","systemd::timer::job","timer","job","wmf_auto_restart_prometheus-node-exporter","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: prometheus-node-exporter\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s prometheus-node-exporter\n","unit":"wmf_auto_restart_prometheus-node-exporter.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_prometheus-node-exporter","tags":["systemd::timer","systemd","timer","wmf_auto_restart_prometheus-node-exporter","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 0:16:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_prometheus-node-exporter.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_prometheus-node-exporter","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_prometheus-node-exporter","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_rsyslog.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_rsyslog.service","systemd::timer::job","timer","job","wmf_auto_restart_rsyslog","profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: rsyslog\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s rsyslog\n","unit":"wmf_auto_restart_rsyslog.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_rsyslog","tags":["systemd::timer","systemd","timer","wmf_auto_restart_rsyslog","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 8:17:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_rsyslog.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_rsyslog","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_rsyslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/etc/rsyslog.d/10-exporter-base.conf","tags":["file","rsyslog::conf","rsyslog","conf","exporter-base","prometheus::rsyslog_exporter","prometheus","rsyslog_exporter","base","class","profile::prometheus::rsyslog_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"module(\n  load=\"impstats\"\n  interval=\"10\"\n  format=\"json\"\n  resetCounters=\"off\"\n  ruleset=\"process_stats\"\n)\n\nmodule(\n  load=\"omprog\"\n)\n\nruleset(name=\"process_stats\") {\n  action(\n    type=\"omprog\"\n    name=\"to_exporter\"\n    # forceSingleInstance has been fixed in rsyslog 8.38\n    # https://github.com/rsyslog/rsyslog/commit/a978072b864324a3a6678660983779b3d2410a1b\n    forceSingleInstance=\"on\"\n    binary=\"/usr/bin/prometheus-rsyslog-exporter -silent -web.listen-address 172.16.3.164:9105\"\n  )\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/rsyslog.d/10-exporter.conf","tags":["file","rsyslog::conf","rsyslog","conf","exporter","prometheus::rsyslog_exporter","prometheus","rsyslog_exporter","base","class","profile::prometheus::rsyslog_exporter","profile","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/systemd/system/cadvisor.service.d/puppet-override.conf","tags":["file","systemd::unit","systemd","unit","cadvisor","systemd::service","service","class","prometheus::cadvisor","prometheus","profile::prometheus::cadvisor","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# Disable Docker to stop collecting extra labels/info T337856\n[Service]\nExecStart=\nExecStart=/usr/bin/cadvisor --listen_ip=172.16.3.164 --port=4194 --enable_metrics=app,cpu,disk,diskIO,memory,network,oom_event,perf_event --docker=/dev/null\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for cadvisor.service (cadvisor)]"}},{"type":"Exec","title":"systemd daemon-reload for cadvisor.service (cadvisor)","tags":["exec","systemd::unit","systemd","unit","cadvisor","systemd::service","service","class","prometheus::cadvisor","prometheus","profile::prometheus::cadvisor","profile","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Class","title":"Sysctl","tags":["class","sysctl","sysctl::conffile","conffile","sysctl::parameters","parameters","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"exported":false,"kind":"unknown"},{"type":"File","title":"/etc/sysctl.d","tags":["file","class","sysctl","sysctl::conffile","conffile","sysctl::parameters","parameters","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/init.pp","line":9,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0644","recurse":true,"purge":true,"force":true,"source":"puppet:///modules/sysctl/sysctl.d-empty"}},{"type":"Exec","title":"update_sysctl","tags":["exec","update_sysctl","class","sysctl","sysctl::conffile","conffile","sysctl::parameters","parameters","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/init.pp","line":20,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl restart systemd-sysctl.service","refreshonly":true}},{"type":"File","title":"/etc/sysctl.d/51-ubuntu-defaults.conf","tags":["file","sysctl::conffile","sysctl","conffile","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/conffile.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nfs.protected_hardlinks = 1\nfs.protected_symlinks = 1\nkernel.kptr_restrict = 1\nkernel.printk = 4 4 1 7\nkernel.yama.ptrace_scope = 1\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\nnet.ipv4.tcp_syncookies = 1\nvm.mmap_min_addr = 65536\n","notify":"Exec[update_sysctl]","owner":"root","group":"root"}},{"type":"File","title":"/etc/sysctl.d/60-wikimedia-base.conf","tags":["file","sysctl::conffile","sysctl","conffile","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/conffile.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nnet.core.netdev_max_backlog = 2500\nnet.core.rmem_max = 16777216\nnet.core.somaxconn = 1024\nnet.core.wmem_max = 16777216\nnet.ipv4.tcp_challenge_ack_limit = 987654321\nnet.ipv4.tcp_keepalive_intvl = 1\nnet.ipv4.tcp_keepalive_probes = 2\nnet.ipv4.tcp_keepalive_time = 300\nnet.ipv4.tcp_max_syn_backlog = 4096\nnet.ipv4.tcp_no_metrics_save = 1\nnet.ipv4.tcp_rmem = 4096 87380 16777216\nnet.ipv4.tcp_wmem = 4096 65536 16777216\nnet.ipv6.route.max_size = 131072\nvm.swappiness = 0\n","notify":"Exec[update_sysctl]","owner":"root","group":"root"}},{"type":"File","title":"/etc/sysctl.d/70-disable_unprivileged_bpf.conf","tags":["file","sysctl::conffile","sysctl","conffile","disable_unprivileged_bpf","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/conffile.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nkernel.unprivileged_bpf_disabled = 1\n","notify":"Exec[update_sysctl]","owner":"root","group":"root"}},{"type":"File","title":"/etc/sysctl.d/70-unprivileged_userns_clone.conf","tags":["file","sysctl::conffile","sysctl","conffile","unprivileged_userns_clone","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/conffile.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nkernel.unprivileged_userns_clone = 0\n","notify":"Exec[update_sysctl]","owner":"root","group":"root"}},{"type":"File","title":"/etc/sysctl.d/70-fastopen.conf","tags":["file","sysctl::conffile","sysctl","conffile","fastopen","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/conffile.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nnet.ipv4.tcp_fastopen_blackhole_timeout_sec = 3600\n","notify":"Exec[update_sysctl]","owner":"root","group":"root"}},{"type":"File","title":"/etc/sysctl.d/70-tcp_min_snd_mss.conf","tags":["file","sysctl::conffile","sysctl","conffile","tcp_min_snd_mss","sysctl::parameters","parameters","class","base::sysctl","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/conffile.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nnet.ipv4.route.min_pmtu = 576\nnet.ipv4.tcp_min_snd_mss = 536\nnet.ipv4.tcp_sack = 1\n","notify":"Exec[update_sysctl]","owner":"root","group":"root"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_lldpd.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_lldpd.service","systemd::timer::job","timer","job","wmf_auto_restart_lldpd","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: lldpd\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s lldpd\n","unit":"wmf_auto_restart_lldpd.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_lldpd","tags":["systemd::timer","systemd","timer","wmf_auto_restart_lldpd","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 11:36:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_lldpd.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_lldpd","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_lldpd","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_systemd-journald.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_systemd-journald.service","systemd::timer::job","timer","job","wmf_auto_restart_systemd-journald","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: systemd-journald\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s systemd-journald\n","unit":"wmf_auto_restart_systemd-journald.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_systemd-journald","tags":["systemd::timer","systemd","timer","wmf_auto_restart_systemd-journald","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 5:4:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_systemd-journald.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_systemd-journald","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_systemd-journald","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/etc/sysctl.d/70-core_dumps.conf","tags":["file","sysctl::conffile","sysctl","conffile","core_dumps","sysctl::parameters","parameters","class","base::sysctl::core_dumps","base","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/conffile.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nkernel.core_pattern = /data/project/cores/deployment-cache-text08-core.%h.%e.%p.%t\n","notify":"Exec[update_sysctl]","owner":"root","group":"root"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_ssh.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_ssh.service","systemd::timer::job","timer","job","wmf_auto_restart_ssh","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: ssh\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s ssh\n","unit":"wmf_auto_restart_ssh.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_ssh","tags":["systemd::timer","systemd","timer","wmf_auto_restart_ssh","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 20:19:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_ssh.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_ssh","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_ssh","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/lib/systemd/system/kernel-purge.service","tags":["file","systemd::unit","systemd","unit","kernel-purge.service","systemd::timer::job","timer","job","kernel-purge","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Purge unused kernels\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/kernel-purge -p\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for kernel-purge.service (kernel-purge.service)]"}},{"type":"Exec","title":"systemd daemon-reload for kernel-purge.service (kernel-purge.service)","tags":["exec","systemd::unit","systemd","unit","kernel-purge.service","systemd::timer::job","timer","job","kernel-purge","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"kernel-purge","tags":["systemd::service","systemd","service","kernel-purge","systemd::timer","timer","systemd::timer::job","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of kernel-purge.service\n\n[Timer]\nUnit=kernel-purge.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=monthly\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[kernel-purge.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/kernel-purge","tags":["file","systemd::syslog","systemd","syslog","kernel-purge","systemd::timer::job","timer","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"kernel-purge","tags":["rsyslog::conf","rsyslog","conf","kernel-purge","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"kernel-purge\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/kernel-purge/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/kernel-purge]","mode":"0444"}},{"type":"Logrotate::Conf","title":"kernel-purge","tags":["logrotate::conf","logrotate","conf","kernel-purge","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for kernel-purge\n\n/var/log/kernel-purge/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/prometheus-debian-version-textfile.service","tags":["file","systemd::unit","systemd","unit","prometheus-debian-version-textfile.service","systemd::timer::job","timer","job","prometheus-debian-version-textfile","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Update Debian version stat exported by node_exporter\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-debian-version /var/lib/prometheus/node.d/debian_version.prom\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus-debian-version-textfile.service (prometheus-debian-version-textfile.service)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus-debian-version-textfile.service (prometheus-debian-version-textfile.service)","tags":["exec","systemd::unit","systemd","unit","prometheus-debian-version-textfile.service","systemd::timer::job","timer","job","prometheus-debian-version-textfile","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"prometheus-debian-version-textfile","tags":["systemd::service","systemd","service","prometheus-debian-version-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of prometheus-debian-version-textfile.service\n\n[Timer]\nUnit=prometheus-debian-version-textfile.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=300s\nOnActiveSec=1s\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[prometheus-debian-version-textfile.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/lib/systemd/system/prometheus-dpkg-success-textfile.service","tags":["file","systemd::unit","systemd","unit","prometheus-dpkg-success-textfile.service","systemd::timer::job","timer","job","prometheus-dpkg-success-textfile","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Update dpkg status exported by node_exporter\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=prometheus\nExecStart=/usr/local/bin/prometheus-dpkg-success /var/lib/prometheus/node.d/dpkg.prom\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus-dpkg-success-textfile.service (prometheus-dpkg-success-textfile.service)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus-dpkg-success-textfile.service (prometheus-dpkg-success-textfile.service)","tags":["exec","systemd::unit","systemd","unit","prometheus-dpkg-success-textfile.service","systemd::timer::job","timer","job","prometheus-dpkg-success-textfile","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"prometheus-dpkg-success-textfile","tags":["systemd::service","systemd","service","prometheus-dpkg-success-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of prometheus-dpkg-success-textfile.service\n\n[Timer]\nUnit=prometheus-dpkg-success-textfile.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:00/30:00\nRandomizedDelaySec=1800\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[prometheus-dpkg-success-textfile.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/lib/systemd/system/send_puppet_failure_emails.service","tags":["file","systemd::unit","systemd","unit","send_puppet_failure_emails.service","systemd::timer::job","timer","job","send_puppet_failure_emails","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Send emails about Puppet failures\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/puppet_alert.py\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for send_puppet_failure_emails.service (send_puppet_failure_emails.service)]"}},{"type":"Exec","title":"systemd daemon-reload for send_puppet_failure_emails.service (send_puppet_failure_emails.service)","tags":["exec","systemd::unit","systemd","unit","send_puppet_failure_emails.service","systemd::timer::job","timer","job","send_puppet_failure_emails","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"send_puppet_failure_emails","tags":["systemd::service","systemd","service","send_puppet_failure_emails","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of send_puppet_failure_emails.service\n\n[Timer]\nUnit=send_puppet_failure_emails.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* 08:15:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[send_puppet_failure_emails.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/lib/systemd/system/cleanup_puppet_client_bucket.service","tags":["file","systemd::unit","systemd","unit","cleanup_puppet_client_bucket.service","systemd::timer::job","timer","job","cleanup_puppet_client_bucket","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Delete old files from the puppet client bucket\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/bin/find /var/lib/puppet/clientbucket/ -type f -mtime +14 -atime +14 -delete\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for cleanup_puppet_client_bucket.service (cleanup_puppet_client_bucket.service)]"}},{"type":"Exec","title":"systemd daemon-reload for cleanup_puppet_client_bucket.service (cleanup_puppet_client_bucket.service)","tags":["exec","systemd::unit","systemd","unit","cleanup_puppet_client_bucket.service","systemd::timer::job","timer","job","cleanup_puppet_client_bucket","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"cleanup_puppet_client_bucket","tags":["systemd::service","systemd","service","cleanup_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of cleanup_puppet_client_bucket.service\n\n[Timer]\nUnit=cleanup_puppet_client_bucket.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=24h\nOnActiveSec=1s\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[cleanup_puppet_client_bucket.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Concat_fragment","title":"/etc/openstack/clouds.yaml_novaobserver","tags":["_etc_openstack_clouds.yaml","concat_fragment","concat::fragment","concat","fragment","openstack::util::envscript","openstack","util","envscript","novaobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/openstack/clouds.yaml","tag":"_etc_openstack_clouds.yaml","order":"10","content":"# SPDX-License-Identifier: Apache-2.0\n  novaobserver:\n    auth:\n      auth_url: https://openstack.eqiad1.wikimediacloud.org:25000/v3\n      username: novaobserver\n      password: Fs6Dq2RtG8KwmM2Z\n      project_id: observer\n      user_domain_id: default\n      project_domain_id: default\n    region_name: eqiad1-r\n    identity_api_version: 3\n"}},{"type":"Concat_fragment","title":"/root/.config/openstack/clouds.yaml_novaobserver","tags":["_root_.config_openstack_clouds.yaml","concat_fragment","concat::fragment","concat","fragment","openstack::util::envscript","openstack","util","envscript","novaobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/root/.config/openstack/clouds.yaml","tag":"_root_.config_openstack_clouds.yaml","order":"10","content":"# SPDX-License-Identifier: Apache-2.0\n  novaobserver:\n    auth:\n      auth_url: https://openstack.eqiad1.wikimediacloud.org:25000/v3\n      username: novaobserver\n      password: Fs6Dq2RtG8KwmM2Z\n      project_id: observer\n      user_domain_id: default\n      project_domain_id: default\n    region_name: eqiad1-r\n    identity_api_version: 3\n"}},{"type":"Concat_fragment","title":"/etc/openstack/clouds.yaml_ossystemobserver","tags":["_etc_openstack_clouds.yaml","concat_fragment","concat::fragment","concat","fragment","openstack::util::envscript","openstack","util","envscript","ossystemobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/openstack/clouds.yaml","tag":"_etc_openstack_clouds.yaml","order":"10","content":"# SPDX-License-Identifier: Apache-2.0\n  ossystemobserver:\n    auth:\n      auth_url: https://openstack.eqiad1.wikimediacloud.org:25000/v3\n      username: novaobserver\n      password: Fs6Dq2RtG8KwmM2Z\n      user_domain_id: default\n      project_domain_id: default\n      system_scope: all\n    region_name: eqiad1-r\n    identity_api_version: 3\n"}},{"type":"Concat_fragment","title":"/root/.config/openstack/clouds.yaml_ossystemobserver","tags":["_root_.config_openstack_clouds.yaml","concat_fragment","concat::fragment","concat","fragment","openstack::util::envscript","openstack","util","envscript","ossystemobserver","class","profile::openstack::base::observerenv","profile","base","observerenv","profile::openstack::eqiad1::observerenv","eqiad1","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/root/.config/openstack/clouds.yaml","tag":"_root_.config_openstack_clouds.yaml","order":"10","content":"# SPDX-License-Identifier: Apache-2.0\n  ossystemobserver:\n    auth:\n      auth_url: https://openstack.eqiad1.wikimediacloud.org:25000/v3\n      username: novaobserver\n      password: Fs6Dq2RtG8KwmM2Z\n      user_domain_id: default\n      project_domain_id: default\n      system_scope: all\n    region_name: eqiad1-r\n    identity_api_version: 3\n"}},{"type":"Concat_file","title":"/etc/security/access.conf","tags":["_etc_security_access.conf","concat_file","concat","class","security::access","security","access","security::access::config","config","labs-local","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/init.pp","line":122,"exported":false,"kind":"compilable_type","parameters":{"tag":"_etc_security_access.conf","owner":"root","group":"root","mode":"0444","replace":true,"backup":"puppet","show_diff":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Class","title":"Security::Pam","tags":["class","security::pam","security","pam","security::pam::config","config","local-pam-access","security::access","access","security::access::config","labs-local","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"exported":false,"kind":"unknown"},{"type":"Exec","title":"pam-auth-update","tags":["exec","pam-auth-update","class","security::pam","security","pam","security::pam::config","config","local-pam-access","security::access","access","security::access::config","labs-local","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/security/manifests/pam.pp","line":9,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/sbin/pam-auth-update --package","refreshonly":true}},{"type":"File","title":"/usr/share/pam-configs/local-pam-access","tags":["file","security::pam::config","security","pam","config","local-pam-access","class","security::access","access","security::access::config","labs-local","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/security/manifests/pam/config.pp","line":37,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/security/local-pam-access","owner":"root","group":"root","mode":"0444","notify":"Exec[pam-auth-update]"}},{"type":"Concat_fragment","title":"security-access-labs-local","tags":["_etc_security_access.conf","concat_fragment","security-access-labs-local","concat::fragment","concat","fragment","security::access::config","security","access","config","labs-local","class","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/security/access.conf","tag":"_etc_security_access.conf","order":0,"content":"+:ALL:LOCAL\n"}},{"type":"Concat_fragment","title":"security-access-labs-restrict-to-project","tags":["_etc_security_access.conf","concat_fragment","security-access-labs-restrict-to-project","concat::fragment","concat","fragment","security::access::config","security","access","config","labs-restrict-to-project","class","profile::ldap::client::labs","profile","ldap","client","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/security/access.conf","tag":"_etc_security_access.conf","order":99,"content":"-:ALL EXCEPT (project-deployment-prep) root:ALL\n"}},{"type":"File","title":"/etc/systemd/system/sssd-nss.service.d","tags":["file","systemd::unit","systemd","unit","sssd-nss.service-sssd-nss-auto-restart","systemd::override","override","sssd-nss-auto-restart","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":61,"kind":"compilable_type","exported":false,"parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/etc/systemd/system/sssd-nss.service.d/sssd-nss-auto-restart.conf","tags":["file","systemd::unit","systemd","unit","sssd-nss.service-sssd-nss-auto-restart","systemd::override","override","sssd-nss-auto-restart","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/ldap/client/sssd/sssd-nss-auto-restart.override.service","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for sssd-nss.service (sssd-nss.service-sssd-nss-auto-restart)]"}},{"type":"Exec","title":"systemd daemon-reload for sssd-nss.service (sssd-nss.service-sssd-nss-auto-restart)","tags":["exec","systemd::unit","systemd","unit","sssd-nss.service-sssd-nss-auto-restart","systemd::override","override","sssd-nss-auto-restart","class","ldap::client::sssd","ldap","client","sssd","profile::ldap::client::labs","profile","labs","profile::wmcs::instance","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/prometheus_ssh_open_sessions.service","tags":["file","systemd::unit","systemd","unit","prometheus_ssh_open_sessions.service","systemd::timer::job","timer","job","prometheus_ssh_open_sessions","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Regular job to collect active shell session information\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-ssh_open_sessions /var/lib/prometheus/node.d/ssh_open_sessions.prom\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_ssh_open_sessions.service (prometheus_ssh_open_sessions.service)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_ssh_open_sessions.service (prometheus_ssh_open_sessions.service)","tags":["exec","systemd::unit","systemd","unit","prometheus_ssh_open_sessions.service","systemd::timer::job","timer","job","prometheus_ssh_open_sessions","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"prometheus_ssh_open_sessions","tags":["systemd::service","systemd","service","prometheus_ssh_open_sessions","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of prometheus_ssh_open_sessions.service\n\n[Timer]\nUnit=prometheus_ssh_open_sessions.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* *:0/5:0\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[prometheus_ssh_open_sessions.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/prometheus_ssh_open_sessions","tags":["file","systemd::syslog","systemd","syslog","prometheus_ssh_open_sessions","systemd::timer::job","timer","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"prometheus_ssh_open_sessions","tags":["rsyslog::conf","rsyslog","conf","prometheus_ssh_open_sessions","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_ssh_open_sessions\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_ssh_open_sessions/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/prometheus_ssh_open_sessions]","mode":"0444"}},{"type":"Logrotate::Conf","title":"prometheus_ssh_open_sessions","tags":["logrotate::conf","logrotate","conf","prometheus_ssh_open_sessions","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for prometheus_ssh_open_sessions\n\n/var/log/prometheus_ssh_open_sessions/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/etc/update-motd.d/01-beta-warning-and-terms","tags":["file","motd::script","motd","script","beta_warning_and_terms","class","profile::beta::motd","profile","beta","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/motd/manifests/script.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/profile/beta/beta_warning_and_terms.motd","mode":"0555","owner":"root","group":"root"}},{"type":"Concat_file","title":"/etc/cfssl/mutual_tls_client_cert.pem","tags":["_etc_cfssl_mutual_tls_client_cert.pem","concat_file","concat","class","profile::pki::client","profile","pki","client","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/init.pp","line":122,"exported":false,"kind":"compilable_type","parameters":{"tag":"_etc_cfssl_mutual_tls_client_cert.pem","mode":"0644","replace":true,"backup":"puppet","show_diff":true,"order":"alpha","ensure_newline":false,"format":"plain","force":false}},{"type":"Concat_fragment","title":"mtls_client_cert_leaf","tags":["_etc_cfssl_mutual_tls_client_cert.pem","concat_fragment","mtls_client_cert_leaf","concat::fragment","concat","fragment","class","profile::pki::client","profile","pki","client","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/cfssl/mutual_tls_client_cert.pem","tag":"_etc_cfssl_mutual_tls_client_cert.pem","order":"01","source":"/var/lib/puppet/ssl/certs/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem"}},{"type":"Concat_fragment","title":"mtls_client_cert_chain","tags":["_etc_cfssl_mutual_tls_client_cert.pem","concat_fragment","mtls_client_cert_chain","concat::fragment","concat","fragment","class","profile::pki::client","profile","pki","client","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/cfssl/mutual_tls_client_cert.pem","tag":"_etc_cfssl_mutual_tls_client_cert.pem","order":"02","source":"/var/lib/puppet/ssl/certs/ca.pem"}},{"type":"File","title":"/etc/cfssl/client-cfssl.conf","tags":["file","cfssl::config","cfssl","config","client-cfssl","class","cfssl::client","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/config.pp","line":77,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0440","show_diff":false,"content":"{\n  \"auth_keys\": {\n    \"default_auth\": {\n      \"type\": \"standard\",\n      \"key\": \"aaaabbbbccccdddd\"\n    }\n  },\n  \"signing\": {\n    \"default\": {\n      \"auth_key\": \"default_auth\",\n      \"auth_remote\": {\n        \"remote\": \"default_remote\",\n        \"auth_key\": \"default_auth\"\n      }\n    }\n  },\n  \"remotes\": {\n    \"default_remote\": \"https://pki-intermediate.pki.eqiad1.wikimedia.cloud:443\"\n  }\n}\n"},"sensitive_parameters":["content"]},{"type":"Service","title":"cfssl-serve@proxy-client","tags":["service","systemd::service","systemd","class","cfssl::client","cfssl","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"before":["Exec[systemd daemon-reload for cfssl-serve@proxy-client.service (cfssl-serve@proxy-client)]"]}},{"type":"Systemd::Unit","title":"cfssl-serve@proxy-client","tags":["systemd::unit","systemd","unit","systemd::service","service","class","cfssl::client","cfssl","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Cloudflare SSL (cfssl::client)\nAfter=network.target remote-fs.target nss-lookup.target\nDocumentation=https://github.com/cloudflare/cfssl/tree/master/doc\n\n[Service]\nExecStart=/usr/bin/cfssl serve \\\n          -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem \\\n          -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem \\\n          -config /etc/cfssl/client-cfssl.conf \\\n          -address 127.0.0.1 \\\n          -port 8888\nRestart=always\nRestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":true,"unit":"cfssl-serve@proxy-client","require":["Class[Systemd]"]}},{"type":"Concat_fragment","title":"/etc/rsyslog.d/00-global.conf-maxMessageSize","tags":["_etc_rsyslog.d_00-global.conf","concat_fragment","concat::fragment","concat","fragment","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/vendor_modules/concat/manifests/fragment.pp","line":50,"exported":false,"kind":"compilable_type","parameters":{"target":"/etc/rsyslog.d/00-global.conf","tag":"_etc_rsyslog.d_00-global.conf","order":"maxMessageSize","content":"  maxMessageSize=\"64k\"\n"}},{"type":"File","title":"/etc/rsyslog.d/10-lookup-output.conf","tags":["file","rsyslog::conf","rsyslog","conf","lookup_output","class","profile::rsyslog::kafka_shipper","profile","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"\n# define lookup table for log outputs\nlookup_table(name=\"output_lookup\" file=\"/etc/rsyslog.lookup.d/lookup_table_output.json\" reloadOnHUP=\"on\")\n\n# perform lookup of programname against table \"output_lookup\"\n# this is used later to determine which output actions to apply\nset $.log_outputs = lookup(\"output_lookup\", $programname);\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/rsyslog.d/10-template-syslog-json.conf","tags":["file","rsyslog::conf","rsyslog","conf","template_syslog_json","class","profile::rsyslog::kafka_shipper","profile","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/profile/rsyslog/template_syslog_json.conf","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/rsyslog.d/30-output-kafka.conf","tags":["file","rsyslog::conf","rsyslog","conf","output_kafka","class","profile::rsyslog::kafka_shipper","profile","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# this is the kafka output config, so load the kafka output module\nmodule(load=\"omkafka\")\n\n# load mmrm1stspace to remove leading space from msg field in output\n# (leading space breaks existing grok/regex message filters)\nmodule(load=\"mmrm1stspace\")\n\n# load mmutf8fix to convert non-utf8 charsets to utf8\nmodule(load=\"mmutf8fix\")\n\n# parse json messages when @cee cookie is found\nmodule(load=\"mmjsonparse\")\n\n# define a template to be used by omkafka dynatopic\ntemplate(name=\"kafka_topic\" type=\"string\" string=\"rsyslog-%syslogseverity-text%\")\n\n# Event Platform support (T291645): messages that carry a 'meta.stream' field are\n# Event Platform events (e.g. ECS formatted logs). Produce them to the\n# '<datacenter>.<meta.stream>' topic so they can be ingested into the Data Lake.\n# The datacenter prefix is supplied by puppet; the stream suffix is read from the\n# parsed json message via the '%!meta!stream%' property.\ntemplate(name=\"event_platform_topic\" type=\"string\" string=\"eqiad.%!meta!stream%\")\n\n# Emit the parsed json message verbatim (with $schema, meta and dt intact) so the\n# event remains valid for Event Platform / Data Lake ingestion.\ntemplate(name=\"event_platform_json\" type=\"list\") {\n  property(name=\"$!all-json\")\n}\n\n# send to kafka if lookup table contains \"kafka\" for relevant programname\n# $.log_outputs defined by lookup table in lookup_output.conf\nif ( $.log_outputs contains \"kafka\" ) then {\n\n    # remove leading white space from msg field\n    action(type=\"mmrm1stspace\")\n\n    # attempt to convert log charset to utf8\n    action(type=\"mmutf8fix\")\n\n    # try parsing the message as json if @cee cookie is found\n    action(type=\"mmjsonparse\" name=\"mmjsonparse_kafka\")\n\n    # if parsing of @cee cookie fails, try parsing raw message as json\n    if $parsesuccess != \"OK\" then {\n        action(type=\"mmjsonparse\" name=\"mmjsonparse_kafka_raw\" cookie=\"\" useRawMsg=\"on\")\n    }\n\n    # if parsing of @cee cookie AND raw message fails, try parsing \"msg\" field as json\n    # https://www.rsyslog.com/doc/v8-stable/configuration/modules/mmjsonparse.html\n    if $parsesuccess != \"OK\" then {\n        action(type=\"mmjsonparse\" name=\"mmjsonparse_kafka_msg\" cookie=\"\")\n    }\n\n    # the message is json, use a different template (syslog_cee vs syslog_json)\n    # unfortunately rsyslog doesn't allow variables to be used as template\n    # names, so the kafka action is duplicated here.\n    if $parsesuccess == \"OK\" then {\n        # Event Platform events carry a 'meta.stream' field. Produce these only to\n        # the '<datacenter>.<meta.stream>' topic (T291645). Logstash consumes this\n        # topic via an explicit kafka input rather than the 'rsyslog-*' pattern.\n        # We also need to unset the $!msg field here, which is left over from the\n        # failed mmjsonparse_kafka_raw parsing attempt.\n        if ($!meta!stream != \"\") then {\n            unset $!msg;\n            action(type=\"omkafka\"\n                   name=\"omkafka_event_platform\"\n                   broker=[\"deployment-kafka-logging01.deployment-prep.eqiad1.wikimedia.cloud:9093\"]\n                   topic=\"event_platform_topic\"\n                   dynatopic=\"on\"\n                   dynatopic.cachesize=\"1000\"\n                   partitions.auto=\"on\"\n                   template=\"event_platform_json\"\n                   confParam=[ \"security.protocol=ssl\",\n                               \"ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt\",\n                               \"compression.codec=snappy\",\n                               \"socket.timeout.ms=10000\",\n                               \"socket.keepalive.enable=true\",\n                               \"queue.buffering.max.ms=50\",\n                               \"batch.num.messages=1000\" ]\n            )\n        } else {\n        action(type=\"omkafka\"\n               name=\"omkafka_syslog_cee\"\n               broker=[\"deployment-kafka-logging01.deployment-prep.eqiad1.wikimedia.cloud:9093\"]\n               topic=\"kafka_topic\"\n               dynatopic=\"on\"\n               dynatopic.cachesize=\"1000\"\n               partitions.auto=\"on\"\n               template=\"syslog_cee\"\n               confParam=[ \"security.protocol=ssl\",\n                           \"ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt\",\n                           \"compression.codec=snappy\",\n                           \"socket.timeout.ms=10000\",\n                           \"socket.keepalive.enable=true\",\n                           \"queue.buffering.max.ms=50\",\n                           \"batch.num.messages=1000\" ]\n        )\n        }\n    } else {\n        # if ecs_170 in log_outputs, use that template to format\n        # non-json-formatted syslog events into an ecs-compatible form\n        if ( $.log_outputs contains \"ecs_170\" ) then {\n            action(type=\"omkafka\"\n                   name=\"omkafka_ecs_170\"\n                   broker=[\"deployment-kafka-logging01.deployment-prep.eqiad1.wikimedia.cloud:9093\"]\n                   topic=\"kafka_topic\"\n                   dynatopic=\"on\"\n                   dynatopic.cachesize=\"1000\"\n                   partitions.auto=\"on\"\n                   template=\"ecs_170\"\n                   confParam=[ \"security.protocol=ssl\",\n                               \"ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt\",\n                               \"compression.codec=snappy\",\n                               \"socket.timeout.ms=10000\",\n                               \"socket.keepalive.enable=true\",\n                               \"queue.buffering.max.ms=50\",\n                               \"batch.num.messages=1000\" ]\n            )\n        } else {\n            # fall back to legacy json format\n            action(type=\"omkafka\"\n                   name=\"omkafka_syslog_json\"\n                   broker=[\"deployment-kafka-logging01.deployment-prep.eqiad1.wikimedia.cloud:9093\"]\n                   topic=\"kafka_topic\"\n                   dynatopic=\"on\"\n                   dynatopic.cachesize=\"1000\"\n                   partitions.auto=\"on\"\n                   template=\"syslog_json\"\n                   confParam=[ \"security.protocol=ssl\",\n                               \"ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt\",\n                               \"compression.codec=snappy\",\n                               \"socket.timeout.ms=10000\",\n                               \"socket.keepalive.enable=true\",\n                               \"queue.buffering.max.ms=50\",\n                               \"batch.num.messages=1000\" ]\n            )\n        }\n    }\n\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/rsyslog.d/95-output-local.conf","tags":["file","rsyslog::conf","rsyslog","conf","output_local","class","profile::rsyslog::kafka_shipper","profile","kafka_shipper","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# Use lookup table to determine if log continues on to local outputs (defined\n# in rsyslog.conf). If there is no entry in the lookup table for $programname,\n# the default value defined by \"nomatch\" is \"local\".\n# See https://www.rsyslog.com/doc/master/configuration/lookup_tables.html#lookup-table-file-format\n#\n# Note that the lookup is done at priority 10 by 10-lookup-output.conf, so\n# setting $.log_outputs in a configuration with higher priority overrides the\n# lookup.\nif ( not ($.log_outputs contains \"local\") ) then {\n    stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"Apt::Repository","title":"component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia","tags":["apt::repository","apt","repository","component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::package_from_component","package_from_component","lshw-backport","class","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":75,"kind":"defined_type","exported":false,"parameters":{"uri":"http://apt.wikimedia.org/wikimedia","dist":"bullseye-wikimedia","components":"component/lshw","ensure":"present","bin":true,"source":true,"trust_repo":false,"allow_releaseinfo_change":false}},{"type":"Exec","title":"apt_package_from_component_lshw-backport","tags":["exec","apt_package_from_component_lshw-backport","apt::package_from_component","apt","package_from_component","lshw-backport","class","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":98,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update","refreshonly":true,"before":["Package[lshw]"],"subscribe":"Apt::Repository[component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"}},{"type":"File","title":"/etc/etcd/etcdrc","tags":["file","etcd::client::config","etcd","client","config","class","etcd::client::globalconfig","globalconfig","profile::conftool::client","profile","conftool","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/etcd/manifests/client/config.pp","line":18,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","show_diff":true,"content":"allow_reconnect: true\nca_cert: /etc/ssl/certs/wmf-ca-certificates.crt\nhost: deployment-etcd05.deployment-prep.eqiad1.wikimedia.cloud\nport: 2379\nprotocol: https\nsrv_domain: conftool.svc.deployment-prep.eqiad1.wikimedia.cloud\n\n"}},{"type":"File","title":"/root/.etcdrc","tags":["file","etcd::client::config","etcd","client","config","class","profile::conftool::client","profile","conftool","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/etcd/manifests/client/config.pp","line":18,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0440","show_diff":false,"content":"password: another_secret\nusername: conftool\n\n"}},{"type":"Cfssl::Csr","title":"/etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr","tags":["cfssl::csr","cfssl","csr","cfssl::cert","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":83,"exported":false,"kind":"defined_type","parameters":{"common_name":"varnishkafka-deployment-prep","key":{"algo":"ecdsa","size":256},"names":[],"hosts":[],"ensure":"present"}},{"type":"File","title":"/etc/varnishkafka/ssl","tags":["file","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":91,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","recurse":true,"mode":"0740"}},{"type":"Exec","title":"Generate cert kafka__varnishkafka-deployment-prep_kafka_11","tags":["exec","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":152,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/localcerts/pki_api_CA.pem -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11\n","environment":["GODEBUG=x509ignoreCN=0"],"unless":"/usr/bin/test \"$(/usr/bin/openssl x509 -in /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.pem -noout -pubkey 2>&1)\" == \"$(/usr/bin/openssl pkey -pubout -in /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11-key.pem 2>&1)\"\n","require":"Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr]"}},{"type":"Exec","title":"Generate cert kafka__varnishkafka-deployment-prep_kafka_11 refresh","tags":["exec","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":160,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/localcerts/pki_api_CA.pem -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11\n","environment":["GODEBUG=x509ignoreCN=0"],"refreshonly":true,"subscribe":"File[/etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr]"}},{"type":"Exec","title":"renew certificate - kafka__varnishkafka-deployment-prep_kafka_11","tags":["exec","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":169,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/localcerts/pki_api_CA.pem -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem -label kafka -profile kafka_11 /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11\n","environment":["GODEBUG=x509ignoreCN=0"],"unless":"/usr/bin/openssl x509 -in /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.pem -checkend 952200","require":"Exec[Generate cert kafka__varnishkafka-deployment-prep_kafka_11]"}},{"type":"File","title":"/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.pem","tags":["file","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":179,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0440"}},{"type":"File","title":"/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.csr","tags":["file","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":179,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0440"}},{"type":"File","title":"/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11-key.pem","tags":["file","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":185,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0440","show_diff":false,"backup":false}},{"type":"File","title":"/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chain.pem","tags":["file","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":207,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0440","source":"puppet:///modules/profile/pki/wmcs-intermediates/kafka-cert.pem"}},{"type":"Exec","title":"Generate cert kafka__varnishkafka-deployment-prep_kafka_11 refresh on intermediate ca change","tags":["exec","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":220,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/localcerts/pki_api_CA.pem -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem -label kafka -profile kafka_11 /etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr | /usr/bin/cfssljson -bare /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11\n","environment":["GODEBUG=x509ignoreCN=0"],"refreshonly":true,"subscribe":"File[/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chain.pem]","require":"Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr]"}},{"type":"Exec","title":"create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chain.pem","tags":["exec","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":239,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/cat /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.pem /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chain.pem > /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chained.pem","unless":"/usr/bin/test \"$(/bin/cat /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.pem /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chain.pem | sha512sum)\" == \"$(/bin/cat /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chained.pem | sha512sum)\"\n","subscribe":["Exec[renew certificate - kafka__varnishkafka-deployment-prep_kafka_11]","File[/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chain.pem]","File[/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.pem]"],"require":"Exec[Generate cert kafka__varnishkafka-deployment-prep_kafka_11 refresh on intermediate ca change]"}},{"type":"File","title":"/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chained.pem","tags":["file","cfssl::cert","cfssl","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":254,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","require":"Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chain.pem]"}},{"type":"Class","title":"Varnishkafka","tags":["class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown"},{"type":"Package","title":"varnishkafka","tags":["package","varnishkafka","class","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/init.pp","line":7,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"File","title":"/etc/varnishkafka","tags":["file","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/init.pp","line":11,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0444","recurse":true,"purge":true,"force":true}},{"type":"File","title":"/var/cache/varnishkafka","tags":["file","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/init.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"varnishlog","group":"varnish","mode":"0755","require":"Package[varnishkafka]"}},{"type":"Rsyslog::Conf","title":"varnishkafka","tags":["rsyslog::conf","rsyslog","conf","varnishkafka","class","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/init.pp","line":34,"exported":false,"kind":"defined_type","parameters":{"priority":70,"source":"puppet:///modules/varnishkafka/varnishkafka_rsyslog.conf","ensure":"present","mode":"0444"}},{"type":"File","title":"/etc/logrotate.d/varnishkafka","tags":["file","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/init.pp","line":45,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","source":"puppet:///modules/varnishkafka/varnishkafka_logrotate"}},{"type":"Exec","title":"stop-varnishkafka-service","tags":["exec","stop-varnishkafka-service","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/init.pp","line":58,"exported":false,"kind":"compilable_type","parameters":{"command":"/sbin/start-stop-daemon --stop --pidfile /var/run/varnishkafka/varnishkafka.pid --exec /usr/bin/varnishkafka","onlyif":"/sbin/start-stop-daemon --status --pidfile /var/run/varnishkafka/varnishkafka.pid --exec /usr/bin/varnishkafka","subscribe":"Package[varnishkafka]"}},{"type":"File","title":"/etc/init.d/varnishkafka","tags":["file","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/init.pp","line":64,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","subscribe":"Package[varnishkafka]","owner":"root","group":"root"}},{"type":"File","title":"/etc/default/varnishkafka","tags":["file","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/init.pp","line":69,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","subscribe":"Package[varnishkafka]","owner":"root","group":"root"}},{"type":"Systemd::Service","title":"varnishkafka-all","tags":["systemd::service","systemd","service","varnishkafka-all","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/init.pp","line":76,"exported":false,"kind":"defined_type","parameters":{"content":"# SPDX-License-Identifier: Apache-2.0\n[Unit]\nDescription=Varnishkafka - All Instances\n\n[Service]\nType=oneshot\nRemainAfterExit=true\nExecStart=/bin/true\nExecReload=/bin/true\n","ensure":"present","unit_type":"service","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/etc/varnishkafka/webrequest.conf","tags":["file","varnishkafka::instance","varnishkafka","instance","webrequest","class","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/instance.pp","line":178,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# Note: This file is managed by Puppet.\n\n#######################################################################\n#                                                                     #\n#                varnishkafka configuration file                      #\n#                       Varnish 4 specific                            #\n#                                                                     #\n#######################################################################\n#                                                                     #\n# Syntax:                                                             #\n# <property-name> = <value>                                           #\n#                                                                     #\n# Boolean property values:                                            #\n#   >0, \"true\", \"yes\", \"on\" - interpreted as true                     #\n#  everything else          - interpreted as false                    #\n#                                                                     #\n#######################################################################\n                                                                      #\n                                                                      #\n                                                                      #\n#######################################################################\n#                                                                     #\n# Varnish log formatting                                              #\n#                                                                     #\n# format.type - format output type, one of:                           #\n#  string     - ASCII string output                                   #\n#  json       - JSON output                                           #\n#                                                                     #\n#                                                                     #\n# format - format string                                              #\n#  %X                                                                 #\n#   where 'X' is one of the standard varnishncsa(1) formatters.       #\n#   Example: %u                                                       #\n#                                                                     #\n#                                                                     #\n#  %{VAR}X                                                            #\n#    Name-Value tokens where X is 'x', 'i' or 'o' and 'VAR' is the    #\n#    Name to extract the value for.                                   #\n#    Example: %{User-Agent}i                                          #\n#                                                                     #\n#                                                                     #\n#  %{?DEFAULT@FIELD!OPTION!OPTION..}X                                 #\n#    where 'X' is any formatter,                                      #\n#                                                                     #\n#    'DEFAULT' is the default string to use if no tag was matched,    #\n#     the default default string is \"-\".                              #\n#                                                                     #\n#    'FIELD' is the field name to use with the JSON formatter.        #\n#     i.e., \"%{@host}l\" will be JSON encoded as: {\"host\":\"1.2.3.4\"}   #\n#                                                                     #\n#    'OPTION' is one or more of the formatting options:               #\n#        escape - escape non-printable characters to \\<octalcode>     #\n#                 and \\t\\n\\r\\v\\f \" to their canonical                 #\n#                 backslashed notations (\\t\\n\\r\\v\\f\\\"\\ ).             #\n#        num    - for typed formatters, such as JSON, try to encode   #\n#                 the value as a number.                              #\n#                                                                     #\n#                                                                     #\n#    This syntax can be combined with %{VAR}X.                        #\n#    Example: %{User-Agent?Mozilla!escape}i                           #\n#             %{?nouser}u                                             #\n#             %{!escape}q                                             #\n#             %{@host}l                                               #\n#                                                                     #\n#                                                                     #\n#                                                                     #\n#  Additional formatter specials:                                     #\n#    %{<strftime-format>}t - format timestamp according to supplied   #\n#                            strftime(3) compatible format string.    #\n#    %{Varnish:xid}x       - transaction id of client request.        #\n#                            Same value as X-Varnish header           #\n#                                                                     #\n#                                                                     #\n#                                                                     #\n#  Non %-prefixed strings are copied verbatim to the                  #\n#  output log string.                                                 #\n#    Example: \"User: %u;\"   would render \"User: snaps;\"               #\n#                                                                     #\n#                                                                     #\n#######################################################################\n\n# Where to output varnish log lines:\n#  kafka  - (default) send to kafka broker\n#  stdout - just print to stdout (behave like varnishncsa)\n#  null   - (test) collect all tags specified by format but dont output anything\noutput = kafka\n\n# Log formatter\nformat.type = json\nformat = %{fake_tag0@hostname?deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud}x %{@sequence!num?0}n %{end:%FT%TZ@dt}t %{Varnish:time_firstbyte@time_firstbyte!num?0.0}x %{X-Client-IP@ip}o %{X-Cache-Status@cache_status}o %{@http_status}s %{@response_size!num?0}b %{@http_method}m %{Host@uri_host}i %{@uri_path}U %{@uri_query}q %{Content-Type@content_type}o %{Referer@referer}i %{User-Agent@user_agent}i %{Accept-Language@accept_language}i %{X-Analytics@x_analytics}o %{Range@range}i %{X-Cache@x_cache}o %{Accept@accept}i %{Server@backend}o %{VCL_Log:tls@tls}x\n\n# Optional secondary formatting.\n#   'output = kafka':  The rendered 'format.key' will be provided as the\n#                      Kafka message Key\n#   'output = string': Print string to stdout.\n# Supports the same formatting and type as 'format' and 'format.type'.\n# format.key.type = string\n# format.key = %l\n\n# Start for sequence number (%n)\n# Either a number, or the string \"time\" which will set it to the current\n# unix time in seconds multiplied by 1,000,000.\n# Defaults to 0.\nsequence.number = 0\n\n\n#\n# TUNING\n#\n\n# The maximum accepted log tag (field) size.\n# Larger tags will be truncated to this size.\n# Defaults to 2048\ntag.size.max = 2048\n\n# Size of per logline scratch buffer.\n# The scratch buffer is used as a temporary storage space while\n# collecting tags for the log line.  If the scratch size is too small the\n# logline tag match will be incomplete.  log.line.scratch.size depicts the\n# size of the \"static\" always-available memory allocated with each logline.\n# It should be configured to fit all matched tag-values (prior to formatting)\n# for a normal request.  If the scratch buffer gets full vk will start\n# allocating tmpbufs, a tmpbuf only lives for the current request and is then\n# freed, so it is a little more costly than using thestatic scratch pad.\n# Defaults to 4096 bytes.\nlogline.scratch.size = 4096\n\n#\n# varnishkafka log messages configuration\n# Debugging, error reporting, etc, not to be confused with varnish logs.\n#\n\n# varnishkafka log level (1 = emergencies .. 7 = debug)\nlog.level = 6\n\n# specify log output (multiples allowed)\n\nlog.stderr = false\nlog.syslog = true\n\n# Maximum number of error logs produced per log.rate.period seconds\n# This setting is applied per error type.\n# log.rate.max defaults to 100\n# log.rate.period defaults to 60\n#log.rate.max = 100\n#log.rate.period = 60\n\n# Kafka: log message delivery failures (requires required.acks > 0)\nlog.kafka.msg.error = true\n\n#\n# JSON Statistics\n#\n# Statistics is collected from varnishkafka itself as well as librdkafka\n# Each JSON object has a top level key of either 'varnishkafka' or\n# 'kafka' to indicate which type of statistics the object contains.\n# Each line is a valid JSON object.\n#\n\n# Statistics output interval\n# Defaults to 60 seconds, use 0 to disable.\nlog.statistics.interval = 15\n\n# Statistics output file\n# Defaults to /tmp/varnishkafka.stats.json\nlog.statistics.file = /var/cache/varnishkafka/webrequest.stats.json\n\n\n# daemonize varnishkafka (boolean)\ndaemonize = false\n\n\n\n#######################################################################\n#                                                                     #\n# Standard varnish VSL command line arguments                         #\n#                                                                     #\n# Syntax:                                                             #\n#  varnish.arg.<c> = <value>, where <c> is a command line option.     #\n#                                                                     #\n# See varnishncsa(1) and varnishlog(1) for valid options.             #\n#                                                                     #\n#######################################################################\n\n# -L 10000\nvarnish.arg.L = 10000\n# -T 1500\nvarnish.arg.T = 1500\n# -q ReqMethod ne \"PURGE\" and not Timestamp:Pipe and not Timestamp:Restart and not ReqHeader:Upgrade ~ \"[wW]ebsocket\" and not HttpGarbage\nvarnish.arg.q = ReqMethod ne \"PURGE\" and not Timestamp:Pipe and not Timestamp:Restart and not ReqHeader:Upgrade ~ \"[wW]ebsocket\" and not HttpGarbage\n\n# varnish instance name\nvarnish.arg.n = frontend\n\n#######################################################################\n#                                                                     #\n# Kafka configuration                                                 #\n#                                                                     #\n# Kafka configuration properties are prefixed with \"kafka.\"           #\n# and topic properties are prefixed with \"kafka.topic.\".              #\n#                                                                     #\n# For the full range of Kafka handle and topic configuration          #\n# properties, see:                                                    #\n#  http://github.com/edenhill/librdkafka/blob/master/CONFIGURATION.md #\n#                                                                     #\n# And the Apache Kafka configuration reference:                       #\n#  http://kafka.apache.org/08/configuration.html                      #\n#                                                                     #\n#######################################################################\n\n# Initial list of kafka brokers\nkafka.metadata.broker.list = deployment-kafka-jumbo-5.deployment-prep.eqiad1.wikimedia.cloud:9093,deployment-kafka-jumbo-8.deployment-prep.eqiad1.wikimedia.cloud:9093,deployment-kafka-jumbo-9.deployment-prep.eqiad1.wikimedia.cloud:9093\n\n# Maximum number of messages allowed on the local producer queue\n# Defaults to 1000000\nkafka.queue.buffering.max.messages = 720000\n\n# Maximum time, in milliseconds, for buffering data on the producer queue.\n# Defaults to 1000 (1 second)\nkafka.queue.buffering.max.ms = 1000\n\n# Maximum number of messages batched in one MessageSet.\n# Defaults to 1000\nkafka.batch.num.messages = 9000\n\n# Maximum number of retries per messageset.\nkafka.message.send.max.retries = 3\n\n# Use compression when sending to Kafka..  Default is none.\n# Valid values are 'none', 'gzip', and 'snappy'.\nkafka.compression.codec = snappy\n\n#\n# Topic configuration\n#\n\n# Topic to produce messages to\nkafka.topic = webrequest_text\n\n# Partition (-1: random, else one of the available partitions)\nkafka.partition = -1\n\n# Required number of acks\nkafka.topic.request.required.acks = 1\n\n# Local message timeout (milliseconds)\nkafka.topic.message.timeout.ms = 300000\n\n# The ack timeout of the producer request in milliseconds\nkafka.topic.request.timeout.ms = 2000\n\n# SO_SNDBUFF Socket send buffer size. System default is used if 0.\nkafka.socket.send.buffer.bytes = 0\n#\n# TLS/SSL settings\n#\nkafka.security.protocol=SSL\nkafka.ssl.ca.location=/etc/ssl/certs/wmf-ca-certificates.crt\nkafka.ssl.key.password=qwerty\nkafka.ssl.key.location=/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11-key.pem\nkafka.ssl.certificate.location=/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chained.pem\nkafka.ssl.cipher.suites=ECDHE-ECDSA-AES256-GCM-SHA384\nkafka.ssl.curves.list=P-256\nkafka.ssl.sigalgs.list=ECDSA+SHA256\n","owner":"root","group":"root","mode":"0400","require":"Package[varnishkafka]","notify":["Service[varnishkafka-webrequest]"]}},{"type":"File","title":"/etc/logrotate.d/varnishkafka-webrequest-stats","tags":["file","varnishkafka::instance","varnishkafka","instance","webrequest","class","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/instance.pp","line":187,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0444","content":"/var/cache/varnishkafka/webrequest.stats.json {\n  daily\n  rotate 4\n  create 0644 varnishlog root\n  missingok\n  compress\n  delaycompress\n  postrotate\n    service varnishkafka-webrequest reload >/dev/null\n  endscript\n}\n","require":"Package[varnishkafka]"}},{"type":"Base::Service_unit","title":"varnishkafka-webrequest","tags":["base::service_unit","base","service_unit","varnishkafka-webrequest","varnishkafka::instance","varnishkafka","instance","webrequest","class","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/instance.pp","line":196,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","systemd":"[Unit]\nDescription=VarnishKafka webrequest\nAfter=network.target local-fs.target varnish-frontend.service\nRequires=varnish-frontend.service\nBindsTo=varnish-frontend.service\nPartOf=varnishkafka-all.service\n\n[Service]\nType=simple\nExecStart=/usr/bin/varnishkafka -S \"/etc/varnishkafka/webrequest.conf\"\nExecReload=/bin/kill -HUP $MAINPID\nRestart=on-failure\n\n[Install]\nWantedBy=varnishkafka-all.service multi-user.target\n","refresh":true,"require":"Package[varnishkafka]","service_params":{"hasstatus":true,"hasrestart":true},"declare_service":true,"mask":false}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_prometheus-varnishkafka-exporter","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_prometheus-varnishkafka-exporter","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: prometheus-varnishkafka-exporter","command":"/usr/local/sbin/wmf-auto-restart -s prometheus-varnishkafka-exporter","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 5:54:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Cfssl::Csr","title":"/etc/cfssl/csr/discovery2026__purged.csr","tags":["cfssl::csr","cfssl","csr","cfssl::cert","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":83,"exported":false,"kind":"defined_type","parameters":{"common_name":"purged","key":{"algo":"ecdsa","size":256},"names":[],"hosts":[],"ensure":"present"}},{"type":"Exec","title":"Generate cert discovery2026__purged","tags":["exec","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":152,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/localcerts/pki_api_CA.pem -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem -label discovery2026  /etc/cfssl/csr/discovery2026__purged.csr | /usr/bin/cfssljson -bare /etc/purged/ssl/discovery2026__purged\n","environment":["GODEBUG=x509ignoreCN=0"],"unless":"/usr/bin/test \"$(/usr/bin/openssl x509 -in /etc/purged/ssl/discovery2026__purged.pem -noout -pubkey 2>&1)\" == \"$(/usr/bin/openssl pkey -pubout -in /etc/purged/ssl/discovery2026__purged-key.pem 2>&1)\"\n","notify":["Service[purged]"],"require":"Cfssl::Csr[/etc/cfssl/csr/discovery2026__purged.csr]"}},{"type":"Exec","title":"Generate cert discovery2026__purged refresh","tags":["exec","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":160,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/localcerts/pki_api_CA.pem -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem -label discovery2026  /etc/cfssl/csr/discovery2026__purged.csr | /usr/bin/cfssljson -bare /etc/purged/ssl/discovery2026__purged\n","environment":["GODEBUG=x509ignoreCN=0"],"refreshonly":true,"notify":["Service[purged]"],"subscribe":"File[/etc/cfssl/csr/discovery2026__purged.csr]"}},{"type":"Exec","title":"renew certificate - discovery2026__purged","tags":["exec","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":169,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/localcerts/pki_api_CA.pem -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem -label discovery2026  /etc/purged/ssl/discovery2026__purged.csr | /usr/bin/cfssljson -bare /etc/purged/ssl/discovery2026__purged\n","environment":["GODEBUG=x509ignoreCN=0"],"unless":"/usr/bin/openssl x509 -in /etc/purged/ssl/discovery2026__purged.pem -checkend 952200","require":"Exec[Generate cert discovery2026__purged]","notify":["Service[purged]"]}},{"type":"File","title":"/etc/purged/ssl/discovery2026__purged.pem","tags":["file","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":179,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0440"}},{"type":"File","title":"/etc/purged/ssl/discovery2026__purged.csr","tags":["file","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":179,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0440"}},{"type":"File","title":"/etc/purged/ssl/discovery2026__purged-key.pem","tags":["file","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":185,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0440","show_diff":false,"backup":false}},{"type":"File","title":"/etc/purged/ssl/discovery2026__purged.chain.pem","tags":["file","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":207,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0440","source":"puppet:///modules/profile/pki/wmcs-intermediates/discovery2026-cert.pem"}},{"type":"Exec","title":"Generate cert discovery2026__purged refresh on intermediate ca change","tags":["exec","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":220,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/localcerts/pki_api_CA.pem -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem -label discovery2026  /etc/cfssl/csr/discovery2026__purged.csr | /usr/bin/cfssljson -bare /etc/purged/ssl/discovery2026__purged\n","environment":["GODEBUG=x509ignoreCN=0"],"refreshonly":true,"notify":["Service[purged]"],"subscribe":"File[/etc/purged/ssl/discovery2026__purged.chain.pem]","require":"Cfssl::Csr[/etc/cfssl/csr/discovery2026__purged.csr]"}},{"type":"Exec","title":"create chained cert /etc/purged/ssl/discovery2026__purged.chain.pem","tags":["exec","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":239,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/cat /etc/purged/ssl/discovery2026__purged.pem /etc/purged/ssl/discovery2026__purged.chain.pem > /etc/purged/ssl/discovery2026__purged.chained.pem","unless":"/usr/bin/test \"$(/bin/cat /etc/purged/ssl/discovery2026__purged.pem /etc/purged/ssl/discovery2026__purged.chain.pem | sha512sum)\" == \"$(/bin/cat /etc/purged/ssl/discovery2026__purged.chained.pem | sha512sum)\"\n","notify":["Service[purged]"],"subscribe":["Exec[renew certificate - discovery2026__purged]","File[/etc/purged/ssl/discovery2026__purged.chain.pem]","File[/etc/purged/ssl/discovery2026__purged.pem]"],"require":"Exec[Generate cert discovery2026__purged refresh on intermediate ca change]"}},{"type":"File","title":"/etc/purged/ssl/discovery2026__purged.chained.pem","tags":["file","cfssl::cert","cfssl","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/cert.pp","line":254,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","require":"Exec[create chained cert /etc/purged/ssl/discovery2026__purged.chain.pem]"}},{"type":"Service","title":"purged","tags":["service","purged","systemd::service","systemd","class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Unit","title":"purged","tags":["systemd::unit","systemd","unit","purged","systemd::service","service","class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Purger for ATS and Varnish\n\n[Service]\nExecStart=/usr/bin/purged -backend_addr \"127.0.0.1:3128\" -frontend_addr \"/run/varnish-privileged.socket\" -prometheus_addr :2112 -frontend_workers 4 -backend_workers 2  -topics eqiad.resource-purge -kafkaConfig /etc/purged/purged-kafka.conf\nRestart=on-failure\n# Allocate a user for purged on-the-fly. This turns off write access to most\n# directories. See http://0pointer.net/blog/dynamic-users-with-systemd.html\nDynamicUser=yes\n\n","override":false,"override_filename":"puppet-override.conf","restart":true,"unit":"purged","require":["Class[Systemd]"]}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_purged","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_purged","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: purged","command":"/usr/local/sbin/wmf-auto-restart -s purged","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 21:37:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"File","title":"/etc/modprobe.d/blacklist-cp-bl.conf","tags":["file","kmod::blacklist","kmod","blacklist","cp-bl","class","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/kmod/manifests/blacklist.pp","line":42,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# cp-bl - blacklisted kernel modules\n# This file is managed by Puppet\n#\nblacklist x_tables\ninstall x_tables /bin/true\n","notify":["Exec[update-initramfs]"]}},{"type":"File","title":"/etc/rsyslog.d/80-varnish.conf","tags":["file","rsyslog::conf","rsyslog","conf","varnish","class","varnish::logging","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/rsyslog.d/20-varnish-pipeline.conf","tags":["file","rsyslog::conf","rsyslog","conf","varnish_pipeline","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog configuration for Varnish\n# This file is managed by Puppet\n\n# Forward Varnish logs to logging pipeline\nif $programname contains \"varnish\" then {\n    set $.log_outputs = \"kafka local\";\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/usr/local/bin/varnishmtail-default","tags":["file","varnish::logging::mtail","varnish","logging","mtail","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/varnish/varnishmtail-default.sh","notify":"Systemd::Service[varnishmtail@default]","require":"File[/usr/local/bin/varnishmtail-wrapper]"}},{"type":"Systemd::Service","title":"varnishmtail@default","tags":["systemd::service","systemd","service","varnish::logging::mtail","varnish","logging","mtail","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":41,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=\"Varnish mtail %i instance\"\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nSyslogIdentifier=varnishmtail-%i\nRestart=always\nExecStart=/usr/local/bin/varnishmtail-%i /etc/mtail-default 3903\n\n[Install]\nWantedBy=multi-user.target\n","restart":true,"require":"File[/usr/local/bin/varnishmtail-default]","unit_type":"service","override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Mtail::Program","title":"varnishreqstats","tags":["mtail::program","mtail","program","varnishreqstats","varnish::logging::mtail","varnish","logging","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/mtail/programs/varnishreqstats.mtail","notify":"Systemd::Service[varnishmtail@default]","destination":"/etc/mtail-default","ensure":"present"}},{"type":"Mtail::Program","title":"varnishttfb","tags":["mtail::program","mtail","program","varnishttfb","varnish::logging::mtail","varnish","logging","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/mtail/programs/varnishttfb.mtail","notify":"Systemd::Service[varnishmtail@default]","destination":"/etc/mtail-default","ensure":"present"}},{"type":"Mtail::Program","title":"varnishxcache","tags":["mtail::program","mtail","program","varnishxcache","varnish::logging::mtail","varnish","logging","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/mtail/programs/varnishxcache.mtail","notify":"Systemd::Service[varnishmtail@default]","destination":"/etc/mtail-default","ensure":"present"}},{"type":"Mtail::Program","title":"varnishrls","tags":["mtail::program","mtail","program","varnishrls","varnish::logging::mtail","varnish","logging","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/mtail/programs/varnishrls.mtail","notify":"Systemd::Service[varnishmtail@default]","destination":"/etc/mtail-default","ensure":"present"}},{"type":"File","title":"/usr/local/bin/varnishmtail-internal","tags":["file","varnish::logging::mtail","varnish","logging","mtail","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0555","source":"puppet:///modules/varnish/varnishmtail-internal.sh","notify":"Systemd::Service[varnishmtail@internal]","require":"File[/usr/local/bin/varnishmtail-wrapper]"}},{"type":"Systemd::Service","title":"varnishmtail@internal","tags":["systemd::service","systemd","service","varnish::logging::mtail","varnish","logging","mtail","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":41,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=\"Varnish mtail %i instance\"\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nSyslogIdentifier=varnishmtail-%i\nRestart=always\nExecStart=/usr/local/bin/varnishmtail-%i /etc/mtail-internal 3913\n\n[Install]\nWantedBy=multi-user.target\n","restart":true,"require":"File[/usr/local/bin/varnishmtail-internal]","unit_type":"service","override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Mtail::Program","title":"varnishprocessing","tags":["mtail::program","mtail","program","varnishprocessing","varnish::logging::mtail","varnish","logging","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/mtail/programs/varnishprocessing.mtail","notify":"Systemd::Service[varnishmtail@internal]","destination":"/etc/mtail-internal","ensure":"present"}},{"type":"Mtail::Program","title":"varnisherrors","tags":["mtail::program","mtail","program","varnisherrors","varnish::logging::mtail","varnish","logging","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/mtail/programs/varnisherrors.mtail","notify":"Systemd::Service[varnishmtail@internal]","destination":"/etc/mtail-internal","ensure":"present"}},{"type":"Mtail::Program","title":"varnishsli","tags":["mtail::program","mtail","program","varnishsli","varnish::logging::mtail","varnish","logging","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/logging/mtail.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/mtail/programs/varnishsli.mtail","notify":"Systemd::Service[varnishmtail@internal]","destination":"/etc/mtail-internal","ensure":"present"}},{"type":"Service","title":"varnish-frontend-tlsinspector","tags":["service","varnish-frontend-tlsinspector","systemd::service","systemd","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"require":"Service[varnish-frontend]","before":["Exec[systemd daemon-reload for varnish-frontend-tlsinspector.service (varnish-frontend-tlsinspector)]"]}},{"type":"Systemd::Unit","title":"varnish-frontend-tlsinspector","tags":["systemd::unit","systemd","unit","varnish-frontend-tlsinspector","systemd::service","service","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Varnish frontend TLS ciphersuite inspector\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishtlsinspector --varnishd-instance-name frontend\nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":true,"unit":"varnish-frontend-tlsinspector","require":["Class[Systemd]"]}},{"type":"File","title":"/lib/systemd/system/traffic-pool.service","tags":["file","systemd::unit","systemd","unit","traffic-pool.service","class","cacheproxy::traffic_pool","cacheproxy","traffic_pool","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# traffic-pool.service\n#\n# On shutdown, *before* trafficserver-tls/varnish are stopped, this will depool the node\n# for all services and then sleep 45 seconds\n#\n# On startup, *after* trafficserver-tls/varnish have been started successfully, iff the\n# file /var/lib/traffic-pool/pool-once exists, this will delete that file,\n# sleep 45 seconds, and then pool the node for all services.  The file is\n# expected to only be created by human action when immediate repool after a\n# successful reboot is desired.  The default should always be to stay\n# depooled when booting up under unknown conditions (e.g. post-crash, or\n# after being offline for a long period for hardware repairs).\n#\n\n[Unit]\nDescription=Traffic Services Pool Control\nAfter=haproxy.service varnish-frontend.service trafficserver.service\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/bin/sh -c 'if test -f /var/lib/traffic-pool/pool-once; then rm -f /var/lib/traffic-pool/pool-once; sleep 45; /usr/local/bin/pool; fi'\nExecStop=/usr/local/bin/depool ; /bin/sleep 45\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for traffic-pool.service (traffic-pool.service)]"}},{"type":"Exec","title":"systemd daemon-reload for traffic-pool.service (traffic-pool.service)","tags":["exec","systemd::unit","systemd","unit","traffic-pool.service","class","cacheproxy::traffic_pool","cacheproxy","traffic_pool","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Sysctl::Conffile","title":"TCP Fast Open","tags":["sysctl::conffile","sysctl","conffile","sysctl::parameters","parameters","class","profile::tcp_fast_open","profile","tcp_fast_open","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/parameters.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nnet.ipv4.tcp_fastopen = 3\n","priority":70,"no_priority_prefix":false}},{"type":"Apt::Repository","title":"thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia","tags":["apt::repository","apt","repository","thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::package_from_component","package_from_component","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":75,"kind":"defined_type","exported":false,"parameters":{"uri":"http://apt.wikimedia.org/wikimedia","dist":"bullseye-wikimedia","components":"thirdparty/haproxy28","ensure":"present","bin":true,"source":true,"trust_repo":false,"allow_releaseinfo_change":false}},{"type":"Exec","title":"apt_package_from_component_haproxy","tags":["exec","apt_package_from_component_haproxy","apt::package_from_component","apt","package_from_component","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":98,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update","refreshonly":true,"subscribe":"Apt::Repository[thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"}},{"type":"Apt::Pin","title":"apt_pin_haproxy","tags":["apt::pin","apt","pin","apt_pin_haproxy","apt::package_from_component","package_from_component","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/package_from_component.pp","line":107,"exported":false,"kind":"defined_type","parameters":{"pin":"release c=thirdparty/haproxy28","priority":1002,"package":"haproxy","notify":"Exec[apt_package_from_component_haproxy]","ensure":"present"}},{"type":"File","title":"/etc/tmpfiles.d/haproxy.conf","tags":["file","systemd::tmpfile","systemd","tmpfile","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/tmpfile.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"d /run/haproxy 0775 root haproxy","mode":"0444","owner":"root","group":"root"}},{"type":"Exec","title":"Refresh tmpfile haproxy","tags":["exec","systemd::tmpfile","systemd","tmpfile","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/tmpfile.pp","line":39,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemd-tmpfiles --create --remove '/etc/tmpfiles.d/haproxy.conf'","user":"root","refreshonly":true,"subscribe":"File[/etc/tmpfiles.d/haproxy.conf]"}},{"type":"Service","title":"haproxy","tags":["service","haproxy","systemd::service","systemd","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"restart":"/bin/systemctl reload haproxy.service"}},{"type":"Systemd::Unit","title":"haproxy","tags":["systemd::unit","systemd","unit","haproxy","systemd::service","service","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=HAProxy Load Balancer\nDocumentation=man:haproxy(1)\nDocumentation=file:/usr/share/doc/haproxy/configuration.txt.gz\nAfter=network-online.target syslog.service\nWants=network-online.target syslog.service\n\n[Service]\nEnvironment=\"CONFIG=/etc/haproxy/haproxy.cfg\" \"PIDFILE=/run/haproxy/haproxy.pid\"\nEnvironmentFile=-/etc/default/haproxy\nExecStartPre=/usr/local/sbin/tls-check /etc/haproxy-tls-check.cfg\nExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q $EXTRAOPTS\nExecStart=/usr/sbin/haproxy -Ws -f ${CONFIG} -p $PIDFILE $EXTRAOPTS\nExecReload=/usr/sbin/haproxy -f ${CONFIG} -c -q $EXTRAOPTS\nExecReload=/bin/kill -USR2 $MAINPID\nKillMode=mixed\nRestart=always\nSuccessExitStatus=143\nType=notify\nLimitNOFILE=500000\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"haproxy","require":["Class[Systemd]"]}},{"type":"Nrpe::Check","title":"check_haproxy","tags":["nrpe::check","nrpe","check","check_haproxy","nrpe::monitor_service","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":70,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","command":"/usr/lib/nagios/plugins/check_procs -c 1: -C haproxy","before":"Monitoring::Service[haproxy]"}},{"type":"Monitoring::Service","title":"haproxy","tags":["monitoring::service","monitoring","service","haproxy","nrpe::monitor_service","nrpe","monitor_service","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":86,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"haproxy process","check_command":"nrpe_check!check_haproxy!10","contact_group":"admins","retries":3,"critical":false,"check_interval":1,"retry_interval":1,"notes_url":"https://wikitech.wikimedia.org/wiki/HAProxy","migration_task":"T357099","passive":false,"freshness":36000,"config_dir":"/etc/nagios","host":"deployment-cache-text08"}},{"type":"Package","title":"python3-click","tags":["package","python3-click","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":106,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Package","title":"python3-box","tags":["package","python3-box","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":106,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/usr/local/bin/nrpe2nodexp","tags":["file","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":108,"kind":"compilable_type","exported":false,"parameters":{"ensure":"present","source":"puppet:///modules/nrpe/nrpe2nodexp.py","mode":"0555","owner":"root","group":"root"}},{"type":"Prometheus::Alert::Rule","title":"check_haproxy_8b4833c5a4a8470c54300abc1c3122e3","tags":["prometheus::alert::rule","prometheus","alert","rule","check_haproxy_8b4833c5a4a8470c54300abc1c3122e3","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":144,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","alert_name":"nrpe_haproxy_process","instance":"ops","summary":"NRPE CHECK: haproxy process","description":"NRPE CHECK: haproxy process","expr":"(nagios_nrpe_check_result{alert_rule_hash=\"8b4833c5a4a8470c54300abc1c3122e3\",check_name=\"check_haproxy\", status=~\"(WARNING|CRITICAL)\", severity=~\"(warning|critical)\"} > 0) * on (instance) group_left (team) role_owner","for":"3m","group":"nrpechecks","dashboard":"TODO","runbook":"https://wikitech.wikimedia.org/wiki/HAProxy","logs":"https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_haproxy))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))","team":"observability","severity":"info","def_label_whitelst":["team","severity"],"site":"eqiad"}},{"type":"Systemd::Timer::Job","title":"nrpe2nodexp-haproxy","tags":["systemd::timer::job","systemd","timer","job","nrpe2nodexp-haproxy","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":180,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"execution of nrpe2nodexp for the check_haproxy command.","user":"nagios","group":"prometheus-node-exporter","ignore_errors":true,"command":"/usr/local/bin/nrpe2nodexp --alert-rule-hash \"8b4833c5a4a8470c54300abc1c3122e3\" --timeout 10 --check-command \"check_haproxy\"","interval":[{"start":"OnUnitInactiveSec","interval":"1min"}],"splay":60,"fixed_random_delay":true,"logging_enabled":false,"syslog_identifier":"nrpe2nodexp-haproxy","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","send_mail_only_on_error":true,"private_tmp":false,"success_exit_status":[]}},{"type":"Rsyslog::Conf","title":"nrpe2nodexp-haproxy","tags":["rsyslog::conf","rsyslog","conf","nrpe2nodexp-haproxy","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":197,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"nrpe2nodexp-haproxy\" then {\n    if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n        # Send logs to kafka\n        set $.log_outputs = \"kafka ecs_170 local\";\n    } else {\n        # Filter out non-relevant nrpe2nodexp messages\n        stop\n    }\n}\n","priority":25,"mode":"0444"}},{"type":"File","title":"/var/lib/prometheus/node.d/check_haproxy.prom","tags":["file","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":207,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Nrpe::Check","title":"check_haproxy_alive","tags":["nrpe::check","nrpe","check","check_haproxy_alive","nrpe::monitor_service","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":70,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","command":"/usr/local/lib/nagios/plugins/check_haproxy --check=alive","before":"Monitoring::Service[haproxy_alive]"}},{"type":"Monitoring::Service","title":"haproxy_alive","tags":["monitoring::service","monitoring","service","haproxy_alive","nrpe::monitor_service","nrpe","monitor_service","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":86,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"haproxy alive","check_command":"nrpe_check!check_haproxy_alive!10","contact_group":"admins","retries":3,"critical":false,"check_interval":1,"retry_interval":1,"notes_url":"https://wikitech.wikimedia.org/wiki/HAProxy","migration_task":"T407137","passive":false,"freshness":36000,"config_dir":"/etc/nagios","host":"deployment-cache-text08"}},{"type":"Prometheus::Alert::Rule","title":"check_haproxy_alive_0065d6c8589cde5ab0f2099cfdcb8eff","tags":["prometheus::alert::rule","prometheus","alert","rule","check_haproxy_alive_0065d6c8589cde5ab0f2099cfdcb8eff","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":144,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","alert_name":"nrpe_haproxy_alive","instance":"ops","summary":"NRPE CHECK: haproxy alive","description":"NRPE CHECK: haproxy alive","expr":"(nagios_nrpe_check_result{alert_rule_hash=\"0065d6c8589cde5ab0f2099cfdcb8eff\",check_name=\"check_haproxy_alive\", status=~\"(WARNING|CRITICAL)\", severity=~\"(warning|critical)\"} > 0) * on (instance) group_left (team) role_owner","for":"3m","group":"nrpechecks","dashboard":"TODO","runbook":"https://wikitech.wikimedia.org/wiki/HAProxy","logs":"https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_haproxy_alive))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))","team":"observability","severity":"info","def_label_whitelst":["team","severity"],"site":"eqiad"}},{"type":"Systemd::Timer::Job","title":"nrpe2nodexp-haproxy_alive","tags":["systemd::timer::job","systemd","timer","job","nrpe2nodexp-haproxy_alive","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":180,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"execution of nrpe2nodexp for the check_haproxy_alive command.","user":"nagios","group":"prometheus-node-exporter","ignore_errors":true,"command":"/usr/local/bin/nrpe2nodexp --alert-rule-hash \"0065d6c8589cde5ab0f2099cfdcb8eff\" --timeout 10 --check-command \"check_haproxy_alive\"","interval":[{"start":"OnUnitInactiveSec","interval":"1min"}],"splay":60,"fixed_random_delay":true,"logging_enabled":false,"syslog_identifier":"nrpe2nodexp-haproxy_alive","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","send_mail_only_on_error":true,"private_tmp":false,"success_exit_status":[]}},{"type":"Rsyslog::Conf","title":"nrpe2nodexp-haproxy_alive","tags":["rsyslog::conf","rsyslog","conf","nrpe2nodexp-haproxy_alive","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":197,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"nrpe2nodexp-haproxy_alive\" then {\n    if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n        # Send logs to kafka\n        set $.log_outputs = \"kafka ecs_170 local\";\n    } else {\n        # Filter out non-relevant nrpe2nodexp messages\n        stop\n    }\n}\n","priority":25,"mode":"0444"}},{"type":"File","title":"/var/lib/prometheus/node.d/check_haproxy_alive.prom","tags":["file","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":207,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/etc/tmpfiles.d/haproxy-secrets-tmpfile.conf","tags":["file","systemd::tmpfile","systemd","tmpfile","haproxy_secrets_tmpfile","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/tmpfile.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"d /run/haproxy-secrets 0700 haproxy haproxy -","mode":"0444","owner":"root","group":"root"}},{"type":"Exec","title":"Refresh tmpfile haproxy_secrets_tmpfile","tags":["exec","systemd::tmpfile","systemd","tmpfile","haproxy_secrets_tmpfile","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/tmpfile.pp","line":39,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemd-tmpfiles --create --remove '/etc/tmpfiles.d/haproxy-secrets-tmpfile.conf'","user":"root","refreshonly":true,"subscribe":"File[/etc/tmpfiles.d/haproxy-secrets-tmpfile.conf]"}},{"type":"Systemd::Unit","title":"haproxy_stek_job.service","tags":["systemd::unit","systemd","unit","haproxy_stek_job.service","systemd::timer::job","timer","job","haproxy_stek_job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=HAProxy STEK manager\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/haproxy-stek-manager /run/haproxy-secrets/stek.keys\n","unit":"haproxy_stek_job.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"haproxy_stek_job","tags":["systemd::timer","systemd","timer","haproxy_stek_job","systemd::timer::job","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"*-*-* 00/8:00:00"},{"start":"OnBootSec","interval":"0sec"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"haproxy_stek_job.service"}},{"type":"Systemd::Syslog","title":"haproxy_stek_job","tags":["systemd::syslog","systemd","syslog","haproxy_stek_job","systemd::timer::job","timer","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/etc/tmpfiles.d/haproxy-tls-material.conf","tags":["file","systemd::tmpfile","systemd","tmpfile","haproxy_tls_material","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/tmpfile.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"d  0700 haproxy haproxy -","mode":"0444","owner":"root","group":"root"}},{"type":"Class","title":"Acme_chief","tags":["class","acme_chief","acme_chief::cert","cert","unified","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown"},{"type":"Sslcert::Ca","title":"Lets_Encrypt_Authority_X3","tags":["sslcert::ca","sslcert","ca","lets_encrypt_authority_x3","class","acme_chief","acme_chief::cert","cert","unified","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/acme_chief/manifests/init.pp","line":8,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/acme_chief/lets-encrypt-x3-cross-signed.pem","ensure":"present"}},{"type":"Sslcert::Ca","title":"Lets_Encrypt_Authority_X4","tags":["sslcert::ca","sslcert","ca","lets_encrypt_authority_x4","class","acme_chief","acme_chief::cert","cert","unified","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/acme_chief/manifests/init.pp","line":15,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/acme_chief/lets-encrypt-x4-cross-signed.pem","ensure":"present"}},{"type":"File","title":"/etc/acmecerts","tags":["file","acme_chief::cert","acme_chief","cert","unified","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/acme_chief/manifests/cert.pp","line":22,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/acmecerts/unified","tags":["file","acme_chief::cert","acme_chief","cert","unified","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/acme_chief/manifests/cert.pp","line":41,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"haproxy","mode":"0640","recurse":true,"purge":true,"show_diff":false,"backup":false,"source":"puppet://deployment-acme-chief05.deployment-prep.eqiad1.wikimedia.cloud/acmedata/unified","force":true,"notify":["Service[haproxy]"]}},{"type":"File","title":"/etc/haproxy/tls-terminator-tls-plaintext-error.html","tags":["file","mediawiki::errorpage","mediawiki","errorpage","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mediawiki/manifests/errorpage.pp","line":106,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","content":"<!DOCTYPE html>\n<html lang=\"en\">\n<meta charset=\"utf-8\">\n<title>Wikimedia Error</title>\n<style>\n* { margin: 0; padding: 0; }\nbody { background: #fff; font: 15px/1.6 sans-serif; color: #333; }\n.content { margin: 7% auto 0; padding: 2em 1em 1em; max-width: 640px; display: flex; flex-direction: row; flex-wrap: wrap; }\n.footer { clear: both; margin-top: 14%; border-top: 1px solid #e5e5e5; background: #f9f9f9; padding: 2em 0; font-size: 0.8em; text-align: center; }\nimg { margin: 0 2em 2em 0; }\na img { border: 0; }\nh1 { margin-top: 1em; font-size: 1.2em; }\n.content-text { flex: 1; }\np { margin: 0.7em 0 1em 0; }\na { color: #0645ad; text-decoration: none; }\na:hover { text-decoration: underline; }\ncode { font-family: sans-serif; }\nsummary { font-weight: bold; cursor: pointer; }\ndetails[open] { background: #970302; color: #dfdedd; }\n.text-muted { color: #777; }\n@media (prefers-color-scheme: dark) {\n  a { color: #9e9eff; }\n  body { background: transparent; color: #ddd; }\n  .footer { border-top: 1px solid #444; background: #060606; }\n  #logo { filter: invert(1) hue-rotate(180deg); }\n  .text-muted { color: #888; }\n}\n</style>\n<meta name=\"color-scheme\" content=\"light dark\">\n<div class=\"content\" role=\"main\">\n<a href=\"https://www.wikimedia.org\"><img id=\"logo\" src=\"https://www.wikimedia.org/static/images/wmf-logo.png\" srcset=\"https://www.wikimedia.org/static/images/wmf-logo-2x.png 2x\" alt=\"Wikimedia\" width=\"135\" height=\"101\">\n</a>\n<div class=\"content-text\">\n<h1>Error</h1>\n\n<p>Insecure request forbidden, use HTTPS instead. For details see <a href=\"https://lists.wikimedia.org/hyperkitty/list/mediawiki-api-announce@lists.wikimedia.org/message/VKQJRS36NXLIMHOWBOXJPUH35KETQCG5/\">https://lists.wikimedia.org/hyperkitty/list/mediawiki-api-announce@lists.wikimedia.org/message/VKQJRS36NXLIMHOWBOXJPUH35KETQCG5/</a>.</p>\n</div>\n</div>\n</html>\n"}},{"type":"File","title":"/etc/haproxy/conf.d/tls.cfg","tags":["file","haproxy::site","haproxy","site","tls","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/site.pp","line":37,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# Pseudo-backends used only for statistics tracking.\nbackend httpreqrate\n    stick-table type ipv6  size 1m expire 300s store http_req_rate(10s),gpc_rate(10,300s)\n\n## LOGGING RINGS ##\n## END LOGGING RINGS ##\n\nlisten tls\n    log global\n    maxconn 199000\n    bind :443 tfo ssl crt-list /etc/haproxy/crt-list.cfg tls-ticket-keys /run/haproxy-secrets/stek.keys\n\n    bind :::443 tfo v6only ssl crt-list /etc/haproxy/crt-list.cfg tls-ticket-keys /run/haproxy-secrets/stek.keys\n\n    http-reuse always\n\n    # time to wait for a complete HTTP request, It only applies to the header part of the HTTP request (unless option http-buffer-request is used)\n    timeout http-request 3600s\n    # set the maximum allowed time to wait for a new HTTP request to appear\n    timeout http-keep-alive 120s\n    # set the maximum inactivity time on the client side\n    timeout client 120s\n    # inactivity timeout on the client side for half-closed connections\n    timeout client-fin 120s\n    # connect timeout against a backend server\n    timeout connect 3s\n    # set the maximum inactivity time on the server side\n    timeout server 180s\n    # timeout used after upgrading a connection (websockets) or after the first response when no keepalive/close option is specified\n    timeout tunnel 3600s\n\n    acl too_much_recent_concurrency sc0_gpc0_rate(httpreqrate) gt 0\n    http-request track-sc0 src table httpreqrate\n    http-request set-log-level silent if too_much_recent_concurrency\n    http-request silent-drop if too_much_recent_concurrency\n\n    capture request header Host len 255\n    capture request header Referer len 1024\n    capture request header User-Agent len 1024\n    capture request header Accept-Language len 1024\n    capture request header Range len 10\n    capture request header Accept len 64\n\n    # store a copy of the client headers before header normalization\n    http-request set-var(req.pristine_hdrs) req.hdrs\n\n    # populate txn variables used for logging purposes\n    http-response set-var(txn.content_type) res.fhdr(Content-Type)\n\n    # default values for x-cache and x-cache-status\n    http-request set-var(txn.x_cache) str(\"deployment-cache-text08 int\")\n    http-request set-var(txn.x_cache_status) str(\"int-tls\")\n    # override them with upstream headers\n    http-response set-var(txn.x_cache) res.fhdr(X-Cache) if { res.fhdr(X-Cache) -m found }\n    http-response set-var(txn.x_cache_status) res.fhdr(X-Cache-Status) if { res.fhdr(X-Cache-Status) -m found }\n\n    # default value for server\n    http-request set-var(txn.server) str(\"HAProxy\")\n    # override it with upstream header\n    http-response set-var(txn.server) res.fhdr(Server) if { res.fhdr(Server) -m found }\n\n\n    # Host normalization\n    # Use the host_only converter to remove eventual trailing port and\n    # lowercase it. Also, remove eventual trailing dot\n    http-request set-header Host %[req.fhdr(Host),host_only,rtrim(.)]\n\n    http-request set-var(txn.xwd_count) req.fhdr_cnt(X-Wikimedia-Debug)\n    http-request set-var(req.ciph) ssl_fc_cipher,regsub('^ECDHE-ECDSA-',''),regsub('^TLS_',''),regsub('_','-','g'),regsub('^CHACHA20-POLY1305$','CHACHA20-POLY1305-SHA256')\n    http-request set-var(req.auth) str(ECDSA)\n\n\n    # Bandwidth limiting filters\n\n    # Allowlist ACLs\n    acl wikimedia_trust src 172.16.0.0/12 127.0.0.0/8 ::1/128\n\n    # ACLs\n    acl too_many_concurrent_queries sc0_trackers(httpreqrate) ge 300\n    acl too_high_reqrate sc0_http_req_rate(httpreqrate) ge 5000\n    acl almost_too_many_concurrent_queries sc0_trackers(httpreqrate) ge 100\n    acl mark_as_too_much_concurrency sc0_inc_gpc0(httpreqrate) gt 0\n    acl missing_xwd var(txn.xwd_count) -m int eq 0\n    acl mathoid_as_a_service path -m beg /api/rest_v1/media/math/\n    acl allowed_methods method DELETE GET HEAD OPTIONS PATCH POST PUT\n\n    http-request set-var(req.h2) fc_http_major,even\n    http-request set-var-fmt(req.h2s) %[var(req.h2),iif(h2,h1)]\n    http-request set-var(req.sess) ssl_fc_is_resumed,iif(reused,new)\n\n    http-request set-header X-Client-IP \"%[src]\"\n    http-request set-header X-Client-Port \"%[src_port]\"\n    http-request set-header X-Forwarded-Proto \"https\"\n    http-request set-header X-Connection-Properties \"H2=%[var(req.h2)]; SSR=%[ssl_fc_is_resumed]; SSL=%[ssl_fc_protocol]; C=%[ssl_fc_cipher]; EC=UNKNOWN; KA=%[var(req.auth)];\"\n    http-request set-var-fmt(txn.tls) \"vers=%[ssl_fc_protocol];keyx=UNKNOWN;auth=%[var(req.auth)];ciph=%[var(req.ciph)];prot=%[var(req.h2s)];sess=%[var(req.sess)]\"\n    # avoid that external users can inject arbitrary X-Requestctl values\n    http-request set-header X-Requestctl \" \"\n\n    http-request set-var(txn.req_id,ifnotempty) req.fhdr(X-Request-Id) if wikimedia_trust\n    http-request set-var(txn.req_id,ifnotset) uuid()\n    http-request set-header X-Request-Id %[var(txn.req_id)]\n    http-after-response set-header X-Request-Id %[var(txn.req_id)]\n\n    http-request del-header tracestate if !wikimedia_trust\n    http-request del-header traceparent if !wikimedia_trust\n    http-request del-header X-Experiment-Enrollments\n    http-request del-header X-JWT-Sub\n\n    # Copy X-Analytics hdr into var to safely log it after deletion\n    http-response set-var(txn.x_analytics,ifnotempty) res.fhdr(X-Analytics)\n    http-response del-header X-Analytics if missing_xwd\n\n    http-response del-header Backend-Timing if missing_xwd\n    http-response del-header X-ATS-Timestamp if missing_xwd\n    http-response del-header X-Envoy-Upstream-Service-Time if missing_xwd\n    http-response del-header X-OpenStack-Request-ID if missing_xwd\n    http-response del-header X-Powered-By if missing_xwd\n    http-response del-header X-Timestamp if missing_xwd\n    http-response del-header X-Trans-Id if missing_xwd\n    http-response del-header X-Varnish if missing_xwd\n    http-response del-header traceparent if missing_xwd\n    http-response del-header tracestate if missing_xwd\n\n\n    # Provide Server header\n    http-after-response set-header Server %[var(txn.server)] unless { res.fhdr(Server) -m found }\n    # Provide X-Cache headers\n    http-after-response set-header X-Cache %[var(txn.x_cache)] unless { res.fhdr(X-Cache) -m found }\n    http-after-response set-header X-Cache-Status %[var(txn.x_cache_status)] unless { res.fhdr(X-Cache-Status) -m found }\n\n    # Allow only a subset of methods\n    http-after-response set-header Allow \"DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT\" unless allowed_methods\n    http-request deny deny_status 405 unless allowed_methods\n    # Allow OPTIONS method only with Origin header\n    http-request deny deny_status 405 if { method OPTIONS } !{ hdr(Origin) -m found }\n\n    # Set x-provenance\n    # First, we check if the request comes from our ring of trust, or is internal. We set:\n    # * net=wikimedia-trust if the request is coming from the wikimedia-trust subnet\n    # * net=internal if the request is coming from a private network\n    # If neither condition is met, the value will be looked up a map containing all\n    # requestctl-defined ipblocks, resulting in:\n    # * abuse=<value> if the request is coming from a known abuser\n    # * client=<value> if the request is coming from a known client ipblock\n    # * cloud=<value> if the request is coming from a known cloud\n    # If all of the above fails, we look up the ip in maxmind to fetch an isp value\n    # * isp=<value> if the IP matches the isp lookup in maxmind\n    # If this also fails, we have no information on the request and we'll set\n    # * net=unknown\n    # We only set the variable once\n    # Set X-Trusted-Request\n    # Provide a trust score from A to F, currently solely based on the source of the request\n    # A for net=wikimedia_trust|internal\n    # F for abuse=\n    # E otherwise\n    http-request set-var(req.provenance,ifnotexists) str('net=wikimedia-trust') if wikimedia_trust\n    acl is_private_network src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8 ::1\n    http-request set-var(req.provenance,ifnotexists) str('net=internal') if is_private_network\n    # AWS Elastic IPs used by the Wikimedia Enterprise project reported in the following tasks over time:\n    # T255524 T294798 T370294\n    acl is_wme_client src 3.23.12.83/32 3.211.48.168/32 44.206.140.241/32 35.168.168.219/32 35.172.30.169/32 3.222.74.115/32\n    http-request set-var(req.provenance,ifnotexists) str('net=wme') if is_wme_client\n    http-request set-var(req.trusted_request) str(A) if { var(req.provenance) -m found }\n    # check if the IP is included in one of our ipblocks\n    http-request set-var(req.provenance,ifnotexists,ifnotempty) src,map_ip(/etc/haproxy/ipblocks.d/all.map)\n    # ensure that WMCS is marked as trusted.\n    http-request set-var(req.trusted_request,ifnotexists) str(A) if { var(req.provenance) -m sub \"cloud=wmcs\" }\n    http-request set-var(req.trusted_request,ifnotexists) str(F) if { var(req.provenance) -m beg \"abuse=\" }\n    # If everything else failed, find an isp in maxmind\n    http-request set-var(req.provenance,ifnotexists,ifnotempty) lua.fetch_isp,lower,bytes(0,64)\n\n    # lookup failed\n    http-request set-var(req.provenance,ifnotset) str('net=unknown')\n\n    # Check if the request originates from a known datacenter.\n\n\n\n\n\n    # Set X-Provenance to its final authoritative value, if available.\n    http-request set-header X-Provenance %[var(req.provenance)] if { var(req.provenance) -m found }\n\n    # Image provenance.\n    # Set image link generator, possible values are defined by MediaWiki, See:\n    # https://wikitech.wikimedia.org/wiki/X-Image-Generator\n    http-request set-header X-Image-Generator %[url_param(utm_campaign)] if { url_param(utm_campaign) -m reg ^(parser|imageinfo|index|api|rest)$ }\n\n    # Requests with a valid token or coming from our web of trust don't get filtered at this layer.\n    acl is_trusted_request var(req.trusted_request) -m str A\n    acl is_identified_bot_request var(req.trusted_request) -m str B\n    acl is_auth_request var(req.trusted_request) -m str C\n\n    http-request set-var(req.bearer) http_auth_bearer if { req.fhdr(Authorization) -m found }\n    http-request set-var(req.bearer,ifnotset) req.cook(sessionJwt)\n    http-request set-var(req.jwt_alg) var(req.bearer),jwt_header_query('$.alg')\n    http-request set-var(req.exp,ifnotempty) var(req.bearer),jwt_payload_query('$.exp','int')\n    http-request set-var(req.exp,ifnotset) var(req.bearer),jwt_payload_query('$.sxp','int')\n    http-request set-var(req.now) date()\n    # validate the algorithm\n    acl is_valid_jwt_alg var(req.jwt_alg) -m str \"RS256\"\n    # validate the signature\n    acl is_valid_jwt_sig var(req.bearer),jwt_verify(req.jwt_alg,\"/etc/haproxy/jwt/mw-oauth-2025-07-31.key\") 1\n    # validate the exp date: this is part of the JWT payload so it should be validated after ensuring that the signature is valid\n    acl is_valid_jwt_exp_date var(req.exp),sub(req.now) -m int ge 0\n    # We exclude trusted (A) and bot (B) requests here to avoid downgrading to C, but we open the\n    # door for potential upgrades from F to C.\n    http-request set-var(req.trusted_request) str(C) if !is_trusted_request !is_identified_bot_request is_valid_jwt_alg is_valid_jwt_sig is_valid_jwt_exp_date\n    # If the jwt is correctly signed, save the subject in a header we will remove in varnish. This also applies to trusted requests.\n    http-request set-header X-JWT-Sub %[var(req.bearer),jwt_payload_query('$.sub')] if is_valid_jwt_alg is_valid_jwt_sig is_valid_jwt_exp_date\n\n    # Following configuration is used to classify clients as \"user|robot|other\" based on UA string\n    # Initialize req.ua_class\n    http-request set-var(req.ua_class) str(\"other\") if !is_trusted_request !is_identified_bot_request\n    # If UA contains a valid email or URL or User: info, extract it and save to a custom header\n    # Set the ua_class accordingly\n    http-request lua.set_contact_info if !is_trusted_request !is_identified_bot_request\n    acl has_contact_info var(req.contact_info) -m found\n    # Cleanup X-UA-Contact header\n    http-request del-header X-UA-Contact unless has_contact_info\n    http-request set-header X-UA-Contact %[var(req.contact_info)] if has_contact_info\n    http-request set-var(req.ua_class) str(\"robot\") if has_contact_info !is_trusted_request !is_identified_bot_request\n    # If UA matches the usual browser format set the ua_class accordingly\n    # (if it doesn't match a robot already)\n    http-request set-var(req.ua_class) str(\"user\") if !{ var(req.ua_class) -m str \"robot\" } { req.fhdr(User-Agent) -m reg -i \"^(Opera|Mozilla\\/[0-9]\\.[0-9].+\\(.+\\).*)\" } !is_trusted_request !is_identified_bot_request || !{ var(req.ua_class) -m str \"robot\" } { req.fhdr(User-Agent) -m reg \"MediaWiki\\/[0-9]\\.[0-9]+\" }\n    # bots that honour our UA and so have contact info go in class D, unless set to another value before. This means that requests coming from abusive networks will\n    # still get an F score.\n    http-request set-var(req.trusted_request,ifnotexists) str(D) if { var(req.ua_class) -m str \"robot\" }\n\n    # Fall back to E if no trust score has been determined yet and set X-Trusted-Request to its\n    # final authoritative value.\n    http-request set-var(req.trusted_request,ifnotexists) str(E)\n    http-request set-header X-Trusted-Request %[var(req.trusted_request)]\n\n    # Global concurrency enforcement\n    http-request set-var-fmt(req.dummy_silent_drop) \"src=%[src];ja3n=%[var(sess.fingerprint_ja3n)]\" if !is_trusted_request !mathoid_as_a_service !too_much_recent_concurrency too_many_concurrent_queries\n    http-request set-var-fmt(req.dummy_silent_drop) \"src=%[src];ja3n=%[var(sess.fingerprint_ja3n)]\" if !is_trusted_request !mathoid_as_a_service !too_much_recent_concurrency too_high_reqrate almost_too_many_concurrent_queries\n    http-request set-var(req.dummy_silent_drop) var(req.dummy_silent_drop),debug(silent-drop_for_300s,stderr) if !is_trusted_request !mathoid_as_a_service !too_much_recent_concurrency too_many_concurrent_queries   # exists only for logging side-effect\n    http-request set-var(req.dummy_silent_drop) var(req.dummy_silent_drop),debug(silent-drop_for_300s,stderr) if !is_trusted_request !mathoid_as_a_service !too_much_recent_concurrency too_high_reqrate almost_too_many_concurrent_queries   # exists only for logging side-effect\n    # TO DISABLE CONCURRENCY ENFORCEMENT, JUST COMMENT THE FOLLOWING LINES\n    http-request silent-drop if !is_trusted_request !mathoid_as_a_service too_many_concurrent_queries mark_as_too_much_concurrency\n    http-request silent-drop if !is_trusted_request !mathoid_as_a_service too_high_reqrate almost_too_many_concurrent_queries mark_as_too_much_concurrency\n\n\n\n\n\n\n    option forwardfor\n\n    server backend_server unix@/run/varnish-privileged.socket\n\n\n\n\nfrontend stats\n    no log\n    maxconn 1000\n    bind :9422\n    bind :::9422 v6only\n    http-request use-service prometheus-exporter if { path /metrics }\n    stats enable\n    stats uri /stats\n    stats refresh 10s\n    # Explicitly avoid keep-alive to prevent Prometheus scrapers from\n    # reusing indefinitelly the same TCP connection. See T343000\n    http-after-response set-header Connection Close\n","notify":"Service[haproxy]"}},{"type":"File","title":"/etc/haproxy/conf.d/redirection-port.cfg","tags":["file","haproxy::site","haproxy","site","redirection_port","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/haproxy/manifests/site.pp","line":37,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"backend httpreqrate_http\n    stick-table type ipv6  size 1m expire 300s store http_req_rate(10s),gpc_rate(10,300s)\n\nfrontend http\n    log global\n    maxconn 2000\n    bind :80\n    bind :::80 v6only\n\n    # Needed for logging purposes\n    capture request header Host len 255\n    capture request header Referer len 1024\n    capture request header User-Agent len 1024\n    capture request header Accept-Language len 1024\n    capture request header Range len 10\n    capture request header Accept len 64\n\n    http-request set-var(txn.server) str(\"HAProxy\")\n    http-request set-var(txn.x_cache) str(\"deployment-cache-text08 int\")\n    http-request set-var(txn.x_cache_status) str(\"int-tls\")\n\n    # we can be rather aggresive regarding timeouts here as only impact http to https redirections\n    # time to wait for a complete HTTP request, It only applies to the header part of the HTTP request (unless option http-buffer-request is used)\n    timeout http-request 3s\n    # set the maximum allowed time to wait for a new HTTP request to appear\n    timeout http-keep-alive 3s\n    # set the maximum inactivity time on the client side\n    timeout client 3s\n    # inactivity timeout on the client side for half-closed connections\n    timeout client-fin 1s\n\n    acl too_many_concurrent_queries sc0_trackers(httpreqrate_http) ge 400\n    acl too_much_recent_concurrency sc0_gpc0_rate(httpreqrate_http) gt 0\n    acl mark_as_too_much_concurrency sc0_inc_gpc0(httpreqrate_http) gt 0\n\n    http-request set-var(req.dummy_silent_drop_port80) src,debug(silent-drop_port80_for_300s,stderr) if too_many_concurrent_queries !too_much_recent_concurrency\n\n    http-request track-sc0 src table httpreqrate_http\n    # TO DISABLE CONCURRENCY ENFORCEMENT, COMMENT THE FOLLOWING LINE\n    http-request silent-drop if too_much_recent_concurrency || too_many_concurrent_queries mark_as_too_much_concurrency\n\n    # Populate x_analytics variable for logging purpose\n    # set the var to 1 if client didn't sent any cookie\n    http-request set-var(req.nocookies) req.cook_cnt,bool,not\n    http-request set-var-fmt(txn.x_analytics) \"https=0;client_port=%[src_port];nocookies=%[var(req.nocookies)]\"\n\n\n    # Provide Server header\n    http-after-response set-header Server %[var(txn.server)]\n    # Provide X-Cache headers\n    http-after-response set-header X-Cache %[var(txn.x_cache)]\n    http-after-response set-header X-Cache-Status %[var(txn.x_cache_status)]\n\n    # METH_GET is a predefined ACL that includes GET and HEAD requests\n    # http://docs.haproxy.org/2.6/configuration.html#7.4\n    http-request redirect scheme https code 301 if METH_GET\n    http-request deny status 403 content-type text/html file /etc/haproxy/tls-terminator-tls-plaintext-error.html\n","notify":"Service[haproxy]"}},{"type":"Service","title":"haproxy-mtail@tls.socket","tags":["service","systemd::service","systemd","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Unit","title":"haproxy-mtail@tls.socket","tags":["systemd::unit","systemd","unit","systemd::service","service","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=rsyslog<->mtail FIFO (instance %i)\n# rsyslog requires the fifo to be created before it's started\n# https://www.rsyslog.com/doc/v8-stable/configuration/modules/ompipe.html\nBefore=rsyslog.service\n\n[Socket]\nListenFIFO=/var/log/haproxy.fifo\nSocketMode=700\nSocketUser=root\nPipeSize=1M\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"haproxy-mtail@tls.socket","require":["Class[Systemd]"]}},{"type":"Service","title":"haproxy-mtail@tls","tags":["service","systemd::service","systemd","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Unit","title":"haproxy-mtail@tls","tags":["systemd::unit","systemd","unit","systemd::service","service","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=HAProxy mtail instance %i\nAfter=haproxy-mtail@%i.socket\nRequires=haproxy-mtail@%i.socket\n\n[Service]\nType=simple\nExecStart=/usr/bin/mtail --progs /etc/haproxymtail --port 3906 -logs /var/log/haproxy.fifo -disable_fsnotify --logtostderr\nExecReload=/bin/kill -SIGHUP $MAINPID\nRestart=on-failure\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"haproxy-mtail@tls","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/20-haproxy-tls.conf","tags":["file","rsyslog::conf","rsyslog","conf","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"input(type=\"imuxsock\"\n      Socket=\"/var/lib/haproxy/dev/log\"\n      CreatePath=\"on\"\n)\n# forward haproxy logs to the FIFO and stop them from being logged on disk if severity is lower than emergency\nif $programname == \"haproxy\" then {\n    action(type=\"ompipe\" Pipe=\"/var/log/haproxy.fifo\")\n    if $syslogseverity > 0 then {\n        stop\n    }\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"Class","title":"Mtail","tags":["class","mtail","mtail::program","program","cache_haproxy","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"service_ensure":"absent","logs":["/var/log/syslog"],"port":3903,"group":"root","from_component":false,"additional_args":""}},{"type":"Package","title":"mtail","tags":["package","mtail","class","mtail::program","program","cache_haproxy","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/init.pp","line":28,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/etc/default/mtail","tags":["file","class","mtail","mtail::program","program","cache_haproxy","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/init.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0444","content":"# Arguments used by SysV init script, systemd service file uses only EXTRA_ARGS\n#PORT=3903\n#LOGS=/var/log/syslog\n\nEXTRA_ARGS=\"-disable_fsnotify -logs /var/log/syslog -port 3903 \"\n","notify":"Service[mtail]","owner":"root","group":"root"}},{"type":"Systemd::Service","title":"mtail","tags":["systemd::service","systemd","service","mtail","class","mtail::program","program","cache_haproxy","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/init.pp","line":40,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Service]\nExecStart=\nExecStart=/usr/bin/mtail -progs /etc/mtail -logtostderr $EXTRA_ARGS\nGroup=root\nLimitNOFILE=16384\n","override":true,"restart":true,"unit_type":"service","monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/etc/haproxymtail","tags":["file","mtail::program","mtail","program","cache_haproxy","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":35,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/haproxymtail/cache_haproxy.mtail","tags":["file","mtail::program","mtail","program","cache_haproxy","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/mtail/programs/cache_haproxy.mtail","notify":"Service[haproxy-mtail@tls]","require":"File[/etc/haproxymtail]","owner":"root","group":"root"}},{"type":"Exec","title":"mask_varnishncsa.service","tags":["exec","mask_varnishncsa.service","systemd::mask","systemd","mask","varnishncsa.service","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/mask.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl mask varnishncsa.service","creates":"/etc/systemd/system/varnishncsa.service"}},{"type":"Exec","title":"mask_varnishlog.service","tags":["exec","mask_varnishlog.service","systemd::mask","systemd","mask","varnishlog.service","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/mask.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl mask varnishlog.service","creates":"/etc/systemd/system/varnishlog.service"}},{"type":"Systemd::Unit","title":"wmfuniq-experiment-fetcher.service","tags":["systemd::unit","systemd","unit","wmfuniq-experiment-fetcher.service","systemd::timer::job","timer","job","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=fetch edge uniques experiments configuration\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nEnvironment=\"MAILTO=sre-traffic@wikimedia.org\"\nSyslogIdentifier=wmfuniq-experiment-fetcher\nExecStart=/usr/local/bin/systemd-timer-mail-wrapper --subject wmfuniq-experiment-fetcher --mail-to root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud --only-on-error /usr/local/bin/wmfuniq-experiment-fetcher /etc/varnish/uniques.json\n","unit":"wmfuniq-experiment-fetcher.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmfuniq-experiment-fetcher","tags":["systemd::timer","systemd","timer","wmfuniq-experiment-fetcher","systemd::timer::job","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"minutely"}],"splay":59,"fixed_random_delay":true,"accuracy":"1s","unit_name":"wmfuniq-experiment-fetcher.service"}},{"type":"Systemd::Syslog","title":"wmfuniq-experiment-fetcher","tags":["systemd::syslog","systemd","syslog","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Systemd::Monitor","title":"wmfuniq-experiment-fetcher","tags":["systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":249,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","contact_group":"admins","check_interval":10,"retries":2,"critical":false,"migration_task":"T407130"}},{"type":"Class","title":"Confd","tags":["class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"ensure":"present","instances":{"main":{}}}},{"type":"Package","title":"confd","tags":["package","confd","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":11,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","provider":"apt"}},{"type":"Package","title":"python3-toml","tags":["package","python3-toml","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":14,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/usr/local/bin/confd-lint-wrap","tags":["file","class","confd","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":19,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0555","source":"puppet:///modules/confd/confd-lint-wrap.py","owner":"root","group":"root"}},{"type":"Nrpe::Plugin","title":"check_confd_lint","tags":["nrpe::plugin","nrpe","plugin","check_confd_lint","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":25,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/confd/check_confd_lint.sh","ensure":"present"}},{"type":"Systemd::Tmpfile","title":"/var/run/confd-template","tags":["systemd::tmpfile","systemd","tmpfile","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":34,"exported":false,"kind":"defined_type","parameters":{"content":"d /var/run/confd-template 0755 root root","ensure":"present","owner":"root","group":"root"}},{"type":"Systemd::Timer::Job","title":"clean-confd-rundir","tags":["systemd::timer::job","systemd","timer","job","clean-confd-rundir","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":38,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Clean old stale files in /var/run/confd-template","user":"root","interval":{"start":"OnCalendar","interval":"*:0/30"},"command":"/usr/bin/find /var/run/confd-template -type f -mtime +30 -delete","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Nrpe::Plugin","title":"check_confd_template","tags":["nrpe::plugin","nrpe","plugin","check_confd_template","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":47,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/confd/check_confd_template","ensure":"present"}},{"type":"File","title":"/usr/local/bin/confd-prometheus-metrics","tags":["file","class","confd","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":52,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0555","source":"puppet:///modules/confd/confd_prometheus_metrics.py","owner":"root","group":"root"}},{"type":"Logrotate::Conf","title":"confd","tags":["logrotate::conf","logrotate","conf","confd","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":59,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","source":"puppet:///modules/confd/logrotate.conf"}},{"type":"Rsyslog::Conf","title":"confd","tags":["rsyslog::conf","rsyslog","conf","confd","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":64,"exported":false,"kind":"defined_type","parameters":{"source":"puppet:///modules/confd/rsyslog.conf","priority":20,"require":"File[/etc/logrotate.d/confd]","ensure":"present","mode":"0444"}},{"type":"Confd::Instance","title":"main","tags":["confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/init.pp","line":70,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","running":true,"backend":"etcd","srv_dns":"deployment-prep.eqiad1.wikimedia.cloud","scheme":"https","interval":3}},{"type":"File","title":"/etc/confd/templates/_etc_varnish_directors.frontend.vcl.tmpl","tags":["file","confd::file","confd","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/file.pp","line":62,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","mode":"0400","content":"new cache_local = directors.shard();\nnew cache_local_random = directors.random();\n\n{{range $node := ls \"/conftool/v1/pools/eqiad/cache_text/ats-be/\"}}{{ $key := printf \"/conftool/v1/pools/eqiad/cache_text/ats-be/%s\" $node }}{{ $data := json (getv $key) }}{{ if eq $data.pooled \"yes\" }}\ncache_local.add_backend(be_{{ $parts := split $node \".\" }}{{ join $parts \"_\" }});\ncache_local_random.add_backend(be_{{ $parts := split $node \".\" }}{{ join $parts \"_\" }}, {{ $data.weight }});\n{{end}}{{end}}\n\n\ncache_local.reconfigure();\n","require":"Package[confd]","before":"File[/etc/confd/conf.d/_etc_varnish_directors.frontend.vcl.toml]","owner":"root","group":"root"}},{"type":"File","title":"/etc/confd/conf.d/_etc_varnish_directors.frontend.vcl.toml","tags":["file","confd::file","confd","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/file.pp","line":71,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# This file is managed by Puppet!\n# Confd config file for /etc/varnish/directors.frontend.vcl\n\n[template]\nsrc = \"_etc_varnish_directors.frontend.vcl.tmpl\"\ndest = \"/etc/varnish/directors.frontend.vcl\"\n\n\nmode = \"0444\"\n\nkeys = [\n        \"/conftool/v1/pools/eqiad/cache_text/ats-be\",\n    ]\n\n\n\nreload_cmd = \"/usr/local/bin/confd-reload-vcl varnish-frontend -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl\"\n","notify":"Service[confd]","owner":"root","group":"root"}},{"type":"File","title":"/etc/varnish/directors.frontend.vcl","tags":["file","confd::file","confd","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/file.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"Sysctl::Conffile","title":"maximum map count","tags":["sysctl::conffile","sysctl","conffile","sysctl::parameters","parameters","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/parameters.pp","line":63,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nvm.max_map_count = 262120\n","priority":70,"no_priority_prefix":false}},{"type":"Systemd::Unit","title":"prometheus_varnishd_mmap_count.service","tags":["systemd::unit","systemd","unit","prometheus_varnishd_mmap_count.service","systemd::timer::job","timer","job","prometheus_varnishd_mmap_count","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Regular job to collect number of varnishd memory map areas\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-varnishd_mmap_count varnish-frontend.service /var/lib/prometheus/node.d/varnishd_mmap_count.prom\n","unit":"prometheus_varnishd_mmap_count.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"prometheus_varnishd_mmap_count","tags":["systemd::timer","systemd","timer","prometheus_varnishd_mmap_count","systemd::timer::job","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"minutely"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"prometheus_varnishd_mmap_count.service"}},{"type":"Systemd::Syslog","title":"prometheus_varnishd_mmap_count","tags":["systemd::syslog","systemd","syslog","prometheus_varnishd_mmap_count","systemd::timer::job","timer","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Systemd::Unit","title":"prometheus_sysctl.service","tags":["systemd::unit","systemd","unit","prometheus_sysctl.service","systemd::timer::job","timer","job","prometheus_sysctl","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Regular job to collect select sysctl keys/values\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-sysctl /var/lib/prometheus/node.d/sysctl.prom\n","unit":"prometheus_sysctl.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"prometheus_sysctl","tags":["systemd::timer","systemd","timer","prometheus_sysctl","systemd::timer::job","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"*:0/5"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"prometheus_sysctl.service"}},{"type":"Systemd::Syslog","title":"prometheus_sysctl","tags":["systemd::syslog","systemd","syslog","prometheus_sysctl","systemd::timer::job","timer","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/var/lib/prometheus/node.d/varnish_params.prom","tags":["file","prometheus::node_varnish_params","prometheus","node_varnish_params","prometheus-varnish-params","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_varnish_params.pp","line":20,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","mode":"0444","owner":"root","group":"root","content":"# HELP varnish_param_threads_max Total maximum number of threads\n# TYPE varnish_param_threads_max gauge\nvarnish_param_threads_max 10000\n"}},{"type":"File","title":"/usr/local/bin/prometheus-file-count","tags":["file","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_file_count.pp","line":38,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/prometheus/usr/local/bin/prometheus-file-count.py"}},{"type":"Systemd::Timer::Job","title":"track_vcache_fds","tags":["systemd::timer::job","systemd","timer","job","track_vcache_fds","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_file_count.pp","line":49,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Regular job to collect file count metrics","user":"root","command":"/usr/local/bin/prometheus-file-count --outfile /var/lib/prometheus/node.d/vcache_fds.prom --metric node_varnish_filedescriptors_total \"/proc/$(pgrep -u vcache)/fd\"","interval":{"start":"OnCalendar","interval":"minutely"},"require":"Class[Prometheus::Node_exporter]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Varnish::Wikimedia_vcl","title":"normalize_path -frontend","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":86,"exported":false,"kind":"defined_type","parameters":{"generate_extra_vcl":true,"vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"before":"Service[varnish-frontend]","varnish_testing":false,"backend_caches":[],"backend_options":{},"dynamic_backend_caches":true,"is_separate_vcl":false,"etcd_filters":false,"private_repo":false,"ip_reputation":false,"wikimedia_nets":[],"wikimedia_trust":[],"wikimedia_domains":[],"wmcs_domains":[],"privileged_uds":"/run/varnish-privileged.socket","ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false}}},{"type":"Varnish::Wikimedia_vcl","title":"geoip -frontend","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":86,"exported":false,"kind":"defined_type","parameters":{"generate_extra_vcl":true,"vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"before":"Service[varnish-frontend]","varnish_testing":false,"backend_caches":[],"backend_options":{},"dynamic_backend_caches":true,"is_separate_vcl":false,"etcd_filters":false,"private_repo":false,"ip_reputation":false,"wikimedia_nets":[],"wikimedia_trust":[],"wikimedia_domains":[],"wmcs_domains":[],"privileged_uds":"/run/varnish-privileged.socket","ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false}}},{"type":"Varnish::Wikimedia_vcl","title":"/etc/varnish/wikimedia_text-frontend.vcl","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":93,"exported":false,"kind":"defined_type","parameters":{"require":"File[/etc/varnish/text-frontend.inc.vcl]","template_path":"varnish/wikimedia-frontend.vcl.erb","vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"backend_caches":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"],"backend_options":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"dynamic_backend_caches":false,"vcl":"text-frontend","is_separate_vcl":false,"wikimedia_nets":["172.16.0.0/12","127.0.0.0/8","::1/128","172.16.0.0/12"],"wikimedia_trust":["172.16.0.0/12","127.0.0.0/8","::1/128"],"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"etcd_filters":false,"private_repo":false,"ip_reputation":false,"privileged_uds":"/run/varnish-privileged.socket","ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false},"varnish_testing":false,"generate_extra_vcl":false}},{"type":"Varnish::Wikimedia_vcl","title":"/usr/share/varnish/tests/wikimedia_text-frontend.vcl","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":118,"exported":false,"kind":"defined_type","parameters":{"require":"File[/usr/share/varnish/tests]","varnish_testing":true,"template_path":"varnish/wikimedia-frontend.vcl.erb","vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"backend_caches":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"],"backend_options":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"dynamic_backend_caches":false,"vcl":"text-frontend","is_separate_vcl":false,"wikimedia_nets":["172.16.0.0/12","127.0.0.0/8","::1/128","172.16.0.0/12"],"wikimedia_trust":["172.16.0.0/12","127.0.0.0/8","::1/128"],"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"etcd_filters":false,"private_repo":false,"ip_reputation":false,"privileged_uds":"/run/varnish-privileged.socket","ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false},"generate_extra_vcl":false}},{"type":"Varnish::Wikimedia_vcl","title":"/etc/varnish/text-frontend.inc.vcl","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":139,"exported":false,"kind":"defined_type","parameters":{"template_path":"varnish/text-frontend.inc.vcl.erb","notify":"Exec[load-new-vcl-file-frontend]","vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"backend_caches":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"],"backend_options":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"dynamic_backend_caches":false,"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"etcd_filters":false,"private_repo":false,"ip_reputation":false,"ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false},"varnish_testing":false,"generate_extra_vcl":false,"is_separate_vcl":false,"wikimedia_nets":[],"wikimedia_trust":[],"privileged_uds":"/run/varnish-privileged.socket"}},{"type":"Varnish::Wikimedia_vcl","title":"/usr/share/varnish/tests/text-frontend.inc.vcl","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":154,"exported":false,"kind":"defined_type","parameters":{"require":"File[/usr/share/varnish/tests]","varnish_testing":true,"template_path":"varnish/text-frontend.inc.vcl.erb","vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"backend_caches":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"],"backend_options":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"dynamic_backend_caches":false,"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"etcd_filters":false,"private_repo":false,"ip_reputation":false,"ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false},"generate_extra_vcl":false,"is_separate_vcl":false,"wikimedia_nets":[],"wikimedia_trust":[],"privileged_uds":"/run/varnish-privileged.socket"}},{"type":"Varnish::Wikimedia_vcl","title":"/etc/varnish/wikimedia_misc-frontend.vcl","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":93,"exported":false,"kind":"defined_type","parameters":{"require":"File[/etc/varnish/misc-frontend.inc.vcl]","template_path":"varnish/wikimedia-frontend.vcl.erb","vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"backend_caches":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"],"backend_options":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"dynamic_backend_caches":false,"vcl":"misc-frontend","is_separate_vcl":true,"wikimedia_nets":["172.16.0.0/12","127.0.0.0/8","::1/128","172.16.0.0/12"],"wikimedia_trust":["172.16.0.0/12","127.0.0.0/8","::1/128"],"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"etcd_filters":false,"private_repo":false,"ip_reputation":false,"privileged_uds":"/run/varnish-privileged.socket","ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false},"varnish_testing":false,"generate_extra_vcl":false}},{"type":"Varnish::Wikimedia_vcl","title":"/usr/share/varnish/tests/wikimedia_misc-frontend.vcl","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":118,"exported":false,"kind":"defined_type","parameters":{"require":"File[/usr/share/varnish/tests]","varnish_testing":true,"template_path":"varnish/wikimedia-frontend.vcl.erb","vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"backend_caches":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"],"backend_options":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"dynamic_backend_caches":false,"vcl":"misc-frontend","is_separate_vcl":true,"wikimedia_nets":["172.16.0.0/12","127.0.0.0/8","::1/128","172.16.0.0/12"],"wikimedia_trust":["172.16.0.0/12","127.0.0.0/8","::1/128"],"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"etcd_filters":false,"private_repo":false,"ip_reputation":false,"privileged_uds":"/run/varnish-privileged.socket","ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false},"generate_extra_vcl":false}},{"type":"Varnish::Wikimedia_vcl","title":"/etc/varnish/misc-frontend.inc.vcl","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":139,"exported":false,"kind":"defined_type","parameters":{"template_path":"varnish/misc-frontend.inc.vcl.erb","notify":"Exec[load-new-vcl-file-frontend]","vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"backend_caches":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"],"backend_options":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"dynamic_backend_caches":false,"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"etcd_filters":false,"private_repo":false,"ip_reputation":false,"ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false},"varnish_testing":false,"generate_extra_vcl":false,"is_separate_vcl":false,"wikimedia_nets":[],"wikimedia_trust":[],"privileged_uds":"/run/varnish-privileged.socket"}},{"type":"Varnish::Wikimedia_vcl","title":"/usr/share/varnish/tests/misc-frontend.inc.vcl","tags":["varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":154,"exported":false,"kind":"defined_type","parameters":{"require":"File[/usr/share/varnish/tests]","varnish_testing":true,"template_path":"varnish/misc-frontend.inc.vcl.erb","vcl_config":{"block_help":"see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.","purge_host_regex":"^.*\\.beta\\.wmcloud\\.org$","static_host":"en.wikipedia.beta.wmcloud.org","top_domain":"beta.wmcloud.org","shortener_domain":"w.beta.wmcloud.org","upload_domain":"upload.wikimedia.beta.wmcloud.org","upload_webp_hits_threshold":1000,"maps_domain":"maps.wikimedia.beta.wmcloud.org","measure_domain_regex":"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$","varnish_probe_ms":100,"keep":"1d","public_clouds_shutdown":false,"large_objects_cutoff":262144,"req_handling":{"default":{"caching":"normal"}},"alternate_domains":{"config-master.wikimedia.beta.wmcloud.org":{"caching":"pass"},"performance.wikimedia.beta.wmcloud.org":{"caching":"normal"},"stream.wikimedia.beta.wmcloud.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}},"stream.wikimedia.beta.wmflabs.org":{"caching":"normal","subpaths":{"^/v2/stream/.+":{"caching":"pipe"}}}},"fe_mem_gb":1,"do_esitest":false,"beacon_uri_regex":"^/beacon\\/(?!event)[^/?]+","do_edge_uniques":true,"edge_uniques_key_path":"/etc/varnish/uniques.d/keys.cfg","edge_uniques_cfg_path":"/etc/varnish/uniques.json"},"backend_caches":["deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud"],"backend_options":{"port":3128,"connect_timeout":"3s","first_byte_timeout":"65s","between_bytes_timeout":"33s","max_connections":5000,"probe":"varnish"},"dynamic_backend_caches":false,"wikimedia_domains":["wikipedia.org","wikimedia.org","wikibooks.org","wikinews.org","wikiquote.org","wikisource.org","wikiversity.org","wikivoyage.org","wikidata.org","wikimediafoundation.org","wikiworkshop.org","wiktionary.org","mediawiki.org","wmfusercontent.org","w.wiki"],"wmcs_domains":["wmflabs.org","toolforge.org","wmcloud.org"],"etcd_filters":false,"private_repo":false,"ip_reputation":false,"ratelimit_flags":{"auth":false,"known":false,"bots":false,"unid":false,"browser":false},"generate_extra_vcl":false,"is_separate_vcl":false,"wikimedia_nets":[],"wikimedia_trust":[],"privileged_uds":"/run/varnish-privileged.socket"}},{"type":"Systemd::Service","title":"varnish-frontend","tags":["systemd::service","systemd","service","varnish-frontend","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":189,"exported":false,"kind":"defined_type","parameters":{"content":"[Unit]\nDescription=%p (Varnish HTTP Accelerator)\n\n[Service]\nType=forking\nLimitNOFILE=500000\nLimitMEMLOCK=90000\nLimitRTPRIO=infinity\n# https://phabricator.wikimedia.org/T208574\nTasksMax=infinity\n### start sec settings\nPrivateTmp=true\nPrivateDevices=true\nProtectSystem=full\nProtectHome=true\nNoNewPrivileges=true\n# No special powers for root with the exception of the following.\n# See capabilities(7).\nCapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_CHOWN CAP_NET_BIND_SERVICE CAP_KILL CAP_DAC_OVERRIDE\n### end sec settings\nPIDFile=%t/%p.pid\nRestart=on-failure\nKillMode=process\nEnvironment=\"CC_COMMAND=exec gcc -std=gnu99 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -pthread -fpic -shared -Wl,-x -L/usr/local/lib/ -o %%o %%s -lmaxminddb -lsodium\"\n# rsyslog will see this in $programname\nSyslogIdentifier=varnish-frontend\nExecReload=/usr/local/sbin/reload-vcl -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl\n# We start varnishd(1) without specifying a VCL file (-f ''). Use reload-vcl in\n# ExecStartPost to load and label separate VCL files first, and the main one\n# last. This is necessary given that the main VCL file might reference the\n# label of separate VCLs, and would otherwise fail to compile if loaded\n# directly with -f.\nExecStartPost=/usr/local/sbin/reload-vcl -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl --start-child\n# thread_pools * thread_pool_max = maximum number of threads spawned.\nExecStart=/usr/sbin/varnishd \\\n-P %t/%p.pid \\\n-a 127.0.0.1:3127 \\\n-a /run/varnish-frontend-0.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-1.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-2.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-3.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-4.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-5.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-6.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-7.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-privileged.socket,user=haproxy,group=root,mode=0222 \\\n-T 127.0.0.1:6082 \\\n-f '' \\\n-p thread_pool_min=250 \\\n-p thread_pool_max=5000 \\\n-p thread_pool_timeout=120 \\\n-p vsl_reclen=2048 \\\n-p workspace_backend=128k \\\n-p vcc_allow_inline_c=true \\\n-S /etc/varnish/secret \\\n-s malloc,1G  \\\n-p transit_buffer=1M \\\n-p thread_pool_stack=131072 \\\n-p listen_depth=16384 -p vcc_err_unref=off \\\n-p http_req_size=24576 \\\n-p gzip_level=8 \\\n-p gzip_memlevel=9 \\\n-p default_ttl=3600 \\\n-n frontend \\\n-l 160M \\\n-p cc_command=${CC_COMMAND}\n\n[Install]\nWantedBy=multi-user.target\n","service_params":{"tag":"varnish_instance","enable":true,"require":["Package[varnish]","Mount[/var/lib/varnish]",["File[/etc/varnish/text-frontend.inc.vcl]","File[/etc/varnish/wikimedia_text-frontend.vcl]","File[/etc/varnish/normalize_path.inc.vcl]","File[/etc/varnish/geoip.inc.vcl]","File[/etc/varnish/wikimedia_misc-frontend.vcl]"]]},"ensure":"present","unit_type":"service","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"migration_task":"T407130"}},{"type":"Systemd::Service","title":"varnish-frontend-slowlog","tags":["systemd::service","systemd","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":202,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Varnish frontend Slow Requests\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishslowlog  --varnishd-instance-name frontend  --slow-threshold 60.0\nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","restart":true,"service_params":{"require":"Service[varnish-frontend]","enable":true},"require":"File[/usr/local/bin/varnishslowlog]","subscribe":["File[/usr/local/bin/varnishslowlog]","File[/usr/local/lib/python3.9/dist-packages/wikimedia_varnishlogconsumer.py]"],"unit_type":"service","override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"migration_task":"T407130"}},{"type":"Profile::Auto_restarts::Service","title":"varnish-frontend-slowlog","tags":["profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":217,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Systemd::Service","title":"varnish-frontend-hospital","tags":["systemd::service","systemd","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":219,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Varnish frontend Origin Servers Health\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishospital  --varnishd-instance-name frontend \nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","restart":true,"service_params":{"require":"Service[varnish-frontend]","enable":true},"subscribe":["File[/usr/local/bin/varnishospital]","File[/usr/local/lib/python3.9/dist-packages/wikimedia_varnishlogconsumer.py]"],"unit_type":"service","override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"migration_task":"T407130"}},{"type":"Profile::Auto_restarts::Service","title":"varnish-frontend-hospital","tags":["profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":233,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Systemd::Service","title":"varnish-frontend-fetcherr","tags":["systemd::service","systemd","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":235,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Varnish frontend Fetch Errors\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishfetcherr  --varnishd-instance-name frontend \nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","restart":true,"service_params":{"require":"Service[varnish-frontend]","enable":true},"subscribe":["File[/usr/local/bin/varnishfetcherr]","File[/usr/local/lib/python3.9/dist-packages/wikimedia_varnishlogconsumer.py]"],"unit_type":"service","override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"migration_task":"T407130"}},{"type":"Profile::Auto_restarts::Service","title":"varnish-frontend-fetcherr","tags":["profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":249,"exported":false,"kind":"defined_type","parameters":{"ensure":"present"}},{"type":"Exec","title":"load-new-vcl-file-frontend","tags":["exec","load-new-vcl-file-frontend","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":256,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/local/sbin/reload-vcl -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl || (touch /var/tmp/reload-vcl-failed-frontend; false)","require":"Service[varnish-frontend]","subscribe":["Class[Varnish::Common::Vcl]","Class[Varnish::Common::Errorpage]","Class[Varnish::Common::Browsersec]","File[/etc/varnish/text-frontend.inc.vcl]","File[/etc/varnish/wikimedia_text-frontend.vcl]","File[/etc/varnish/normalize_path.inc.vcl]","File[/etc/varnish/geoip.inc.vcl]","File[/etc/varnish/wikimedia_misc-frontend.vcl]"],"unless":"test -f /var/tmp/reload-vcl-failed-frontend","path":"/bin:/usr/bin","refreshonly":true}},{"type":"Exec","title":"retry-load-new-vcl-file-frontend","tags":["exec","retry-load-new-vcl-file-frontend","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/instance.pp","line":270,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/local/sbin/reload-vcl -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl && (rm /var/tmp/reload-vcl-failed-frontend; true)","require":"Exec[load-new-vcl-file-frontend]","onlyif":"test -f /var/tmp/reload-vcl-failed-frontend","path":"/bin:/usr/bin"}},{"type":"Package","title":"prometheus-varnish-exporter","tags":["package","prometheus-varnish-exporter","prometheus::varnish_exporter","prometheus","varnish_exporter","frontend","class","profile::prometheus::varnish_exporter","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/varnish_exporter.pp","line":15,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"Exec","title":"mask_default_varnish_exporter_frontend","tags":["exec","mask_default_varnish_exporter_frontend","prometheus::varnish_exporter","prometheus","varnish_exporter","frontend","class","profile::prometheus::varnish_exporter","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/varnish_exporter.pp","line":17,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl mask prometheus-varnish-exporter.service","creates":"/etc/systemd/system/prometheus-varnish-exporter.service"}},{"type":"Systemd::Service","title":"prometheus-varnish-exporter@frontend","tags":["systemd::service","systemd","service","prometheus::varnish_exporter","prometheus","varnish_exporter","frontend","class","profile::prometheus::varnish_exporter","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/varnish_exporter.pp","line":22,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","restart":true,"content":"[Unit]\nDescription=Prometheus exporter for Varnish (instance %i)\nDocumentation=https://prometheus.io/docs/introduction/overview/\nBindsTo=varnish-frontend.service\nAfter=varnish-frontend.service\n\n[Service]\nRestart=always\nUser=varnish\nGroup=varnish\nExecStart=/usr/bin/prometheus-varnish-exporter -raw -n frontend -web.listen-address :9331\n\n[Install]\nWantedBy=multi-user.target varnish-frontend.service\n","require":"Package[prometheus-varnish-exporter]","unit_type":"service","override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/etc/tmpfiles.d/esitest.conf","tags":["file","systemd::tmpfile","systemd","tmpfile","esitest","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/tmpfile.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"d /run/esitest 0775 root haproxy","mode":"0444","owner":"root","group":"root"}},{"type":"Exec","title":"Refresh tmpfile esitest","tags":["exec","systemd::tmpfile","systemd","tmpfile","esitest","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/tmpfile.pp","line":39,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemd-tmpfiles --create --remove '/etc/tmpfiles.d/esitest.conf'","user":"root","refreshonly":true,"subscribe":"File[/etc/tmpfiles.d/esitest.conf]"}},{"type":"Service","title":"esitest","tags":["service","esitest","systemd::service","systemd","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"restart":"/bin/systemctl reload esitest.service","before":["Exec[systemd daemon-reload for esitest.service (esitest)]"]}},{"type":"Systemd::Unit","title":"esitest","tags":["systemd::unit","systemd","unit","esitest","systemd::service","service","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=HAProxy special instance for ESI testing\nAfter=network.target syslog.service\nWants=syslog.service\nBefore=trafficserver.service\n\n[Service]\nEnvironment=\"CONFIG=/etc/haproxy/esitest.cfg\" \"PIDFILE=/run/esitest/haproxy.pid\"\nExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q\nExecStart=/usr/sbin/haproxy -Ws -f ${CONFIG} -p $PIDFILE\nExecReload=/usr/sbin/haproxy -f ${CONFIG} -c\nExecReload=/bin/kill -USR2 $MAINPID\nKillMode=mixed\nRestart=always\nSuccessExitStatus=143\nType=notify\nLimitNOFILE=500000\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"esitest","require":["Class[Systemd]"]}},{"type":"Systemd::Unit","title":"refresh-dp-key.service","tags":["systemd::unit","systemd","unit","refresh-dp-key.service","systemd::timer::job","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Refresh DP key used by varnish daily\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nSyslogIdentifier=timer-refresh-dp-key\nExecStart=/usr/local/sbin/varnish-dp-key-generator /etc/varnish/dp.master.key /etc/varnish/dp.daily.key\n","unit":"refresh-dp-key.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"refresh-dp-key","tags":["systemd::timer","systemd","timer","refresh-dp-key","systemd::timer::job","job","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"*-*-* 00:15:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"refresh-dp-key.service"}},{"type":"Systemd::Syslog","title":"timer-refresh-dp-key","tags":["systemd::syslog","systemd","syslog","timer-refresh-dp-key","systemd::timer::job","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Class","title":"Trafficserver","tags":["class","trafficserver","trafficserver::instance","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"exported":false,"kind":"unknown","parameters":{"user":"trafficserver","packages":["trafficserver","trafficserver-experimental-plugins"]}},{"type":"Systemd::Mask","title":"trafficserver.service","tags":["systemd::mask","systemd","mask","trafficserver.service","class","trafficserver","trafficserver::instance","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/init.pp","line":19,"exported":false,"kind":"defined_type","parameters":{"unless":"/usr/bin/dpkg -s trafficserver | /bin/grep -q \"^Status: install ok installed$\"","unit":"trafficserver.service"}},{"type":"Package","title":"trafficserver","tags":["package","trafficserver","class","trafficserver::instance","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/init.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","require":["Exec[apt-get update]","Systemd::Mask[trafficserver.service]"],"provider":"apt","notify":["Systemd::Unmask[trafficserver.service]"]}},{"type":"Package","title":"trafficserver-experimental-plugins","tags":["package","trafficserver-experimental-plugins","class","trafficserver","trafficserver::instance","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/init.pp","line":24,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","require":["Exec[apt-get update]","Systemd::Mask[trafficserver.service]"],"provider":"apt","notify":["Systemd::Unmask[trafficserver.service]"]}},{"type":"File","title":"/usr/local/sbin/ats-restart","tags":["file","class","trafficserver","trafficserver::instance","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/init.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/trafficserver/ats_restart.sh","mode":"0555","owner":"root","group":"root"}},{"type":"Rsyslog::Conf","title":"trafficserver","tags":["rsyslog::conf","rsyslog","conf","trafficserver","class","trafficserver::instance","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/init.pp","line":38,"exported":false,"kind":"defined_type","parameters":{"content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"trafficserver\" then {\n    if ($msg contains \"Cacheable object with Set-Cookie\" or $msg contains \"SSL connection failed\") then {\n        # Send certain ATS syslog output to logstash and local rsyslog\n        set $.log_outputs = \"kafka local\";\n    } else {\n        # In general, do not send ATS logs to local rsyslog\n        stop\n    }\n}\n","priority":20,"ensure":"present","mode":"0444"}},{"type":"Systemd::Unmask","title":"trafficserver.service","tags":["systemd::unmask","systemd","unmask","trafficserver.service","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":254,"exported":false,"kind":"defined_type","parameters":{"refreshonly":true,"unit":"trafficserver.service"}},{"type":"Udev::Rule","title":"vdb","tags":["udev::rule","udev","rule","vdb","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":267,"exported":false,"kind":"defined_type","parameters":{"content":"SUBSYSTEM==\"block\", KERNEL==\"vdb\", OWNER:=\"trafficserver\" GROUP:=\"disk\"\n","ensure":"present","priority":40}},{"type":"File","title":"/etc/trafficserver","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":275,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"trafficserver","mode":"0755","group":"root"}},{"type":"File","title":"/etc/trafficserver/error_template","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":283,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"trafficserver","mode":"0755","require":"Package[trafficserver]","group":"root"}},{"type":"File","title":"/etc/trafficserver/error_template/default","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":283,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"trafficserver","mode":"0755","require":"Package[trafficserver]","group":"root"}},{"type":"File","title":"/etc/trafficserver/records.config","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","content":"# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html\n# This file is managed by Puppet.\n\n# traffic_manager TCP ports\nCONFIG proxy.config.http.server_ports STRING 3128 3128:ipv6\n\nCONFIG proxy.config.admin.user_id STRING trafficserver\n\nCONFIG proxy.config.http.insert_request_via_str INT 0\nCONFIG proxy.config.http.insert_client_ip INT 0\nCONFIG proxy.config.http.insert_squid_x_forwarded_for INT 0\nCONFIG proxy.config.http.response_server_enabled INT 2\n\nCONFIG proxy.config.url_remap.pristine_host_hdr INT 1\n\nCONFIG proxy.config.exec_thread.autoconfig.scale FLOAT 1.5\nCONFIG proxy.config.plugin.dynamic_reload_mode INT 0\nCONFIG proxy.config.plugin.lua.max_states INT 256\n\n\n# Allow origin server connection reuse for requests with Authorization\nCONFIG proxy.config.http.auth_server_session_private INT 0\n\nCONFIG proxy.config.http.cache.cache_responses_to_cookies INT 1\nCONFIG proxy.config.http.cache.guaranteed_max_lifetime INT 86400\n# Do not accept inbound connections until the cache is enabled\nCONFIG proxy.config.http.wait_for_cache INT 2\n\n\n# RAM Cache\nCONFIG proxy.config.cache.ram_cache.size INT 134217728\nCONFIG proxy.config.cache.ram_cache_cutoff INT 8388608 # 8MB\n# 0=no compression, 1=Fastlz, 2=Libz, 3=Liblzma\nCONFIG proxy.config.cache.ram_cache.compress INT 2\n\n# Disk Cache\n# max_doc_size needs to be disabled in order for Read While Writer to function\n# properly. See cache-basics.en.html#read-while-writer. We use Lua to avoid\n# caching documents with explicit Content-Length > 1G, see\n# do_global_read_response().\nCONFIG proxy.config.cache.max_doc_size INT 0\n\n\n\n# Request coalescing default values:\n# proxy.config.cache.enable_read_while_writer 1\n# proxy.config.http.cache.max_open_read_retries -1\n# proxy.config.http.cache.max_open_write_retries 1\n# proxy.config.http.cache.open_write_fail_action 0\nCONFIG proxy.config.cache.enable_read_while_writer INT 1\nCONFIG proxy.config.http.cache.max_open_read_retries INT 50\nCONFIG proxy.config.http.cache.open_write_fail_action INT 5\n# background settings match the current (8.0.8 / 9.1.3) default values\n# but better be explicit about them or it could potentially break RWW\nCONFIG proxy.config.http.background_fill_active_timeout INT 0\nCONFIG proxy.config.http.background_fill_completed_threshold FLOAT 0.000000\n# This will potentially delay a request up to:\n# 2 attempts at 50ms      = 100 ms\n# 10-2 attempts at 2*50ms = 800 ms\n# Total                   = 900 ms\n# as proxy.config.cache.read_while_writer_retry.delay is implemented\n# as a progressive delay doubles the configured delay from the third\n# reattempt onwards\nCONFIG proxy.config.cache.read_while_writer.max_retries INT 10\nCONFIG proxy.config.cache.read_while_writer_retry.delay INT 50\n\n# logging: send diags to stdout/stderr (systemd journal)\nCONFIG proxy.config.diags.output.status STRING O\nCONFIG proxy.config.diags.output.note STRING O\nCONFIG proxy.config.diags.output.warning STRING O\nCONFIG proxy.config.diags.output.error STRING E\nCONFIG proxy.config.diags.output.fatal STRING E\nCONFIG proxy.config.diags.output.alert STRING E\nCONFIG proxy.config.diags.output.emergency STRING E\n# ATS stops logging if the logging directory has less than\n# max_space_mb_headroom (default: 1000 MB) available\nCONFIG proxy.config.log.max_space_mb_headroom INT 0\n# Do not rotate logfiles\nCONFIG proxy.config.log.rolling_enabled INT 0\n# Flush logs immediately\nCONFIG proxy.config.log.max_secs_per_buffer INT 0\n# React immediatelly to log files being rotated\nCONFIG proxy.config.log.file_stat_frequency INT 1\n# Bumped from the default (9216) to address the following error: \"Skipping the\n# current log entry because its size exceeds the maximum payload space in a log\n# buffer\"\nCONFIG proxy.config.log.log_buffer_size INT 147456\nCONFIG proxy.config.log.max_line_size INT 147456\n\n# Outbound TLS settings\nCONFIG proxy.config.ssl.client.TLSv1 INT 0\nCONFIG proxy.config.ssl.client.TLSv1_1 INT 0\nCONFIG proxy.config.ssl.client.TLSv1_2 INT 1\nCONFIG proxy.config.ssl.client.TLSv1_3 INT 0\nCONFIG proxy.config.ssl.client.cipher_suite STRING -ALL:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384\nCONFIG proxy.config.ssl.client.verify.server.policy STRING ENFORCED\nCONFIG proxy.config.ssl.client.CA.cert.path STRING /etc/ssl/certs\nCONFIG proxy.config.ssl.client.CA.cert.filename STRING Puppet_Internal_CA.pem\n\n# Location of HTML template for error pages\nCONFIG proxy.config.body_factory.template_sets_dir STRING /etc/trafficserver/error_template\n","group":"root"}},{"type":"File","title":"/etc/trafficserver/remap.config","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","content":"# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/remap.config.en.html\n# This file is managed by Puppet.\n\nmap http://upload.wikimedia.beta.wmcloud.org http://deployment-ms-fe04.deployment-prep.eqiad1.wikimedia.cloud @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/normalize-path.lua @pparam=\"2F\" @pparam=\"21 24 26 27 28 29 2A 2B 2C 3A 3B 3D 40 5B 5D\" @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/x-mediawiki-original.lua\nmap http://performance.wikimedia.beta.wmcloud.org http://deployment-webperf21.deployment-prep.eqiad1.wikimedia.cloud \nmap http://intake-analytics.wikimedia.beta.wmflabs.org http://deployment-eventgate-4.deployment-prep.eqiad1.wikimedia.cloud:8492 \nregex_map http://(.*)/evt-103e/v2/events http://deployment-eventgate-4.deployment-prep.eqiad1.wikimedia.cloud:8492/v1/events \nmap http://intake-logging.wikimedia.beta.wmflabs.org http://deployment-eventgate-4.deployment-prep.eqiad1.wikimedia.cloud:8992 \nmap http://stream.wikimedia.beta.wmcloud.org http://deployment-eventstreams-2.deployment-prep.eqiad1.wikimedia.cloud:8092 \nmap http://stream.wikimedia.beta.wmflabs.org http://deployment-eventstreams-2.deployment-prep.eqiad1.wikimedia.cloud:8092 \nmap http://config-master.wikimedia.beta.wmcloud.org https://deployment-puppetmaster04.deployment-prep.eqiad1.wikimedia.cloud \nregex_map http://(.*)/api/rest_v1 http://deployment-restbase05.deployment-prep.eqiad1.wikimedia.cloud:7231/api/rest_v1 @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/normalize-path.lua @pparam=\"3A 40 21 24 28 29 2A 2C 3B 27\" @pparam=\"5B 5D 26 2B 3D\" @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/rb-mw-mangling-beta.lua @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/rb-mw-mangling.lua @plugin=/usr/lib/trafficserver/modules/conf_remap.so @pparam=proxy.config.http.server_session_sharing.match=ip\nregex_map http://(.*)/w/api.php http://deployment-mediawiki13.deployment-prep.eqiad1.wikimedia.cloud/w/api.php @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/rb-mw-mangling-beta.lua @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/rb-mw-mangling.lua\nmap / http://deployment-mediawiki14.deployment-prep.eqiad1.wikimedia.cloud @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/normalize-path.lua @pparam=\"3A 2F 40 21 24 28 29 2A 2C 3B\" @pparam=\"5B 5D 26 27 2B 3D\" @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/rb-mw-mangling-beta.lua @plugin=/usr/lib/trafficserver/modules/tslua.so @pparam=/etc/trafficserver/lua/rb-mw-mangling.lua\n","group":"root"}},{"type":"File","title":"/etc/trafficserver/cache.config","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","content":"# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/cache.config.en.html\n# This file is managed by Puppet.\n\ndest_host=deployment-puppetmaster04.deployment-prep.eqiad1.wikimedia.cloud action=never-cache\n","group":"root"}},{"type":"File","title":"/etc/trafficserver/storage.config","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","content":"# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/storage.config.en.html\n# This file is managed by Puppet.\n\n# pathname [$size] [volume=$number] [id=$string]\n/dev/vdb \n/var/cache/trafficserver 256M\n","group":"root"}},{"type":"File","title":"/etc/trafficserver/volume.config","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","content":"# https://docs.trafficserver.apache.org/admin-guide/files/volume.config.en.html\n# This file is managed by Puppet.\n\n# volume=volume_number  scheme=protocol_type  size=volume_size\n# Caching/Volume partitioning has not been enabled for this ATS instance. File empty on purpose\n","group":"root"}},{"type":"File","title":"/etc/trafficserver/plugin.config","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","content":"# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/plugin.config.en.html\n# This file is managed by Puppet.\n\nstats_over_http.so\ntslua.so /etc/trafficserver/lua/default.lua --enable-reload\ncompress.so /etc/trafficserver/compress.config\n","group":"root"}},{"type":"File","title":"/etc/trafficserver/parent.config","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","content":"# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/parent.config.en.html\n# This file is managed by Puppet.\n# Parent proxies support has not been enabled for this ATS instance. File empty on purpose\n","group":"root"}},{"type":"File","title":"/etc/trafficserver/logging.yaml","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","content":"---\nlogging:\n  formats:\n  - name: wmf\n    format: Date:%<cqtd> Time:%<cqtt> ConnAttempts:%<sca> ConnReuse:%<sstc> TTFetchHeaders:%<{TS_MILESTONE_SERVER_READ_HEADER_DONE-TS_MILESTONE_SM_START}msdms>\n      OriginServer:%<shn> OriginServerTime:%<stms> CacheResultCode:%<crc> CacheWriteResult:%<cwr>\n      ReqMethod:%<cqhm> RespStatus:%<pssc> OriginStatus:%<sssc> ReqURL:%<cquuc> BereqURL:%<cqtx>\n      ReqHeader:User-Agent:%<{User-agent}cqh> ReqHeader:Host:%<{Host}cqh> ReqHeader:X-Client-IP:%<{X-Client-IP}cqh>\n      ReqHeader:Cookie:%<{Cookie}cqh> RespHeader:X-Cache-Int:%<{X-Cache-Int}psh> RespHeader:Backend-Timing:%<{Backend-Timing}psh>\n  filters:\n  - name: notpurge\n    action: reject\n    condition: cqhm MATCH PURGE\n  - name: notvarnishcheck\n    action: reject\n    condition: \"%<{User-agent}cqh> MATCH Varnish backend check\"\n  logs:\n  - filename: notpurge\n    format: wmf\n    filters:\n    - notpurge\n    - notvarnishcheck\n    mode: ascii_pipe\n","group":"root"}},{"type":"File","title":"/etc/trafficserver/error_template/default/.body_factory_info","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"File[/etc/trafficserver/error_template]","notify":"Service[trafficserver]","content":"","group":"root"}},{"type":"File","title":"/etc/trafficserver/error_template/default/default","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":301,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"File[/etc/trafficserver/error_template]","notify":"Service[trafficserver]","content":"<!DOCTYPE html>\n<html lang=\"en\">\n<meta charset=\"utf-8\">\n<title>Wikimedia Error</title>\n<style>\n* { margin: 0; padding: 0; }\nbody { background: #fff; font: 15px/1.6 sans-serif; color: #333; }\n.content { margin: 7% auto 0; padding: 2em 1em 1em; max-width: 640px; display: flex; flex-direction: row; flex-wrap: wrap; }\n.footer { clear: both; margin-top: 14%; border-top: 1px solid #e5e5e5; background: #f9f9f9; padding: 2em 0; font-size: 0.8em; text-align: center; }\nimg { margin: 0 2em 2em 0; }\na img { border: 0; }\nh1 { margin-top: 1em; font-size: 1.2em; }\n.content-text { flex: 1; }\np { margin: 0.7em 0 1em 0; }\na { color: #0645ad; text-decoration: none; }\na:hover { text-decoration: underline; }\ncode { font-family: sans-serif; }\nsummary { font-weight: bold; cursor: pointer; }\ndetails[open] { background: #970302; color: #dfdedd; }\n.text-muted { color: #777; }\n@media (prefers-color-scheme: dark) {\n  a { color: #9e9eff; }\n  body { background: transparent; color: #ddd; }\n  .footer { border-top: 1px solid #444; background: #060606; }\n  #logo { filter: invert(1) hue-rotate(180deg); }\n  .text-muted { color: #888; }\n}\n</style>\n<meta name=\"color-scheme\" content=\"light dark\">\n<div class=\"content\" role=\"main\">\n<a href=\"https://www.wikimedia.org\"><img id=\"logo\" src=\"https://www.wikimedia.org/static/images/wmf-logo.png\" srcset=\"https://www.wikimedia.org/static/images/wmf-logo-2x.png 2x\" alt=\"Wikimedia\" width=\"135\" height=\"101\">\n</a>\n<div class=\"content-text\">\n<h1>Error</h1>\n<p>Our servers are currently under maintenance or experiencing a technical problem.\n\nPlease <a href=\"\" title=\"Reload this page\" onclick=\"window.location.reload(false); return false\">try again</a> in a few&nbsp;minutes.</p>\n\n<p>See the error message at the bottom of this page for more&nbsp;information.</p>\n</div>\n</div>\n<div class=\"footer\"><p>If you report this error to the Wikimedia System Administrators, please include the details below.</p><p class='text-muted'><code>Request from %<{X-Client-IP}cqh> via deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud, %<{Server}psh><br>Error: %<pssc>, %<prrp> at %<cqtd> %<cqtt> GMT</code></p></div>\n</html>\n","group":"root"}},{"type":"File","title":"/etc/trafficserver/ip_allow.yaml","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":345,"exported":false,"kind":"compilable_type","parameters":{"content":"# https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/ip_allow.yaml.en.html#std-configfile-ip_allow.yaml\n# This file is managed by Puppet.\n\nip_allow:\n  # Allow anything from localhost\n  - apply: in\n    ip_addrs:\n      - 127.0.0.1\n      - ::1\n    action: allow\n    methods: ALL\n  # Deny PURGE and PUSH for all (this implies allow other methods for all)\n  - apply: in\n    ip_addrs:\n      - 0/0\n      - ::/0\n    action: deny\n    methods:\n      - PUSH\n      - PURGE\n","owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","group":"root"}},{"type":"File","title":"/etc/trafficserver/compress.config","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":354,"exported":false,"kind":"compilable_type","parameters":{"owner":"trafficserver","mode":"0400","require":"Package[trafficserver]","notify":"Service[trafficserver]","content":"# When set to true, cache both the compressed and uncompressed versions of the\n# content as alternates. When set to false, Traffic Server will cache only the\n# compressed or decompressed variant returned by the origin.\ncache false\n\n# Avoid compressing objects smaller than 860 bytes. We've seen varnish do\n# gzipping on CL:0 302 responses, resulting in output that has CE:gzip\n# and CL:20 and sends a pointless gzip header.\n# Very small content may actually inflate from gzipping, and\n# sub-one-packet content isn't saving a lot of latency for the gzip\n# costs (to the server and the client, who must also decompress it).\n# The magic 860 number comes from Akamai, Google recommends anywhere\n# from 150-1000.  See also:\n# https://webmasters.stackexchange.com/questions/31750/what-is-recommended-minimum-object-size-for-gzip-performance-benefits\nminimum-content-length 860\n\n# This is to avoid some corner-cases and bugs as noted in T125938 , e.g.\n# applayer gzip turning 500s into junk-response 503s, applayer gzipping\n# CL:0 bodies into a 20 bytes gzip header, applayer compressing tiny\n# outputs in general, etc.\n# We have also observed Swift returning Content-Type: gzip with\n# non-gzipped content, which confuses varnish-fe making it occasionally\n# return 503.\nremove-accept-encoding true\n\ncompressible-content-type *text*\ncompressible-content-type *json*\ncompressible-content-type *html*\ncompressible-content-type *script*\ncompressible-content-type *xml*\ncompressible-content-type *icon*\ncompressible-content-type *ms-fontobject*\ncompressible-content-type *x-font*\ncompressible-content-type *sla*\n","group":"root"}},{"type":"Systemd::Service","title":"trafficserver","tags":["systemd::service","systemd","service","trafficserver","trafficserver::instance","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":368,"exported":false,"kind":"defined_type","parameters":{"content":"[Service]\nUser=trafficserver\nGroup=trafficserver\nExecStart=\nExecStart=/usr/bin/traffic_manager --nosyslog\nPIDFile=/run/trafficserver/manager.lock\nRestart=always\nRestartSec=1\nExecReload=\n# XXX: `traffic_server -C verify_config` is broken: it causes configuration\n# reloads, which cause errors with ascii_pipe logs\n#ExecReload=/usr/bin/traffic_server -C verify_config\nExecReload=/usr/bin/traffic_ctl config reload\n# traffic_manager is terminated with SIGTERM and exits with the received signal\n# number (15)\nSuccessExitStatus=15\n\nSyslogIdentifier=trafficserver\n\nLimitNOFILE=500000\nLimitMEMLOCK=90000\n\n# Security options\nProtectKernelModules=yes\nProtectKernelTunables=yes\nPrivateTmp=yes\n\nRestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK\n\nCapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_SETGID CAP_SETUID CAP_SYS_PTRACE CAP_FOWNER \nSystemCallFilter=~@keyring @clock @cpu-emulation @obsolete @module @raw-io @reboot @swap\n\n# The entire file system hierarchy is mounted read-only, except for the API\n# file system subtrees /dev, /proc and /sys\nProtectSystem=strict\n\n# Whitelist read/write directories\nReadWritePaths=/var/log/trafficserver\nReadWritePaths=/run/trafficserver\nReadWritePaths=/var/cache/trafficserver\n","override":true,"restart":true,"service_params":{"restart":"systemctl reload trafficserver","enable":true},"subscribe":["Package[trafficserver]","Package[trafficserver-experimental-plugins]"],"ensure":"present","unit_type":"service","monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"migration_task":"T407130"}},{"type":"File","title":"/usr/local/sbin/ats-backend-restart","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":380,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"#!/bin/bash\n/usr/local/sbin/ats-restart cdn trafficserver","mode":"0555","owner":"root","group":"root","require":"File[/usr/local/sbin/ats-restart]"}},{"type":"File","title":"/etc/logrotate.d/ats-backend","tags":["file","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/instance.pp","line":390,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"/var/log/trafficserver/*.log {\n    daily\n    postrotate\n      /bin/systemctl is-active --quiet trafficserver.service && /bin/kill -USR2 $(/bin/systemctl show --property MainPID --value trafficserver.service)\n    endscript\n    missingok\n    nocreate\n    rotate 28\n    compress\n    delaycompress\n}\n","mode":"0444","owner":"root","group":"root"}},{"type":"Trafficserver::Lua_infra","title":"infra-trafficserver","tags":["trafficserver::lua_infra","trafficserver","lua_infra","infra-trafficserver","trafficserver::lua_script","lua_script","default","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":38,"exported":false,"kind":"defined_type","parameters":{"service_name":"trafficserver","config_prefix":"/etc/trafficserver"}},{"type":"File","title":"/etc/trafficserver/lua/default_test.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","default","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":61,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/default_test.lua","before":"File[/etc/trafficserver/lua/default.lua]","group":"root"}},{"type":"File","title":"/etc/trafficserver/lua/default.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","default","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/default.lua","group":"root","notify":["Exec[unit_tests_trafficserver]"]}},{"type":"File","title":"/etc/trafficserver/lua/x-mediawiki-original_test.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","x-mediawiki-original","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":61,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/x-mediawiki-original_test.lua","before":"File[/etc/trafficserver/lua/x-mediawiki-original.lua]","group":"root"}},{"type":"File","title":"/etc/trafficserver/lua/x-mediawiki-original.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","x-mediawiki-original","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/x-mediawiki-original.lua","group":"root","notify":["Exec[unit_tests_trafficserver]"]}},{"type":"File","title":"/etc/trafficserver/lua/normalize-path.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","normalize-path","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/normalize-path.lua","group":"root","notify":["Exec[unit_tests_trafficserver]"]}},{"type":"File","title":"/etc/trafficserver/lua/rb-mw-mangling.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","rb-mw-mangling","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/rb-mw-mangling.lua","group":"root","notify":["Exec[unit_tests_trafficserver]"]}},{"type":"File","title":"/etc/trafficserver/lua/x-wikimedia-debug-routing.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","x-wikimedia-debug-routing","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/x-wikimedia-debug-routing.lua","group":"root","notify":["Exec[unit_tests_trafficserver]"]}},{"type":"File","title":"/etc/trafficserver/lua/multi-dc.lua.conf","tags":["file","trafficserver::lua_script","trafficserver","lua_script","multi-dc","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":53,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/multi-dc.lua.conf","before":"File[/etc/trafficserver/lua/multi-dc.lua]","group":"root"}},{"type":"File","title":"/etc/trafficserver/lua/multi-dc_test.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","multi-dc","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":61,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/multi-dc_test.lua","before":"File[/etc/trafficserver/lua/multi-dc.lua]","group":"root"}},{"type":"File","title":"/etc/trafficserver/lua/multi-dc.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","multi-dc","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/multi-dc.lua","group":"root","notify":["Exec[unit_tests_trafficserver]"]}},{"type":"File","title":"/etc/trafficserver/lua/gateway-check.lua.conf","tags":["file","trafficserver::lua_script","trafficserver","lua_script","gateway-check","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":53,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/gateway-check.lua.conf","before":"File[/etc/trafficserver/lua/gateway-check.lua]","group":"root"}},{"type":"File","title":"/etc/trafficserver/lua/gateway-check_test.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","gateway-check","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":61,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/gateway-check_test.lua","before":"File[/etc/trafficserver/lua/gateway-check.lua]","group":"root"}},{"type":"File","title":"/etc/trafficserver/lua/gateway-check.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","gateway-check","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/gateway-check.lua","group":"root","notify":["Exec[unit_tests_trafficserver]"]}},{"type":"File","title":"/etc/trafficserver/lua/mw-next-routing.lua.conf","tags":["file","trafficserver::lua_script","trafficserver","lua_script","mw-next-routing","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":53,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/mw-next-routing.lua.conf","before":"File[/etc/trafficserver/lua/mw-next-routing.lua]","group":"root"}},{"type":"File","title":"/etc/trafficserver/lua/mw-next-routing_test.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","mw-next-routing","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":61,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/mw-next-routing_test.lua","before":"File[/etc/trafficserver/lua/mw-next-routing.lua]","group":"root"}},{"type":"File","title":"/etc/trafficserver/lua/mw-next-routing.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","mw-next-routing","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/mw-next-routing.lua","group":"root","notify":["Exec[unit_tests_trafficserver]"]}},{"type":"File","title":"/etc/trafficserver/lua/rb-mw-mangling-beta.lua","tags":["file","trafficserver::lua_script","trafficserver","lua_script","rb-mw-mangling-beta","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_script.pp","line":68,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","require":"File[/etc/trafficserver/lua]","source":"puppet:///modules/profile/trafficserver/rb-mw-mangling-beta.lua","group":"root","notify":["Exec[unit_tests_trafficserver]"]}},{"type":"Interface::Manual","title":"ipip_ipv4","tags":["interface::manual","interface","manual","ipip_ipv4","interface::ipip","ipip","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ipip.pp","line":14,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","hotplug":false,"interface":"ipip0","family":"inet"}},{"type":"Interface::Ip","title":"ipip_ipv4 ipv4","tags":["interface::ip","interface","ip","interface::ipip","ipip","ipip_ipv4","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ipip.pp","line":31,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","interface":"ipip0","address":"127.0.0.42","prefixlen":32}},{"type":"File_line","title":"rm_ipip0_set_up","tags":["file_line","rm_ipip0_set_up","interface::ipip","interface","ipip","ipip_ipv4","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ipip.pp","line":41,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"ip link set up dev ipip0","match_for_absence":true}},{"type":"File_line","title":"rm_ipip0_add_up","tags":["file_line","rm_ipip0_add_up","interface::ipip","interface","ipip","ipip_ipv4","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ipip.pp","line":47,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"ip link add name ipip0 type ipip external","match_for_absence":true}},{"type":"Exec","title":"ip link del dev ipip0","tags":["exec","interface::ipip","interface","ipip","ipip_ipv4","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ipip.pp","line":54,"exported":false,"kind":"compilable_type","parameters":{"path":"/bin:/usr/bin","returns":[0,2],"onlyif":"ip link show ipip0"}},{"type":"Interface::Manual","title":"ipip_ipv6","tags":["interface::manual","interface","manual","ipip_ipv6","interface::ipip","ipip","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ipip.pp","line":14,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","hotplug":false,"interface":"ipip60","family":"inet6"}},{"type":"File_line","title":"rm_ipip60_set_up","tags":["file_line","rm_ipip60_set_up","interface::ipip","interface","ipip","ipip_ipv6","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ipip.pp","line":41,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"ip link set up dev ipip60","match_for_absence":true}},{"type":"File_line","title":"rm_ipip60_add_up","tags":["file_line","rm_ipip60_add_up","interface::ipip","interface","ipip","ipip_ipv6","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ipip.pp","line":47,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"ip link add name ipip60 type ip6tnl external","match_for_absence":true}},{"type":"Exec","title":"ip link del dev ipip60","tags":["exec","interface::ipip","interface","ipip","ipip_ipv6","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ipip.pp","line":54,"exported":false,"kind":"compilable_type","parameters":{"path":"/bin:/usr/bin","returns":[0,2],"onlyif":"ip link show ipip60"}},{"type":"Interface::Post_up_command","title":"clsact_lo","tags":["interface::post_up_command","interface","post_up_command","clsact_lo","interface::clsact","clsact","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/clsact.pp","line":10,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","interface":"lo","command":"/usr/sbin/tc qdisc add dev lo clsact"}},{"type":"Exec","title":"/usr/sbin/tc qdisc del dev lo clsact","tags":["exec","interface::clsact","interface","clsact","clsact_lo","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/clsact.pp","line":17,"exported":false,"kind":"compilable_type","parameters":{"onlyif":"/usr/sbin/tc qdisc show dev lo | grep -q clsact"}},{"type":"Service","title":"tcp-mss-clamper","tags":["service","tcp-mss-clamper","systemd::service","systemd","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"before":["Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]"]}},{"type":"Systemd::Unit","title":"tcp-mss-clamper","tags":["systemd::unit","systemd","unit","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=eBPF based TCP MSS clamper\nAfter=network.target\n\n[Install]\nWantedBy=multi-user.target\n\n[Service]\nLimitMEMLOCK=infinity\nExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1400 --ipv6-mss 1400 -p :2200 -s \"\" -i lo\nRestart=on-failure\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"tcp-mss-clamper","require":["Class[Systemd]"]}},{"type":"Systemd::Monitor","title":"tcp-mss-clamper","tags":["systemd::monitor","systemd","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":73,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","notes_url":"https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments","contact_group":"admins","critical":false,"migration_task":"T407130","check_interval":10,"retries":2}},{"type":"File","title":"/usr/local/bin/prometheus-lvs-realserver-mss","tags":["file","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_lvs_realserver_mss.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/prometheus/usr/local/bin/prometheus-lvs-realserver-mss.py"}},{"type":"Systemd::Timer::Job","title":"prometheus_lvs_realserver_mss","tags":["systemd::timer::job","systemd","timer","job","prometheus_lvs_realserver_mss","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_lvs_realserver_mss.pp","line":23,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"Regular job to collect MSS values of realserver endpoints","user":"root","command":"/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e ","interval":{"start":"OnCalendar","interval":"minutely"},"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"File","title":"/usr/local/bin/prometheus-ferm-mss","tags":["file","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_ferm_mss.pp","line":13,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","mode":"0555","owner":"root","group":"root","source":"puppet:///modules/prometheus/usr/local/bin/prometheus-ferm-mss.py"}},{"type":"Systemd::Timer::Job","title":"prometheus_ferm_mss","tags":["systemd::timer::job","systemd","timer","job","prometheus_ferm_mss","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/prometheus/manifests/node_ferm_mss.pp","line":23,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"Regular job to collect MSS values of ferm-based hosts","user":"root","command":"/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e ","interval":{"start":"OnCalendar","interval":"minutely"},"environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"File","title":"/etc/varnishkafka/statsv.conf","tags":["file","varnishkafka::instance","varnishkafka","instance","statsv","class","profile::cache::kafka::statsv","profile","cache","kafka","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/instance.pp","line":178,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# Note: This file is managed by Puppet.\n\n#######################################################################\n#                                                                     #\n#                varnishkafka configuration file                      #\n#                       Varnish 4 specific                            #\n#                                                                     #\n#######################################################################\n#                                                                     #\n# Syntax:                                                             #\n# <property-name> = <value>                                           #\n#                                                                     #\n# Boolean property values:                                            #\n#   >0, \"true\", \"yes\", \"on\" - interpreted as true                     #\n#  everything else          - interpreted as false                    #\n#                                                                     #\n#######################################################################\n                                                                      #\n                                                                      #\n                                                                      #\n#######################################################################\n#                                                                     #\n# Varnish log formatting                                              #\n#                                                                     #\n# format.type - format output type, one of:                           #\n#  string     - ASCII string output                                   #\n#  json       - JSON output                                           #\n#                                                                     #\n#                                                                     #\n# format - format string                                              #\n#  %X                                                                 #\n#   where 'X' is one of the standard varnishncsa(1) formatters.       #\n#   Example: %u                                                       #\n#                                                                     #\n#                                                                     #\n#  %{VAR}X                                                            #\n#    Name-Value tokens where X is 'x', 'i' or 'o' and 'VAR' is the    #\n#    Name to extract the value for.                                   #\n#    Example: %{User-Agent}i                                          #\n#                                                                     #\n#                                                                     #\n#  %{?DEFAULT@FIELD!OPTION!OPTION..}X                                 #\n#    where 'X' is any formatter,                                      #\n#                                                                     #\n#    'DEFAULT' is the default string to use if no tag was matched,    #\n#     the default default string is \"-\".                              #\n#                                                                     #\n#    'FIELD' is the field name to use with the JSON formatter.        #\n#     i.e., \"%{@host}l\" will be JSON encoded as: {\"host\":\"1.2.3.4\"}   #\n#                                                                     #\n#    'OPTION' is one or more of the formatting options:               #\n#        escape - escape non-printable characters to \\<octalcode>     #\n#                 and \\t\\n\\r\\v\\f \" to their canonical                 #\n#                 backslashed notations (\\t\\n\\r\\v\\f\\\"\\ ).             #\n#        num    - for typed formatters, such as JSON, try to encode   #\n#                 the value as a number.                              #\n#                                                                     #\n#                                                                     #\n#    This syntax can be combined with %{VAR}X.                        #\n#    Example: %{User-Agent?Mozilla!escape}i                           #\n#             %{?nouser}u                                             #\n#             %{!escape}q                                             #\n#             %{@host}l                                               #\n#                                                                     #\n#                                                                     #\n#                                                                     #\n#  Additional formatter specials:                                     #\n#    %{<strftime-format>}t - format timestamp according to supplied   #\n#                            strftime(3) compatible format string.    #\n#    %{Varnish:xid}x       - transaction id of client request.        #\n#                            Same value as X-Varnish header           #\n#                                                                     #\n#                                                                     #\n#                                                                     #\n#  Non %-prefixed strings are copied verbatim to the                  #\n#  output log string.                                                 #\n#    Example: \"User: %u;\"   would render \"User: snaps;\"               #\n#                                                                     #\n#                                                                     #\n#######################################################################\n\n# Where to output varnish log lines:\n#  kafka  - (default) send to kafka broker\n#  stdout - just print to stdout (behave like varnishncsa)\n#  null   - (test) collect all tags specified by format but dont output anything\noutput = kafka\n\n# Log formatter\nformat.type = json\nformat = %{fake_tag0@hostname?deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud}x %{%FT%T@dt}t %{X-Client-IP@ip}o %{@uri_path}U %{@uri_query}q %{User-Agent@user_agent}i\n\n# Optional secondary formatting.\n#   'output = kafka':  The rendered 'format.key' will be provided as the\n#                      Kafka message Key\n#   'output = string': Print string to stdout.\n# Supports the same formatting and type as 'format' and 'format.type'.\n# format.key.type = string\n# format.key = %l\n\n# Start for sequence number (%n)\n# Either a number, or the string \"time\" which will set it to the current\n# unix time in seconds multiplied by 1,000,000.\n# Defaults to 0.\nsequence.number = 0\n\n\n#\n# TUNING\n#\n\n# The maximum accepted log tag (field) size.\n# Larger tags will be truncated to this size.\n# Defaults to 2048\ntag.size.max = 2048\n\n# Size of per logline scratch buffer.\n# The scratch buffer is used as a temporary storage space while\n# collecting tags for the log line.  If the scratch size is too small the\n# logline tag match will be incomplete.  log.line.scratch.size depicts the\n# size of the \"static\" always-available memory allocated with each logline.\n# It should be configured to fit all matched tag-values (prior to formatting)\n# for a normal request.  If the scratch buffer gets full vk will start\n# allocating tmpbufs, a tmpbuf only lives for the current request and is then\n# freed, so it is a little more costly than using thestatic scratch pad.\n# Defaults to 4096 bytes.\nlogline.scratch.size = 4096\n\n#\n# varnishkafka log messages configuration\n# Debugging, error reporting, etc, not to be confused with varnish logs.\n#\n\n# varnishkafka log level (1 = emergencies .. 7 = debug)\nlog.level = 6\n\n# specify log output (multiples allowed)\n\nlog.stderr = false\nlog.syslog = true\n\n# Maximum number of error logs produced per log.rate.period seconds\n# This setting is applied per error type.\n# log.rate.max defaults to 100\n# log.rate.period defaults to 60\n#log.rate.max = 100\n#log.rate.period = 60\n\n# Kafka: log message delivery failures (requires required.acks > 0)\nlog.kafka.msg.error = true\n\n#\n# JSON Statistics\n#\n# Statistics is collected from varnishkafka itself as well as librdkafka\n# Each JSON object has a top level key of either 'varnishkafka' or\n# 'kafka' to indicate which type of statistics the object contains.\n# Each line is a valid JSON object.\n#\n\n# Statistics output interval\n# Defaults to 60 seconds, use 0 to disable.\nlog.statistics.interval = 60\n\n# Statistics output file\n# Defaults to /tmp/varnishkafka.stats.json\nlog.statistics.file = /var/cache/varnishkafka/statsv.stats.json\n\n\n# daemonize varnishkafka (boolean)\ndaemonize = false\n\n\n\n#######################################################################\n#                                                                     #\n# Standard varnish VSL command line arguments                         #\n#                                                                     #\n# Syntax:                                                             #\n#  varnish.arg.<c> = <value>, where <c> is a command line option.     #\n#                                                                     #\n# See varnishncsa(1) and varnishlog(1) for valid options.             #\n#                                                                     #\n#######################################################################\n\n# -q ReqURL ~ \"^/beacon/statsv\\?\"\nvarnish.arg.q = ReqURL ~ \"^/beacon/statsv\\?\"\n\n# varnish instance name\nvarnish.arg.n = frontend\n\n#######################################################################\n#                                                                     #\n# Kafka configuration                                                 #\n#                                                                     #\n# Kafka configuration properties are prefixed with \"kafka.\"           #\n# and topic properties are prefixed with \"kafka.topic.\".              #\n#                                                                     #\n# For the full range of Kafka handle and topic configuration          #\n# properties, see:                                                    #\n#  http://github.com/edenhill/librdkafka/blob/master/CONFIGURATION.md #\n#                                                                     #\n# And the Apache Kafka configuration reference:                       #\n#  http://kafka.apache.org/08/configuration.html                      #\n#                                                                     #\n#######################################################################\n\n# Initial list of kafka brokers\nkafka.metadata.broker.list = deployment-kafka-main-5.deployment-prep.eqiad1.wikimedia.cloud,deployment-kafka-main-6.deployment-prep.eqiad1.wikimedia.cloud\n\n# Maximum number of messages allowed on the local producer queue\n# Defaults to 1000000\nkafka.queue.buffering.max.messages = 100000\n\n# Maximum time, in milliseconds, for buffering data on the producer queue.\n# Defaults to 1000 (1 second)\nkafka.queue.buffering.max.ms = 1000\n\n# Maximum number of messages batched in one MessageSet.\n# Defaults to 1000\nkafka.batch.num.messages = 1000\n\n# Maximum number of retries per messageset.\nkafka.message.send.max.retries = 3\n\n# Use compression when sending to Kafka..  Default is none.\n# Valid values are 'none', 'gzip', and 'snappy'.\nkafka.compression.codec = none\n\n#\n# Topic configuration\n#\n\n# Topic to produce messages to\nkafka.topic = statsv\n\n# Partition (-1: random, else one of the available partitions)\nkafka.partition = -1\n\n# Required number of acks\nkafka.topic.request.required.acks = -1\n\n# Local message timeout (milliseconds)\nkafka.topic.message.timeout.ms = 300000\n\n# The ack timeout of the producer request in milliseconds\nkafka.topic.request.timeout.ms = 5000\n\n# SO_SNDBUFF Socket send buffer size. System default is used if 0.\nkafka.socket.send.buffer.bytes = 0\n","owner":"root","group":"root","mode":"0444","require":"Package[varnishkafka]","notify":["Service[varnishkafka-statsv]"]}},{"type":"File","title":"/etc/logrotate.d/varnishkafka-statsv-stats","tags":["file","varnishkafka::instance","varnishkafka","instance","statsv","class","profile::cache::kafka::statsv","profile","cache","kafka","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/instance.pp","line":187,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"/var/cache/varnishkafka/statsv.stats.json {\n  daily\n  rotate 4\n  create 0644 varnishlog root\n  missingok\n  compress\n  delaycompress\n  postrotate\n    service varnishkafka-statsv reload >/dev/null\n  endscript\n}\n","require":"Package[varnishkafka]"}},{"type":"Base::Service_unit","title":"varnishkafka-statsv","tags":["base::service_unit","base","service_unit","varnishkafka-statsv","varnishkafka::instance","varnishkafka","instance","statsv","class","profile::cache::kafka::statsv","profile","cache","kafka","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnishkafka/manifests/instance.pp","line":196,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","systemd":"[Unit]\nDescription=VarnishKafka statsv\nAfter=network.target local-fs.target varnish-frontend.service\nRequires=varnish-frontend.service\nBindsTo=varnish-frontend.service\nPartOf=varnishkafka-all.service\n\n[Service]\nType=simple\nExecStart=/usr/bin/varnishkafka -S \"/etc/varnishkafka/statsv.conf\"\nExecReload=/bin/kill -HUP $MAINPID\nRestart=on-failure\n\n[Install]\nWantedBy=varnishkafka-all.service multi-user.target\n","refresh":true,"require":"Package[varnishkafka]","service_params":{"hasstatus":true,"hasrestart":true},"declare_service":true,"mask":false}},{"type":"Service","title":"haproxykafka","tags":["service","haproxykafka","systemd::service","systemd","class","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"before":["Exec[systemd daemon-reload for haproxykafka.service (haproxykafka)]"]}},{"type":"Systemd::Unit","title":"haproxykafka","tags":["systemd::unit","systemd","unit","haproxykafka","systemd::service","service","class","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Service]\nUser=haproxykafka\nGroup=haproxykafka\nExecStart=\nExecStart=/usr/bin/haproxykafka -c /etc/haproxykafka/config.yaml\nRestart=always\nMemoryHigh=4.5%\nMemoryMax=5%\n# Hardening\nNoNewPrivileges=true\nPrivateTmp=true\nAmbientCapabilities=CAP_CHOWN\nCapabilityBoundingSet=CAP_CHOWN\nProtectSystem=strict\nReadWritePaths=/var/run/haproxykafka\nPrivateDevices=true\nProtectKernelModules=true\nProtectKernelLogs=true\nProtectHome=true\nProtectClock=true\nRestrictNamespaces=true\nRestrictSUIDSGID=true\nLockPersonality=true\n","override":true,"override_filename":"puppet-override.conf","restart":true,"unit":"haproxykafka","require":["Class[Systemd]"]}},{"type":"Service","title":"prometheus_puppet_agent_stats.timer","tags":["service","prometheus_puppet_agent_stats.timer","systemd::service","systemd","prometheus_puppet_agent_stats","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for prometheus_puppet_agent_stats.timer (prometheus_puppet_agent_stats.timer)]"]}},{"type":"Systemd::Unit","title":"prometheus_puppet_agent_stats.timer","tags":["systemd::unit","systemd","unit","prometheus_puppet_agent_stats.timer","systemd::service","service","prometheus_puppet_agent_stats","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of prometheus_puppet_agent_stats.service\n\n[Timer]\nUnit=prometheus_puppet_agent_stats.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"prometheus_puppet_agent_stats.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-prometheus-puppet-agent-stats.conf","tags":["file","rsyslog::conf","rsyslog","conf","prometheus_puppet_agent_stats","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_puppet_agent_stats\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_puppet_agent_stats/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/prometheus_puppet_agent_stats","tags":["file","logrotate::conf","logrotate","conf","prometheus_puppet_agent_stats","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for prometheus_puppet_agent_stats\n\n/var/log/prometheus_puppet_agent_stats/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"clean_puppet_client_bucket.timer","tags":["service","clean_puppet_client_bucket.timer","systemd::service","systemd","clean_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for clean_puppet_client_bucket.timer (clean_puppet_client_bucket.timer)]"]}},{"type":"Systemd::Unit","title":"clean_puppet_client_bucket.timer","tags":["systemd::unit","systemd","unit","clean_puppet_client_bucket.timer","systemd::service","service","clean_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of clean_puppet_client_bucket.service\n\n[Timer]\nUnit=clean_puppet_client_bucket.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=24h\nOnActiveSec=1s\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"clean_puppet_client_bucket.timer","require":["Class[Systemd]"]}},{"type":"Service","title":"puppet-agent-timer.timer","tags":["service","puppet-agent-timer.timer","systemd::service","systemd","puppet-agent-timer","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"puppet-agent-timer.timer","tags":["systemd::unit","systemd","unit","puppet-agent-timer.timer","systemd::service","service","puppet-agent-timer","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of puppet-agent-timer.service\n\n[Timer]\nUnit=puppet-agent-timer.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:21/30:00\nOnStartupSec=1min\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"puppet-agent-timer.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-puppet-agent-timer.conf","tags":["file","rsyslog::conf","rsyslog","conf","puppet-agent-timer","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"puppet-agent-timer\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/puppet-agent-timer/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/puppet-agent-timer","tags":["file","logrotate::conf","logrotate","conf","puppet-agent-timer","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for puppet-agent-timer\n\n/var/log/puppet-agent-timer/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_systemd-timesyncd.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_systemd-timesyncd.service","systemd::timer::job","timer","job","wmf_auto_restart_systemd-timesyncd","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: systemd-timesyncd\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s systemd-timesyncd\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_systemd-timesyncd.service (wmf_auto_restart_systemd-timesyncd.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_systemd-timesyncd.service (wmf_auto_restart_systemd-timesyncd.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_systemd-timesyncd.service","systemd::timer::job","timer","job","wmf_auto_restart_systemd-timesyncd","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_systemd-timesyncd","tags":["systemd::service","systemd","service","wmf_auto_restart_systemd-timesyncd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_systemd-timesyncd.service\n\n[Timer]\nUnit=wmf_auto_restart_systemd-timesyncd.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 3:54:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_systemd-timesyncd.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_systemd-timesyncd","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_systemd-timesyncd","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_systemd-timesyncd","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_systemd-timesyncd","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_systemd-timesyncd\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_systemd-timesyncd/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_systemd-timesyncd]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_systemd-timesyncd","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_systemd-timesyncd","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_systemd-timesyncd\n\n/var/log/wmf_auto_restart_systemd-timesyncd/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_exim4.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_exim4.service","systemd::timer::job","timer","job","wmf_auto_restart_exim4","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: exim4\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s exim4\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_exim4.service (wmf_auto_restart_exim4.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_exim4.service (wmf_auto_restart_exim4.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_exim4.service","systemd::timer::job","timer","job","wmf_auto_restart_exim4","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_exim4","tags":["systemd::service","systemd","service","wmf_auto_restart_exim4","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_exim4.service\n\n[Timer]\nUnit=wmf_auto_restart_exim4.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 17:52:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_exim4.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_exim4","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_exim4","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_exim4","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_exim4","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_exim4\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_exim4/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_exim4]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_exim4","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_exim4","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_exim4\n\n/var/log/wmf_auto_restart_exim4/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_prometheus-node-exporter.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_prometheus-node-exporter.service","systemd::timer::job","timer","job","wmf_auto_restart_prometheus-node-exporter","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: prometheus-node-exporter\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s prometheus-node-exporter\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_prometheus-node-exporter.service (wmf_auto_restart_prometheus-node-exporter.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_prometheus-node-exporter.service (wmf_auto_restart_prometheus-node-exporter.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_prometheus-node-exporter.service","systemd::timer::job","timer","job","wmf_auto_restart_prometheus-node-exporter","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_prometheus-node-exporter","tags":["systemd::service","systemd","service","wmf_auto_restart_prometheus-node-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_prometheus-node-exporter.service\n\n[Timer]\nUnit=wmf_auto_restart_prometheus-node-exporter.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 0:16:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_prometheus-node-exporter.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_prometheus-node-exporter","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_prometheus-node-exporter","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_prometheus-node-exporter","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_prometheus-node-exporter","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_prometheus-node-exporter\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_prometheus-node-exporter/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_prometheus-node-exporter]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_prometheus-node-exporter","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_prometheus-node-exporter","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_prometheus-node-exporter\n\n/var/log/wmf_auto_restart_prometheus-node-exporter/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_rsyslog.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_rsyslog.service","systemd::timer::job","timer","job","wmf_auto_restart_rsyslog","profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: rsyslog\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s rsyslog\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_rsyslog.service (wmf_auto_restart_rsyslog.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_rsyslog.service (wmf_auto_restart_rsyslog.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_rsyslog.service","systemd::timer::job","timer","job","wmf_auto_restart_rsyslog","profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_rsyslog","tags":["systemd::service","systemd","service","wmf_auto_restart_rsyslog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_rsyslog.service\n\n[Timer]\nUnit=wmf_auto_restart_rsyslog.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 8:17:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_rsyslog.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_rsyslog","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_rsyslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_rsyslog","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_rsyslog","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_rsyslog\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_rsyslog/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_rsyslog]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_rsyslog","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_rsyslog","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_rsyslog\n\n/var/log/wmf_auto_restart_rsyslog/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_lldpd.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_lldpd.service","systemd::timer::job","timer","job","wmf_auto_restart_lldpd","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: lldpd\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s lldpd\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_lldpd.service (wmf_auto_restart_lldpd.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_lldpd.service (wmf_auto_restart_lldpd.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_lldpd.service","systemd::timer::job","timer","job","wmf_auto_restart_lldpd","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_lldpd","tags":["systemd::service","systemd","service","wmf_auto_restart_lldpd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_lldpd.service\n\n[Timer]\nUnit=wmf_auto_restart_lldpd.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 11:36:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_lldpd.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_lldpd","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_lldpd","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_lldpd","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_lldpd","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_lldpd\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_lldpd/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_lldpd]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_lldpd","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_lldpd","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_lldpd\n\n/var/log/wmf_auto_restart_lldpd/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_systemd-journald.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_systemd-journald.service","systemd::timer::job","timer","job","wmf_auto_restart_systemd-journald","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: systemd-journald\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s systemd-journald\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_systemd-journald.service (wmf_auto_restart_systemd-journald.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_systemd-journald.service (wmf_auto_restart_systemd-journald.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_systemd-journald.service","systemd::timer::job","timer","job","wmf_auto_restart_systemd-journald","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_systemd-journald","tags":["systemd::service","systemd","service","wmf_auto_restart_systemd-journald","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_systemd-journald.service\n\n[Timer]\nUnit=wmf_auto_restart_systemd-journald.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 5:4:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_systemd-journald.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_systemd-journald","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_systemd-journald","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_systemd-journald","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_systemd-journald","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_systemd-journald\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_systemd-journald/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_systemd-journald]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_systemd-journald","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_systemd-journald","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_systemd-journald\n\n/var/log/wmf_auto_restart_systemd-journald/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_ssh.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_ssh.service","systemd::timer::job","timer","job","wmf_auto_restart_ssh","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: ssh\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s ssh\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_ssh.service (wmf_auto_restart_ssh.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_ssh.service (wmf_auto_restart_ssh.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_ssh.service","systemd::timer::job","timer","job","wmf_auto_restart_ssh","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_ssh","tags":["systemd::service","systemd","service","wmf_auto_restart_ssh","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_ssh.service\n\n[Timer]\nUnit=wmf_auto_restart_ssh.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 20:19:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_ssh.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_ssh","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_ssh","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_ssh","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_ssh","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_ssh\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_ssh/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_ssh]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_ssh","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_ssh","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_ssh\n\n/var/log/wmf_auto_restart_ssh/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"kernel-purge.timer","tags":["service","kernel-purge.timer","systemd::service","systemd","kernel-purge","systemd::timer","timer","systemd::timer::job","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"kernel-purge.timer","tags":["systemd::unit","systemd","unit","kernel-purge.timer","systemd::service","service","kernel-purge","systemd::timer","timer","systemd::timer::job","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of kernel-purge.service\n\n[Timer]\nUnit=kernel-purge.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=monthly\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"kernel-purge.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-kernel-purge.conf","tags":["file","rsyslog::conf","rsyslog","conf","kernel-purge","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"kernel-purge\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/kernel-purge/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/kernel-purge","tags":["file","logrotate::conf","logrotate","conf","kernel-purge","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for kernel-purge\n\n/var/log/kernel-purge/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"prometheus-debian-version-textfile.timer","tags":["service","prometheus-debian-version-textfile.timer","systemd::service","systemd","prometheus-debian-version-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"prometheus-debian-version-textfile.timer","tags":["systemd::unit","systemd","unit","prometheus-debian-version-textfile.timer","systemd::service","service","prometheus-debian-version-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus-debian-version-textfile.service\n\n[Timer]\nUnit=prometheus-debian-version-textfile.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=300s\nOnActiveSec=1s\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"prometheus-debian-version-textfile.timer","require":["Class[Systemd]"]}},{"type":"Service","title":"prometheus-dpkg-success-textfile.timer","tags":["service","prometheus-dpkg-success-textfile.timer","systemd::service","systemd","prometheus-dpkg-success-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"prometheus-dpkg-success-textfile.timer","tags":["systemd::unit","systemd","unit","prometheus-dpkg-success-textfile.timer","systemd::service","service","prometheus-dpkg-success-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus-dpkg-success-textfile.service\n\n[Timer]\nUnit=prometheus-dpkg-success-textfile.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:00/30:00\nRandomizedDelaySec=1800\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"prometheus-dpkg-success-textfile.timer","require":["Class[Systemd]"]}},{"type":"Service","title":"send_puppet_failure_emails.timer","tags":["service","send_puppet_failure_emails.timer","systemd::service","systemd","send_puppet_failure_emails","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for send_puppet_failure_emails.timer (send_puppet_failure_emails.timer)]"]}},{"type":"Systemd::Unit","title":"send_puppet_failure_emails.timer","tags":["systemd::unit","systemd","unit","send_puppet_failure_emails.timer","systemd::service","service","send_puppet_failure_emails","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of send_puppet_failure_emails.service\n\n[Timer]\nUnit=send_puppet_failure_emails.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* 08:15:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"send_puppet_failure_emails.timer","require":["Class[Systemd]"]}},{"type":"Service","title":"cleanup_puppet_client_bucket.timer","tags":["service","cleanup_puppet_client_bucket.timer","systemd::service","systemd","cleanup_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for cleanup_puppet_client_bucket.timer (cleanup_puppet_client_bucket.timer)]"]}},{"type":"Systemd::Unit","title":"cleanup_puppet_client_bucket.timer","tags":["systemd::unit","systemd","unit","cleanup_puppet_client_bucket.timer","systemd::service","service","cleanup_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of cleanup_puppet_client_bucket.service\n\n[Timer]\nUnit=cleanup_puppet_client_bucket.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=24h\nOnActiveSec=1s\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"cleanup_puppet_client_bucket.timer","require":["Class[Systemd]"]}},{"type":"Service","title":"prometheus_ssh_open_sessions.timer","tags":["service","prometheus_ssh_open_sessions.timer","systemd::service","systemd","prometheus_ssh_open_sessions","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"prometheus_ssh_open_sessions.timer","tags":["systemd::unit","systemd","unit","prometheus_ssh_open_sessions.timer","systemd::service","service","prometheus_ssh_open_sessions","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus_ssh_open_sessions.service\n\n[Timer]\nUnit=prometheus_ssh_open_sessions.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* *:0/5:0\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"prometheus_ssh_open_sessions.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-prometheus-ssh-open-sessions.conf","tags":["file","rsyslog::conf","rsyslog","conf","prometheus_ssh_open_sessions","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_ssh_open_sessions\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_ssh_open_sessions/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/prometheus_ssh_open_sessions","tags":["file","logrotate::conf","logrotate","conf","prometheus_ssh_open_sessions","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for prometheus_ssh_open_sessions\n\n/var/log/prometheus_ssh_open_sessions/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/cfssl-serve@proxy-client.service","tags":["file","systemd::unit","systemd","unit","systemd::service","service","class","cfssl::client","cfssl","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Cloudflare SSL (cfssl::client)\nAfter=network.target remote-fs.target nss-lookup.target\nDocumentation=https://github.com/cloudflare/cfssl/tree/master/doc\n\n[Service]\nExecStart=/usr/bin/cfssl serve \\\n          -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem \\\n          -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud.pem \\\n          -config /etc/cfssl/client-cfssl.conf \\\n          -address 127.0.0.1 \\\n          -port 8888\nRestart=always\nRestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for cfssl-serve@proxy-client.service (cfssl-serve@proxy-client)]"}},{"type":"Exec","title":"systemd daemon-reload for cfssl-serve@proxy-client.service (cfssl-serve@proxy-client)","tags":["exec","systemd::unit","systemd","unit","systemd::service","service","class","cfssl::client","cfssl","client","profile::pki::client","profile","pki","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Exec","title":"apt_repository_component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia","tags":["exec","apt_repository_component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::repository","apt","repository","component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::package_from_component","package_from_component","lshw-backport","class","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":36,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update ","refreshonly":true}},{"type":"File","title":"/etc/apt/sources.list.d/component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia.list","tags":["file","apt::repository","apt","repository","component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::package_from_component","package_from_component","lshw-backport","class","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":130,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","content":"deb http://apt.wikimedia.org/wikimedia bullseye-wikimedia component/lshw\ndeb-src http://apt.wikimedia.org/wikimedia bullseye-wikimedia component/lshw\n","notify":"Exec[apt_repository_component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"}},{"type":"File","title":"/etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr","tags":["file","cfssl::csr","cfssl","csr","cfssl::cert","cert","kafka__varnishkafka-deployment-prep_kafka_11","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/csr.pp","line":32,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0400","content":"{\n  \"CN\": \"varnishkafka-deployment-prep\",\n  \"hosts\": [\n    \"varnishkafka-deployment-prep\"\n  ],\n  \"key\": {\n    \"algo\": \"ecdsa\",\n    \"size\": 256\n  },\n  \"names\": [\n\n  ]\n}\n"}},{"type":"File","title":"/etc/rsyslog.d/70-varnishkafka.conf","tags":["file","rsyslog::conf","rsyslog","conf","varnishkafka","class","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/varnishkafka/varnishkafka_rsyslog.conf","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"Service","title":"varnishkafka-all","tags":["service","varnishkafka-all","systemd::service","systemd","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Unit","title":"varnishkafka-all","tags":["systemd::unit","systemd","unit","varnishkafka-all","systemd::service","service","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# SPDX-License-Identifier: Apache-2.0\n[Unit]\nDescription=Varnishkafka - All Instances\n\n[Service]\nType=oneshot\nRemainAfterExit=true\nExecStart=/bin/true\nExecReload=/bin/true\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"varnishkafka-all","require":["Class[Systemd]"]}},{"type":"File","title":"/lib/systemd/system/varnishkafka-webrequest.service","tags":["file","base::service_unit","base","service_unit","varnishkafka-webrequest","varnishkafka::instance","varnishkafka","instance","webrequest","class","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":89,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=VarnishKafka webrequest\nAfter=network.target local-fs.target varnish-frontend.service\nRequires=varnish-frontend.service\nBindsTo=varnish-frontend.service\nPartOf=varnishkafka-all.service\n\n[Service]\nType=simple\nExecStart=/usr/bin/varnishkafka -S \"/etc/varnishkafka/webrequest.conf\"\nExecReload=/bin/kill -HUP $MAINPID\nRestart=on-failure\n\n[Install]\nWantedBy=varnishkafka-all.service multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":["Service[varnishkafka-webrequest]"]}},{"type":"Exec","title":"systemd reload for varnishkafka-webrequest","tags":["exec","base::service_unit","base","service_unit","varnishkafka-webrequest","varnishkafka::instance","varnishkafka","instance","webrequest","class","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":114,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"subscribe":"File[/lib/systemd/system/varnishkafka-webrequest.service]","before":["Service[varnishkafka-webrequest]"]}},{"type":"Service","title":"varnishkafka-webrequest","tags":["service","varnishkafka-webrequest","base::service_unit","base","service_unit","varnishkafka::instance","varnishkafka","instance","webrequest","class","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":134,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"hasstatus":true,"hasrestart":true}},{"type":"Systemd::Unit","title":"wmf_auto_restart_prometheus-varnishkafka-exporter.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_prometheus-varnishkafka-exporter.service","systemd::timer::job","timer","job","wmf_auto_restart_prometheus-varnishkafka-exporter","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: prometheus-varnishkafka-exporter\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s prometheus-varnishkafka-exporter\n","unit":"wmf_auto_restart_prometheus-varnishkafka-exporter.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_prometheus-varnishkafka-exporter","tags":["systemd::timer","systemd","timer","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 5:54:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_prometheus-varnishkafka-exporter.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_prometheus-varnishkafka-exporter","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/etc/cfssl/csr/discovery2026__purged.csr","tags":["file","cfssl::csr","cfssl","csr","cfssl::cert","cert","discovery2026__purged","class"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/cfssl/manifests/csr.pp","line":32,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0400","content":"{\n  \"CN\": \"purged\",\n  \"hosts\": [\n    \"purged\"\n  ],\n  \"key\": {\n    \"algo\": \"ecdsa\",\n    \"size\": 256\n  },\n  \"names\": [\n\n  ]\n}\n"}},{"type":"File","title":"/lib/systemd/system/purged.service","tags":["file","systemd::unit","systemd","unit","purged","systemd::service","service","class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Purger for ATS and Varnish\n\n[Service]\nExecStart=/usr/bin/purged -backend_addr \"127.0.0.1:3128\" -frontend_addr \"/run/varnish-privileged.socket\" -prometheus_addr :2112 -frontend_workers 4 -backend_workers 2  -topics eqiad.resource-purge -kafkaConfig /etc/purged/purged-kafka.conf\nRestart=on-failure\n# Allocate a user for purged on-the-fly. This turns off write access to most\n# directories. See http://0pointer.net/blog/dynamic-users-with-systemd.html\nDynamicUser=yes\n\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for purged.service (purged)]"}},{"type":"Exec","title":"systemd daemon-reload for purged.service (purged)","tags":["exec","systemd::unit","systemd","unit","purged","systemd::service","service","class","profile::cache::purge","profile","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"notify":["Service[purged]"]}},{"type":"Systemd::Unit","title":"wmf_auto_restart_purged.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_purged.service","systemd::timer::job","timer","job","wmf_auto_restart_purged","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: purged\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s purged\n","unit":"wmf_auto_restart_purged.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_purged","tags":["systemd::timer","systemd","timer","wmf_auto_restart_purged","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 21:37:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_purged.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_purged","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_purged","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Service","title":"varnishmtail@default","tags":["service","systemd::service","systemd","varnish::logging::mtail","varnish","logging","mtail","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Unit","title":"varnishmtail@default","tags":["systemd::unit","systemd","unit","systemd::service","service","varnish::logging::mtail","varnish","logging","mtail","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=\"Varnish mtail %i instance\"\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nSyslogIdentifier=varnishmtail-%i\nRestart=always\nExecStart=/usr/local/bin/varnishmtail-%i /etc/mtail-default 3903\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":true,"unit":"varnishmtail@default","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/mtail-default","tags":["file","mtail::program","mtail","program","varnishreqstats","varnish::logging::mtail","varnish","logging","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":35,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/mtail-default/varnishreqstats.mtail","tags":["file","mtail::program","mtail","program","varnishreqstats","varnish::logging::mtail","varnish","logging","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/mtail/programs/varnishreqstats.mtail","notify":"Systemd::Service[varnishmtail@default]","require":"File[/etc/mtail-default]","owner":"root","group":"root"}},{"type":"File","title":"/etc/mtail-default/varnishttfb.mtail","tags":["file","mtail::program","mtail","program","varnishttfb","varnish::logging::mtail","varnish","logging","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/mtail/programs/varnishttfb.mtail","notify":"Systemd::Service[varnishmtail@default]","require":"File[/etc/mtail-default]","owner":"root","group":"root"}},{"type":"File","title":"/etc/mtail-default/varnishxcache.mtail","tags":["file","mtail::program","mtail","program","varnishxcache","varnish::logging::mtail","varnish","logging","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/mtail/programs/varnishxcache.mtail","notify":"Systemd::Service[varnishmtail@default]","require":"File[/etc/mtail-default]","owner":"root","group":"root"}},{"type":"File","title":"/etc/mtail-default/varnishrls.mtail","tags":["file","mtail::program","mtail","program","varnishrls","varnish::logging::mtail","varnish","logging","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/mtail/programs/varnishrls.mtail","notify":"Systemd::Service[varnishmtail@default]","require":"File[/etc/mtail-default]","owner":"root","group":"root"}},{"type":"Service","title":"varnishmtail@internal","tags":["service","systemd::service","systemd","varnish::logging::mtail","varnish","logging","mtail","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Unit","title":"varnishmtail@internal","tags":["systemd::unit","systemd","unit","systemd::service","service","varnish::logging::mtail","varnish","logging","mtail","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=\"Varnish mtail %i instance\"\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nSyslogIdentifier=varnishmtail-%i\nRestart=always\nExecStart=/usr/local/bin/varnishmtail-%i /etc/mtail-internal 3913\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":true,"unit":"varnishmtail@internal","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/mtail-internal","tags":["file","mtail::program","mtail","program","varnishprocessing","varnish::logging::mtail","varnish","logging","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":35,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755"}},{"type":"File","title":"/etc/mtail-internal/varnishprocessing.mtail","tags":["file","mtail::program","mtail","program","varnishprocessing","varnish::logging::mtail","varnish","logging","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/mtail/programs/varnishprocessing.mtail","notify":"Systemd::Service[varnishmtail@internal]","require":"File[/etc/mtail-internal]","owner":"root","group":"root"}},{"type":"File","title":"/etc/mtail-internal/varnisherrors.mtail","tags":["file","mtail::program","mtail","program","varnisherrors","varnish::logging::mtail","varnish","logging","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/mtail/programs/varnisherrors.mtail","notify":"Systemd::Service[varnishmtail@internal]","require":"File[/etc/mtail-internal]","owner":"root","group":"root"}},{"type":"File","title":"/etc/mtail-internal/varnishsli.mtail","tags":["file","mtail::program","mtail","program","varnishsli","varnish::logging::mtail","varnish","logging","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/mtail/manifests/program.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/mtail/programs/varnishsli.mtail","notify":"Systemd::Service[varnishmtail@internal]","require":"File[/etc/mtail-internal]","owner":"root","group":"root"}},{"type":"File","title":"/lib/systemd/system/varnish-frontend-tlsinspector.service","tags":["file","systemd::unit","systemd","unit","varnish-frontend-tlsinspector","systemd::service","service","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Varnish frontend TLS ciphersuite inspector\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishtlsinspector --varnishd-instance-name frontend\nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for varnish-frontend-tlsinspector.service (varnish-frontend-tlsinspector)]"}},{"type":"Exec","title":"systemd daemon-reload for varnish-frontend-tlsinspector.service (varnish-frontend-tlsinspector)","tags":["exec","systemd::unit","systemd","unit","varnish-frontend-tlsinspector","systemd::service","service","class","varnish::logging","varnish","logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/etc/sysctl.d/70-TCP-Fast-Open.conf","tags":["file","sysctl::conffile","sysctl","conffile","sysctl::parameters","parameters","class","profile::tcp_fast_open","profile","tcp_fast_open","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/conffile.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nnet.ipv4.tcp_fastopen = 3\n","notify":"Exec[update_sysctl]","owner":"root","group":"root"}},{"type":"Exec","title":"apt_repository_thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia","tags":["exec","apt_repository_thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::repository","apt","repository","thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::package_from_component","package_from_component","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":36,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update ","refreshonly":true}},{"type":"File","title":"/etc/apt/sources.list.d/thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia.list","tags":["file","apt::repository","apt","repository","thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia","apt::package_from_component","package_from_component","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/repository.pp","line":130,"exported":false,"kind":"compilable_type","parameters":{"ensure":"file","owner":"root","group":"root","mode":"0444","content":"deb http://apt.wikimedia.org/wikimedia bullseye-wikimedia thirdparty/haproxy28\ndeb-src http://apt.wikimedia.org/wikimedia bullseye-wikimedia thirdparty/haproxy28\n","notify":"Exec[apt_repository_thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"}},{"type":"Exec","title":"apt_pin_apt_pin_haproxy","tags":["exec","apt_pin_apt_pin_haproxy","apt::pin","apt","pin","apt_pin_haproxy","apt::package_from_component","package_from_component","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/pin.pp","line":19,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/apt-get update","refreshonly":true}},{"type":"File","title":"/etc/apt/preferences.d/apt_pin_haproxy.pref","tags":["file","apt::pin","apt","pin","apt_pin_haproxy","apt::package_from_component","package_from_component","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/apt/manifests/pin.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"Package: haproxy\nPin: release c=thirdparty/haproxy28\nPin-Priority: 1002\n","notify":"Exec[apt_package_from_component_haproxy]"}},{"type":"File","title":"/lib/systemd/system/haproxy.service","tags":["file","systemd::unit","systemd","unit","haproxy","systemd::service","service","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=HAProxy Load Balancer\nDocumentation=man:haproxy(1)\nDocumentation=file:/usr/share/doc/haproxy/configuration.txt.gz\nAfter=network-online.target syslog.service\nWants=network-online.target syslog.service\n\n[Service]\nEnvironment=\"CONFIG=/etc/haproxy/haproxy.cfg\" \"PIDFILE=/run/haproxy/haproxy.pid\"\nEnvironmentFile=-/etc/default/haproxy\nExecStartPre=/usr/local/sbin/tls-check /etc/haproxy-tls-check.cfg\nExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q $EXTRAOPTS\nExecStart=/usr/sbin/haproxy -Ws -f ${CONFIG} -p $PIDFILE $EXTRAOPTS\nExecReload=/usr/sbin/haproxy -f ${CONFIG} -c -q $EXTRAOPTS\nExecReload=/bin/kill -USR2 $MAINPID\nKillMode=mixed\nRestart=always\nSuccessExitStatus=143\nType=notify\nLimitNOFILE=500000\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for haproxy.service (haproxy)]"}},{"type":"Exec","title":"systemd daemon-reload for haproxy.service (haproxy)","tags":["exec","systemd::unit","systemd","unit","haproxy","systemd::service","service","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[haproxy]"]}},{"type":"Class","title":"Monitoring","tags":["class","monitoring","monitoring::service","service","haproxy","nrpe::monitor_service","nrpe","monitor_service","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"exported":false,"kind":"unknown","parameters":{"contact_group":"admin","cluster":"misc","nagios_group":"misc","notifications_enabled":true,"do_paging":true,"hosts":{},"services":{}}},{"type":"Monitoring::Exported_nagios_service","title":"deployment-cache-text08 haproxy","tags":["monitoring::exported_nagios_service","monitoring","exported_nagios_service","monitoring::service","service","haproxy","nrpe::monitor_service","nrpe","monitor_service","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/monitoring/manifests/service.pp","line":104,"kind":"defined_type","exported":false,"parameters":{"ensure":"present","host_name":"deployment-cache-text08","servicegroups":"misc","service_description":"haproxy process","check_command":"nrpe_check!check_haproxy!10","max_check_attempts":3,"check_interval":1,"retry_interval":1,"check_period":"24x7","notification_interval":0,"notification_period":"24x7","notification_options":"c,r,f","notifications_enabled":"1","contact_groups":"admins","passive_checks_enabled":1,"active_checks_enabled":1,"is_volatile":0,"check_freshness":0,"notes_url":"https://wikitech.wikimedia.org/wiki/HAProxy"}},{"type":"Class","title":"Prometheus::Instances","tags":["class","prometheus::instances","prometheus","instances"],"exported":false,"kind":"unknown"},{"type":"Systemd::Unit","title":"nrpe2nodexp-haproxy.service","tags":["systemd::unit","systemd","unit","nrpe2nodexp-haproxy.service","systemd::timer::job","timer","job","nrpe2nodexp-haproxy","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=execution of nrpe2nodexp for the check_haproxy command.\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=nagios\n\nGroup=prometheus-node-exporter\nSyslogIdentifier=nrpe2nodexp-haproxy\nExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"8b4833c5a4a8470c54300abc1c3122e3\" --timeout 10 --check-command \"check_haproxy\"\n","unit":"nrpe2nodexp-haproxy.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"nrpe2nodexp-haproxy","tags":["systemd::timer","systemd","timer","nrpe2nodexp-haproxy","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnUnitInactiveSec","interval":"1min"},{"interval":"1s","start":"OnActiveSec"}],"splay":60,"fixed_random_delay":true,"accuracy":"15sec","unit_name":"nrpe2nodexp-haproxy.service"}},{"type":"File","title":"/etc/rsyslog.d/25-nrpe2nodexp-haproxy.conf","tags":["file","rsyslog::conf","rsyslog","conf","nrpe2nodexp-haproxy","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"nrpe2nodexp-haproxy\" then {\n    if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n        # Send logs to kafka\n        set $.log_outputs = \"kafka ecs_170 local\";\n    } else {\n        # Filter out non-relevant nrpe2nodexp messages\n        stop\n    }\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"Monitoring::Exported_nagios_service","title":"deployment-cache-text08 haproxy_alive","tags":["monitoring::exported_nagios_service","monitoring","exported_nagios_service","monitoring::service","service","haproxy_alive","nrpe::monitor_service","nrpe","monitor_service","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/monitoring/manifests/service.pp","line":104,"kind":"defined_type","exported":false,"parameters":{"ensure":"absent","host_name":"deployment-cache-text08","servicegroups":"misc","service_description":"haproxy alive","check_command":"nrpe_check!check_haproxy_alive!10","max_check_attempts":3,"check_interval":1,"retry_interval":1,"check_period":"24x7","notification_interval":0,"notification_period":"24x7","notification_options":"c,r,f","notifications_enabled":"1","contact_groups":"admins","passive_checks_enabled":1,"active_checks_enabled":1,"is_volatile":0,"check_freshness":0,"notes_url":"https://wikitech.wikimedia.org/wiki/HAProxy"}},{"type":"Systemd::Unit","title":"nrpe2nodexp-haproxy_alive.service","tags":["systemd::unit","systemd","unit","nrpe2nodexp-haproxy_alive.service","systemd::timer::job","timer","job","nrpe2nodexp-haproxy_alive","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=execution of nrpe2nodexp for the check_haproxy_alive command.\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=nagios\n\nGroup=prometheus-node-exporter\nSyslogIdentifier=nrpe2nodexp-haproxy_alive\nExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"0065d6c8589cde5ab0f2099cfdcb8eff\" --timeout 10 --check-command \"check_haproxy_alive\"\n","unit":"nrpe2nodexp-haproxy_alive.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"nrpe2nodexp-haproxy_alive","tags":["systemd::timer","systemd","timer","nrpe2nodexp-haproxy_alive","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnUnitInactiveSec","interval":"1min"},{"interval":"1s","start":"OnActiveSec"}],"splay":60,"fixed_random_delay":true,"accuracy":"15sec","unit_name":"nrpe2nodexp-haproxy_alive.service"}},{"type":"File","title":"/etc/rsyslog.d/25-nrpe2nodexp-haproxy-alive.conf","tags":["file","rsyslog::conf","rsyslog","conf","nrpe2nodexp-haproxy_alive","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"nrpe2nodexp-haproxy_alive\" then {\n    if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n        # Send logs to kafka\n        set $.log_outputs = \"kafka ecs_170 local\";\n    } else {\n        # Filter out non-relevant nrpe2nodexp messages\n        stop\n    }\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/lib/systemd/system/haproxy_stek_job.service","tags":["file","systemd::unit","systemd","unit","haproxy_stek_job.service","systemd::timer::job","timer","job","haproxy_stek_job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=HAProxy STEK manager\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/haproxy-stek-manager /run/haproxy-secrets/stek.keys\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for haproxy_stek_job.service (haproxy_stek_job.service)]"}},{"type":"Exec","title":"systemd daemon-reload for haproxy_stek_job.service (haproxy_stek_job.service)","tags":["exec","systemd::unit","systemd","unit","haproxy_stek_job.service","systemd::timer::job","timer","job","haproxy_stek_job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"haproxy_stek_job","tags":["systemd::service","systemd","service","haproxy_stek_job","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of haproxy_stek_job.service\n\n[Timer]\nUnit=haproxy_stek_job.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* 00/8:00:00\nOnBootSec=0sec\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[haproxy_stek_job.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/haproxy_stek_job","tags":["file","systemd::syslog","systemd","syslog","haproxy_stek_job","systemd::timer::job","timer","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"haproxy_stek_job","tags":["rsyslog::conf","rsyslog","conf","haproxy_stek_job","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"haproxy_stek_job\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/haproxy_stek_job/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/haproxy_stek_job]","mode":"0444"}},{"type":"Logrotate::Conf","title":"haproxy_stek_job","tags":["logrotate::conf","logrotate","conf","haproxy_stek_job","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for haproxy_stek_job\n\n/var/log/haproxy_stek_job/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/usr/local/share/ca-certificates/Lets_Encrypt_Authority_X3.crt","tags":["file","sslcert::ca","sslcert","ca","lets_encrypt_authority_x3","class","acme_chief","acme_chief::cert","cert","unified","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/acme_chief/lets-encrypt-x3-cross-signed.pem"}},{"type":"File","title":"/usr/local/share/ca-certificates/Lets_Encrypt_Authority_X4.crt","tags":["file","sslcert::ca","sslcert","ca","lets_encrypt_authority_x4","class","acme_chief","acme_chief::cert","cert","unified","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sslcert/manifests/ca.pp","line":40,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","require":"Package[ca-certificates]","notify":"Exec[update-ca-certificates]","source":"puppet:///modules/acme_chief/lets-encrypt-x4-cross-signed.pem"}},{"type":"File","title":"/lib/systemd/system/haproxy-mtail@tls.socket","tags":["file","systemd::unit","systemd","unit","systemd::service","service","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=rsyslog<->mtail FIFO (instance %i)\n# rsyslog requires the fifo to be created before it's started\n# https://www.rsyslog.com/doc/v8-stable/configuration/modules/ompipe.html\nBefore=rsyslog.service\n\n[Socket]\nListenFIFO=/var/log/haproxy.fifo\nSocketMode=700\nSocketUser=root\nPipeSize=1M\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for haproxy-mtail@tls.socket (haproxy-mtail@tls.socket)]"}},{"type":"Exec","title":"systemd daemon-reload for haproxy-mtail@tls.socket (haproxy-mtail@tls.socket)","tags":["exec","systemd::unit","systemd","unit","systemd::service","service","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[haproxy-mtail@tls.socket]"]}},{"type":"File","title":"/lib/systemd/system/haproxy-mtail@tls.service","tags":["file","systemd::unit","systemd","unit","systemd::service","service","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=HAProxy mtail instance %i\nAfter=haproxy-mtail@%i.socket\nRequires=haproxy-mtail@%i.socket\n\n[Service]\nType=simple\nExecStart=/usr/bin/mtail --progs /etc/haproxymtail --port 3906 -logs /var/log/haproxy.fifo -disable_fsnotify --logtostderr\nExecReload=/bin/kill -SIGHUP $MAINPID\nRestart=on-failure\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for haproxy-mtail@tls.service (haproxy-mtail@tls)]"}},{"type":"Exec","title":"systemd daemon-reload for haproxy-mtail@tls.service (haproxy-mtail@tls)","tags":["exec","systemd::unit","systemd","unit","systemd::service","service","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[haproxy-mtail@tls]"]}},{"type":"Service","title":"mtail","tags":["service","mtail","systemd::service","systemd","class","mtail::program","program","cache_haproxy","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"before":["Exec[systemd daemon-reload for mtail.service (mtail)]"]}},{"type":"Systemd::Unit","title":"mtail","tags":["systemd::unit","systemd","unit","mtail","systemd::service","service","class","mtail::program","program","cache_haproxy","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Service]\nExecStart=\nExecStart=/usr/bin/mtail -progs /etc/mtail -logtostderr $EXTRA_ARGS\nGroup=root\nLimitNOFILE=16384\n","override":true,"override_filename":"puppet-override.conf","restart":true,"unit":"mtail","require":["Class[Systemd]"]}},{"type":"File","title":"/lib/systemd/system/wmfuniq-experiment-fetcher.service","tags":["file","systemd::unit","systemd","unit","wmfuniq-experiment-fetcher.service","systemd::timer::job","timer","job","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=fetch edge uniques experiments configuration\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nEnvironment=\"MAILTO=sre-traffic@wikimedia.org\"\nSyslogIdentifier=wmfuniq-experiment-fetcher\nExecStart=/usr/local/bin/systemd-timer-mail-wrapper --subject wmfuniq-experiment-fetcher --mail-to root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud --only-on-error /usr/local/bin/wmfuniq-experiment-fetcher /etc/varnish/uniques.json\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmfuniq-experiment-fetcher.service (wmfuniq-experiment-fetcher.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmfuniq-experiment-fetcher.service (wmfuniq-experiment-fetcher.service)","tags":["exec","systemd::unit","systemd","unit","wmfuniq-experiment-fetcher.service","systemd::timer::job","timer","job","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmfuniq-experiment-fetcher","tags":["systemd::service","systemd","service","wmfuniq-experiment-fetcher","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmfuniq-experiment-fetcher.service\n\n[Timer]\nUnit=wmfuniq-experiment-fetcher.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=1s\nOnCalendar=minutely\nRandomizedDelaySec=59\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmfuniq-experiment-fetcher.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmfuniq-experiment-fetcher","tags":["file","systemd::syslog","systemd","syslog","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmfuniq-experiment-fetcher","tags":["rsyslog::conf","rsyslog","conf","wmfuniq-experiment-fetcher","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmfuniq-experiment-fetcher\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmfuniq-experiment-fetcher/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmfuniq-experiment-fetcher]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmfuniq-experiment-fetcher","tags":["logrotate::conf","logrotate","conf","wmfuniq-experiment-fetcher","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmfuniq-experiment-fetcher\n\n/var/log/wmfuniq-experiment-fetcher/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Nrpe::Plugin","title":"check_systemd_unit_status","tags":["nrpe::plugin","nrpe","plugin","check_systemd_unit_status","systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/monitor.pp","line":19,"kind":"defined_type","exported":false,"parameters":{"source":"puppet:///modules/systemd/check_systemd_unit_status","ensure":"present"}},{"type":"Nrpe::Monitor_service","title":"check_wmfuniq-experiment-fetcher_status","tags":["nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/monitor.pp","line":23,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Check unit status of wmfuniq-experiment-fetcher","nrpe_command":"/usr/local/lib/nagios/plugins/check_systemd_unit_status wmfuniq-experiment-fetcher","check_interval":10,"retries":2,"contact_group":"admins","notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","critical":false,"migration_task":"T407130","timeout":10,"retry_interval":1,"enable_nrpe2nodexp":false,"enable_icinga_check":true,"nrpe2nodexp_parse_perf_data":false,"alertmanager_team":"observability"}},{"type":"File","title":"/etc/tmpfiles.d/-var-run-confd-template.conf","tags":["file","systemd::tmpfile","systemd","tmpfile","class","confd","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/tmpfile.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"d /var/run/confd-template 0755 root root","mode":"0444","owner":"root","group":"root"}},{"type":"Exec","title":"Refresh tmpfile /var/run/confd-template","tags":["exec","systemd::tmpfile","systemd","tmpfile","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/tmpfile.pp","line":39,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemd-tmpfiles --create --remove '/etc/tmpfiles.d/-var-run-confd-template.conf'","user":"root","refreshonly":true,"subscribe":"File[/etc/tmpfiles.d/-var-run-confd-template.conf]"}},{"type":"Systemd::Unit","title":"clean-confd-rundir.service","tags":["systemd::unit","systemd","unit","clean-confd-rundir.service","systemd::timer::job","timer","job","clean-confd-rundir","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Clean old stale files in /var/run/confd-template\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/bin/find /var/run/confd-template -type f -mtime +30 -delete\n","unit":"clean-confd-rundir.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"clean-confd-rundir","tags":["systemd::timer","systemd","timer","clean-confd-rundir","systemd::timer::job","job","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"*:0/30"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"clean-confd-rundir.service"}},{"type":"Systemd::Syslog","title":"clean-confd-rundir","tags":["systemd::syslog","systemd","syslog","clean-confd-rundir","systemd::timer::job","timer","job","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/etc/logrotate.d/confd","tags":["file","logrotate::conf","logrotate","conf","confd","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","source":"puppet:///modules/confd/logrotate.conf"}},{"type":"File","title":"/etc/rsyslog.d/20-confd.conf","tags":["file","rsyslog::conf","rsyslog","conf","confd","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","source":"puppet:///modules/confd/rsyslog.conf","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/confd","tags":["file","confd::instance","confd","instance","main","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/instance.pp","line":43,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","mode":"0550","owner":"root","group":"root"}},{"type":"File","title":"/etc/confd/conf.d","tags":["file","confd::instance","confd","instance","main","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/instance.pp","line":48,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","recurse":true,"purge":true,"mode":"0550","before":"Service[confd]","owner":"root","group":"root"}},{"type":"File","title":"/etc/confd/templates","tags":["file","confd::instance","confd","instance","main","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/instance.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","recurse":true,"purge":true,"mode":"0550","before":"Service[confd]","owner":"root","group":"root"}},{"type":"Base::Service_unit","title":"confd","tags":["base::service_unit","base","service_unit","confd","confd::instance","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/instance.pp","line":65,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","refresh":true,"systemd":"[Unit]\nDescription=confd\n\n[Service]\nUser=root\nSyslogIdentifier=%N\nEnvironment=\"CONFD_BACKEND=etcd\"\nEnvironment=\"CONFD_DISCOVERY=-srv-record _etcd-client-ssl._tcp.deployment-prep.eqiad1.wikimedia.cloud -scheme https\"\nEnvironment=\"CONFD_OPTS=-interval=3\"\nExecStart=/usr/bin/confd -backend $CONFD_BACKEND $CONFD_DISCOVERY $CONFD_OPTS\nRestart=on-failure\nRestartSec=10s\n\n[Install]\nWantedBy=multi-user.target\n","service_params":{"ensure":"running"},"require":"Package[confd]","declare_service":true,"mask":false}},{"type":"Systemd::Timer::Job","title":"confd_prometheus_metrics","tags":["systemd::timer::job","systemd","timer","job","confd_prometheus_metrics","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/confd/manifests/instance.pp","line":79,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Export confd Prometheus metrics","command":"/usr/local/bin/confd-prometheus-metrics","interval":{"start":"OnCalendar","interval":"minutely"},"user":"root","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"File","title":"/etc/sysctl.d/70-maximum-map-count.conf","tags":["file","sysctl::conffile","sysctl","conffile","sysctl::parameters","parameters","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/sysctl/manifests/conffile.pp","line":56,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# sysctl parameters managed by Puppet.\nvm.max_map_count = 262120\n","notify":"Exec[update_sysctl]","owner":"root","group":"root"}},{"type":"File","title":"/lib/systemd/system/prometheus_varnishd_mmap_count.service","tags":["file","systemd::unit","systemd","unit","prometheus_varnishd_mmap_count.service","systemd::timer::job","timer","job","prometheus_varnishd_mmap_count","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Regular job to collect number of varnishd memory map areas\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-varnishd_mmap_count varnish-frontend.service /var/lib/prometheus/node.d/varnishd_mmap_count.prom\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_varnishd_mmap_count.service (prometheus_varnishd_mmap_count.service)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_varnishd_mmap_count.service (prometheus_varnishd_mmap_count.service)","tags":["exec","systemd::unit","systemd","unit","prometheus_varnishd_mmap_count.service","systemd::timer::job","timer","job","prometheus_varnishd_mmap_count","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"prometheus_varnishd_mmap_count","tags":["systemd::service","systemd","service","prometheus_varnishd_mmap_count","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of prometheus_varnishd_mmap_count.service\n\n[Timer]\nUnit=prometheus_varnishd_mmap_count.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[prometheus_varnishd_mmap_count.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/prometheus_varnishd_mmap_count","tags":["file","systemd::syslog","systemd","syslog","prometheus_varnishd_mmap_count","systemd::timer::job","timer","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"prometheus_varnishd_mmap_count","tags":["rsyslog::conf","rsyslog","conf","prometheus_varnishd_mmap_count","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_varnishd_mmap_count\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_varnishd_mmap_count/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/prometheus_varnishd_mmap_count]","mode":"0444"}},{"type":"Logrotate::Conf","title":"prometheus_varnishd_mmap_count","tags":["logrotate::conf","logrotate","conf","prometheus_varnishd_mmap_count","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for prometheus_varnishd_mmap_count\n\n/var/log/prometheus_varnishd_mmap_count/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/prometheus_sysctl.service","tags":["file","systemd::unit","systemd","unit","prometheus_sysctl.service","systemd::timer::job","timer","job","prometheus_sysctl","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Regular job to collect select sysctl keys/values\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-sysctl /var/lib/prometheus/node.d/sysctl.prom\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_sysctl.service (prometheus_sysctl.service)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_sysctl.service (prometheus_sysctl.service)","tags":["exec","systemd::unit","systemd","unit","prometheus_sysctl.service","systemd::timer::job","timer","job","prometheus_sysctl","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"prometheus_sysctl","tags":["systemd::service","systemd","service","prometheus_sysctl","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of prometheus_sysctl.service\n\n[Timer]\nUnit=prometheus_sysctl.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:0/5\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[prometheus_sysctl.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/prometheus_sysctl","tags":["file","systemd::syslog","systemd","syslog","prometheus_sysctl","systemd::timer::job","timer","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"prometheus_sysctl","tags":["rsyslog::conf","rsyslog","conf","prometheus_sysctl","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_sysctl\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_sysctl/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/prometheus_sysctl]","mode":"0444"}},{"type":"Logrotate::Conf","title":"prometheus_sysctl","tags":["logrotate::conf","logrotate","conf","prometheus_sysctl","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for prometheus_sysctl\n\n/var/log/prometheus_sysctl/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Systemd::Unit","title":"track_vcache_fds.service","tags":["systemd::unit","systemd","unit","track_vcache_fds.service","systemd::timer::job","timer","job","track_vcache_fds","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Regular job to collect file count metrics\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-file-count --outfile /var/lib/prometheus/node.d/vcache_fds.prom --metric node_varnish_filedescriptors_total \"/proc/$(pgrep -u vcache)/fd\"\n","unit":"track_vcache_fds.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"track_vcache_fds","tags":["systemd::timer","systemd","timer","track_vcache_fds","systemd::timer::job","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"minutely"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"track_vcache_fds.service"}},{"type":"Systemd::Syslog","title":"track_vcache_fds","tags":["systemd::syslog","systemd","syslog","track_vcache_fds","systemd::timer::job","timer","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/etc/varnish/normalize_path.inc.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"C{\n\n/******************************************************************************\n * normalize_path_encoding(): URL-Path (not Query!) normalization\n *\n * This function requires as input a \"decoder_ring\", which must be a pointer\n * to a 256-element array of size_t elements.  The indices are the 256\n * possible byte values, and the values control the normalization of the given\n * character in the URL path.  Legal values are currently 0, 1, and 2:\n *\n * 0 -> Always encode this character as a hex escape (%XX)\n * 1 -> Always decode a hex escape representing this character back into the\n *      literal character byte.\n * 2 -> Do not change the encoding of this character, allowing both forms to\n *      pass through.\n *\n * The parsing of the input URL's existing hex escapes is case-insensitive\n * (%AB == %ab == %Ab == %aB).  All hex escapes in the final normalized URL\n * are normalized to upper case hex digits, even if they didn't need any other\n * normalization transformation (even case \"2\" above).\n *\n * RFC 3986 splits the 256 possible byte values completely into 3 sets:\n * 66 Unreserved: 0-9 A-Z a-z - . _ ~\n * 18 Reserved: : / ? # [ ] @ ! $ & ' ( ) * + , ; =\n * 172 Disallowed: 0x00-0x20 0x7F-0xFF < > | { } \" % \\ ^ `\n *\n * As a generic URL normalizer without application-specific knowledge, the best\n * one can do at normalization by the RFC rules is:\n * * Unreserved: always decode (array value 1)\n * * Reserved: do not touch (array value 2)\n * * Disallowed: input is malformed if these exist, but encoding them is best\n *               reasonable option in that case (array value 0)\n *\n * A generic normalizer that matches the above values is provided as\n * \"generic_decoder_ring\" below which can be used as the decoder_ring argument.\n *\n * More-specific decoder rings which increase the amount of normalization can\n * be built with application-specific knowledge, while still conforming to\n * RFCs, by changing some of the Reserved set's 2s into 0s or 1s as warranted.\n *\n * Note that since we're specifically operating on the Path component, which is\n * delimited by literal '?' or '#', that these Reserved characters should not\n * be changed from their 2 value given in the generic_decoder_ring definition.\n * Changing them to 0 will do nothing due to implementation details (which\n * could change in the future!), and changing them to 1 would break the\n * normalized interpretation.\n *\n * Therefore, there are 16 reasonable characters, all from Reserved, that\n * custom application-specific decoders can set to 0 or 1 instead of their\n * default value of 2 from the generic_decoder_ring, if warranted.  We'll call\n * these 16 the Customizable Set:\n * : / [ ] @ ! $ & ' ( ) * + , ; =\n *\n * Changing any others (Unreserved, Disallowed, ?, or #) outside of the\n * Customizable set to values other than those shown in the\n * generic_decoder_ring is allowed by the code, but will almost certainly lead\n * to broken or buggy URL normalization.\n *****************************************************************************/\n\n#include <inttypes.h>\n#include <string.h>\n\nstatic const size_t generic_decoder_ring[256] = {\n  // 0x00-0x1F (all unprintable)\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n  //  ! \" # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?\n    0,2,0,2,2,0,2,2,2,2,2,2,2,1,1,2,1,1,1,1,1,1,1,1,1,1,2,2,0,2,0,2,\n  //@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \\ ] ^ _\n    2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,0,2,0,1,\n  //` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~ <DEL>\n    0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,1,0,\n  // 0x80-0xFF (all unprintable)\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0\n};\n\nstatic const size_t hex_finder[256] = {\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n  //  ! \" # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ...\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,\n  //@ A B C D E F G ...\n    0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n  //` a b c d e f g ...\n    0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0\n};\n\nstatic const size_t hex_dec[256] = {\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,3,4,5,6,7,8,9,0,0,0,0,0,0,\n    0,10,11,12,13,14,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,10,11,12,13,14,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0\n};\n\nstatic const char hex_enc[16] = {\n    '0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'\n};\n\n#define DO_DECODE(_c) (decoder_ring[(uint8_t)(_c)])\n#define IS_HEX(_c) (hex_finder[(uint8_t)(_c)])\n#define HEX_DECODE(_c1,_c2) \\\n    ((hex_dec[(uint8_t)(_c1)] << 4) | hex_dec[(uint8_t)(_c2)])\n#define HEX_ENC_TOP(_c) (hex_enc[((uint8_t)(_c)) >> 4])\n#define HEX_ENC_BOTTOM(_c) (hex_enc[((uint8_t)(_c)) & 0xF])\n#define HEX_IS_LOWER(_c) ((uint8_t)(((((uint8_t)(_c)) & 0x40) >> 6) \\\n                                  & ((((uint8_t)(_c)) & 0x20) >> 5)))\n\nvoid normalize_path_encoding(const struct vrt_ctx *ctx, const size_t* decoder_ring)\n{\n    const char* vrt_url = VRT_r_req_url(ctx);\n    const size_t in_url_len = strlen(vrt_url);\n\n    // Copy input URL to new array with double-NUL termination (this allows\n    // us to not worry about running off the end when checking for %XX hex\n    // encodings):\n    char in_url[in_url_len + 2];\n    memcpy(in_url, vrt_url, in_url_len + 1);\n    in_url[in_url_len + 1] = '\\0';\n\n    // worst-case is every input character requires encoding:\n    char out_url[(in_url_len * 3) + 1];\n\n    const char* in_p = in_url;\n    char* out_p = out_url;\n    unsigned dirty = 0;\n\n    while (1) {\n        const char c = *in_p++;\n        if (c == '\\0') {\n            *out_p = '\\0';\n            break;\n        } else if (c == '?' || c == '#') {\n            if (dirty) {\n                *out_p++ = c;\n                strcpy(out_p, in_p);\n            }\n            break;\n        } else if (c == '%' && IS_HEX(*in_p) && IS_HEX(*(in_p + 1))) {\n            const char x1 = *in_p++;\n            const char x2 = *in_p++;\n            const char x = HEX_DECODE(x1, x2);\n            if (DO_DECODE(x) == 1U) {\n                dirty = 1U;\n                *out_p++ = x;\n            }\n            else {\n                // mark dirty if input hex had lowercase letters\n                dirty |= HEX_IS_LOWER(x1) | HEX_IS_LOWER(x2);\n                *out_p++ = '%';\n                *out_p++ = HEX_ENC_TOP(x);\n                *out_p++ = HEX_ENC_BOTTOM(x);\n            }\n        } else if (DO_DECODE(c)) {\n            *out_p++ = c;\n        } else {\n            dirty = 1U;\n            *out_p++ = '%';\n            *out_p++ = HEX_ENC_TOP(c);\n            *out_p++ = HEX_ENC_BOTTOM(c);\n        }\n    }\n\n    /* Set req.url. This will copy our stack buffer into the workspace.\n     * VRT_l_req_url() is varadic, and concatenates its arguments.\n     */\n    if (dirty)\n        VRT_l_req_url(ctx, NULL, TOSTRAND(out_url));\n}\n\n#undef DO_DECODE\n#undef IS_HEX\n#undef HEX_DECODE\n#undef HEX_ENC_TOP\n#undef HEX_ENC_BOTTOM\n#undef HEX_IS_LOWER\n\n}C\n"}},{"type":"File","title":"/etc/varnish/geoip.inc.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":59,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"// Varnish VCL include file\n\n// Note: This requires \"import header\" in the including VCL\n\nC{\n    #include <dlfcn.h>\n    #include <stdlib.h>\n    #include <stdio.h>\n    #include <string.h>\n    #include <maxminddb.h>\n    #include <pthread.h>\n    #include <sys/types.h>\n    #include <sys/socket.h>\n    #include <netdb.h>\n    #include <arpa/inet.h>\n    #include <alloca.h>\n    #include <syslog.h>\n\n    MMDB_s* mmdb = NULL;\n    #define GEO_FILE \"/usr/share/GeoIP/GeoIP2-City.mmdb\"\n    MMDB_s* mmdb_isp = NULL;\n    #define ISP_FILE \"/usr/share/GeoIP/GeoIP2-ISP.mmdb\"\n\n    static void init_mmdb(MMDB_s** mmdb, const char* file) {\n        if (!mmdb)\n            return;\n\n        *mmdb = malloc(sizeof(MMDB_s));\n        int st = MMDB_open(file, MMDB_MODE_MMAP, *mmdb);\n        if (st != MMDB_SUCCESS) {\n            free(*mmdb);\n            *mmdb = NULL;\n            syslog(LOG_CRIT, \"geoip.inc.vcl: failed to load MMDB '%s'\", file);\n        }\n    }\n\n    static void free_mmdb(MMDB_s** mmdb) {\n        if (mmdb && *mmdb) {\n            MMDB_close(*mmdb);\n            free(*mmdb);\n            *mmdb = NULL;\n        }\n    }\n}C\n\n// This loads a fresh MaxMind DB on every VCL reload, but does not check for\n// data updates between reloads (which would require complex locking or a\n// URCU-based scheme like netmapper uses.  Better to save this for future move\n// to a vmod post-varnish4)\nsub vcl_init { C{\n    init_mmdb(&mmdb, GEO_FILE);\n    init_mmdb(&mmdb_isp, ISP_FILE);\n}C }\n\n// This de-allocates MMDB resources when a VCL is actually discarded, which may\n// be a long while after the triggering reload, especially on low-traffic\n// clusters.\nsub vcl_fini { C{\n    free_mmdb(&mmdb);\n    free_mmdb(&mmdb_isp);\n}C }\n\n// runtime stuff\nC{\n    /*\n     * This function sanitizes the contents of the X-Client-IP header into the\n     * pre-allocated buffer at \"ip\".  It will write at most INET6_ADDRSTRLEN\n     * characters to \"ip\" including the (always present) terminal NUL.  The\n     * return value is the zero for success, non-zero for failure (input IP is\n     * invalid or the encoding of it is too long).\n     *\n     * Callers must specify 'which' data structure to extract the header from:\n     * either HDR_REQ for the client request object (req.http.X-Client-IP in VCL)\n     * or HDR_BEREQ for the request to the upstream backend (bereq.http.X-Client-IP).\n     */\n    static int geo_get_xcip(const struct vrt_ctx *ctx, enum gethdr_e which, char* ip) {\n        const struct gethdr_s hdr = { which, \"\\014X-Client-IP:\" };\n        const char* client_ip = VRT_GetHdr(ctx, &hdr);\n        size_t len = 0;\n        int rv = -1;\n\n        if (client_ip) {\n            len = strspn(client_ip, \"1234567890abcdefABCDEF.:\");\n            if (len > 0 && len < INET6_ADDRSTRLEN) {\n                memcpy(ip, client_ip, len);\n                ip[len] = '\\0';\n                rv = 0;\n            }\n        }\n\n        return rv;\n    }\n\n    /*\n     * Make a string safe to use as a cookie value in a Set-Cookie header by\n     * replacing CTLs, DEL, 8-bit characters, space, double-quote, comma,\n     * semicolon, and backslash with an underscore.\n     */\n    static void geo_sanitize_for_cookie(char* p) {\n        while(*p) {\n            if (*p < 0x21 || *p > 0x7E || strchr(\"\\\",;\\\\\", *p))\n                *p = '_';\n            p++;\n        }\n    }\n\n    /*\n     * Extract the topmost part of the domain name for which a cookie may be\n     * set.  This consists of the public suffix (e.g., 'org') plus one more\n     * level.\n     *\n     * In Wikimedia's case, this is always the top two parts of the name (for\n     * example, 'wikipedia.org' for 'en.m.wikipedia.org'. But we handle other\n     * common cases correctly too, like 'news.bbc.co.uk' (which may set cookies\n     * for bbc.co.uk, but not the entire co.uk public suffix), by assuming that\n     * if either of the top two levels is only one or two characters long, then\n     * the public suffix contains two parts. A fully comprehensive and correct\n     * solution would require checking against a public suffix list like\n     * <https://publicsuffix.org/>.\n     */\n    static const char* geo_get_top_cookie_domain(const char* host) {\n        const char *last, *second_last, *third_last, *fourth_last, *pos, *top_cookie_domain;\n\n        if (!host)\n            return NULL;\n\n        last = second_last = third_last = fourth_last = host;\n        for (pos = host; *pos != '\\0'; pos++) {\n            if (*pos == '.') {\n                fourth_last = third_last;\n                third_last = second_last;\n                second_last = last;\n                last = pos;\n            }\n        }\n\n        if ((pos - last) <= 3  || (last - second_last) <= 3) {\n            // If the last or second last part is only one or two characters long,\n            // set cookies on the domain above that.\n            //\n            // * news.bbc.co.uk      > .uk (last)   > .bbc.co.uk (wildcard)\n            // * example.co.uk       > .co (second) > example.co.uk (plain)\n            // * w.wiki              > w (second)   > .w.wiki (wildcard, unintended and unneeded but harmless)\n            //\n            top_cookie_domain = third_last;\n\n        } else if (!strcmp(third_last, \".beta.wmflabs.org\") || !strcmp(third_last, \".beta.wmcloud.org\")) {\n            // In the Beta Cluster, use the first subdomain.\n            //\n            // * en.m.wikipedia.beta.wmcloud.org  > .wikipedia.beta.wmcloud.org (wildcard)\n            // * w.beta.wmcloud.org               > w.beta.wmcloud.org (plain)\n            //\n            top_cookie_domain = fourth_last;\n\n        } else {\n            // Default to two segments. This will naturally use a wildcard if there were more.\n            //\n            // * en.m.wikipedia.org  > .wikipedia.org (wildcard)\n            // * wikipedia.org       > wikipedia.org (plain)\n            // * beta.wmcloud.org    > .wmcloud.org (wildcard, this is invalid but we don't need it)\n            // * foo.example.wiki    > .example.wiki (wildcard)\n            // * example.wiki        > example.wiki (plain)\n            // * localhost           > localhost (plain)\n            //\n            top_cookie_domain = second_last;\n        }\n\n        if (*top_cookie_domain == '.')\n            top_cookie_domain++;\n\n        return top_cookie_domain;\n    }\n\n    typedef enum _geo_idx_t {\n        GEO_IDX_CITY    = 0,\n        GEO_IDX_COUNTRY = 1,\n        GEO_IDX_REGION  = 2,\n        GEO_IDX_LAT     = 3,\n        GEO_IDX_LON     = 4,\n        _GEO_IDX_SIZE   = 5,\n    } geo_idx_t;\n\n    static void geo_out_cookie(const struct vrt_ctx *ctx, char** geo) {\n        char host_safe[50];\n\n        // We can't set a cookie if we don't know the valid top domain, so this\n        // is the case where we emit no Cookie output at all (as before) with\n        // the two possible bare \"return;\" below\n        const struct gethdr_s hdr = { HDR_REQ, \"\\016x-cookie-host:\" };\n        const char* host = VRT_GetHdr(ctx, &hdr);\n        if (!host)\n            return;\n        const char* top_dom = geo_get_top_cookie_domain(host);\n        const unsigned top_dom_len = strlen(top_dom);\n        if (top_dom_len >= 50)\n            return;\n        memcpy(host_safe, top_dom, top_dom_len + 1);\n        geo_sanitize_for_cookie(host_safe);\n\n        char out[255];\n        int out_size = snprintf(out, 255, \"GeoIP=%s:%s:%s:%s:%s:v4\",\n            geo[GEO_IDX_COUNTRY],\n            geo[GEO_IDX_REGION],\n            geo[GEO_IDX_CITY],\n            geo[GEO_IDX_LAT],\n            geo[GEO_IDX_LON]\n        );\n\n        if (out_size >= 254)\n            strcpy(out, \"GeoIP=:::::v4\");\n        else\n            geo_sanitize_for_cookie(out);\n\n        // Use libvmod-header to ensure the Set-Cookie header we are adding\n        // does not clobber or manipulate existing cookie headers (if any).\n        const struct gethdr_s hdr_set_cookie = { HDR_RESP, \"\\013Set-Cookie:\" };\n        Vmod_vmod_header_Func.append(\n            ctx, &hdr_set_cookie,\n            TOSTRANDS(\n                3, out, \"; Path=/; secure; Domain=.\",\n                host_safe\n            )\n        );\n    }\n\n    static const char* mm_path[_GEO_IDX_SIZE][4] = {\n        {\"city\", \"names\", \"en\", NULL},\n        {\"country\", \"iso_code\", NULL, NULL},\n        {\"subdivisions\", \"0\", \"iso_code\", NULL},\n        {\"location\", \"latitude\", NULL, NULL},\n        {\"location\", \"longitude\", NULL, NULL},\n    };\n\n    static void geo_xcip_output(const struct vrt_ctx *ctx) {\n        int gai_error, mmdb_error;\n        char ip[INET6_ADDRSTRLEN];\n        char* geo[_GEO_IDX_SIZE];\n        char* empty = \"\\0\";\n        geo_idx_t g;\n\n        // Initialize geo to all-empty early, for failure output\n        for (g = 0; g < _GEO_IDX_SIZE; g++)\n            geo[g] = empty;\n\n        if (!mmdb)\n            goto out;\n        if (geo_get_xcip(ctx, HDR_REQ, ip))\n            goto out;\n        MMDB_lookup_result_s result = MMDB_lookup_string(mmdb, ip,\n            &gai_error, &mmdb_error);\n        if (gai_error || mmdb_error != MMDB_SUCCESS || !result.found_entry)\n            goto out;\n\n        // from this point we have a lookup, it just may or may\n        // not have a full set of useful fields.\n\n        // Parse results into \"geo\" on the stack, which is always full of\n        // pointers.  The pointers are to empty strings if results are lacking.\n        for (g = 0; g < _GEO_IDX_SIZE; g++) {\n            MMDB_entry_data_s edata;\n            int st = MMDB_aget_value(&result.entry, &edata, mm_path[g]);\n            if (st == MMDB_SUCCESS && edata.has_data) {\n                switch(edata.type){\n                    case MMDB_DATA_TYPE_UTF8_STRING:\n                        geo[g] = alloca(edata.data_size + 1);\n                        memcpy(geo[g], edata.utf8_string, edata.data_size);\n                        geo[g][edata.data_size] = '\\0';\n                        break;\n                    case MMDB_DATA_TYPE_DOUBLE:\n                        geo[g] = alloca(16);\n                        snprintf(geo[g], 16, \"%.2f\", edata.double_value);\n                        break;\n                    default:\n                        break;\n                }\n            }\n        }\n\n        out:\n        geo_out_cookie(ctx, geo);\n    }\n\n    // mmdb paths to attach to respective header names on the backend request.\n    static const char* nel_geo_path[2][4] = {\n        {\"country\", \"iso_code\", NULL, NULL},\n        {\"subdivisions\", \"0\", \"iso_code\", NULL},\n    };\n    static const char* nel_geo_hdrname[2] = {\n        \"\\020X-GeoIP-Country:\",\n        \"\\024X-GeoIP-Subdivision:\",\n    };\n    static const int _NEL_GEO_SIZE = sizeof(nel_geo_path)/sizeof(nel_geo_path[0]);\n\n    // mmdb_isp paths to attach to respective header names on the backend request.\n    static const char* nel_asn_path[3][2] = {\n        {\"autonomous_system_number\", NULL},\n        {\"isp\", NULL},\n        {\"organization\", NULL},\n    };\n    static const char* nel_asn_hdrname[3] = {\n        \"\\022X-GeoIP-AS-Number:\",\n        \"\\014X-GeoIP-ISP:\",\n        \"\\025X-GeoIP-Organization:\",\n    };\n    static const int _NEL_ASN_SIZE = sizeof(nel_asn_path)/sizeof(nel_asn_path[0]);\n\n    // Given a MMDB entry data, and a header name, set the entry's data as the backend request header value.\n    static void edata_to_hdr(const struct vrt_ctx *ctx, const char* hdrname, const MMDB_entry_data_s* edata) {\n        if (edata && edata->has_data) {\n            const struct gethdr_s hdr = { HDR_BEREQ, hdrname };\n            char* tmp = NULL;\n            switch (edata->type) {\n                case MMDB_DATA_TYPE_UTF8_STRING:\n                    tmp = alloca(edata->data_size + 1);\n                    memcpy(tmp, edata->utf8_string, edata->data_size);\n                    tmp[edata->data_size] = '\\0';\n                    VRT_SetHdr(ctx, &hdr, NULL, TOSTRAND(tmp));\n                    break;\n                case MMDB_DATA_TYPE_UINT32:\n                    VRT_SetHdr(ctx, &hdr, NULL, TOSTRAND(VRT_INT_string(ctx, edata->uint32)));\n                    break;\n                default:\n                    break;\n            }\n        }\n    }\n\n    // Attach all nel_geo_paths and nel_asn_paths as backend request headers.\n    static void nel_xcip_output(const struct vrt_ctx *ctx) {\n        int gai_error, mmdb_error;\n        char ip[INET6_ADDRSTRLEN];\n        if (!mmdb && !mmdb_isp)\n            goto done;\n        if (geo_get_xcip(ctx, HDR_BEREQ, ip))\n            goto done;\n        // First, the geographical part.\n        if (!mmdb)\n            goto asn;\n        MMDB_lookup_result_s result = MMDB_lookup_string(mmdb, ip,\n            &gai_error, &mmdb_error);\n        if (gai_error || mmdb_error != MMDB_SUCCESS || !result.found_entry)\n            goto asn;\n\n        // Fill country code and subdivision if any\n        int g = 0;\n        for (g = 0; g < _NEL_GEO_SIZE; g++) {\n            MMDB_entry_data_s edata;\n            int st = MMDB_aget_value(&result.entry, &edata, nel_geo_path[g]);\n            if (st == MMDB_SUCCESS && edata.has_data) {\n                edata_to_hdr(ctx, nel_geo_hdrname[g], &edata);\n            }\n        }\n\n        // Fill AS number, ISP, organization\n        asn:\n        if (!mmdb_isp)\n            goto done;\n        result = MMDB_lookup_string(mmdb_isp, ip,\n            &gai_error, &mmdb_error);\n        if (gai_error || mmdb_error != MMDB_SUCCESS || !result.found_entry)\n            goto done;\n        for (g = 0; g < _NEL_ASN_SIZE; g++) {\n            MMDB_entry_data_s edata;\n            int st = MMDB_aget_value(&result.entry, &edata, nel_asn_path[g]);\n            if (st == MMDB_SUCCESS && edata.has_data) {\n                edata_to_hdr(ctx, nel_asn_hdrname[g], &edata);\n            }\n        }\n\n        done:\n        return;\n    }\n}C\n\nsub nel_geoip_bereq {\n    C{nel_xcip_output(ctx);}C\n}\n\n// Emits a Set-Cookie\nsub geoip_cookie {\n    C{geo_xcip_output(ctx);}C\n}\n"}},{"type":"File","title":"/etc/varnish/wikimedia_text-frontend.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"// common frontend code for all clusters\n\nvcl 4.1;\n\n\nimport std;\n# this is needed by geoip.inc.vcl, and in general is the only way to sanely do\n# Set-Cookie in the face of multiple independent cookies being set from\n# different code.\nimport header;\n\nimport cookie;\nimport directors;\nimport netmapper;\nimport querysort;  // T138093\nimport var;\nimport wmfuniq;\n\n// rate limiting\nimport vsthrottle;\n\n\ninclude \"analytics.inc.vcl\";\ninclude \"alternate-domains.inc.vcl\";\ninclude \"browsersec.inc.vcl\";\ninclude \"errorpage.inc.vcl\";\ninclude \"translation-engine.inc.vcl\";\n\n# ACLs\n\nacl local_host {\n       \"127.0.0.1\";\n}\n\nacl local_tls_terminator {\n       \"172.16.3.164\"; // note this matches nginx proxy_pass for TLS\n       \"0.0.0.0\"; // this matches incoming traffic via UDS\n}\n\nacl UDS {\n       \"0.0.0.0\";\n}\n\n// external trusted proxies aren't allowed to set XCIP (via XFF) to wikimedia_nets,\n// and this ACL is also used to skip ratelimiting of most requests\nacl wikimedia_nets {\n       \"172.16.0.0\"/12;\n       \"127.0.0.0\"/8;\n       \"::1\"/128;\n       \"172.16.0.0\"/12;\n       // The following IP addresses are AWS Elastic IPs used by the\n       // Wikimedia Enterprise project to bulk scrape content and query APIs.\n       // They are added to wikimedia_nets in order to skip most of our CDN's\n       // rate limiting, including being unaffected by requestctl.\n       \"3.23.12.83\"/32;     // T255524\n       \"3.211.48.168\"/32;   // T294798\n       \"44.206.140.241\"/32; // T370294\n       \"35.168.168.219\"/32; // T370294\n       \"35.172.30.169\"/32;  // T370294\n       \"3.222.74.115\"/32;   // T370294\n}\n\n// Only wikimedia_trust can fake X-F-P\nacl wikimedia_trust {\n       \"172.16.0.0\"/12;\n       \"127.0.0.0\"/8;\n       \"::1\"/128;\n}\n\n/* Include the VCL file for this role */\ninclude \"text-frontend.inc.vcl\";\n\n# Backend probes\n\n# frontends in front of ATS backend instances should send probes that don't\n# depend on the app backend\nprobe varnish {\n    .request =\n        \"GET /ats-be HTTP/1.1\"\n        \"Host: healthcheck.wikimedia.org\"\n        \"User-agent: Varnish backend check\"\n        \"Connection: close\";\n    .timeout = 100ms;\n    .interval = 100ms;\n    .window = 5;\n    .threshold = 3;\n}\n\n\n\n\n# Generated list of cache backend hosts for director consumption\n\nbackend be_deployment_cache_text08_deployment_prep_eqiad1_wikimedia_cloud {\n    .host = \"deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud\";\n    .port = \"3128\";\n    .connect_timeout = 3s;\n    .first_byte_timeout = 65s;\n    .between_bytes_timeout = 33s;\n    .max_connections = 5000;\n    .probe = varnish;\n}\n\n\n\n// ** Engineer public cloud flows\n// by default rate limit but if public_clouds_shutdown is set block\nsub shutdown_public_clouds {\n}\n\n// *** HTTPS deliver code - domain-based HSTS headers\nsub https_deliver_hsts {\n    if (req.http.X-Forwarded-Proto == \"https\") {\n        if (req.http.Host ~ \"((^|\\.)(wikipedia\\.org|wikimedia\\.org|wikibooks\\.org|wikinews\\.org|wikiquote\\.org|wikisource\\.org|wikiversity\\.org|wikivoyage\\.org|wikidata\\.org|wikimediafoundation\\.org|wikiworkshop\\.org|wiktionary\\.org|mediawiki\\.org|wmfusercontent\\.org|w\\.wiki))$\") {\n            set resp.http.Strict-Transport-Security = \"max-age=106384710; includeSubDomains; preload\";\n        }\n    }\n}\n\n// *** HTTPS deliver code - domain-based W3C Reporting API / Network Error Logging headers\n// https://phabricator.wikimedia.org/T257527\n// c.f. https://www.w3.org/TR/network-error-logging/ and https://w3c.github.io/reporting/\nsub https_deliver_networkerrorlogging {\n    // User agents only accept these headers via HTTPS.\n    if (req.http.X-Forwarded-Proto == \"https\") {\n        // Don't serve NEL response headers if users somehow wind up routed for us for domains that aren't ours.\n        // (See also normalize_request's Host header processing.)\n        if (req.http.Host != \"invalid\") {\n            // The values of these headers are JSON, but you must be careful to *not* embed `{\"` or `\"}`\n            // in the JSON itself, as those bigrams are VCL long-string delimiters.  One way to mangle JSON\n            // in the needed fashion is with the following Python snippet:\n            //     report_to = dict(group='wm_nel', max_age=604800, endpoints=[dict(url='https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0')])\n            //     print(json.dumps(report_to).replace('{\"', '{ \"').replace('\"}', '\" }'))\n            // VTC string literals can similarly be obtained with:\n            //     print(json.dumps(report_to).replace('{\"', '{ \"').replace('\"}', '\" }').replace('\"', '\\\\\"'))\n            set resp.http.Report-To = {\"{ \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\"};\n            //     nel=dict(report_to='wm_nel', max_age=604800, failure_fraction=0.05, success_fraction=0.0)\n            if (req.http.Host ~ \"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$\") {\n                // Set 'success_fraction' to 1.0 for measurement domains\n                // See https://phabricator.wikimedia.org/T334608\n                set resp.http.NEL = {\"{ \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 1.0}\"};\n            } else {\n                // Set 'success_fraction' to 0.0 for all other domains\n                set resp.http.NEL = {\"{ \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\"};\n            }\n            // The failure_fraction was guesstimated based on group0's reporting ratio: https://phabricator.wikimedia.org/T257527#6489683\n        }\n    }\n}\n\n// *** X-Connection-Properties parsing recv code\nsub log_xcps_info {\n    // Sanity-check the overall format defined by the config of HAProxy\n    if (req.http.X-Connection-Properties !~ \"^H2=[01]; SSR=[012]; SSL=[^; ]+; C=[^; ]+; EC=[^; ]+; KA=[^; ]+;$\") {\n        set req.http.x-tls-prot = \"invalid\";\n        set req.http.x-tls-sess = \"invalid\";\n        set req.http.x-tls-vers = \"invalid\";\n        set req.http.x-tls-keyx = \"invalid\";\n        set req.http.x-tls-auth = \"invalid\";\n        set req.http.x-tls-ciph = \"invalid\";\n    } else {\n        set req.http.x-tls-prot = regsub(req.http.X-Connection-Properties, \"^H2=([01]);.*\", \"\\1\");\n        if (req.http.x-tls-prot == \"1\") {\n            set req.http.x-tls-prot = \"h2\";\n        } else {\n            set req.http.x-tls-prot = \"h1\";\n        }\n\n        set req.http.x-tls-sess = regsub(req.http.X-Connection-Properties, \".* SSR=([012]);.*\", \"\\1\");\n        if (req.http.x-tls-sess == \"1\") {\n            set req.http.x-tls-sess = \"reused\";\n        } elsif (req.http.x-tls-sess == \"2\") {\n            set req.http.x-tls-sess = \"unknown\";\n        } else {\n            set req.http.x-tls-sess = \"new\";\n        }\n\n        set req.http.x-tls-vers = regsub(req.http.X-Connection-Properties, \".* SSL=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-keyx = regsub(req.http.X-Connection-Properties, \".* EC=([^; ]+);.*\", \"\\1\");\n\n        set req.http.x-tls-auth = regsub(req.http.X-Connection-Properties, \".* KA=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-ciph = regsub(req.http.X-Connection-Properties, \".* C=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^(ECDHE-(ECDSA|RSA)|DHE-RSA)-\", \"\");\n\n        // Starting with TLSv1.3, CHACHA20-POLY1305 will be renamed into\n        // CHACHA20-POLY1305-SHA256. Do the renaming now in VCL to avoid stats skew\n        // later on.\n        set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^CHACHA20-POLY1305$\", \"CHACHA20-POLY1305-SHA256\");\n        if (req.http.x-tls-vers == \"TLSv1.3\") {\n            // Every TLSv1.3 cipher begins with TLS_\n            set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^TLS_\", \"\");\n            // TLSv1.3 uses _ instead of - as a separator\n            set req.http.x-tls-ciph = regsuball(req.http.x-tls-ciph, \"_\", \"-\");\n        }\n    }\n\n    // Condensed form logged as \"tls\" for TLS analytics via varnishkafka webrequest\n    std.log(\"tls: vers=\" + req.http.x-tls-vers\n        + \";keyx=\" + req.http.x-tls-keyx\n        + \";auth=\" + req.http.x-tls-auth\n        + \";ciph=\" + req.http.x-tls-ciph\n        + \";prot=\" + req.http.x-tls-prot\n        + \";sess=\" + req.http.x-tls-sess);\n\n    // Keep these in the test VCL version to ease testing\n    unset req.http.x-tls-prot;\n    unset req.http.x-tls-vers;\n    unset req.http.x-tls-sess;\n    unset req.http.x-tls-keyx;\n    unset req.http.x-tls-auth;\n    unset req.http.x-tls-ciph;\n}\n\n\nsub normalize_request {\n    // We shouldn't even legally be receiving proxy-style requests, as\n    // we're not a proxy from any client's point of view. Just in\n    // case, we support it anyways according to RFC7230 rules: we\n    // ignore any Host header sent along with it and set a new Host\n    // header based on the host part we strip from the abs URI. ref:\n    // http://tools.ietf.org/html/rfc7230#section-5.4 Host\n    // normalization (lowercase, port stripping, trailing dots) is\n    // done in HAProxy See T392880 for details\n    if(req.url ~ \"(?i)^https?://[^/]\") {\n        # this strips away 'user:pass@' and ':port' when copying from URI to Host:\n        set req.http.Host = regsub(req.url, \"(?i)^https?://(.*@)?([^/:]+).*$\", \"\\2\");\n        set req.url = regsub(req.url, \"(?i)^https?://[^/]+/?\", \"/\");\n    }\n\n    // Check that host header looks reasonably-legitimate/parseable now\n    if (req.http.Host ~ \"^[a-z0-9][-a-z0-9]*(\\.[a-z0-9][-a-z0-9]*)*\\.?$\") {\n        // Strip optional trailing terminal dot if present\n        set req.http.Host = regsub(req.http.Host, \"\\.$\", \"\");\n    } else {\n        set req.http.Host = \"invalid\";\n        // Unparseable / empty Host header\n        return (synth(400, \"Invalid Host header\"));\n    }\n    // Enforce RFC 9112 request-target definition:\n    // at this point after absolute-form requests being transformed to\n    // origin-form ones, we should only have a request-target matching\n    // either origin-form or asterisk-form. See T318676 for more details\n    if(req.url !~ \"^(/|\\*$)\") {\n        return (synth(400, \"Invalid request URL\"));\n    }\n    # save the original host header to be able to set cookies accordingly\n    set req.http.X-Cookie-Host = req.http.Host;\n\n    if (req.http.Accept-Language) {\n        set req.http.Accept-Language = std.tolower(req.http.Accept-Language);\n    }\n\n    // Check that the normalized hostname actually matches our SAN set from\n    // the Unified multi/wildcard certificate we use for prod cache cluster\n    // termination.  This won't eliminate every bad hostname down at the\n    // applayer (e.g. nosuchlanguage.wikimedia.org), but it does precisely\n    // match the wildcarding of the certificate itself and greatly limits\n    // the potential bad cases.\n    // --\n    // RFC 2616 Section 5.2 notes that 400 responses are also required\n    // if the hostname isn't one we recognize as legit *on the server*,\n    // meaning our own list of hostnames:\n    // \"3. If the host as determined by rule 1 or 2 is not a valid host on\n    // the server, the response MUST be a 400 (Bad Request) error message.\"\n    // RFC 723x is less-clear on this case, but this is still a reasonable\n    // stance.  There are reasonable reasons that 404, 410, 421 and others\n    // are inappropriate if we receive a request accidentally for some\n    // legitimate domainname on the Internet which doesn't belong to us.\n    // --\n    // This regex exactly matches the canonical domains SAN list used in\n    // our Unified certificates, according to the normal SAN rules where a\n    // wildcard only matches a single DNS label.  It's encoded here as a\n    // VCL Long String with delimiters {\"\"} containing a PCRE regex with\n    // the x-flag to allow expansion with whitespace, newlines, and\n    // comments for clarity:\n\n}\n\n// Must be done at the top of vcl_recv, in our varnish-frontend layer only,\n// and should be guarded against running on request restarts.\nsub recv_fe_ip_processing {\n    // this subroutine \"owns\" these 3 headers - nothing else in our VCL or\n    // anywhere in our network should be setting them.\n    unset req.http.X-Trusted-Proxy;\n    unset req.http.X-Abuse-Network;\n\n    // unset this one just because it's well-known and some default\n    // software configs may look at it, and an external client may spoof\n    // it. We don't set or use this header internally (we use X-Client-IP)\n    unset req.http.X-Real-IP;\n\n    // if X-JWT-Sub is present, save its value in a variable\n    if (req.http.X-JWT-Sub) {\n        var.set(\"jwt_sub\", req.http.X-JWT-Sub);\n        unset req.http.X-JWT-Sub;\n    }\n\n    // unset X-Requestctl if its value is the default value in HAProxy\n    if (req.http.X-Requestctl == \" \") {\n        unset req.http.X-Requestctl;\n    }\n\n    // Unset the incoming *request* header Retry-After. This should be handled\n    // by the VCL fragments coming from requestctl and not be in the request.\n    unset req.http.Retry-After;\n\n    if (client.ip !~ local_host && remote.ip !~ local_tls_terminator) {\n        // only the local nginx TLS terminator should set these at all -\n        // there are no other internal exceptions to that rule\n        unset req.http.X-Client-IP;\n        unset req.http.X-Connection-Properties;\n    }\n\n    if (local.ip ~ UDS && remote.ip ~ UDS) {\n        if (client.ip ~ UDS) {\n            // If the client request is received via UDS without PROXY protocol 0.0.0.0 is added to XFF\n            set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For, \"0.0.0.0$\", \"172.16.3.164\");\n        } else {\n            // If UDS is used along with PROXY protocol we need to append the varnish IP to keep the applayer happy\n            set req.http.X-Forwarded-For = req.http.X-Forwarded-For + \", \" + \"172.16.3.164\";\n        }\n    }\n\n    // To make further parsing/sanitizing simpler, convert all whitespace\n    // in XFF to single spaces, and make sure all commas have a space\n    // suffix but no space prefix.\n    set req.http.X-Forwarded-For = regsuball(req.http.X-Forwarded-For, \"[ \\t]+\", \" \");\n    set req.http.X-Forwarded-For = regsuball(req.http.X-Forwarded-For, \" ?, ?\", \", \");\n\n    // Now fully-sanitize it to only the strict form \"X(, X)*\", where X is\n    // a string of legal characters in IPv[46] addresses.  Note\n    // that injections can still leave well-formed junk on the\n    // left, but it's up to the trusted proxy code to ignore that,\n    // e.g.:\n    // \"junk2, 123.123.123.123\" -> \"2, 123.123.123.123\"\n    set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For,\n        \"^.*?([0-9A-Fa-f:.]+(, [0-9A-Fa-f:.]+)*)? ?$\", \"\\1\");\n\n    // There are two possible cases here: either nginx acted as our TLS\n    // proxy and already set X-Client-IP (as well as appended the same value\n    // to XFF, and we appended nginx's IP to XFF already as well...), or the\n    // traffic was direct to varnish-fe, in which case XCIP is not yet set\n    // and XFF is external + our addition of client.ip.\n\n    if (!req.http.X-Client-IP) {\n        unset req.http.via-nginx;\n        set req.http.X-Client-IP = client.ip;\n        if (!req.http.X-Client-IP) {\n            // apparently sometimes the above doesn't set it???  use\n            // illegal RFC 5735 documentation network to avoid\n            // sending NULL to netmapper-1.3 for now\n            set req.http.X-Client-IP = \"192.0.2.1\";\n        }\n    } else {\n        set req.http.via-nginx = 1;\n    }\n\n    // From this (very early) point forward, regardless of cache tier/layer:\n    // req.http.X-Client-IP ->\n    //     This is our standard notion of the Client/UA's real IP, after\n    //     decoding XFF for our internal infrastructure addresses as well\n    //     as any trusted proxies.\n}\n\nsub vcl_init {\n# directors\n    new cache_local = directors.shard();\n    new cache_local_random = directors.random();\n    cache_local.add_backend(be_deployment_cache_text08_deployment_prep_eqiad1_wikimedia_cloud);\n    cache_local_random.add_backend(be_deployment_cache_text08_deployment_prep_eqiad1_wikimedia_cloud, 100);\n    cache_local.reconfigure();\n\n    call wm_domains_init;\n\n      new wu_cfg = wmfuniq.cfg(\"/etc/varnish/uniques.d/keys.cfg\",\n          \"/etc/varnish/uniques.json\",\n          30,\n          0\n      );\n}\n\nsub normalize_request_nonmisc {\n    // Sort query parameters to improve cache efficiency.\n    // See <https://wikitech.wikimedia.org/wiki/Query_string_normalization>.\n    set req.url = querysort.querysort(req.url);\n}\n\nsub wm_recv_pass {\n\n    \n}\n\nsub uniques_recv {\n    // Wipe req-header names that might come directly from the client,\n    // which this VCL code claims as its own territory\n    unset req.http.X-WUVAL;\n    if (req.http.Cookie) {\n        // Normalize cookie name case before vmod_cookie processing,\n        // allowing for whitespace variance. vmod_cookie is case-sensitive,\n        // and while that is correct by modern RFCs, ancient ones\n        // explicitly said the names were case-insensitive, and there's\n        // some evidence that there are case-insensitive impls out in the\n        // wild, and generally Postel should apply here.\n        set req.http.Cookie = regsub(req.http.Cookie, \"(?i)(^|;)\\s*WMF-Uniq\\s*=\", \"\\1WMF-Uniq=\");\n        cookie.parse(req.http.Cookie);\n        if (cookie.isset(\"WMF-Uniq\")) {\n            set req.http.X-WUVAL = cookie.get(\"WMF-Uniq\");\n            cookie.delete(\"WMF-Uniq\");\n            set req.http.Cookie = cookie.get_string();\n            if (req.http.Cookie == \"\") {\n                unset req.http.Cookie;\n            }\n        }\n    }\n    // Must call process_cookie() on every request, which will generate a\n    // fresh one if WUVAL is empty/unset/invalid\n    wu_cfg.process_cookie(req.http.X-WUVAL, req.url ~ \"^/evt-103e/v2/events\");\n    // delete the temp header to avoid leaks\n    unset req.http.X-WUVAL;\n\n    // Pass some summarized info to the Data Lake.\n    if (wu_cfg.get_cookie_count() > 0) {\n        // We received a cookie from the client, it was valid, and it has been signed by us at least once.\n        // cday_age will be zero from the moment of creation, until the next fixed \"day\" boundary on the wallclock\n        // (so anywhere from 0-86400 seconds), then will roll over to 1 at our pseudo-midnight boundary.\n        var.set_int(\"wmfuniq_days\", 1 + wu_cfg.get_cookie_cday_age()); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_weeks\", 1 + (wu_cfg.get_cookie_cday_age() / 7)); // avoid 0 weeks for 1-6 days old cookies\n        var.set_int(\"wmfuniq_freq\", (wu_cfg.get_cookie_count() * 100 / var.get_int(\"wmfuniq_weeks\")) / 10); // rough (weeks with visits)/weeks, scaled by 10 to avoid fractions\n        var.set(\"ratelimit_id\", wu_cfg.get_cookie_uniq()); // used for rate-limiting\n        // Cap the max ages we report.  This improves privacy.\n        if (var.get_int(\"wmfuniq_days\") > 8) {\n            var.set_int(\"wmfuniq_days\", 8);\n        }\n        if (var.get_int(\"wmfuniq_weeks\") > 52) {\n            var.set_int(\"wmfuniq_weeks\", 52);\n        }\n    } else {\n        // Freshly-generated cookie.\n        var.set_int(\"wmfuniq_days\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_weeks\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_freq\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set(\"ratelimit_id\", req.http.X-Client-IP); // used for rate-limiting\n    }\n\n    // Send the cache-variance for enrolled tests towards normal backends, but\n    // send the \"event\" string containing per-experiment IDs when the backend\n    // is going to be eventgate analytics ingestion.\n    if (req.url ~ \"^/evt-103e/v2/events\") {\n        if (wu_cfg.get_cookie_count() > 0) {\n            set req.http.X-Experiment-Enrollments = wu_cfg.get_abtests_event();\n        } else {\n            set req.http.X-Experiment-Enrollments = \"\";\n        }\n    } else {\n        set req.http.X-Experiment-Enrollments = wu_cfg.get_abtests_vary();\n    }\n    if (req.http.X-Experiment-Enrollments == \"\") {\n        unset req.http.X-Experiment-Enrollments;\n        // Prevent requests with empty X-E-E from reaching the beacon endpoint\n        if (req.url ~ \"^/evt-103e/v2/events\") {\n            return (synth(204, \"\"));\n        }\n    }\n}\n\nsub vcl_recv {\n\n    // no injection from outside our stack allowed for these\n    unset req.http.X-DCPath;\n    unset req.http.X-Next-Is-Cache;\n    unset req.http.Proxy; // https://httpoxy.org/\n    unset req.http.X-ATS-Debug; // We use this header for the XDebug Traffic Server plugin\n\n    if (req.restarts == 0) {\n        // IP processing is req->req mangling that shouldn't be re-done on restart\n        call recv_fe_ip_processing;\n\n        // Parse X-Connection-Properties and log TLS/HTTP2 connection\n        // information, which is sent via varnishkafka to Analytics.\n        // If we don't do this super-early, some rejected/invalid\n        // requests from early checks won't have any TLS analytics,\n        // which is very confusing and looks like plain-HTTP.\n        if (req.http.X-Connection-Properties) {\n            call log_xcps_info;\n        }\n\n        // Block requests from IPs in blocked_nets. It is important to do this\n        // early but after recv_fe_ip_processing has been called, as the procedure\n        // takes care of writing X-Client-IP if it the request did not come\n        // through the TLS terminator\n        if (req.http.X-Provenance ~ \"^abuse=blocked_nets\") {\n            return (synth(403, \"Requests from your IP have been blocked, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.\"));\n        }\n\n        // Block requests from common bot User-Agents that originate from bot_blocked_nets.\n        // For now, we define our list of common bot UAs as just one that has often been\n        // associated with trouble in the past, plus the blank or empty UA.\n        if (req.http.X-Provenance ~ \"^abuse=bot_blocked_nets\" && (!req.http.User-Agent || req.http.User-Agent ~ \"^(python-requests|Go-http-client/2.0|CInetHttp/1.0)\")) {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n        // Block POST requests from bot User-Agents which originate from bot_posts_blocked_nets.\n        // For now, we define our list of common bot UAs as just one that has often been\n        // associated with trouble in the past, plus the blank or empty UA.\n        // 'PostmanRuntime/' and variants come from https://phabricator.wikimedia.org/T272330\n        if (req.method == \"POST\" && req.http.X-Provenance ~ \"^abuse=bot_posts_blocked_nets\" && (!req.http.User-Agent || req.http.User-Agent ~ \"^([PRK]ostmanRuntime/)\")) {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n        if (req.http.User-Agent == \"node-fetch/1.0 (+https://github.com/bitinn/node-fetch)\" && vsthrottle.is_denied(\"node-fetch:\" + req.http.X-Client-IP, 10, 10s)) {\n            return (synth(429, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n\n        // This unwraps proxy-style URLs and sanitizes the Host header\n        // (lowercase, no port, no funny chars, matches cert SAN, etc)\n        call normalize_request;\n\n        // Possibly switch to separate VCL\n        call cluster_fe_vcl_switch;\n        if (var.get_int(\"is_alt_domain\")) {\n            std.log(\"is_alt_domain: \" + var.get_int(\"is_alt_domain\"));\n        }\n\n        // This normalizes query parameters.\n        call normalize_request_nonmisc;\n    }\n\n    unset req.http.X-CDIS; // clear internal cache-disposition header\n    unset req.http.X-Varnish-Cluster; // internal cache cluster header\n\n    if ((req.http.host == \"healthcheck.wikimedia.org\" && req.url == \"/varnish-fe\") || (req.url == \"/varnish-fe-hc-5ebea9\")) {\n        return (synth(200, \"healthcheck\"));\n    }\n\n    # T364126: Disable Chrome Private Prefetch Proxy\n    if (req.url == \"/.well-known/traffic-advice\") {\n        return (synth(200, \"Disable Chrome Private Prefetch Proxy\"));\n    }\n\n    set req.backend_hint = cache_local.backend();\n\n\n    if(req.restarts == 0) {\n        // If this request had no cookies whatsoever mark it as such\n        // to later report this fact to X-Analytics\n        // Must happen here; uniques_recv mutates req.http.Cookie\n        if (!req.http.Cookie) {\n            var.set_int(\"nocookies\", 1);\n        }\n        // Skip PURGE requests as its volume will alter wmfuniq stats.\n        // An innocent SRE could be tempted to move this after the PURGE handling\n        // below, but beware of the dragons hidden inside cluster_fe_recv_pre_purge\n        if (req.method != \"PURGE\") {\n            call uniques_recv;\n        }\n        call analytics_recv;\n        if (var.get_int(\"is_alt_domain\") != 1 &&\n            req.http.host != \"upload.wikimedia.beta.wmcloud.org\") {\n            call analytics_last_access_recv;\n        }\n        call translation_engine_recv;\n    }\n\n\n    if (req.url ~ \"^/beacon\\/(?!event)[^/?]+\") {\n        // Logging beacon endpoints\n        //\n        // They are handled by the log tailer (varnishkafka) that filters the\n        // Varnish shm log for reqs to these endpoints and forwards them to log\n        // processors for storage and analysis.\n        return (synth(204, \"\"));\n    }\n\n    call cluster_fe_recv_pre_purge;\n    /* Support HTTP PURGE */\n    if (req.method == \"PURGE\") {\n        if (local.endpoint == \"/run/varnish-privileged.socket\" || std.ip(req.http.X-Client-IP, \"192.0.2.1\") ~ local_host) {\n            if (req.http.Host ~ \"^.*\\.beta\\.wmcloud\\.org$\") {\n                set req.hash_ignore_busy = true;\n                return (purge);\n            } else {\n                return (synth(204, \"Domain not cached here\"));\n            }\n        } else {\n                return (synth(405, \"Method not allowed\"));\n        }\n    }\n\n    call cluster_fe_recv;\n    call wm_recv_pass;\n    call cluster_fe_recv_tail;\n\n    return (hash); // no default VCL\n}\n\nsub vcl_hash {\n    call cluster_fe_hash;\n    // default vcl_hash invokes here!\n}\n\n// http://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html\nsub vcl_purge {\n    return (synth(204, \"Purged\"));\n}\n\nsub vcl_hit {\n    if (req.method == \"PURGE\") {\n        set req.http.X-CDIS = \"hit/purge\";\n    } else {\n        set req.http.X-CDIS = \"hit/\" + obj.hits;\n    }\n    call cluster_fe_hit;\n    // default vcl_hit invokes here!\n}\n\nsub vcl_miss {\n    set req.http.X-CDIS = \"miss\";\n    call shutdown_public_clouds;\n    call cluster_fe_miss;\n    return (fetch); // no default VCL (which is just \"return (fetch)\" anyways)\n}\n\nsub vcl_pass {\n    set req.http.X-CDIS = \"pass\";\n\n\n    call shutdown_public_clouds;\n    call cluster_fe_pass;\n    return (fetch); // no default VCL (which is just \"return (fetch)\" anyways)\n}\n\nsub vcl_pipe {\n    // for websockets over pipe\n    if (req.http.upgrade) {\n        set bereq.http.upgrade = req.http.upgrade;\n        set bereq.http.connection = req.http.connection;\n    }\n\n    // Similarly to pass-traffic, pipe-traffic should also pick backends\n    // randomly to avoid focus on a single node\n    set bereq.backend = cache_local_random.backend();\n}\n\nsub vcl_backend_fetch {\n    // Prevent sending the header on any inwards-facing requests to\n    // applayer services.\n    unset bereq.http.X-WMF-DP;\n    unset bereq.http.X-Cookie-Host;\n\n    call cluster_fe_backend_fetch;\n}\n\nsub wm_backend_response {\n    // This prevents the application layer from setting this in a response.\n    // We'll be setting this same variable internally in VCL in hit-for-pass\n    // cases later.\n    unset beresp.http.X-CDIS;\n    // Ensure that X-Experiment-Enrollments is on the Vary header. We need to\n    // deploy this in advance to let the CDN vary the whole cache so we can\n    // perform without needing to wipe the CDN\n    if (!beresp.http.Vary) {\n        set beresp.http.Vary = \"X-Experiment-Enrollments\";\n    } else if (beresp.http.Vary !~ \"(?i)\\bX-Experiment-Enrollments\\b\") {\n        set beresp.http.Vary = beresp.http.Vary + \", X-Experiment-Enrollments\";\n    }\n\n    /* Don't cache private, no-cache, no-store objects. */\n    if (beresp.http.Cache-Control ~ \"(?i:private|no-cache|no-store)\") {\n        set beresp.ttl = 0s;\n        // translated to hit-for-pass below\n    }\n    /* Especially don't cache Set-Cookie responses. Log violations. */\n    if ((beresp.ttl > 0s || beresp.http.Cache-Control ~ \"public\") && beresp.http.Set-Cookie) {\n        if (bereq.http.Host !~ \"^.*\\.wikimedia\\.org$\" || bereq.http.Host ~ \"^(meta|commons)\\.wikimedia\\.org$\") {\n            std.syslog(27, \"Cacheable object with Set-Cookie found!\" +\n                           \" beresp.status: \" + beresp.status +\n                           \" beresp.was_304: \" + beresp.was_304 +\n                           \" bereq.http.Host: \" + bereq.http.Host +\n                           \" bereq.url: \" + bereq.url +\n                           \" Cache-Control: \" + beresp.http.Cache-Control +\n                           \" Set-Cookie: \" + beresp.http.Set-Cookie +\n                           \" Server: \" + beresp.http.Server +\n                           \" ReqId: \" + beresp.http.X-Request-Id +\n                           \" X-Cache-Int: \" + beresp.http.X-Cache-Int);\n        }\n        set beresp.ttl = 0s;\n        // translated to hit-for-pass below\n    }\n    // Set a maximum cap on the TTL for 404s. Objects that don't exist now may\n    // be created later on, and we want to put a limit on the amount of time\n    // it takes for new resources to be visible.\n    elsif (beresp.status == 404 && beresp.ttl > 10m) {\n        set beresp.ttl = 10m;\n    }\n\n    // Set keep, which influences the amount of time objects are kept available\n    // in cache for IMS requests (TTL+grace+keep). Scale keep to the app-provided\n    // TTL.\n    if (beresp.ttl > 0s) {\n        if (beresp.http.ETag || beresp.http.Last-Modified) {\n            if (beresp.ttl < 1d) {\n                set beresp.keep = beresp.ttl;\n            } else {\n                set beresp.keep = 1d;\n            }\n        }\n\n        // Hard TTL cap on all fetched objects (default 1d)\n        if (beresp.ttl > 1d) {\n            set beresp.ttl = 1d;\n        }\n\n        set beresp.grace = 20m;\n    }\n\n    // Swizzled random reduction of all TTLs by up to 5%, to avoid various\n    // possible cases of stampedes of aligned natural expiries.\n    // Note VCL supports DURATION*REAL natively, and DURATIONs do support\n    // fractional seconds, so this doesn't technically need a guard\n    // condition against short TTLs.\n    // However, sub-second TTLs like 0.97s might poke edge cases in VCL,\n    // which would be a good reason to not do this for TTLs < 2s.\n    // Furthermore, swizzling a stampede of very short TTLs such that they\n    // expire milliseconds apart may do more perf harm than good.  60s\n    // seems like a reasonably-conservative cutoff, where the swizzle will\n    // be spreading things by ~3s.\n    if (beresp.ttl >= 60s) {\n        set beresp.ttl = beresp.ttl * std.random(0.95, 1.0);\n    }\n\n    // Compress compressible things if the backend didn't already, but\n    // avoid explicitly-defined CL < 860 bytes.  We've seen varnish do\n    // gzipping on CL:0 302 responses, resulting in output that has CE:gzip\n    // and CL:20 and sends a pointless gzip header.\n    // Very small content may actually inflate from gzipping, and\n    // sub-one-packet content isn't saving a lot of latency for the gzip\n    // costs (to the server and the client, who must also decompress it).\n    // The magic 860 number comes from Akamai, Google recommends anywhere\n    // from 150-1000.  See also:\n    // https://webmasters.stackexchange.com/questions/31750/what-is-recommended-minimum-object-size-for-gzip-performance-benefits\n    //\n    // Explicitly skip docker-registry due to the issues described in T270270\n    if (bereq.http.Host != \"docker-registry.wikimedia.org\" && beresp.http.content-type ~ \"json|text|html|script|xml|icon|ms-fontobject|ms-opentype|x-font|sla\"\n        && (!beresp.http.Content-Length || std.integer(beresp.http.Content-Length, 0) >= 860)) {\n            set beresp.do_gzip = true;\n    }\n    // SVGs served by MediaWiki are part of the interface. That makes them\n    // very hot objects, as a result the compression time overhead is a\n    // non-issue. Several of them tend to be requested at the same time,\n    // as the browser finds out about them when parsing stylesheets that\n    // contain multiple. This means that the \"less than 1 packet\" rationale\n    // for not compressing very small objects doesn't apply either. Lastly,\n    // since they're XML, they contain a fair amount of repetitive content\n    // even when small, which means that gzipped SVGs tend to be\n    // consistantly smaller than their uncompressed version, even when tiny.\n    // For all these reasons, it makes sense to have a lower threshold for\n    // SVG. Applying it to XML in general is a more unknown tradeoff, as it\n    // would affect small API responses that are more likely to be cold\n    // objects due to low traffic to specific API URLs.\n    if (beresp.http.content-type ~ \"svg\" && (!beresp.http.Content-Length || std.integer(beresp.http.Content-Length, 0) >= 150)) {\n        set beresp.do_gzip = true;\n    }\n\n    // set a 601s hit-for-pass object based on response conditions in vcl_backend_response:\n    //    Calculated TTL <= 0 + Status < 500 + No underlying cache hit:\n    //    These are generally uncacheable responses.  The 5xx exception\n    //    avoids us accidentally replacing a good stale/grace object with\n    //    an hfp (and then repeatedly passing on potentially-cacheable\n    //    content) due to an isolated 5xx response, and the exception for\n    //    underlying cache hits (detected from X-Cache-Int) is to avoid\n    //    creating a persist HFP object when a lower-level varnish\n    //    returned an expired object under grace-mode rules.\n    if (\n        beresp.ttl <= 0s\n        && beresp.status < 500\n        && (!beresp.http.X-Cache-Int || beresp.http.X-Cache-Int !~ \" hit\")\n    ) {\n        set beresp.grace = 31s;\n        set beresp.keep = 0s;\n        set beresp.http.X-CDIS = \"pass\";\n        // XXX: HFP for now, but this requires further work: T180712\n        return(pass(601s));\n    }\n}\n\nsub wm_admission_policies {\n    // hit-for-pass objects >= 262144 size. Do cache if Content-Length is missing.\n    if (std.integer(beresp.http.Content-Length, 0) >= 262144) {\n        // HFP\n        set beresp.http.X-CDIS = \"pass\";\n        return(pass(beresp.ttl));\n    }\n\n\n    return (deliver);\n}\n\nsub vcl_backend_response {\n    // retry 503 once in frontend instances, to paper over transient issues\n    // This catches the backending handing us an explicit 503\n    if (beresp.status == 503 && bereq.retries == 0 && bereq.method ~ \"^(GET|HEAD|OPTIONS|PUT|DELETE)$\") {\n        return(retry);\n    }\n    call cluster_fe_backend_response_early; // e.g. to fix up Vary-slotting in bereq\n    call wm_backend_response;\n    call cluster_fe_backend_response;\n    // It is important that this happens after the code responsible for translating TTL<=0\n    // (uncacheable) responses into hit-for-pass. That code lives in wm_backend_response.\n    call wm_admission_policies;\n    // default vcl_(fetch|backend_response) does not invoke here because wm_admission_policies unconditionally returns!\n}\n\nsub wm_xcache_deliver {\n    if (req.method != \"PURGE\") {\n        // we copy through from beresp->resp->req here for the initial hit-for-pass case\n        if (resp.http.X-CDIS) {\n            set req.http.X-CDIS = resp.http.X-CDIS;\n            unset resp.http.X-CDIS;\n        }\n\n        if (!req.http.X-CDIS) {\n            set req.http.X-CDIS = \"bug\";\n        }\n\n        // X-Cache-Int gets appended-to as we traverse cache layers\n        if (resp.http.X-Cache-Int) {\n            set resp.http.X-Cache-Int = resp.http.X-Cache-Int + \", deployment-cache-text08 \" + req.http.X-CDIS;\n        } else {\n            set resp.http.X-Cache-Int = \"deployment-cache-text08 \" + req.http.X-CDIS;\n        }\n    }\n}\n\n// Common code in frontend vcl_deliver + vcl_synth\nsub deliver_synth_ {\n    call wm_xcache_deliver;\n\n    // At the frontends, copy X-Cache-Int to X-Cache and delete X-Cache-Int\n    // This prevents double-set of X-Cache in log parsing on varnish4.\n    // In this block we also decipher X-Cache into an overall X-Cache-Status\n    // output header.\n    if (req.method != \"PURGE\") {\n        set resp.http.X-Cache = resp.http.X-Cache-Int;\n        set resp.http.X-Cache-Status = regsuball(resp.http.X-Cache, \"cp[0-9]{4} (hit|miss|pass|int)(?:/[0-9]+)?\", \"\\1\");\n\n        unset resp.http.X-Cache-Int;\n        unset resp.http.Via;\n\n        // -front: Varnish cache\n        // -local: ATS cache\n        if (resp.http.X-Cache-Status ~ \"hit$\") {\n            set resp.http.X-Cache-Status = \"hit-front\";\n        } elsif (resp.http.X-Cache-Status ~ \"hit\") {\n            set resp.http.X-Cache-Status = \"hit-local\";\n        } elsif (resp.http.X-Cache-Status ~ \"int$\") {\n            set resp.http.X-Cache-Status = \"int-front\";\n        } elsif (resp.http.X-Cache-Status ~ \"int\") {\n            set resp.http.X-Cache-Status = \"int-local\";\n        } elsif (resp.http.X-Cache-Status ~ \"miss$\") {\n            set resp.http.X-Cache-Status = \"miss\";\n        } elsif (resp.http.X-Cache-Status ~ \"pass$\") {\n            set resp.http.X-Cache-Status = \"pass\";\n        } else {\n            set resp.http.X-Cache-Status = \"unknown\";\n        }\n\n        set resp.http.Server-Timing = {\"cache;desc=\"\"} + resp.http.X-Cache-Status + {\"\", host;desc=\"deployment-cache-text08\"\"};\n    }\n\n    // 5xx should not carry set-cookies, this seems risky in general\n    if (resp.status >= 500 && resp.http.Set-Cookie) {\n        // Log it for cases we care about more:\n        if (req.http.Host !~ \"^.*\\.wikimedia\\.org$\" || req.http.Host ~ \"^(meta|commons)\\.wikimedia\\.org$\") {\n            std.syslog(27, \"5XX with Set-Cookie found!\" +\n                \" req.http.Host: \" + req.http.Host +\n                \" req.url: \" + req.url +\n                \" req.http.Cookie: \" + req.http.Cookie +\n                \" resp.status: \" + resp.status +\n                \" Cache-Control: \" + resp.http.Cache-Control +\n                \" Set-Cookie: \" + resp.http.Set-Cookie +\n                \" Server: \" + resp.http.Server +\n                \" ReqId: \" + resp.http.X-Request-Id +\n                \" Age: \" + resp.http.Age +\n                \" X-Cache: \" + resp.http.X-Cache);\n        }\n        // Clear it for all traffic.  It's a 5xx, nothing was guaranteed to work anyways\n        unset resp.http.Set-Cookie;\n    }\n\n    std.collect(resp.http.X-Varnish);\n\n    call https_deliver_hsts;\n\n    call https_deliver_networkerrorlogging;\n\n    call analytics_deliver_pre;\n    if (var.get_int(\"is_alt_domain\") != 1 &&\n        req.http.host != \"upload.wikimedia.beta.wmcloud.org\") {\n        call analytics_deliver_last_access;\n    }\n    call analytics_deliver_post;\n\n    // echo metadata about the client back to the client (analytics looks at this as well)\n    set resp.http.X-Client-IP = req.http.X-Client-IP;\n}\n\nsub uniques_deliver {\n    if (wu_cfg.get_set_cookie()) {\n            // The *very* special case is a request to host==\"wikimedia.org\".\n            // We can't set a cookie just for this without leaking it to all\n            // subdomains.  We cannot set it *only* for the 2LD and not have it\n            // leak, so we cannot set one at all in this case.\n            // Every request to this domain gets a fresh pointless one\n            // internally, but it's ok because in practice this whole domain is\n            // just a 301 -> www.wikimedia.org.\n        if (req.http.Host != \"wikimedia.org\") {\n            if (req.http.Host ~ \"((^|\\.)(wmflabs\\.org|toolforge\\.org|wmcloud\\.org))$\") {\n                // For the rest of *.wikimedia.org, we must set the domain to\n                // the full Host value to avoid leaks to 3rd-party entities\n                // that unfortunately exist in this space.  For all other\n                // cases, use the 2LD as the Domain attribute.\n\n                if (req.http.X-Cookie-Host ~ \"\\.wikimedia\\.org$\") {\n                    set resp.http.X-WUTMPDOM = req.http.X-Cookie-Host;\n                } else {\n                    set resp.http.X-WUTMPDOM = \".\" + regsub(req.http.X-Cookie-Host, \"^([a-z0-9-]+\\.)*([a-z0-9-]+\\.\\Qbeta.wmcloud.org\\E)$\", \"\\2\");\n                }\n\n                header.append(resp.http.Set-Cookie,\n                    \"WMF-Uniq=\"\n                    + wu_cfg.get_cookie_val()\n                    + \";Domain=\" + resp.http.X-WUTMPDOM\n                    + \";Path=/;HttpOnly;secure;SameSite=Lax;Expires=\"\n                    + std.time(std.time2integer(now + 1y, 0) / 86400 * 86400)\n                );\n                unset resp.http.X-WUTMPDOM; // clear temp header from above\n            }\n        }\n    }\n\n    set resp.http.X-WUTIMING = {\"WMF-Uniq;desc=\"\"} + wu_cfg.get_abtests_stiming() + {\"\"\"};\n    if (resp.http.X-WUTIMING != {\"WMF-Uniq;desc=\"\"\"}) {\n        header.append(resp.http.Server-Timing, resp.http.X-WUTIMING);\n    }\n    unset resp.http.X-WUTIMING;\n}\n\nsub vcl_deliver {\n    // Provides custom error html if error response has no body\n    if (resp.http.Content-Length == \"0\" && resp.status >= 400) {\n        return(synth(resp.status));\n    }\n    // Do not leak Vary: X-Experiment-Enrollments to the user\n    if (resp.http.Vary) {\n        if (resp.http.Vary == \"X-Experiment-Enrollments\") {\n            unset resp.http.Vary;\n        } else if (resp.http.Vary ~ \"(?i)\\s*X-Experiment-Enrollments\") {\n            set resp.http.Vary = regsub(resp.http.Vary, \"(?i)\\s*X-Experiment-Enrollments\\s*,?\\s*|,\\s*X-Experiment-Enrollments\\s*\", \"\");\n        }\n    }\n    call deliver_synth_;\n    call cluster_fe_deliver;\n    if (req.method != \"PURGE\") {\n        call uniques_deliver;\n    }\n    return (deliver); // no default VCL (which is just \"return (deliver)\" anyways)\n}\n\n// Varnish4 vcl_synth+vcl_backend_error\n\nsub vcl_synth {\n    if (req.method != \"PURGE\") {\n        set resp.http.X-CDIS = \"int\";\n        call deliver_synth_;\n        call cluster_fe_err_synth;\n\n        // Set Retry-After for requests throttled by requestctl.\n        // Please note: this request header is only set for requests that are\n        // being throttled, so even if non-standard, it never leaves varnish.\n        // see T305824.\n        if (req.http.Retry-After) {\n            set resp.http.Retry-After = req.http.Retry-After;\n        }\n\n        // This is for 421 Misdirected for bad HTTP/2 coalescing\n        // between text and upload cluster IPs:\n        if (resp.reason == \"Misdirected Request\") {\n            set resp.http.Connection = \"keep-alive\";\n            set resp.http.Content-Length = \"0\"; // BZ #62245\n            set resp.http.Cache-Control = \"private, s-maxage=0, max-age=0, must-revalidate\";\n        }\n\n        if (resp.status >= 400) {\n            call synth_errorpage;\n        }\n    }\n\n    if (resp.reason == \"healthcheck\") {\n        set resp.reason = \"OK\";\n        synthetic(\"Varnish frontend running on deployment-cache-text08 is up\");\n    }\n\n    if (resp.reason == \"Disable Chrome Private Prefetch Proxy\") {\n        set resp.reason = \"OK\";\n        set resp.http.Cache-Control = \"public, max-age=86400\";\n        set resp.http.Content-Type = \"application/trafficadvice+json\";\n        synthetic({\"[{\n  \"user_agent\": \"prefetch-proxy\",\n  \"disallow\": true\n}]\n\"});\n    }\n\n    return (deliver);\n}\n\nsub vcl_backend_error {\n    // retry 503 once in frontend instances, to paper over transient issues\n    // This catches an implicit 503 (e.g. connectfail, timeout, etc)\n    if (beresp.status == 503 && bereq.retries == 0 && bereq.method ~ \"^(GET|HEAD|OPTIONS|PUT|DELETE)$\") {\n        return(retry);\n    }\n    set beresp.http.X-CDIS = \"int\";\n    call backend_error_errorpage;\n    return (deliver);\n}\n# vim: set expandtab tabstop=4 shiftwidth=4:\n"}},{"type":"File","title":"/usr/share/varnish/tests/wikimedia_text-frontend.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"// common frontend code for all clusters\n\nvcl 4.1;\n\n\nimport std;\n# this is needed by geoip.inc.vcl, and in general is the only way to sanely do\n# Set-Cookie in the face of multiple independent cookies being set from\n# different code.\nimport header;\n\nimport cookie;\nimport directors;\nimport netmapper;\nimport querysort;  // T138093\nimport var;\nimport wmfuniq;\n\n// rate limiting\nimport vsthrottle;\n\n\ninclude \"analytics.inc.vcl\";\ninclude \"alternate-domains.inc.vcl\";\ninclude \"browsersec.inc.vcl\";\ninclude \"errorpage.inc.vcl\";\ninclude \"translation-engine.inc.vcl\";\n\n# ACLs\n\nacl local_host {\n       \"127.0.0.1\";\n}\n\nacl local_tls_terminator {\n       \"10.128.0.129\"; // note this matches nginx proxy_pass for TLS\n       \"0.0.0.0\"; // this matches incoming traffic via UDS\n}\n\nacl UDS {\n       \"0.0.0.0\";\n}\n\n// external trusted proxies aren't allowed to set XCIP (via XFF) to wikimedia_nets,\n// and this ACL is also used to skip ratelimiting of most requests\nacl wikimedia_nets {\n       \"172.16.0.0\"/12;\n       \"127.0.0.0\"/8;\n       \"::1\"/128;\n       \"172.16.0.0\"/12;\n       // The following IP addresses are AWS Elastic IPs used by the\n       // Wikimedia Enterprise project to bulk scrape content and query APIs.\n       // They are added to wikimedia_nets in order to skip most of our CDN's\n       // rate limiting, including being unaffected by requestctl.\n       \"3.23.12.83\"/32;     // T255524\n       \"3.211.48.168\"/32;   // T294798\n       \"44.206.140.241\"/32; // T370294\n       \"35.168.168.219\"/32; // T370294\n       \"35.172.30.169\"/32;  // T370294\n       \"3.222.74.115\"/32;   // T370294\n}\n\n// Only wikimedia_trust can fake X-F-P\nacl wikimedia_trust {\n       \"172.16.0.0\"/12;\n       \"127.0.0.0\"/8;\n       \"::1\"/128;\n}\n\n/* Include the VCL file for this role */\ninclude \"text-frontend.inc.vcl\";\n\n# Backend probes\n\n# frontends in front of ATS backend instances should send probes that don't\n# depend on the app backend\nprobe varnish {\n    .request =\n        \"GET /ats-be HTTP/1.1\"\n        \"Host: healthcheck.wikimedia.org\"\n        \"User-agent: Varnish backend check\"\n        \"Connection: close\";\n    .timeout = 100ms;\n    .interval = 100ms;\n    .window = 5;\n    .threshold = 3;\n}\n\n\n\n\n// ** Engineer public cloud flows\n// by default rate limit but if public_clouds_shutdown is set block\nsub shutdown_public_clouds {\n}\n\n// *** HTTPS deliver code - domain-based HSTS headers\nsub https_deliver_hsts {\n    if (req.http.X-Forwarded-Proto == \"https\") {\n        if (req.http.Host ~ \"((^|\\.)(wikipedia\\.org|wikimedia\\.org|wikibooks\\.org|wikinews\\.org|wikiquote\\.org|wikisource\\.org|wikiversity\\.org|wikivoyage\\.org|wikidata\\.org|wikimediafoundation\\.org|wikiworkshop\\.org|wiktionary\\.org|mediawiki\\.org|wmfusercontent\\.org|w\\.wiki))$\") {\n            set resp.http.Strict-Transport-Security = \"max-age=106384710; includeSubDomains; preload\";\n        }\n    }\n}\n\n// *** HTTPS deliver code - domain-based W3C Reporting API / Network Error Logging headers\n// https://phabricator.wikimedia.org/T257527\n// c.f. https://www.w3.org/TR/network-error-logging/ and https://w3c.github.io/reporting/\nsub https_deliver_networkerrorlogging {\n    // User agents only accept these headers via HTTPS.\n    if (req.http.X-Forwarded-Proto == \"https\") {\n        // Don't serve NEL response headers if users somehow wind up routed for us for domains that aren't ours.\n        // (See also normalize_request's Host header processing.)\n        if (req.http.Host != \"invalid\") {\n            // The values of these headers are JSON, but you must be careful to *not* embed `{\"` or `\"}`\n            // in the JSON itself, as those bigrams are VCL long-string delimiters.  One way to mangle JSON\n            // in the needed fashion is with the following Python snippet:\n            //     report_to = dict(group='wm_nel', max_age=604800, endpoints=[dict(url='https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0')])\n            //     print(json.dumps(report_to).replace('{\"', '{ \"').replace('\"}', '\" }'))\n            // VTC string literals can similarly be obtained with:\n            //     print(json.dumps(report_to).replace('{\"', '{ \"').replace('\"}', '\" }').replace('\"', '\\\\\"'))\n            set resp.http.Report-To = {\"{ \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\"};\n            //     nel=dict(report_to='wm_nel', max_age=604800, failure_fraction=0.05, success_fraction=0.0)\n            if (req.http.Host ~ \"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$\") {\n                // Set 'success_fraction' to 1.0 for measurement domains\n                // See https://phabricator.wikimedia.org/T334608\n                set resp.http.NEL = {\"{ \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 1.0}\"};\n            } else {\n                // Set 'success_fraction' to 0.0 for all other domains\n                set resp.http.NEL = {\"{ \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\"};\n            }\n            // The failure_fraction was guesstimated based on group0's reporting ratio: https://phabricator.wikimedia.org/T257527#6489683\n        }\n    }\n}\n\n// *** X-Connection-Properties parsing recv code\nsub log_xcps_info {\n    // Sanity-check the overall format defined by the config of HAProxy\n    if (req.http.X-Connection-Properties !~ \"^H2=[01]; SSR=[012]; SSL=[^; ]+; C=[^; ]+; EC=[^; ]+; KA=[^; ]+;$\") {\n        set req.http.x-tls-prot = \"invalid\";\n        set req.http.x-tls-sess = \"invalid\";\n        set req.http.x-tls-vers = \"invalid\";\n        set req.http.x-tls-keyx = \"invalid\";\n        set req.http.x-tls-auth = \"invalid\";\n        set req.http.x-tls-ciph = \"invalid\";\n    } else {\n        set req.http.x-tls-prot = regsub(req.http.X-Connection-Properties, \"^H2=([01]);.*\", \"\\1\");\n        if (req.http.x-tls-prot == \"1\") {\n            set req.http.x-tls-prot = \"h2\";\n        } else {\n            set req.http.x-tls-prot = \"h1\";\n        }\n\n        set req.http.x-tls-sess = regsub(req.http.X-Connection-Properties, \".* SSR=([012]);.*\", \"\\1\");\n        if (req.http.x-tls-sess == \"1\") {\n            set req.http.x-tls-sess = \"reused\";\n        } elsif (req.http.x-tls-sess == \"2\") {\n            set req.http.x-tls-sess = \"unknown\";\n        } else {\n            set req.http.x-tls-sess = \"new\";\n        }\n\n        set req.http.x-tls-vers = regsub(req.http.X-Connection-Properties, \".* SSL=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-keyx = regsub(req.http.X-Connection-Properties, \".* EC=([^; ]+);.*\", \"\\1\");\n\n        set req.http.x-tls-auth = regsub(req.http.X-Connection-Properties, \".* KA=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-ciph = regsub(req.http.X-Connection-Properties, \".* C=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^(ECDHE-(ECDSA|RSA)|DHE-RSA)-\", \"\");\n\n        // Starting with TLSv1.3, CHACHA20-POLY1305 will be renamed into\n        // CHACHA20-POLY1305-SHA256. Do the renaming now in VCL to avoid stats skew\n        // later on.\n        set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^CHACHA20-POLY1305$\", \"CHACHA20-POLY1305-SHA256\");\n        if (req.http.x-tls-vers == \"TLSv1.3\") {\n            // Every TLSv1.3 cipher begins with TLS_\n            set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^TLS_\", \"\");\n            // TLSv1.3 uses _ instead of - as a separator\n            set req.http.x-tls-ciph = regsuball(req.http.x-tls-ciph, \"_\", \"-\");\n        }\n    }\n\n    // Condensed form logged as \"tls\" for TLS analytics via varnishkafka webrequest\n    std.log(\"tls: vers=\" + req.http.x-tls-vers\n        + \";keyx=\" + req.http.x-tls-keyx\n        + \";auth=\" + req.http.x-tls-auth\n        + \";ciph=\" + req.http.x-tls-ciph\n        + \";prot=\" + req.http.x-tls-prot\n        + \";sess=\" + req.http.x-tls-sess);\n\n}\n\n\nsub normalize_request {\n    // We shouldn't even legally be receiving proxy-style requests, as\n    // we're not a proxy from any client's point of view. Just in\n    // case, we support it anyways according to RFC7230 rules: we\n    // ignore any Host header sent along with it and set a new Host\n    // header based on the host part we strip from the abs URI. ref:\n    // http://tools.ietf.org/html/rfc7230#section-5.4 Host\n    // normalization (lowercase, port stripping, trailing dots) is\n    // done in HAProxy See T392880 for details\n    if(req.url ~ \"(?i)^https?://[^/]\") {\n        # this strips away 'user:pass@' and ':port' when copying from URI to Host:\n        set req.http.Host = regsub(req.url, \"(?i)^https?://(.*@)?([^/:]+).*$\", \"\\2\");\n        set req.url = regsub(req.url, \"(?i)^https?://[^/]+/?\", \"/\");\n    }\n\n    // Check that host header looks reasonably-legitimate/parseable now\n    if (req.http.Host ~ \"^[a-z0-9][-a-z0-9]*(\\.[a-z0-9][-a-z0-9]*)*\\.?$\") {\n        // Strip optional trailing terminal dot if present\n        set req.http.Host = regsub(req.http.Host, \"\\.$\", \"\");\n    } else {\n        set req.http.Host = \"invalid\";\n        // Unparseable / empty Host header\n        return (synth(400, \"Invalid Host header\"));\n    }\n    // Enforce RFC 9112 request-target definition:\n    // at this point after absolute-form requests being transformed to\n    // origin-form ones, we should only have a request-target matching\n    // either origin-form or asterisk-form. See T318676 for more details\n    if(req.url !~ \"^(/|\\*$)\") {\n        return (synth(400, \"Invalid request URL\"));\n    }\n    # save the original host header to be able to set cookies accordingly\n    set req.http.X-Cookie-Host = req.http.Host;\n\n    if (req.http.Accept-Language) {\n        set req.http.Accept-Language = std.tolower(req.http.Accept-Language);\n    }\n\n    // Check that the normalized hostname actually matches our SAN set from\n    // the Unified multi/wildcard certificate we use for prod cache cluster\n    // termination.  This won't eliminate every bad hostname down at the\n    // applayer (e.g. nosuchlanguage.wikimedia.org), but it does precisely\n    // match the wildcarding of the certificate itself and greatly limits\n    // the potential bad cases.\n    // --\n    // RFC 2616 Section 5.2 notes that 400 responses are also required\n    // if the hostname isn't one we recognize as legit *on the server*,\n    // meaning our own list of hostnames:\n    // \"3. If the host as determined by rule 1 or 2 is not a valid host on\n    // the server, the response MUST be a 400 (Bad Request) error message.\"\n    // RFC 723x is less-clear on this case, but this is still a reasonable\n    // stance.  There are reasonable reasons that 404, 410, 421 and others\n    // are inappropriate if we receive a request accidentally for some\n    // legitimate domainname on the Internet which doesn't belong to us.\n    // --\n    // This regex exactly matches the canonical domains SAN list used in\n    // our Unified certificates, according to the normal SAN rules where a\n    // wildcard only matches a single DNS label.  It's encoded here as a\n    // VCL Long String with delimiters {\"\"} containing a PCRE regex with\n    // the x-flag to allow expansion with whitespace, newlines, and\n    // comments for clarity:\n\n}\n\n// Must be done at the top of vcl_recv, in our varnish-frontend layer only,\n// and should be guarded against running on request restarts.\nsub recv_fe_ip_processing {\n    // this subroutine \"owns\" these 3 headers - nothing else in our VCL or\n    // anywhere in our network should be setting them.\n    unset req.http.X-Trusted-Proxy;\n    unset req.http.X-Abuse-Network;\n\n    // unset this one just because it's well-known and some default\n    // software configs may look at it, and an external client may spoof\n    // it. We don't set or use this header internally (we use X-Client-IP)\n    unset req.http.X-Real-IP;\n\n    // if X-JWT-Sub is present, save its value in a variable\n    if (req.http.X-JWT-Sub) {\n        var.set(\"jwt_sub\", req.http.X-JWT-Sub);\n        unset req.http.X-JWT-Sub;\n    }\n\n    // unset X-Requestctl if its value is the default value in HAProxy\n    if (req.http.X-Requestctl == \" \") {\n        unset req.http.X-Requestctl;\n    }\n\n    // Unset the incoming *request* header Retry-After. This should be handled\n    // by the VCL fragments coming from requestctl and not be in the request.\n    unset req.http.Retry-After;\n\n    if (client.ip !~ local_host && remote.ip !~ local_tls_terminator) {\n        // only the local nginx TLS terminator should set these at all -\n        // there are no other internal exceptions to that rule\n        unset req.http.X-Client-IP;\n        unset req.http.X-Connection-Properties;\n    }\n\n    if (local.ip ~ UDS && remote.ip ~ UDS) {\n        if (client.ip ~ UDS) {\n            // If the client request is received via UDS without PROXY protocol 0.0.0.0 is added to XFF\n            set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For, \"0.0.0.0$\", \"10.128.0.129\");\n        } else {\n            // If UDS is used along with PROXY protocol we need to append the varnish IP to keep the applayer happy\n            set req.http.X-Forwarded-For = req.http.X-Forwarded-For + \", \" + \"10.128.0.129\";\n        }\n    }\n\n    // To make further parsing/sanitizing simpler, convert all whitespace\n    // in XFF to single spaces, and make sure all commas have a space\n    // suffix but no space prefix.\n    set req.http.X-Forwarded-For = regsuball(req.http.X-Forwarded-For, \"[ \\t]+\", \" \");\n    set req.http.X-Forwarded-For = regsuball(req.http.X-Forwarded-For, \" ?, ?\", \", \");\n\n    // Now fully-sanitize it to only the strict form \"X(, X)*\", where X is\n    // a string of legal characters in IPv[46] addresses.  Note\n    // that injections can still leave well-formed junk on the\n    // left, but it's up to the trusted proxy code to ignore that,\n    // e.g.:\n    // \"junk2, 123.123.123.123\" -> \"2, 123.123.123.123\"\n    set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For,\n        \"^.*?([0-9A-Fa-f:.]+(, [0-9A-Fa-f:.]+)*)? ?$\", \"\\1\");\n\n    // There are two possible cases here: either nginx acted as our TLS\n    // proxy and already set X-Client-IP (as well as appended the same value\n    // to XFF, and we appended nginx's IP to XFF already as well...), or the\n    // traffic was direct to varnish-fe, in which case XCIP is not yet set\n    // and XFF is external + our addition of client.ip.\n\n    if (!req.http.X-Client-IP) {\n        unset req.http.via-nginx;\n        set req.http.X-Client-IP = client.ip;\n        if (!req.http.X-Client-IP) {\n            // apparently sometimes the above doesn't set it???  use\n            // illegal RFC 5735 documentation network to avoid\n            // sending NULL to netmapper-1.3 for now\n            set req.http.X-Client-IP = \"192.0.2.1\";\n        }\n    } else {\n        set req.http.via-nginx = 1;\n    }\n\n    // From this (very early) point forward, regardless of cache tier/layer:\n    // req.http.X-Client-IP ->\n    //     This is our standard notion of the Client/UA's real IP, after\n    //     decoding XFF for our internal infrastructure addresses as well\n    //     as any trusted proxies.\n}\n\nsub vcl_init {\n# directors\n    new cache_local = directors.shard();\n    new cache_local_random = directors.random();\n    // \"vtc_backend\" is the backend name we use in all VTC tests\n    cache_local.add_backend(vtc_backend);\n    cache_local_random.add_backend(vtc_backend, 100);\n    cache_local.reconfigure();\n\n    call wm_domains_init;\n\n      new wu_cfg = wmfuniq.cfg(\"/etc/varnish/uniques.d/keys.cfg\",\n          \"/etc/varnish/uniques.json\",\n          30,\n          0\n      );\n}\n\nsub normalize_request_nonmisc {\n    // Sort query parameters to improve cache efficiency.\n    // See <https://wikitech.wikimedia.org/wiki/Query_string_normalization>.\n    set req.url = querysort.querysort(req.url);\n}\n\nsub wm_recv_pass {\n\n    \n}\n\nsub uniques_recv {\n    // Wipe req-header names that might come directly from the client,\n    // which this VCL code claims as its own territory\n    unset req.http.X-WUVAL;\n    if (req.http.Cookie) {\n        // Normalize cookie name case before vmod_cookie processing,\n        // allowing for whitespace variance. vmod_cookie is case-sensitive,\n        // and while that is correct by modern RFCs, ancient ones\n        // explicitly said the names were case-insensitive, and there's\n        // some evidence that there are case-insensitive impls out in the\n        // wild, and generally Postel should apply here.\n        set req.http.Cookie = regsub(req.http.Cookie, \"(?i)(^|;)\\s*WMF-Uniq\\s*=\", \"\\1WMF-Uniq=\");\n        cookie.parse(req.http.Cookie);\n        if (cookie.isset(\"WMF-Uniq\")) {\n            set req.http.X-WUVAL = cookie.get(\"WMF-Uniq\");\n            cookie.delete(\"WMF-Uniq\");\n            set req.http.Cookie = cookie.get_string();\n            if (req.http.Cookie == \"\") {\n                unset req.http.Cookie;\n            }\n        }\n    }\n    // Must call process_cookie() on every request, which will generate a\n    // fresh one if WUVAL is empty/unset/invalid\n    wu_cfg.process_cookie(req.http.X-WUVAL, req.url ~ \"^/evt-103e/v2/events\");\n    // delete the temp header to avoid leaks\n    unset req.http.X-WUVAL;\n\n    // Pass some summarized info to the Data Lake.\n    if (wu_cfg.get_cookie_count() > 0) {\n        // We received a cookie from the client, it was valid, and it has been signed by us at least once.\n        // cday_age will be zero from the moment of creation, until the next fixed \"day\" boundary on the wallclock\n        // (so anywhere from 0-86400 seconds), then will roll over to 1 at our pseudo-midnight boundary.\n        var.set_int(\"wmfuniq_days\", 1 + wu_cfg.get_cookie_cday_age()); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_weeks\", 1 + (wu_cfg.get_cookie_cday_age() / 7)); // avoid 0 weeks for 1-6 days old cookies\n        var.set_int(\"wmfuniq_freq\", (wu_cfg.get_cookie_count() * 100 / var.get_int(\"wmfuniq_weeks\")) / 10); // rough (weeks with visits)/weeks, scaled by 10 to avoid fractions\n        var.set(\"ratelimit_id\", wu_cfg.get_cookie_uniq()); // used for rate-limiting\n        // Cap the max ages we report.  This improves privacy.\n        if (var.get_int(\"wmfuniq_days\") > 8) {\n            var.set_int(\"wmfuniq_days\", 8);\n        }\n        if (var.get_int(\"wmfuniq_weeks\") > 52) {\n            var.set_int(\"wmfuniq_weeks\", 52);\n        }\n    } else {\n        // Freshly-generated cookie.\n        var.set_int(\"wmfuniq_days\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_weeks\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_freq\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set(\"ratelimit_id\", req.http.X-Client-IP); // used for rate-limiting\n    }\n\n    // Send the cache-variance for enrolled tests towards normal backends, but\n    // send the \"event\" string containing per-experiment IDs when the backend\n    // is going to be eventgate analytics ingestion.\n    if (req.url ~ \"^/evt-103e/v2/events\") {\n        if (wu_cfg.get_cookie_count() > 0) {\n            set req.http.X-Experiment-Enrollments = wu_cfg.get_abtests_event();\n        } else {\n            set req.http.X-Experiment-Enrollments = \"\";\n        }\n    } else {\n        set req.http.X-Experiment-Enrollments = wu_cfg.get_abtests_vary();\n    }\n    if (req.http.X-Experiment-Enrollments == \"\") {\n        unset req.http.X-Experiment-Enrollments;\n        // Prevent requests with empty X-E-E from reaching the beacon endpoint\n        if (req.url ~ \"^/evt-103e/v2/events\") {\n            return (synth(204, \"\"));\n        }\n    }\n}\n\nsub vcl_recv {\n\n    // no injection from outside our stack allowed for these\n    unset req.http.X-DCPath;\n    unset req.http.X-Next-Is-Cache;\n    unset req.http.Proxy; // https://httpoxy.org/\n    unset req.http.X-ATS-Debug; // We use this header for the XDebug Traffic Server plugin\n\n    if (req.restarts == 0) {\n        // IP processing is req->req mangling that shouldn't be re-done on restart\n        call recv_fe_ip_processing;\n\n        // Parse X-Connection-Properties and log TLS/HTTP2 connection\n        // information, which is sent via varnishkafka to Analytics.\n        // If we don't do this super-early, some rejected/invalid\n        // requests from early checks won't have any TLS analytics,\n        // which is very confusing and looks like plain-HTTP.\n        if (req.http.X-Connection-Properties) {\n            call log_xcps_info;\n        }\n\n        // Block requests from IPs in blocked_nets. It is important to do this\n        // early but after recv_fe_ip_processing has been called, as the procedure\n        // takes care of writing X-Client-IP if it the request did not come\n        // through the TLS terminator\n        if (req.http.X-Provenance ~ \"^abuse=blocked_nets\") {\n            return (synth(403, \"Requests from your IP have been blocked, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.\"));\n        }\n\n        // Block requests from common bot User-Agents that originate from bot_blocked_nets.\n        // For now, we define our list of common bot UAs as just one that has often been\n        // associated with trouble in the past, plus the blank or empty UA.\n        if (req.http.X-Provenance ~ \"^abuse=bot_blocked_nets\" && (!req.http.User-Agent || req.http.User-Agent ~ \"^(python-requests|Go-http-client/2.0|CInetHttp/1.0)\")) {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n        // Block POST requests from bot User-Agents which originate from bot_posts_blocked_nets.\n        // For now, we define our list of common bot UAs as just one that has often been\n        // associated with trouble in the past, plus the blank or empty UA.\n        // 'PostmanRuntime/' and variants come from https://phabricator.wikimedia.org/T272330\n        if (req.method == \"POST\" && req.http.X-Provenance ~ \"^abuse=bot_posts_blocked_nets\" && (!req.http.User-Agent || req.http.User-Agent ~ \"^([PRK]ostmanRuntime/)\")) {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n        if (req.http.User-Agent == \"node-fetch/1.0 (+https://github.com/bitinn/node-fetch)\" && vsthrottle.is_denied(\"node-fetch:\" + req.http.X-Client-IP, 10, 10s)) {\n            return (synth(429, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n\n        // This unwraps proxy-style URLs and sanitizes the Host header\n        // (lowercase, no port, no funny chars, matches cert SAN, etc)\n        call normalize_request;\n\n        // Possibly switch to separate VCL\n        call cluster_fe_vcl_switch;\n        if (var.get_int(\"is_alt_domain\")) {\n            std.log(\"is_alt_domain: \" + var.get_int(\"is_alt_domain\"));\n        }\n\n        // This normalizes query parameters.\n        call normalize_request_nonmisc;\n    }\n\n    unset req.http.X-CDIS; // clear internal cache-disposition header\n    unset req.http.X-Varnish-Cluster; // internal cache cluster header\n\n    if ((req.http.host == \"healthcheck.wikimedia.org\" && req.url == \"/varnish-fe\") || (req.url == \"/varnish-fe-hc-5ebea9\")) {\n        return (synth(200, \"healthcheck\"));\n    }\n\n    # T364126: Disable Chrome Private Prefetch Proxy\n    if (req.url == \"/.well-known/traffic-advice\") {\n        return (synth(200, \"Disable Chrome Private Prefetch Proxy\"));\n    }\n\n    set req.backend_hint = cache_local.backend();\n\n\n    if(req.restarts == 0) {\n        // If this request had no cookies whatsoever mark it as such\n        // to later report this fact to X-Analytics\n        // Must happen here; uniques_recv mutates req.http.Cookie\n        if (!req.http.Cookie) {\n            var.set_int(\"nocookies\", 1);\n        }\n        // Skip PURGE requests as its volume will alter wmfuniq stats.\n        // An innocent SRE could be tempted to move this after the PURGE handling\n        // below, but beware of the dragons hidden inside cluster_fe_recv_pre_purge\n        if (req.method != \"PURGE\") {\n            call uniques_recv;\n        }\n        call analytics_recv;\n        if (var.get_int(\"is_alt_domain\") != 1 &&\n            req.http.host != \"upload.wikimedia.beta.wmcloud.org\") {\n            call analytics_last_access_recv;\n        }\n        call translation_engine_recv;\n    }\n\n\n    if (req.url ~ \"^/beacon\\/(?!event)[^/?]+\") {\n        // Logging beacon endpoints\n        //\n        // They are handled by the log tailer (varnishkafka) that filters the\n        // Varnish shm log for reqs to these endpoints and forwards them to log\n        // processors for storage and analysis.\n        return (synth(204, \"\"));\n    }\n\n    call cluster_fe_recv_pre_purge;\n    /* Support HTTP PURGE */\n    if (req.method == \"PURGE\") {\n        if (local.endpoint == \"/run/varnish-privileged.socket\" || std.ip(req.http.X-Client-IP, \"192.0.2.1\") ~ local_host) {\n            if (req.http.Host ~ \"^.*\\.beta\\.wmcloud\\.org$\") {\n                set req.hash_ignore_busy = true;\n                return (purge);\n            } else {\n                return (synth(204, \"Domain not cached here\"));\n            }\n        } else {\n                return (synth(405, \"Method not allowed\"));\n        }\n    }\n\n    call cluster_fe_recv;\n    call wm_recv_pass;\n    call cluster_fe_recv_tail;\n\n    return (hash); // no default VCL\n}\n\nsub vcl_hash {\n    call cluster_fe_hash;\n    // default vcl_hash invokes here!\n}\n\n// http://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html\nsub vcl_purge {\n    return (synth(204, \"Purged\"));\n}\n\nsub vcl_hit {\n    if (req.method == \"PURGE\") {\n        set req.http.X-CDIS = \"hit/purge\";\n    } else {\n        set req.http.X-CDIS = \"hit/\" + obj.hits;\n    }\n    call cluster_fe_hit;\n    // default vcl_hit invokes here!\n}\n\nsub vcl_miss {\n    set req.http.X-CDIS = \"miss\";\n    call shutdown_public_clouds;\n    call cluster_fe_miss;\n    return (fetch); // no default VCL (which is just \"return (fetch)\" anyways)\n}\n\nsub vcl_pass {\n    set req.http.X-CDIS = \"pass\";\n\n\n    call shutdown_public_clouds;\n    call cluster_fe_pass;\n    return (fetch); // no default VCL (which is just \"return (fetch)\" anyways)\n}\n\nsub vcl_pipe {\n    // for websockets over pipe\n    if (req.http.upgrade) {\n        set bereq.http.upgrade = req.http.upgrade;\n        set bereq.http.connection = req.http.connection;\n    }\n\n    // Similarly to pass-traffic, pipe-traffic should also pick backends\n    // randomly to avoid focus on a single node\n    set bereq.backend = cache_local_random.backend();\n}\n\nsub vcl_backend_fetch {\n    // Prevent sending the header on any inwards-facing requests to\n    // applayer services.\n    unset bereq.http.X-WMF-DP;\n    unset bereq.http.X-Cookie-Host;\n\n    call cluster_fe_backend_fetch;\n}\n\nsub wm_backend_response {\n    // This prevents the application layer from setting this in a response.\n    // We'll be setting this same variable internally in VCL in hit-for-pass\n    // cases later.\n    unset beresp.http.X-CDIS;\n    // Ensure that X-Experiment-Enrollments is on the Vary header. We need to\n    // deploy this in advance to let the CDN vary the whole cache so we can\n    // perform without needing to wipe the CDN\n    if (!beresp.http.Vary) {\n        set beresp.http.Vary = \"X-Experiment-Enrollments\";\n    } else if (beresp.http.Vary !~ \"(?i)\\bX-Experiment-Enrollments\\b\") {\n        set beresp.http.Vary = beresp.http.Vary + \", X-Experiment-Enrollments\";\n    }\n\n    /* Don't cache private, no-cache, no-store objects. */\n    if (beresp.http.Cache-Control ~ \"(?i:private|no-cache|no-store)\") {\n        set beresp.ttl = 0s;\n        // translated to hit-for-pass below\n    }\n    /* Especially don't cache Set-Cookie responses. Log violations. */\n    if ((beresp.ttl > 0s || beresp.http.Cache-Control ~ \"public\") && beresp.http.Set-Cookie) {\n        if (bereq.http.Host !~ \"^.*\\.wikimedia\\.org$\" || bereq.http.Host ~ \"^(meta|commons)\\.wikimedia\\.org$\") {\n            std.syslog(27, \"Cacheable object with Set-Cookie found!\" +\n                           \" beresp.status: \" + beresp.status +\n                           \" beresp.was_304: \" + beresp.was_304 +\n                           \" bereq.http.Host: \" + bereq.http.Host +\n                           \" bereq.url: \" + bereq.url +\n                           \" Cache-Control: \" + beresp.http.Cache-Control +\n                           \" Set-Cookie: \" + beresp.http.Set-Cookie +\n                           \" Server: \" + beresp.http.Server +\n                           \" ReqId: \" + beresp.http.X-Request-Id +\n                           \" X-Cache-Int: \" + beresp.http.X-Cache-Int);\n        }\n        set beresp.ttl = 0s;\n        // translated to hit-for-pass below\n    }\n    // Set a maximum cap on the TTL for 404s. Objects that don't exist now may\n    // be created later on, and we want to put a limit on the amount of time\n    // it takes for new resources to be visible.\n    elsif (beresp.status == 404 && beresp.ttl > 10m) {\n        set beresp.ttl = 10m;\n    }\n\n    // Set keep, which influences the amount of time objects are kept available\n    // in cache for IMS requests (TTL+grace+keep). Scale keep to the app-provided\n    // TTL.\n    if (beresp.ttl > 0s) {\n        if (beresp.http.ETag || beresp.http.Last-Modified) {\n            if (beresp.ttl < 1d) {\n                set beresp.keep = beresp.ttl;\n            } else {\n                set beresp.keep = 1d;\n            }\n        }\n\n        // Hard TTL cap on all fetched objects (default 1d)\n        if (beresp.ttl > 1d) {\n            set beresp.ttl = 1d;\n        }\n\n        set beresp.grace = 20m;\n    }\n\n    // Swizzled random reduction of all TTLs by up to 5%, to avoid various\n    // possible cases of stampedes of aligned natural expiries.\n    // Note VCL supports DURATION*REAL natively, and DURATIONs do support\n    // fractional seconds, so this doesn't technically need a guard\n    // condition against short TTLs.\n    // However, sub-second TTLs like 0.97s might poke edge cases in VCL,\n    // which would be a good reason to not do this for TTLs < 2s.\n    // Furthermore, swizzling a stampede of very short TTLs such that they\n    // expire milliseconds apart may do more perf harm than good.  60s\n    // seems like a reasonably-conservative cutoff, where the swizzle will\n    // be spreading things by ~3s.\n    if (beresp.ttl >= 60s) {\n        set beresp.ttl = beresp.ttl * std.random(0.95, 1.0);\n    }\n\n    // Compress compressible things if the backend didn't already, but\n    // avoid explicitly-defined CL < 860 bytes.  We've seen varnish do\n    // gzipping on CL:0 302 responses, resulting in output that has CE:gzip\n    // and CL:20 and sends a pointless gzip header.\n    // Very small content may actually inflate from gzipping, and\n    // sub-one-packet content isn't saving a lot of latency for the gzip\n    // costs (to the server and the client, who must also decompress it).\n    // The magic 860 number comes from Akamai, Google recommends anywhere\n    // from 150-1000.  See also:\n    // https://webmasters.stackexchange.com/questions/31750/what-is-recommended-minimum-object-size-for-gzip-performance-benefits\n    //\n    // Explicitly skip docker-registry due to the issues described in T270270\n    if (bereq.http.Host != \"docker-registry.wikimedia.org\" && beresp.http.content-type ~ \"json|text|html|script|xml|icon|ms-fontobject|ms-opentype|x-font|sla\"\n        && (!beresp.http.Content-Length || std.integer(beresp.http.Content-Length, 0) >= 860)) {\n            set beresp.do_gzip = true;\n    }\n    // SVGs served by MediaWiki are part of the interface. That makes them\n    // very hot objects, as a result the compression time overhead is a\n    // non-issue. Several of them tend to be requested at the same time,\n    // as the browser finds out about them when parsing stylesheets that\n    // contain multiple. This means that the \"less than 1 packet\" rationale\n    // for not compressing very small objects doesn't apply either. Lastly,\n    // since they're XML, they contain a fair amount of repetitive content\n    // even when small, which means that gzipped SVGs tend to be\n    // consistantly smaller than their uncompressed version, even when tiny.\n    // For all these reasons, it makes sense to have a lower threshold for\n    // SVG. Applying it to XML in general is a more unknown tradeoff, as it\n    // would affect small API responses that are more likely to be cold\n    // objects due to low traffic to specific API URLs.\n    if (beresp.http.content-type ~ \"svg\" && (!beresp.http.Content-Length || std.integer(beresp.http.Content-Length, 0) >= 150)) {\n        set beresp.do_gzip = true;\n    }\n\n    // set a 601s hit-for-pass object based on response conditions in vcl_backend_response:\n    //    Calculated TTL <= 0 + Status < 500 + No underlying cache hit:\n    //    These are generally uncacheable responses.  The 5xx exception\n    //    avoids us accidentally replacing a good stale/grace object with\n    //    an hfp (and then repeatedly passing on potentially-cacheable\n    //    content) due to an isolated 5xx response, and the exception for\n    //    underlying cache hits (detected from X-Cache-Int) is to avoid\n    //    creating a persist HFP object when a lower-level varnish\n    //    returned an expired object under grace-mode rules.\n    if (\n        beresp.ttl <= 0s\n        && beresp.status < 500\n        && (!beresp.http.X-Cache-Int || beresp.http.X-Cache-Int !~ \" hit\")\n    ) {\n        set beresp.grace = 31s;\n        set beresp.keep = 0s;\n        set beresp.http.X-CDIS = \"pass\";\n        // XXX: HFP for now, but this requires further work: T180712\n        return(pass(601s));\n    }\n}\n\nsub wm_admission_policies {\n    // hit-for-pass objects >= 262144 size. Do cache if Content-Length is missing.\n    if (std.integer(beresp.http.Content-Length, 0) >= 262144) {\n        // HFP\n        set beresp.http.X-CDIS = \"pass\";\n        return(pass(beresp.ttl));\n    }\n\n\n    return (deliver);\n}\n\nsub vcl_backend_response {\n    // retry 503 once in frontend instances, to paper over transient issues\n    // This catches the backending handing us an explicit 503\n    if (beresp.status == 503 && bereq.retries == 0 && bereq.method ~ \"^(GET|HEAD|OPTIONS|PUT|DELETE)$\") {\n        return(retry);\n    }\n    call cluster_fe_backend_response_early; // e.g. to fix up Vary-slotting in bereq\n    call wm_backend_response;\n    call cluster_fe_backend_response;\n    // It is important that this happens after the code responsible for translating TTL<=0\n    // (uncacheable) responses into hit-for-pass. That code lives in wm_backend_response.\n    call wm_admission_policies;\n    // default vcl_(fetch|backend_response) does not invoke here because wm_admission_policies unconditionally returns!\n}\n\nsub wm_xcache_deliver {\n    if (req.method != \"PURGE\") {\n        // we copy through from beresp->resp->req here for the initial hit-for-pass case\n        if (resp.http.X-CDIS) {\n            set req.http.X-CDIS = resp.http.X-CDIS;\n            unset resp.http.X-CDIS;\n        }\n\n        if (!req.http.X-CDIS) {\n            set req.http.X-CDIS = \"bug\";\n        }\n\n        // X-Cache-Int gets appended-to as we traverse cache layers\n        if (resp.http.X-Cache-Int) {\n            set resp.http.X-Cache-Int = resp.http.X-Cache-Int + \", deployment-cache-text08 \" + req.http.X-CDIS;\n        } else {\n            set resp.http.X-Cache-Int = \"deployment-cache-text08 \" + req.http.X-CDIS;\n        }\n    }\n}\n\n// Common code in frontend vcl_deliver + vcl_synth\nsub deliver_synth_ {\n    call wm_xcache_deliver;\n\n    // At the frontends, copy X-Cache-Int to X-Cache and delete X-Cache-Int\n    // This prevents double-set of X-Cache in log parsing on varnish4.\n    // In this block we also decipher X-Cache into an overall X-Cache-Status\n    // output header.\n    if (req.method != \"PURGE\") {\n        set resp.http.X-Cache = resp.http.X-Cache-Int;\n        // The test VCL version uses X-Cache-Int-Testing accepted as is\n        // from the upstream server to simplify writing VTC tests.\n        if (resp.http.X-Cache-Int-Testing) {\n            set resp.http.X-Cache = resp.http.X-Cache-Int-Testing;\n            unset resp.http.X-Cache-Int-Testing;\n        }\n        set resp.http.X-Cache-Status = regsuball(resp.http.X-Cache, \"cp[0-9]{4} (hit|miss|pass|int)(?:/[0-9]+)?\", \"\\1\");\n\n        unset resp.http.X-Cache-Int;\n        unset resp.http.Via;\n\n        // -front: Varnish cache\n        // -local: ATS cache\n        if (resp.http.X-Cache-Status ~ \"hit$\") {\n            set resp.http.X-Cache-Status = \"hit-front\";\n        } elsif (resp.http.X-Cache-Status ~ \"hit\") {\n            set resp.http.X-Cache-Status = \"hit-local\";\n        } elsif (resp.http.X-Cache-Status ~ \"int$\") {\n            set resp.http.X-Cache-Status = \"int-front\";\n        } elsif (resp.http.X-Cache-Status ~ \"int\") {\n            set resp.http.X-Cache-Status = \"int-local\";\n        } elsif (resp.http.X-Cache-Status ~ \"miss$\") {\n            set resp.http.X-Cache-Status = \"miss\";\n        } elsif (resp.http.X-Cache-Status ~ \"pass$\") {\n            set resp.http.X-Cache-Status = \"pass\";\n        } else {\n            set resp.http.X-Cache-Status = \"unknown\";\n        }\n\n        set resp.http.Server-Timing = {\"cache;desc=\"\"} + resp.http.X-Cache-Status + {\"\", host;desc=\"deployment-cache-text08\"\"};\n    }\n\n    // 5xx should not carry set-cookies, this seems risky in general\n    if (resp.status >= 500 && resp.http.Set-Cookie) {\n        // Log it for cases we care about more:\n        if (req.http.Host !~ \"^.*\\.wikimedia\\.org$\" || req.http.Host ~ \"^(meta|commons)\\.wikimedia\\.org$\") {\n            std.syslog(27, \"5XX with Set-Cookie found!\" +\n                \" req.http.Host: \" + req.http.Host +\n                \" req.url: \" + req.url +\n                \" req.http.Cookie: \" + req.http.Cookie +\n                \" resp.status: \" + resp.status +\n                \" Cache-Control: \" + resp.http.Cache-Control +\n                \" Set-Cookie: \" + resp.http.Set-Cookie +\n                \" Server: \" + resp.http.Server +\n                \" ReqId: \" + resp.http.X-Request-Id +\n                \" Age: \" + resp.http.Age +\n                \" X-Cache: \" + resp.http.X-Cache);\n        }\n        // Clear it for all traffic.  It's a 5xx, nothing was guaranteed to work anyways\n        unset resp.http.Set-Cookie;\n    }\n\n    std.collect(resp.http.X-Varnish);\n\n    call https_deliver_hsts;\n\n    call https_deliver_networkerrorlogging;\n\n    call analytics_deliver_pre;\n    if (var.get_int(\"is_alt_domain\") != 1 &&\n        req.http.host != \"upload.wikimedia.beta.wmcloud.org\") {\n        call analytics_deliver_last_access;\n    }\n    call analytics_deliver_post;\n\n    // echo metadata about the client back to the client (analytics looks at this as well)\n    set resp.http.X-Client-IP = req.http.X-Client-IP;\n}\n\nsub uniques_deliver {\n    if (wu_cfg.get_set_cookie()) {\n            // The *very* special case is a request to host==\"wikimedia.org\".\n            // We can't set a cookie just for this without leaking it to all\n            // subdomains.  We cannot set it *only* for the 2LD and not have it\n            // leak, so we cannot set one at all in this case.\n            // Every request to this domain gets a fresh pointless one\n            // internally, but it's ok because in practice this whole domain is\n            // just a 301 -> www.wikimedia.org.\n        if (req.http.Host != \"wikimedia.org\") {\n            if (req.http.Host ~ \"((^|\\.)(wmflabs\\.org|toolforge\\.org|wmcloud\\.org))$\") {\n                // For the rest of *.wikimedia.org, we must set the domain to\n                // the full Host value to avoid leaks to 3rd-party entities\n                // that unfortunately exist in this space.  For all other\n                // cases, use the 2LD as the Domain attribute.\n\n                if (req.http.X-Cookie-Host ~ \"\\.wikimedia\\.org$\") {\n                    set resp.http.X-WUTMPDOM = req.http.X-Cookie-Host;\n                } else {\n                    set resp.http.X-WUTMPDOM = \".\" + regsub(req.http.X-Cookie-Host, \"^([a-z0-9-]+\\.)*([a-z0-9-]+\\.\\Qbeta.wmcloud.org\\E)$\", \"\\2\");\n                }\n\n                header.append(resp.http.Set-Cookie,\n                    \"WMF-Uniq=\"\n                    + wu_cfg.get_cookie_val()\n                    + \";Domain=\" + resp.http.X-WUTMPDOM\n                    + \";Path=/;HttpOnly;secure;SameSite=Lax;Expires=\"\n                    + std.time(std.time2integer(now + 1y, 0) / 86400 * 86400)\n                );\n                unset resp.http.X-WUTMPDOM; // clear temp header from above\n            }\n        }\n    }\n\n    set resp.http.X-WUTIMING = {\"WMF-Uniq;desc=\"\"} + wu_cfg.get_abtests_stiming() + {\"\"\"};\n    if (resp.http.X-WUTIMING != {\"WMF-Uniq;desc=\"\"\"}) {\n        header.append(resp.http.Server-Timing, resp.http.X-WUTIMING);\n    }\n    unset resp.http.X-WUTIMING;\n}\n\nsub vcl_deliver {\n    // Provides custom error html if error response has no body\n    if (resp.http.Content-Length == \"0\" && resp.status >= 400) {\n        return(synth(resp.status));\n    }\n    // Do not leak Vary: X-Experiment-Enrollments to the user\n    if (resp.http.Vary) {\n        if (resp.http.Vary == \"X-Experiment-Enrollments\") {\n            unset resp.http.Vary;\n        } else if (resp.http.Vary ~ \"(?i)\\s*X-Experiment-Enrollments\") {\n            set resp.http.Vary = regsub(resp.http.Vary, \"(?i)\\s*X-Experiment-Enrollments\\s*,?\\s*|,\\s*X-Experiment-Enrollments\\s*\", \"\");\n        }\n    }\n    call deliver_synth_;\n    call cluster_fe_deliver;\n    if (req.method != \"PURGE\") {\n        call uniques_deliver;\n    }\n    return (deliver); // no default VCL (which is just \"return (deliver)\" anyways)\n}\n\n// Varnish4 vcl_synth+vcl_backend_error\n\nsub vcl_synth {\n    if (req.method != \"PURGE\") {\n        set resp.http.X-CDIS = \"int\";\n        call deliver_synth_;\n        call cluster_fe_err_synth;\n\n        // Set Retry-After for requests throttled by requestctl.\n        // Please note: this request header is only set for requests that are\n        // being throttled, so even if non-standard, it never leaves varnish.\n        // see T305824.\n        if (req.http.Retry-After) {\n            set resp.http.Retry-After = req.http.Retry-After;\n        }\n\n        // This is for 421 Misdirected for bad HTTP/2 coalescing\n        // between text and upload cluster IPs:\n        if (resp.reason == \"Misdirected Request\") {\n            set resp.http.Connection = \"keep-alive\";\n            set resp.http.Content-Length = \"0\"; // BZ #62245\n            set resp.http.Cache-Control = \"private, s-maxage=0, max-age=0, must-revalidate\";\n        }\n\n        if (resp.status >= 400) {\n            call synth_errorpage;\n        }\n    }\n\n    if (resp.reason == \"healthcheck\") {\n        set resp.reason = \"OK\";\n        synthetic(\"Varnish frontend running on deployment-cache-text08 is up\");\n    }\n\n    if (resp.reason == \"Disable Chrome Private Prefetch Proxy\") {\n        set resp.reason = \"OK\";\n        set resp.http.Cache-Control = \"public, max-age=86400\";\n        set resp.http.Content-Type = \"application/trafficadvice+json\";\n        synthetic({\"[{\n  \"user_agent\": \"prefetch-proxy\",\n  \"disallow\": true\n}]\n\"});\n    }\n\n    return (deliver);\n}\n\nsub vcl_backend_error {\n    // retry 503 once in frontend instances, to paper over transient issues\n    // This catches an implicit 503 (e.g. connectfail, timeout, etc)\n    if (beresp.status == 503 && bereq.retries == 0 && bereq.method ~ \"^(GET|HEAD|OPTIONS|PUT|DELETE)$\") {\n        return(retry);\n    }\n    set beresp.http.X-CDIS = \"int\";\n    call backend_error_errorpage;\n    return (deliver);\n}\n# vim: set expandtab tabstop=4 shiftwidth=4:\n"}},{"type":"File","title":"/etc/varnish/text-frontend.inc.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"// Varnish VCL include file for text frontends\n\ninclude \"geoip.inc.vcl\";\ninclude \"normalize_path.inc.vcl\";\nsub detect_browser {\n\n}\n\nimport std;\n\n# Temporary hack to patch T284479\n# Not a complete list.\n# Do not use; use X-Provenance == \"cloud=gcp\" instead; see also T270391\nacl google_cloud_nets {\n    \"2600:1900::0\"/28;\n}\n\n/******************************************************************************\n * For MediaWiki's purposes, building on the RFC explanation in\n * normalize_path_encoding(), all of the 16 characters in the Customizable Set\n * can be put into a specific subsets that are either always-decoded or\n * always-encoded, giving us \"complete\" normalization:\n *\n * 10 Always-Decode: : / @ ! $ ( ) * , ;\n * 6 Always-Encode: [ ] & ' + =\n *\n * The set of 10 Always-Decode exactly matches MW's \"wfUrlencode\".  For the\n * Always-Encode set: the square brackers are part of MediaWiki's set of\n * disallowed Title characters, and the rest come from observing Wikipedia's\n * live behavior for these bytes when sent in either form (the canonical title\n * always normalizes these as encoded).  The rest of the normal generic decoder\n * settings were also observationally tested to conform to the RFC.\n *\n * XXX However, for this first commit, we're merely switching to this new\n * normalization code with minimal behavior change from the old code, which\n * means not enforcing the Always-Encode set above.\n *\n * Update 2023: The semicolon was switched to the Always-Encode set (setting\n * \"0\" below) to mitigate the ATS-level issue in T238285 + T334467.  This is a\n * divergence from MediaWiki's canonical form, but shouldn't be one that will\n * cause redirect loops.\n *****************************************************************************/\n\nsub normalize_mediawiki_path { C{\n    static const size_t mediawiki_decoder_ring[256] = {\n      // 0x00-0x1F (all unprintable)\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n      //  ! \" # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?\n        0,1,0,2,1,0,2,2,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,2,0,2,\n      //@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \\ ] ^ _\n        1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,0,2,0,1,\n      //` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~ <DEL>\n        0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,1,0,\n      // 0x80-0xFF (all unprintable)\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0\n    };\n\n    normalize_path_encoding(ctx, mediawiki_decoder_ring);\n}C }\n\n/******************************************************************************\n * Restbase:\n * Believed to use MW encoding rules above, but has a special exception for\n *   forward-slash: We can neither encode nor decode either form of the\n *   forward-slash for RB; it must be preserved.  This is because RB needs\n *   forward-slashes from MediaWiki titles to be in %2F form, but still needs\n *   its own functional path-delimiting slashes unencoded.  Ref: T127387\n * Therefore, the table below is almost identical to the MW one above, but note\n *   that the '/' is set to 2 (as it would be in generic_decoder_ring), which\n *   means do not change its encoding status.\n * Update 2023: The semicolon was switched to the Always-Encode set (setting\n * \"0\" below) to mitigate the ATS-level issue in T238285 + T334467.  This is a\n * divergence from MediaWiki's canonical form, but shouldn't be one that will\n * cause redirect loops.\n *****************************************************************************/\n\nsub normalize_rest_path { C{\n    static const size_t restbase_decoder_ring[256] = {\n      // 0x00-0x1F (all unprintable)\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n      //  ! \" # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?\n        0,1,0,2,1,0,2,2,1,1,1,2,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,0,0,2,0,2,\n      //@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \\ ] ^ _\n        1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,0,2,0,1,\n      //` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~ <DEL>\n        0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,1,0,\n      // 0x80-0xFF (all unprintable)\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0\n    };\n\n    normalize_path_encoding(ctx, restbase_decoder_ring);\n}C }\n\n\n// Note that analytics.inc.vcl will set an X-Analytics value of proxy=IORG\n// without inspecting whether there's an existing proxy=<proxy> key-\n// value pair inside X-Analytics. We do this because if the traffic\n// had come from a known proxy (e.g., Opera or Nokia), that would\n// imply that Internet.org was not the rightmost endpoint. In time\n// we will need to add the notion of proxy chaining to record whether\n// something came through both a known proxy and had Via: Internet.org\n// with a corresponding unknown rightmost endpoint (the rightmost\n// Internet.org endpoint with an unpredictable Internet-facing IP\n// address) in X-Forwarded-For, even if it's the only value, as in\n// the example of traffic sourced directly by satellite or something.\n\nsub mobile_redirect {\n    if (!req.http.X-Subdomain\n        && (\n            // Main regex for mobile user-agent detection\n            // * most were imported from Squid (2013), T79741\n            // * Amazon Silk (2014), http://docs.aws.amazon.com/silk/latest/developerguide/user-agent.html\n            // * update samsung- token (2025), T405279\n            req.http.User-Agent ~ \"(?i)(mobi|240x240|240x320|320x320|alcatel|android|audiovox|bada|benq|blackberry|cdm-|compal-|docomo|ericsson|hiptop|htc[-_]|huawei|ipod|kddi-|kindle|meego|midp|mitsu|mmp\\/|mot-|motor|ngm_|nintendo|opera.m|palm|panasonic|philips|phone|playstation|portalmmm|sagem-|samsung-|sanyo|sec-|semc-browser|sendo|sharp|silk|softbank|symbian|teleca|up.browser|vodafone|webos)\"\n\n            // Include desktop clients that opted-in via \"Mobile view\" footer link (T401595).\n            // For legacy mobile wikis, we point \"Mobile view\" to the m-dot domain,\n            // which works without any cookie.\n            || req.http.Cookie ~ \"(mf_useformat=true)\"\n\n            // Prefer mobile view in Google Translate, T212197\n            || var.get_int(\"gt_redirect_scoped\")\n\n            // Prefer mobile view in browsers that send \"Accept: text/vnd.wap.wml\"\n            // This is for rare browser engines not covered above, or browsers that\n            // replace their engine's user agent string entirely with a brand.\n            // Including, as of August 2025:\n            // * \"Dorado WAP-Browser/1.0.0\"\n            // * \"Nokia 225 4G/2.0\"\n            // See also T32827, T79741\n            || req.http.Accept ~ \"vnd.wap.wml\"\n        )\n\n        // Exclude mobile clients that have opted-out\n        && req.http.Cookie !~ \"(stopMobileRedirect=true|mf_useformat=desktop)\"\n\n        // Exclude opt-out toggling requests\n        // * For legacy mobile routing:\n        //   We must remain on the canonical domain so that MediaWiki can set the\n        //   stopMobileRedirect cookie here, to make sure they don't get redirected\n        //   back to the mobile site on the next page view.\n        // * For new mobile routing:\n        //   We must not set a \"X-Subdomain\" header, as otherwise the current request\n        //   (which lacks the stopMobileRedirect=true) would render the confirmation\n        //   page in a mobile view instead of the requested desktop view.\n        //   The response to this request will set the stopMobileRedirect cookie,\n        //   and future pageviews will be excluded based on that instead.\n        && req.url !~ \"[?&]mobileaction=toggle_view_desktop(&|$)\"\n    ) {\n\n        // New mobile routing: Unified domains (T214998)\n        // Let the response vary by X-Subdomain on the canonical domain, instead of redirecting.\n        set req.http.X-Subdomain = \"M\";\n    }\n}\n\nsub cluster_fe_vcl_switch {\n    // Switch to cache_misc VCL if the request is for a site listed in\n    // cache::alternate_domains\n    if (alternate_domains.match(req.http.Host)) {\n        return (vcl(wikimedia_misc));\n    }\n}\n\nsub cluster_fe_recv_pre_purge {\n    if (req.http.X-Provenance ~ \"^abuse=text_abuse_nets\") {\n        return (synth(403, \"Abuse\"));\n    }\n\n    if (req.http.referer && req.http.referer ~ \"^http://(www\\.(keeprefreshing|refreshthis|refresh-page|urlreload)\\.com|tuneshub\\.blogspot\\.com|itunes24x7\\.blogspot\\.com|autoreload\\.net|www\\.lazywebtools\\.co\\.uk)/\") {\n        return (synth(403, \"Noise\"));\n    }\n\n    if (req.method == \"POST\" && req.url ~ \"index\\.php\\?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=\") {\n        return (synth(403, \"Noise\"));\n    }\n\n    if (req.url ~ \"&limit=2000&action=history\") {\n        return (synth(403, \"Excessive load\"));\n    }\n\n    // FIXME: we're seeing an issue with Range requests and gzip/gunzip.\n    // Disable Range requests for now.\n    unset req.http.Range;\n\n    if (req.restarts == 0) {\n        // Always set or clear X-Subdomain and X-Orig-Cookie\n        unset req.http.X-Orig-Cookie;\n        unset req.http.X-Subdomain;\n        // desktop host, if mobile hostname on request\n        unset req.http.x-dt-host;\n        // MediaWiki takes this header into account, so make sure it cannot\n        // be injected from the outside\n        unset req.http.X-Forwarded-By;\n\n        # T368645: Donation pages never used MobileFrontend or an m-dot domain,\n        # but Google somehow inferred donate.m.wikimedia.org and started serving it\n        # in results. For compatibility, support it and redirect it.\n        #\n        # * Strip any regional state from this likely-shared URL by\n        #   starting fresh from \"/\" endpoint and letting it redirect to current region.\n        # * Strip any mistakenly added trailing slash because\n        #   https://donate.wikimedia.org/wiki/Special:LandingPage/\n        #   would say \"Sorry, we are unable to detect your country.\" instead of\n        #   redirecting like https://donate.wikimedia.org/wiki/Special:LandingPage\n        #\n        if (req.http.Host == \"donate.m.wikimedia.org\" && req.url ~ \"^/wiki/Special:LandingPage\") {\n            set req.http.Location = \"https://donate.wikimedia.org\";\n            return (synth(302, \"Donate Redirect\"));\n        }\n\n        // mobile-subdomains-only for Host-rewrite\n        if (req.http.host ~ \"^([a-z0-9-]+\\.)?m\\.\") {\n            set req.http.X-Subdomain = \"M\";\n\n            // Rewrite mobile hostnames to desktop hostnames as x-dt-host.\n            if (req.http.host ~ \"^m\\.\" && req.http.host != \"m.wikisource.org\") {\n                // Projects with a standalone domain name are generally on www,\n                // such as www.mediawiki.org and www.wikidata.org.\n                //\n                // The \"m\" subdomain for these uses \"m\" instead of \"www\" (not in addition), so we\n                // must replace instead of strip to form a valid MediaWiki hostname.\n                //\n                // * m.mediawiki.org             -> www.mediawiki.org\n                // * m.wikidata.org              -> www.wikidata.org\n                // * m.wikidata.beta.wmcloud.org -> www.wikidata.beta.wmcloud.org\n                // * m.wikifunctions.org         -> www.wikifunctions.org\n                //\n                // Families have portal pages that also use www (e.g. www.wikipedia.org).\n                // These are not MediaWiki wikis, but their \"m\" subdomain follows the same\n                // pattern. These could be moved to the ncredir service, but we handle\n                // them here for now by rewriting them to their \"www\" equivalent.\n                //\n                // * m.wikipedia.org   -> www.wikipedia.org.\n                //\n                // Notable exception: m.wikisource.org.\n                // The canonical equivalent is the apex at wikisource.org (not www).\n                // This is because Wikisource is a family (not a standalone wiki), but\n                // unlike other families does not have a central www portal page.\n                // Instead, it has a central MediaWiki wiki.\n                //\n                set req.http.x-dt-host = regsub(req.http.host, \"^m\\.\", \"www.\");\n            } else {\n                // Replace <language>.m.<project>.org by <language>.<project>.org\n                // as well as m.<project>.org by <project>.org\n                //\n                // Example:\n                //\n                // * it.m.wikipedia.org         -> it.wikipedia.org\n                // * commons.m.wikimedia.org    -> commons.wikimedia.org\n                // * donate.m.wikimedia.org     -> donate.wikimedia.org\n                // * m.wikisource.org           -> wikisource.org\n                //\n                set req.http.x-dt-host = regsub(req.http.host, \"^([a-z0-9-]+\\.)?m\\.\", \"\\1\");\n            }\n\n            if (req.url ~ \"^/api/rest_v1/\") {\n                // for Restbase, there is no difference in desktop-vs-mobile hostnames,\n                // so rewrite mobile hostnames to desktop hostnames for singular caching\n                // (this affects the Host: header, and also the url rewrite for restbase\n                // elsewhere that uses req.http.host)\n                set req.http.host = req.http.x-dt-host;\n            }\n\n            # T214998: Redirect mobile subdomain to canonical equivalent\n            if (\n                req.http.Host != req.http.x-dt-host\n            ) {\n                set req.http.Location = \"https://\" + req.http.x-dt-host + req.url;\n                unset req.http.x-dt-host;\n                # While HTTP 308 is method agnostic, it is not as widely supported.\n                # Prefer HTTP 301 on GET for wider compatibility.\n                if (req.method == \"GET\" || req.method == \"HEAD\") {\n                    return (synth(301, \"Mobile Redirect\"));\n                } else {\n                    return (synth(308, \"Mobile Redirect\"));\n                }\n            }\n        }\n\n        # normalize all /static to the same hostname for caching\n        if (req.url ~ \"^/static/\") { set req.http.host = \"en.wikipedia.beta.wmcloud.org\"; }\n\n        # normalize all /w/static.php to the same wiki host for improved caching\n        # https://wikitech.wikimedia.org/wiki/MediaWiki_at_WMF#Static_files\n        if (req.url ~ \"^/w/(skins/|resources/|extensions/|CREDITS|COPYING)\" ) {\n            set req.http.host = \"en.wikipedia.beta.wmcloud.org\";\n        }\n\n        // RESTBase redirect=false optimization: T134464\n        // RESTBase sends the same content regardless of ?redirect=false, but\n        // switches from 302 w/ Location (normal) to 200 w/o Location\n        // (?redirect=false) for wikitext redirect responses.  We can\n        // make this more efficient by doing this in Varnish and sharing\n        // the cache object (stripping the parameter and doing the\n        // transform at deliver time).\n        if (req.url ~ \"^/api/rest_v1/.*[?&]redirect=\") {\n            // extract the redirect= value to boolean for later\n            var.set(\"rb_noredir_param\", regsub(req.url, \"^.+[?&]redirect=([^&]+).*$\", \"\\1\"));\n            // Remove the redirect=X parameter from req.url to avoid cache\n            // fragmentation using two regexes to cover distinct cases:\n            // (1) Simple strip if final query arg:\n            set req.url = regsub(req.url, \"[?&]redirect=[^&]+$\", \"\");\n            // (2) When not the final arg, we need to capture the leading\n            //     [?&] to reuse with the parameter that follows:\n            set req.url = regsub(req.url, \"([?&])redirect=[^&]+&\", \"\\1\");\n        }\n\n        // Normalize Accept headers for the REST API: Ignore unless a profile is\n        // specified or this is a request for the root REST URI\n        if (req.url ~ \"^/api/rest_v1/?(\\?doc)?$\" && req.http.Accept ~ \"text/html\") {\n            set req.http.Accept = \"text/html\";\n        } else if (req.url ~ \"^/api/rest_v1/\") {\n            if (req.http.Accept !~ {\"profile=\"https://www.mediawiki.org/wiki/Specs/\"}) {\n                unset req.http.Accept;\n            } else {\n                // Only replaces the patch version if it's specified.\n                // We ignore the patch version differences to avoid additional\n                // work on guaranteed backwards compatible changes.\n                set req.http.Accept = regsub(req.http.Accept, \"([0-9]+\\.[0-9]+\\.)[0-9]+(\\\\\\x22)$\", \"\\10\\2\");\n            }\n        }\n        // Normalise the Accept-Language header for REST API requests\n        // For the time being we only take the first lang variant passed in and ignore the rest\n        if (req.url ~ \"^/api/rest_v1/\" && req.http.Accept-Language) {\n            if (req.http.Accept-Language ~ \"^[a-zA-Z]+(-[a-zA-Z]+)?\") {\n                set req.http.Accept-Language = regsub(req.http.Accept-Language, \"([a-zA-Z]+(-[a-zA-Z]+)?)(.*)$\", \"\\1\");\n            } else {\n                unset req.http.Accept-Language;\n            }\n        }\n\n        // Custom rule to block traffic coming from bots, hitting the Analytics AQS API.\n        if (req.http.User-Agent ~ \"^(python-requests|rest-client\\/2\\.1\\.0)\" && req.url ~ \"^/api/rest_v1/metrics/pageviews\") {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n    }\n\n    // Normalize paths before purging\n    // Don't decode percent-encoded slashes in paths for REST APIs\n    if (req.url ~ \"^/api/rest_v1/\" || req.url ~ \"^/w/rest\\.php/\" || req.http.host ~ \"^cxserver\\.wikimedia\\.org$\") {\n        call normalize_rest_path;\n    } else {\n        call normalize_mediawiki_path;\n    }\n}\n\nsub evaluate_cookie {\n    // For hash->lookup purposes, if there's a valid-seeming session|token\n    // cookie, replace it with the shared Cookie value \"Token=1\",\n    // otherwise remove the Cookie completely.  In either case, in\n    // vcl_(pass|miss) on the way to any backend fetch, it will be\n    // restored to the original value.\n    // Later in cluster_fe_backend_response, we'll create hit-for-pass objects for any\n    // response with Vary:Cookie and Cookie:Token=1.  This will allow\n    // logged-in users to share the anonymous users' cache for\n    // non-Vary:Cookie responses, and then share a single hit-for-pass\n    // object in a single Vary slot per object for those responses that\n    // should Vary:Cookie.\n    if (req.restarts == 0) {\n        unset req.http.X-Orig-Cookie;\n        if (req.http.Cookie) {\n            set req.http.X-Orig-Cookie = req.http.Cookie;\n            if (req.http.Cookie ~ \"([sS]ession|Token)=\") {\n                set req.http.Cookie = \"Token=1\";\n            } else {\n                unset req.http.Cookie;\n            }\n        }\n    }\n}\n\nsub pass_authorization {\n    // As a general rule, per the RFCs, shared caches shouldn't use cached\n    // responses for requests with Authorization headers (with a few\n    // notable exceptions aside).  The default vcl_recv (which text\n    // doesn't use) in varnish does this alongside its pass for Cookie.\n    // We deal with Cookies properly elsewhere.\n    //\n    // By letting Authorization reqs cache, we're breaking our own OAuth\n    // in some corner cases: https://phabricator.wikimedia.org/T105387\n    // Any browser/curl fetch of an OAuth URL without the header can\n    // cause a redirect to be cached, which then affects real fetches that\n    // have the Authorization header set, which is Bad.\n    //\n    // It's *probably* best to just pass all Authorization-headered\n    // requests in general, but on the other hand, I see a lot of random\n    // Authorization headers in our traffic that don't look like stuff\n    // we're using or want to pay attention to, and we've otherwise seemed\n    // ok on this stuff.  So for now, only (pass) on ones that seem to\n    // have OAuth data, with the same header-matching as in:\n    // https://phabricator.wikimedia.org/diffusion/EOAU/browse/master/backend/MWOAuthUtils.php;8029ef146211a1016b1f8e676944c3750f78b0eb$89\n    if (req.http.Authorization ~ \"^OAuth \") {\n        return (pass);\n    }\n}\n\nsub ua_policy_enforcement {\n    if (!req.http.X-Requestctl) {\n        set req.http.X-Requestctl = \"\";\n    }\n    // this routine mildly enforces the wikimedia foundation User-Agent policy.\n    // See https://phabricator.wikimedia.org/T400119\n    // This is not an exhaustive list of user-agents, just some of the most common offenders. We might add\n    // more entries to the list in the future if other unidentified UAs become popular.\n    if (req.http.User-Agent ~ \"(?i)^(wget|curl)\") {\n        // Check no email-ish or url-ish thing is present in the user agent. This check is crude on purpose.\n        // If none is present, rate-limit to 10 requests per ip over 10 seconds.\n        if (req.http.User-Agent !~ \"(?i)([a-z0-9.+_-]+@[a-z0-9._-]+|https?\\:\\/\\/[a-z0-9.-]+)\"\n            && vsthrottle.is_denied(\"ua_policy:library\" + req.http.X-Client-IP, 10, 10s)) {\n            set req.http.X-Requestctl = req.http.X-Requestctl + \",ua_policy:cli_tool\";\n            set req.http.Retry-After = 10;\n            return (synth(429, \"Please set a proper user-agent and respect our robot policy https://w.wiki/4wJS. See also https://phabricator.wikimedia.org/T400119\"));\n        }\n    }\n    if (req.http.User-Agent ~ \"^Wikidata Query Service\") {\n        // Check no email-ish or url-ish thing is present in the user agent. This check is crude on purpose.\n        // If none is present, rate-limit to 100 requests per ip over 10 seconds.\n        if (req.http.User-Agent !~ \"(?i)([a-z0-9.+_-]+@[a-z0-9._-]+|https?\\:\\/\\/[a-z0-9.-]+)\"\n            && vsthrottle.is_denied(\"ua_policy:wdqs\" + req.http.X-Client-IP, 50, 10s)) {\n            set req.http.X-Requestctl = req.http.X-Requestctl + \",ua_policy:wdqs\";\n            set req.http.Retry-After = 10;\n            return (synth(429, \"Please set a proper user-agent and respect our robot policy https://w.wiki/4wJS. See also https://phabricator.wikimedia.org/T400119\"));\n        }\n    }\n}\n\nsub cluster_fe_recv {\n    // 421 for bad H/2 coalesce (wikimedia-frontend handles synth)\n    if (req.http.Host == \"upload.wikimedia.beta.wmcloud.org\"\n        || req.http.Host == \"maps.wikimedia.beta.wmcloud.org\"\n        || req.http.Host ~ \"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$\") {\n        return (synth(421, \"Misdirected Request\"));\n    }\n    # Deprecated urls defined in requestctl. These apply to all requests.\n\n    if (req.http.Host ~ \"^(www\\.)?wikimediafoundation\\.org$\") {\n        set req.http.Location = \"https://foundation.wikimedia.org\" + req.url;\n        return (synth(302, \"Foundation Wiki Moved\"));\n    }\n\n    call mobile_redirect;\n\n    // shortener URLs can be validated and restricted here\n    if (req.http.host == \"w.beta.wmcloud.org\") {\n        // Only allow GET/HEAD to the shortener\n        if (req.method != \"GET\" && req.method != \"HEAD\") {\n            return (synth(405, \"Method not allowed\"));\n        }\n        // Strip query args: we don't use them, but others may send junk which would hurt caching\n        set req.url = regsub(req.url, \"\\?.*$\", \"\");\n        // Validate that we're only handling true short URLs, as\n        // otherwise there are potentially holes by which unrelated\n        // metawiki URLs can be accessed via w.wiki after the rewrite in\n        // text-backend.\n        if (req.url !~ \"^/_?[23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz$]*$\") {\n            return (synth(404, \"Short URL Not Found\"));\n        }\n    }\n\n    // https://phabricator.wikimedia.org/T407122\n    if (\n        req.url ~ \"^/w/rest.php/site/v1/sitemap/\"\n        && req.http.X-Trusted-Request !~ \"^[ABC]$\"\n    ) {\n        return (synth(403, \"Sitemap Restricted\"));\n    }\n\n    // Requests with an X-Wikimedia-Debug header get special treatment in lower layers so\n    // mustn't be served from cache. See https://wikitech.wikimedia.org/wiki/WikimediaDebug\n    // We also allow an X-Wikimedia-Debug cookie for debugging in clients which can't easily\n    // set headers (T350094), and normalize it here to reduce the amount of code that needs\n    // both cookie handling and header handling logic.\n    if (req.http.Cookie ~ \"(^|;\\s*)X-Wikimedia-Debug=\") {\n        set req.http.X-Wikimedia-Debug = regsuball(regsuball(\n            regsub(\n                req.http.Cookie,\n                \"^(?:.*;\\s*)?X-Wikimedia-Debug=([^;]*).*$\",\n                \"\\1\"\n            ),\n        \"%3D\", \"=\"), \"%3B\", \";\");\n    }\n    if (req.http.X-Wikimedia-Debug) {\n        return (pass);\n    }\n\n    if (req.method != \"GET\" && req.method != \"HEAD\") {\n        return (pass);\n    }\n\n    call evaluate_cookie;\n    call pass_authorization;\n}\n\nsub cluster_fe_recv_tail { }\n\nsub cluster_fe_hash { }\n\nsub cluster_fe_ratelimit {\n    // Add the requestctl header if it wasn't set in the previous layer\n    if (!req.http.X-Requestctl) {\n        set req.http.X-Requestctl = \"\";\n    }\n\n    // Safeguard: default x-trusted-request if absent.\n    if (!req.http.X-Trusted-Request) {\n        set req.http.X-Trusted-Request = \"E\";\n    }\n\n    if (req.http.X-Trusted-Request == \"A\") {\n        // Trusted requests. no rate-limit.\n    } else {\n        // Unidentified requests. These are either browser-like requests that are not authenticated, or bots that do not respect our robot policy,\n        // or again requests from abusive networks.\n\n        // All requests need to honor our ua policy\n        call ua_policy_enforcement;\n\n        // Browser detection\n        // TODO: exclude things that are in category \"other\", and consider those non-compliant bots\n        if (req.restarts == 0) {\n            call detect_browser;\n        }\n    }\n\n}\n\nsub cluster_fe_hit {\n    call cluster_fe_ratelimit_hit;\n}\nsub cluster_fe_ratelimit_hit {\n    // Add the requestctl header if it wasn't set in the previous layer\n    if (!req.http.X-Requestctl) {\n        set req.http.X-Requestctl = \"\";\n    }\n\n    // Safeguard: default x-trusted-request if absent.\n    if (!req.http.X-Trusted-Request) {\n        set req.http.X-Trusted-Request = \"E\";\n    }\n    if (req.http.X-Trusted-Request == \"A\") {\n        // Trusted requests. no rate-limit.\n    } else {\n        // All requests need to honor our ua policy.\n        call ua_policy_enforcement;\n\n        // Browser detection\n        if (req.restarts == 0) {\n            call detect_browser;\n        }\n        // TODO: do we want to add a limit to requests with a low X-Is-Browser score?\n    }\n}\n\nsub cluster_fe_miss {\n    call cluster_fe_ratelimit;\n}\n\nsub cluster_fe_pass {\n    call cluster_fe_ratelimit;\n}\n\nsub cluster_fe_backend_fetch {\n    // Restore the original Cookie header for upstream\n    // Assumes client header X-Orig-Cookie has been filtered!\n    if (bereq.http.X-Orig-Cookie) {\n        set bereq.http.Cookie = bereq.http.X-Orig-Cookie;\n        unset bereq.http.X-Orig-Cookie;\n    }\n\n    // Tell Envoy to enable distributed tracing for all file upload requests that hit the appservers.\n    if (bereq.url ~ \"^/w/api\\.php/.*[?&]action=upload\" && bereq.http.X-Request-Id) {\n        set bereq.http.X-Client-Trace-Id = bereq.http.X-Request-Id;\n    }\n}\n\nsub cluster_fe_backend_response_early {\n    // Re-do the same changes as evalute_cookie above, but on the bereq\n    // Cookie header and without bothering to save originals.  The reason we\n    // have to do this very late in the game here is that Varnish 4 uses\n    // bereq.http.Cookie to set the cache storage Vary:Cookie slot for a\n    // fetched object shortly after vcl_backend_response.  Under Varnish3\n    // when all this session-cookie related VCL was developed, the vary slot\n    // was being set from req.http.Cookie.\n    // Note this must happen in the \"backend_response_early\" hook before the\n    // global common VCL tries to create generic hit-for-pass objects for\n    // TTL<=0, or else the Vary-slotting will be wrong there!\n    if (bereq.http.Cookie ~ \"([sS]ession|Token)=\") {\n        set bereq.http.Cookie = \"Token=1\";\n    } else {\n        unset bereq.http.Cookie;\n    }\n\n}\n\n// cluster_fe_backend_response won't be called if an HFP is issued on wm_backend_response\nsub cluster_fe_backend_response {\n    // set a 607s hit-for-pass object based on response conditions in vcl_backend_response:\n    //    Token=1 + Vary:Cookie:\n    //    All requests with real login session|token cookies share the\n    //    Cookie:Token=1 value for Vary purposes.  This allows them to\n    //    share a single hit-for-pass object here if the response\n    //    shouldn't be shared between users (Vary:Cookie).\n    if (\n        bereq.http.Cookie == \"Token=1\"\n        && beresp.http.Vary ~ \"(?i)(^|,)\\s*Cookie\\s*(,|$)\"\n    ) {\n        set beresp.grace = 31s;\n        set beresp.keep = 0s;\n        set beresp.http.X-CDIS = \"pass\";\n        // HFP\n        return(pass(607s));\n    }\n}\n\nsub cluster_fe_deliver {\n    # Other half of RESTBase redirect=false optimization (see cluster_fe_recv_pre_purge)\n    if (var.get(\"rb_noredir_param\") ~ \"(?i)^(false|no|0)$\") {\n        std.log(\"noredir: 1\");\n        if (resp.status == 302) {\n            unset resp.http.Location;\n            set resp.status = 200;\n            set resp.reason = \"OK\";\n        } elsif (resp.status == 301) {\n            // preserve the original client redirect preference on title redirects\n            if (resp.http.Location ~ \"[?]\") {\n                if (resp.http.Location !~ \"[?&]redirect=\") {\n                    set resp.http.Location = resp.http.Location + \"&redirect=false\";\n                }\n            } else {\n                set resp.http.Location = resp.http.Location + \"?redirect=false\";\n            }\n        }\n    }\n    // As resp.do_esi defaults to true and ESI data gets cached as part of the object attributes\n    // disabling ESI requires setting resp.do_esi to false or otherwise ESI requests\n    // will still happen in cached objects where beresp.do_esi was set to true\n    set resp.do_esi = false;\n\n    // Strip s-maxage Cache-Control of wiki pages. The s-maxage still applies to Varnish (sent\n    // by MediaWiki $wgUseCdn, sends purges internally). But pages musn't be cached elsewhere.\n    // NOTE: Language variants URLs are not currently covered by these regexps.\n    // Instead of writing regexps for every edge-case, we should impose some order and coherence\n    // on our URL routing schemes.\n    // NOTE: Only apply to pages. Don't steal cachability of api.php, load.php, etc. (T102898, T113007)\n\n    if (req.url ~ \"^/wiki/\" || req.url ~ \"^/w/index\\.php\" || req.url ~ \"^/\\?title=\") {\n        // ...but exempt CentralNotice banner special pages\n        if (req.url !~ \"^/(wiki/|(w/index\\.php)?\\?title=)Special:Banner\") {\n            set resp.http.Cache-Control = \"private, s-maxage=0, max-age=0, must-revalidate, no-transform\";\n        }\n    }\n\n    // T403866, T390929: The local browser cache must vary by User-Agent.\n    // Browsers rarely changes this during a session, except via the\n    // \"Request desktop site\" and \"Request mobile site\" buttons, which otherwise\n    // reload the page with If-Modified-Since and use our HTTP 304 response\n    // to display the same cached version again, instead of switching.\n    if (req.url ~ \"^/wiki/\" || req.url ~ \"^/w/index\\.php\" || req.url ~ \"^/w/api\\.php\" || req.url ~ \"^/w/load\\.php\") {\n        if (!resp.http.Vary) {\n            set resp.http.Vary = \"User-Agent\";\n        } else if (resp.http.Vary !~ \"(?i)\\bUser-Agent\\b\") {\n            set resp.http.Vary = resp.http.Vary + \",User-Agent\";\n        }\n    }\n\n    // Age experiment for load.php T105657\n    if (req.url ~ \"^/w/load\\.php\" ) {\n        set resp.http.Age = 0;\n    }\n\n    // Perform GeoIP look-up and send the result as a session cookie\n    if (req.http.X-Orig-Cookie !~ \"(^|;\\s*)GeoIP=[^;]\"\n        && req.http.Cookie !~ \"(^|;\\s*)GeoIP=[^;]\") {\n        call geoip_cookie;\n    }\n    // Fix old IPv6 no-data cookies\n    else if (req.http.X-Orig-Cookie ~ \"(^|;\\s*)GeoIP=:::::v6\"\n        || req.http.Cookie ~ \"(^|;\\s*)GeoIP=:::::v6\") {\n        call geoip_cookie;\n    }\n\n    // NetworkProbeLimit Cookie (T335637)\n    // Overrides the default network probe limit value\n    // Current default value is 0.001 (0.1%)\n    // Set NetworkProbeLimit to 0 to stop all probes\n    if (req.http.X-Orig-Cookie !~ \"(^|;)\\s*NetworkProbeLimit=0\\.001\\s*(;|$)\"\n        && req.http.Cookie !~ \"(^|;)\\s*NetworkProbeLimit=0\\.001\\s*(;|$)\") {\n        header.append(resp.http.Set-Cookie,\n            \"NetworkProbeLimit=0.001;\"\n            + \"Path=/;\"\n            + \"Secure;\"\n            + \"SameSite=None;\"\n            + \"Max-Age=3600\"\n            );\n    }\n}\n\nsub cluster_fe_err_synth {\n    if (resp.reason == \"Mobile Redirect\") {\n        set resp.reason = \"Found\";\n        set resp.http.Location = req.http.Location;\n        set resp.http.Connection = \"keep-alive\";\n        set resp.http.Content-Length = \"0\"; // T64245\n        set resp.http.Access-Control-Allow-Origin = \"*\"; // T229385: Allow client-side JS to follow this redirect\n    }\n\n    if (resp.reason == \"Donate Redirect\") {\n        set resp.reason = \"Found\";\n        set resp.http.Location = req.http.Location;\n        set resp.http.Connection = \"keep-alive\";\n        set resp.http.Content-Length = \"0\"; // T64245\n    }\n\n    if (resp.reason == \"Foundation Wiki Moved\") {\n        set resp.reason = \"Found\";\n        set resp.http.Location = req.http.Location;\n        set resp.http.Connection = \"keep-alive\";\n        set resp.http.Content-Length = \"0\"; // T64245\n    }\n\n    // Set a generic Retry-After of 1 for any response matching the string.\n    // If we have a request Retry-After header (added by requestctl)\n    // we will use its value instead.\n    if (resp.reason ~ \"^Too Many Requests\") {\n        set resp.http.Retry-After = 1;\n    }\n}\n# vim: set expandtab tabstop=4 shiftwidth=4:\n"}},{"type":"File","title":"/usr/share/varnish/tests/text-frontend.inc.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"// Varnish VCL include file for text frontends\n\ninclude \"geoip.inc.vcl\";\ninclude \"normalize_path.inc.vcl\";\nsub detect_browser {\n\n}\n\nimport std;\n\n# Temporary hack to patch T284479\n# Not a complete list.\n# Do not use; use X-Provenance == \"cloud=gcp\" instead; see also T270391\nacl google_cloud_nets {\n    \"2600:1900::0\"/28;\n}\n\nbackend esi_backend {\n    .host = \"127.0.0.1\";\n    .port = \"4321\";\n    .connect_timeout = 1s;\n    .first_byte_timeout = 1s;\n}\n/******************************************************************************\n * For MediaWiki's purposes, building on the RFC explanation in\n * normalize_path_encoding(), all of the 16 characters in the Customizable Set\n * can be put into a specific subsets that are either always-decoded or\n * always-encoded, giving us \"complete\" normalization:\n *\n * 10 Always-Decode: : / @ ! $ ( ) * , ;\n * 6 Always-Encode: [ ] & ' + =\n *\n * The set of 10 Always-Decode exactly matches MW's \"wfUrlencode\".  For the\n * Always-Encode set: the square brackers are part of MediaWiki's set of\n * disallowed Title characters, and the rest come from observing Wikipedia's\n * live behavior for these bytes when sent in either form (the canonical title\n * always normalizes these as encoded).  The rest of the normal generic decoder\n * settings were also observationally tested to conform to the RFC.\n *\n * XXX However, for this first commit, we're merely switching to this new\n * normalization code with minimal behavior change from the old code, which\n * means not enforcing the Always-Encode set above.\n *\n * Update 2023: The semicolon was switched to the Always-Encode set (setting\n * \"0\" below) to mitigate the ATS-level issue in T238285 + T334467.  This is a\n * divergence from MediaWiki's canonical form, but shouldn't be one that will\n * cause redirect loops.\n *****************************************************************************/\n\nsub normalize_mediawiki_path { C{\n    static const size_t mediawiki_decoder_ring[256] = {\n      // 0x00-0x1F (all unprintable)\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n      //  ! \" # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?\n        0,1,0,2,1,0,2,2,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,2,0,2,\n      //@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \\ ] ^ _\n        1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,0,2,0,1,\n      //` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~ <DEL>\n        0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,1,0,\n      // 0x80-0xFF (all unprintable)\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0\n    };\n\n    normalize_path_encoding(ctx, mediawiki_decoder_ring);\n}C }\n\n/******************************************************************************\n * Restbase:\n * Believed to use MW encoding rules above, but has a special exception for\n *   forward-slash: We can neither encode nor decode either form of the\n *   forward-slash for RB; it must be preserved.  This is because RB needs\n *   forward-slashes from MediaWiki titles to be in %2F form, but still needs\n *   its own functional path-delimiting slashes unencoded.  Ref: T127387\n * Therefore, the table below is almost identical to the MW one above, but note\n *   that the '/' is set to 2 (as it would be in generic_decoder_ring), which\n *   means do not change its encoding status.\n * Update 2023: The semicolon was switched to the Always-Encode set (setting\n * \"0\" below) to mitigate the ATS-level issue in T238285 + T334467.  This is a\n * divergence from MediaWiki's canonical form, but shouldn't be one that will\n * cause redirect loops.\n *****************************************************************************/\n\nsub normalize_rest_path { C{\n    static const size_t restbase_decoder_ring[256] = {\n      // 0x00-0x1F (all unprintable)\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n      //  ! \" # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?\n        0,1,0,2,1,0,2,2,1,1,1,2,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,0,0,2,0,2,\n      //@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \\ ] ^ _\n        1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,0,2,0,1,\n      //` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~ <DEL>\n        0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,1,0,\n      // 0x80-0xFF (all unprintable)\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0\n    };\n\n    normalize_path_encoding(ctx, restbase_decoder_ring);\n}C }\n\n\n// Note that analytics.inc.vcl will set an X-Analytics value of proxy=IORG\n// without inspecting whether there's an existing proxy=<proxy> key-\n// value pair inside X-Analytics. We do this because if the traffic\n// had come from a known proxy (e.g., Opera or Nokia), that would\n// imply that Internet.org was not the rightmost endpoint. In time\n// we will need to add the notion of proxy chaining to record whether\n// something came through both a known proxy and had Via: Internet.org\n// with a corresponding unknown rightmost endpoint (the rightmost\n// Internet.org endpoint with an unpredictable Internet-facing IP\n// address) in X-Forwarded-For, even if it's the only value, as in\n// the example of traffic sourced directly by satellite or something.\n\nsub mobile_redirect {\n    if (!req.http.X-Subdomain\n        && (\n            // Main regex for mobile user-agent detection\n            // * most were imported from Squid (2013), T79741\n            // * Amazon Silk (2014), http://docs.aws.amazon.com/silk/latest/developerguide/user-agent.html\n            // * update samsung- token (2025), T405279\n            req.http.User-Agent ~ \"(?i)(mobi|240x240|240x320|320x320|alcatel|android|audiovox|bada|benq|blackberry|cdm-|compal-|docomo|ericsson|hiptop|htc[-_]|huawei|ipod|kddi-|kindle|meego|midp|mitsu|mmp\\/|mot-|motor|ngm_|nintendo|opera.m|palm|panasonic|philips|phone|playstation|portalmmm|sagem-|samsung-|sanyo|sec-|semc-browser|sendo|sharp|silk|softbank|symbian|teleca|up.browser|vodafone|webos)\"\n\n            // Include desktop clients that opted-in via \"Mobile view\" footer link (T401595).\n            // For legacy mobile wikis, we point \"Mobile view\" to the m-dot domain,\n            // which works without any cookie.\n            || req.http.Cookie ~ \"(mf_useformat=true)\"\n\n            // Prefer mobile view in Google Translate, T212197\n            || var.get_int(\"gt_redirect_scoped\")\n\n            // Prefer mobile view in browsers that send \"Accept: text/vnd.wap.wml\"\n            // This is for rare browser engines not covered above, or browsers that\n            // replace their engine's user agent string entirely with a brand.\n            // Including, as of August 2025:\n            // * \"Dorado WAP-Browser/1.0.0\"\n            // * \"Nokia 225 4G/2.0\"\n            // See also T32827, T79741\n            || req.http.Accept ~ \"vnd.wap.wml\"\n        )\n\n        // Exclude mobile clients that have opted-out\n        && req.http.Cookie !~ \"(stopMobileRedirect=true|mf_useformat=desktop)\"\n\n        // Exclude opt-out toggling requests\n        // * For legacy mobile routing:\n        //   We must remain on the canonical domain so that MediaWiki can set the\n        //   stopMobileRedirect cookie here, to make sure they don't get redirected\n        //   back to the mobile site on the next page view.\n        // * For new mobile routing:\n        //   We must not set a \"X-Subdomain\" header, as otherwise the current request\n        //   (which lacks the stopMobileRedirect=true) would render the confirmation\n        //   page in a mobile view instead of the requested desktop view.\n        //   The response to this request will set the stopMobileRedirect cookie,\n        //   and future pageviews will be excluded based on that instead.\n        && req.url !~ \"[?&]mobileaction=toggle_view_desktop(&|$)\"\n    ) {\n\n        // New mobile routing: Unified domains (T214998)\n        // Let the response vary by X-Subdomain on the canonical domain, instead of redirecting.\n        set req.http.X-Subdomain = \"M\";\n    }\n}\n\nsub cluster_fe_vcl_switch {\n    // Switch to cache_misc VCL if the request is for a site listed in\n    // cache::alternate_domains\n    if (alternate_domains.match(req.http.Host)) {\n        return (vcl(wikimedia_misc));\n    }\n}\n\nsub cluster_fe_recv_pre_purge {\n    if (req.http.X-Provenance ~ \"^abuse=text_abuse_nets\") {\n        return (synth(403, \"Abuse\"));\n    }\n\n    if (req.http.referer && req.http.referer ~ \"^http://(www\\.(keeprefreshing|refreshthis|refresh-page|urlreload)\\.com|tuneshub\\.blogspot\\.com|itunes24x7\\.blogspot\\.com|autoreload\\.net|www\\.lazywebtools\\.co\\.uk)/\") {\n        return (synth(403, \"Noise\"));\n    }\n\n    if (req.method == \"POST\" && req.url ~ \"index\\.php\\?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=\") {\n        return (synth(403, \"Noise\"));\n    }\n\n    if (req.url ~ \"&limit=2000&action=history\") {\n        return (synth(403, \"Excessive load\"));\n    }\n\n    // FIXME: we're seeing an issue with Range requests and gzip/gunzip.\n    // Disable Range requests for now.\n    unset req.http.Range;\n\n    if (req.restarts == 0) {\n        // Always set or clear X-Subdomain and X-Orig-Cookie\n        unset req.http.X-Orig-Cookie;\n        unset req.http.X-Subdomain;\n        // desktop host, if mobile hostname on request\n        unset req.http.x-dt-host;\n        // MediaWiki takes this header into account, so make sure it cannot\n        // be injected from the outside\n        unset req.http.X-Forwarded-By;\n\n        # T368645: Donation pages never used MobileFrontend or an m-dot domain,\n        # but Google somehow inferred donate.m.wikimedia.org and started serving it\n        # in results. For compatibility, support it and redirect it.\n        #\n        # * Strip any regional state from this likely-shared URL by\n        #   starting fresh from \"/\" endpoint and letting it redirect to current region.\n        # * Strip any mistakenly added trailing slash because\n        #   https://donate.wikimedia.org/wiki/Special:LandingPage/\n        #   would say \"Sorry, we are unable to detect your country.\" instead of\n        #   redirecting like https://donate.wikimedia.org/wiki/Special:LandingPage\n        #\n        if (req.http.Host == \"donate.m.wikimedia.org\" && req.url ~ \"^/wiki/Special:LandingPage\") {\n            set req.http.Location = \"https://donate.wikimedia.org\";\n            return (synth(302, \"Donate Redirect\"));\n        }\n\n        // mobile-subdomains-only for Host-rewrite\n        if (req.http.host ~ \"^([a-z0-9-]+\\.)?m\\.\") {\n            set req.http.X-Subdomain = \"M\";\n\n            // Rewrite mobile hostnames to desktop hostnames as x-dt-host.\n            if (req.http.host ~ \"^m\\.\" && req.http.host != \"m.wikisource.org\") {\n                // Projects with a standalone domain name are generally on www,\n                // such as www.mediawiki.org and www.wikidata.org.\n                //\n                // The \"m\" subdomain for these uses \"m\" instead of \"www\" (not in addition), so we\n                // must replace instead of strip to form a valid MediaWiki hostname.\n                //\n                // * m.mediawiki.org             -> www.mediawiki.org\n                // * m.wikidata.org              -> www.wikidata.org\n                // * m.wikidata.beta.wmcloud.org -> www.wikidata.beta.wmcloud.org\n                // * m.wikifunctions.org         -> www.wikifunctions.org\n                //\n                // Families have portal pages that also use www (e.g. www.wikipedia.org).\n                // These are not MediaWiki wikis, but their \"m\" subdomain follows the same\n                // pattern. These could be moved to the ncredir service, but we handle\n                // them here for now by rewriting them to their \"www\" equivalent.\n                //\n                // * m.wikipedia.org   -> www.wikipedia.org.\n                //\n                // Notable exception: m.wikisource.org.\n                // The canonical equivalent is the apex at wikisource.org (not www).\n                // This is because Wikisource is a family (not a standalone wiki), but\n                // unlike other families does not have a central www portal page.\n                // Instead, it has a central MediaWiki wiki.\n                //\n                set req.http.x-dt-host = regsub(req.http.host, \"^m\\.\", \"www.\");\n            } else {\n                // Replace <language>.m.<project>.org by <language>.<project>.org\n                // as well as m.<project>.org by <project>.org\n                //\n                // Example:\n                //\n                // * it.m.wikipedia.org         -> it.wikipedia.org\n                // * commons.m.wikimedia.org    -> commons.wikimedia.org\n                // * donate.m.wikimedia.org     -> donate.wikimedia.org\n                // * m.wikisource.org           -> wikisource.org\n                //\n                set req.http.x-dt-host = regsub(req.http.host, \"^([a-z0-9-]+\\.)?m\\.\", \"\\1\");\n            }\n\n            if (req.url ~ \"^/api/rest_v1/\") {\n                // for Restbase, there is no difference in desktop-vs-mobile hostnames,\n                // so rewrite mobile hostnames to desktop hostnames for singular caching\n                // (this affects the Host: header, and also the url rewrite for restbase\n                // elsewhere that uses req.http.host)\n                set req.http.host = req.http.x-dt-host;\n            }\n\n            # T214998: Redirect mobile subdomain to canonical equivalent\n            if (\n                req.http.Host != req.http.x-dt-host\n            ) {\n                set req.http.Location = \"https://\" + req.http.x-dt-host + req.url;\n                unset req.http.x-dt-host;\n                # While HTTP 308 is method agnostic, it is not as widely supported.\n                # Prefer HTTP 301 on GET for wider compatibility.\n                if (req.method == \"GET\" || req.method == \"HEAD\") {\n                    return (synth(301, \"Mobile Redirect\"));\n                } else {\n                    return (synth(308, \"Mobile Redirect\"));\n                }\n            }\n        }\n\n        # normalize all /static to the same hostname for caching\n        if (req.url ~ \"^/static/\") { set req.http.host = \"en.wikipedia.beta.wmcloud.org\"; }\n\n        # normalize all /w/static.php to the same wiki host for improved caching\n        # https://wikitech.wikimedia.org/wiki/MediaWiki_at_WMF#Static_files\n        if (req.url ~ \"^/w/(skins/|resources/|extensions/|CREDITS|COPYING)\" ) {\n            set req.http.host = \"en.wikipedia.beta.wmcloud.org\";\n        }\n\n        // RESTBase redirect=false optimization: T134464\n        // RESTBase sends the same content regardless of ?redirect=false, but\n        // switches from 302 w/ Location (normal) to 200 w/o Location\n        // (?redirect=false) for wikitext redirect responses.  We can\n        // make this more efficient by doing this in Varnish and sharing\n        // the cache object (stripping the parameter and doing the\n        // transform at deliver time).\n        if (req.url ~ \"^/api/rest_v1/.*[?&]redirect=\") {\n            // extract the redirect= value to boolean for later\n            var.set(\"rb_noredir_param\", regsub(req.url, \"^.+[?&]redirect=([^&]+).*$\", \"\\1\"));\n            // Remove the redirect=X parameter from req.url to avoid cache\n            // fragmentation using two regexes to cover distinct cases:\n            // (1) Simple strip if final query arg:\n            set req.url = regsub(req.url, \"[?&]redirect=[^&]+$\", \"\");\n            // (2) When not the final arg, we need to capture the leading\n            //     [?&] to reuse with the parameter that follows:\n            set req.url = regsub(req.url, \"([?&])redirect=[^&]+&\", \"\\1\");\n        }\n\n        // Normalize Accept headers for the REST API: Ignore unless a profile is\n        // specified or this is a request for the root REST URI\n        if (req.url ~ \"^/api/rest_v1/?(\\?doc)?$\" && req.http.Accept ~ \"text/html\") {\n            set req.http.Accept = \"text/html\";\n        } else if (req.url ~ \"^/api/rest_v1/\") {\n            if (req.http.Accept !~ {\"profile=\"https://www.mediawiki.org/wiki/Specs/\"}) {\n                unset req.http.Accept;\n            } else {\n                // Only replaces the patch version if it's specified.\n                // We ignore the patch version differences to avoid additional\n                // work on guaranteed backwards compatible changes.\n                set req.http.Accept = regsub(req.http.Accept, \"([0-9]+\\.[0-9]+\\.)[0-9]+(\\\\\\x22)$\", \"\\10\\2\");\n            }\n        }\n        // Normalise the Accept-Language header for REST API requests\n        // For the time being we only take the first lang variant passed in and ignore the rest\n        if (req.url ~ \"^/api/rest_v1/\" && req.http.Accept-Language) {\n            if (req.http.Accept-Language ~ \"^[a-zA-Z]+(-[a-zA-Z]+)?\") {\n                set req.http.Accept-Language = regsub(req.http.Accept-Language, \"([a-zA-Z]+(-[a-zA-Z]+)?)(.*)$\", \"\\1\");\n            } else {\n                unset req.http.Accept-Language;\n            }\n        }\n\n        // Custom rule to block traffic coming from bots, hitting the Analytics AQS API.\n        if (req.http.User-Agent ~ \"^(python-requests|rest-client\\/2\\.1\\.0)\" && req.url ~ \"^/api/rest_v1/metrics/pageviews\") {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n    }\n\n    // Normalize paths before purging\n    // Don't decode percent-encoded slashes in paths for REST APIs\n    if (req.url ~ \"^/api/rest_v1/\" || req.url ~ \"^/w/rest\\.php/\" || req.http.host ~ \"^cxserver\\.wikimedia\\.org$\") {\n        call normalize_rest_path;\n    } else {\n        call normalize_mediawiki_path;\n    }\n}\n\nsub evaluate_cookie {\n    // For hash->lookup purposes, if there's a valid-seeming session|token\n    // cookie, replace it with the shared Cookie value \"Token=1\",\n    // otherwise remove the Cookie completely.  In either case, in\n    // vcl_(pass|miss) on the way to any backend fetch, it will be\n    // restored to the original value.\n    // Later in cluster_fe_backend_response, we'll create hit-for-pass objects for any\n    // response with Vary:Cookie and Cookie:Token=1.  This will allow\n    // logged-in users to share the anonymous users' cache for\n    // non-Vary:Cookie responses, and then share a single hit-for-pass\n    // object in a single Vary slot per object for those responses that\n    // should Vary:Cookie.\n    if (req.restarts == 0) {\n        unset req.http.X-Orig-Cookie;\n        if (req.http.Cookie) {\n            set req.http.X-Orig-Cookie = req.http.Cookie;\n            if (req.http.Cookie ~ \"([sS]ession|Token)=\") {\n                set req.http.Cookie = \"Token=1\";\n            } else {\n                unset req.http.Cookie;\n            }\n        }\n    }\n}\n\nsub pass_authorization {\n    // As a general rule, per the RFCs, shared caches shouldn't use cached\n    // responses for requests with Authorization headers (with a few\n    // notable exceptions aside).  The default vcl_recv (which text\n    // doesn't use) in varnish does this alongside its pass for Cookie.\n    // We deal with Cookies properly elsewhere.\n    //\n    // By letting Authorization reqs cache, we're breaking our own OAuth\n    // in some corner cases: https://phabricator.wikimedia.org/T105387\n    // Any browser/curl fetch of an OAuth URL without the header can\n    // cause a redirect to be cached, which then affects real fetches that\n    // have the Authorization header set, which is Bad.\n    //\n    // It's *probably* best to just pass all Authorization-headered\n    // requests in general, but on the other hand, I see a lot of random\n    // Authorization headers in our traffic that don't look like stuff\n    // we're using or want to pay attention to, and we've otherwise seemed\n    // ok on this stuff.  So for now, only (pass) on ones that seem to\n    // have OAuth data, with the same header-matching as in:\n    // https://phabricator.wikimedia.org/diffusion/EOAU/browse/master/backend/MWOAuthUtils.php;8029ef146211a1016b1f8e676944c3750f78b0eb$89\n    if (req.http.Authorization ~ \"^OAuth \") {\n        return (pass);\n    }\n}\n\nsub ua_policy_enforcement {\n    if (!req.http.X-Requestctl) {\n        set req.http.X-Requestctl = \"\";\n    }\n    // this routine mildly enforces the wikimedia foundation User-Agent policy.\n    // See https://phabricator.wikimedia.org/T400119\n    // This is not an exhaustive list of user-agents, just some of the most common offenders. We might add\n    // more entries to the list in the future if other unidentified UAs become popular.\n    if (req.http.User-Agent ~ \"(?i)^(wget|curl)\") {\n        // Check no email-ish or url-ish thing is present in the user agent. This check is crude on purpose.\n        // If none is present, rate-limit to 10 requests per ip over 10 seconds.\n        if (req.http.User-Agent !~ \"(?i)([a-z0-9.+_-]+@[a-z0-9._-]+|https?\\:\\/\\/[a-z0-9.-]+)\"\n            && vsthrottle.is_denied(\"ua_policy:library\" + req.http.X-Client-IP, 10, 10s)) {\n            set req.http.X-Requestctl = req.http.X-Requestctl + \",ua_policy:cli_tool\";\n            set req.http.Retry-After = 10;\n            return (synth(429, \"Please set a proper user-agent and respect our robot policy https://w.wiki/4wJS. See also https://phabricator.wikimedia.org/T400119\"));\n        }\n    }\n    if (req.http.User-Agent ~ \"^Wikidata Query Service\") {\n        // Check no email-ish or url-ish thing is present in the user agent. This check is crude on purpose.\n        // If none is present, rate-limit to 100 requests per ip over 10 seconds.\n        if (req.http.User-Agent !~ \"(?i)([a-z0-9.+_-]+@[a-z0-9._-]+|https?\\:\\/\\/[a-z0-9.-]+)\"\n            && vsthrottle.is_denied(\"ua_policy:wdqs\" + req.http.X-Client-IP, 50, 10s)) {\n            set req.http.X-Requestctl = req.http.X-Requestctl + \",ua_policy:wdqs\";\n            set req.http.Retry-After = 10;\n            return (synth(429, \"Please set a proper user-agent and respect our robot policy https://w.wiki/4wJS. See also https://phabricator.wikimedia.org/T400119\"));\n        }\n    }\n}\n\nsub cluster_fe_recv {\n    // Bypass the backend caching layer for ESI requests\n    if (req.url == \"/esitest-fa8a495983347898/content\") {\n        set req.backend_hint = esi_backend;\n    }\n    // 421 for bad H/2 coalesce (wikimedia-frontend handles synth)\n    if (req.http.Host == \"upload.wikimedia.beta.wmcloud.org\"\n        || req.http.Host == \"maps.wikimedia.beta.wmcloud.org\"\n        || req.http.Host ~ \"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$\") {\n        return (synth(421, \"Misdirected Request\"));\n    }\n    # Deprecated urls defined in requestctl. These apply to all requests.\n\n    if (req.http.Host ~ \"^(www\\.)?wikimediafoundation\\.org$\") {\n        set req.http.Location = \"https://foundation.wikimedia.org\" + req.url;\n        return (synth(302, \"Foundation Wiki Moved\"));\n    }\n\n    call mobile_redirect;\n\n    // shortener URLs can be validated and restricted here\n    if (req.http.host == \"w.beta.wmcloud.org\") {\n        // Only allow GET/HEAD to the shortener\n        if (req.method != \"GET\" && req.method != \"HEAD\") {\n            return (synth(405, \"Method not allowed\"));\n        }\n        // Strip query args: we don't use them, but others may send junk which would hurt caching\n        set req.url = regsub(req.url, \"\\?.*$\", \"\");\n        // Validate that we're only handling true short URLs, as\n        // otherwise there are potentially holes by which unrelated\n        // metawiki URLs can be accessed via w.wiki after the rewrite in\n        // text-backend.\n        if (req.url !~ \"^/_?[23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz$]*$\") {\n            return (synth(404, \"Short URL Not Found\"));\n        }\n    }\n\n    // https://phabricator.wikimedia.org/T407122\n    if (\n        req.url ~ \"^/w/rest.php/site/v1/sitemap/\"\n        && req.http.X-Trusted-Request !~ \"^[ABC]$\"\n    ) {\n        return (synth(403, \"Sitemap Restricted\"));\n    }\n\n    // Requests with an X-Wikimedia-Debug header get special treatment in lower layers so\n    // mustn't be served from cache. See https://wikitech.wikimedia.org/wiki/WikimediaDebug\n    // We also allow an X-Wikimedia-Debug cookie for debugging in clients which can't easily\n    // set headers (T350094), and normalize it here to reduce the amount of code that needs\n    // both cookie handling and header handling logic.\n    if (req.http.Cookie ~ \"(^|;\\s*)X-Wikimedia-Debug=\") {\n        set req.http.X-Wikimedia-Debug = regsuball(regsuball(\n            regsub(\n                req.http.Cookie,\n                \"^(?:.*;\\s*)?X-Wikimedia-Debug=([^;]*).*$\",\n                \"\\1\"\n            ),\n        \"%3D\", \"=\"), \"%3B\", \";\");\n    }\n    if (req.http.X-Wikimedia-Debug) {\n        return (pass);\n    }\n\n    if (req.method != \"GET\" && req.method != \"HEAD\") {\n        return (pass);\n    }\n\n    call evaluate_cookie;\n    call pass_authorization;\n}\n\nsub cluster_fe_recv_tail { }\n\nsub cluster_fe_hash { }\n\nsub cluster_fe_ratelimit {\n    // Add the requestctl header if it wasn't set in the previous layer\n    if (!req.http.X-Requestctl) {\n        set req.http.X-Requestctl = \"\";\n    }\n\n    // Safeguard: default x-trusted-request if absent.\n    if (!req.http.X-Trusted-Request) {\n        set req.http.X-Trusted-Request = \"E\";\n    }\n\n    if (req.http.X-Trusted-Request == \"A\") {\n        // Trusted requests. no rate-limit.\n    } else {\n        // Unidentified requests. These are either browser-like requests that are not authenticated, or bots that do not respect our robot policy,\n        // or again requests from abusive networks.\n\n        // All requests need to honor our ua policy\n        call ua_policy_enforcement;\n\n        // Browser detection\n        // TODO: exclude things that are in category \"other\", and consider those non-compliant bots\n        if (req.restarts == 0) {\n            call detect_browser;\n        }\n    }\n\n    if (req.http.User-Agent ~ \"^varnishTest\") {\n        if (vsthrottle.is_denied(\"varnishTest:\" + req.http.X-Client-IP, 25, 5s)) {\n            return (synth(429, \"Too Many Requests\"));\n        }\n    }\n}\n\nsub cluster_fe_hit {\n    call cluster_fe_ratelimit_hit;\n}\nsub cluster_fe_ratelimit_hit {\n    // Add the requestctl header if it wasn't set in the previous layer\n    if (!req.http.X-Requestctl) {\n        set req.http.X-Requestctl = \"\";\n    }\n\n    // Safeguard: default x-trusted-request if absent.\n    if (!req.http.X-Trusted-Request) {\n        set req.http.X-Trusted-Request = \"E\";\n    }\n    if (req.http.X-Trusted-Request == \"A\") {\n        // Trusted requests. no rate-limit.\n    } else {\n        // All requests need to honor our ua policy.\n        call ua_policy_enforcement;\n\n        // Browser detection\n        if (req.restarts == 0) {\n            call detect_browser;\n        }\n        // TODO: do we want to add a limit to requests with a low X-Is-Browser score?\n    }\n}\n\nsub cluster_fe_miss {\n    call cluster_fe_ratelimit;\n}\n\nsub cluster_fe_pass {\n    // Bypass the backend caching layer for ESI requests\n    // This needs to exist cause wikimedia-frontend VCL overrides\n    // the backend hint for pass requests when pass_random = true\n    if (req.url == \"/esitest-fa8a495983347898/content\") {\n        set req.backend_hint = esi_backend;\n    }\n    call cluster_fe_ratelimit;\n}\n\nsub cluster_fe_backend_fetch {\n    // Restore the original Cookie header for upstream\n    // Assumes client header X-Orig-Cookie has been filtered!\n    if (bereq.http.X-Orig-Cookie) {\n        set bereq.http.Cookie = bereq.http.X-Orig-Cookie;\n        unset bereq.http.X-Orig-Cookie;\n    }\n\n    // Tell Envoy to enable distributed tracing for all file upload requests that hit the appservers.\n    if (bereq.url ~ \"^/w/api\\.php/.*[?&]action=upload\" && bereq.http.X-Request-Id) {\n        set bereq.http.X-Client-Trace-Id = bereq.http.X-Request-Id;\n    }\n}\n\nsub cluster_fe_backend_response_early {\n    // Re-do the same changes as evalute_cookie above, but on the bereq\n    // Cookie header and without bothering to save originals.  The reason we\n    // have to do this very late in the game here is that Varnish 4 uses\n    // bereq.http.Cookie to set the cache storage Vary:Cookie slot for a\n    // fetched object shortly after vcl_backend_response.  Under Varnish3\n    // when all this session-cookie related VCL was developed, the vary slot\n    // was being set from req.http.Cookie.\n    // Note this must happen in the \"backend_response_early\" hook before the\n    // global common VCL tries to create generic hit-for-pass objects for\n    // TTL<=0, or else the Vary-slotting will be wrong there!\n    if (bereq.http.Cookie ~ \"([sS]ession|Token)=\") {\n        set bereq.http.Cookie = \"Token=1\";\n    } else {\n        unset bereq.http.Cookie;\n    }\n\n    if (bereq.url ~ \"^/esitest-fa8a495983347898/includer\" || (bereq.url ~ \"^/wiki/\" && beresp.http.content-type ~ \"^text/html\")) {\n        set beresp.do_esi = true;\n    }\n}\n\n// cluster_fe_backend_response won't be called if an HFP is issued on wm_backend_response\nsub cluster_fe_backend_response {\n    // set a 607s hit-for-pass object based on response conditions in vcl_backend_response:\n    //    Token=1 + Vary:Cookie:\n    //    All requests with real login session|token cookies share the\n    //    Cookie:Token=1 value for Vary purposes.  This allows them to\n    //    share a single hit-for-pass object here if the response\n    //    shouldn't be shared between users (Vary:Cookie).\n    if (\n        bereq.http.Cookie == \"Token=1\"\n        && beresp.http.Vary ~ \"(?i)(^|,)\\s*Cookie\\s*(,|$)\"\n    ) {\n        set beresp.grace = 31s;\n        set beresp.keep = 0s;\n        set beresp.http.X-CDIS = \"pass\";\n        // HFP\n        return(pass(607s));\n    }\n}\n\nsub cluster_fe_deliver {\n    # Other half of RESTBase redirect=false optimization (see cluster_fe_recv_pre_purge)\n    if (var.get(\"rb_noredir_param\") ~ \"(?i)^(false|no|0)$\") {\n        std.log(\"noredir: 1\");\n        if (resp.status == 302) {\n            unset resp.http.Location;\n            set resp.status = 200;\n            set resp.reason = \"OK\";\n        } elsif (resp.status == 301) {\n            // preserve the original client redirect preference on title redirects\n            if (resp.http.Location ~ \"[?]\") {\n                if (resp.http.Location !~ \"[?&]redirect=\") {\n                    set resp.http.Location = resp.http.Location + \"&redirect=false\";\n                }\n            } else {\n                set resp.http.Location = resp.http.Location + \"?redirect=false\";\n            }\n        }\n    }\n\n    // Strip s-maxage Cache-Control of wiki pages. The s-maxage still applies to Varnish (sent\n    // by MediaWiki $wgUseCdn, sends purges internally). But pages musn't be cached elsewhere.\n    // NOTE: Language variants URLs are not currently covered by these regexps.\n    // Instead of writing regexps for every edge-case, we should impose some order and coherence\n    // on our URL routing schemes.\n    // NOTE: Only apply to pages. Don't steal cachability of api.php, load.php, etc. (T102898, T113007)\n\n    if (req.url ~ \"^/wiki/\" || req.url ~ \"^/w/index\\.php\" || req.url ~ \"^/\\?title=\") {\n        // ...but exempt CentralNotice banner special pages\n        if (req.url !~ \"^/(wiki/|(w/index\\.php)?\\?title=)Special:Banner\") {\n            set resp.http.Cache-Control = \"private, s-maxage=0, max-age=0, must-revalidate, no-transform\";\n        }\n    }\n\n    // T403866, T390929: The local browser cache must vary by User-Agent.\n    // Browsers rarely changes this during a session, except via the\n    // \"Request desktop site\" and \"Request mobile site\" buttons, which otherwise\n    // reload the page with If-Modified-Since and use our HTTP 304 response\n    // to display the same cached version again, instead of switching.\n    if (req.url ~ \"^/wiki/\" || req.url ~ \"^/w/index\\.php\" || req.url ~ \"^/w/api\\.php\" || req.url ~ \"^/w/load\\.php\") {\n        if (!resp.http.Vary) {\n            set resp.http.Vary = \"User-Agent\";\n        } else if (resp.http.Vary !~ \"(?i)\\bUser-Agent\\b\") {\n            set resp.http.Vary = resp.http.Vary + \",User-Agent\";\n        }\n    }\n\n    // Age experiment for load.php T105657\n    if (req.url ~ \"^/w/load\\.php\" ) {\n        set resp.http.Age = 0;\n    }\n\n    // Perform GeoIP look-up and send the result as a session cookie\n    if (req.http.X-Orig-Cookie !~ \"(^|;\\s*)GeoIP=[^;]\"\n        && req.http.Cookie !~ \"(^|;\\s*)GeoIP=[^;]\") {\n        call geoip_cookie;\n    }\n    // Fix old IPv6 no-data cookies\n    else if (req.http.X-Orig-Cookie ~ \"(^|;\\s*)GeoIP=:::::v6\"\n        || req.http.Cookie ~ \"(^|;\\s*)GeoIP=:::::v6\") {\n        call geoip_cookie;\n    }\n\n    // NetworkProbeLimit Cookie (T335637)\n    // Overrides the default network probe limit value\n    // Current default value is 0.001 (0.1%)\n    // Set NetworkProbeLimit to 0 to stop all probes\n    if (req.http.X-Orig-Cookie !~ \"(^|;)\\s*NetworkProbeLimit=0\\.001\\s*(;|$)\"\n        && req.http.Cookie !~ \"(^|;)\\s*NetworkProbeLimit=0\\.001\\s*(;|$)\") {\n        header.append(resp.http.Set-Cookie,\n            \"NetworkProbeLimit=0.001;\"\n            + \"Path=/;\"\n            + \"Secure;\"\n            + \"SameSite=None;\"\n            + \"Max-Age=3600\"\n            );\n    }\n}\n\nsub cluster_fe_err_synth {\n    if (resp.reason == \"Mobile Redirect\") {\n        set resp.reason = \"Found\";\n        set resp.http.Location = req.http.Location;\n        set resp.http.Connection = \"keep-alive\";\n        set resp.http.Content-Length = \"0\"; // T64245\n        set resp.http.Access-Control-Allow-Origin = \"*\"; // T229385: Allow client-side JS to follow this redirect\n    }\n\n    if (resp.reason == \"Donate Redirect\") {\n        set resp.reason = \"Found\";\n        set resp.http.Location = req.http.Location;\n        set resp.http.Connection = \"keep-alive\";\n        set resp.http.Content-Length = \"0\"; // T64245\n    }\n\n    if (resp.reason == \"Foundation Wiki Moved\") {\n        set resp.reason = \"Found\";\n        set resp.http.Location = req.http.Location;\n        set resp.http.Connection = \"keep-alive\";\n        set resp.http.Content-Length = \"0\"; // T64245\n    }\n\n    // Set a generic Retry-After of 1 for any response matching the string.\n    // If we have a request Retry-After header (added by requestctl)\n    // we will use its value instead.\n    if (resp.reason ~ \"^Too Many Requests\") {\n        set resp.http.Retry-After = 1;\n    }\n}\n# vim: set expandtab tabstop=4 shiftwidth=4:\n"}},{"type":"File","title":"/etc/varnish/wikimedia_misc-frontend.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"// common frontend code for all clusters\n\nvcl 4.1;\n\n\nimport std;\n# this is needed by geoip.inc.vcl, and in general is the only way to sanely do\n# Set-Cookie in the face of multiple independent cookies being set from\n# different code.\nimport header;\n\nimport cookie;\nimport directors;\nimport netmapper;\nimport querysort;  // T138093\nimport var;\nimport wmfuniq;\n\n// rate limiting\nimport vsthrottle;\n\n\ninclude \"analytics.inc.vcl\";\ninclude \"alternate-domains.inc.vcl\";\ninclude \"browsersec.inc.vcl\";\ninclude \"errorpage.inc.vcl\";\ninclude \"translation-engine.inc.vcl\";\n\n# ACLs\n\nacl local_host {\n       \"127.0.0.1\";\n}\n\nacl local_tls_terminator {\n       \"172.16.3.164\"; // note this matches nginx proxy_pass for TLS\n       \"0.0.0.0\"; // this matches incoming traffic via UDS\n}\n\nacl UDS {\n       \"0.0.0.0\";\n}\n\n// external trusted proxies aren't allowed to set XCIP (via XFF) to wikimedia_nets,\n// and this ACL is also used to skip ratelimiting of most requests\nacl wikimedia_nets {\n       \"172.16.0.0\"/12;\n       \"127.0.0.0\"/8;\n       \"::1\"/128;\n       \"172.16.0.0\"/12;\n       // The following IP addresses are AWS Elastic IPs used by the\n       // Wikimedia Enterprise project to bulk scrape content and query APIs.\n       // They are added to wikimedia_nets in order to skip most of our CDN's\n       // rate limiting, including being unaffected by requestctl.\n       \"3.23.12.83\"/32;     // T255524\n       \"3.211.48.168\"/32;   // T294798\n       \"44.206.140.241\"/32; // T370294\n       \"35.168.168.219\"/32; // T370294\n       \"35.172.30.169\"/32;  // T370294\n       \"3.222.74.115\"/32;   // T370294\n}\n\n// Only wikimedia_trust can fake X-F-P\nacl wikimedia_trust {\n       \"172.16.0.0\"/12;\n       \"127.0.0.0\"/8;\n       \"::1\"/128;\n}\n\n/* Include the VCL file for this role */\ninclude \"misc-frontend.inc.vcl\";\n\n# Backend probes\n\n# frontends in front of ATS backend instances should send probes that don't\n# depend on the app backend\nprobe varnish {\n    .request =\n        \"GET /ats-be HTTP/1.1\"\n        \"Host: healthcheck.wikimedia.org\"\n        \"User-agent: Varnish backend check\"\n        \"Connection: close\";\n    .timeout = 100ms;\n    .interval = 100ms;\n    .window = 5;\n    .threshold = 3;\n}\n\n\n\n\n# Generated list of cache backend hosts for director consumption\n\nbackend be_deployment_cache_text08_deployment_prep_eqiad1_wikimedia_cloud {\n    .host = \"deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud\";\n    .port = \"3128\";\n    .connect_timeout = 3s;\n    .first_byte_timeout = 65s;\n    .between_bytes_timeout = 33s;\n    .max_connections = 5000;\n    .probe = varnish;\n}\n\n\n\n// ** Engineer public cloud flows\n// by default rate limit but if public_clouds_shutdown is set block\nsub shutdown_public_clouds {\n}\n\n// *** HTTPS deliver code - domain-based HSTS headers\nsub https_deliver_hsts {\n    if (req.http.X-Forwarded-Proto == \"https\") {\n        if (req.http.Host ~ \"((^|\\.)(wikipedia\\.org|wikimedia\\.org|wikibooks\\.org|wikinews\\.org|wikiquote\\.org|wikisource\\.org|wikiversity\\.org|wikivoyage\\.org|wikidata\\.org|wikimediafoundation\\.org|wikiworkshop\\.org|wiktionary\\.org|mediawiki\\.org|wmfusercontent\\.org|w\\.wiki))$\") {\n            set resp.http.Strict-Transport-Security = \"max-age=106384710; includeSubDomains; preload\";\n        }\n    }\n}\n\n// *** HTTPS deliver code - domain-based W3C Reporting API / Network Error Logging headers\n// https://phabricator.wikimedia.org/T257527\n// c.f. https://www.w3.org/TR/network-error-logging/ and https://w3c.github.io/reporting/\nsub https_deliver_networkerrorlogging {\n    // User agents only accept these headers via HTTPS.\n    if (req.http.X-Forwarded-Proto == \"https\") {\n        // Don't serve NEL response headers if users somehow wind up routed for us for domains that aren't ours.\n        // (See also normalize_request's Host header processing.)\n        if (req.http.Host != \"invalid\") {\n            // The values of these headers are JSON, but you must be careful to *not* embed `{\"` or `\"}`\n            // in the JSON itself, as those bigrams are VCL long-string delimiters.  One way to mangle JSON\n            // in the needed fashion is with the following Python snippet:\n            //     report_to = dict(group='wm_nel', max_age=604800, endpoints=[dict(url='https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0')])\n            //     print(json.dumps(report_to).replace('{\"', '{ \"').replace('\"}', '\" }'))\n            // VTC string literals can similarly be obtained with:\n            //     print(json.dumps(report_to).replace('{\"', '{ \"').replace('\"}', '\" }').replace('\"', '\\\\\"'))\n            set resp.http.Report-To = {\"{ \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\"};\n            //     nel=dict(report_to='wm_nel', max_age=604800, failure_fraction=0.05, success_fraction=0.0)\n            if (req.http.Host ~ \"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$\") {\n                // Set 'success_fraction' to 1.0 for measurement domains\n                // See https://phabricator.wikimedia.org/T334608\n                set resp.http.NEL = {\"{ \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 1.0}\"};\n            } else {\n                // Set 'success_fraction' to 0.0 for all other domains\n                set resp.http.NEL = {\"{ \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\"};\n            }\n            // The failure_fraction was guesstimated based on group0's reporting ratio: https://phabricator.wikimedia.org/T257527#6489683\n        }\n    }\n}\n\n// *** X-Connection-Properties parsing recv code\nsub log_xcps_info {\n    // Sanity-check the overall format defined by the config of HAProxy\n    if (req.http.X-Connection-Properties !~ \"^H2=[01]; SSR=[012]; SSL=[^; ]+; C=[^; ]+; EC=[^; ]+; KA=[^; ]+;$\") {\n        set req.http.x-tls-prot = \"invalid\";\n        set req.http.x-tls-sess = \"invalid\";\n        set req.http.x-tls-vers = \"invalid\";\n        set req.http.x-tls-keyx = \"invalid\";\n        set req.http.x-tls-auth = \"invalid\";\n        set req.http.x-tls-ciph = \"invalid\";\n    } else {\n        set req.http.x-tls-prot = regsub(req.http.X-Connection-Properties, \"^H2=([01]);.*\", \"\\1\");\n        if (req.http.x-tls-prot == \"1\") {\n            set req.http.x-tls-prot = \"h2\";\n        } else {\n            set req.http.x-tls-prot = \"h1\";\n        }\n\n        set req.http.x-tls-sess = regsub(req.http.X-Connection-Properties, \".* SSR=([012]);.*\", \"\\1\");\n        if (req.http.x-tls-sess == \"1\") {\n            set req.http.x-tls-sess = \"reused\";\n        } elsif (req.http.x-tls-sess == \"2\") {\n            set req.http.x-tls-sess = \"unknown\";\n        } else {\n            set req.http.x-tls-sess = \"new\";\n        }\n\n        set req.http.x-tls-vers = regsub(req.http.X-Connection-Properties, \".* SSL=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-keyx = regsub(req.http.X-Connection-Properties, \".* EC=([^; ]+);.*\", \"\\1\");\n\n        set req.http.x-tls-auth = regsub(req.http.X-Connection-Properties, \".* KA=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-ciph = regsub(req.http.X-Connection-Properties, \".* C=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^(ECDHE-(ECDSA|RSA)|DHE-RSA)-\", \"\");\n\n        // Starting with TLSv1.3, CHACHA20-POLY1305 will be renamed into\n        // CHACHA20-POLY1305-SHA256. Do the renaming now in VCL to avoid stats skew\n        // later on.\n        set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^CHACHA20-POLY1305$\", \"CHACHA20-POLY1305-SHA256\");\n        if (req.http.x-tls-vers == \"TLSv1.3\") {\n            // Every TLSv1.3 cipher begins with TLS_\n            set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^TLS_\", \"\");\n            // TLSv1.3 uses _ instead of - as a separator\n            set req.http.x-tls-ciph = regsuball(req.http.x-tls-ciph, \"_\", \"-\");\n        }\n    }\n\n    // Condensed form logged as \"tls\" for TLS analytics via varnishkafka webrequest\n    std.log(\"tls: vers=\" + req.http.x-tls-vers\n        + \";keyx=\" + req.http.x-tls-keyx\n        + \";auth=\" + req.http.x-tls-auth\n        + \";ciph=\" + req.http.x-tls-ciph\n        + \";prot=\" + req.http.x-tls-prot\n        + \";sess=\" + req.http.x-tls-sess);\n\n    // Keep these in the test VCL version to ease testing\n    unset req.http.x-tls-prot;\n    unset req.http.x-tls-vers;\n    unset req.http.x-tls-sess;\n    unset req.http.x-tls-keyx;\n    unset req.http.x-tls-auth;\n    unset req.http.x-tls-ciph;\n}\n\n\nsub normalize_request {\n    // We shouldn't even legally be receiving proxy-style requests, as\n    // we're not a proxy from any client's point of view. Just in\n    // case, we support it anyways according to RFC7230 rules: we\n    // ignore any Host header sent along with it and set a new Host\n    // header based on the host part we strip from the abs URI. ref:\n    // http://tools.ietf.org/html/rfc7230#section-5.4 Host\n    // normalization (lowercase, port stripping, trailing dots) is\n    // done in HAProxy See T392880 for details\n    if(req.url ~ \"(?i)^https?://[^/]\") {\n        # this strips away 'user:pass@' and ':port' when copying from URI to Host:\n        set req.http.Host = regsub(req.url, \"(?i)^https?://(.*@)?([^/:]+).*$\", \"\\2\");\n        set req.url = regsub(req.url, \"(?i)^https?://[^/]+/?\", \"/\");\n    }\n\n    // Check that host header looks reasonably-legitimate/parseable now\n    if (req.http.Host ~ \"^[a-z0-9][-a-z0-9]*(\\.[a-z0-9][-a-z0-9]*)*\\.?$\") {\n        // Strip optional trailing terminal dot if present\n        set req.http.Host = regsub(req.http.Host, \"\\.$\", \"\");\n    } else {\n        set req.http.Host = \"invalid\";\n        // Unparseable / empty Host header\n        return (synth(400, \"Invalid Host header\"));\n    }\n    // Enforce RFC 9112 request-target definition:\n    // at this point after absolute-form requests being transformed to\n    // origin-form ones, we should only have a request-target matching\n    // either origin-form or asterisk-form. See T318676 for more details\n    if(req.url !~ \"^(/|\\*$)\") {\n        return (synth(400, \"Invalid request URL\"));\n    }\n    # save the original host header to be able to set cookies accordingly\n    set req.http.X-Cookie-Host = req.http.Host;\n\n    if (req.http.Accept-Language) {\n        set req.http.Accept-Language = std.tolower(req.http.Accept-Language);\n    }\n\n    // Check that the normalized hostname actually matches our SAN set from\n    // the Unified multi/wildcard certificate we use for prod cache cluster\n    // termination.  This won't eliminate every bad hostname down at the\n    // applayer (e.g. nosuchlanguage.wikimedia.org), but it does precisely\n    // match the wildcarding of the certificate itself and greatly limits\n    // the potential bad cases.\n    // --\n    // RFC 2616 Section 5.2 notes that 400 responses are also required\n    // if the hostname isn't one we recognize as legit *on the server*,\n    // meaning our own list of hostnames:\n    // \"3. If the host as determined by rule 1 or 2 is not a valid host on\n    // the server, the response MUST be a 400 (Bad Request) error message.\"\n    // RFC 723x is less-clear on this case, but this is still a reasonable\n    // stance.  There are reasonable reasons that 404, 410, 421 and others\n    // are inappropriate if we receive a request accidentally for some\n    // legitimate domainname on the Internet which doesn't belong to us.\n    // --\n    // This regex exactly matches the canonical domains SAN list used in\n    // our Unified certificates, according to the normal SAN rules where a\n    // wildcard only matches a single DNS label.  It's encoded here as a\n    // VCL Long String with delimiters {\"\"} containing a PCRE regex with\n    // the x-flag to allow expansion with whitespace, newlines, and\n    // comments for clarity:\n\n}\n\n// Must be done at the top of vcl_recv, in our varnish-frontend layer only,\n// and should be guarded against running on request restarts.\nsub recv_fe_ip_processing {\n    // this subroutine \"owns\" these 3 headers - nothing else in our VCL or\n    // anywhere in our network should be setting them.\n    unset req.http.X-Trusted-Proxy;\n    unset req.http.X-Abuse-Network;\n\n    // unset this one just because it's well-known and some default\n    // software configs may look at it, and an external client may spoof\n    // it. We don't set or use this header internally (we use X-Client-IP)\n    unset req.http.X-Real-IP;\n\n    // if X-JWT-Sub is present, save its value in a variable\n    if (req.http.X-JWT-Sub) {\n        var.set(\"jwt_sub\", req.http.X-JWT-Sub);\n        unset req.http.X-JWT-Sub;\n    }\n\n    // unset X-Requestctl if its value is the default value in HAProxy\n    if (req.http.X-Requestctl == \" \") {\n        unset req.http.X-Requestctl;\n    }\n\n    // Unset the incoming *request* header Retry-After. This should be handled\n    // by the VCL fragments coming from requestctl and not be in the request.\n    unset req.http.Retry-After;\n\n    if (client.ip !~ local_host && remote.ip !~ local_tls_terminator) {\n        // only the local nginx TLS terminator should set these at all -\n        // there are no other internal exceptions to that rule\n        unset req.http.X-Client-IP;\n        unset req.http.X-Connection-Properties;\n    }\n\n    if (local.ip ~ UDS && remote.ip ~ UDS) {\n        if (client.ip ~ UDS) {\n            // If the client request is received via UDS without PROXY protocol 0.0.0.0 is added to XFF\n            set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For, \"0.0.0.0$\", \"172.16.3.164\");\n        } else {\n            // If UDS is used along with PROXY protocol we need to append the varnish IP to keep the applayer happy\n            set req.http.X-Forwarded-For = req.http.X-Forwarded-For + \", \" + \"172.16.3.164\";\n        }\n    }\n\n    // To make further parsing/sanitizing simpler, convert all whitespace\n    // in XFF to single spaces, and make sure all commas have a space\n    // suffix but no space prefix.\n    set req.http.X-Forwarded-For = regsuball(req.http.X-Forwarded-For, \"[ \\t]+\", \" \");\n    set req.http.X-Forwarded-For = regsuball(req.http.X-Forwarded-For, \" ?, ?\", \", \");\n\n    // Now fully-sanitize it to only the strict form \"X(, X)*\", where X is\n    // a string of legal characters in IPv[46] addresses.  Note\n    // that injections can still leave well-formed junk on the\n    // left, but it's up to the trusted proxy code to ignore that,\n    // e.g.:\n    // \"junk2, 123.123.123.123\" -> \"2, 123.123.123.123\"\n    set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For,\n        \"^.*?([0-9A-Fa-f:.]+(, [0-9A-Fa-f:.]+)*)? ?$\", \"\\1\");\n\n    // There are two possible cases here: either nginx acted as our TLS\n    // proxy and already set X-Client-IP (as well as appended the same value\n    // to XFF, and we appended nginx's IP to XFF already as well...), or the\n    // traffic was direct to varnish-fe, in which case XCIP is not yet set\n    // and XFF is external + our addition of client.ip.\n\n    if (!req.http.X-Client-IP) {\n        unset req.http.via-nginx;\n        set req.http.X-Client-IP = client.ip;\n        if (!req.http.X-Client-IP) {\n            // apparently sometimes the above doesn't set it???  use\n            // illegal RFC 5735 documentation network to avoid\n            // sending NULL to netmapper-1.3 for now\n            set req.http.X-Client-IP = \"192.0.2.1\";\n        }\n    } else {\n        set req.http.via-nginx = 1;\n    }\n\n    // From this (very early) point forward, regardless of cache tier/layer:\n    // req.http.X-Client-IP ->\n    //     This is our standard notion of the Client/UA's real IP, after\n    //     decoding XFF for our internal infrastructure addresses as well\n    //     as any trusted proxies.\n}\n\nsub vcl_init {\n# directors\n    new cache_local = directors.shard();\n    new cache_local_random = directors.random();\n    cache_local.add_backend(be_deployment_cache_text08_deployment_prep_eqiad1_wikimedia_cloud);\n    cache_local_random.add_backend(be_deployment_cache_text08_deployment_prep_eqiad1_wikimedia_cloud, 100);\n    cache_local.reconfigure();\n\n    call wm_domains_init;\n\n      new wu_cfg = wmfuniq.cfg(\"/etc/varnish/uniques.d/keys.cfg\",\n          \"/etc/varnish/uniques.json\",\n          30,\n          0\n      );\n}\n\nsub normalize_request_nonmisc {\n    // Sort query parameters to improve cache efficiency.\n    // See <https://wikitech.wikimedia.org/wiki/Query_string_normalization>.\n    set req.url = querysort.querysort(req.url);\n}\n\nsub wm_recv_pass {\n\n    if (req.http.host == \"config-master.wikimedia.beta.wmcloud.org\") {\n        return (pass);\n    } elsif (req.http.host == \"stream.wikimedia.beta.wmcloud.org\") {\n        if (req.url ~ \"^/v2/stream/.+\") {\n             return (pipe);\n        }\n    } elsif (req.http.host == \"stream.wikimedia.beta.wmflabs.org\") {\n        if (req.url ~ \"^/v2/stream/.+\") {\n             return (pipe);\n        }\n    }\n}\n\nsub uniques_recv {\n    // Wipe req-header names that might come directly from the client,\n    // which this VCL code claims as its own territory\n    unset req.http.X-WUVAL;\n    if (req.http.Cookie) {\n        // Normalize cookie name case before vmod_cookie processing,\n        // allowing for whitespace variance. vmod_cookie is case-sensitive,\n        // and while that is correct by modern RFCs, ancient ones\n        // explicitly said the names were case-insensitive, and there's\n        // some evidence that there are case-insensitive impls out in the\n        // wild, and generally Postel should apply here.\n        set req.http.Cookie = regsub(req.http.Cookie, \"(?i)(^|;)\\s*WMF-Uniq\\s*=\", \"\\1WMF-Uniq=\");\n        cookie.parse(req.http.Cookie);\n        if (cookie.isset(\"WMF-Uniq\")) {\n            set req.http.X-WUVAL = cookie.get(\"WMF-Uniq\");\n            cookie.delete(\"WMF-Uniq\");\n            set req.http.Cookie = cookie.get_string();\n            if (req.http.Cookie == \"\") {\n                unset req.http.Cookie;\n            }\n        }\n    }\n    // Must call process_cookie() on every request, which will generate a\n    // fresh one if WUVAL is empty/unset/invalid\n    wu_cfg.process_cookie(req.http.X-WUVAL, req.url ~ \"^/evt-103e/v2/events\");\n    // delete the temp header to avoid leaks\n    unset req.http.X-WUVAL;\n\n    // Pass some summarized info to the Data Lake.\n    if (wu_cfg.get_cookie_count() > 0) {\n        // We received a cookie from the client, it was valid, and it has been signed by us at least once.\n        // cday_age will be zero from the moment of creation, until the next fixed \"day\" boundary on the wallclock\n        // (so anywhere from 0-86400 seconds), then will roll over to 1 at our pseudo-midnight boundary.\n        var.set_int(\"wmfuniq_days\", 1 + wu_cfg.get_cookie_cday_age()); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_weeks\", 1 + (wu_cfg.get_cookie_cday_age() / 7)); // avoid 0 weeks for 1-6 days old cookies\n        var.set_int(\"wmfuniq_freq\", (wu_cfg.get_cookie_count() * 100 / var.get_int(\"wmfuniq_weeks\")) / 10); // rough (weeks with visits)/weeks, scaled by 10 to avoid fractions\n        var.set(\"ratelimit_id\", wu_cfg.get_cookie_uniq()); // used for rate-limiting\n        // Cap the max ages we report.  This improves privacy.\n        if (var.get_int(\"wmfuniq_days\") > 8) {\n            var.set_int(\"wmfuniq_days\", 8);\n        }\n        if (var.get_int(\"wmfuniq_weeks\") > 52) {\n            var.set_int(\"wmfuniq_weeks\", 52);\n        }\n    } else {\n        // Freshly-generated cookie.\n        var.set_int(\"wmfuniq_days\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_weeks\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_freq\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set(\"ratelimit_id\", req.http.X-Client-IP); // used for rate-limiting\n    }\n\n    // Send the cache-variance for enrolled tests towards normal backends, but\n    // send the \"event\" string containing per-experiment IDs when the backend\n    // is going to be eventgate analytics ingestion.\n    if (req.url ~ \"^/evt-103e/v2/events\") {\n        if (wu_cfg.get_cookie_count() > 0) {\n            set req.http.X-Experiment-Enrollments = wu_cfg.get_abtests_event();\n        } else {\n            set req.http.X-Experiment-Enrollments = \"\";\n        }\n    } else {\n        set req.http.X-Experiment-Enrollments = wu_cfg.get_abtests_vary();\n    }\n    if (req.http.X-Experiment-Enrollments == \"\") {\n        unset req.http.X-Experiment-Enrollments;\n        // Prevent requests with empty X-E-E from reaching the beacon endpoint\n        if (req.url ~ \"^/evt-103e/v2/events\") {\n            return (synth(204, \"\"));\n        }\n    }\n}\n\nsub vcl_recv {\n\n    // no injection from outside our stack allowed for these\n    unset req.http.X-DCPath;\n    unset req.http.X-Next-Is-Cache;\n    unset req.http.Proxy; // https://httpoxy.org/\n    unset req.http.X-ATS-Debug; // We use this header for the XDebug Traffic Server plugin\n\n    if (req.restarts == 0) {\n        // IP processing is req->req mangling that shouldn't be re-done on restart\n        call recv_fe_ip_processing;\n\n        // Parse X-Connection-Properties and log TLS/HTTP2 connection\n        // information, which is sent via varnishkafka to Analytics.\n        // If we don't do this super-early, some rejected/invalid\n        // requests from early checks won't have any TLS analytics,\n        // which is very confusing and looks like plain-HTTP.\n        if (req.http.X-Connection-Properties) {\n            call log_xcps_info;\n        }\n\n        // Block requests from IPs in blocked_nets. It is important to do this\n        // early but after recv_fe_ip_processing has been called, as the procedure\n        // takes care of writing X-Client-IP if it the request did not come\n        // through the TLS terminator\n        if (req.http.X-Provenance ~ \"^abuse=blocked_nets\") {\n            return (synth(403, \"Requests from your IP have been blocked, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.\"));\n        }\n\n        // Block requests from common bot User-Agents that originate from bot_blocked_nets.\n        // For now, we define our list of common bot UAs as just one that has often been\n        // associated with trouble in the past, plus the blank or empty UA.\n        if (req.http.X-Provenance ~ \"^abuse=bot_blocked_nets\" && (!req.http.User-Agent || req.http.User-Agent ~ \"^(python-requests|Go-http-client/2.0|CInetHttp/1.0)\")) {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n        // Block POST requests from bot User-Agents which originate from bot_posts_blocked_nets.\n        // For now, we define our list of common bot UAs as just one that has often been\n        // associated with trouble in the past, plus the blank or empty UA.\n        // 'PostmanRuntime/' and variants come from https://phabricator.wikimedia.org/T272330\n        if (req.method == \"POST\" && req.http.X-Provenance ~ \"^abuse=bot_posts_blocked_nets\" && (!req.http.User-Agent || req.http.User-Agent ~ \"^([PRK]ostmanRuntime/)\")) {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n        if (req.http.User-Agent == \"node-fetch/1.0 (+https://github.com/bitinn/node-fetch)\" && vsthrottle.is_denied(\"node-fetch:\" + req.http.X-Client-IP, 10, 10s)) {\n            return (synth(429, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n\n        // This unwraps proxy-style URLs and sanitizes the Host header\n        // (lowercase, no port, no funny chars, matches cert SAN, etc)\n        call normalize_request;\n\n        // Possibly switch to separate VCL\n        call cluster_fe_vcl_switch;\n        if (var.get_int(\"is_alt_domain\")) {\n            std.log(\"is_alt_domain: \" + var.get_int(\"is_alt_domain\"));\n        }\n\n        // This normalizes query parameters.\n        call normalize_request_nonmisc;\n    }\n\n    unset req.http.X-CDIS; // clear internal cache-disposition header\n    unset req.http.X-Varnish-Cluster; // internal cache cluster header\n\n    if ((req.http.host == \"healthcheck.wikimedia.org\" && req.url == \"/varnish-fe\") || (req.url == \"/varnish-fe-hc-5ebea9\")) {\n        return (synth(200, \"healthcheck\"));\n    }\n\n    # T364126: Disable Chrome Private Prefetch Proxy\n    if (req.url == \"/.well-known/traffic-advice\") {\n        return (synth(200, \"Disable Chrome Private Prefetch Proxy\"));\n    }\n\n    set req.backend_hint = cache_local.backend();\n\n\n    if(req.restarts == 0) {\n        // If this request had no cookies whatsoever mark it as such\n        // to later report this fact to X-Analytics\n        // Must happen here; uniques_recv mutates req.http.Cookie\n        if (!req.http.Cookie) {\n            var.set_int(\"nocookies\", 1);\n        }\n        // Skip PURGE requests as its volume will alter wmfuniq stats.\n        // An innocent SRE could be tempted to move this after the PURGE handling\n        // below, but beware of the dragons hidden inside cluster_fe_recv_pre_purge\n        if (req.method != \"PURGE\") {\n            call uniques_recv;\n        }\n        call analytics_recv;\n        if (var.get_int(\"is_alt_domain\") != 1 &&\n            req.http.host != \"upload.wikimedia.beta.wmcloud.org\") {\n            call analytics_last_access_recv;\n        }\n        call translation_engine_recv;\n    }\n\n\n    if (req.url ~ \"^/beacon\\/(?!event)[^/?]+\") {\n        // Logging beacon endpoints\n        //\n        // They are handled by the log tailer (varnishkafka) that filters the\n        // Varnish shm log for reqs to these endpoints and forwards them to log\n        // processors for storage and analysis.\n        return (synth(204, \"\"));\n    }\n\n    call cluster_fe_recv_pre_purge;\n    /* Support HTTP PURGE */\n    if (req.method == \"PURGE\") {\n        if (local.endpoint == \"/run/varnish-privileged.socket\" || std.ip(req.http.X-Client-IP, \"192.0.2.1\") ~ local_host) {\n            if (req.http.Host ~ \"^.*\\.beta\\.wmcloud\\.org$\") {\n                set req.hash_ignore_busy = true;\n                return (purge);\n            } else {\n                return (synth(204, \"Domain not cached here\"));\n            }\n        } else {\n                return (synth(405, \"Method not allowed\"));\n        }\n    }\n\n    call cluster_fe_recv;\n    call wm_recv_pass;\n    call cluster_fe_recv_tail;\n\n    return (hash); // no default VCL\n}\n\nsub vcl_hash {\n    call cluster_fe_hash;\n    // default vcl_hash invokes here!\n}\n\n// http://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html\nsub vcl_purge {\n    return (synth(204, \"Purged\"));\n}\n\nsub vcl_hit {\n    if (req.method == \"PURGE\") {\n        set req.http.X-CDIS = \"hit/purge\";\n    } else {\n        set req.http.X-CDIS = \"hit/\" + obj.hits;\n    }\n    call cluster_fe_hit;\n    // default vcl_hit invokes here!\n}\n\nsub vcl_miss {\n    set req.http.X-CDIS = \"miss\";\n    call shutdown_public_clouds;\n    call cluster_fe_miss;\n    return (fetch); // no default VCL (which is just \"return (fetch)\" anyways)\n}\n\nsub vcl_pass {\n    set req.http.X-CDIS = \"pass\";\n\n\n    call shutdown_public_clouds;\n    call cluster_fe_pass;\n    return (fetch); // no default VCL (which is just \"return (fetch)\" anyways)\n}\n\nsub vcl_pipe {\n    // for websockets over pipe\n    if (req.http.upgrade) {\n        set bereq.http.upgrade = req.http.upgrade;\n        set bereq.http.connection = req.http.connection;\n    }\n\n    // Similarly to pass-traffic, pipe-traffic should also pick backends\n    // randomly to avoid focus on a single node\n    set bereq.backend = cache_local_random.backend();\n}\n\nsub vcl_backend_fetch {\n    // Prevent sending the header on any inwards-facing requests to\n    // applayer services.\n    unset bereq.http.X-WMF-DP;\n    unset bereq.http.X-Cookie-Host;\n\n    call cluster_fe_backend_fetch;\n}\n\nsub wm_backend_response {\n    // This prevents the application layer from setting this in a response.\n    // We'll be setting this same variable internally in VCL in hit-for-pass\n    // cases later.\n    unset beresp.http.X-CDIS;\n    // Ensure that X-Experiment-Enrollments is on the Vary header. We need to\n    // deploy this in advance to let the CDN vary the whole cache so we can\n    // perform without needing to wipe the CDN\n    if (!beresp.http.Vary) {\n        set beresp.http.Vary = \"X-Experiment-Enrollments\";\n    } else if (beresp.http.Vary !~ \"(?i)\\bX-Experiment-Enrollments\\b\") {\n        set beresp.http.Vary = beresp.http.Vary + \", X-Experiment-Enrollments\";\n    }\n\n    /* Don't cache private, no-cache, no-store objects. */\n    if (beresp.http.Cache-Control ~ \"(?i:private|no-cache|no-store)\") {\n        set beresp.ttl = 0s;\n        // translated to hit-for-pass below\n    }\n    /* Especially don't cache Set-Cookie responses. Log violations. */\n    if ((beresp.ttl > 0s || beresp.http.Cache-Control ~ \"public\") && beresp.http.Set-Cookie) {\n        if (bereq.http.Host !~ \"^.*\\.wikimedia\\.org$\" || bereq.http.Host ~ \"^(meta|commons)\\.wikimedia\\.org$\") {\n            std.syslog(27, \"Cacheable object with Set-Cookie found!\" +\n                           \" beresp.status: \" + beresp.status +\n                           \" beresp.was_304: \" + beresp.was_304 +\n                           \" bereq.http.Host: \" + bereq.http.Host +\n                           \" bereq.url: \" + bereq.url +\n                           \" Cache-Control: \" + beresp.http.Cache-Control +\n                           \" Set-Cookie: \" + beresp.http.Set-Cookie +\n                           \" Server: \" + beresp.http.Server +\n                           \" ReqId: \" + beresp.http.X-Request-Id +\n                           \" X-Cache-Int: \" + beresp.http.X-Cache-Int);\n        }\n        set beresp.ttl = 0s;\n        // translated to hit-for-pass below\n    }\n    // Set a maximum cap on the TTL for 404s. Objects that don't exist now may\n    // be created later on, and we want to put a limit on the amount of time\n    // it takes for new resources to be visible.\n    elsif (beresp.status == 404 && beresp.ttl > 10m) {\n        set beresp.ttl = 10m;\n    }\n\n    // Set keep, which influences the amount of time objects are kept available\n    // in cache for IMS requests (TTL+grace+keep). Scale keep to the app-provided\n    // TTL.\n    if (beresp.ttl > 0s) {\n        if (beresp.http.ETag || beresp.http.Last-Modified) {\n            if (beresp.ttl < 1d) {\n                set beresp.keep = beresp.ttl;\n            } else {\n                set beresp.keep = 1d;\n            }\n        }\n\n        // Hard TTL cap on all fetched objects (default 1d)\n        if (beresp.ttl > 1d) {\n            set beresp.ttl = 1d;\n        }\n\n        set beresp.grace = 20m;\n    }\n\n    // Swizzled random reduction of all TTLs by up to 5%, to avoid various\n    // possible cases of stampedes of aligned natural expiries.\n    // Note VCL supports DURATION*REAL natively, and DURATIONs do support\n    // fractional seconds, so this doesn't technically need a guard\n    // condition against short TTLs.\n    // However, sub-second TTLs like 0.97s might poke edge cases in VCL,\n    // which would be a good reason to not do this for TTLs < 2s.\n    // Furthermore, swizzling a stampede of very short TTLs such that they\n    // expire milliseconds apart may do more perf harm than good.  60s\n    // seems like a reasonably-conservative cutoff, where the swizzle will\n    // be spreading things by ~3s.\n    if (beresp.ttl >= 60s) {\n        set beresp.ttl = beresp.ttl * std.random(0.95, 1.0);\n    }\n\n    // Compress compressible things if the backend didn't already, but\n    // avoid explicitly-defined CL < 860 bytes.  We've seen varnish do\n    // gzipping on CL:0 302 responses, resulting in output that has CE:gzip\n    // and CL:20 and sends a pointless gzip header.\n    // Very small content may actually inflate from gzipping, and\n    // sub-one-packet content isn't saving a lot of latency for the gzip\n    // costs (to the server and the client, who must also decompress it).\n    // The magic 860 number comes from Akamai, Google recommends anywhere\n    // from 150-1000.  See also:\n    // https://webmasters.stackexchange.com/questions/31750/what-is-recommended-minimum-object-size-for-gzip-performance-benefits\n    //\n    // Explicitly skip docker-registry due to the issues described in T270270\n    if (bereq.http.Host != \"docker-registry.wikimedia.org\" && beresp.http.content-type ~ \"json|text|html|script|xml|icon|ms-fontobject|ms-opentype|x-font|sla\"\n        && (!beresp.http.Content-Length || std.integer(beresp.http.Content-Length, 0) >= 860)) {\n            set beresp.do_gzip = true;\n    }\n    // SVGs served by MediaWiki are part of the interface. That makes them\n    // very hot objects, as a result the compression time overhead is a\n    // non-issue. Several of them tend to be requested at the same time,\n    // as the browser finds out about them when parsing stylesheets that\n    // contain multiple. This means that the \"less than 1 packet\" rationale\n    // for not compressing very small objects doesn't apply either. Lastly,\n    // since they're XML, they contain a fair amount of repetitive content\n    // even when small, which means that gzipped SVGs tend to be\n    // consistantly smaller than their uncompressed version, even when tiny.\n    // For all these reasons, it makes sense to have a lower threshold for\n    // SVG. Applying it to XML in general is a more unknown tradeoff, as it\n    // would affect small API responses that are more likely to be cold\n    // objects due to low traffic to specific API URLs.\n    if (beresp.http.content-type ~ \"svg\" && (!beresp.http.Content-Length || std.integer(beresp.http.Content-Length, 0) >= 150)) {\n        set beresp.do_gzip = true;\n    }\n\n    // set a 601s hit-for-pass object based on response conditions in vcl_backend_response:\n    //    Calculated TTL <= 0 + Status < 500 + No underlying cache hit:\n    //    These are generally uncacheable responses.  The 5xx exception\n    //    avoids us accidentally replacing a good stale/grace object with\n    //    an hfp (and then repeatedly passing on potentially-cacheable\n    //    content) due to an isolated 5xx response, and the exception for\n    //    underlying cache hits (detected from X-Cache-Int) is to avoid\n    //    creating a persist HFP object when a lower-level varnish\n    //    returned an expired object under grace-mode rules.\n    if (\n        beresp.ttl <= 0s\n        && beresp.status < 500\n        && (!beresp.http.X-Cache-Int || beresp.http.X-Cache-Int !~ \" hit\")\n    ) {\n        set beresp.grace = 31s;\n        set beresp.keep = 0s;\n        set beresp.http.X-CDIS = \"pass\";\n        // XXX: HFP for now, but this requires further work: T180712\n        return(pass(601s));\n    }\n}\n\nsub wm_admission_policies {\n    // hit-for-pass objects >= 262144 size. Do cache if Content-Length is missing.\n    if (std.integer(beresp.http.Content-Length, 0) >= 262144) {\n        // HFP\n        set beresp.http.X-CDIS = \"pass\";\n        return(pass(beresp.ttl));\n    }\n\n\n    return (deliver);\n}\n\nsub vcl_backend_response {\n    // retry 503 once in frontend instances, to paper over transient issues\n    // This catches the backending handing us an explicit 503\n    if (beresp.status == 503 && bereq.retries == 0 && bereq.method ~ \"^(GET|HEAD|OPTIONS|PUT|DELETE)$\") {\n        return(retry);\n    }\n    call cluster_fe_backend_response_early; // e.g. to fix up Vary-slotting in bereq\n    call wm_backend_response;\n    call cluster_fe_backend_response;\n    // It is important that this happens after the code responsible for translating TTL<=0\n    // (uncacheable) responses into hit-for-pass. That code lives in wm_backend_response.\n    call wm_admission_policies;\n    // default vcl_(fetch|backend_response) does not invoke here because wm_admission_policies unconditionally returns!\n}\n\nsub wm_xcache_deliver {\n    if (req.method != \"PURGE\") {\n        // we copy through from beresp->resp->req here for the initial hit-for-pass case\n        if (resp.http.X-CDIS) {\n            set req.http.X-CDIS = resp.http.X-CDIS;\n            unset resp.http.X-CDIS;\n        }\n\n        if (!req.http.X-CDIS) {\n            set req.http.X-CDIS = \"bug\";\n        }\n\n        // X-Cache-Int gets appended-to as we traverse cache layers\n        if (resp.http.X-Cache-Int) {\n            set resp.http.X-Cache-Int = resp.http.X-Cache-Int + \", deployment-cache-text08 \" + req.http.X-CDIS;\n        } else {\n            set resp.http.X-Cache-Int = \"deployment-cache-text08 \" + req.http.X-CDIS;\n        }\n    }\n}\n\n// Common code in frontend vcl_deliver + vcl_synth\nsub deliver_synth_ {\n    call wm_xcache_deliver;\n\n    // At the frontends, copy X-Cache-Int to X-Cache and delete X-Cache-Int\n    // This prevents double-set of X-Cache in log parsing on varnish4.\n    // In this block we also decipher X-Cache into an overall X-Cache-Status\n    // output header.\n    if (req.method != \"PURGE\") {\n        set resp.http.X-Cache = resp.http.X-Cache-Int;\n        set resp.http.X-Cache-Status = regsuball(resp.http.X-Cache, \"cp[0-9]{4} (hit|miss|pass|int)(?:/[0-9]+)?\", \"\\1\");\n\n        unset resp.http.X-Cache-Int;\n        unset resp.http.Via;\n\n        // -front: Varnish cache\n        // -local: ATS cache\n        if (resp.http.X-Cache-Status ~ \"hit$\") {\n            set resp.http.X-Cache-Status = \"hit-front\";\n        } elsif (resp.http.X-Cache-Status ~ \"hit\") {\n            set resp.http.X-Cache-Status = \"hit-local\";\n        } elsif (resp.http.X-Cache-Status ~ \"int$\") {\n            set resp.http.X-Cache-Status = \"int-front\";\n        } elsif (resp.http.X-Cache-Status ~ \"int\") {\n            set resp.http.X-Cache-Status = \"int-local\";\n        } elsif (resp.http.X-Cache-Status ~ \"miss$\") {\n            set resp.http.X-Cache-Status = \"miss\";\n        } elsif (resp.http.X-Cache-Status ~ \"pass$\") {\n            set resp.http.X-Cache-Status = \"pass\";\n        } else {\n            set resp.http.X-Cache-Status = \"unknown\";\n        }\n\n        set resp.http.Server-Timing = {\"cache;desc=\"\"} + resp.http.X-Cache-Status + {\"\", host;desc=\"deployment-cache-text08\"\"};\n    }\n\n    // 5xx should not carry set-cookies, this seems risky in general\n    if (resp.status >= 500 && resp.http.Set-Cookie) {\n        // Log it for cases we care about more:\n        if (req.http.Host !~ \"^.*\\.wikimedia\\.org$\" || req.http.Host ~ \"^(meta|commons)\\.wikimedia\\.org$\") {\n            std.syslog(27, \"5XX with Set-Cookie found!\" +\n                \" req.http.Host: \" + req.http.Host +\n                \" req.url: \" + req.url +\n                \" req.http.Cookie: \" + req.http.Cookie +\n                \" resp.status: \" + resp.status +\n                \" Cache-Control: \" + resp.http.Cache-Control +\n                \" Set-Cookie: \" + resp.http.Set-Cookie +\n                \" Server: \" + resp.http.Server +\n                \" ReqId: \" + resp.http.X-Request-Id +\n                \" Age: \" + resp.http.Age +\n                \" X-Cache: \" + resp.http.X-Cache);\n        }\n        // Clear it for all traffic.  It's a 5xx, nothing was guaranteed to work anyways\n        unset resp.http.Set-Cookie;\n    }\n\n    std.collect(resp.http.X-Varnish);\n\n    call https_deliver_hsts;\n\n    call https_deliver_networkerrorlogging;\n\n    call analytics_deliver_pre;\n    if (var.get_int(\"is_alt_domain\") != 1 &&\n        req.http.host != \"upload.wikimedia.beta.wmcloud.org\") {\n        call analytics_deliver_last_access;\n    }\n    call analytics_deliver_post;\n\n    // echo metadata about the client back to the client (analytics looks at this as well)\n    set resp.http.X-Client-IP = req.http.X-Client-IP;\n}\n\nsub uniques_deliver {\n    if (wu_cfg.get_set_cookie()) {\n            // The *very* special case is a request to host==\"wikimedia.org\".\n            // We can't set a cookie just for this without leaking it to all\n            // subdomains.  We cannot set it *only* for the 2LD and not have it\n            // leak, so we cannot set one at all in this case.\n            // Every request to this domain gets a fresh pointless one\n            // internally, but it's ok because in practice this whole domain is\n            // just a 301 -> www.wikimedia.org.\n        if (req.http.Host != \"wikimedia.org\") {\n            if (req.http.Host ~ \"((^|\\.)(wmflabs\\.org|toolforge\\.org|wmcloud\\.org))$\") {\n                // For the rest of *.wikimedia.org, we must set the domain to\n                // the full Host value to avoid leaks to 3rd-party entities\n                // that unfortunately exist in this space.  For all other\n                // cases, use the 2LD as the Domain attribute.\n\n                if (req.http.X-Cookie-Host ~ \"\\.wikimedia\\.org$\") {\n                    set resp.http.X-WUTMPDOM = req.http.X-Cookie-Host;\n                } else {\n                    set resp.http.X-WUTMPDOM = \".\" + regsub(req.http.X-Cookie-Host, \"^([a-z0-9-]+\\.)*([a-z0-9-]+\\.\\Qbeta.wmcloud.org\\E)$\", \"\\2\");\n                }\n\n                header.append(resp.http.Set-Cookie,\n                    \"WMF-Uniq=\"\n                    + wu_cfg.get_cookie_val()\n                    + \";Domain=\" + resp.http.X-WUTMPDOM\n                    + \";Path=/;HttpOnly;secure;SameSite=Lax;Expires=\"\n                    + std.time(std.time2integer(now + 1y, 0) / 86400 * 86400)\n                );\n                unset resp.http.X-WUTMPDOM; // clear temp header from above\n            }\n        }\n    }\n\n    set resp.http.X-WUTIMING = {\"WMF-Uniq;desc=\"\"} + wu_cfg.get_abtests_stiming() + {\"\"\"};\n    if (resp.http.X-WUTIMING != {\"WMF-Uniq;desc=\"\"\"}) {\n        header.append(resp.http.Server-Timing, resp.http.X-WUTIMING);\n    }\n    unset resp.http.X-WUTIMING;\n}\n\nsub vcl_deliver {\n    // Provides custom error html if error response has no body\n    if (resp.http.Content-Length == \"0\" && resp.status >= 400) {\n        return(synth(resp.status));\n    }\n    // Do not leak Vary: X-Experiment-Enrollments to the user\n    if (resp.http.Vary) {\n        if (resp.http.Vary == \"X-Experiment-Enrollments\") {\n            unset resp.http.Vary;\n        } else if (resp.http.Vary ~ \"(?i)\\s*X-Experiment-Enrollments\") {\n            set resp.http.Vary = regsub(resp.http.Vary, \"(?i)\\s*X-Experiment-Enrollments\\s*,?\\s*|,\\s*X-Experiment-Enrollments\\s*\", \"\");\n        }\n    }\n    call deliver_synth_;\n    call cluster_fe_deliver;\n    if (req.method != \"PURGE\") {\n        call uniques_deliver;\n    }\n    return (deliver); // no default VCL (which is just \"return (deliver)\" anyways)\n}\n\n// Varnish4 vcl_synth+vcl_backend_error\n\nsub vcl_synth {\n    if (req.method != \"PURGE\") {\n        set resp.http.X-CDIS = \"int\";\n        call deliver_synth_;\n        call cluster_fe_err_synth;\n\n        // Set Retry-After for requests throttled by requestctl.\n        // Please note: this request header is only set for requests that are\n        // being throttled, so even if non-standard, it never leaves varnish.\n        // see T305824.\n        if (req.http.Retry-After) {\n            set resp.http.Retry-After = req.http.Retry-After;\n        }\n\n        // This is for 421 Misdirected for bad HTTP/2 coalescing\n        // between text and upload cluster IPs:\n        if (resp.reason == \"Misdirected Request\") {\n            set resp.http.Connection = \"keep-alive\";\n            set resp.http.Content-Length = \"0\"; // BZ #62245\n            set resp.http.Cache-Control = \"private, s-maxage=0, max-age=0, must-revalidate\";\n        }\n\n        if (resp.status >= 400) {\n            call synth_errorpage;\n        }\n    }\n\n    if (resp.reason == \"healthcheck\") {\n        set resp.reason = \"OK\";\n        synthetic(\"Varnish frontend running on deployment-cache-text08 is up\");\n    }\n\n    if (resp.reason == \"Disable Chrome Private Prefetch Proxy\") {\n        set resp.reason = \"OK\";\n        set resp.http.Cache-Control = \"public, max-age=86400\";\n        set resp.http.Content-Type = \"application/trafficadvice+json\";\n        synthetic({\"[{\n  \"user_agent\": \"prefetch-proxy\",\n  \"disallow\": true\n}]\n\"});\n    }\n\n    return (deliver);\n}\n\nsub vcl_backend_error {\n    // retry 503 once in frontend instances, to paper over transient issues\n    // This catches an implicit 503 (e.g. connectfail, timeout, etc)\n    if (beresp.status == 503 && bereq.retries == 0 && bereq.method ~ \"^(GET|HEAD|OPTIONS|PUT|DELETE)$\") {\n        return(retry);\n    }\n    set beresp.http.X-CDIS = \"int\";\n    call backend_error_errorpage;\n    return (deliver);\n}\n# vim: set expandtab tabstop=4 shiftwidth=4:\n"}},{"type":"File","title":"/usr/share/varnish/tests/wikimedia_misc-frontend.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"// common frontend code for all clusters\n\nvcl 4.1;\n\n\nimport std;\n# this is needed by geoip.inc.vcl, and in general is the only way to sanely do\n# Set-Cookie in the face of multiple independent cookies being set from\n# different code.\nimport header;\n\nimport cookie;\nimport directors;\nimport netmapper;\nimport querysort;  // T138093\nimport var;\nimport wmfuniq;\n\n// rate limiting\nimport vsthrottle;\n\n\ninclude \"analytics.inc.vcl\";\ninclude \"alternate-domains.inc.vcl\";\ninclude \"browsersec.inc.vcl\";\ninclude \"errorpage.inc.vcl\";\ninclude \"translation-engine.inc.vcl\";\n\n# ACLs\n\nacl local_host {\n       \"127.0.0.1\";\n}\n\nacl local_tls_terminator {\n       \"10.128.0.129\"; // note this matches nginx proxy_pass for TLS\n       \"0.0.0.0\"; // this matches incoming traffic via UDS\n}\n\nacl UDS {\n       \"0.0.0.0\";\n}\n\n// external trusted proxies aren't allowed to set XCIP (via XFF) to wikimedia_nets,\n// and this ACL is also used to skip ratelimiting of most requests\nacl wikimedia_nets {\n       \"172.16.0.0\"/12;\n       \"127.0.0.0\"/8;\n       \"::1\"/128;\n       \"172.16.0.0\"/12;\n       // The following IP addresses are AWS Elastic IPs used by the\n       // Wikimedia Enterprise project to bulk scrape content and query APIs.\n       // They are added to wikimedia_nets in order to skip most of our CDN's\n       // rate limiting, including being unaffected by requestctl.\n       \"3.23.12.83\"/32;     // T255524\n       \"3.211.48.168\"/32;   // T294798\n       \"44.206.140.241\"/32; // T370294\n       \"35.168.168.219\"/32; // T370294\n       \"35.172.30.169\"/32;  // T370294\n       \"3.222.74.115\"/32;   // T370294\n}\n\n// Only wikimedia_trust can fake X-F-P\nacl wikimedia_trust {\n       \"172.16.0.0\"/12;\n       \"127.0.0.0\"/8;\n       \"::1\"/128;\n}\n\n/* Include the VCL file for this role */\ninclude \"misc-frontend.inc.vcl\";\n\n# Backend probes\n\n# frontends in front of ATS backend instances should send probes that don't\n# depend on the app backend\nprobe varnish {\n    .request =\n        \"GET /ats-be HTTP/1.1\"\n        \"Host: healthcheck.wikimedia.org\"\n        \"User-agent: Varnish backend check\"\n        \"Connection: close\";\n    .timeout = 100ms;\n    .interval = 100ms;\n    .window = 5;\n    .threshold = 3;\n}\n\n\n\n\n// ** Engineer public cloud flows\n// by default rate limit but if public_clouds_shutdown is set block\nsub shutdown_public_clouds {\n}\n\n// *** HTTPS deliver code - domain-based HSTS headers\nsub https_deliver_hsts {\n    if (req.http.X-Forwarded-Proto == \"https\") {\n        if (req.http.Host ~ \"((^|\\.)(wikipedia\\.org|wikimedia\\.org|wikibooks\\.org|wikinews\\.org|wikiquote\\.org|wikisource\\.org|wikiversity\\.org|wikivoyage\\.org|wikidata\\.org|wikimediafoundation\\.org|wikiworkshop\\.org|wiktionary\\.org|mediawiki\\.org|wmfusercontent\\.org|w\\.wiki))$\") {\n            set resp.http.Strict-Transport-Security = \"max-age=106384710; includeSubDomains; preload\";\n        }\n    }\n}\n\n// *** HTTPS deliver code - domain-based W3C Reporting API / Network Error Logging headers\n// https://phabricator.wikimedia.org/T257527\n// c.f. https://www.w3.org/TR/network-error-logging/ and https://w3c.github.io/reporting/\nsub https_deliver_networkerrorlogging {\n    // User agents only accept these headers via HTTPS.\n    if (req.http.X-Forwarded-Proto == \"https\") {\n        // Don't serve NEL response headers if users somehow wind up routed for us for domains that aren't ours.\n        // (See also normalize_request's Host header processing.)\n        if (req.http.Host != \"invalid\") {\n            // The values of these headers are JSON, but you must be careful to *not* embed `{\"` or `\"}`\n            // in the JSON itself, as those bigrams are VCL long-string delimiters.  One way to mangle JSON\n            // in the needed fashion is with the following Python snippet:\n            //     report_to = dict(group='wm_nel', max_age=604800, endpoints=[dict(url='https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0')])\n            //     print(json.dumps(report_to).replace('{\"', '{ \"').replace('\"}', '\" }'))\n            // VTC string literals can similarly be obtained with:\n            //     print(json.dumps(report_to).replace('{\"', '{ \"').replace('\"}', '\" }').replace('\"', '\\\\\"'))\n            set resp.http.Report-To = {\"{ \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\"};\n            //     nel=dict(report_to='wm_nel', max_age=604800, failure_fraction=0.05, success_fraction=0.0)\n            if (req.http.Host ~ \"^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\.wikimedia\\.org$\") {\n                // Set 'success_fraction' to 1.0 for measurement domains\n                // See https://phabricator.wikimedia.org/T334608\n                set resp.http.NEL = {\"{ \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 1.0}\"};\n            } else {\n                // Set 'success_fraction' to 0.0 for all other domains\n                set resp.http.NEL = {\"{ \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\"};\n            }\n            // The failure_fraction was guesstimated based on group0's reporting ratio: https://phabricator.wikimedia.org/T257527#6489683\n        }\n    }\n}\n\n// *** X-Connection-Properties parsing recv code\nsub log_xcps_info {\n    // Sanity-check the overall format defined by the config of HAProxy\n    if (req.http.X-Connection-Properties !~ \"^H2=[01]; SSR=[012]; SSL=[^; ]+; C=[^; ]+; EC=[^; ]+; KA=[^; ]+;$\") {\n        set req.http.x-tls-prot = \"invalid\";\n        set req.http.x-tls-sess = \"invalid\";\n        set req.http.x-tls-vers = \"invalid\";\n        set req.http.x-tls-keyx = \"invalid\";\n        set req.http.x-tls-auth = \"invalid\";\n        set req.http.x-tls-ciph = \"invalid\";\n    } else {\n        set req.http.x-tls-prot = regsub(req.http.X-Connection-Properties, \"^H2=([01]);.*\", \"\\1\");\n        if (req.http.x-tls-prot == \"1\") {\n            set req.http.x-tls-prot = \"h2\";\n        } else {\n            set req.http.x-tls-prot = \"h1\";\n        }\n\n        set req.http.x-tls-sess = regsub(req.http.X-Connection-Properties, \".* SSR=([012]);.*\", \"\\1\");\n        if (req.http.x-tls-sess == \"1\") {\n            set req.http.x-tls-sess = \"reused\";\n        } elsif (req.http.x-tls-sess == \"2\") {\n            set req.http.x-tls-sess = \"unknown\";\n        } else {\n            set req.http.x-tls-sess = \"new\";\n        }\n\n        set req.http.x-tls-vers = regsub(req.http.X-Connection-Properties, \".* SSL=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-keyx = regsub(req.http.X-Connection-Properties, \".* EC=([^; ]+);.*\", \"\\1\");\n\n        set req.http.x-tls-auth = regsub(req.http.X-Connection-Properties, \".* KA=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-ciph = regsub(req.http.X-Connection-Properties, \".* C=([^; ]+);.*\", \"\\1\");\n        set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^(ECDHE-(ECDSA|RSA)|DHE-RSA)-\", \"\");\n\n        // Starting with TLSv1.3, CHACHA20-POLY1305 will be renamed into\n        // CHACHA20-POLY1305-SHA256. Do the renaming now in VCL to avoid stats skew\n        // later on.\n        set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^CHACHA20-POLY1305$\", \"CHACHA20-POLY1305-SHA256\");\n        if (req.http.x-tls-vers == \"TLSv1.3\") {\n            // Every TLSv1.3 cipher begins with TLS_\n            set req.http.x-tls-ciph = regsub(req.http.x-tls-ciph, \"^TLS_\", \"\");\n            // TLSv1.3 uses _ instead of - as a separator\n            set req.http.x-tls-ciph = regsuball(req.http.x-tls-ciph, \"_\", \"-\");\n        }\n    }\n\n    // Condensed form logged as \"tls\" for TLS analytics via varnishkafka webrequest\n    std.log(\"tls: vers=\" + req.http.x-tls-vers\n        + \";keyx=\" + req.http.x-tls-keyx\n        + \";auth=\" + req.http.x-tls-auth\n        + \";ciph=\" + req.http.x-tls-ciph\n        + \";prot=\" + req.http.x-tls-prot\n        + \";sess=\" + req.http.x-tls-sess);\n\n}\n\n\nsub normalize_request {\n    // We shouldn't even legally be receiving proxy-style requests, as\n    // we're not a proxy from any client's point of view. Just in\n    // case, we support it anyways according to RFC7230 rules: we\n    // ignore any Host header sent along with it and set a new Host\n    // header based on the host part we strip from the abs URI. ref:\n    // http://tools.ietf.org/html/rfc7230#section-5.4 Host\n    // normalization (lowercase, port stripping, trailing dots) is\n    // done in HAProxy See T392880 for details\n    if(req.url ~ \"(?i)^https?://[^/]\") {\n        # this strips away 'user:pass@' and ':port' when copying from URI to Host:\n        set req.http.Host = regsub(req.url, \"(?i)^https?://(.*@)?([^/:]+).*$\", \"\\2\");\n        set req.url = regsub(req.url, \"(?i)^https?://[^/]+/?\", \"/\");\n    }\n\n    // Check that host header looks reasonably-legitimate/parseable now\n    if (req.http.Host ~ \"^[a-z0-9][-a-z0-9]*(\\.[a-z0-9][-a-z0-9]*)*\\.?$\") {\n        // Strip optional trailing terminal dot if present\n        set req.http.Host = regsub(req.http.Host, \"\\.$\", \"\");\n    } else {\n        set req.http.Host = \"invalid\";\n        // Unparseable / empty Host header\n        return (synth(400, \"Invalid Host header\"));\n    }\n    // Enforce RFC 9112 request-target definition:\n    // at this point after absolute-form requests being transformed to\n    // origin-form ones, we should only have a request-target matching\n    // either origin-form or asterisk-form. See T318676 for more details\n    if(req.url !~ \"^(/|\\*$)\") {\n        return (synth(400, \"Invalid request URL\"));\n    }\n    # save the original host header to be able to set cookies accordingly\n    set req.http.X-Cookie-Host = req.http.Host;\n\n    if (req.http.Accept-Language) {\n        set req.http.Accept-Language = std.tolower(req.http.Accept-Language);\n    }\n\n    // Check that the normalized hostname actually matches our SAN set from\n    // the Unified multi/wildcard certificate we use for prod cache cluster\n    // termination.  This won't eliminate every bad hostname down at the\n    // applayer (e.g. nosuchlanguage.wikimedia.org), but it does precisely\n    // match the wildcarding of the certificate itself and greatly limits\n    // the potential bad cases.\n    // --\n    // RFC 2616 Section 5.2 notes that 400 responses are also required\n    // if the hostname isn't one we recognize as legit *on the server*,\n    // meaning our own list of hostnames:\n    // \"3. If the host as determined by rule 1 or 2 is not a valid host on\n    // the server, the response MUST be a 400 (Bad Request) error message.\"\n    // RFC 723x is less-clear on this case, but this is still a reasonable\n    // stance.  There are reasonable reasons that 404, 410, 421 and others\n    // are inappropriate if we receive a request accidentally for some\n    // legitimate domainname on the Internet which doesn't belong to us.\n    // --\n    // This regex exactly matches the canonical domains SAN list used in\n    // our Unified certificates, according to the normal SAN rules where a\n    // wildcard only matches a single DNS label.  It's encoded here as a\n    // VCL Long String with delimiters {\"\"} containing a PCRE regex with\n    // the x-flag to allow expansion with whitespace, newlines, and\n    // comments for clarity:\n\n}\n\n// Must be done at the top of vcl_recv, in our varnish-frontend layer only,\n// and should be guarded against running on request restarts.\nsub recv_fe_ip_processing {\n    // this subroutine \"owns\" these 3 headers - nothing else in our VCL or\n    // anywhere in our network should be setting them.\n    unset req.http.X-Trusted-Proxy;\n    unset req.http.X-Abuse-Network;\n\n    // unset this one just because it's well-known and some default\n    // software configs may look at it, and an external client may spoof\n    // it. We don't set or use this header internally (we use X-Client-IP)\n    unset req.http.X-Real-IP;\n\n    // if X-JWT-Sub is present, save its value in a variable\n    if (req.http.X-JWT-Sub) {\n        var.set(\"jwt_sub\", req.http.X-JWT-Sub);\n        unset req.http.X-JWT-Sub;\n    }\n\n    // unset X-Requestctl if its value is the default value in HAProxy\n    if (req.http.X-Requestctl == \" \") {\n        unset req.http.X-Requestctl;\n    }\n\n    // Unset the incoming *request* header Retry-After. This should be handled\n    // by the VCL fragments coming from requestctl and not be in the request.\n    unset req.http.Retry-After;\n\n    if (client.ip !~ local_host && remote.ip !~ local_tls_terminator) {\n        // only the local nginx TLS terminator should set these at all -\n        // there are no other internal exceptions to that rule\n        unset req.http.X-Client-IP;\n        unset req.http.X-Connection-Properties;\n    }\n\n    if (local.ip ~ UDS && remote.ip ~ UDS) {\n        if (client.ip ~ UDS) {\n            // If the client request is received via UDS without PROXY protocol 0.0.0.0 is added to XFF\n            set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For, \"0.0.0.0$\", \"10.128.0.129\");\n        } else {\n            // If UDS is used along with PROXY protocol we need to append the varnish IP to keep the applayer happy\n            set req.http.X-Forwarded-For = req.http.X-Forwarded-For + \", \" + \"10.128.0.129\";\n        }\n    }\n\n    // To make further parsing/sanitizing simpler, convert all whitespace\n    // in XFF to single spaces, and make sure all commas have a space\n    // suffix but no space prefix.\n    set req.http.X-Forwarded-For = regsuball(req.http.X-Forwarded-For, \"[ \\t]+\", \" \");\n    set req.http.X-Forwarded-For = regsuball(req.http.X-Forwarded-For, \" ?, ?\", \", \");\n\n    // Now fully-sanitize it to only the strict form \"X(, X)*\", where X is\n    // a string of legal characters in IPv[46] addresses.  Note\n    // that injections can still leave well-formed junk on the\n    // left, but it's up to the trusted proxy code to ignore that,\n    // e.g.:\n    // \"junk2, 123.123.123.123\" -> \"2, 123.123.123.123\"\n    set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For,\n        \"^.*?([0-9A-Fa-f:.]+(, [0-9A-Fa-f:.]+)*)? ?$\", \"\\1\");\n\n    // There are two possible cases here: either nginx acted as our TLS\n    // proxy and already set X-Client-IP (as well as appended the same value\n    // to XFF, and we appended nginx's IP to XFF already as well...), or the\n    // traffic was direct to varnish-fe, in which case XCIP is not yet set\n    // and XFF is external + our addition of client.ip.\n\n    if (!req.http.X-Client-IP) {\n        unset req.http.via-nginx;\n        set req.http.X-Client-IP = client.ip;\n        if (!req.http.X-Client-IP) {\n            // apparently sometimes the above doesn't set it???  use\n            // illegal RFC 5735 documentation network to avoid\n            // sending NULL to netmapper-1.3 for now\n            set req.http.X-Client-IP = \"192.0.2.1\";\n        }\n    } else {\n        set req.http.via-nginx = 1;\n    }\n\n    // From this (very early) point forward, regardless of cache tier/layer:\n    // req.http.X-Client-IP ->\n    //     This is our standard notion of the Client/UA's real IP, after\n    //     decoding XFF for our internal infrastructure addresses as well\n    //     as any trusted proxies.\n}\n\nsub vcl_init {\n# directors\n    new cache_local = directors.shard();\n    new cache_local_random = directors.random();\n    // \"vtc_backend\" is the backend name we use in all VTC tests\n    cache_local.add_backend(vtc_backend);\n    cache_local_random.add_backend(vtc_backend, 100);\n    cache_local.reconfigure();\n\n    call wm_domains_init;\n\n      new wu_cfg = wmfuniq.cfg(\"/etc/varnish/uniques.d/keys.cfg\",\n          \"/etc/varnish/uniques.json\",\n          30,\n          0\n      );\n}\n\nsub normalize_request_nonmisc {\n    // Sort query parameters to improve cache efficiency.\n    // See <https://wikitech.wikimedia.org/wiki/Query_string_normalization>.\n    set req.url = querysort.querysort(req.url);\n}\n\nsub wm_recv_pass {\n\n    if (req.http.host == \"config-master.wikimedia.beta.wmcloud.org\") {\n        return (pass);\n    } elsif (req.http.host == \"stream.wikimedia.beta.wmcloud.org\") {\n        if (req.url ~ \"^/v2/stream/.+\") {\n             return (pipe);\n        }\n    } elsif (req.http.host == \"stream.wikimedia.beta.wmflabs.org\") {\n        if (req.url ~ \"^/v2/stream/.+\") {\n             return (pipe);\n        }\n    }\n}\n\nsub uniques_recv {\n    // Wipe req-header names that might come directly from the client,\n    // which this VCL code claims as its own territory\n    unset req.http.X-WUVAL;\n    if (req.http.Cookie) {\n        // Normalize cookie name case before vmod_cookie processing,\n        // allowing for whitespace variance. vmod_cookie is case-sensitive,\n        // and while that is correct by modern RFCs, ancient ones\n        // explicitly said the names were case-insensitive, and there's\n        // some evidence that there are case-insensitive impls out in the\n        // wild, and generally Postel should apply here.\n        set req.http.Cookie = regsub(req.http.Cookie, \"(?i)(^|;)\\s*WMF-Uniq\\s*=\", \"\\1WMF-Uniq=\");\n        cookie.parse(req.http.Cookie);\n        if (cookie.isset(\"WMF-Uniq\")) {\n            set req.http.X-WUVAL = cookie.get(\"WMF-Uniq\");\n            cookie.delete(\"WMF-Uniq\");\n            set req.http.Cookie = cookie.get_string();\n            if (req.http.Cookie == \"\") {\n                unset req.http.Cookie;\n            }\n        }\n    }\n    // Must call process_cookie() on every request, which will generate a\n    // fresh one if WUVAL is empty/unset/invalid\n    wu_cfg.process_cookie(req.http.X-WUVAL, req.url ~ \"^/evt-103e/v2/events\");\n    // delete the temp header to avoid leaks\n    unset req.http.X-WUVAL;\n\n    // Pass some summarized info to the Data Lake.\n    if (wu_cfg.get_cookie_count() > 0) {\n        // We received a cookie from the client, it was valid, and it has been signed by us at least once.\n        // cday_age will be zero from the moment of creation, until the next fixed \"day\" boundary on the wallclock\n        // (so anywhere from 0-86400 seconds), then will roll over to 1 at our pseudo-midnight boundary.\n        var.set_int(\"wmfuniq_days\", 1 + wu_cfg.get_cookie_cday_age()); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_weeks\", 1 + (wu_cfg.get_cookie_cday_age() / 7)); // avoid 0 weeks for 1-6 days old cookies\n        var.set_int(\"wmfuniq_freq\", (wu_cfg.get_cookie_count() * 100 / var.get_int(\"wmfuniq_weeks\")) / 10); // rough (weeks with visits)/weeks, scaled by 10 to avoid fractions\n        var.set(\"ratelimit_id\", wu_cfg.get_cookie_uniq()); // used for rate-limiting\n        // Cap the max ages we report.  This improves privacy.\n        if (var.get_int(\"wmfuniq_days\") > 8) {\n            var.set_int(\"wmfuniq_days\", 8);\n        }\n        if (var.get_int(\"wmfuniq_weeks\") > 52) {\n            var.set_int(\"wmfuniq_weeks\", 52);\n        }\n    } else {\n        // Freshly-generated cookie.\n        var.set_int(\"wmfuniq_days\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_weeks\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set_int(\"wmfuniq_freq\", 0); // 0 on a freshly-generated cookie, 1+ otherwise\n        var.set(\"ratelimit_id\", req.http.X-Client-IP); // used for rate-limiting\n    }\n\n    // Send the cache-variance for enrolled tests towards normal backends, but\n    // send the \"event\" string containing per-experiment IDs when the backend\n    // is going to be eventgate analytics ingestion.\n    if (req.url ~ \"^/evt-103e/v2/events\") {\n        if (wu_cfg.get_cookie_count() > 0) {\n            set req.http.X-Experiment-Enrollments = wu_cfg.get_abtests_event();\n        } else {\n            set req.http.X-Experiment-Enrollments = \"\";\n        }\n    } else {\n        set req.http.X-Experiment-Enrollments = wu_cfg.get_abtests_vary();\n    }\n    if (req.http.X-Experiment-Enrollments == \"\") {\n        unset req.http.X-Experiment-Enrollments;\n        // Prevent requests with empty X-E-E from reaching the beacon endpoint\n        if (req.url ~ \"^/evt-103e/v2/events\") {\n            return (synth(204, \"\"));\n        }\n    }\n}\n\nsub vcl_recv {\n\n    // no injection from outside our stack allowed for these\n    unset req.http.X-DCPath;\n    unset req.http.X-Next-Is-Cache;\n    unset req.http.Proxy; // https://httpoxy.org/\n    unset req.http.X-ATS-Debug; // We use this header for the XDebug Traffic Server plugin\n\n    if (req.restarts == 0) {\n        // IP processing is req->req mangling that shouldn't be re-done on restart\n        call recv_fe_ip_processing;\n\n        // Parse X-Connection-Properties and log TLS/HTTP2 connection\n        // information, which is sent via varnishkafka to Analytics.\n        // If we don't do this super-early, some rejected/invalid\n        // requests from early checks won't have any TLS analytics,\n        // which is very confusing and looks like plain-HTTP.\n        if (req.http.X-Connection-Properties) {\n            call log_xcps_info;\n        }\n\n        // Block requests from IPs in blocked_nets. It is important to do this\n        // early but after recv_fe_ip_processing has been called, as the procedure\n        // takes care of writing X-Client-IP if it the request did not come\n        // through the TLS terminator\n        if (req.http.X-Provenance ~ \"^abuse=blocked_nets\") {\n            return (synth(403, \"Requests from your IP have been blocked, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information.\"));\n        }\n\n        // Block requests from common bot User-Agents that originate from bot_blocked_nets.\n        // For now, we define our list of common bot UAs as just one that has often been\n        // associated with trouble in the past, plus the blank or empty UA.\n        if (req.http.X-Provenance ~ \"^abuse=bot_blocked_nets\" && (!req.http.User-Agent || req.http.User-Agent ~ \"^(python-requests|Go-http-client/2.0|CInetHttp/1.0)\")) {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n        // Block POST requests from bot User-Agents which originate from bot_posts_blocked_nets.\n        // For now, we define our list of common bot UAs as just one that has often been\n        // associated with trouble in the past, plus the blank or empty UA.\n        // 'PostmanRuntime/' and variants come from https://phabricator.wikimedia.org/T272330\n        if (req.method == \"POST\" && req.http.X-Provenance ~ \"^abuse=bot_posts_blocked_nets\" && (!req.http.User-Agent || req.http.User-Agent ~ \"^([PRK]ostmanRuntime/)\")) {\n            return (synth(403, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n        if (req.http.User-Agent == \"node-fetch/1.0 (+https://github.com/bitinn/node-fetch)\" && vsthrottle.is_denied(\"node-fetch:\" + req.http.X-Client-IP, 10, 10s)) {\n            return (synth(429, \"Scripted requests from your IP have been blocked, please see https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy. In case of further questions, please see https://wikitech.wikimedia.org/wiki/Beta/Blocked for more information..\"));\n        }\n\n\n        // This unwraps proxy-style URLs and sanitizes the Host header\n        // (lowercase, no port, no funny chars, matches cert SAN, etc)\n        call normalize_request;\n\n        // Possibly switch to separate VCL\n        call cluster_fe_vcl_switch;\n        if (var.get_int(\"is_alt_domain\")) {\n            std.log(\"is_alt_domain: \" + var.get_int(\"is_alt_domain\"));\n        }\n\n        // This normalizes query parameters.\n        call normalize_request_nonmisc;\n    }\n\n    unset req.http.X-CDIS; // clear internal cache-disposition header\n    unset req.http.X-Varnish-Cluster; // internal cache cluster header\n\n    if ((req.http.host == \"healthcheck.wikimedia.org\" && req.url == \"/varnish-fe\") || (req.url == \"/varnish-fe-hc-5ebea9\")) {\n        return (synth(200, \"healthcheck\"));\n    }\n\n    # T364126: Disable Chrome Private Prefetch Proxy\n    if (req.url == \"/.well-known/traffic-advice\") {\n        return (synth(200, \"Disable Chrome Private Prefetch Proxy\"));\n    }\n\n    set req.backend_hint = cache_local.backend();\n\n\n    if(req.restarts == 0) {\n        // If this request had no cookies whatsoever mark it as such\n        // to later report this fact to X-Analytics\n        // Must happen here; uniques_recv mutates req.http.Cookie\n        if (!req.http.Cookie) {\n            var.set_int(\"nocookies\", 1);\n        }\n        // Skip PURGE requests as its volume will alter wmfuniq stats.\n        // An innocent SRE could be tempted to move this after the PURGE handling\n        // below, but beware of the dragons hidden inside cluster_fe_recv_pre_purge\n        if (req.method != \"PURGE\") {\n            call uniques_recv;\n        }\n        call analytics_recv;\n        if (var.get_int(\"is_alt_domain\") != 1 &&\n            req.http.host != \"upload.wikimedia.beta.wmcloud.org\") {\n            call analytics_last_access_recv;\n        }\n        call translation_engine_recv;\n    }\n\n\n    if (req.url ~ \"^/beacon\\/(?!event)[^/?]+\") {\n        // Logging beacon endpoints\n        //\n        // They are handled by the log tailer (varnishkafka) that filters the\n        // Varnish shm log for reqs to these endpoints and forwards them to log\n        // processors for storage and analysis.\n        return (synth(204, \"\"));\n    }\n\n    call cluster_fe_recv_pre_purge;\n    /* Support HTTP PURGE */\n    if (req.method == \"PURGE\") {\n        if (local.endpoint == \"/run/varnish-privileged.socket\" || std.ip(req.http.X-Client-IP, \"192.0.2.1\") ~ local_host) {\n            if (req.http.Host ~ \"^.*\\.beta\\.wmcloud\\.org$\") {\n                set req.hash_ignore_busy = true;\n                return (purge);\n            } else {\n                return (synth(204, \"Domain not cached here\"));\n            }\n        } else {\n                return (synth(405, \"Method not allowed\"));\n        }\n    }\n\n    call cluster_fe_recv;\n    call wm_recv_pass;\n    call cluster_fe_recv_tail;\n\n    return (hash); // no default VCL\n}\n\nsub vcl_hash {\n    call cluster_fe_hash;\n    // default vcl_hash invokes here!\n}\n\n// http://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html\nsub vcl_purge {\n    return (synth(204, \"Purged\"));\n}\n\nsub vcl_hit {\n    if (req.method == \"PURGE\") {\n        set req.http.X-CDIS = \"hit/purge\";\n    } else {\n        set req.http.X-CDIS = \"hit/\" + obj.hits;\n    }\n    call cluster_fe_hit;\n    // default vcl_hit invokes here!\n}\n\nsub vcl_miss {\n    set req.http.X-CDIS = \"miss\";\n    call shutdown_public_clouds;\n    call cluster_fe_miss;\n    return (fetch); // no default VCL (which is just \"return (fetch)\" anyways)\n}\n\nsub vcl_pass {\n    set req.http.X-CDIS = \"pass\";\n\n\n    call shutdown_public_clouds;\n    call cluster_fe_pass;\n    return (fetch); // no default VCL (which is just \"return (fetch)\" anyways)\n}\n\nsub vcl_pipe {\n    // for websockets over pipe\n    if (req.http.upgrade) {\n        set bereq.http.upgrade = req.http.upgrade;\n        set bereq.http.connection = req.http.connection;\n    }\n\n    // Similarly to pass-traffic, pipe-traffic should also pick backends\n    // randomly to avoid focus on a single node\n    set bereq.backend = cache_local_random.backend();\n}\n\nsub vcl_backend_fetch {\n    // Prevent sending the header on any inwards-facing requests to\n    // applayer services.\n    unset bereq.http.X-WMF-DP;\n    unset bereq.http.X-Cookie-Host;\n\n    call cluster_fe_backend_fetch;\n}\n\nsub wm_backend_response {\n    // This prevents the application layer from setting this in a response.\n    // We'll be setting this same variable internally in VCL in hit-for-pass\n    // cases later.\n    unset beresp.http.X-CDIS;\n    // Ensure that X-Experiment-Enrollments is on the Vary header. We need to\n    // deploy this in advance to let the CDN vary the whole cache so we can\n    // perform without needing to wipe the CDN\n    if (!beresp.http.Vary) {\n        set beresp.http.Vary = \"X-Experiment-Enrollments\";\n    } else if (beresp.http.Vary !~ \"(?i)\\bX-Experiment-Enrollments\\b\") {\n        set beresp.http.Vary = beresp.http.Vary + \", X-Experiment-Enrollments\";\n    }\n\n    /* Don't cache private, no-cache, no-store objects. */\n    if (beresp.http.Cache-Control ~ \"(?i:private|no-cache|no-store)\") {\n        set beresp.ttl = 0s;\n        // translated to hit-for-pass below\n    }\n    /* Especially don't cache Set-Cookie responses. Log violations. */\n    if ((beresp.ttl > 0s || beresp.http.Cache-Control ~ \"public\") && beresp.http.Set-Cookie) {\n        if (bereq.http.Host !~ \"^.*\\.wikimedia\\.org$\" || bereq.http.Host ~ \"^(meta|commons)\\.wikimedia\\.org$\") {\n            std.syslog(27, \"Cacheable object with Set-Cookie found!\" +\n                           \" beresp.status: \" + beresp.status +\n                           \" beresp.was_304: \" + beresp.was_304 +\n                           \" bereq.http.Host: \" + bereq.http.Host +\n                           \" bereq.url: \" + bereq.url +\n                           \" Cache-Control: \" + beresp.http.Cache-Control +\n                           \" Set-Cookie: \" + beresp.http.Set-Cookie +\n                           \" Server: \" + beresp.http.Server +\n                           \" ReqId: \" + beresp.http.X-Request-Id +\n                           \" X-Cache-Int: \" + beresp.http.X-Cache-Int);\n        }\n        set beresp.ttl = 0s;\n        // translated to hit-for-pass below\n    }\n    // Set a maximum cap on the TTL for 404s. Objects that don't exist now may\n    // be created later on, and we want to put a limit on the amount of time\n    // it takes for new resources to be visible.\n    elsif (beresp.status == 404 && beresp.ttl > 10m) {\n        set beresp.ttl = 10m;\n    }\n\n    // Set keep, which influences the amount of time objects are kept available\n    // in cache for IMS requests (TTL+grace+keep). Scale keep to the app-provided\n    // TTL.\n    if (beresp.ttl > 0s) {\n        if (beresp.http.ETag || beresp.http.Last-Modified) {\n            if (beresp.ttl < 1d) {\n                set beresp.keep = beresp.ttl;\n            } else {\n                set beresp.keep = 1d;\n            }\n        }\n\n        // Hard TTL cap on all fetched objects (default 1d)\n        if (beresp.ttl > 1d) {\n            set beresp.ttl = 1d;\n        }\n\n        set beresp.grace = 20m;\n    }\n\n    // Swizzled random reduction of all TTLs by up to 5%, to avoid various\n    // possible cases of stampedes of aligned natural expiries.\n    // Note VCL supports DURATION*REAL natively, and DURATIONs do support\n    // fractional seconds, so this doesn't technically need a guard\n    // condition against short TTLs.\n    // However, sub-second TTLs like 0.97s might poke edge cases in VCL,\n    // which would be a good reason to not do this for TTLs < 2s.\n    // Furthermore, swizzling a stampede of very short TTLs such that they\n    // expire milliseconds apart may do more perf harm than good.  60s\n    // seems like a reasonably-conservative cutoff, where the swizzle will\n    // be spreading things by ~3s.\n    if (beresp.ttl >= 60s) {\n        set beresp.ttl = beresp.ttl * std.random(0.95, 1.0);\n    }\n\n    // Compress compressible things if the backend didn't already, but\n    // avoid explicitly-defined CL < 860 bytes.  We've seen varnish do\n    // gzipping on CL:0 302 responses, resulting in output that has CE:gzip\n    // and CL:20 and sends a pointless gzip header.\n    // Very small content may actually inflate from gzipping, and\n    // sub-one-packet content isn't saving a lot of latency for the gzip\n    // costs (to the server and the client, who must also decompress it).\n    // The magic 860 number comes from Akamai, Google recommends anywhere\n    // from 150-1000.  See also:\n    // https://webmasters.stackexchange.com/questions/31750/what-is-recommended-minimum-object-size-for-gzip-performance-benefits\n    //\n    // Explicitly skip docker-registry due to the issues described in T270270\n    if (bereq.http.Host != \"docker-registry.wikimedia.org\" && beresp.http.content-type ~ \"json|text|html|script|xml|icon|ms-fontobject|ms-opentype|x-font|sla\"\n        && (!beresp.http.Content-Length || std.integer(beresp.http.Content-Length, 0) >= 860)) {\n            set beresp.do_gzip = true;\n    }\n    // SVGs served by MediaWiki are part of the interface. That makes them\n    // very hot objects, as a result the compression time overhead is a\n    // non-issue. Several of them tend to be requested at the same time,\n    // as the browser finds out about them when parsing stylesheets that\n    // contain multiple. This means that the \"less than 1 packet\" rationale\n    // for not compressing very small objects doesn't apply either. Lastly,\n    // since they're XML, they contain a fair amount of repetitive content\n    // even when small, which means that gzipped SVGs tend to be\n    // consistantly smaller than their uncompressed version, even when tiny.\n    // For all these reasons, it makes sense to have a lower threshold for\n    // SVG. Applying it to XML in general is a more unknown tradeoff, as it\n    // would affect small API responses that are more likely to be cold\n    // objects due to low traffic to specific API URLs.\n    if (beresp.http.content-type ~ \"svg\" && (!beresp.http.Content-Length || std.integer(beresp.http.Content-Length, 0) >= 150)) {\n        set beresp.do_gzip = true;\n    }\n\n    // set a 601s hit-for-pass object based on response conditions in vcl_backend_response:\n    //    Calculated TTL <= 0 + Status < 500 + No underlying cache hit:\n    //    These are generally uncacheable responses.  The 5xx exception\n    //    avoids us accidentally replacing a good stale/grace object with\n    //    an hfp (and then repeatedly passing on potentially-cacheable\n    //    content) due to an isolated 5xx response, and the exception for\n    //    underlying cache hits (detected from X-Cache-Int) is to avoid\n    //    creating a persist HFP object when a lower-level varnish\n    //    returned an expired object under grace-mode rules.\n    if (\n        beresp.ttl <= 0s\n        && beresp.status < 500\n        && (!beresp.http.X-Cache-Int || beresp.http.X-Cache-Int !~ \" hit\")\n    ) {\n        set beresp.grace = 31s;\n        set beresp.keep = 0s;\n        set beresp.http.X-CDIS = \"pass\";\n        // XXX: HFP for now, but this requires further work: T180712\n        return(pass(601s));\n    }\n}\n\nsub wm_admission_policies {\n    // hit-for-pass objects >= 262144 size. Do cache if Content-Length is missing.\n    if (std.integer(beresp.http.Content-Length, 0) >= 262144) {\n        // HFP\n        set beresp.http.X-CDIS = \"pass\";\n        return(pass(beresp.ttl));\n    }\n\n\n    return (deliver);\n}\n\nsub vcl_backend_response {\n    // retry 503 once in frontend instances, to paper over transient issues\n    // This catches the backending handing us an explicit 503\n    if (beresp.status == 503 && bereq.retries == 0 && bereq.method ~ \"^(GET|HEAD|OPTIONS|PUT|DELETE)$\") {\n        return(retry);\n    }\n    call cluster_fe_backend_response_early; // e.g. to fix up Vary-slotting in bereq\n    call wm_backend_response;\n    call cluster_fe_backend_response;\n    // It is important that this happens after the code responsible for translating TTL<=0\n    // (uncacheable) responses into hit-for-pass. That code lives in wm_backend_response.\n    call wm_admission_policies;\n    // default vcl_(fetch|backend_response) does not invoke here because wm_admission_policies unconditionally returns!\n}\n\nsub wm_xcache_deliver {\n    if (req.method != \"PURGE\") {\n        // we copy through from beresp->resp->req here for the initial hit-for-pass case\n        if (resp.http.X-CDIS) {\n            set req.http.X-CDIS = resp.http.X-CDIS;\n            unset resp.http.X-CDIS;\n        }\n\n        if (!req.http.X-CDIS) {\n            set req.http.X-CDIS = \"bug\";\n        }\n\n        // X-Cache-Int gets appended-to as we traverse cache layers\n        if (resp.http.X-Cache-Int) {\n            set resp.http.X-Cache-Int = resp.http.X-Cache-Int + \", deployment-cache-text08 \" + req.http.X-CDIS;\n        } else {\n            set resp.http.X-Cache-Int = \"deployment-cache-text08 \" + req.http.X-CDIS;\n        }\n    }\n}\n\n// Common code in frontend vcl_deliver + vcl_synth\nsub deliver_synth_ {\n    call wm_xcache_deliver;\n\n    // At the frontends, copy X-Cache-Int to X-Cache and delete X-Cache-Int\n    // This prevents double-set of X-Cache in log parsing on varnish4.\n    // In this block we also decipher X-Cache into an overall X-Cache-Status\n    // output header.\n    if (req.method != \"PURGE\") {\n        set resp.http.X-Cache = resp.http.X-Cache-Int;\n        // The test VCL version uses X-Cache-Int-Testing accepted as is\n        // from the upstream server to simplify writing VTC tests.\n        if (resp.http.X-Cache-Int-Testing) {\n            set resp.http.X-Cache = resp.http.X-Cache-Int-Testing;\n            unset resp.http.X-Cache-Int-Testing;\n        }\n        set resp.http.X-Cache-Status = regsuball(resp.http.X-Cache, \"cp[0-9]{4} (hit|miss|pass|int)(?:/[0-9]+)?\", \"\\1\");\n\n        unset resp.http.X-Cache-Int;\n        unset resp.http.Via;\n\n        // -front: Varnish cache\n        // -local: ATS cache\n        if (resp.http.X-Cache-Status ~ \"hit$\") {\n            set resp.http.X-Cache-Status = \"hit-front\";\n        } elsif (resp.http.X-Cache-Status ~ \"hit\") {\n            set resp.http.X-Cache-Status = \"hit-local\";\n        } elsif (resp.http.X-Cache-Status ~ \"int$\") {\n            set resp.http.X-Cache-Status = \"int-front\";\n        } elsif (resp.http.X-Cache-Status ~ \"int\") {\n            set resp.http.X-Cache-Status = \"int-local\";\n        } elsif (resp.http.X-Cache-Status ~ \"miss$\") {\n            set resp.http.X-Cache-Status = \"miss\";\n        } elsif (resp.http.X-Cache-Status ~ \"pass$\") {\n            set resp.http.X-Cache-Status = \"pass\";\n        } else {\n            set resp.http.X-Cache-Status = \"unknown\";\n        }\n\n        set resp.http.Server-Timing = {\"cache;desc=\"\"} + resp.http.X-Cache-Status + {\"\", host;desc=\"deployment-cache-text08\"\"};\n    }\n\n    // 5xx should not carry set-cookies, this seems risky in general\n    if (resp.status >= 500 && resp.http.Set-Cookie) {\n        // Log it for cases we care about more:\n        if (req.http.Host !~ \"^.*\\.wikimedia\\.org$\" || req.http.Host ~ \"^(meta|commons)\\.wikimedia\\.org$\") {\n            std.syslog(27, \"5XX with Set-Cookie found!\" +\n                \" req.http.Host: \" + req.http.Host +\n                \" req.url: \" + req.url +\n                \" req.http.Cookie: \" + req.http.Cookie +\n                \" resp.status: \" + resp.status +\n                \" Cache-Control: \" + resp.http.Cache-Control +\n                \" Set-Cookie: \" + resp.http.Set-Cookie +\n                \" Server: \" + resp.http.Server +\n                \" ReqId: \" + resp.http.X-Request-Id +\n                \" Age: \" + resp.http.Age +\n                \" X-Cache: \" + resp.http.X-Cache);\n        }\n        // Clear it for all traffic.  It's a 5xx, nothing was guaranteed to work anyways\n        unset resp.http.Set-Cookie;\n    }\n\n    std.collect(resp.http.X-Varnish);\n\n    call https_deliver_hsts;\n\n    call https_deliver_networkerrorlogging;\n\n    call analytics_deliver_pre;\n    if (var.get_int(\"is_alt_domain\") != 1 &&\n        req.http.host != \"upload.wikimedia.beta.wmcloud.org\") {\n        call analytics_deliver_last_access;\n    }\n    call analytics_deliver_post;\n\n    // echo metadata about the client back to the client (analytics looks at this as well)\n    set resp.http.X-Client-IP = req.http.X-Client-IP;\n}\n\nsub uniques_deliver {\n    if (wu_cfg.get_set_cookie()) {\n            // The *very* special case is a request to host==\"wikimedia.org\".\n            // We can't set a cookie just for this without leaking it to all\n            // subdomains.  We cannot set it *only* for the 2LD and not have it\n            // leak, so we cannot set one at all in this case.\n            // Every request to this domain gets a fresh pointless one\n            // internally, but it's ok because in practice this whole domain is\n            // just a 301 -> www.wikimedia.org.\n        if (req.http.Host != \"wikimedia.org\") {\n            if (req.http.Host ~ \"((^|\\.)(wmflabs\\.org|toolforge\\.org|wmcloud\\.org))$\") {\n                // For the rest of *.wikimedia.org, we must set the domain to\n                // the full Host value to avoid leaks to 3rd-party entities\n                // that unfortunately exist in this space.  For all other\n                // cases, use the 2LD as the Domain attribute.\n\n                if (req.http.X-Cookie-Host ~ \"\\.wikimedia\\.org$\") {\n                    set resp.http.X-WUTMPDOM = req.http.X-Cookie-Host;\n                } else {\n                    set resp.http.X-WUTMPDOM = \".\" + regsub(req.http.X-Cookie-Host, \"^([a-z0-9-]+\\.)*([a-z0-9-]+\\.\\Qbeta.wmcloud.org\\E)$\", \"\\2\");\n                }\n\n                header.append(resp.http.Set-Cookie,\n                    \"WMF-Uniq=\"\n                    + wu_cfg.get_cookie_val()\n                    + \";Domain=\" + resp.http.X-WUTMPDOM\n                    + \";Path=/;HttpOnly;secure;SameSite=Lax;Expires=\"\n                    + std.time(std.time2integer(now + 1y, 0) / 86400 * 86400)\n                );\n                unset resp.http.X-WUTMPDOM; // clear temp header from above\n            }\n        }\n    }\n\n    set resp.http.X-WUTIMING = {\"WMF-Uniq;desc=\"\"} + wu_cfg.get_abtests_stiming() + {\"\"\"};\n    if (resp.http.X-WUTIMING != {\"WMF-Uniq;desc=\"\"\"}) {\n        header.append(resp.http.Server-Timing, resp.http.X-WUTIMING);\n    }\n    unset resp.http.X-WUTIMING;\n}\n\nsub vcl_deliver {\n    // Provides custom error html if error response has no body\n    if (resp.http.Content-Length == \"0\" && resp.status >= 400) {\n        return(synth(resp.status));\n    }\n    // Do not leak Vary: X-Experiment-Enrollments to the user\n    if (resp.http.Vary) {\n        if (resp.http.Vary == \"X-Experiment-Enrollments\") {\n            unset resp.http.Vary;\n        } else if (resp.http.Vary ~ \"(?i)\\s*X-Experiment-Enrollments\") {\n            set resp.http.Vary = regsub(resp.http.Vary, \"(?i)\\s*X-Experiment-Enrollments\\s*,?\\s*|,\\s*X-Experiment-Enrollments\\s*\", \"\");\n        }\n    }\n    call deliver_synth_;\n    call cluster_fe_deliver;\n    if (req.method != \"PURGE\") {\n        call uniques_deliver;\n    }\n    return (deliver); // no default VCL (which is just \"return (deliver)\" anyways)\n}\n\n// Varnish4 vcl_synth+vcl_backend_error\n\nsub vcl_synth {\n    if (req.method != \"PURGE\") {\n        set resp.http.X-CDIS = \"int\";\n        call deliver_synth_;\n        call cluster_fe_err_synth;\n\n        // Set Retry-After for requests throttled by requestctl.\n        // Please note: this request header is only set for requests that are\n        // being throttled, so even if non-standard, it never leaves varnish.\n        // see T305824.\n        if (req.http.Retry-After) {\n            set resp.http.Retry-After = req.http.Retry-After;\n        }\n\n        // This is for 421 Misdirected for bad HTTP/2 coalescing\n        // between text and upload cluster IPs:\n        if (resp.reason == \"Misdirected Request\") {\n            set resp.http.Connection = \"keep-alive\";\n            set resp.http.Content-Length = \"0\"; // BZ #62245\n            set resp.http.Cache-Control = \"private, s-maxage=0, max-age=0, must-revalidate\";\n        }\n\n        if (resp.status >= 400) {\n            call synth_errorpage;\n        }\n    }\n\n    if (resp.reason == \"healthcheck\") {\n        set resp.reason = \"OK\";\n        synthetic(\"Varnish frontend running on deployment-cache-text08 is up\");\n    }\n\n    if (resp.reason == \"Disable Chrome Private Prefetch Proxy\") {\n        set resp.reason = \"OK\";\n        set resp.http.Cache-Control = \"public, max-age=86400\";\n        set resp.http.Content-Type = \"application/trafficadvice+json\";\n        synthetic({\"[{\n  \"user_agent\": \"prefetch-proxy\",\n  \"disallow\": true\n}]\n\"});\n    }\n\n    return (deliver);\n}\n\nsub vcl_backend_error {\n    // retry 503 once in frontend instances, to paper over transient issues\n    // This catches an implicit 503 (e.g. connectfail, timeout, etc)\n    if (beresp.status == 503 && bereq.retries == 0 && bereq.method ~ \"^(GET|HEAD|OPTIONS|PUT|DELETE)$\") {\n        return(retry);\n    }\n    set beresp.http.X-CDIS = \"int\";\n    call backend_error_errorpage;\n    return (deliver);\n}\n# vim: set expandtab tabstop=4 shiftwidth=4:\n"}},{"type":"File","title":"/etc/varnish/misc-frontend.inc.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"include \"geoip.inc.vcl\";\nsub detect_browser {\n\n}\n\nsub cluster_fe_vcl_switch {\n    // We need to be able to tell that this domain is an alt domain down the\n    // line.\n    var.set_int(\"is_alt_domain\", 1);\n}\n\nsub cluster_fe_recv_pre_purge {\n    if (req.http.X-Provenance ~ \"^abuse=phabricator_abusers\" && (req.http.Host == \"phabricator.wikimedia.org\" || req.http.Host == \"phab.wmfusercontent.org\")) {\n        return (synth(403, \"Requests from your IP have been blocked, please contact noc@wikimedia.org\"));\n    }\n}\n\nsub cluster_fe_recv {\n    // STS-preload checker doesn't like [45]xx responses, but 3xx is OK, so\n    // re-use the TLS-redirector code and send them to the wikimedia site.\n    //\n    // FIXME: This is unreachable because wmfusercontent.org routes to text-addrs\n    // and text-frontend.vcl, where \"wmfusercontent.org\" is not in alternate_domains,\n    // and thus it routes to MediaWiki/Apache with 404 Unconfigured domain.\n    if (req.http.Host == \"wmfusercontent.org\") {\n        set req.http.Location = \"https://www.wikimedia.org\";\n        return (synth(301, \"STS Preload Redirect\"));\n    }\n}\n\nsub cluster_fe_recv_tail {\n    if (req.method != \"GET\" && req.method != \"HEAD\") {\n        // We only deal with GET and HEAD\n        return (pass);\n    }\n\n    // don't cache authorized requests\n    if (req.http.Authorization) {\n        return (pass);\n    }\n\n    // Don't cache cookie requests. Cache requests with google analytics cookies and our\n    // own global WMF-Last-Access, WMF-Last-Access-Global GeoIP, CP, and NetworkProbeLimit cookies.\n    set req.http.NC-Cookie = regsuball(req.http.Cookie, \"(?i)(^|;\\s*)(_ga[-_a-z]*|_utm[-_a-z]*|_pk_(id|ses)\\.[^=]*|WMF-Last-Access(-Global)?|GeoIP|CP|NetworkProbeLimit)=[^;]*\", \"\");\n    set req.http.NC-Cookie = regsub(req.http.NC-Cookie, \"^;?\\s*\", \"\");\n    if (req.http.NC-Cookie != \"\") {\n        unset req.http.NC-Cookie;\n        return (pass);\n    }\n    unset req.http.NC-Cookie;\n}\n\nsub cluster_fe_hash { }\nsub cluster_fe_ratelimit {\n    // TODO: move all these rules to requestctl if possible.\n    // For now, add the requestctl header for them too,\n    // so that we have some more insight into which rule is kicking in\n    // Set the header to the empty string if not present.\n    if (!req.http.X-Requestctl) {\n        set req.http.X-Requestctl = \"\";\n    }\n    // Requests in violation of the User-Agent policy\n    if (req.http.User-Agent ~ \"^python-requests\" && req.http.Host == \"query.wikidata.org\") {\n        // UA-policy violations: 10/10s (1/s long term, with 10 burst)\n        if (vsthrottle.is_denied(\"wdqs-ua-policy:\" + req.http.X-Client-IP, 10, 10s)) {\n            set req.http.X-Requestctl = req.http.X-Requestctl + \",static_wdqs_ua_policy\";\n            return (synth(429, \"Too many requests. Please comply with the User-Agent policy to get a higher rate limit: https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy\"));\n        }\n    }\n    // vscode-phabricator is too aggressive in caching users https://phabricator.wikimedia.org/T270482 (private task)\n    if (req.http.User-Agent ~ \"^vscode-phabricator\" && req.http.Host == \"phabricator.wikimedia.org\") {\n        // UA-policy violations: 30/10s (3/s long term, with 30 burst)\n        if (vsthrottle.is_denied(\"vscode-phab-ua-policy:\" + req.http.X-Client-IP, 30, 10s)) {\n            set req.http.X-Requestctl = req.http.X-Requestctl + \",static_vscode_phab_ua_policy\";\n            return (synth(429, \"vscode-phabricator fetches users too aggressively: https://phabricator.wikimedia.org/T271528\"));\n        }\n    }\n\n}\n\nsub cluster_fe_hit {\n    call cluster_fe_ratelimit_hit;\n}\nsub cluster_fe_ratelimit_hit {\n}\n\nsub cluster_fe_miss {\n    call cluster_fe_ratelimit;\n}\n\nsub cluster_fe_pass {\n    call cluster_fe_ratelimit;\n}\n\nsub cluster_fe_backend_fetch {\n    // When we receive NEL reports, attach some GeoIP data as backend request headers.\n    if (bereq.http.Host == \"intake-logging.wikimedia.org\") {\n        call nel_geoip_bereq;\n    }\n    set bereq.http.X-Varnish-Cluster = \"misc\";\n}\nsub cluster_fe_backend_response_early { }\n\nsub cluster_fe_backend_response {\n    // hit_for_pass on objects >= 256K. Do *not* cache objects without CL\n    if (std.integer(beresp.http.Content-Length, 262144) >= 262144 || beresp.http.Content-Length ~ \"^[0-9]{9}\") {\n        // HFP\n        set beresp.http.X-CDIS = \"pass\";\n        return(pass(beresp.ttl));\n    }\n}\n\nsub cluster_fe_deliver { }\n\nsub cluster_fe_err_synth {\n    if (resp.reason == \"STS Preload Redirect\") {\n        set resp.http.Location = req.http.Location;\n        set resp.http.Content-Length = \"0\"; // T64245\n        return(deliver);\n    }\n}\n"}},{"type":"File","title":"/usr/share/varnish/tests/misc-frontend.inc.vcl","tags":["file","varnish::wikimedia_vcl","varnish","wikimedia_vcl","varnish::instance","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/varnish/manifests/wikimedia_vcl.pp","line":67,"exported":false,"kind":"compilable_type","parameters":{"owner":"root","group":"root","mode":"0444","content":"include \"geoip.inc.vcl\";\nsub detect_browser {\n\n}\n\nsub cluster_fe_vcl_switch {\n    // We need to be able to tell that this domain is an alt domain down the\n    // line.\n    var.set_int(\"is_alt_domain\", 1);\n}\n\nsub cluster_fe_recv_pre_purge {\n    if (req.http.X-Provenance ~ \"^abuse=phabricator_abusers\" && (req.http.Host == \"phabricator.wikimedia.org\" || req.http.Host == \"phab.wmfusercontent.org\")) {\n        return (synth(403, \"Requests from your IP have been blocked, please contact noc@wikimedia.org\"));\n    }\n}\n\nsub cluster_fe_recv {\n    // STS-preload checker doesn't like [45]xx responses, but 3xx is OK, so\n    // re-use the TLS-redirector code and send them to the wikimedia site.\n    //\n    // FIXME: This is unreachable because wmfusercontent.org routes to text-addrs\n    // and text-frontend.vcl, where \"wmfusercontent.org\" is not in alternate_domains,\n    // and thus it routes to MediaWiki/Apache with 404 Unconfigured domain.\n    if (req.http.Host == \"wmfusercontent.org\") {\n        set req.http.Location = \"https://www.wikimedia.org\";\n        return (synth(301, \"STS Preload Redirect\"));\n    }\n}\n\nsub cluster_fe_recv_tail {\n    if (req.method != \"GET\" && req.method != \"HEAD\") {\n        // We only deal with GET and HEAD\n        return (pass);\n    }\n\n    // don't cache authorized requests\n    if (req.http.Authorization) {\n        return (pass);\n    }\n\n    // Don't cache cookie requests. Cache requests with google analytics cookies and our\n    // own global WMF-Last-Access, WMF-Last-Access-Global GeoIP, CP, and NetworkProbeLimit cookies.\n    set req.http.NC-Cookie = regsuball(req.http.Cookie, \"(?i)(^|;\\s*)(_ga[-_a-z]*|_utm[-_a-z]*|_pk_(id|ses)\\.[^=]*|WMF-Last-Access(-Global)?|GeoIP|CP|NetworkProbeLimit)=[^;]*\", \"\");\n    set req.http.NC-Cookie = regsub(req.http.NC-Cookie, \"^;?\\s*\", \"\");\n    if (req.http.NC-Cookie != \"\") {\n        unset req.http.NC-Cookie;\n        return (pass);\n    }\n    unset req.http.NC-Cookie;\n}\n\nsub cluster_fe_hash { }\nsub cluster_fe_ratelimit {\n    // TODO: move all these rules to requestctl if possible.\n    // For now, add the requestctl header for them too,\n    // so that we have some more insight into which rule is kicking in\n    // Set the header to the empty string if not present.\n    if (!req.http.X-Requestctl) {\n        set req.http.X-Requestctl = \"\";\n    }\n    // Requests in violation of the User-Agent policy\n    if (req.http.User-Agent ~ \"^python-requests\" && req.http.Host == \"query.wikidata.org\") {\n        // UA-policy violations: 10/10s (1/s long term, with 10 burst)\n        if (vsthrottle.is_denied(\"wdqs-ua-policy:\" + req.http.X-Client-IP, 10, 10s)) {\n            set req.http.X-Requestctl = req.http.X-Requestctl + \",static_wdqs_ua_policy\";\n            return (synth(429, \"Too many requests. Please comply with the User-Agent policy to get a higher rate limit: https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Wikimedia_Foundation_User-Agent_Policy\"));\n        }\n    }\n    // vscode-phabricator is too aggressive in caching users https://phabricator.wikimedia.org/T270482 (private task)\n    if (req.http.User-Agent ~ \"^vscode-phabricator\" && req.http.Host == \"phabricator.wikimedia.org\") {\n        // UA-policy violations: 30/10s (3/s long term, with 30 burst)\n        if (vsthrottle.is_denied(\"vscode-phab-ua-policy:\" + req.http.X-Client-IP, 30, 10s)) {\n            set req.http.X-Requestctl = req.http.X-Requestctl + \",static_vscode_phab_ua_policy\";\n            return (synth(429, \"vscode-phabricator fetches users too aggressively: https://phabricator.wikimedia.org/T271528\"));\n        }\n    }\n\n}\n\nsub cluster_fe_hit {\n    call cluster_fe_ratelimit_hit;\n}\nsub cluster_fe_ratelimit_hit {\n}\n\nsub cluster_fe_miss {\n    call cluster_fe_ratelimit;\n}\n\nsub cluster_fe_pass {\n    call cluster_fe_ratelimit;\n}\n\nsub cluster_fe_backend_fetch {\n    // When we receive NEL reports, attach some GeoIP data as backend request headers.\n    if (bereq.http.Host == \"intake-logging.wikimedia.org\") {\n        call nel_geoip_bereq;\n    }\n    set bereq.http.X-Varnish-Cluster = \"misc\";\n}\nsub cluster_fe_backend_response_early { }\n\nsub cluster_fe_backend_response {\n    // hit_for_pass on objects >= 256K. Do *not* cache objects without CL\n    if (std.integer(beresp.http.Content-Length, 262144) >= 262144 || beresp.http.Content-Length ~ \"^[0-9]{9}\") {\n        // HFP\n        set beresp.http.X-CDIS = \"pass\";\n        return(pass(beresp.ttl));\n    }\n}\n\nsub cluster_fe_deliver { }\n\nsub cluster_fe_err_synth {\n    if (resp.reason == \"STS Preload Redirect\") {\n        set resp.http.Location = req.http.Location;\n        set resp.http.Content-Length = \"0\"; // T64245\n        return(deliver);\n    }\n}\n"}},{"type":"Service","title":"varnish-frontend","tags":["varnish_instance","service","varnish-frontend","systemd::service","systemd","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"tag":"varnish_instance","require":["Package[varnish]","Mount[/var/lib/varnish]","File[/etc/varnish/text-frontend.inc.vcl]","File[/etc/varnish/wikimedia_text-frontend.vcl]","File[/etc/varnish/normalize_path.inc.vcl]","File[/etc/varnish/geoip.inc.vcl]","File[/etc/varnish/wikimedia_misc-frontend.vcl]"],"before":["Varnishkafka::Instance[webrequest]","Varnishkafka::Instance[statsv]"],"notify":["Service[varnishkafka-webrequest]","Service[varnishkafka-statsv]"]}},{"type":"Systemd::Unit","title":"varnish-frontend","tags":["systemd::unit","systemd","unit","varnish-frontend","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=%p (Varnish HTTP Accelerator)\n\n[Service]\nType=forking\nLimitNOFILE=500000\nLimitMEMLOCK=90000\nLimitRTPRIO=infinity\n# https://phabricator.wikimedia.org/T208574\nTasksMax=infinity\n### start sec settings\nPrivateTmp=true\nPrivateDevices=true\nProtectSystem=full\nProtectHome=true\nNoNewPrivileges=true\n# No special powers for root with the exception of the following.\n# See capabilities(7).\nCapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_CHOWN CAP_NET_BIND_SERVICE CAP_KILL CAP_DAC_OVERRIDE\n### end sec settings\nPIDFile=%t/%p.pid\nRestart=on-failure\nKillMode=process\nEnvironment=\"CC_COMMAND=exec gcc -std=gnu99 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -pthread -fpic -shared -Wl,-x -L/usr/local/lib/ -o %%o %%s -lmaxminddb -lsodium\"\n# rsyslog will see this in $programname\nSyslogIdentifier=varnish-frontend\nExecReload=/usr/local/sbin/reload-vcl -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl\n# We start varnishd(1) without specifying a VCL file (-f ''). Use reload-vcl in\n# ExecStartPost to load and label separate VCL files first, and the main one\n# last. This is necessary given that the main VCL file might reference the\n# label of separate VCLs, and would otherwise fail to compile if loaded\n# directly with -f.\nExecStartPost=/usr/local/sbin/reload-vcl -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl --start-child\n# thread_pools * thread_pool_max = maximum number of threads spawned.\nExecStart=/usr/sbin/varnishd \\\n-P %t/%p.pid \\\n-a 127.0.0.1:3127 \\\n-a /run/varnish-frontend-0.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-1.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-2.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-3.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-4.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-5.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-6.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-7.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-privileged.socket,user=haproxy,group=root,mode=0222 \\\n-T 127.0.0.1:6082 \\\n-f '' \\\n-p thread_pool_min=250 \\\n-p thread_pool_max=5000 \\\n-p thread_pool_timeout=120 \\\n-p vsl_reclen=2048 \\\n-p workspace_backend=128k \\\n-p vcc_allow_inline_c=true \\\n-S /etc/varnish/secret \\\n-s malloc,1G  \\\n-p transit_buffer=1M \\\n-p thread_pool_stack=131072 \\\n-p listen_depth=16384 -p vcc_err_unref=off \\\n-p http_req_size=24576 \\\n-p gzip_level=8 \\\n-p gzip_memlevel=9 \\\n-p default_ttl=3600 \\\n-n frontend \\\n-l 160M \\\n-p cc_command=${CC_COMMAND}\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"varnish-frontend","require":["Class[Systemd]"]}},{"type":"Service","title":"varnish-frontend-slowlog","tags":["service","varnish-frontend-slowlog","systemd::service","systemd","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"require":"Service[varnish-frontend]"}},{"type":"Systemd::Unit","title":"varnish-frontend-slowlog","tags":["systemd::unit","systemd","unit","varnish-frontend-slowlog","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Varnish frontend Slow Requests\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishslowlog  --varnishd-instance-name frontend  --slow-threshold 60.0\nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":true,"unit":"varnish-frontend-slowlog","require":["Class[Systemd]"]}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_varnish-frontend-slowlog","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_varnish-frontend-slowlog","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: varnish-frontend-slowlog","command":"/usr/local/sbin/wmf-auto-restart -s varnish-frontend-slowlog","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 9:9:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Service","title":"varnish-frontend-hospital","tags":["service","varnish-frontend-hospital","systemd::service","systemd","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"require":"Service[varnish-frontend]"}},{"type":"Systemd::Unit","title":"varnish-frontend-hospital","tags":["systemd::unit","systemd","unit","varnish-frontend-hospital","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Varnish frontend Origin Servers Health\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishospital  --varnishd-instance-name frontend \nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":true,"unit":"varnish-frontend-hospital","require":["Class[Systemd]"]}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_varnish-frontend-hospital","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_varnish-frontend-hospital","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: varnish-frontend-hospital","command":"/usr/local/sbin/wmf-auto-restart -s varnish-frontend-hospital","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 14:52:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Service","title":"varnish-frontend-fetcherr","tags":["service","varnish-frontend-fetcherr","systemd::service","systemd","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"require":"Service[varnish-frontend]"}},{"type":"Systemd::Unit","title":"varnish-frontend-fetcherr","tags":["systemd::unit","systemd","unit","varnish-frontend-fetcherr","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Varnish frontend Fetch Errors\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishfetcherr  --varnishd-instance-name frontend \nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":true,"unit":"varnish-frontend-fetcherr","require":["Class[Systemd]"]}},{"type":"Systemd::Timer::Job","title":"wmf_auto_restart_varnish-frontend-fetcherr","tags":["systemd::timer::job","systemd","timer","job","wmf_auto_restart_varnish-frontend-fetcherr","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/profile/manifests/auto_restarts/service.pp","line":29,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","user":"root","description":"Auto restart job: varnish-frontend-fetcherr","command":"/usr/local/sbin/wmf-auto-restart -s varnish-frontend-fetcherr","interval":{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 15:12:00"},"require":"File[/usr/local/sbin/wmf-auto-restart]","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logging_enabled":true,"logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","ignore_errors":false,"send_mail_only_on_error":true,"private_tmp":false,"fixed_random_delay":false,"success_exit_status":[]}},{"type":"Service","title":"prometheus-varnish-exporter@frontend","tags":["service","systemd::service","systemd","prometheus::varnish_exporter","prometheus","varnish_exporter","frontend","class","profile::prometheus::varnish_exporter","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Unit","title":"prometheus-varnish-exporter@frontend","tags":["systemd::unit","systemd","unit","systemd::service","service","prometheus::varnish_exporter","prometheus","varnish_exporter","frontend","class","profile::prometheus::varnish_exporter","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Prometheus exporter for Varnish (instance %i)\nDocumentation=https://prometheus.io/docs/introduction/overview/\nBindsTo=varnish-frontend.service\nAfter=varnish-frontend.service\n\n[Service]\nRestart=always\nUser=varnish\nGroup=varnish\nExecStart=/usr/bin/prometheus-varnish-exporter -raw -n frontend -web.listen-address :9331\n\n[Install]\nWantedBy=multi-user.target varnish-frontend.service\n","override":false,"override_filename":"puppet-override.conf","restart":true,"unit":"prometheus-varnish-exporter@frontend","require":["Class[Systemd]"]}},{"type":"File","title":"/lib/systemd/system/esitest.service","tags":["file","systemd::unit","systemd","unit","esitest","systemd::service","service","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=HAProxy special instance for ESI testing\nAfter=network.target syslog.service\nWants=syslog.service\nBefore=trafficserver.service\n\n[Service]\nEnvironment=\"CONFIG=/etc/haproxy/esitest.cfg\" \"PIDFILE=/run/esitest/haproxy.pid\"\nExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q\nExecStart=/usr/sbin/haproxy -Ws -f ${CONFIG} -p $PIDFILE\nExecReload=/usr/sbin/haproxy -f ${CONFIG} -c\nExecReload=/bin/kill -USR2 $MAINPID\nKillMode=mixed\nRestart=always\nSuccessExitStatus=143\nType=notify\nLimitNOFILE=500000\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for esitest.service (esitest)]"}},{"type":"Exec","title":"systemd daemon-reload for esitest.service (esitest)","tags":["exec","systemd::unit","systemd","unit","esitest","systemd::service","service","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/refresh-dp-key.service","tags":["file","systemd::unit","systemd","unit","refresh-dp-key.service","systemd::timer::job","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Refresh DP key used by varnish daily\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nSyslogIdentifier=timer-refresh-dp-key\nExecStart=/usr/local/sbin/varnish-dp-key-generator /etc/varnish/dp.master.key /etc/varnish/dp.daily.key\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for refresh-dp-key.service (refresh-dp-key.service)]"}},{"type":"Exec","title":"systemd daemon-reload for refresh-dp-key.service (refresh-dp-key.service)","tags":["exec","systemd::unit","systemd","unit","refresh-dp-key.service","systemd::timer::job","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"refresh-dp-key","tags":["systemd::service","systemd","service","refresh-dp-key","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of refresh-dp-key.service\n\n[Timer]\nUnit=refresh-dp-key.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* 00:15:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[refresh-dp-key.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/timer-refresh-dp-key","tags":["file","systemd::syslog","systemd","syslog","timer-refresh-dp-key","systemd::timer::job","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"timer-refresh-dp-key","tags":["rsyslog::conf","rsyslog","conf","timer-refresh-dp-key","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"timer-refresh-dp-key\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/timer-refresh-dp-key/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/timer-refresh-dp-key]","mode":"0444"}},{"type":"Logrotate::Conf","title":"timer-refresh-dp-key","tags":["logrotate::conf","logrotate","conf","timer-refresh-dp-key","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for timer-refresh-dp-key\n\n/var/log/timer-refresh-dp-key/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Exec","title":"mask_trafficserver.service","tags":["exec","mask_trafficserver.service","systemd::mask","systemd","mask","trafficserver.service","class","trafficserver","trafficserver::instance","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/mask.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl mask trafficserver.service","creates":"/etc/systemd/system/trafficserver.service","unless":"/usr/bin/dpkg -s trafficserver | /bin/grep -q \"^Status: install ok installed$\""}},{"type":"File","title":"/etc/rsyslog.d/20-trafficserver.conf","tags":["file","rsyslog::conf","rsyslog","conf","trafficserver","class","trafficserver::instance","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"trafficserver\" then {\n    if ($msg contains \"Cacheable object with Set-Cookie\" or $msg contains \"SSL connection failed\") then {\n        # Send certain ATS syslog output to logstash and local rsyslog\n        set $.log_outputs = \"kafka local\";\n    } else {\n        # In general, do not send ATS logs to local rsyslog\n        stop\n    }\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"Exec","title":"unmask_trafficserver.service","tags":["exec","unmask_trafficserver.service","systemd::unmask","systemd","unmask","trafficserver.service","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unmask.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl unmask trafficserver.service","onlyif":"/bin/readlink -f /etc/systemd/system/trafficserver.service | grep -q /dev/null","refreshonly":true}},{"type":"Class","title":"Udev","tags":["class","udev","udev::rule","rule","vdb","trafficserver::instance","trafficserver","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"exported":false,"kind":"unknown"},{"type":"Exec","title":"udev_reload","tags":["exec","udev_reload","class","udev","udev::rule","rule","vdb","trafficserver::instance","trafficserver","instance","backend","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/udev/manifests/init.pp","line":3,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/udevadm control --reload && /usr/bin/udevadm trigger","refreshonly":true}},{"type":"File","title":"/etc/udev/rules.d/40-vdb.rules","tags":["file","udev::rule","udev","rule","vdb","trafficserver::instance","trafficserver","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/udev/manifests/rule.pp","line":25,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"SUBSYSTEM==\"block\", KERNEL==\"vdb\", OWNER:=\"trafficserver\" GROUP:=\"disk\"\n","notify":"Exec[udev_reload]"}},{"type":"Service","title":"trafficserver","tags":["service","trafficserver","systemd::service","systemd","trafficserver::instance","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"restart":"systemctl reload trafficserver"}},{"type":"Systemd::Unit","title":"trafficserver","tags":["systemd::unit","systemd","unit","trafficserver","systemd::service","service","trafficserver::instance","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Service]\nUser=trafficserver\nGroup=trafficserver\nExecStart=\nExecStart=/usr/bin/traffic_manager --nosyslog\nPIDFile=/run/trafficserver/manager.lock\nRestart=always\nRestartSec=1\nExecReload=\n# XXX: `traffic_server -C verify_config` is broken: it causes configuration\n# reloads, which cause errors with ascii_pipe logs\n#ExecReload=/usr/bin/traffic_server -C verify_config\nExecReload=/usr/bin/traffic_ctl config reload\n# traffic_manager is terminated with SIGTERM and exits with the received signal\n# number (15)\nSuccessExitStatus=15\n\nSyslogIdentifier=trafficserver\n\nLimitNOFILE=500000\nLimitMEMLOCK=90000\n\n# Security options\nProtectKernelModules=yes\nProtectKernelTunables=yes\nPrivateTmp=yes\n\nRestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK\n\nCapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_SETGID CAP_SETUID CAP_SYS_PTRACE CAP_FOWNER \nSystemCallFilter=~@keyring @clock @cpu-emulation @obsolete @module @raw-io @reboot @swap\n\n# The entire file system hierarchy is mounted read-only, except for the API\n# file system subtrees /dev, /proc and /sys\nProtectSystem=strict\n\n# Whitelist read/write directories\nReadWritePaths=/var/log/trafficserver\nReadWritePaths=/run/trafficserver\nReadWritePaths=/var/cache/trafficserver\n","override":true,"override_filename":"puppet-override.conf","restart":true,"unit":"trafficserver","require":["Class[Systemd]"]}},{"type":"Package","title":"lua-busted","tags":["package","lua-busted","trafficserver::lua_infra","trafficserver","lua_infra","infra-trafficserver","trafficserver::lua_script","lua_script","default","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_infra.pp","line":6,"kind":"compilable_type","exported":false,"parameters":{"ensure":"installed","provider":"apt"}},{"type":"File","title":"/etc/trafficserver/lua/","tags":["file","trafficserver::lua_infra","trafficserver","lua_infra","infra-trafficserver","trafficserver::lua_script","lua_script","default","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_infra.pp","line":8,"exported":false,"kind":"compilable_type","parameters":{"path":"/etc/trafficserver/lua","ensure":"directory","mode":"0755","owner":"trafficserver","group":"root"}},{"type":"File","title":"/etc/trafficserver/lua/mock.helper.lua","tags":["file","trafficserver::lua_infra","trafficserver","lua_infra","infra-trafficserver","trafficserver::lua_script","lua_script","default","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_infra.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"trafficserver","source":"puppet:///modules/profile/trafficserver/mock.helper.lua","group":"root"}},{"type":"Exec","title":"unit_tests_trafficserver","tags":["exec","unit_tests_trafficserver","trafficserver::lua_infra","trafficserver","lua_infra","infra-trafficserver","trafficserver::lua_script","lua_script","default","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_infra.pp","line":20,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/busted --helper=/etc/trafficserver/lua/mock.helper.lua --lpath=/etc/trafficserver/lua/?.lua /etc/trafficserver/lua/*","refreshonly":true,"require":"File[/etc/trafficserver/lua/mock.helper.lua]","notify":["Exec[trigger_lua_reload_/etc/trafficserver]","Exec[trigger_lua_reload_/etc/trafficserver]","Exec[trigger_lua_reload_/etc/trafficserver]","Exec[trigger_lua_reload_/etc/trafficserver]","Exec[trigger_lua_reload_/etc/trafficserver]","Exec[trigger_lua_reload_/etc/trafficserver]","Exec[trigger_lua_reload_/etc/trafficserver]","Exec[trigger_lua_reload_/etc/trafficserver]","Exec[trigger_lua_reload_/etc/trafficserver]"]}},{"type":"Exec","title":"trigger_lua_reload_/etc/trafficserver","tags":["exec","trafficserver::lua_infra","trafficserver","lua_infra","infra-trafficserver","trafficserver::lua_script","lua_script","default","class","profile::trafficserver::backend","profile","backend","role::cache::text","role","cache","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/trafficserver/manifests/lua_infra.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"command":"/usr/bin/touch /etc/trafficserver/remap.config","refreshonly":true,"notify":["Service[trafficserver]","Service[trafficserver]","Service[trafficserver]","Service[trafficserver]","Service[trafficserver]","Service[trafficserver]","Service[trafficserver]","Service[trafficserver]","Service[trafficserver]"]}},{"type":"File_line","title":"rm_ipip0_manual","tags":["file_line","rm_ipip0_manual","interface::manual","interface","manual","ipip_ipv4","interface::ipip","ipip","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/manual.pp","line":23,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"iface ipip0 inet manual","match_for_absence":true}},{"type":"File_line","title":"rm_hotplug_ipip0","tags":["file_line","rm_hotplug_ipip0","interface::manual","interface","manual","ipip_ipv4","interface::ipip","ipip","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/manual.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"allow-hotplug ipip0","match_for_absence":true}},{"type":"File_line","title":"rm_ipip0_127.0.0.42/32","tags":["file_line","interface::ip","interface","ip","interface::ipip","ipip","ipip_ipv4","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ip.pp","line":30,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"ip addr add 127.0.0.42/32 dev ipip0","match_for_absence":true}},{"type":"Exec","title":"ip addr del 127.0.0.42/32 dev ipip0","tags":["exec","interface::ip","interface","ip","interface::ipip","ipip","ipip_ipv4","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/ip.pp","line":37,"exported":false,"kind":"compilable_type","parameters":{"path":"/bin:/usr/bin","returns":[0,2],"onlyif":"ip address show ipip0 | grep -q 127.0.0.42/32"}},{"type":"File_line","title":"rm_ipip60_manual","tags":["file_line","rm_ipip60_manual","interface::manual","interface","manual","ipip_ipv6","interface::ipip","ipip","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/manual.pp","line":23,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"iface ipip60 inet6 manual","match_for_absence":true}},{"type":"File_line","title":"rm_hotplug_ipip60","tags":["file_line","rm_hotplug_ipip60","interface::manual","interface","manual","ipip_ipv6","interface::ipip","ipip","class","profile::lvs::realserver::ipip","profile","lvs","realserver","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/manual.pp","line":29,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"allow-hotplug ipip60","match_for_absence":true}},{"type":"File_line","title":"rm_post-up_lo_clsact_lo","tags":["file_line","rm_post-up_lo_clsact_lo","interface::post_up_command","interface","post_up_command","clsact_lo","interface::clsact","clsact","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/interface/manifests/post_up_command.pp","line":8,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","path":"/etc/network/interfaces","match":"post-up /usr/sbin/tc qdisc add dev lo clsact","match_for_absence":true}},{"type":"File","title":"/lib/systemd/system/tcp-mss-clamper.service","tags":["file","systemd::unit","systemd","unit","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=eBPF based TCP MSS clamper\nAfter=network.target\n\n[Install]\nWantedBy=multi-user.target\n\n[Service]\nLimitMEMLOCK=infinity\nExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1400 --ipv6-mss 1400 -p :2200 -s \"\" -i lo\nRestart=on-failure\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]"}},{"type":"Exec","title":"systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)","tags":["exec","systemd::unit","systemd","unit","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Nrpe::Monitor_service","title":"check_tcp-mss-clamper_status","tags":["nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","systemd","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/monitor.pp","line":23,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"Check unit status of tcp-mss-clamper","nrpe_command":"/usr/local/lib/nagios/plugins/check_systemd_unit_status tcp-mss-clamper","check_interval":10,"retries":2,"contact_group":"admins","notes_url":"https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments","critical":false,"migration_task":"T407130","timeout":10,"retry_interval":1,"enable_nrpe2nodexp":false,"enable_icinga_check":true,"nrpe2nodexp_parse_perf_data":false,"alertmanager_team":"observability"}},{"type":"Systemd::Unit","title":"prometheus_lvs_realserver_mss.service","tags":["systemd::unit","systemd","unit","prometheus_lvs_realserver_mss.service","systemd::timer::job","timer","job","prometheus_lvs_realserver_mss","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Regular job to collect MSS values of realserver endpoints\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e \n","unit":"prometheus_lvs_realserver_mss.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"prometheus_lvs_realserver_mss","tags":["systemd::timer","systemd","timer","prometheus_lvs_realserver_mss","systemd::timer::job","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnCalendar","interval":"minutely"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"prometheus_lvs_realserver_mss.service"}},{"type":"Systemd::Syslog","title":"prometheus_lvs_realserver_mss","tags":["systemd::syslog","systemd","syslog","prometheus_lvs_realserver_mss","systemd::timer::job","timer","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Systemd::Unit","title":"prometheus_ferm_mss.service","tags":["systemd::unit","systemd","unit","prometheus_ferm_mss.service","systemd::timer::job","timer","job","prometheus_ferm_mss","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Regular job to collect MSS values of ferm-based hosts\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e \n","unit":"prometheus_ferm_mss.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"prometheus_ferm_mss","tags":["systemd::timer","systemd","timer","prometheus_ferm_mss","systemd::timer::job","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnCalendar","interval":"minutely"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"prometheus_ferm_mss.service"}},{"type":"Systemd::Syslog","title":"prometheus_ferm_mss","tags":["systemd::syslog","systemd","syslog","prometheus_ferm_mss","systemd::timer::job","timer","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/lib/systemd/system/varnishkafka-statsv.service","tags":["file","base::service_unit","base","service_unit","varnishkafka-statsv","varnishkafka::instance","varnishkafka","instance","statsv","class","profile::cache::kafka::statsv","profile","cache","kafka","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":89,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=VarnishKafka statsv\nAfter=network.target local-fs.target varnish-frontend.service\nRequires=varnish-frontend.service\nBindsTo=varnish-frontend.service\nPartOf=varnishkafka-all.service\n\n[Service]\nType=simple\nExecStart=/usr/bin/varnishkafka -S \"/etc/varnishkafka/statsv.conf\"\nExecReload=/bin/kill -HUP $MAINPID\nRestart=on-failure\n\n[Install]\nWantedBy=varnishkafka-all.service multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":["Service[varnishkafka-statsv]"]}},{"type":"Exec","title":"systemd reload for varnishkafka-statsv","tags":["exec","base::service_unit","base","service_unit","varnishkafka-statsv","varnishkafka::instance","varnishkafka","instance","statsv","class","profile::cache::kafka::statsv","profile","cache","kafka","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":114,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"subscribe":"File[/lib/systemd/system/varnishkafka-statsv.service]","before":["Service[varnishkafka-statsv]"]}},{"type":"Service","title":"varnishkafka-statsv","tags":["service","varnishkafka-statsv","base::service_unit","base","service_unit","varnishkafka::instance","varnishkafka","instance","statsv","class","profile::cache::kafka::statsv","profile","cache","kafka","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":134,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"hasstatus":true,"hasrestart":true}},{"type":"File","title":"/etc/systemd/system/haproxykafka.service.d/puppet-override.conf","tags":["file","systemd::unit","systemd","unit","haproxykafka","systemd::service","service","class","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Service]\nUser=haproxykafka\nGroup=haproxykafka\nExecStart=\nExecStart=/usr/bin/haproxykafka -c /etc/haproxykafka/config.yaml\nRestart=always\nMemoryHigh=4.5%\nMemoryMax=5%\n# Hardening\nNoNewPrivileges=true\nPrivateTmp=true\nAmbientCapabilities=CAP_CHOWN\nCapabilityBoundingSet=CAP_CHOWN\nProtectSystem=strict\nReadWritePaths=/var/run/haproxykafka\nPrivateDevices=true\nProtectKernelModules=true\nProtectKernelLogs=true\nProtectHome=true\nProtectClock=true\nRestrictNamespaces=true\nRestrictSUIDSGID=true\nLockPersonality=true\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for haproxykafka.service (haproxykafka)]"}},{"type":"Exec","title":"systemd daemon-reload for haproxykafka.service (haproxykafka)","tags":["exec","systemd::unit","systemd","unit","haproxykafka","systemd::service","service","class","profile::cache::haproxykafka","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/prometheus_puppet_agent_stats.timer","tags":["file","systemd::unit","systemd","unit","prometheus_puppet_agent_stats.timer","systemd::service","service","prometheus_puppet_agent_stats","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of prometheus_puppet_agent_stats.service\n\n[Timer]\nUnit=prometheus_puppet_agent_stats.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_puppet_agent_stats.timer (prometheus_puppet_agent_stats.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_puppet_agent_stats.timer (prometheus_puppet_agent_stats.timer)","tags":["exec","systemd::unit","systemd","unit","prometheus_puppet_agent_stats.timer","systemd::service","service","prometheus_puppet_agent_stats","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_puppet_agent","prometheus","node_puppet_agent","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/clean_puppet_client_bucket.timer","tags":["file","systemd::unit","systemd","unit","clean_puppet_client_bucket.timer","systemd::service","service","clean_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of clean_puppet_client_bucket.service\n\n[Timer]\nUnit=clean_puppet_client_bucket.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=24h\nOnActiveSec=1s\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for clean_puppet_client_bucket.timer (clean_puppet_client_bucket.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for clean_puppet_client_bucket.timer (clean_puppet_client_bucket.timer)","tags":["exec","systemd::unit","systemd","unit","clean_puppet_client_bucket.timer","systemd::service","service","clean_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::client_bucket","profile","puppet","client_bucket","profile::puppet::agent","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/puppet-agent-timer.timer","tags":["file","systemd::unit","systemd","unit","puppet-agent-timer.timer","systemd::service","service","puppet-agent-timer","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of puppet-agent-timer.service\n\n[Timer]\nUnit=puppet-agent-timer.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:21/30:00\nOnStartupSec=1min\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for puppet-agent-timer.timer (puppet-agent-timer.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for puppet-agent-timer.timer (puppet-agent-timer.timer)","tags":["exec","systemd::unit","systemd","unit","puppet-agent-timer.timer","systemd::service","service","puppet-agent-timer","systemd::timer","timer","systemd::timer::job","job","class","profile::puppet::agent","profile","puppet","agent","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[puppet-agent-timer.timer]"]}},{"type":"Service","title":"wmf_auto_restart_systemd-timesyncd.timer","tags":["service","wmf_auto_restart_systemd-timesyncd.timer","systemd::service","systemd","wmf_auto_restart_systemd-timesyncd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_systemd-timesyncd.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_systemd-timesyncd.timer","systemd::service","service","wmf_auto_restart_systemd-timesyncd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_systemd-timesyncd.service\n\n[Timer]\nUnit=wmf_auto_restart_systemd-timesyncd.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 3:54:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_systemd-timesyncd.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-systemd-timesyncd.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_systemd-timesyncd","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_systemd-timesyncd\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_systemd-timesyncd/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_systemd-timesyncd","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_systemd-timesyncd","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_systemd-timesyncd\n\n/var/log/wmf_auto_restart_systemd-timesyncd/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"wmf_auto_restart_exim4.timer","tags":["service","wmf_auto_restart_exim4.timer","systemd::service","systemd","wmf_auto_restart_exim4","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_exim4.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_exim4.timer","systemd::service","service","wmf_auto_restart_exim4","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_exim4.service\n\n[Timer]\nUnit=wmf_auto_restart_exim4.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 17:52:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_exim4.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-exim4.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_exim4","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_exim4\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_exim4/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_exim4","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_exim4","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_exim4\n\n/var/log/wmf_auto_restart_exim4/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"wmf_auto_restart_prometheus-node-exporter.timer","tags":["service","wmf_auto_restart_prometheus-node-exporter.timer","systemd::service","systemd","wmf_auto_restart_prometheus-node-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_prometheus-node-exporter.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_prometheus-node-exporter.timer","systemd::service","service","wmf_auto_restart_prometheus-node-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_prometheus-node-exporter.service\n\n[Timer]\nUnit=wmf_auto_restart_prometheus-node-exporter.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 0:16:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_prometheus-node-exporter.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-prometheus-node-exporter.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_prometheus-node-exporter","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_prometheus-node-exporter\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_prometheus-node-exporter/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_prometheus-node-exporter","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_prometheus-node-exporter","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_prometheus-node-exporter\n\n/var/log/wmf_auto_restart_prometheus-node-exporter/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"wmf_auto_restart_rsyslog.timer","tags":["service","wmf_auto_restart_rsyslog.timer","systemd::service","systemd","wmf_auto_restart_rsyslog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_rsyslog.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_rsyslog.timer","systemd::service","service","wmf_auto_restart_rsyslog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_rsyslog.service\n\n[Timer]\nUnit=wmf_auto_restart_rsyslog.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 8:17:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_rsyslog.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-rsyslog.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_rsyslog","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_rsyslog\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_rsyslog/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_rsyslog","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_rsyslog","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_rsyslog\n\n/var/log/wmf_auto_restart_rsyslog/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"wmf_auto_restart_lldpd.timer","tags":["service","wmf_auto_restart_lldpd.timer","systemd::service","systemd","wmf_auto_restart_lldpd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_lldpd.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_lldpd.timer","systemd::service","service","wmf_auto_restart_lldpd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_lldpd.service\n\n[Timer]\nUnit=wmf_auto_restart_lldpd.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 11:36:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_lldpd.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-lldpd.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_lldpd","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_lldpd\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_lldpd/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_lldpd","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_lldpd","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_lldpd\n\n/var/log/wmf_auto_restart_lldpd/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"wmf_auto_restart_systemd-journald.timer","tags":["service","wmf_auto_restart_systemd-journald.timer","systemd::service","systemd","wmf_auto_restart_systemd-journald","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_systemd-journald.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_systemd-journald.timer","systemd::service","service","wmf_auto_restart_systemd-journald","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_systemd-journald.service\n\n[Timer]\nUnit=wmf_auto_restart_systemd-journald.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 5:4:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_systemd-journald.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-systemd-journald.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_systemd-journald","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_systemd-journald\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_systemd-journald/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_systemd-journald","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_systemd-journald","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_systemd-journald\n\n/var/log/wmf_auto_restart_systemd-journald/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"wmf_auto_restart_ssh.timer","tags":["service","wmf_auto_restart_ssh.timer","systemd::service","systemd","wmf_auto_restart_ssh","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_ssh.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_ssh.timer","systemd::service","service","wmf_auto_restart_ssh","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_ssh.service\n\n[Timer]\nUnit=wmf_auto_restart_ssh.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 20:19:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_ssh.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-ssh.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_ssh","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_ssh\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_ssh/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_ssh","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_ssh","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_ssh\n\n/var/log/wmf_auto_restart_ssh/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/kernel-purge.timer","tags":["file","systemd::unit","systemd","unit","kernel-purge.timer","systemd::service","service","kernel-purge","systemd::timer","timer","systemd::timer::job","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of kernel-purge.service\n\n[Timer]\nUnit=kernel-purge.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=monthly\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for kernel-purge.timer (kernel-purge.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for kernel-purge.timer (kernel-purge.timer)","tags":["exec","systemd::unit","systemd","unit","kernel-purge.timer","systemd::service","service","kernel-purge","systemd::timer","timer","systemd::timer::job","job","class","base::kernel","base","kernel","profile::base","profile","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[kernel-purge.timer]"]}},{"type":"File","title":"/lib/systemd/system/prometheus-debian-version-textfile.timer","tags":["file","systemd::unit","systemd","unit","prometheus-debian-version-textfile.timer","systemd::service","service","prometheus-debian-version-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus-debian-version-textfile.service\n\n[Timer]\nUnit=prometheus-debian-version-textfile.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=300s\nOnActiveSec=1s\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus-debian-version-textfile.timer (prometheus-debian-version-textfile.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus-debian-version-textfile.timer (prometheus-debian-version-textfile.timer)","tags":["exec","systemd::unit","systemd","unit","prometheus-debian-version-textfile.timer","systemd::service","service","prometheus-debian-version-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_debian_version","prometheus","node_debian_version","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[prometheus-debian-version-textfile.timer]"]}},{"type":"File","title":"/lib/systemd/system/prometheus-dpkg-success-textfile.timer","tags":["file","systemd::unit","systemd","unit","prometheus-dpkg-success-textfile.timer","systemd::service","service","prometheus-dpkg-success-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus-dpkg-success-textfile.service\n\n[Timer]\nUnit=prometheus-dpkg-success-textfile.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:00/30:00\nRandomizedDelaySec=1800\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus-dpkg-success-textfile.timer (prometheus-dpkg-success-textfile.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus-dpkg-success-textfile.timer (prometheus-dpkg-success-textfile.timer)","tags":["exec","systemd::unit","systemd","unit","prometheus-dpkg-success-textfile.timer","systemd::service","service","prometheus-dpkg-success-textfile","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_dpkg_success","prometheus","node_dpkg_success","profile::base","profile","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[prometheus-dpkg-success-textfile.timer]"]}},{"type":"File","title":"/lib/systemd/system/send_puppet_failure_emails.timer","tags":["file","systemd::unit","systemd","unit","send_puppet_failure_emails.timer","systemd::service","service","send_puppet_failure_emails","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of send_puppet_failure_emails.service\n\n[Timer]\nUnit=send_puppet_failure_emails.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* 08:15:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for send_puppet_failure_emails.timer (send_puppet_failure_emails.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for send_puppet_failure_emails.timer (send_puppet_failure_emails.timer)","tags":["exec","systemd::unit","systemd","unit","send_puppet_failure_emails.timer","systemd::service","service","send_puppet_failure_emails","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/cleanup_puppet_client_bucket.timer","tags":["file","systemd::unit","systemd","unit","cleanup_puppet_client_bucket.timer","systemd::service","service","cleanup_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of cleanup_puppet_client_bucket.service\n\n[Timer]\nUnit=cleanup_puppet_client_bucket.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=24h\nOnActiveSec=1s\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for cleanup_puppet_client_bucket.timer (cleanup_puppet_client_bucket.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for cleanup_puppet_client_bucket.timer (cleanup_puppet_client_bucket.timer)","tags":["exec","systemd::unit","systemd","unit","cleanup_puppet_client_bucket.timer","systemd::service","service","cleanup_puppet_client_bucket","systemd::timer","timer","systemd::timer::job","job","class","profile::base::labs","profile","base","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/prometheus_ssh_open_sessions.timer","tags":["file","systemd::unit","systemd","unit","prometheus_ssh_open_sessions.timer","systemd::service","service","prometheus_ssh_open_sessions","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus_ssh_open_sessions.service\n\n[Timer]\nUnit=prometheus_ssh_open_sessions.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* *:0/5:0\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_ssh_open_sessions.timer (prometheus_ssh_open_sessions.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_ssh_open_sessions.timer (prometheus_ssh_open_sessions.timer)","tags":["exec","systemd::unit","systemd","unit","prometheus_ssh_open_sessions.timer","systemd::service","service","prometheus_ssh_open_sessions","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_ssh_open_sessions","prometheus","node_ssh_open_sessions","profile::wmcs::instance","profile","wmcs","instance","role::wmcs::instance","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[prometheus_ssh_open_sessions.timer]"]}},{"type":"File","title":"/lib/systemd/system/varnishkafka-all.service","tags":["file","systemd::unit","systemd","unit","varnishkafka-all","systemd::service","service","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# SPDX-License-Identifier: Apache-2.0\n[Unit]\nDescription=Varnishkafka - All Instances\n\n[Service]\nType=oneshot\nRemainAfterExit=true\nExecStart=/bin/true\nExecReload=/bin/true\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for varnishkafka-all.service (varnishkafka-all)]"}},{"type":"Exec","title":"systemd daemon-reload for varnishkafka-all.service (varnishkafka-all)","tags":["exec","systemd::unit","systemd","unit","varnishkafka-all","systemd::service","service","class","varnishkafka","varnishkafka::instance","instance","webrequest","profile::cache::kafka::webrequest","profile","cache","kafka","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[varnishkafka-all]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_prometheus-varnishkafka-exporter.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_prometheus-varnishkafka-exporter.service","systemd::timer::job","timer","job","wmf_auto_restart_prometheus-varnishkafka-exporter","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: prometheus-varnishkafka-exporter\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s prometheus-varnishkafka-exporter\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_prometheus-varnishkafka-exporter.service (wmf_auto_restart_prometheus-varnishkafka-exporter.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_prometheus-varnishkafka-exporter.service (wmf_auto_restart_prometheus-varnishkafka-exporter.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_prometheus-varnishkafka-exporter.service","systemd::timer::job","timer","job","wmf_auto_restart_prometheus-varnishkafka-exporter","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_prometheus-varnishkafka-exporter","tags":["systemd::service","systemd","service","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_prometheus-varnishkafka-exporter.service\n\n[Timer]\nUnit=wmf_auto_restart_prometheus-varnishkafka-exporter.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 5:54:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_prometheus-varnishkafka-exporter.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_prometheus-varnishkafka-exporter","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_prometheus-varnishkafka-exporter","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_prometheus-varnishkafka-exporter\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_prometheus-varnishkafka-exporter/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_prometheus-varnishkafka-exporter]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_prometheus-varnishkafka-exporter","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_prometheus-varnishkafka-exporter\n\n/var/log/wmf_auto_restart_prometheus-varnishkafka-exporter/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_purged.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_purged.service","systemd::timer::job","timer","job","wmf_auto_restart_purged","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: purged\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s purged\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_purged.service (wmf_auto_restart_purged.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_purged.service (wmf_auto_restart_purged.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_purged.service","systemd::timer::job","timer","job","wmf_auto_restart_purged","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_purged","tags":["systemd::service","systemd","service","wmf_auto_restart_purged","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_purged.service\n\n[Timer]\nUnit=wmf_auto_restart_purged.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 21:37:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_purged.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_purged","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_purged","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_purged","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_purged","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_purged\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_purged/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_purged]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_purged","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_purged","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_purged\n\n/var/log/wmf_auto_restart_purged/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/varnishmtail@default.service","tags":["file","systemd::unit","systemd","unit","systemd::service","service","varnish::logging::mtail","varnish","logging","mtail","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=\"Varnish mtail %i instance\"\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nSyslogIdentifier=varnishmtail-%i\nRestart=always\nExecStart=/usr/local/bin/varnishmtail-%i /etc/mtail-default 3903\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for varnishmtail@default.service (varnishmtail@default)]"}},{"type":"Exec","title":"systemd daemon-reload for varnishmtail@default.service (varnishmtail@default)","tags":["exec","systemd::unit","systemd","unit","systemd::service","service","varnish::logging::mtail","varnish","logging","mtail","default","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"notify":["Service[varnishmtail@default]"]}},{"type":"File","title":"/lib/systemd/system/varnishmtail@internal.service","tags":["file","systemd::unit","systemd","unit","systemd::service","service","varnish::logging::mtail","varnish","logging","mtail","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=\"Varnish mtail %i instance\"\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nSyslogIdentifier=varnishmtail-%i\nRestart=always\nExecStart=/usr/local/bin/varnishmtail-%i /etc/mtail-internal 3913\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for varnishmtail@internal.service (varnishmtail@internal)]"}},{"type":"Exec","title":"systemd daemon-reload for varnishmtail@internal.service (varnishmtail@internal)","tags":["exec","systemd::unit","systemd","unit","systemd::service","service","varnish::logging::mtail","varnish","logging","mtail","internal","class","varnish::logging","profile::cache::base","profile","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"notify":["Service[varnishmtail@internal]"]}},{"type":"File","title":"/lib/systemd/system/nrpe2nodexp-haproxy.service","tags":["file","systemd::unit","systemd","unit","nrpe2nodexp-haproxy.service","systemd::timer::job","timer","job","nrpe2nodexp-haproxy","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=execution of nrpe2nodexp for the check_haproxy command.\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=nagios\n\nGroup=prometheus-node-exporter\nSyslogIdentifier=nrpe2nodexp-haproxy\nExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"8b4833c5a4a8470c54300abc1c3122e3\" --timeout 10 --check-command \"check_haproxy\"\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for nrpe2nodexp-haproxy.service (nrpe2nodexp-haproxy.service)]"}},{"type":"Exec","title":"systemd daemon-reload for nrpe2nodexp-haproxy.service (nrpe2nodexp-haproxy.service)","tags":["exec","systemd::unit","systemd","unit","nrpe2nodexp-haproxy.service","systemd::timer::job","timer","job","nrpe2nodexp-haproxy","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"nrpe2nodexp-haproxy","tags":["systemd::service","systemd","service","nrpe2nodexp-haproxy","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-haproxy.service\n\n[Timer]\nUnit=nrpe2nodexp-haproxy.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=1min\nOnActiveSec=1s\nRandomizedDelaySec=60\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[nrpe2nodexp-haproxy.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/lib/systemd/system/nrpe2nodexp-haproxy_alive.service","tags":["file","systemd::unit","systemd","unit","nrpe2nodexp-haproxy_alive.service","systemd::timer::job","timer","job","nrpe2nodexp-haproxy_alive","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=execution of nrpe2nodexp for the check_haproxy_alive command.\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=nagios\n\nGroup=prometheus-node-exporter\nSyslogIdentifier=nrpe2nodexp-haproxy_alive\nExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"0065d6c8589cde5ab0f2099cfdcb8eff\" --timeout 10 --check-command \"check_haproxy_alive\"\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for nrpe2nodexp-haproxy_alive.service (nrpe2nodexp-haproxy_alive.service)]"}},{"type":"Exec","title":"systemd daemon-reload for nrpe2nodexp-haproxy_alive.service (nrpe2nodexp-haproxy_alive.service)","tags":["exec","systemd::unit","systemd","unit","nrpe2nodexp-haproxy_alive.service","systemd::timer::job","timer","job","nrpe2nodexp-haproxy_alive","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"nrpe2nodexp-haproxy_alive","tags":["systemd::service","systemd","service","nrpe2nodexp-haproxy_alive","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-haproxy_alive.service\n\n[Timer]\nUnit=nrpe2nodexp-haproxy_alive.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=1min\nOnActiveSec=1s\nRandomizedDelaySec=60\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[nrpe2nodexp-haproxy_alive.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"Service","title":"haproxy_stek_job.timer","tags":["service","haproxy_stek_job.timer","systemd::service","systemd","haproxy_stek_job","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"haproxy_stek_job.timer","tags":["systemd::unit","systemd","unit","haproxy_stek_job.timer","systemd::service","service","haproxy_stek_job","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of haproxy_stek_job.service\n\n[Timer]\nUnit=haproxy_stek_job.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* 00/8:00:00\nOnBootSec=0sec\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"haproxy_stek_job.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-haproxy-stek-job.conf","tags":["file","rsyslog::conf","rsyslog","conf","haproxy_stek_job","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"haproxy_stek_job\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/haproxy_stek_job/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/haproxy_stek_job","tags":["file","logrotate::conf","logrotate","conf","haproxy_stek_job","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for haproxy_stek_job\n\n/var/log/haproxy_stek_job/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/etc/systemd/system/mtail.service.d/puppet-override.conf","tags":["file","systemd::unit","systemd","unit","mtail","systemd::service","service","class","mtail::program","program","cache_haproxy","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Service]\nExecStart=\nExecStart=/usr/bin/mtail -progs /etc/mtail -logtostderr $EXTRA_ARGS\nGroup=root\nLimitNOFILE=16384\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for mtail.service (mtail)]"}},{"type":"Exec","title":"systemd daemon-reload for mtail.service (mtail)","tags":["exec","systemd::unit","systemd","unit","mtail","systemd::service","service","class","mtail::program","program","cache_haproxy","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Service","title":"wmfuniq-experiment-fetcher.timer","tags":["service","wmfuniq-experiment-fetcher.timer","systemd::service","systemd","wmfuniq-experiment-fetcher","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmfuniq-experiment-fetcher.timer","tags":["systemd::unit","systemd","unit","wmfuniq-experiment-fetcher.timer","systemd::service","service","wmfuniq-experiment-fetcher","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmfuniq-experiment-fetcher.service\n\n[Timer]\nUnit=wmfuniq-experiment-fetcher.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=1s\nOnCalendar=minutely\nRandomizedDelaySec=59\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmfuniq-experiment-fetcher.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmfuniq-experiment-fetcher.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmfuniq-experiment-fetcher","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmfuniq-experiment-fetcher\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmfuniq-experiment-fetcher/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmfuniq-experiment-fetcher","tags":["file","logrotate::conf","logrotate","conf","wmfuniq-experiment-fetcher","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmfuniq-experiment-fetcher\n\n/var/log/wmfuniq-experiment-fetcher/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Nrpe::Check","title":"check_check_wmfuniq-experiment-fetcher_status","tags":["nrpe::check","nrpe","check","check_check_wmfuniq-experiment-fetcher_status","nrpe::monitor_service","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":70,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","command":"/usr/local/lib/nagios/plugins/check_systemd_unit_status wmfuniq-experiment-fetcher","before":"Monitoring::Service[check_wmfuniq-experiment-fetcher_status]"}},{"type":"Monitoring::Service","title":"check_wmfuniq-experiment-fetcher_status","tags":["monitoring::service","monitoring","service","check_wmfuniq-experiment-fetcher_status","nrpe::monitor_service","nrpe","monitor_service","systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":86,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","description":"Check unit status of wmfuniq-experiment-fetcher","check_command":"nrpe_check!check_check_wmfuniq-experiment-fetcher_status!10","contact_group":"admins","retries":2,"critical":false,"check_interval":10,"retry_interval":1,"notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","migration_task":"T407130","passive":false,"freshness":36000,"config_dir":"/etc/nagios","host":"deployment-cache-text08"}},{"type":"Prometheus::Alert::Rule","title":"check_check_wmfuniq-experiment-fetcher_status_50dc98e51dafd8e982310a5038c4adc0","tags":["prometheus::alert::rule","prometheus","alert","rule","check_check_wmfuniq-experiment-fetcher_status_50dc98e51dafd8e982310a5038c4adc0","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":144,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","alert_name":"nrpe_Check_unit_status_of_wmfuniq_experiment_fetcher","instance":"ops","summary":"NRPE CHECK: Check unit status of wmfuniq-experiment-fetcher","description":"NRPE CHECK: Check unit status of wmfuniq-experiment-fetcher","expr":"(nagios_nrpe_check_result{alert_rule_hash=\"50dc98e51dafd8e982310a5038c4adc0\",check_name=\"check_check_wmfuniq-experiment-fetcher_status\", status=~\"(WARNING|CRITICAL)\", severity=~\"(warning|critical)\"} > 0) * on (instance) group_left (team) role_owner","for":"11m","group":"nrpechecks","dashboard":"TODO","runbook":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logs":"https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_check_wmfuniq-experiment-fetcher_status))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))","team":"observability","severity":"info","def_label_whitelst":["team","severity"],"site":"eqiad"}},{"type":"Systemd::Timer::Job","title":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","tags":["systemd::timer::job","systemd","timer","job","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":180,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"execution of nrpe2nodexp for the check_check_wmfuniq-experiment-fetcher_status command.","user":"nagios","group":"prometheus-node-exporter","ignore_errors":true,"command":"/usr/local/bin/nrpe2nodexp --alert-rule-hash \"50dc98e51dafd8e982310a5038c4adc0\" --timeout 10 --check-command \"check_check_wmfuniq-experiment-fetcher_status\"","interval":[{"start":"OnUnitInactiveSec","interval":"5min"}],"splay":300,"fixed_random_delay":true,"logging_enabled":false,"syslog_identifier":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","send_mail_only_on_error":true,"private_tmp":false,"success_exit_status":[]}},{"type":"Rsyslog::Conf","title":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","tags":["rsyslog::conf","rsyslog","conf","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":197,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status\" then {\n    if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n        # Send logs to kafka\n        set $.log_outputs = \"kafka ecs_170 local\";\n    } else {\n        # Filter out non-relevant nrpe2nodexp messages\n        stop\n    }\n}\n","priority":25,"mode":"0444"}},{"type":"File","title":"/var/lib/prometheus/node.d/check_check_wmfuniq-experiment-fetcher_status.prom","tags":["file","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":207,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/lib/systemd/system/clean-confd-rundir.service","tags":["file","systemd::unit","systemd","unit","clean-confd-rundir.service","systemd::timer::job","timer","job","clean-confd-rundir","class","confd","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Clean old stale files in /var/run/confd-template\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/bin/find /var/run/confd-template -type f -mtime +30 -delete\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for clean-confd-rundir.service (clean-confd-rundir.service)]"}},{"type":"Exec","title":"systemd daemon-reload for clean-confd-rundir.service (clean-confd-rundir.service)","tags":["exec","systemd::unit","systemd","unit","clean-confd-rundir.service","systemd::timer::job","timer","job","clean-confd-rundir","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"clean-confd-rundir","tags":["systemd::service","systemd","service","clean-confd-rundir","systemd::timer","timer","systemd::timer::job","job","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of clean-confd-rundir.service\n\n[Timer]\nUnit=clean-confd-rundir.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:0/30\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[clean-confd-rundir.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/clean-confd-rundir","tags":["file","systemd::syslog","systemd","syslog","clean-confd-rundir","systemd::timer::job","timer","job","class","confd","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"clean-confd-rundir","tags":["rsyslog::conf","rsyslog","conf","clean-confd-rundir","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"clean-confd-rundir\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/clean-confd-rundir/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/clean-confd-rundir]","mode":"0444"}},{"type":"Logrotate::Conf","title":"clean-confd-rundir","tags":["logrotate::conf","logrotate","conf","clean-confd-rundir","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for clean-confd-rundir\n\n/var/log/clean-confd-rundir/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/confd.service","tags":["file","base::service_unit","base","service_unit","confd","confd::instance","instance","main","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":89,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=confd\n\n[Service]\nUser=root\nSyslogIdentifier=%N\nEnvironment=\"CONFD_BACKEND=etcd\"\nEnvironment=\"CONFD_DISCOVERY=-srv-record _etcd-client-ssl._tcp.deployment-prep.eqiad1.wikimedia.cloud -scheme https\"\nEnvironment=\"CONFD_OPTS=-interval=3\"\nExecStart=/usr/bin/confd -backend $CONFD_BACKEND $CONFD_DISCOVERY $CONFD_OPTS\nRestart=on-failure\nRestartSec=10s\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":["Service[confd]"]}},{"type":"Exec","title":"systemd reload for confd","tags":["exec","base::service_unit","base","service_unit","confd","confd::instance","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":114,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"subscribe":"File[/lib/systemd/system/confd.service]","before":["Service[confd]"]}},{"type":"Service","title":"confd","tags":["service","confd","base::service_unit","base","service_unit","confd::instance","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/base/manifests/service_unit.pp","line":134,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true}},{"type":"Systemd::Unit","title":"confd_prometheus_metrics.service","tags":["systemd::unit","systemd","unit","confd_prometheus_metrics.service","systemd::timer::job","timer","job","confd_prometheus_metrics","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Export confd Prometheus metrics\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/confd-prometheus-metrics\n","unit":"confd_prometheus_metrics.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"confd_prometheus_metrics","tags":["systemd::timer","systemd","timer","confd_prometheus_metrics","systemd::timer::job","job","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"minutely"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"confd_prometheus_metrics.service"}},{"type":"Systemd::Syslog","title":"confd_prometheus_metrics","tags":["systemd::syslog","systemd","syslog","confd_prometheus_metrics","systemd::timer::job","timer","job","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"Service","title":"prometheus_varnishd_mmap_count.timer","tags":["service","prometheus_varnishd_mmap_count.timer","systemd::service","systemd","prometheus_varnishd_mmap_count","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"prometheus_varnishd_mmap_count.timer","tags":["systemd::unit","systemd","unit","prometheus_varnishd_mmap_count.timer","systemd::service","service","prometheus_varnishd_mmap_count","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus_varnishd_mmap_count.service\n\n[Timer]\nUnit=prometheus_varnishd_mmap_count.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"prometheus_varnishd_mmap_count.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-prometheus-varnishd-mmap-count.conf","tags":["file","rsyslog::conf","rsyslog","conf","prometheus_varnishd_mmap_count","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_varnishd_mmap_count\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_varnishd_mmap_count/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/prometheus_varnishd_mmap_count","tags":["file","logrotate::conf","logrotate","conf","prometheus_varnishd_mmap_count","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for prometheus_varnishd_mmap_count\n\n/var/log/prometheus_varnishd_mmap_count/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"prometheus_sysctl.timer","tags":["service","prometheus_sysctl.timer","systemd::service","systemd","prometheus_sysctl","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"prometheus_sysctl.timer","tags":["systemd::unit","systemd","unit","prometheus_sysctl.timer","systemd::service","service","prometheus_sysctl","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus_sysctl.service\n\n[Timer]\nUnit=prometheus_sysctl.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:0/5\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"prometheus_sysctl.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-prometheus-sysctl.conf","tags":["file","rsyslog::conf","rsyslog","conf","prometheus_sysctl","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_sysctl\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_sysctl/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/prometheus_sysctl","tags":["file","logrotate::conf","logrotate","conf","prometheus_sysctl","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for prometheus_sysctl\n\n/var/log/prometheus_sysctl/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/track_vcache_fds.service","tags":["file","systemd::unit","systemd","unit","track_vcache_fds.service","systemd::timer::job","timer","job","track_vcache_fds","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Regular job to collect file count metrics\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-file-count --outfile /var/lib/prometheus/node.d/vcache_fds.prom --metric node_varnish_filedescriptors_total \"/proc/$(pgrep -u vcache)/fd\"\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for track_vcache_fds.service (track_vcache_fds.service)]"}},{"type":"Exec","title":"systemd daemon-reload for track_vcache_fds.service (track_vcache_fds.service)","tags":["exec","systemd::unit","systemd","unit","track_vcache_fds.service","systemd::timer::job","timer","job","track_vcache_fds","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"track_vcache_fds","tags":["systemd::service","systemd","service","track_vcache_fds","systemd::timer","timer","systemd::timer::job","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of track_vcache_fds.service\n\n[Timer]\nUnit=track_vcache_fds.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[track_vcache_fds.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/track_vcache_fds","tags":["file","systemd::syslog","systemd","syslog","track_vcache_fds","systemd::timer::job","timer","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"track_vcache_fds","tags":["rsyslog::conf","rsyslog","conf","track_vcache_fds","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"track_vcache_fds\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/track_vcache_fds/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/track_vcache_fds]","mode":"0444"}},{"type":"Logrotate::Conf","title":"track_vcache_fds","tags":["logrotate::conf","logrotate","conf","track_vcache_fds","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for track_vcache_fds\n\n/var/log/track_vcache_fds/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/varnish-frontend.service","tags":["file","systemd::unit","systemd","unit","varnish-frontend","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=%p (Varnish HTTP Accelerator)\n\n[Service]\nType=forking\nLimitNOFILE=500000\nLimitMEMLOCK=90000\nLimitRTPRIO=infinity\n# https://phabricator.wikimedia.org/T208574\nTasksMax=infinity\n### start sec settings\nPrivateTmp=true\nPrivateDevices=true\nProtectSystem=full\nProtectHome=true\nNoNewPrivileges=true\n# No special powers for root with the exception of the following.\n# See capabilities(7).\nCapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_CHOWN CAP_NET_BIND_SERVICE CAP_KILL CAP_DAC_OVERRIDE\n### end sec settings\nPIDFile=%t/%p.pid\nRestart=on-failure\nKillMode=process\nEnvironment=\"CC_COMMAND=exec gcc -std=gnu99 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -pthread -fpic -shared -Wl,-x -L/usr/local/lib/ -o %%o %%s -lmaxminddb -lsodium\"\n# rsyslog will see this in $programname\nSyslogIdentifier=varnish-frontend\nExecReload=/usr/local/sbin/reload-vcl -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl\n# We start varnishd(1) without specifying a VCL file (-f ''). Use reload-vcl in\n# ExecStartPost to load and label separate VCL files first, and the main one\n# last. This is necessary given that the main VCL file might reference the\n# label of separate VCLs, and would otherwise fail to compile if loaded\n# directly with -f.\nExecStartPost=/usr/local/sbin/reload-vcl -n frontend -f /etc/varnish/wikimedia_text-frontend.vcl -d 5 -a -s /etc/varnish/wikimedia_misc-frontend.vcl --start-child\n# thread_pools * thread_pool_max = maximum number of threads spawned.\nExecStart=/usr/sbin/varnishd \\\n-P %t/%p.pid \\\n-a 127.0.0.1:3127 \\\n-a /run/varnish-frontend-0.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-1.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-2.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-3.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-4.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-5.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-6.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-frontend-7.socket,user=haproxy,group=root,mode=700 \\\n-a /run/varnish-privileged.socket,user=haproxy,group=root,mode=0222 \\\n-T 127.0.0.1:6082 \\\n-f '' \\\n-p thread_pool_min=250 \\\n-p thread_pool_max=5000 \\\n-p thread_pool_timeout=120 \\\n-p vsl_reclen=2048 \\\n-p workspace_backend=128k \\\n-p vcc_allow_inline_c=true \\\n-S /etc/varnish/secret \\\n-s malloc,1G  \\\n-p transit_buffer=1M \\\n-p thread_pool_stack=131072 \\\n-p listen_depth=16384 -p vcc_err_unref=off \\\n-p http_req_size=24576 \\\n-p gzip_level=8 \\\n-p gzip_memlevel=9 \\\n-p default_ttl=3600 \\\n-n frontend \\\n-l 160M \\\n-p cc_command=${CC_COMMAND}\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for varnish-frontend.service (varnish-frontend)]"}},{"type":"Exec","title":"systemd daemon-reload for varnish-frontend.service (varnish-frontend)","tags":["exec","systemd::unit","systemd","unit","varnish-frontend","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[varnish-frontend]"]}},{"type":"File","title":"/lib/systemd/system/varnish-frontend-slowlog.service","tags":["file","systemd::unit","systemd","unit","varnish-frontend-slowlog","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Varnish frontend Slow Requests\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishslowlog  --varnishd-instance-name frontend  --slow-threshold 60.0\nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for varnish-frontend-slowlog.service (varnish-frontend-slowlog)]"}},{"type":"Exec","title":"systemd daemon-reload for varnish-frontend-slowlog.service (varnish-frontend-slowlog)","tags":["exec","systemd::unit","systemd","unit","varnish-frontend-slowlog","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"notify":["Service[varnish-frontend-slowlog]"]}},{"type":"Systemd::Unit","title":"wmf_auto_restart_varnish-frontend-slowlog.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-slowlog.service","systemd::timer::job","timer","job","wmf_auto_restart_varnish-frontend-slowlog","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: varnish-frontend-slowlog\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s varnish-frontend-slowlog\n","unit":"wmf_auto_restart_varnish-frontend-slowlog.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_varnish-frontend-slowlog","tags":["systemd::timer","systemd","timer","wmf_auto_restart_varnish-frontend-slowlog","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 9:9:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_varnish-frontend-slowlog.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_varnish-frontend-slowlog","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_varnish-frontend-slowlog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/lib/systemd/system/varnish-frontend-hospital.service","tags":["file","systemd::unit","systemd","unit","varnish-frontend-hospital","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Varnish frontend Origin Servers Health\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishospital  --varnishd-instance-name frontend \nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for varnish-frontend-hospital.service (varnish-frontend-hospital)]"}},{"type":"Exec","title":"systemd daemon-reload for varnish-frontend-hospital.service (varnish-frontend-hospital)","tags":["exec","systemd::unit","systemd","unit","varnish-frontend-hospital","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"notify":["Service[varnish-frontend-hospital]"]}},{"type":"Systemd::Unit","title":"wmf_auto_restart_varnish-frontend-hospital.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-hospital.service","systemd::timer::job","timer","job","wmf_auto_restart_varnish-frontend-hospital","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: varnish-frontend-hospital\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s varnish-frontend-hospital\n","unit":"wmf_auto_restart_varnish-frontend-hospital.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_varnish-frontend-hospital","tags":["systemd::timer","systemd","timer","wmf_auto_restart_varnish-frontend-hospital","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 14:52:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_varnish-frontend-hospital.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_varnish-frontend-hospital","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_varnish-frontend-hospital","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/lib/systemd/system/varnish-frontend-fetcherr.service","tags":["file","systemd::unit","systemd","unit","varnish-frontend-fetcherr","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Varnish frontend Fetch Errors\nAfter=varnish-frontend.service\nBindsTo=varnish-frontend.service\n\n[Service]\nExecStart=/usr/local/bin/varnishfetcherr  --varnishd-instance-name frontend \nRestart=always\nRestartSec=5s\nSyslogIdentifier=%N\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for varnish-frontend-fetcherr.service (varnish-frontend-fetcherr)]"}},{"type":"Exec","title":"systemd daemon-reload for varnish-frontend-fetcherr.service (varnish-frontend-fetcherr)","tags":["exec","systemd::unit","systemd","unit","varnish-frontend-fetcherr","systemd::service","service","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","profile","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"notify":["Service[varnish-frontend-fetcherr]"]}},{"type":"Systemd::Unit","title":"wmf_auto_restart_varnish-frontend-fetcherr.service","tags":["systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-fetcherr.service","systemd::timer::job","timer","job","wmf_auto_restart_varnish-frontend-fetcherr","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: varnish-frontend-fetcherr\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s varnish-frontend-fetcherr\n","unit":"wmf_auto_restart_varnish-frontend-fetcherr.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"wmf_auto_restart_varnish-frontend-fetcherr","tags":["systemd::timer","systemd","timer","wmf_auto_restart_varnish-frontend-fetcherr","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","timer_intervals":[{"start":"OnCalendar","interval":"Mon,Tue,Wed,Thu,Fri *-*-* 15:12:00"}],"splay":0,"fixed_random_delay":false,"accuracy":"15sec","unit_name":"wmf_auto_restart_varnish-frontend-fetcherr.service"}},{"type":"Systemd::Syslog","title":"wmf_auto_restart_varnish-frontend-fetcherr","tags":["systemd::syslog","systemd","syslog","wmf_auto_restart_varnish-frontend-fetcherr","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":236,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","base_dir":"/var/log","log_filename":"syslog.log","owner":"root","group":"root","readable_by":"all","force_stop":true,"programname_comparison":"startswith"}},{"type":"File","title":"/lib/systemd/system/prometheus-varnish-exporter@frontend.service","tags":["file","systemd::unit","systemd","unit","systemd::service","service","prometheus::varnish_exporter","prometheus","varnish_exporter","frontend","class","profile::prometheus::varnish_exporter","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Prometheus exporter for Varnish (instance %i)\nDocumentation=https://prometheus.io/docs/introduction/overview/\nBindsTo=varnish-frontend.service\nAfter=varnish-frontend.service\n\n[Service]\nRestart=always\nUser=varnish\nGroup=varnish\nExecStart=/usr/bin/prometheus-varnish-exporter -raw -n frontend -web.listen-address :9331\n\n[Install]\nWantedBy=multi-user.target varnish-frontend.service\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus-varnish-exporter@frontend.service (prometheus-varnish-exporter@frontend)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus-varnish-exporter@frontend.service (prometheus-varnish-exporter@frontend)","tags":["exec","systemd::unit","systemd","unit","systemd::service","service","prometheus::varnish_exporter","prometheus","varnish_exporter","frontend","class","profile::prometheus::varnish_exporter","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"notify":["Service[prometheus-varnish-exporter@frontend]"]}},{"type":"Service","title":"refresh-dp-key.timer","tags":["service","refresh-dp-key.timer","systemd::service","systemd","refresh-dp-key","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"refresh-dp-key.timer","tags":["systemd::unit","systemd","unit","refresh-dp-key.timer","systemd::service","service","refresh-dp-key","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of refresh-dp-key.service\n\n[Timer]\nUnit=refresh-dp-key.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* 00:15:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"refresh-dp-key.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-timer-refresh-dp-key.conf","tags":["file","rsyslog::conf","rsyslog","conf","timer-refresh-dp-key","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"timer-refresh-dp-key\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/timer-refresh-dp-key/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/timer-refresh-dp-key","tags":["file","logrotate::conf","logrotate","conf","timer-refresh-dp-key","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","refresh-dp-key","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for timer-refresh-dp-key\n\n/var/log/timer-refresh-dp-key/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/etc/systemd/system/trafficserver.service.d","tags":["file","systemd::unit","systemd","unit","trafficserver","systemd::service","service","trafficserver::instance","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":61,"kind":"compilable_type","exported":false,"parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0555"}},{"type":"File","title":"/etc/systemd/system/trafficserver.service.d/puppet-override.conf","tags":["file","systemd::unit","systemd","unit","trafficserver","systemd::service","service","trafficserver::instance","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Service]\nUser=trafficserver\nGroup=trafficserver\nExecStart=\nExecStart=/usr/bin/traffic_manager --nosyslog\nPIDFile=/run/trafficserver/manager.lock\nRestart=always\nRestartSec=1\nExecReload=\n# XXX: `traffic_server -C verify_config` is broken: it causes configuration\n# reloads, which cause errors with ascii_pipe logs\n#ExecReload=/usr/bin/traffic_server -C verify_config\nExecReload=/usr/bin/traffic_ctl config reload\n# traffic_manager is terminated with SIGTERM and exits with the received signal\n# number (15)\nSuccessExitStatus=15\n\nSyslogIdentifier=trafficserver\n\nLimitNOFILE=500000\nLimitMEMLOCK=90000\n\n# Security options\nProtectKernelModules=yes\nProtectKernelTunables=yes\nPrivateTmp=yes\n\nRestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK\n\nCapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_SETGID CAP_SETUID CAP_SYS_PTRACE CAP_FOWNER \nSystemCallFilter=~@keyring @clock @cpu-emulation @obsolete @module @raw-io @reboot @swap\n\n# The entire file system hierarchy is mounted read-only, except for the API\n# file system subtrees /dev, /proc and /sys\nProtectSystem=strict\n\n# Whitelist read/write directories\nReadWritePaths=/var/log/trafficserver\nReadWritePaths=/run/trafficserver\nReadWritePaths=/var/cache/trafficserver\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for trafficserver.service (trafficserver)]"}},{"type":"Exec","title":"systemd daemon-reload for trafficserver.service (trafficserver)","tags":["exec","systemd::unit","systemd","unit","trafficserver","systemd::service","service","trafficserver::instance","instance","backend","class","profile::trafficserver::backend","profile","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"notify":["Service[trafficserver]"]}},{"type":"Nrpe::Check","title":"check_check_tcp-mss-clamper_status","tags":["nrpe::check","nrpe","check","check_check_tcp-mss-clamper_status","nrpe::monitor_service","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","systemd","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":70,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","command":"/usr/local/lib/nagios/plugins/check_systemd_unit_status tcp-mss-clamper","before":"Monitoring::Service[check_tcp-mss-clamper_status]"}},{"type":"Monitoring::Service","title":"check_tcp-mss-clamper_status","tags":["monitoring::service","monitoring","service","check_tcp-mss-clamper_status","nrpe::monitor_service","nrpe","monitor_service","systemd::monitor","systemd","monitor","tcp-mss-clamper","systemd::service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":86,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"Check unit status of tcp-mss-clamper","check_command":"nrpe_check!check_check_tcp-mss-clamper_status!10","contact_group":"admins","retries":2,"critical":false,"check_interval":10,"retry_interval":1,"notes_url":"https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments","migration_task":"T407130","passive":false,"freshness":36000,"config_dir":"/etc/nagios","host":"deployment-cache-text08"}},{"type":"Prometheus::Alert::Rule","title":"check_check_tcp-mss-clamper_status_295d6d5dd0a784bb9ba1d5983fd1894f","tags":["prometheus::alert::rule","prometheus","alert","rule","check_check_tcp-mss-clamper_status_295d6d5dd0a784bb9ba1d5983fd1894f","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","systemd","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":144,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","alert_name":"nrpe_Check_unit_status_of_tcp_mss_clamper","instance":"ops","summary":"NRPE CHECK: Check unit status of tcp-mss-clamper","description":"NRPE CHECK: Check unit status of tcp-mss-clamper","expr":"(nagios_nrpe_check_result{alert_rule_hash=\"295d6d5dd0a784bb9ba1d5983fd1894f\",check_name=\"check_check_tcp-mss-clamper_status\", status=~\"(WARNING|CRITICAL)\", severity=~\"(warning|critical)\"} > 0) * on (instance) group_left (team) role_owner","for":"11m","group":"nrpechecks","dashboard":"TODO","runbook":"https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments","logs":"https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_check_tcp-mss-clamper_status))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))","team":"observability","severity":"info","def_label_whitelst":["team","severity"],"site":"eqiad"}},{"type":"Systemd::Timer::Job","title":"nrpe2nodexp-check_tcp-mss-clamper_status","tags":["systemd::timer::job","systemd","timer","job","nrpe2nodexp-check_tcp-mss-clamper_status","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":180,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","description":"execution of nrpe2nodexp for the check_check_tcp-mss-clamper_status command.","user":"nagios","group":"prometheus-node-exporter","ignore_errors":true,"command":"/usr/local/bin/nrpe2nodexp --alert-rule-hash \"295d6d5dd0a784bb9ba1d5983fd1894f\" --timeout 10 --check-command \"check_check_tcp-mss-clamper_status\"","interval":[{"start":"OnUnitInactiveSec","interval":"5min"}],"splay":300,"fixed_random_delay":true,"logging_enabled":false,"syslog_identifier":"nrpe2nodexp-check_tcp-mss-clamper_status","environment":{},"monitoring_enabled":false,"monitoring_contact_groups":"admins","monitoring_notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state","logfile_basedir":"/var/log","logfile_name":"syslog.log","logfile_group":"root","logfile_perms":"all","syslog_force_stop":true,"syslog_match_startswith":true,"send_mail":false,"send_mail_to":"root@deployment-cache-text08.deployment-prep.eqiad1.wikimedia.cloud","send_mail_only_on_error":true,"private_tmp":false,"success_exit_status":[]}},{"type":"Rsyslog::Conf","title":"nrpe2nodexp-check_tcp-mss-clamper_status","tags":["rsyslog::conf","rsyslog","conf","nrpe2nodexp-check_tcp-mss-clamper_status","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","systemd","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":197,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"nrpe2nodexp-check_tcp-mss-clamper_status\" then {\n    if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n        # Send logs to kafka\n        set $.log_outputs = \"kafka ecs_170 local\";\n    } else {\n        # Filter out non-relevant nrpe2nodexp messages\n        stop\n    }\n}\n","priority":25,"mode":"0444"}},{"type":"File","title":"/var/lib/prometheus/node.d/check_check_tcp-mss-clamper_status.prom","tags":["file","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","systemd","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/nrpe/manifests/monitor_service.pp","line":207,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root"}},{"type":"File","title":"/lib/systemd/system/prometheus_lvs_realserver_mss.service","tags":["file","systemd::unit","systemd","unit","prometheus_lvs_realserver_mss.service","systemd::timer::job","timer","job","prometheus_lvs_realserver_mss","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Regular job to collect MSS values of realserver endpoints\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e \n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)","tags":["exec","systemd::unit","systemd","unit","prometheus_lvs_realserver_mss.service","systemd::timer::job","timer","job","prometheus_lvs_realserver_mss","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"prometheus_lvs_realserver_mss","tags":["systemd::service","systemd","service","prometheus_lvs_realserver_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of prometheus_lvs_realserver_mss.service\n\n[Timer]\nUnit=prometheus_lvs_realserver_mss.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[prometheus_lvs_realserver_mss.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/prometheus_lvs_realserver_mss","tags":["file","systemd::syslog","systemd","syslog","prometheus_lvs_realserver_mss","systemd::timer::job","timer","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"prometheus_lvs_realserver_mss","tags":["rsyslog::conf","rsyslog","conf","prometheus_lvs_realserver_mss","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_lvs_realserver_mss\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_lvs_realserver_mss/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/prometheus_lvs_realserver_mss]","mode":"0444"}},{"type":"Logrotate::Conf","title":"prometheus_lvs_realserver_mss","tags":["logrotate::conf","logrotate","conf","prometheus_lvs_realserver_mss","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# logrotate(8) config for prometheus_lvs_realserver_mss\n\n/var/log/prometheus_lvs_realserver_mss/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/prometheus_ferm_mss.service","tags":["file","systemd::unit","systemd","unit","prometheus_ferm_mss.service","systemd::timer::job","timer","job","prometheus_ferm_mss","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Regular job to collect MSS values of ferm-based hosts\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e \n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)","tags":["exec","systemd::unit","systemd","unit","prometheus_ferm_mss.service","systemd::timer::job","timer","job","prometheus_ferm_mss","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"prometheus_ferm_mss","tags":["systemd::service","systemd","service","prometheus_ferm_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of prometheus_ferm_mss.service\n\n[Timer]\nUnit=prometheus_ferm_mss.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[prometheus_ferm_mss.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/prometheus_ferm_mss","tags":["file","systemd::syslog","systemd","syslog","prometheus_ferm_mss","systemd::timer::job","timer","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"prometheus_ferm_mss","tags":["rsyslog::conf","rsyslog","conf","prometheus_ferm_mss","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_ferm_mss\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_ferm_mss/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/prometheus_ferm_mss]","mode":"0444"}},{"type":"Logrotate::Conf","title":"prometheus_ferm_mss","tags":["logrotate::conf","logrotate","conf","prometheus_ferm_mss","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"# logrotate(8) config for prometheus_ferm_mss\n\n/var/log/prometheus_ferm_mss/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_systemd-timesyncd.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_systemd-timesyncd.timer","systemd::service","service","wmf_auto_restart_systemd-timesyncd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_systemd-timesyncd.service\n\n[Timer]\nUnit=wmf_auto_restart_systemd-timesyncd.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 3:54:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_systemd-timesyncd.timer (wmf_auto_restart_systemd-timesyncd.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_systemd-timesyncd.timer (wmf_auto_restart_systemd-timesyncd.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_systemd-timesyncd.timer","systemd::service","service","wmf_auto_restart_systemd-timesyncd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-timesyncd","class","profile::systemd::timesyncd","timesyncd","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_systemd-timesyncd.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_exim4.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_exim4.timer","systemd::service","service","wmf_auto_restart_exim4","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_exim4.service\n\n[Timer]\nUnit=wmf_auto_restart_exim4.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 17:52:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_exim4.timer (wmf_auto_restart_exim4.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_exim4.timer (wmf_auto_restart_exim4.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_exim4.timer","systemd::service","service","wmf_auto_restart_exim4","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","exim4","class","profile::mail::default_mail_relay","mail","default_mail_relay","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_exim4.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_prometheus-node-exporter.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_prometheus-node-exporter.timer","systemd::service","service","wmf_auto_restart_prometheus-node-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_prometheus-node-exporter.service\n\n[Timer]\nUnit=wmf_auto_restart_prometheus-node-exporter.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 0:16:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_prometheus-node-exporter.timer (wmf_auto_restart_prometheus-node-exporter.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_prometheus-node-exporter.timer (wmf_auto_restart_prometheus-node-exporter.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_prometheus-node-exporter.timer","systemd::service","service","wmf_auto_restart_prometheus-node-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-node-exporter","class","prometheus::node_exporter","prometheus","node_exporter","profile::prometheus::node_exporter","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_prometheus-node-exporter.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_rsyslog.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_rsyslog.timer","systemd::service","service","wmf_auto_restart_rsyslog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_rsyslog.service\n\n[Timer]\nUnit=wmf_auto_restart_rsyslog.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 8:17:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_rsyslog.timer (wmf_auto_restart_rsyslog.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_rsyslog.timer (wmf_auto_restart_rsyslog.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_rsyslog.timer","systemd::service","service","wmf_auto_restart_rsyslog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","rsyslog","class","profile::rsyslog","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_rsyslog.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_lldpd.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_lldpd.timer","systemd::service","service","wmf_auto_restart_lldpd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_lldpd.service\n\n[Timer]\nUnit=wmf_auto_restart_lldpd.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 11:36:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_lldpd.timer (wmf_auto_restart_lldpd.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_lldpd.timer (wmf_auto_restart_lldpd.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_lldpd.timer","systemd::service","service","wmf_auto_restart_lldpd","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","lldpd","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_lldpd.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_systemd-journald.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_systemd-journald.timer","systemd::service","service","wmf_auto_restart_systemd-journald","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_systemd-journald.service\n\n[Timer]\nUnit=wmf_auto_restart_systemd-journald.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 5:4:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_systemd-journald.timer (wmf_auto_restart_systemd-journald.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_systemd-journald.timer (wmf_auto_restart_systemd-journald.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_systemd-journald.timer","systemd::service","service","wmf_auto_restart_systemd-journald","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","systemd-journald","class","base::standard_packages","base","standard_packages","profile::base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_systemd-journald.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_ssh.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_ssh.timer","systemd::service","service","wmf_auto_restart_ssh","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_ssh.service\n\n[Timer]\nUnit=wmf_auto_restart_ssh.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 20:19:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_ssh.timer (wmf_auto_restart_ssh.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_ssh.timer (wmf_auto_restart_ssh.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_ssh.timer","systemd::service","service","wmf_auto_restart_ssh","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","ssh","class","ssh::server","server","profile::ssh::server","profile::base","base","profile::base::labs","labs","role::wmcs::instance","role","wmcs","instance","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_ssh.timer]"]}},{"type":"Service","title":"wmf_auto_restart_prometheus-varnishkafka-exporter.timer","tags":["service","wmf_auto_restart_prometheus-varnishkafka-exporter.timer","systemd::service","systemd","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_prometheus-varnishkafka-exporter.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_prometheus-varnishkafka-exporter.timer","systemd::service","service","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_prometheus-varnishkafka-exporter.service\n\n[Timer]\nUnit=wmf_auto_restart_prometheus-varnishkafka-exporter.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 5:54:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_prometheus-varnishkafka-exporter.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-prometheus-varnishkafka-exporter.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_prometheus-varnishkafka-exporter\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_prometheus-varnishkafka-exporter/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_prometheus-varnishkafka-exporter","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_prometheus-varnishkafka-exporter\n\n/var/log/wmf_auto_restart_prometheus-varnishkafka-exporter/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"wmf_auto_restart_purged.timer","tags":["service","wmf_auto_restart_purged.timer","systemd::service","systemd","wmf_auto_restart_purged","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_purged.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_purged.timer","systemd::service","service","wmf_auto_restart_purged","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_purged.service\n\n[Timer]\nUnit=wmf_auto_restart_purged.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 21:37:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_purged.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-purged.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_purged","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_purged\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_purged/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_purged","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_purged","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_purged\n\n/var/log/wmf_auto_restart_purged/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"nrpe2nodexp-haproxy.timer","tags":["service","nrpe2nodexp-haproxy.timer","systemd::service","systemd","nrpe2nodexp-haproxy","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for nrpe2nodexp-haproxy.timer (nrpe2nodexp-haproxy.timer)]"]}},{"type":"Systemd::Unit","title":"nrpe2nodexp-haproxy.timer","tags":["systemd::unit","systemd","unit","nrpe2nodexp-haproxy.timer","systemd::service","service","nrpe2nodexp-haproxy","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-haproxy.service\n\n[Timer]\nUnit=nrpe2nodexp-haproxy.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=1min\nOnActiveSec=1s\nRandomizedDelaySec=60\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"nrpe2nodexp-haproxy.timer","require":["Class[Systemd]"]}},{"type":"Service","title":"nrpe2nodexp-haproxy_alive.timer","tags":["service","nrpe2nodexp-haproxy_alive.timer","systemd::service","systemd","nrpe2nodexp-haproxy_alive","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for nrpe2nodexp-haproxy_alive.timer (nrpe2nodexp-haproxy_alive.timer)]"]}},{"type":"Systemd::Unit","title":"nrpe2nodexp-haproxy_alive.timer","tags":["systemd::unit","systemd","unit","nrpe2nodexp-haproxy_alive.timer","systemd::service","service","nrpe2nodexp-haproxy_alive","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-haproxy_alive.service\n\n[Timer]\nUnit=nrpe2nodexp-haproxy_alive.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=1min\nOnActiveSec=1s\nRandomizedDelaySec=60\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"nrpe2nodexp-haproxy_alive.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/lib/systemd/system/haproxy_stek_job.timer","tags":["file","systemd::unit","systemd","unit","haproxy_stek_job.timer","systemd::service","service","haproxy_stek_job","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of haproxy_stek_job.service\n\n[Timer]\nUnit=haproxy_stek_job.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* 00/8:00:00\nOnBootSec=0sec\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for haproxy_stek_job.timer (haproxy_stek_job.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for haproxy_stek_job.timer (haproxy_stek_job.timer)","tags":["exec","systemd::unit","systemd","unit","haproxy_stek_job.timer","systemd::service","service","haproxy_stek_job","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::haproxy","profile","cache","haproxy","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[haproxy_stek_job.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmfuniq-experiment-fetcher.timer","tags":["file","systemd::unit","systemd","unit","wmfuniq-experiment-fetcher.timer","systemd::service","service","wmfuniq-experiment-fetcher","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmfuniq-experiment-fetcher.service\n\n[Timer]\nUnit=wmfuniq-experiment-fetcher.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=1s\nOnCalendar=minutely\nRandomizedDelaySec=59\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmfuniq-experiment-fetcher.timer (wmfuniq-experiment-fetcher.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmfuniq-experiment-fetcher.timer (wmfuniq-experiment-fetcher.timer)","tags":["exec","systemd::unit","systemd","unit","wmfuniq-experiment-fetcher.timer","systemd::service","service","wmfuniq-experiment-fetcher","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmfuniq-experiment-fetcher.timer]"]}},{"type":"Monitoring::Exported_nagios_service","title":"deployment-cache-text08 check_wmfuniq-experiment-fetcher_status","tags":["monitoring::exported_nagios_service","monitoring","exported_nagios_service","monitoring::service","service","check_wmfuniq-experiment-fetcher_status","nrpe::monitor_service","nrpe","monitor_service","systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/monitoring/manifests/service.pp","line":104,"kind":"defined_type","exported":false,"parameters":{"ensure":"present","host_name":"deployment-cache-text08","servicegroups":"misc","service_description":"Check unit status of wmfuniq-experiment-fetcher","check_command":"nrpe_check!check_check_wmfuniq-experiment-fetcher_status!10","max_check_attempts":2,"check_interval":10,"retry_interval":1,"check_period":"24x7","notification_interval":0,"notification_period":"24x7","notification_options":"c,r,f","notifications_enabled":"1","contact_groups":"admins","passive_checks_enabled":1,"active_checks_enabled":1,"is_volatile":0,"check_freshness":0,"notes_url":"https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state"}},{"type":"Systemd::Unit","title":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service","tags":["systemd::unit","systemd","unit","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service","systemd::timer::job","timer","job","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=execution of nrpe2nodexp for the check_check_wmfuniq-experiment-fetcher_status command.\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=nagios\n\nGroup=prometheus-node-exporter\nSyslogIdentifier=nrpe2nodexp-check_wmfuniq-experiment-fetcher_status\nExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"50dc98e51dafd8e982310a5038c4adc0\" --timeout 10 --check-command \"check_check_wmfuniq-experiment-fetcher_status\"\n","unit":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","tags":["systemd::timer","systemd","timer","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnUnitInactiveSec","interval":"5min"},{"interval":"1s","start":"OnActiveSec"}],"splay":300,"fixed_random_delay":true,"accuracy":"15sec","unit_name":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service"}},{"type":"File","title":"/etc/rsyslog.d/25-nrpe2nodexp-check-wmfuniq-experiment-fetcher-status.conf","tags":["file","rsyslog::conf","rsyslog","conf","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","systemd","monitor","wmfuniq-experiment-fetcher","systemd::timer::job","timer","job","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status\" then {\n    if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n        # Send logs to kafka\n        set $.log_outputs = \"kafka ecs_170 local\";\n    } else {\n        # Filter out non-relevant nrpe2nodexp messages\n        stop\n    }\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"Service","title":"clean-confd-rundir.timer","tags":["service","clean-confd-rundir.timer","systemd::service","systemd","clean-confd-rundir","systemd::timer","timer","systemd::timer::job","job","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"clean-confd-rundir.timer","tags":["systemd::unit","systemd","unit","clean-confd-rundir.timer","systemd::service","service","clean-confd-rundir","systemd::timer","timer","systemd::timer::job","job","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of clean-confd-rundir.service\n\n[Timer]\nUnit=clean-confd-rundir.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:0/30\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"clean-confd-rundir.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-clean-confd-rundir.conf","tags":["file","rsyslog::conf","rsyslog","conf","clean-confd-rundir","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","confd","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"clean-confd-rundir\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/clean-confd-rundir/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/clean-confd-rundir","tags":["file","logrotate::conf","logrotate","conf","clean-confd-rundir","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","class","confd","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for clean-confd-rundir\n\n/var/log/clean-confd-rundir/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/confd_prometheus_metrics.service","tags":["file","systemd::unit","systemd","unit","confd_prometheus_metrics.service","systemd::timer::job","timer","job","confd_prometheus_metrics","confd::instance","confd","instance","main","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Export confd Prometheus metrics\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/bin/confd-prometheus-metrics\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for confd_prometheus_metrics.service (confd_prometheus_metrics.service)]"}},{"type":"Exec","title":"systemd daemon-reload for confd_prometheus_metrics.service (confd_prometheus_metrics.service)","tags":["exec","systemd::unit","systemd","unit","confd_prometheus_metrics.service","systemd::timer::job","timer","job","confd_prometheus_metrics","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"confd_prometheus_metrics","tags":["systemd::service","systemd","service","confd_prometheus_metrics","systemd::timer","timer","systemd::timer::job","job","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of confd_prometheus_metrics.service\n\n[Timer]\nUnit=confd_prometheus_metrics.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[confd_prometheus_metrics.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/confd_prometheus_metrics","tags":["file","systemd::syslog","systemd","syslog","confd_prometheus_metrics","systemd::timer::job","timer","job","confd::instance","confd","instance","main","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"confd_prometheus_metrics","tags":["rsyslog::conf","rsyslog","conf","confd_prometheus_metrics","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"confd_prometheus_metrics\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/confd_prometheus_metrics/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/confd_prometheus_metrics]","mode":"0444"}},{"type":"Logrotate::Conf","title":"confd_prometheus_metrics","tags":["logrotate::conf","logrotate","conf","confd_prometheus_metrics","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for confd_prometheus_metrics\n\n/var/log/confd_prometheus_metrics/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/prometheus_varnishd_mmap_count.timer","tags":["file","systemd::unit","systemd","unit","prometheus_varnishd_mmap_count.timer","systemd::service","service","prometheus_varnishd_mmap_count","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus_varnishd_mmap_count.service\n\n[Timer]\nUnit=prometheus_varnishd_mmap_count.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_varnishd_mmap_count.timer (prometheus_varnishd_mmap_count.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_varnishd_mmap_count.timer (prometheus_varnishd_mmap_count.timer)","tags":["exec","systemd::unit","systemd","unit","prometheus_varnishd_mmap_count.timer","systemd::service","service","prometheus_varnishd_mmap_count","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_varnishd_mmap_count","prometheus","node_varnishd_mmap_count","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[prometheus_varnishd_mmap_count.timer]"]}},{"type":"File","title":"/lib/systemd/system/prometheus_sysctl.timer","tags":["file","systemd::unit","systemd","unit","prometheus_sysctl.timer","systemd::service","service","prometheus_sysctl","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of prometheus_sysctl.service\n\n[Timer]\nUnit=prometheus_sysctl.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:0/5\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_sysctl.timer (prometheus_sysctl.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_sysctl.timer (prometheus_sysctl.timer)","tags":["exec","systemd::unit","systemd","unit","prometheus_sysctl.timer","systemd::service","service","prometheus_sysctl","systemd::timer","timer","systemd::timer::job","job","class","prometheus::node_sysctl","prometheus","node_sysctl","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[prometheus_sysctl.timer]"]}},{"type":"Service","title":"track_vcache_fds.timer","tags":["service","track_vcache_fds.timer","systemd::service","systemd","track_vcache_fds","systemd::timer","timer","systemd::timer::job","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"track_vcache_fds.timer","tags":["systemd::unit","systemd","unit","track_vcache_fds.timer","systemd::service","service","track_vcache_fds","systemd::timer","timer","systemd::timer::job","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of track_vcache_fds.service\n\n[Timer]\nUnit=track_vcache_fds.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"track_vcache_fds.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-track-vcache-fds.conf","tags":["file","rsyslog::conf","rsyslog","conf","track_vcache_fds","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"track_vcache_fds\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/track_vcache_fds/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/track_vcache_fds","tags":["file","logrotate::conf","logrotate","conf","track_vcache_fds","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for track_vcache_fds\n\n/var/log/track_vcache_fds/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_varnish-frontend-slowlog.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-slowlog.service","systemd::timer::job","timer","job","wmf_auto_restart_varnish-frontend-slowlog","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: varnish-frontend-slowlog\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s varnish-frontend-slowlog\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-slowlog.service (wmf_auto_restart_varnish-frontend-slowlog.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_varnish-frontend-slowlog.service (wmf_auto_restart_varnish-frontend-slowlog.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-slowlog.service","systemd::timer::job","timer","job","wmf_auto_restart_varnish-frontend-slowlog","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_varnish-frontend-slowlog","tags":["systemd::service","systemd","service","wmf_auto_restart_varnish-frontend-slowlog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_varnish-frontend-slowlog.service\n\n[Timer]\nUnit=wmf_auto_restart_varnish-frontend-slowlog.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 9:9:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_varnish-frontend-slowlog.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_varnish-frontend-slowlog","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_varnish-frontend-slowlog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_varnish-frontend-slowlog","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_varnish-frontend-slowlog","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_varnish-frontend-slowlog\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_varnish-frontend-slowlog/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_varnish-frontend-slowlog]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_varnish-frontend-slowlog","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_varnish-frontend-slowlog","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_varnish-frontend-slowlog\n\n/var/log/wmf_auto_restart_varnish-frontend-slowlog/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_varnish-frontend-hospital.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-hospital.service","systemd::timer::job","timer","job","wmf_auto_restart_varnish-frontend-hospital","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: varnish-frontend-hospital\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s varnish-frontend-hospital\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-hospital.service (wmf_auto_restart_varnish-frontend-hospital.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_varnish-frontend-hospital.service (wmf_auto_restart_varnish-frontend-hospital.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-hospital.service","systemd::timer::job","timer","job","wmf_auto_restart_varnish-frontend-hospital","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_varnish-frontend-hospital","tags":["systemd::service","systemd","service","wmf_auto_restart_varnish-frontend-hospital","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_varnish-frontend-hospital.service\n\n[Timer]\nUnit=wmf_auto_restart_varnish-frontend-hospital.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 14:52:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_varnish-frontend-hospital.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_varnish-frontend-hospital","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_varnish-frontend-hospital","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_varnish-frontend-hospital","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_varnish-frontend-hospital","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_varnish-frontend-hospital\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_varnish-frontend-hospital/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_varnish-frontend-hospital]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_varnish-frontend-hospital","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_varnish-frontend-hospital","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_varnish-frontend-hospital\n\n/var/log/wmf_auto_restart_varnish-frontend-hospital/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_varnish-frontend-fetcherr.service","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-fetcherr.service","systemd::timer::job","timer","job","wmf_auto_restart_varnish-frontend-fetcherr","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Auto restart job: varnish-frontend-fetcherr\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=root\nExecStart=/usr/local/sbin/wmf-auto-restart -s varnish-frontend-fetcherr\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-fetcherr.service (wmf_auto_restart_varnish-frontend-fetcherr.service)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_varnish-frontend-fetcherr.service (wmf_auto_restart_varnish-frontend-fetcherr.service)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-fetcherr.service","systemd::timer::job","timer","job","wmf_auto_restart_varnish-frontend-fetcherr","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"wmf_auto_restart_varnish-frontend-fetcherr","tags":["systemd::service","systemd","service","wmf_auto_restart_varnish-frontend-fetcherr","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_varnish-frontend-fetcherr.service\n\n[Timer]\nUnit=wmf_auto_restart_varnish-frontend-fetcherr.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 15:12:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[wmf_auto_restart_varnish-frontend-fetcherr.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/var/log/wmf_auto_restart_varnish-frontend-fetcherr","tags":["file","systemd::syslog","systemd","syslog","wmf_auto_restart_varnish-frontend-fetcherr","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":65,"exported":false,"kind":"compilable_type","parameters":{"ensure":"directory","owner":"root","group":"root","mode":"0755","force":true,"backup":false}},{"type":"Rsyslog::Conf","title":"wmf_auto_restart_varnish-frontend-fetcherr","tags":["rsyslog::conf","rsyslog","conf","wmf_auto_restart_varnish-frontend-fetcherr","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":75,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_varnish-frontend-fetcherr\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_varnish-frontend-fetcherr/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","priority":40,"require":"File[/var/log/wmf_auto_restart_varnish-frontend-fetcherr]","mode":"0444"}},{"type":"Logrotate::Conf","title":"wmf_auto_restart_varnish-frontend-fetcherr","tags":["logrotate::conf","logrotate","conf","wmf_auto_restart_varnish-frontend-fetcherr","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/syslog.pp","line":97,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"# logrotate(8) config for wmf_auto_restart_varnish-frontend-fetcherr\n\n/var/log/wmf_auto_restart_varnish-frontend-fetcherr/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/refresh-dp-key.timer","tags":["file","systemd::unit","systemd","unit","refresh-dp-key.timer","systemd::service","service","refresh-dp-key","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of refresh-dp-key.service\n\n[Timer]\nUnit=refresh-dp-key.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*-*-* 00:15:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for refresh-dp-key.timer (refresh-dp-key.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for refresh-dp-key.timer (refresh-dp-key.timer)","tags":["exec","systemd::unit","systemd","unit","refresh-dp-key.timer","systemd::service","service","refresh-dp-key","systemd::timer","timer","systemd::timer::job","job","class","profile::cache::varnish::frontend::text","profile","cache","varnish","frontend","text","role::cache::text","role","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[refresh-dp-key.timer]"]}},{"type":"Monitoring::Exported_nagios_service","title":"deployment-cache-text08 check_tcp-mss-clamper_status","tags":["monitoring::exported_nagios_service","monitoring","exported_nagios_service","monitoring::service","service","check_tcp-mss-clamper_status","nrpe::monitor_service","nrpe","monitor_service","systemd::monitor","systemd","monitor","tcp-mss-clamper","systemd::service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/monitoring/manifests/service.pp","line":104,"kind":"defined_type","exported":false,"parameters":{"ensure":"absent","host_name":"deployment-cache-text08","servicegroups":"misc","service_description":"Check unit status of tcp-mss-clamper","check_command":"nrpe_check!check_check_tcp-mss-clamper_status!10","max_check_attempts":2,"check_interval":10,"retry_interval":1,"check_period":"24x7","notification_interval":0,"notification_period":"24x7","notification_options":"c,r,f","notifications_enabled":"1","contact_groups":"admins","passive_checks_enabled":1,"active_checks_enabled":1,"is_volatile":0,"check_freshness":0,"notes_url":"https://wikitech.wikimedia.org/wiki/LVS#IPIP_encapsulation_experiments"}},{"type":"Systemd::Unit","title":"nrpe2nodexp-check_tcp-mss-clamper_status.service","tags":["systemd::unit","systemd","unit","nrpe2nodexp-check_tcp-mss-clamper_status.service","systemd::timer::job","timer","job","nrpe2nodexp-check_tcp-mss-clamper_status","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":203,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=execution of nrpe2nodexp for the check_check_tcp-mss-clamper_status command.\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=nagios\n\nGroup=prometheus-node-exporter\nSyslogIdentifier=nrpe2nodexp-check_tcp-mss-clamper_status\nExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"295d6d5dd0a784bb9ba1d5983fd1894f\" --timeout 10 --check-command \"check_check_tcp-mss-clamper_status\"\n","unit":"nrpe2nodexp-check_tcp-mss-clamper_status.service","restart":false,"override":false,"override_filename":"puppet-override.conf","require":["Class[Systemd]"]}},{"type":"Systemd::Timer","title":"nrpe2nodexp-check_tcp-mss-clamper_status","tags":["systemd::timer","systemd","timer","nrpe2nodexp-check_tcp-mss-clamper_status","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer/job.pp","line":209,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","timer_intervals":[{"start":"OnUnitInactiveSec","interval":"5min"},{"interval":"1s","start":"OnActiveSec"}],"splay":300,"fixed_random_delay":true,"accuracy":"15sec","unit_name":"nrpe2nodexp-check_tcp-mss-clamper_status.service"}},{"type":"File","title":"/etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf","tags":["file","rsyslog::conf","rsyslog","conf","nrpe2nodexp-check_tcp-mss-clamper_status","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","systemd","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# SPDX-License-Identifier: Apache-2.0\nif $programname contains \"nrpe2nodexp-check_tcp-mss-clamper_status\" then {\n    if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n        # Send logs to kafka\n        set $.log_outputs = \"kafka ecs_170 local\";\n    } else {\n        # Filter out non-relevant nrpe2nodexp messages\n        stop\n    }\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"Service","title":"prometheus_lvs_realserver_mss.timer","tags":["service","prometheus_lvs_realserver_mss.timer","systemd::service","systemd","prometheus_lvs_realserver_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)]"]}},{"type":"Systemd::Unit","title":"prometheus_lvs_realserver_mss.timer","tags":["systemd::unit","systemd","unit","prometheus_lvs_realserver_mss.timer","systemd::service","service","prometheus_lvs_realserver_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of prometheus_lvs_realserver_mss.service\n\n[Timer]\nUnit=prometheus_lvs_realserver_mss.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"prometheus_lvs_realserver_mss.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf","tags":["file","rsyslog::conf","rsyslog","conf","prometheus_lvs_realserver_mss","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_lvs_realserver_mss\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_lvs_realserver_mss/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/prometheus_lvs_realserver_mss","tags":["file","logrotate::conf","logrotate","conf","prometheus_lvs_realserver_mss","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for prometheus_lvs_realserver_mss\n\n/var/log/prometheus_lvs_realserver_mss/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"prometheus_ferm_mss.timer","tags":["service","prometheus_ferm_mss.timer","systemd::service","systemd","prometheus_ferm_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)]"]}},{"type":"Systemd::Unit","title":"prometheus_ferm_mss.timer","tags":["systemd::unit","systemd","unit","prometheus_ferm_mss.timer","systemd::service","service","prometheus_ferm_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of prometheus_ferm_mss.service\n\n[Timer]\nUnit=prometheus_ferm_mss.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"prometheus_ferm_mss.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-prometheus-ferm-mss.conf","tags":["file","rsyslog::conf","rsyslog","conf","prometheus_ferm_mss","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"prometheus_ferm_mss\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/prometheus_ferm_mss/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/prometheus_ferm_mss","tags":["file","logrotate::conf","logrotate","conf","prometheus_ferm_mss","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for prometheus_ferm_mss\n\n/var/log/prometheus_ferm_mss/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_prometheus-varnishkafka-exporter.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_prometheus-varnishkafka-exporter.timer","systemd::service","service","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_prometheus-varnishkafka-exporter.service\n\n[Timer]\nUnit=wmf_auto_restart_prometheus-varnishkafka-exporter.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 5:54:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_prometheus-varnishkafka-exporter.timer (wmf_auto_restart_prometheus-varnishkafka-exporter.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_prometheus-varnishkafka-exporter.timer (wmf_auto_restart_prometheus-varnishkafka-exporter.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_prometheus-varnishkafka-exporter.timer","systemd::service","service","wmf_auto_restart_prometheus-varnishkafka-exporter","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","prometheus-varnishkafka-exporter","class","prometheus::varnishkafka_exporter","prometheus","varnishkafka_exporter","profile::prometheus::varnishkafka_exporter","profile::cache::base","cache","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_prometheus-varnishkafka-exporter.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_purged.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_purged.timer","systemd::service","service","wmf_auto_restart_purged","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_purged.service\n\n[Timer]\nUnit=wmf_auto_restart_purged.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 21:37:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_purged.timer (wmf_auto_restart_purged.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_purged.timer (wmf_auto_restart_purged.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_purged.timer","systemd::service","service","wmf_auto_restart_purged","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","purged","class","profile::cache::purge","cache","purge","profile::cache::base","base","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_purged.timer]"]}},{"type":"File","title":"/lib/systemd/system/nrpe2nodexp-haproxy.timer","tags":["file","systemd::unit","systemd","unit","nrpe2nodexp-haproxy.timer","systemd::service","service","nrpe2nodexp-haproxy","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-haproxy.service\n\n[Timer]\nUnit=nrpe2nodexp-haproxy.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=1min\nOnActiveSec=1s\nRandomizedDelaySec=60\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for nrpe2nodexp-haproxy.timer (nrpe2nodexp-haproxy.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for nrpe2nodexp-haproxy.timer (nrpe2nodexp-haproxy.timer)","tags":["exec","systemd::unit","systemd","unit","nrpe2nodexp-haproxy.timer","systemd::service","service","nrpe2nodexp-haproxy","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy","class","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/nrpe2nodexp-haproxy_alive.timer","tags":["file","systemd::unit","systemd","unit","nrpe2nodexp-haproxy_alive.timer","systemd::service","service","nrpe2nodexp-haproxy_alive","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-haproxy_alive.service\n\n[Timer]\nUnit=nrpe2nodexp-haproxy_alive.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=1min\nOnActiveSec=1s\nRandomizedDelaySec=60\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for nrpe2nodexp-haproxy_alive.timer (nrpe2nodexp-haproxy_alive.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for nrpe2nodexp-haproxy_alive.timer (nrpe2nodexp-haproxy_alive.timer)","tags":["exec","systemd::unit","systemd","unit","nrpe2nodexp-haproxy_alive.timer","systemd::service","service","nrpe2nodexp-haproxy_alive","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","haproxy_alive","class","haproxy","profile::cache::haproxy","profile","cache","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service","tags":["file","systemd::unit","systemd","unit","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service","systemd::timer::job","timer","job","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=execution of nrpe2nodexp for the check_check_wmfuniq-experiment-fetcher_status command.\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=nagios\n\nGroup=prometheus-node-exporter\nSyslogIdentifier=nrpe2nodexp-check_wmfuniq-experiment-fetcher_status\nExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"50dc98e51dafd8e982310a5038c4adc0\" --timeout 10 --check-command \"check_check_wmfuniq-experiment-fetcher_status\"\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service (nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service)]"}},{"type":"Exec","title":"systemd daemon-reload for nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service (nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service)","tags":["exec","systemd::unit","systemd","unit","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service","systemd::timer::job","timer","job","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","tags":["systemd::service","systemd","service","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service\n\n[Timer]\nUnit=nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=5min\nOnActiveSec=1s\nRandomizedDelaySec=300\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/lib/systemd/system/clean-confd-rundir.timer","tags":["file","systemd::unit","systemd","unit","clean-confd-rundir.timer","systemd::service","service","clean-confd-rundir","systemd::timer","timer","systemd::timer::job","job","class","confd","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of clean-confd-rundir.service\n\n[Timer]\nUnit=clean-confd-rundir.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=*:0/30\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for clean-confd-rundir.timer (clean-confd-rundir.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for clean-confd-rundir.timer (clean-confd-rundir.timer)","tags":["exec","systemd::unit","systemd","unit","clean-confd-rundir.timer","systemd::service","service","clean-confd-rundir","systemd::timer","timer","systemd::timer::job","job","class","confd","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[clean-confd-rundir.timer]"]}},{"type":"Service","title":"confd_prometheus_metrics.timer","tags":["service","confd_prometheus_metrics.timer","systemd::service","systemd","confd_prometheus_metrics","systemd::timer","timer","systemd::timer::job","job","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"confd_prometheus_metrics.timer","tags":["systemd::unit","systemd","unit","confd_prometheus_metrics.timer","systemd::service","service","confd_prometheus_metrics","systemd::timer","timer","systemd::timer::job","job","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of confd_prometheus_metrics.service\n\n[Timer]\nUnit=confd_prometheus_metrics.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"confd_prometheus_metrics.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-confd-prometheus-metrics.conf","tags":["file","rsyslog::conf","rsyslog","conf","confd_prometheus_metrics","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","confd::instance","confd","instance","main","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"confd_prometheus_metrics\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/confd_prometheus_metrics/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/confd_prometheus_metrics","tags":["file","logrotate::conf","logrotate","conf","confd_prometheus_metrics","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","confd::instance","confd","instance","main","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for confd_prometheus_metrics\n\n/var/log/confd_prometheus_metrics/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/track_vcache_fds.timer","tags":["file","systemd::unit","systemd","unit","track_vcache_fds.timer","systemd::service","service","track_vcache_fds","systemd::timer","timer","systemd::timer::job","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of track_vcache_fds.service\n\n[Timer]\nUnit=track_vcache_fds.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for track_vcache_fds.timer (track_vcache_fds.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for track_vcache_fds.timer (track_vcache_fds.timer)","tags":["exec","systemd::unit","systemd","unit","track_vcache_fds.timer","systemd::service","service","track_vcache_fds","systemd::timer","timer","systemd::timer::job","job","prometheus::node_file_count","prometheus","node_file_count","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[track_vcache_fds.timer]"]}},{"type":"Service","title":"wmf_auto_restart_varnish-frontend-slowlog.timer","tags":["service","wmf_auto_restart_varnish-frontend-slowlog.timer","systemd::service","systemd","wmf_auto_restart_varnish-frontend-slowlog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_varnish-frontend-slowlog.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-slowlog.timer","systemd::service","service","wmf_auto_restart_varnish-frontend-slowlog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_varnish-frontend-slowlog.service\n\n[Timer]\nUnit=wmf_auto_restart_varnish-frontend-slowlog.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 9:9:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_varnish-frontend-slowlog.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-varnish-frontend-slowlog.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_varnish-frontend-slowlog","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_varnish-frontend-slowlog\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_varnish-frontend-slowlog/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_varnish-frontend-slowlog","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_varnish-frontend-slowlog","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_varnish-frontend-slowlog\n\n/var/log/wmf_auto_restart_varnish-frontend-slowlog/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"wmf_auto_restart_varnish-frontend-hospital.timer","tags":["service","wmf_auto_restart_varnish-frontend-hospital.timer","systemd::service","systemd","wmf_auto_restart_varnish-frontend-hospital","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_varnish-frontend-hospital.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-hospital.timer","systemd::service","service","wmf_auto_restart_varnish-frontend-hospital","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_varnish-frontend-hospital.service\n\n[Timer]\nUnit=wmf_auto_restart_varnish-frontend-hospital.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 14:52:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_varnish-frontend-hospital.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-varnish-frontend-hospital.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_varnish-frontend-hospital","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_varnish-frontend-hospital\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_varnish-frontend-hospital/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_varnish-frontend-hospital","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_varnish-frontend-hospital","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_varnish-frontend-hospital\n\n/var/log/wmf_auto_restart_varnish-frontend-hospital/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"Service","title":"wmf_auto_restart_varnish-frontend-fetcherr.timer","tags":["service","wmf_auto_restart_varnish-frontend-fetcherr.timer","systemd::service","systemd","wmf_auto_restart_varnish-frontend-fetcherr","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"running","enable":true,"provider":"systemd"}},{"type":"Systemd::Unit","title":"wmf_auto_restart_varnish-frontend-fetcherr.timer","tags":["systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-fetcherr.timer","systemd::service","service","wmf_auto_restart_varnish-frontend-fetcherr","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_varnish-frontend-fetcherr.service\n\n[Timer]\nUnit=wmf_auto_restart_varnish-frontend-fetcherr.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 15:12:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"wmf_auto_restart_varnish-frontend-fetcherr.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/etc/rsyslog.d/40-wmf-auto-restart-varnish-frontend-fetcherr.conf","tags":["file","rsyslog::conf","rsyslog","conf","wmf_auto_restart_varnish-frontend-fetcherr","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/rsyslog/manifests/conf.pp","line":55,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"# rsyslog.conf(5) configuration file for services.\n# This file is managed by Puppet.\nif $programname startswith \"wmf_auto_restart_varnish-frontend-fetcherr\" then {\n    action(\n        type=\"omfile\" file=\"/var/log/wmf_auto_restart_varnish-frontend-fetcherr/syslog.log\"\n        fileOwner=\"root\" fileGroup=\"root\"\n        fileCreateMode=\"0644\"\n    )\n    & stop\n}\n","owner":"root","group":"root","mode":"0444","notify":"Service[rsyslog]"}},{"type":"File","title":"/etc/logrotate.d/wmf_auto_restart_varnish-frontend-fetcherr","tags":["file","logrotate::conf","logrotate","conf","wmf_auto_restart_varnish-frontend-fetcherr","systemd::syslog","systemd","syslog","systemd::timer::job","timer","job","profile::auto_restarts::service","profile","auto_restarts","service","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/logrotate/manifests/conf.pp","line":14,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","owner":"root","group":"root","mode":"0444","content":"# logrotate(8) config for wmf_auto_restart_varnish-frontend-fetcherr\n\n/var/log/wmf_auto_restart_varnish-frontend-fetcherr/*.log {\n    daily\n    copytruncate\n    missingok\n    compress\n    delaycompress\n    notifempty\n    rotate 15\n    size 256M\n}\n"}},{"type":"File","title":"/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service","tags":["file","systemd::unit","systemd","unit","nrpe2nodexp-check_tcp-mss-clamper_status.service","systemd::timer::job","timer","job","nrpe2nodexp-check_tcp-mss-clamper_status","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=execution of nrpe2nodexp for the check_check_tcp-mss-clamper_status command.\nDocumentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n\n[Service]\nType=oneshot\nUser=nagios\n\nGroup=prometheus-node-exporter\nSyslogIdentifier=nrpe2nodexp-check_tcp-mss-clamper_status\nExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"295d6d5dd0a784bb9ba1d5983fd1894f\" --timeout 10 --check-command \"check_check_tcp-mss-clamper_status\"\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)]"}},{"type":"Exec","title":"systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)","tags":["exec","systemd::unit","systemd","unit","nrpe2nodexp-check_tcp-mss-clamper_status.service","systemd::timer::job","timer","job","nrpe2nodexp-check_tcp-mss-clamper_status","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","systemd::service","service","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Systemd::Service","title":"nrpe2nodexp-check_tcp-mss-clamper_status","tags":["systemd::service","systemd","service","nrpe2nodexp-check_tcp-mss-clamper_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/timer.pp","line":54,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","unit_type":"timer","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-check_tcp-mss-clamper_status.service\n\n[Timer]\nUnit=nrpe2nodexp-check_tcp-mss-clamper_status.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=5min\nOnActiveSec=1s\nRandomizedDelaySec=300\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","require":"Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service]","restart":false,"override":false,"monitoring_enabled":false,"monitoring_contact_group":"admins","monitoring_critical":false,"service_params":{},"migration_task":"T407130"}},{"type":"File","title":"/lib/systemd/system/prometheus_lvs_realserver_mss.timer","tags":["file","systemd::unit","systemd","unit","prometheus_lvs_realserver_mss.timer","systemd::service","service","prometheus_lvs_realserver_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of prometheus_lvs_realserver_mss.service\n\n[Timer]\nUnit=prometheus_lvs_realserver_mss.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)","tags":["exec","systemd::unit","systemd","unit","prometheus_lvs_realserver_mss.timer","systemd::service","service","prometheus_lvs_realserver_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_lvs_realserver_mss","prometheus","node_lvs_realserver_mss","lvs_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/prometheus_ferm_mss.timer","tags":["file","systemd::unit","systemd","unit","prometheus_ferm_mss.timer","systemd::service","service","prometheus_ferm_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of prometheus_ferm_mss.service\n\n[Timer]\nUnit=prometheus_ferm_mss.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)","tags":["exec","systemd::unit","systemd","unit","prometheus_ferm_mss.timer","systemd::service","service","prometheus_ferm_mss","systemd::timer","timer","systemd::timer::job","job","prometheus::node_ferm_mss","prometheus","node_ferm_mss","ferm_clamped_ipport","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"Service","title":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer","tags":["service","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer","systemd::service","systemd","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer (nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer)]"]}},{"type":"Systemd::Unit","title":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer","tags":["systemd::unit","systemd","unit","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer","systemd::service","service","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service\n\n[Timer]\nUnit=nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=5min\nOnActiveSec=1s\nRandomizedDelaySec=300\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/lib/systemd/system/confd_prometheus_metrics.timer","tags":["file","systemd::unit","systemd","unit","confd_prometheus_metrics.timer","systemd::service","service","confd_prometheus_metrics","systemd::timer","timer","systemd::timer::job","job","confd::instance","confd","instance","main","class","confd::file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of confd_prometheus_metrics.service\n\n[Timer]\nUnit=confd_prometheus_metrics.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=minutely\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for confd_prometheus_metrics.timer (confd_prometheus_metrics.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for confd_prometheus_metrics.timer (confd_prometheus_metrics.timer)","tags":["exec","systemd::unit","systemd","unit","confd_prometheus_metrics.timer","systemd::service","service","confd_prometheus_metrics","systemd::timer","timer","systemd::timer::job","job","confd::instance","confd","instance","main","class","confd::file","file","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[confd_prometheus_metrics.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_varnish-frontend-slowlog.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-slowlog.timer","systemd::service","service","wmf_auto_restart_varnish-frontend-slowlog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_varnish-frontend-slowlog.service\n\n[Timer]\nUnit=wmf_auto_restart_varnish-frontend-slowlog.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 9:9:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-slowlog.timer (wmf_auto_restart_varnish-frontend-slowlog.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_varnish-frontend-slowlog.timer (wmf_auto_restart_varnish-frontend-slowlog.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-slowlog.timer","systemd::service","service","wmf_auto_restart_varnish-frontend-slowlog","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-slowlog","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_varnish-frontend-slowlog.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_varnish-frontend-hospital.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-hospital.timer","systemd::service","service","wmf_auto_restart_varnish-frontend-hospital","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_varnish-frontend-hospital.service\n\n[Timer]\nUnit=wmf_auto_restart_varnish-frontend-hospital.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 14:52:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-hospital.timer (wmf_auto_restart_varnish-frontend-hospital.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_varnish-frontend-hospital.timer (wmf_auto_restart_varnish-frontend-hospital.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-hospital.timer","systemd::service","service","wmf_auto_restart_varnish-frontend-hospital","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-hospital","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_varnish-frontend-hospital.timer]"]}},{"type":"File","title":"/lib/systemd/system/wmf_auto_restart_varnish-frontend-fetcherr.timer","tags":["file","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-fetcherr.timer","systemd::service","service","wmf_auto_restart_varnish-frontend-fetcherr","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"present","content":"[Unit]\nDescription=Periodic execution of wmf_auto_restart_varnish-frontend-fetcherr.service\n\n[Timer]\nUnit=wmf_auto_restart_varnish-frontend-fetcherr.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 15:12:00\nRandomizedDelaySec=0\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-fetcherr.timer (wmf_auto_restart_varnish-frontend-fetcherr.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for wmf_auto_restart_varnish-frontend-fetcherr.timer (wmf_auto_restart_varnish-frontend-fetcherr.timer)","tags":["exec","systemd::unit","systemd","unit","wmf_auto_restart_varnish-frontend-fetcherr.timer","systemd::service","service","wmf_auto_restart_varnish-frontend-fetcherr","systemd::timer","timer","systemd::timer::job","job","profile::auto_restarts::service","profile","auto_restarts","varnish-frontend-fetcherr","varnish::instance","varnish","instance","text-frontend","class","profile::cache::varnish::frontend","cache","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true,"before":["Service[wmf_auto_restart_varnish-frontend-fetcherr.timer]"]}},{"type":"Service","title":"nrpe2nodexp-check_tcp-mss-clamper_status.timer","tags":["service","nrpe2nodexp-check_tcp-mss-clamper_status.timer","systemd::service","systemd","nrpe2nodexp-check_tcp-mss-clamper_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":59,"kind":"compilable_type","exported":false,"parameters":{"ensure":"stopped","enable":false,"provider":"systemd","before":["Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]"]}},{"type":"Systemd::Unit","title":"nrpe2nodexp-check_tcp-mss-clamper_status.timer","tags":["systemd::unit","systemd","unit","nrpe2nodexp-check_tcp-mss-clamper_status.timer","systemd::service","service","nrpe2nodexp-check_tcp-mss-clamper_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/service.pp","line":61,"exported":false,"kind":"defined_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-check_tcp-mss-clamper_status.service\n\n[Timer]\nUnit=nrpe2nodexp-check_tcp-mss-clamper_status.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=5min\nOnActiveSec=1s\nRandomizedDelaySec=300\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","override":false,"override_filename":"puppet-override.conf","restart":false,"unit":"nrpe2nodexp-check_tcp-mss-clamper_status.timer","require":["Class[Systemd]"]}},{"type":"File","title":"/lib/systemd/system/nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer","tags":["file","systemd::unit","systemd","unit","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer","systemd::service","service","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service\n\n[Timer]\nUnit=nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=5min\nOnActiveSec=1s\nRandomizedDelaySec=300\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer (nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer (nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer)","tags":["exec","systemd::unit","systemd","unit","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer","systemd::service","service","nrpe2nodexp-check_wmfuniq-experiment-fetcher_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_wmfuniq-experiment-fetcher_status","systemd::monitor","monitor","wmfuniq-experiment-fetcher","class","profile::cache::varnish::frontend","profile","cache","varnish","frontend","role::cache::text","role","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}},{"type":"File","title":"/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer","tags":["file","systemd::unit","systemd","unit","nrpe2nodexp-check_tcp-mss-clamper_status.timer","systemd::service","service","nrpe2nodexp-check_tcp-mss-clamper_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":78,"exported":false,"kind":"compilable_type","parameters":{"ensure":"absent","content":"[Unit]\nDescription=Periodic execution of nrpe2nodexp-check_tcp-mss-clamper_status.service\n\n[Timer]\nUnit=nrpe2nodexp-check_tcp-mss-clamper_status.service\n# Accuracy sets the maximum time interval around the execution time we want to allow\nAccuracySec=15sec\nOnUnitInactiveSec=5min\nOnActiveSec=1s\nRandomizedDelaySec=300\nFixedRandomDelay=true\n\n[Install]\nWantedBy=multi-user.target\n","mode":"0444","owner":"root","group":"root","notify":"Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]"}},{"type":"Exec","title":"systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)","tags":["exec","systemd::unit","systemd","unit","nrpe2nodexp-check_tcp-mss-clamper_status.timer","systemd::service","service","nrpe2nodexp-check_tcp-mss-clamper_status","systemd::timer","timer","systemd::timer::job","job","nrpe::monitor_service","nrpe","monitor_service","check_tcp-mss-clamper_status","systemd::monitor","monitor","tcp-mss-clamper","class","profile::lvs::realserver::ipip","profile","lvs","realserver","ipip","role::cache::text","role","cache","text","node","default"],"file":"/srv/jenkins/puppet-compiler/7027/production/src/modules/systemd/manifests/unit.pp","line":88,"exported":false,"kind":"compilable_type","parameters":{"command":"/bin/systemctl daemon-reload","refreshonly":true}}],"edges":[{"source":"Stage[main]","target":"Class[Settings]"},{"source":"Stage[main]","target":"Class[main]"},{"source":"Class[main]","target":"Node[default]"},{"source":"Stage[main]","target":"Class[Role::Wmcs::Instance]"},{"source":"Stage[main]","target":"Class[Profile::Base::Labs]"},{"source":"Stage[main]","target":"Class[Profile::Base]"},{"source":"Class[Profile::Base]","target":"File[/usr/local/sbin]"},{"source":"Class[Profile::Base]","target":"File[/usr/local/share/bash]"},{"source":"Stage[main]","target":"Class[Profile::Adduser]"},{"source":"Stage[main]","target":"Class[Adduser]"},{"source":"Class[Profile::Adduser]","target":"Class[Adduser]"},{"source":"Class[Adduser]","target":"File[/etc/adduser.conf]"},{"source":"Class[Adduser]","target":"Systemd::Sysuser[sysusers-base-config]"},{"source":"Class[Adduser]","target":"File_line[login.defs-SYS_UID_MAX]"},{"source":"Class[Adduser]","target":"File_line[login.defs-SYS_GID_MAX]"},{"source":"Stage[main]","target":"Class[Profile::Puppet::Agent]"},{"source":"Class[Profile::Base]","target":"Class[Profile::Puppet::Agent]"},{"source":"Stage[main]","target":"Class[Debian]"},{"source":"Class[Profile::Puppet::Agent]","target":"Apt::Package_from_component[puppet]"},{"source":"Class[Profile::Puppet::Agent]","target":"Apt::Package_from_component[ruby-sys-filesystem]"},{"source":"Stage[main]","target":"Class[Puppet::Agent]"},{"source":"Class[Puppet::Agent]","target":"Package[puppet]"},{"source":"Class[Puppet::Agent]","target":"Package[facter]"},{"source":"Class[Puppet::Agent]","target":"Package[augeas-tools]"},{"source":"Class[Puppet::Agent]","target":"Package[virt-what]"},{"source":"Class[Puppet::Agent]","target":"Package[puppet-module-puppetlabs-augeas-core]"},{"source":"Class[Puppet::Agent]","target":"File[/etc/facter]"},{"source":"Class[Puppet::Agent]","target":"File[/etc/facter/facter.conf]"},{"source":"Class[Puppet::Agent]","target":"File[/etc/puppetlabs]"},{"source":"Class[Puppet::Agent]","target":"Concat[/etc/puppet/puppet.conf]"},{"source":"Class[Puppet::Agent]","target":"Concat::Fragment[main]"},{"source":"Class[Puppet::Agent]","target":"Service[puppet]"},{"source":"Stage[main]","target":"Class[Puppet_statsd]"},{"source":"Class[Puppet_statsd]","target":"File[/etc/puppet/statsd.yaml]"},{"source":"Stage[main]","target":"Class[Prometheus::Node_puppet_agent]"},{"source":"Class[Prometheus::Node_puppet_agent]","target":"Package[python3-prometheus-client]"},{"source":"Class[Prometheus::Node_puppet_agent]","target":"Package[python3-yaml]"},{"source":"Class[Prometheus::Node_puppet_agent]","target":"File[/usr/local/bin/prometheus-puppet-agent-stats]"},{"source":"Class[Prometheus::Node_puppet_agent]","target":"Systemd::Timer::Job[prometheus_puppet_agent_stats]"},{"source":"Class[Prometheus::Node_puppet_agent]","target":"Systemd::Unit[prometheus-puppet-agent-stats]"},{"source":"Class[Prometheus::Node_puppet_agent]","target":"Exec[enable prometheus-puppet-agent-stats]"},{"source":"Stage[main]","target":"Class[Profile::Puppet::Client_bucket]"},{"source":"Class[Profile::Puppet::Client_bucket]","target":"File[/var/lib/puppet/clientbucket]"},{"source":"Class[Profile::Puppet::Client_bucket]","target":"Systemd::Timer::Job[clean_puppet_client_bucket]"},{"source":"Class[Profile::Puppet::Client_bucket]","target":"Nrpe::Plugin[check_client_bucket]"},{"source":"Class[Profile::Puppet::Agent]","target":"Package[ruby-net-ssh]"},{"source":"Class[Profile::Puppet::Agent]","target":"File[/var/lib/puppet]"},{"source":"Class[Profile::Puppet::Agent]","target":"File[/usr/local/share/bash/puppet-common.sh]"},{"source":"Class[Profile::Puppet::Agent]","target":"File[/usr/local/sbin/puppet-run]"},{"source":"Class[Profile::Puppet::Agent]","target":"File[/usr/local/bin/puppet-enabled]"},{"source":"Class[Profile::Puppet::Agent]","target":"File[/usr/local/sbin/disable-puppet]"},{"source":"Class[Profile::Puppet::Agent]","target":"File[/usr/local/sbin/enable-puppet]"},{"source":"Class[Profile::Puppet::Agent]","target":"File[/usr/local/sbin/run-puppet-agent]"},{"source":"Class[Profile::Puppet::Agent]","target":"File[/usr/local/sbin/run-no-puppet]"},{"source":"Class[Profile::Puppet::Agent]","target":"File[/usr/local/sbin/locate-unmanaged]"},{"source":"Class[Profile::Puppet::Agent]","target":"Systemd::Timer::Job[puppet-agent-timer]"},{"source":"Class[Profile::Puppet::Agent]","target":"Logrotate::Rule[puppet]"},{"source":"Class[Profile::Puppet::Agent]","target":"Rsyslog::Conf[puppet-agent]"},{"source":"Class[Profile::Puppet::Agent]","target":"Motd::Script[last-puppet-run]"},{"source":"Stage[main]","target":"Class[Profile::Base::Certificates]"},{"source":"Class[Profile::Base]","target":"Class[Profile::Base::Certificates]"},{"source":"Stage[main]","target":"Class[Sslcert]"},{"source":"Class[Sslcert::Trusted_ca]","target":"Class[Sslcert]"},{"source":"Class[Sslcert]","target":"Package[openssl]"},{"source":"Class[Sslcert]","target":"Package[ssl-cert]"},{"source":"Class[Sslcert]","target":"Package[ca-certificates]"},{"source":"Class[Sslcert]","target":"Exec[update-ca-certificates]"},{"source":"Class[Sslcert]","target":"File[/etc/ssl/localcerts]"},{"source":"Class[Sslcert]","target":"File[/etc/ssl/private]"},{"source":"Class[Sslcert]","target":"File[/usr/local/sbin/x509-bundle]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[wmf_ca_2017_2020]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[RapidSSL_SHA256_CA_-_G3]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[DigiCert_High_Assurance_CA-3]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[DigiCert_SHA2_High_Assurance_Server_CA]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[DigiCert_TLS_RSA_SHA256_2020_CA1]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[DigiCert_TLS_Hybrid_ECC_SHA384_2020_CA1]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[DigiCert_Global_G2_TLS_RSA_SHA256_2020_CA1.crt]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[GlobalSign_Organization_Validation_CA_-_SHA256_-_G2]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[GlobalSign_RSA_OV_SSL_CA_2018.crt]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[GlobalSign_ECC_OV_SSL_CA_2018.crt]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[GlobalSign_ECC_Root_CA_R5_R3_Cross.crt]"},{"source":"Stage[main]","target":"Class[Sslcert::Trusted_ca]"},{"source":"Class[Sslcert::Trusted_ca]","target":"Concat[/etc/ssl/certs/wmf-ca-certificates.crt]"},{"source":"Class[Sslcert::Trusted_ca]","target":"File[/etc/ssl/localcerts/ca.pem]"},{"source":"Class[Sslcert::Trusted_ca]","target":"Concat::Fragment[ssl-ca-/var/lib/puppet/ssl/certs/ca.pem]"},{"source":"Class[Sslcert::Trusted_ca]","target":"File[/etc/ssl/localcerts/WMF_TEST_CA.pem]"},{"source":"Class[Sslcert::Trusted_ca]","target":"Concat::Fragment[ssl-ca-/etc/ssl/certs/WMF_TEST_CA.pem]"},{"source":"Class[Sslcert::Trusted_ca]","target":"Exec[generate trusted_ca]"},{"source":"Class[Profile::Base::Certificates]","target":"Sslcert::Ca[Puppet_Internal_CA]"},{"source":"Stage[main]","target":"Class[Profile::Apt]"},{"source":"Stage[main]","target":"Class[Apt]"},{"source":"Class[Profile::Apt]","target":"Class[Apt]"},{"source":"Class[Apt]","target":"Exec[apt-get update]"},{"source":"Class[Apt]","target":"File[/etc/apt/keyrings]"},{"source":"Class[Apt]","target":"File[/var/lib/apt/keys]"},{"source":"Class[Apt]","target":"Apt::Pin[wikimedia]"},{"source":"Class[Apt]","target":"File[/etc/apt/sources.list]"},{"source":"Class[Apt]","target":"File[/etc/apt/sources.list.d]"},{"source":"Class[Apt]","target":"File[/etc/apt/preferences.d]"},{"source":"Class[Apt]","target":"Apt::Repository[wikimedia]"},{"source":"Class[Apt]","target":"Apt::Repository[wikimedia-private]"},{"source":"Class[Apt]","target":"Apt::Repository[debian-debug]"},{"source":"Class[Apt]","target":"Apt::Conf[InstallRecommends]"},{"source":"Class[Apt]","target":"Apt::Conf[apt-harden]"},{"source":"Class[Apt]","target":"File[/etc/apt/apt.conf]"},{"source":"Class[Apt]","target":"File[/usr/local/sbin/dist-upgrade]"},{"source":"Stage[main]","target":"Class[Profile::Systemd::Timesyncd]"},{"source":"Stage[main]","target":"Class[Systemd::Timesyncd]"},{"source":"Class[Systemd::Timesyncd]","target":"Package[ntp]"},{"source":"Class[Systemd::Timesyncd]","target":"Package[systemd-timesyncd]"},{"source":"Class[Systemd::Timesyncd]","target":"File[/etc/systemd/timesyncd.conf]"},{"source":"Class[Systemd::Timesyncd]","target":"Service[systemd-timesyncd]"},{"source":"Class[Profile::Systemd::Timesyncd]","target":"Systemd::Unit[systemd-timesyncd.service]"},{"source":"Class[Profile::Systemd::Timesyncd]","target":"Systemd::Unit[systemd-timedated.service]"},{"source":"Class[Profile::Systemd::Timesyncd]","target":"Profile::Auto_restarts::Service[systemd-timesyncd]"},{"source":"Stage[main]","target":"Class[Grub::Defaults]"},{"source":"Stage[main]","target":"Class[Grub]"},{"source":"Class[Grub]","target":"Exec[update-grub]"},{"source":"Class[Grub::Defaults]","target":"Augeas[grub2]"},{"source":"Stage[main]","target":"Class[Passwords::Root]"},{"source":"Stage[main]","target":"Class[Network::Constants]"},{"source":"Stage[main]","target":"Class[Profile::Resolving]"},{"source":"Stage[main]","target":"Class[Resolvconf]"},{"source":"Class[Resolvconf]","target":"File[/sbin/resolvconf]"},{"source":"Class[Resolvconf]","target":"File[/etc/dhcp/dhclient-enter-hooks.d]"},{"source":"Class[Resolvconf]","target":"File[/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate]"},{"source":"Class[Resolvconf]","target":"File[/etc/resolv.conf]"},{"source":"Stage[main]","target":"Class[Profile::Mail::Default_mail_relay]"},{"source":"Stage[main]","target":"Class[Exim4]"},{"source":"Class[Exim4]","target":"Package[exim4-config]"},{"source":"Class[Exim4]","target":"Package[exim4-daemon-light]"},{"source":"Class[Exim4]","target":"Service[exim4]"},{"source":"Class[Exim4]","target":"File[/etc/exim4/update-exim4.conf.conf]"},{"source":"Class[Exim4]","target":"File[/etc/default/exim4]"},{"source":"Class[Exim4]","target":"File[/etc/exim4/aliases]"},{"source":"Class[Exim4]","target":"File[/etc/exim4/dkim]"},{"source":"Class[Exim4]","target":"File[/etc/exim4/system_filter]"},{"source":"Class[Exim4]","target":"File[/etc/exim4/exim4.conf]"},{"source":"Class[Exim4]","target":"Logrotate::Conf[exim4-paniclog]"},{"source":"Class[Profile::Mail::Default_mail_relay]","target":"Profile::Auto_restarts::Service[exim4]"},{"source":"Stage[main]","target":"Class[Profile::Logrotate]"},{"source":"Stage[main]","target":"Class[Logrotate]"},{"source":"Class[Logrotate]","target":"Package[logrotate]"},{"source":"Class[Logrotate]","target":"Systemd::Unit[logrotate.timer:hourly-override]"},{"source":"Stage[main]","target":"Class[Profile::Prometheus::Node_exporter]"},{"source":"Stage[main]","target":"Class[Prometheus::Node_exporter]"},{"source":"Class[Prometheus::Node_exporter]","target":"Package[prometheus-node-exporter]"},{"source":"Class[Prometheus::Node_exporter]","target":"File[/etc/default/prometheus-node-exporter]"},{"source":"Class[Prometheus::Node_exporter]","target":"Group[prometheus-node-exporter]"},{"source":"Class[Prometheus::Node_exporter]","target":"File[/var/lib/prometheus/node.d]"},{"source":"Class[Prometheus::Node_exporter]","target":"Base::Service_unit[prometheus-node-exporter]"},{"source":"Class[Prometheus::Node_exporter]","target":"Profile::Auto_restarts::Service[prometheus-node-exporter]"},{"source":"Stage[main]","target":"Class[Profile::Rsyslog]"},{"source":"Stage[main]","target":"Class[Rsyslog]"},{"source":"Class[Rsyslog]","target":"Package[rsyslog]"},{"source":"Class[Rsyslog]","target":"File[/etc/rsyslog.d]"},{"source":"Class[Rsyslog]","target":"Service[rsyslog]"},{"source":"Class[Rsyslog]","target":"File[/etc/rsyslog.d/00-abort-unclean-config.conf]"},{"source":"Class[Rsyslog]","target":"Profile::Auto_restarts::Service[rsyslog]"},{"source":"Class[Rsyslog]","target":"Concat[/etc/rsyslog.d/00-global.conf]"},{"source":"Class[Rsyslog]","target":"Concat::Fragment[/etc/rsyslog.d/00-global.conf-header]"},{"source":"Class[Rsyslog]","target":"Concat::Fragment[/etc/rsyslog.d/00-global.conf-trailer]"},{"source":"Class[main]","target":"Concat::Fragment[/etc/rsyslog.d/00-global.conf-parser.permitSlashInProgramName]"},{"source":"Class[Profile::Rsyslog]","target":"Logrotate::Conf[rsyslog]"},{"source":"Stage[main]","target":"Class[Profile::Syslog::Remote]"},{"source":"Stage[main]","target":"Class[Profile::Prometheus::Rsyslog_exporter]"},{"source":"Class[Profile::Prometheus::Rsyslog_exporter]","target":"Prometheus::Rsyslog_exporter[base]"},{"source":"Stage[main]","target":"Class[Profile::Prometheus::Cadvisor]"},{"source":"Stage[main]","target":"Class[Prometheus::Cadvisor]"},{"source":"Class[Prometheus::Cadvisor]","target":"Package[cadvisor]"},{"source":"Class[Prometheus::Cadvisor]","target":"Systemd::Service[cadvisor]"},{"source":"Stage[main]","target":"Class[Profile::Prometheus::Ethtool_exporter]"},{"source":"Stage[main]","target":"Class[Base::Sysctl]"},{"source":"Class[Base::Sysctl]","target":"Sysctl::Parameters[ubuntu defaults]"},{"source":"Class[Base::Sysctl]","target":"Sysctl::Parameters[wikimedia base]"},{"source":"Class[Base::Sysctl]","target":"Sysctl::Parameters[disable_unprivileged_bpf]"},{"source":"Class[Base::Sysctl]","target":"Sysctl::Parameters[unprivileged_userns_clone]"},{"source":"Class[Base::Sysctl]","target":"Sysctl::Parameters[fastopen]"},{"source":"Class[Base::Sysctl]","target":"Sysctl::Parameters[tcp_min_snd_mss]"},{"source":"Stage[main]","target":"Class[Motd]"},{"source":"Class[Motd]","target":"File[/etc/motd]"},{"source":"Class[Motd]","target":"File[/etc/update-motd.d]"},{"source":"Stage[main]","target":"Class[Motd::Defaults]"},{"source":"Class[Motd::Defaults]","target":"Motd::Script[header]"},{"source":"Class[Motd::Defaults]","target":"Motd::Script[footer]"},{"source":"Class[Profile::Base]","target":"Motd::Script[Check for restarts]"},{"source":"Stage[main]","target":"Class[Base::Standard_packages]"},{"source":"Class[Base::Standard_packages]","target":"Package[acct]"},{"source":"Class[Base::Standard_packages]","target":"Package[byobu]"},{"source":"Class[Base::Standard_packages]","target":"Package[colordiff]"},{"source":"Class[Base::Standard_packages]","target":"Package[curl]"},{"source":"Class[Base::Standard_packages]","target":"Package[debian-goodies]"},{"source":"Class[Base::Standard_packages]","target":"Package[ethtool]"},{"source":"Class[Base::Standard_packages]","target":"Package[gdb]"},{"source":"Class[Base::Standard_packages]","target":"Package[gdisk]"},{"source":"Class[Base::Standard_packages]","target":"Package[git]"},{"source":"Class[Base::Standard_packages]","target":"Package[htop]"},{"source":"Class[Base::Standard_packages]","target":"Package[httpry]"},{"source":"Class[Base::Standard_packages]","target":"Package[iotop]"},{"source":"Class[Base::Standard_packages]","target":"Package[iperf]"},{"source":"Class[Base::Standard_packages]","target":"Package[jq]"},{"source":"Class[Base::Standard_packages]","target":"Package[libtemplate-perl]"},{"source":"Class[Base::Standard_packages]","target":"Package[lldpd]"},{"source":"Class[Base::Standard_packages]","target":"Package[lshw]"},{"source":"Class[Base::Standard_packages]","target":"Package[molly-guard]"},{"source":"Class[Base::Standard_packages]","target":"Package[moreutils]"},{"source":"Class[Base::Standard_packages]","target":"Package[net-tools]"},{"source":"Class[Base::Standard_packages]","target":"Package[numactl]"},{"source":"Class[Base::Standard_packages]","target":"Package[ncdu]"},{"source":"Class[Base::Standard_packages]","target":"Package[ngrep]"},{"source":"Class[Base::Standard_packages]","target":"Package[pigz]"},{"source":"Class[Base::Standard_packages]","target":"Package[psmisc]"},{"source":"Class[Base::Standard_packages]","target":"Package[pv]"},{"source":"Class[Base::Standard_packages]","target":"Package[python3]"},{"source":"Class[Base::Standard_packages]","target":"Package[screen]"},{"source":"Class[Base::Standard_packages]","target":"Package[strace]"},{"source":"Class[Base::Standard_packages]","target":"Package[sysstat]"},{"source":"Class[Base::Standard_packages]","target":"Package[tcpdump]"},{"source":"Class[Base::Standard_packages]","target":"Package[tmux]"},{"source":"Class[Base::Standard_packages]","target":"Package[tree]"},{"source":"Class[Base::Standard_packages]","target":"Package[vim]"},{"source":"Class[Base::Standard_packages]","target":"Package[vim-addon-manager]"},{"source":"Class[Base::Standard_packages]","target":"Package[vim-scripts]"},{"source":"Class[Base::Standard_packages]","target":"Package[wipe]"},{"source":"Class[Base::Standard_packages]","target":"Package[xfsprogs]"},{"source":"Class[Base::Standard_packages]","target":"Package[zsh]"},{"source":"Class[Base::Standard_packages]","target":"Package[icdiff]"},{"source":"Class[Base::Standard_packages]","target":"Package[linux-perf]"},{"source":"Class[Base::Standard_packages]","target":"Package[bsd-mailx]"},{"source":"Class[Base::Standard_packages]","target":"Package[ack]"},{"source":"Class[Base::Standard_packages]","target":"Package[netcat-openbsd]"},{"source":"Class[Base::Standard_packages]","target":"Package[tshark]"},{"source":"Class[Base::Standard_packages]","target":"Package[fzf]"},{"source":"Class[Base::Standard_packages]","target":"Package[ripgrep]"},{"source":"Class[Base::Standard_packages]","target":"Package[fd-find]"},{"source":"Class[Base::Standard_packages]","target":"Package[kitty-terminfo]"},{"source":"Class[Base::Standard_packages]","target":"Package[mtr-tiny]"},{"source":"Class[Base::Standard_packages]","target":"Package[bat]"},{"source":"Class[Base::Standard_packages]","target":"Package[efibootmgr]"},{"source":"Class[Base::Standard_packages]","target":"Package[bind9-dnsutils]"},{"source":"Class[Base::Standard_packages]","target":"Package[tzdata]"},{"source":"Class[Base::Standard_packages]","target":"Package[python3-wmflib]"},{"source":"Class[Base::Standard_packages]","target":"Package[quickstack]"},{"source":"Class[Base::Standard_packages]","target":"Package[dstat]"},{"source":"Class[Base::Standard_packages]","target":"Package[apport]"},{"source":"Class[Base::Standard_packages]","target":"Package[command-not-found]"},{"source":"Class[Base::Standard_packages]","target":"Package[command-not-found-data]"},{"source":"Class[Base::Standard_packages]","target":"Package[ecryptfs-utils]"},{"source":"Class[Base::Standard_packages]","target":"Package[mlocate]"},{"source":"Class[Base::Standard_packages]","target":"Package[os-prober]"},{"source":"Class[Base::Standard_packages]","target":"Package[python3-apport]"},{"source":"Class[Base::Standard_packages]","target":"Package[wpasupplicant]"},{"source":"Class[Base::Standard_packages]","target":"Package[apt-listchanges]"},{"source":"Class[Base::Standard_packages]","target":"Package[atop]"},{"source":"Class[Base::Standard_packages]","target":"Package[libpython2.7]"},{"source":"Class[Base::Standard_packages]","target":"Package[libpython2.7-dev]"},{"source":"Class[Base::Standard_packages]","target":"Package[libpython2.7-minimal]"},{"source":"Class[Base::Standard_packages]","target":"Package[python2.7]"},{"source":"Class[Base::Standard_packages]","target":"Package[libpython2.7-stdlib]"},{"source":"Class[Base::Standard_packages]","target":"Package[python2.7-dev]"},{"source":"Class[Base::Standard_packages]","target":"Package[python2.7-minimal]"},{"source":"Class[Base::Standard_packages]","target":"Package[python2.7-dbg]"},{"source":"Class[Base::Standard_packages]","target":"Package[python2.7-doc]"},{"source":"Class[Base::Standard_packages]","target":"Package[python2.7-examples]"},{"source":"Class[Base::Standard_packages]","target":"Package[libpython2.7-testsuite]"},{"source":"Class[Base::Standard_packages]","target":"Package[libsnmp30]"},{"source":"Class[Base::Standard_packages]","target":"Package[libdns-export1104]"},{"source":"Class[Base::Standard_packages]","target":"Package[libdns1104]"},{"source":"Class[Base::Standard_packages]","target":"Package[libisc-export1100]"},{"source":"Class[Base::Standard_packages]","target":"Package[libisc1100]"},{"source":"Class[Base::Standard_packages]","target":"Package[multiarch-support]"},{"source":"Class[Base::Standard_packages]","target":"Package[libjson-c3]"},{"source":"Class[Base::Standard_packages]","target":"Package[libpython3.7]"},{"source":"Class[Base::Standard_packages]","target":"Package[libpython3.7-minimal]"},{"source":"Class[Base::Standard_packages]","target":"Package[libpython3.7-stdlib]"},{"source":"Class[Base::Standard_packages]","target":"Package[python3.7]"},{"source":"Class[Base::Standard_packages]","target":"Package[python3.7-minimal]"},{"source":"Class[Base::Standard_packages]","target":"Package[libevent-2.1-6]"},{"source":"Class[Base::Standard_packages]","target":"Package[libwireshark11]"},{"source":"Class[Base::Standard_packages]","target":"Package[libwiretap8]"},{"source":"Class[Base::Standard_packages]","target":"Package[libwsutil9]"},{"source":"Class[Base::Standard_packages]","target":"Package[libwscodecs2]"},{"source":"Class[Base::Standard_packages]","target":"Package[libperl5.28]"},{"source":"Class[Base::Standard_packages]","target":"Package[libmpdec2]"},{"source":"Class[Base::Standard_packages]","target":"Package[perl-modules-5.28]"},{"source":"Class[Base::Standard_packages]","target":"Package[libhogweed4]"},{"source":"Class[Base::Standard_packages]","target":"Package[libnettle6]"},{"source":"Class[Base::Standard_packages]","target":"Package[libprocps7]"},{"source":"Class[Base::Standard_packages]","target":"Package[libip6tc0]"},{"source":"Class[Base::Standard_packages]","target":"Package[libip4tc0]"},{"source":"Class[Base::Standard_packages]","target":"Package[libiptc0]"},{"source":"Class[Base::Standard_packages]","target":"Profile::Auto_restarts::Service[lldpd]"},{"source":"Class[Base::Standard_packages]","target":"Profile::Auto_restarts::Service[systemd-journald]"},{"source":"Stage[main]","target":"Class[Profile::Environment]"},{"source":"Class[Profile::Environment]","target":"File[/etc/bash.bashrc]"},{"source":"Class[Profile::Environment]","target":"File[/etc/skel/.bashrc]"},{"source":"Class[Profile::Environment]","target":"File[/etc/skel/.zshrc]"},{"source":"Class[Profile::Environment]","target":"File[/etc/profile.d/field.sh]"},{"source":"Class[Profile::Environment]","target":"File[/etc/zsh/zshenv]"},{"source":"Class[Profile::Environment]","target":"File[/etc/profile.d/systemd-environment.sh]"},{"source":"Class[Profile::Environment]","target":"File[/etc/wikimedia-cluster]"},{"source":"Class[Profile::Environment]","target":"File[/usr/local/bin/gen_fingerprints]"},{"source":"Class[Profile::Environment]","target":"File[/etc/vim/vimrc.local]"},{"source":"Stage[main]","target":"Class[Base::Sysctl::Core_dumps]"},{"source":"Class[Base::Sysctl::Core_dumps]","target":"File[/var/tmp/core]"},{"source":"Class[Base::Sysctl::Core_dumps]","target":"Sysctl::Parameters[core_dumps]"},{"source":"Class[Base::Sysctl::Core_dumps]","target":"Tidy[/var/tmp/core]"},{"source":"Stage[main]","target":"Class[Profile::Ssh::Client]"},{"source":"Stage[main]","target":"Class[Ssh::Client]"},{"source":"Class[Ssh::Client]","target":"Package[openssh-client]"},{"source":"Class[Ssh::Client]","target":"File[/etc/ssh]"},{"source":"Stage[main]","target":"Class[Profile::Ssh::Server]"},{"source":"Class[Profile::Ssh::Server]","target":"Package[python3-ldap]"},{"source":"Class[Profile::Ssh::Server]","target":"File[/usr/sbin/ssh-key-ldap-lookup]"},{"source":"Class[Profile::Ssh::Server]","target":"User[ssh-key-ldap-lookup]"},{"source":"Stage[main]","target":"Class[Ssh::Server]"},{"source":"Class[Ssh::Server]","target":"Package[openssh-server]"},{"source":"Class[Ssh::Server]","target":"Service[ssh]"},{"source":"Class[Ssh::Server]","target":"Profile::Auto_restarts::Service[ssh]"},{"source":"Class[Ssh::Server]","target":"File[/etc/ssh/userkeys]"},{"source":"Class[Ssh::Server]","target":"File[/run/sshd]"},{"source":"Class[Ssh::Server]","target":"File[/etc/ssh/sshd_config]"},{"source":"Stage[main]","target":"Class[Base::Kernel]"},{"source":"Class[Base::Kernel]","target":"Kmod::Blacklist[wmf_overlay]"},{"source":"Class[Base::Kernel]","target":"Kmod::Module[overlay]"},{"source":"Class[Base::Kernel]","target":"Kmod::Blacklist[wmf]"},{"source":"Class[Base::Kernel]","target":"Kmod::Blacklist[wmf-filesystems]"},{"source":"Class[Base::Kernel]","target":"Kmod::Blacklist[wmf-network-schedulers]"},{"source":"Class[Base::Kernel]","target":"File[/usr/local/bin/kernel-purge]"},{"source":"Class[Base::Kernel]","target":"Systemd::Timer::Job[kernel-purge]"},{"source":"Stage[main]","target":"Class[Profile::Debdeploy::Client]"},{"source":"Stage[main]","target":"Class[Debdeploy::Client]"},{"source":"Class[Debdeploy::Client]","target":"Package[debdeploy-client]"},{"source":"Class[Debdeploy::Client]","target":"Package[python3-dateutil]"},{"source":"Class[Debdeploy::Client]","target":"File[/usr/local/bin/apt-upgrade-activity]"},{"source":"Class[Debdeploy::Client]","target":"File[/etc/debdeploy-client]"},{"source":"Class[Debdeploy::Client]","target":"File[/etc/debdeploy-client/config.json]"},{"source":"Class[Debdeploy::Client]","target":"File[/etc/debdeploy-client/autorestarts.conf]"},{"source":"Stage[main]","target":"Class[Base::Initramfs]"},{"source":"Class[Base::Initramfs]","target":"Initramfs::Script[mdadm-sleep]"},{"source":"Stage[main]","target":"Class[Profile::Auto_restarts]"},{"source":"Class[Profile::Auto_restarts]","target":"File[/usr/local/sbin/wmf-auto-restart]"},{"source":"Stage[main]","target":"Class[Prometheus::Node_debian_version]"},{"source":"Class[Prometheus::Node_debian_version]","target":"File[/usr/local/bin/prometheus-debian-version]"},{"source":"Class[Prometheus::Node_debian_version]","target":"Systemd::Timer::Job[prometheus-debian-version-textfile]"},{"source":"Stage[main]","target":"Class[Prometheus::Node_dpkg_success]"},{"source":"Class[Prometheus::Node_dpkg_success]","target":"File[/usr/local/bin/prometheus-dpkg-success]"},{"source":"Class[Prometheus::Node_dpkg_success]","target":"Systemd::Timer::Job[prometheus-dpkg-success-textfile]"},{"source":"Stage[main]","target":"Class[Apt::Unattendedupgrades]"},{"source":"Class[Apt::Unattendedupgrades]","target":"Package[unattended-upgrades]"},{"source":"Class[Apt::Unattendedupgrades]","target":"File[/etc/cron.daily/apt-show-versions]"},{"source":"Class[Apt::Unattendedupgrades]","target":"Package[python3-apt]"},{"source":"Class[Apt::Unattendedupgrades]","target":"Apt::Conf[dpkg-force-confdef]"},{"source":"Class[Apt::Unattendedupgrades]","target":"Apt::Conf[dpkg-force-confold]"},{"source":"Class[Apt::Unattendedupgrades]","target":"Apt::Conf[auto-upgrades]"},{"source":"Class[Apt::Unattendedupgrades]","target":"Apt::Conf[unattended-upgrades-updates]"},{"source":"Class[Apt::Unattendedupgrades]","target":"Apt::Conf[unattended-upgrades-wikimedia]"},{"source":"Class[Apt::Unattendedupgrades]","target":"Apt::Conf[unattended-upgrades-osbpo]"},{"source":"Class[Apt::Unattendedupgrades]","target":"Apt::Conf[apt-autoclean]"},{"source":"Class[Apt::Unattendedupgrades]","target":"File[/usr/local/sbin/report-pending-upgrades]"},{"source":"Class[Apt::Unattendedupgrades]","target":"File[/usr/local/sbin/apt-upgrade]"},{"source":"Class[Profile::Base::Labs]","target":"File[/etc/default/acct]"},{"source":"Class[Profile::Base::Labs]","target":"File[/etc/wikimedia]"},{"source":"Class[Profile::Base::Labs]","target":"File[/etc/default/nfs-common]"},{"source":"Class[Profile::Base::Labs]","target":"File[/usr/local/sbin/notify_maintainers.py]"},{"source":"Class[Profile::Base::Labs]","target":"File[/usr/local/sbin/puppet_alert.py]"},{"source":"Class[Profile::Base::Labs]","target":"Systemd::Timer::Job[send_puppet_failure_emails]"},{"source":"Class[Profile::Base::Labs]","target":"Systemd::Timer::Job[cleanup_puppet_client_bucket]"},{"source":"Stage[main]","target":"Class[Profile::Openstack::Eqiad1::Observerenv]"},{"source":"Stage[main]","target":"Class[Profile::Openstack::Base::Observerenv]"},{"source":"Class[Profile::Openstack::Eqiad1::Observerenv]","target":"Class[Profile::Openstack::Base::Observerenv]"},{"source":"Class[main]","target":"File[/root/.config]"},{"source":"Class[main]","target":"File[/root/.config/openstack]"},{"source":"Class[Profile::Openstack::Base::Observerenv]","target":"Concat[/root/.config/openstack/clouds.yaml]"},{"source":"Class[Profile::Openstack::Base::Observerenv]","target":"Concat::Fragment[root_clouds_file_header]"},{"source":"Class[Profile::Openstack::Base::Observerenv]","target":"File[/etc/openstack]"},{"source":"Class[Profile::Openstack::Base::Observerenv]","target":"Concat[/etc/openstack/clouds.yaml]"},{"source":"Class[Profile::Openstack::Base::Observerenv]","target":"Concat::Fragment[observer_clouds_file_header]"},{"source":"Class[Profile::Openstack::Base::Observerenv]","target":"Openstack::Util::Envscript[novaobserver]"},{"source":"Class[Profile::Openstack::Base::Observerenv]","target":"Openstack::Util::Envscript[ossystemobserver]"},{"source":"Stage[main]","target":"Class[Profile::Openstack::Eqiad1::Clientpackages::Vms]"},{"source":"Stage[main]","target":"Class[Profile::Openstack::Base::Clientpackages::Vms]"},{"source":"Class[Profile::Openstack::Eqiad1::Clientpackages::Vms]","target":"Class[Profile::Openstack::Base::Clientpackages::Vms]"},{"source":"Stage[main]","target":"Class[Openstack::Clientpackages::Vms::Common]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-novaclient]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-glanceclient]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-keystoneauth1]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-keystoneclient]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-openstackclient]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-designateclient]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-neutronclient]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-tenacity]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-troveclient]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"Package[python3-netaddr]"},{"source":"Class[Openstack::Clientpackages::Vms::Common]","target":"File[/usr/lib/python3/dist-packages/mwopenstackclients.py]"},{"source":"Stage[main]","target":"Class[Profile::Openstack::Eqiad1::Cumin::Target]"},{"source":"Stage[main]","target":"Class[Cumin::Selector]"},{"source":"Class[Profile::Openstack::Eqiad1::Cumin::Target]","target":"Ssh::Userkey[root-cumin]"},{"source":"Class[Profile::Openstack::Eqiad1::Cumin::Target]","target":"Firewall::Service[ssh-from-cumin-project-masters]"},{"source":"Class[Profile::Openstack::Eqiad1::Cumin::Target]","target":"File[/usr/local/sbin/reboot-host]"},{"source":"Stage[main]","target":"Class[Profile::Wmcs::Instance]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Package[isc-dhcp-client]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Package[cloud-init]"},{"source":"Stage[main]","target":"Class[Sudo]"},{"source":"Class[Sudo]","target":"Package[sudo]"},{"source":"Class[Sudo]","target":"File[/etc/sudoers]"},{"source":"Class[Sudo]","target":"File[/etc/sudoers.d]"},{"source":"Class[Sudo]","target":"File[/etc/sudoers.d/README]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Ssh::Userkey[root]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Sudo::Group[ops]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/sudoers.d/T205463-disable-sudo-password-prompts]"},{"source":"Stage[main]","target":"Class[Profile::Ldap::Client::Labs]"},{"source":"Stage[main]","target":"Class[Profile::Ldap::Client::Utils]"},{"source":"Stage[main]","target":"Class[Ldap::Client::Config]"},{"source":"Class[Ldap::Client::Config]","target":"File[/etc/ldap]"},{"source":"Class[Ldap::Client::Config]","target":"File[/etc/ldap/ldap.conf]"},{"source":"Class[Profile::Ldap::Client::Utils]","target":"Package[ldap-utils]"},{"source":"Class[Profile::Ldap::Client::Labs]","target":"Security::Access::Config[labs-local]"},{"source":"Class[Profile::Ldap::Client::Labs]","target":"Security::Access::Config[labs-restrict-to-project]"},{"source":"Stage[main]","target":"Class[Ldap::Client::Sssd]"},{"source":"Class[Ldap::Client::Sssd]","target":"File[/etc/ldap.yaml]"},{"source":"Class[Ldap::Client::Sssd]","target":"Exec[pam-auth-enable-mkhomedir]"},{"source":"Class[Ldap::Client::Sssd]","target":"Package[libpam-sss]"},{"source":"Class[Ldap::Client::Sssd]","target":"Package[libnss-sss]"},{"source":"Class[Ldap::Client::Sssd]","target":"Package[libsss-sudo]"},{"source":"Class[Ldap::Client::Sssd]","target":"Package[sssd]"},{"source":"Class[Ldap::Client::Sssd]","target":"File[/etc/nsswitch.conf]"},{"source":"Class[Ldap::Client::Sssd]","target":"File[/etc/sssd/sssd.conf]"},{"source":"Class[Ldap::Client::Sssd]","target":"Service[sssd-nss]"},{"source":"Class[Ldap::Client::Sssd]","target":"Service[sssd-nss.socket]"},{"source":"Class[Ldap::Client::Sssd]","target":"Service[sssd-pam]"},{"source":"Class[Ldap::Client::Sssd]","target":"Service[sssd-pam.socket]"},{"source":"Class[Ldap::Client::Sssd]","target":"Service[sssd-ssh]"},{"source":"Class[Ldap::Client::Sssd]","target":"Service[sssd-ssh.socket]"},{"source":"Class[Ldap::Client::Sssd]","target":"Service[sssd-sudo]"},{"source":"Class[Ldap::Client::Sssd]","target":"Service[sssd-sudo.socket]"},{"source":"Class[Ldap::Client::Sssd]","target":"Systemd::Override[sssd-nss-auto-restart]"},{"source":"Class[Ldap::Client::Sssd]","target":"Service[sssd]"},{"source":"Class[Ldap::Client::Sssd]","target":"File[/etc/ldap.conf]"},{"source":"Class[Ldap::Client::Sssd]","target":"Package[nscd]"},{"source":"Class[Ldap::Client::Sssd]","target":"Package[nslcd]"},{"source":"Class[Ldap::Client::Sssd]","target":"Package[sudo-ldap]"},{"source":"Class[Ldap::Client::Sssd]","target":"File[/etc/nscd.conf]"},{"source":"Class[Ldap::Client::Sssd]","target":"File[/etc/nslcd.conf]"},{"source":"Class[Ldap::Client::Sssd]","target":"File[/etc/sudo-ldap.conf]"},{"source":"Class[Profile::Ldap::Client::Labs]","target":"Package[libpam-ldapd]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/wmcs-instancename]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/wmcs-project]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/wmflabs-project]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/wmflabs-instancename]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/wmcs-imageversion]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/mailname]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Exec[enable_sites_local]"},{"source":"Stage[main]","target":"Class[Prometheus::Node_ssh_open_sessions]"},{"source":"Class[Prometheus::Node_ssh_open_sessions]","target":"File[/usr/local/bin/prometheus-ssh_open_sessions]"},{"source":"Class[Prometheus::Node_ssh_open_sessions]","target":"Systemd::Timer::Job[prometheus_ssh_open_sessions]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/root/firstboot_done]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Exec[cloud-init refresh /etc/hosts]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/cloud]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/cloud/templates]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/cloud/templates/hosts.debian.tmpl]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/sudoers.d/90-cloud-init-users]"},{"source":"Class[Profile::Wmcs::Instance]","target":"File[/etc/sudoers.d/debian-cloud-init]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Package[smartmontools]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Exec[reset-failed for smartmontools]"},{"source":"Stage[main]","target":"Class[Cinderutils]"},{"source":"Class[Cinderutils]","target":"File[/usr/local/sbin/wmcs-prepare-cinder-volume]"},{"source":"Class[Cinderutils]","target":"File[/usr/local/sbin/prepare_cinder_volume]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Firewall::Service[metricsinfra-prometheus-all-tcp]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Firewall::Service[metricsinfra-prometheus-all-udp]"},{"source":"Class[Profile::Wmcs::Instance]","target":"Firewall::Service[dhcp6-response]"},{"source":"Stage[main]","target":"Class[Profile::Beta::Motd]"},{"source":"Stage[main]","target":"Class[Profile::Locales::Base]"},{"source":"Stage[main]","target":"Class[Profile::Pki::Client]"},{"source":"Stage[main]","target":"Class[Profile::Rsyslog::Kafka_shipper]"},{"source":"Stage[main]","target":"Class[Role::Cache::Text]"},{"source":"Stage[main]","target":"Class[Systemd]"},{"source":"Class[Systemd]","target":"File[/etc/sysusers.d]"},{"source":"Class[Systemd]","target":"Exec[Refresh sysusers]"},{"source":"Class[Systemd]","target":"Nrpe::Plugin[check_journal_pattern]"},{"source":"Class[Systemd]","target":"File[/usr/local/bin/systemd-timer-mail-wrapper]"},{"source":"Systemd::Sysuser[sysusers-base-config]","target":"File[/etc/sysusers.d/sysusers-base-config.conf]"},{"source":"Apt::Package_from_component[puppet]","target":"Apt::Repository[component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"},{"source":"Apt::Package_from_component[puppet]","target":"Exec[apt_package_from_component_puppet]"},{"source":"Apt::Package_from_component[puppet]","target":"Apt::Pin[apt_pin_puppet]"},{"source":"Apt::Package_from_component[ruby-sys-filesystem]","target":"Exec[apt_package_from_component_ruby-sys-filesystem]"},{"source":"Apt::Package_from_component[ruby-sys-filesystem]","target":"Package[ruby-sys-filesystem]"},{"source":"Concat[/etc/puppet/puppet.conf]","target":"Concat_file[/etc/puppet/puppet.conf]"},{"source":"Concat::Fragment[main]","target":"Concat_fragment[main]"},{"source":"Systemd::Timer::Job[prometheus_puppet_agent_stats]","target":"Systemd::Unit[prometheus_puppet_agent_stats.service]"},{"source":"Systemd::Timer::Job[prometheus_puppet_agent_stats]","target":"Systemd::Timer[prometheus_puppet_agent_stats]"},{"source":"Systemd::Timer::Job[prometheus_puppet_agent_stats]","target":"Systemd::Syslog[prometheus_puppet_agent_stats]"},{"source":"Systemd::Unit[prometheus-puppet-agent-stats]","target":"File[/lib/systemd/system/prometheus-puppet-agent-stats.service]"},{"source":"Systemd::Unit[prometheus-puppet-agent-stats]","target":"Exec[systemd daemon-reload for prometheus-puppet-agent-stats.service (prometheus-puppet-agent-stats)]"},{"source":"Systemd::Timer::Job[clean_puppet_client_bucket]","target":"Systemd::Unit[clean_puppet_client_bucket.service]"},{"source":"Systemd::Timer::Job[clean_puppet_client_bucket]","target":"Systemd::Timer[clean_puppet_client_bucket]"},{"source":"Systemd::Timer::Job[puppet-agent-timer]","target":"Systemd::Unit[puppet-agent-timer.service]"},{"source":"Systemd::Timer::Job[puppet-agent-timer]","target":"Systemd::Timer[puppet-agent-timer]"},{"source":"Systemd::Timer::Job[puppet-agent-timer]","target":"Systemd::Syslog[puppet-agent-timer]"},{"source":"Logrotate::Rule[puppet]","target":"Logrotate::Conf[puppet]"},{"source":"Rsyslog::Conf[puppet-agent]","target":"File[/etc/rsyslog.d/10-puppet-agent.conf]"},{"source":"Motd::Script[last-puppet-run]","target":"File[/etc/update-motd.d/97-last-puppet-run]"},{"source":"Sslcert::Ca[wmf_ca_2017_2020]","target":"File[/usr/local/share/ca-certificates/wmf_ca_2017_2020.crt]"},{"source":"Sslcert::Ca[RapidSSL_SHA256_CA_-_G3]","target":"File[/usr/local/share/ca-certificates/RapidSSL_SHA256_CA_-_G3.crt]"},{"source":"Sslcert::Ca[DigiCert_High_Assurance_CA-3]","target":"File[/usr/local/share/ca-certificates/DigiCert_High_Assurance_CA-3.crt]"},{"source":"Sslcert::Ca[DigiCert_SHA2_High_Assurance_Server_CA]","target":"File[/usr/local/share/ca-certificates/DigiCert_SHA2_High_Assurance_Server_CA.crt]"},{"source":"Sslcert::Ca[DigiCert_TLS_RSA_SHA256_2020_CA1]","target":"File[/usr/local/share/ca-certificates/DigiCert_TLS_RSA_SHA256_2020_CA1.crt]"},{"source":"Sslcert::Ca[DigiCert_TLS_Hybrid_ECC_SHA384_2020_CA1]","target":"File[/usr/local/share/ca-certificates/DigiCert_TLS_Hybrid_ECC_SHA384_2020_CA1.crt]"},{"source":"Sslcert::Ca[DigiCert_Global_G2_TLS_RSA_SHA256_2020_CA1.crt]","target":"File[/usr/local/share/ca-certificates/DigiCert_Global_G2_TLS_RSA_SHA256_2020_CA1.crt.crt]"},{"source":"Sslcert::Ca[GlobalSign_Organization_Validation_CA_-_SHA256_-_G2]","target":"File[/usr/local/share/ca-certificates/GlobalSign_Organization_Validation_CA_-_SHA256_-_G2.crt]"},{"source":"Sslcert::Ca[GlobalSign_RSA_OV_SSL_CA_2018.crt]","target":"File[/usr/local/share/ca-certificates/GlobalSign_RSA_OV_SSL_CA_2018.crt.crt]"},{"source":"Sslcert::Ca[GlobalSign_ECC_OV_SSL_CA_2018.crt]","target":"File[/usr/local/share/ca-certificates/GlobalSign_ECC_OV_SSL_CA_2018.crt.crt]"},{"source":"Sslcert::Ca[GlobalSign_ECC_Root_CA_R5_R3_Cross.crt]","target":"File[/usr/local/share/ca-certificates/GlobalSign_ECC_Root_CA_R5_R3_Cross.crt.crt]"},{"source":"Concat[/etc/ssl/certs/wmf-ca-certificates.crt]","target":"Concat_file[/etc/ssl/certs/wmf-ca-certificates.crt]"},{"source":"Concat::Fragment[ssl-ca-/var/lib/puppet/ssl/certs/ca.pem]","target":"Concat_fragment[ssl-ca-/var/lib/puppet/ssl/certs/ca.pem]"},{"source":"Concat::Fragment[ssl-ca-/etc/ssl/certs/WMF_TEST_CA.pem]","target":"Concat_fragment[ssl-ca-/etc/ssl/certs/WMF_TEST_CA.pem]"},{"source":"Sslcert::Ca[Puppet_Internal_CA]","target":"File[/usr/local/share/ca-certificates/Puppet_Internal_CA.crt]"},{"source":"Apt::Pin[wikimedia]","target":"Exec[apt_pin_wikimedia]"},{"source":"Apt::Pin[wikimedia]","target":"File[/etc/apt/preferences.d/wikimedia.pref]"},{"source":"Apt::Repository[wikimedia]","target":"Exec[apt_repository_wikimedia]"},{"source":"Apt::Repository[wikimedia]","target":"File[/etc/apt/sources.list.d/wikimedia.list]"},{"source":"Apt::Repository[wikimedia-private]","target":"Exec[apt_repository_wikimedia-private]"},{"source":"Apt::Repository[wikimedia-private]","target":"File[/etc/apt/sources.list.d/wikimedia-private.list]"},{"source":"Apt::Repository[debian-debug]","target":"Exec[apt_repository_debian-debug]"},{"source":"Apt::Repository[debian-debug]","target":"File[/etc/apt/sources.list.d/debian-debug.list]"},{"source":"Apt::Conf[InstallRecommends]","target":"File[/etc/apt/apt.conf.d/00InstallRecommends]"},{"source":"Apt::Conf[apt-harden]","target":"File[/etc/apt/apt.conf.d/30apt-harden]"},{"source":"Systemd::Unit[systemd-timesyncd.service]","target":"File[/etc/systemd/system/systemd-timesyncd.service.d]"},{"source":"Systemd::Unit[systemd-timesyncd.service]","target":"File[/etc/systemd/system/systemd-timesyncd.service.d/puppet-override.conf]"},{"source":"Systemd::Unit[systemd-timesyncd.service]","target":"Exec[systemd daemon-reload for systemd-timesyncd.service (systemd-timesyncd.service)]"},{"source":"Systemd::Unit[systemd-timedated.service]","target":"File[/etc/systemd/system/systemd-timedated.service.d]"},{"source":"Systemd::Unit[systemd-timedated.service]","target":"File[/etc/systemd/system/systemd-timedated.service.d/puppet-override.conf]"},{"source":"Systemd::Unit[systemd-timedated.service]","target":"Exec[systemd daemon-reload for systemd-timedated.service (systemd-timedated.service)]"},{"source":"Profile::Auto_restarts::Service[systemd-timesyncd]","target":"Systemd::Timer::Job[wmf_auto_restart_systemd-timesyncd]"},{"source":"Logrotate::Conf[exim4-paniclog]","target":"File[/etc/logrotate.d/exim4-paniclog]"},{"source":"Profile::Auto_restarts::Service[exim4]","target":"Systemd::Timer::Job[wmf_auto_restart_exim4]"},{"source":"Systemd::Unit[logrotate.timer:hourly-override]","target":"File[/etc/systemd/system/logrotate.timer.d/puppet-override.conf]"},{"source":"Systemd::Unit[logrotate.timer:hourly-override]","target":"Exec[systemd daemon-reload for logrotate.timer (logrotate.timer:hourly-override)]"},{"source":"Base::Service_unit[prometheus-node-exporter]","target":"File[/etc/systemd/system/prometheus-node-exporter.service.d]"},{"source":"Base::Service_unit[prometheus-node-exporter]","target":"File[/etc/systemd/system/prometheus-node-exporter.service.d/puppet-override.conf]"},{"source":"Base::Service_unit[prometheus-node-exporter]","target":"Exec[systemd reload for prometheus-node-exporter]"},{"source":"Base::Service_unit[prometheus-node-exporter]","target":"Service[prometheus-node-exporter]"},{"source":"Profile::Auto_restarts::Service[prometheus-node-exporter]","target":"Systemd::Timer::Job[wmf_auto_restart_prometheus-node-exporter]"},{"source":"Profile::Auto_restarts::Service[rsyslog]","target":"Systemd::Timer::Job[wmf_auto_restart_rsyslog]"},{"source":"Concat[/etc/rsyslog.d/00-global.conf]","target":"Concat_file[/etc/rsyslog.d/00-global.conf]"},{"source":"Concat::Fragment[/etc/rsyslog.d/00-global.conf-header]","target":"Concat_fragment[/etc/rsyslog.d/00-global.conf-header]"},{"source":"Concat::Fragment[/etc/rsyslog.d/00-global.conf-trailer]","target":"Concat_fragment[/etc/rsyslog.d/00-global.conf-trailer]"},{"source":"Concat::Fragment[/etc/rsyslog.d/00-global.conf-parser.permitSlashInProgramName]","target":"Concat_fragment[/etc/rsyslog.d/00-global.conf-parser.permitSlashInProgramName]"},{"source":"Logrotate::Conf[rsyslog]","target":"File[/etc/logrotate.d/rsyslog]"},{"source":"Prometheus::Rsyslog_exporter[base]","target":"Package[prometheus-rsyslog-exporter]"},{"source":"Prometheus::Rsyslog_exporter[base]","target":"Rsyslog::Conf[exporter-base]"},{"source":"Prometheus::Rsyslog_exporter[base]","target":"Rsyslog::Conf[exporter]"},{"source":"Systemd::Service[cadvisor]","target":"Service[cadvisor]"},{"source":"Systemd::Service[cadvisor]","target":"Systemd::Unit[cadvisor]"},{"source":"Sysctl::Parameters[ubuntu defaults]","target":"Sysctl::Conffile[ubuntu defaults]"},{"source":"Sysctl::Parameters[wikimedia base]","target":"Sysctl::Conffile[wikimedia base]"},{"source":"Sysctl::Parameters[disable_unprivileged_bpf]","target":"Sysctl::Conffile[disable_unprivileged_bpf]"},{"source":"Sysctl::Parameters[unprivileged_userns_clone]","target":"Sysctl::Conffile[unprivileged_userns_clone]"},{"source":"Sysctl::Parameters[fastopen]","target":"Sysctl::Conffile[fastopen]"},{"source":"Sysctl::Parameters[tcp_min_snd_mss]","target":"Sysctl::Conffile[tcp_min_snd_mss]"},{"source":"Motd::Script[header]","target":"File[/etc/update-motd.d/00-header]"},{"source":"Motd::Script[footer]","target":"File[/etc/update-motd.d/99-footer]"},{"source":"Motd::Script[Check for restarts]","target":"File[/etc/update-motd.d/99-check-for-restarts]"},{"source":"Profile::Auto_restarts::Service[lldpd]","target":"Systemd::Timer::Job[wmf_auto_restart_lldpd]"},{"source":"Profile::Auto_restarts::Service[systemd-journald]","target":"Systemd::Timer::Job[wmf_auto_restart_systemd-journald]"},{"source":"Sysctl::Parameters[core_dumps]","target":"Sysctl::Conffile[core_dumps]"},{"source":"Profile::Auto_restarts::Service[ssh]","target":"Systemd::Timer::Job[wmf_auto_restart_ssh]"},{"source":"Kmod::Blacklist[wmf_overlay]","target":"File[/etc/modprobe.d/blacklist-wmf_overlay.conf]"},{"source":"Kmod::Module[overlay]","target":"File[/etc/modules-load.d/overlay.conf]"},{"source":"Kmod::Module[overlay]","target":"Exec[/sbin/modprobe overlay]"},{"source":"Kmod::Blacklist[wmf]","target":"File[/etc/modprobe.d/blacklist-wmf.conf]"},{"source":"Kmod::Blacklist[wmf-filesystems]","target":"File[/etc/modprobe.d/blacklist-wmf-filesystems.conf]"},{"source":"Kmod::Blacklist[wmf-network-schedulers]","target":"File[/etc/modprobe.d/blacklist-wmf-network-schedulers.conf]"},{"source":"Systemd::Timer::Job[kernel-purge]","target":"Systemd::Unit[kernel-purge.service]"},{"source":"Systemd::Timer::Job[kernel-purge]","target":"Systemd::Timer[kernel-purge]"},{"source":"Systemd::Timer::Job[kernel-purge]","target":"Systemd::Syslog[kernel-purge]"},{"source":"Stage[main]","target":"Class[Initramfs]"},{"source":"Class[Initramfs]","target":"Package[initramfs-tools]"},{"source":"Class[Initramfs]","target":"Exec[update-initramfs]"},{"source":"Initramfs::Script[mdadm-sleep]","target":"File[/etc/initramfs-tools/scripts/init-premount/mdadm-sleep]"},{"source":"Systemd::Timer::Job[prometheus-debian-version-textfile]","target":"Systemd::Unit[prometheus-debian-version-textfile.service]"},{"source":"Systemd::Timer::Job[prometheus-debian-version-textfile]","target":"Systemd::Timer[prometheus-debian-version-textfile]"},{"source":"Systemd::Timer::Job[prometheus-dpkg-success-textfile]","target":"Systemd::Unit[prometheus-dpkg-success-textfile.service]"},{"source":"Systemd::Timer::Job[prometheus-dpkg-success-textfile]","target":"Systemd::Timer[prometheus-dpkg-success-textfile]"},{"source":"Apt::Conf[dpkg-force-confdef]","target":"File[/etc/apt/apt.conf.d/00dpkg-force-confdef]"},{"source":"Apt::Conf[dpkg-force-confold]","target":"File[/etc/apt/apt.conf.d/00dpkg-force-confold]"},{"source":"Apt::Conf[auto-upgrades]","target":"File[/etc/apt/apt.conf.d/20auto-upgrades]"},{"source":"Apt::Conf[unattended-upgrades-updates]","target":"File[/etc/apt/apt.conf.d/52unattended-upgrades-updates]"},{"source":"Apt::Conf[unattended-upgrades-wikimedia]","target":"File[/etc/apt/apt.conf.d/51unattended-upgrades-wikimedia]"},{"source":"Apt::Conf[unattended-upgrades-osbpo]","target":"File[/etc/apt/apt.conf.d/52unattended-upgrades-osbpo]"},{"source":"Apt::Conf[apt-autoclean]","target":"File[/etc/apt/apt.conf.d/52apt-autoclean]"},{"source":"Systemd::Timer::Job[send_puppet_failure_emails]","target":"Systemd::Unit[send_puppet_failure_emails.service]"},{"source":"Systemd::Timer::Job[send_puppet_failure_emails]","target":"Systemd::Timer[send_puppet_failure_emails]"},{"source":"Systemd::Timer::Job[cleanup_puppet_client_bucket]","target":"Systemd::Unit[cleanup_puppet_client_bucket.service]"},{"source":"Systemd::Timer::Job[cleanup_puppet_client_bucket]","target":"Systemd::Timer[cleanup_puppet_client_bucket]"},{"source":"Concat[/root/.config/openstack/clouds.yaml]","target":"Concat_file[/root/.config/openstack/clouds.yaml]"},{"source":"Concat::Fragment[root_clouds_file_header]","target":"Concat_fragment[root_clouds_file_header]"},{"source":"Concat[/etc/openstack/clouds.yaml]","target":"Concat_file[/etc/openstack/clouds.yaml]"},{"source":"Concat::Fragment[observer_clouds_file_header]","target":"Concat_fragment[observer_clouds_file_header]"},{"source":"Openstack::Util::Envscript[novaobserver]","target":"Concat::Fragment[/etc/openstack/clouds.yaml_novaobserver]"},{"source":"Openstack::Util::Envscript[novaobserver]","target":"Concat::Fragment[/root/.config/openstack/clouds.yaml_novaobserver]"},{"source":"Openstack::Util::Envscript[novaobserver]","target":"File[/etc/novaobserver.yaml]"},{"source":"Openstack::Util::Envscript[novaobserver]","target":"File[/usr/local/bin/observerenv.sh]"},{"source":"Openstack::Util::Envscript[ossystemobserver]","target":"Concat::Fragment[/etc/openstack/clouds.yaml_ossystemobserver]"},{"source":"Openstack::Util::Envscript[ossystemobserver]","target":"Concat::Fragment[/root/.config/openstack/clouds.yaml_ossystemobserver]"},{"source":"Openstack::Util::Envscript[ossystemobserver]","target":"File[/etc/ossystemobserver.yaml]"},{"source":"Openstack::Util::Envscript[ossystemobserver]","target":"File[/usr/local/bin/osobserverenv.sh]"},{"source":"Ssh::Userkey[root-cumin]","target":"File[/etc/ssh/userkeys/root.d/]"},{"source":"Ssh::Userkey[root-cumin]","target":"File[/etc/ssh/userkeys/root.d/cumin]"},{"source":"Firewall::Service[ssh-from-cumin-project-masters]","target":"Ferm::Service[ssh_from_cumin_project_masters]"},{"source":"Firewall::Service[ssh-from-cumin-project-masters]","target":"Nftables::Service[ssh-from-cumin-project-masters]"},{"source":"Ssh::Userkey[root]","target":"File[/etc/ssh/userkeys/root]"},{"source":"Sudo::Group[ops]","target":"File[/etc/sudoers.d/ops]"},{"source":"Stage[main]","target":"Class[Security::Access]"},{"source":"Class[Security::Access]","target":"Concat[/etc/security/access.conf]"},{"source":"Class[Security::Access]","target":"File[/etc/security/access.conf.d]"},{"source":"Class[Security::Access]","target":"Security::Pam::Config[local-pam-access]"},{"source":"Security::Access::Config[labs-local]","target":"Concat::Fragment[security-access-labs-local]"},{"source":"Security::Access::Config[labs-restrict-to-project]","target":"Concat::Fragment[security-access-labs-restrict-to-project]"},{"source":"Systemd::Override[sssd-nss-auto-restart]","target":"Systemd::Unit[sssd-nss.service-sssd-nss-auto-restart]"},{"source":"Systemd::Timer::Job[prometheus_ssh_open_sessions]","target":"Systemd::Unit[prometheus_ssh_open_sessions.service]"},{"source":"Systemd::Timer::Job[prometheus_ssh_open_sessions]","target":"Systemd::Timer[prometheus_ssh_open_sessions]"},{"source":"Systemd::Timer::Job[prometheus_ssh_open_sessions]","target":"Systemd::Syslog[prometheus_ssh_open_sessions]"},{"source":"Firewall::Service[metricsinfra-prometheus-all-tcp]","target":"Ferm::Service[metricsinfra_prometheus_all_tcp]"},{"source":"Firewall::Service[metricsinfra-prometheus-all-tcp]","target":"Nftables::Service[metricsinfra-prometheus-all-tcp]"},{"source":"Firewall::Service[metricsinfra-prometheus-all-udp]","target":"Ferm::Service[metricsinfra_prometheus_all_udp]"},{"source":"Firewall::Service[metricsinfra-prometheus-all-udp]","target":"Nftables::Service[metricsinfra-prometheus-all-udp]"},{"source":"Firewall::Service[dhcp6-response]","target":"Ferm::Service[dhcp6_response]"},{"source":"Firewall::Service[dhcp6-response]","target":"Nftables::Service[dhcp6-response]"},{"source":"Class[Profile::Beta::Motd]","target":"Motd::Script[beta_warning_and_terms]"},{"source":"Class[Profile::Locales::Base]","target":"File_line[locale-en_US.UTF-8]"},{"source":"Class[Profile::Locales::Base]","target":"Exec[base-locale-gen]"},{"source":"Class[Profile::Pki::Client]","target":"File[/etc/ssl/certs/WMF_TEST_CA.pem]"},{"source":"Class[Profile::Pki::Client]","target":"File[/etc/ssl/localcerts/pki_api_CA.pem]"},{"source":"Class[Profile::Pki::Client]","target":"Concat[/etc/cfssl/mutual_tls_client_cert.pem]"},{"source":"Class[Profile::Pki::Client]","target":"Concat::Fragment[mtls_client_cert_leaf]"},{"source":"Class[Profile::Pki::Client]","target":"Concat::Fragment[mtls_client_cert_chain]"},{"source":"Stage[main]","target":"Class[Cfssl::Client]"},{"source":"Stage[main]","target":"Class[Cfssl]"},{"source":"Class[Cfssl]","target":"Package[golang-cfssl]"},{"source":"Class[Cfssl]","target":"File[/etc/cfssl]"},{"source":"Class[Cfssl]","target":"File[/usr/local/share/cfssl]"},{"source":"Class[Cfssl]","target":"File[/etc/cfssl/signers]"},{"source":"Class[Cfssl]","target":"File[/etc/cfssl/csr]"},{"source":"Class[Cfssl]","target":"File[/etc/cfssl/ssl]"},{"source":"Class[Cfssl]","target":"File[/etc/cfssl/ocsp]"},{"source":"Class[Cfssl]","target":"File[/etc/cfssl/ssl/bundles]"},{"source":"Class[Cfssl]","target":"File[/usr/local/share/cfssl/sqlite_initdb.sql]"},{"source":"Class[Cfssl]","target":"File[/usr/local/share/cfssl/mysql_initdb.sql]"},{"source":"Class[Cfssl::Client]","target":"Cfssl::Config[client-cfssl]"},{"source":"Class[Cfssl::Client]","target":"File[/usr/local/sbin/cfssl-client]"},{"source":"Class[Cfssl::Client]","target":"Systemd::Service[cfssl-serve@proxy-client]"},{"source":"Class[Profile::Rsyslog::Kafka_shipper]","target":"Package[rsyslog-kafka]"},{"source":"Class[Profile::Rsyslog::Kafka_shipper]","target":"File[/etc/rsyslog.lookup.d]"},{"source":"Class[Profile::Rsyslog::Kafka_shipper]","target":"File[/etc/rsyslog.lookup.d/lookup_table_output.json]"},{"source":"Class[main]","target":"Concat::Fragment[/etc/rsyslog.d/00-global.conf-maxMessageSize]"},{"source":"Class[Profile::Rsyslog::Kafka_shipper]","target":"Rsyslog::Conf[lookup_output]"},{"source":"Class[Profile::Rsyslog::Kafka_shipper]","target":"Rsyslog::Conf[template_syslog_json]"},{"source":"Class[Profile::Rsyslog::Kafka_shipper]","target":"Rsyslog::Conf[output_kafka]"},{"source":"Class[Profile::Rsyslog::Kafka_shipper]","target":"Rsyslog::Conf[output_local]"},{"source":"Stage[main]","target":"Class[Profile::Base::Production]"},{"source":"Stage[main]","target":"Class[Profile::Cache::Base]"},{"source":"Class[Profile::Cache::Base]","target":"Apt::Package_from_component[lshw-backport]"},{"source":"Stage[main]","target":"Class[Profile::Conftool::Client]"},{"source":"Class[Profile::Conftool::Client]","target":"Package[python3-conftool]"},{"source":"Stage[main]","target":"Class[Passwords::Etcd]"},{"source":"Stage[main]","target":"Class[Etcd::Client::Globalconfig]"},{"source":"Class[Etcd::Client::Globalconfig]","target":"File[/etc/etcd]"},{"source":"Class[Etcd::Client::Globalconfig]","target":"Etcd::Client::Config[/etc/etcd/etcdrc]"},{"source":"Class[Profile::Conftool::Client]","target":"Etcd::Client::Config[/root/.etcdrc]"},{"source":"Stage[main]","target":"Class[Conftool::Config]"},{"source":"Class[Conftool::Config]","target":"File[/etc/conftool]"},{"source":"Class[Conftool::Config]","target":"File[/etc/conftool/config.yaml]"},{"source":"Class[Profile::Conftool::Client]","target":"File[/etc/conftool/schema.yaml]"},{"source":"Class[Profile::Conftool::Client]","target":"File[/etc/conftool/json-schema/]"},{"source":"Stage[main]","target":"Class[Profile::Base::Systemd]"},{"source":"Stage[main]","target":"Class[Systemd::Config]"},{"source":"Class[Systemd::Config]","target":"File[/etc/systemd/system.conf]"},{"source":"Stage[main]","target":"Class[Profile::Cache::Kafka::Webrequest]"},{"source":"Stage[main]","target":"Class[Profile::Cache::Kafka::Certificate]"},{"source":"Class[main]","target":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]"},{"source":"Class[Profile::Cache::Kafka::Webrequest]","target":"Varnishkafka::Instance[webrequest]"},{"source":"Stage[main]","target":"Class[Profile::Prometheus::Varnishkafka_exporter]"},{"source":"Stage[main]","target":"Class[Prometheus::Varnishkafka_exporter]"},{"source":"Class[Prometheus::Varnishkafka_exporter]","target":"Package[prometheus-varnishkafka-exporter]"},{"source":"Class[Prometheus::Varnishkafka_exporter]","target":"File[/etc/prometheus-varnishkafka-exporter.yaml]"},{"source":"Class[Prometheus::Varnishkafka_exporter]","target":"Service[prometheus-varnishkafka-exporter]"},{"source":"Class[Prometheus::Varnishkafka_exporter]","target":"Profile::Auto_restarts::Service[prometheus-varnishkafka-exporter]"},{"source":"Stage[main]","target":"Class[Profile::Cache::Purge]"},{"source":"Class[Profile::Cache::Purge]","target":"File[/etc/purged]"},{"source":"Class[Profile::Cache::Purge]","target":"File[/etc/purged/ssl]"},{"source":"Class[Profile::Cache::Purge]","target":"File[/etc/purged/ssl/private]"},{"source":"Class[main]","target":"Cfssl::Cert[discovery2026__purged]"},{"source":"Stage[main]","target":"Class[Purged]"},{"source":"Class[Purged]","target":"Package[purged]"},{"source":"Class[Purged]","target":"File[/etc/purged/purged-kafka.conf]"},{"source":"Class[Purged]","target":"Systemd::Service[purged]"},{"source":"Class[Purged]","target":"Profile::Auto_restarts::Service[purged]"},{"source":"Class[Profile::Cache::Base]","target":"Kmod::Blacklist[cp-bl]"},{"source":"Stage[main]","target":"Class[Conftool::Scripts]"},{"source":"Class[Conftool::Scripts]","target":"File[/usr/local/bin/pooler-loop]"},{"source":"Class[Conftool::Scripts]","target":"File[/usr/local/bin/pool]"},{"source":"Class[Conftool::Scripts]","target":"File[/usr/local/bin/depool]"},{"source":"Class[Conftool::Scripts]","target":"File[/usr/local/bin/drain]"},{"source":"Class[Conftool::Scripts]","target":"File[/usr/local/bin/decommission]"},{"source":"Class[Conftool::Scripts]","target":"File[/usr/local/bin/safe-service-restart]"},{"source":"Class[Conftool::Scripts]","target":"File[/usr/local/bin/ispooled]"},{"source":"Stage[main]","target":"Class[Geoip]"},{"source":"Stage[main]","target":"Class[Geoip::Bin]"},{"source":"Class[Geoip::Bin]","target":"Package[geoip-bin]"},{"source":"Class[Geoip::Bin]","target":"Package[mmdb-bin]"},{"source":"Stage[main]","target":"Class[Geoip::Dev]"},{"source":"Class[Geoip::Dev]","target":"Package[libgeoip-dev]"},{"source":"Class[Geoip::Dev]","target":"Package[libmaxminddb-dev]"},{"source":"Stage[main]","target":"Class[Varnish::Common]"},{"source":"Class[Varnish::Common]","target":"File[/usr/local/sbin/reload-vcl]"},{"source":"Class[Varnish::Common]","target":"File[/usr/local/sbin/varnish-frontend-restart]"},{"source":"Class[Varnish::Common]","target":"File[/usr/local/bin/vlogdump]"},{"source":"Class[Varnish::Common]","target":"Nrpe::Plugin[check_varnish_uds]"},{"source":"Stage[main]","target":"Class[Varnish::Common::Errorpage]"},{"source":"Class[Varnish::Common::Errorpage]","target":"File[/etc/varnish/errorpage.inc.vcl]"},{"source":"Stage[main]","target":"Class[Varnish::Common::Browsersec]"},{"source":"Class[Varnish::Common::Browsersec]","target":"File[/etc/varnish/browsersec.inc.vcl]"},{"source":"Stage[main]","target":"Class[Varnish::Netmapper_update_common]"},{"source":"Class[Varnish::Netmapper_update_common]","target":"Group[netmap]"},{"source":"Class[Varnish::Netmapper_update_common]","target":"User[netmap]"},{"source":"Class[Varnish::Netmapper_update_common]","target":"File[/var/netmapper]"},{"source":"Stage[main]","target":"Class[Varnish::Logging]"},{"source":"Class[Varnish::Logging]","target":"Package[python3-logstash]"},{"source":"Class[Varnish::Logging]","target":"Rsyslog::Conf[varnish]"},{"source":"Class[Varnish::Logging]","target":"Rsyslog::Conf[varnish_pipeline]"},{"source":"Class[Varnish::Logging]","target":"Exec[mask_default_mtail]"},{"source":"Class[Varnish::Logging]","target":"File[/usr/local/bin/varnishmtail-wrapper]"},{"source":"Class[Varnish::Logging]","target":"Varnish::Logging::Mtail[default]"},{"source":"Class[Varnish::Logging]","target":"Varnish::Logging::Mtail[internal]"},{"source":"Class[Varnish::Logging]","target":"File[/usr/local/lib/python3.9/dist-packages/wikimedia_varnishlogconsumer.py]"},{"source":"Class[Varnish::Logging]","target":"File[/usr/local/bin/varnishslowlog]"},{"source":"Class[Varnish::Logging]","target":"File[/usr/local/bin/varnishospital]"},{"source":"Class[Varnish::Logging]","target":"File[/usr/local/bin/varnishfetcherr]"},{"source":"Class[Varnish::Logging]","target":"File[/usr/local/bin/varnishtlsinspector]"},{"source":"Class[Varnish::Logging]","target":"Systemd::Service[varnish-frontend-tlsinspector]"},{"source":"Stage[main]","target":"Class[Cacheproxy::Traffic_pool]"},{"source":"Class[Cacheproxy::Traffic_pool]","target":"Systemd::Unit[traffic-pool.service]"},{"source":"Class[Cacheproxy::Traffic_pool]","target":"File[/var/lib/traffic-pool]"},{"source":"Class[Cacheproxy::Traffic_pool]","target":"Exec[systemd enable traffic-pool]"},{"source":"Stage[main]","target":"Class[Profile::Tcp_fast_open]"},{"source":"Class[Profile::Tcp_fast_open]","target":"Sysctl::Parameters[TCP Fast Open]"},{"source":"Stage[main]","target":"Class[Profile::Cache::Haproxy]"},{"source":"Stage[main]","target":"Class[Sslcert::Dhparam]"},{"source":"Class[Sslcert::Dhparam]","target":"File[/etc/ssl/dhparam.pem]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Apt::Package_from_component[haproxy]"},{"source":"Stage[main]","target":"Class[Haproxy]"},{"source":"Class[Haproxy]","target":"Package[socat]"},{"source":"Class[Haproxy]","target":"Package[haproxy]"},{"source":"Class[Haproxy]","target":"Systemd::Tmpfile[haproxy]"},{"source":"Class[Haproxy]","target":"File[/etc/haproxy]"},{"source":"Class[Haproxy]","target":"File[/etc/haproxy/conf.d]"},{"source":"Class[Haproxy]","target":"File[/etc/haproxy/haproxy.cfg]"},{"source":"Class[Haproxy]","target":"File[/usr/local/bin/generate_haproxy_default.sh]"},{"source":"Class[Haproxy]","target":"File[/etc/default/haproxy]"},{"source":"Class[Haproxy]","target":"Systemd::Service[haproxy]"},{"source":"Class[Haproxy]","target":"File[/usr/lib/nagios/plugins/check_haproxy]"},{"source":"Class[Haproxy]","target":"Nrpe::Plugin[check_haproxy]"},{"source":"Class[Haproxy]","target":"Nrpe::Monitor_service[haproxy]"},{"source":"Class[Haproxy]","target":"Nrpe::Monitor_service[haproxy_alive]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Package[python3-pystemd]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/usr/local/sbin/haproxy-stek-manager]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Systemd::Tmpfile[haproxy_secrets_tmpfile]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Systemd::Timer::Job[haproxy_stek_job]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Systemd::Tmpfile[haproxy_tls_material]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Acme_chief::Cert[unified]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy-tls-check.cfg]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/usr/local/sbin/tls-check]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/jwt]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/crt-list.cfg]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Mediawiki::Errorpage[/etc/haproxy/tls-terminator-tls-plaintext-error.html]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/allowed-hc-sources.lst]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/allowed-hosts.map]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/ipblocks.d/]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/ip-reputation.d/]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/usr/local/bin/check-haproxy-map]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/lua/private/]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/ipblocks.d/all.map]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Haproxy::Site[tls]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Haproxy::Site[redirection_port]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Systemd::Service[haproxy-mtail@tls.socket]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Systemd::Service[haproxy-mtail@tls]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Rsyslog::Conf[haproxy@tls]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Mtail::Program[cache_haproxy]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/usr/local/sbin/haproxy-restart]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/lua]"},{"source":"Class[Profile::Cache::Haproxy]","target":"Package[lua5.3-maxminddb]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/lua/maxmind-lookup.lua]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/lua/ja3n.lua]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/lua/ja4h.lua]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/lua/utf8ps.lua]"},{"source":"Class[Profile::Cache::Haproxy]","target":"File[/etc/haproxy/lua/contact_info.lua]"},{"source":"Stage[main]","target":"Class[Profile::Cache::Varnish::Frontend]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Package[python3-jsonschema]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Package[python3-requests]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Systemd::Mask[varnishncsa.service]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Systemd::Mask[varnishlog.service]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Package[libvmod-netmapper]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Package[libvmod-querysort]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Package[libvmod-wmfuniq]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Package[varnish]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Package[varnish-modules]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Package[varnish-re2]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"File[/etc/varnish/uniques.d]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"File[/etc/varnish/uniques.d/keys.cfg]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"File[/etc/varnish/uniques.d/wmfuniq-2025-04.key]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"File[/usr/local/bin/wmfuniq-experiment-fetcher]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Systemd::Timer::Job[wmfuniq-experiment-fetcher]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Mount[/var/lib/varnish]"},{"source":"Stage[main]","target":"Class[Varnish::Common::Vcl]"},{"source":"Class[Varnish::Common::Vcl]","target":"File[/etc/varnish/translation-engine.inc.vcl]"},{"source":"Class[Varnish::Common::Vcl]","target":"File[/etc/varnish/analytics.inc.vcl]"},{"source":"Class[Varnish::Common::Vcl]","target":"File[/etc/varnish/analytics-dp-helper.vcl]"},{"source":"Class[Varnish::Common::Vcl]","target":"File[/etc/varnish/alternate-domains.inc.vcl]"},{"source":"Class[Varnish::Common::Vcl]","target":"File[/usr/share/varnish/tests]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Confd::File[/etc/varnish/directors.frontend.vcl]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"File[/etc/varnish/requestctl-filters.inc.vcl]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"File[/etc/varnish/requestctl-filters-hit.inc.vcl]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"File[/etc/varnish/blocked-nets.inc.vcl]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Sysctl::Parameters[maximum map count]"},{"source":"Stage[main]","target":"Class[Prometheus::Node_varnishd_mmap_count]"},{"source":"Class[Prometheus::Node_varnishd_mmap_count]","target":"File[/usr/local/bin/prometheus-varnishd_mmap_count]"},{"source":"Class[Prometheus::Node_varnishd_mmap_count]","target":"Systemd::Timer::Job[prometheus_varnishd_mmap_count]"},{"source":"Stage[main]","target":"Class[Prometheus::Node_sysctl]"},{"source":"Class[Prometheus::Node_sysctl]","target":"File[/usr/local/bin/prometheus-sysctl]"},{"source":"Class[Prometheus::Node_sysctl]","target":"Systemd::Timer::Job[prometheus_sysctl]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Prometheus::Node_varnish_params[prometheus-varnish-params]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Prometheus::Node_file_count[track vcache fds]"},{"source":"Class[Profile::Cache::Varnish::Frontend]","target":"Varnish::Instance[text-frontend]"},{"source":"Stage[main]","target":"Class[Profile::Prometheus::Varnish_exporter]"},{"source":"Class[Profile::Prometheus::Varnish_exporter]","target":"Prometheus::Varnish_exporter[frontend]"},{"source":"Stage[main]","target":"Class[Profile::Cache::Varnish::Frontend::Text]"},{"source":"Stage[main]","target":"Class[Esitest]"},{"source":"Class[Esitest]","target":"Systemd::Tmpfile[esitest]"},{"source":"Class[Esitest]","target":"File[/etc/haproxy/esitest.cfg]"},{"source":"Class[Esitest]","target":"Systemd::Service[esitest]"},{"source":"Class[Profile::Cache::Varnish::Frontend::Text]","target":"Package[libsodium-dev]"},{"source":"Class[Profile::Cache::Varnish::Frontend::Text]","target":"Package[python3-nacl]"},{"source":"Class[Profile::Cache::Varnish::Frontend::Text]","target":"File[/usr/local/sbin/varnish-dp-key-generator]"},{"source":"Class[Profile::Cache::Varnish::Frontend::Text]","target":"File[/etc/varnish/dp.master.key]"},{"source":"Class[Profile::Cache::Varnish::Frontend::Text]","target":"Exec[/usr/local/sbin/varnish-dp-key-generator /etc/varnish/dp.master.key /etc/varnish/dp.daily.key]"},{"source":"Class[Profile::Cache::Varnish::Frontend::Text]","target":"Systemd::Timer::Job[refresh-dp-key]"},{"source":"Stage[main]","target":"Class[Profile::Trafficserver::Backend]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"File[/etc/trafficserver/lua/default.lua.conf]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Nrpe::Plugin[check_default_ats_lua_conf]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"File[/etc/ssl/certs/ats_trusted_ca.pem]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Instance[backend]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Lua_script[default]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Lua_script[x-mediawiki-original]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Lua_script[normalize-path]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Lua_script[rb-mw-mangling]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Lua_script[x-wikimedia-debug-routing]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Lua_script[multi-dc]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Lua_script[gateway-check]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Lua_script[mw-next-routing]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Trafficserver::Lua_script[rb-mw-mangling-beta]"},{"source":"Class[Profile::Trafficserver::Backend]","target":"Exec[mask_default_varnish]"},{"source":"Stage[main]","target":"Class[Profile::Lvs::Realserver::Ipip]"},{"source":"Stage[main]","target":"Class[Wmflib::Service::Catalog]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Interface::Ipip[ipip_ipv4]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Interface::Ipip[ipip_ipv6]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Interface::Clsact[clsact_lo]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Package[tcp-mss-clamper]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Systemd::Service[tcp-mss-clamper]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Ferm::Rule[ipip]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Ferm::Rule[ip6ip6]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Ferm::Rule[clamp-mss-ipv4]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Ferm::Rule[clamp-mss-ipv6]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]"},{"source":"Class[Profile::Lvs::Realserver::Ipip]","target":"Prometheus::Node_ferm_mss[ferm_clamped_ipport]"},{"source":"Stage[main]","target":"Class[Profile::Cache::Kafka::Statsv]"},{"source":"Class[Profile::Cache::Kafka::Statsv]","target":"Varnishkafka::Instance[statsv]"},{"source":"Stage[main]","target":"Class[Profile::Cache::Haproxykafka]"},{"source":"Class[Profile::Cache::Haproxykafka]","target":"File[/etc/haproxykafka/ssl]"},{"source":"Stage[main]","target":"Class[Haproxykafka]"},{"source":"Class[Haproxykafka]","target":"Package[haproxykafka]"},{"source":"Class[Haproxykafka]","target":"User[haproxykafka]"},{"source":"Class[Haproxykafka]","target":"File[/var/run/haproxykafka]"},{"source":"Class[Haproxykafka]","target":"File[/etc/haproxykafka]"},{"source":"Class[Haproxykafka]","target":"File[/etc/haproxykafka/config.yaml]"},{"source":"Class[Haproxykafka]","target":"Systemd::Service[haproxykafka]"},{"source":"Apt::Repository[component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia]","target":"Exec[apt_repository_component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"},{"source":"Apt::Repository[component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia]","target":"File[/etc/apt/sources.list.d/component-puppet7-apt.wikimedia.org-wikimedia-bullseye-wikimedia.list]"},{"source":"Apt::Pin[apt_pin_puppet]","target":"Exec[apt_pin_apt_pin_puppet]"},{"source":"Apt::Pin[apt_pin_puppet]","target":"File[/etc/apt/preferences.d/apt_pin_puppet.pref]"},{"source":"Systemd::Unit[prometheus_puppet_agent_stats.service]","target":"File[/lib/systemd/system/prometheus_puppet_agent_stats.service]"},{"source":"Systemd::Unit[prometheus_puppet_agent_stats.service]","target":"Exec[systemd daemon-reload for prometheus_puppet_agent_stats.service (prometheus_puppet_agent_stats.service)]"},{"source":"Systemd::Timer[prometheus_puppet_agent_stats]","target":"Systemd::Service[prometheus_puppet_agent_stats]"},{"source":"Systemd::Syslog[prometheus_puppet_agent_stats]","target":"File[/var/log/prometheus_puppet_agent_stats]"},{"source":"Systemd::Syslog[prometheus_puppet_agent_stats]","target":"Rsyslog::Conf[prometheus_puppet_agent_stats]"},{"source":"Systemd::Syslog[prometheus_puppet_agent_stats]","target":"Logrotate::Conf[prometheus_puppet_agent_stats]"},{"source":"Systemd::Unit[clean_puppet_client_bucket.service]","target":"File[/lib/systemd/system/clean_puppet_client_bucket.service]"},{"source":"Systemd::Unit[clean_puppet_client_bucket.service]","target":"Exec[systemd daemon-reload for clean_puppet_client_bucket.service (clean_puppet_client_bucket.service)]"},{"source":"Systemd::Timer[clean_puppet_client_bucket]","target":"Systemd::Service[clean_puppet_client_bucket]"},{"source":"Systemd::Unit[puppet-agent-timer.service]","target":"File[/lib/systemd/system/puppet-agent-timer.service]"},{"source":"Systemd::Unit[puppet-agent-timer.service]","target":"Exec[systemd daemon-reload for puppet-agent-timer.service (puppet-agent-timer.service)]"},{"source":"Systemd::Timer[puppet-agent-timer]","target":"Systemd::Service[puppet-agent-timer]"},{"source":"Systemd::Syslog[puppet-agent-timer]","target":"File[/var/log/puppet-agent-timer]"},{"source":"Systemd::Syslog[puppet-agent-timer]","target":"Rsyslog::Conf[puppet-agent-timer]"},{"source":"Systemd::Syslog[puppet-agent-timer]","target":"Logrotate::Conf[puppet-agent-timer]"},{"source":"Logrotate::Conf[puppet]","target":"File[/etc/logrotate.d/puppet]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_systemd-timesyncd]","target":"Systemd::Unit[wmf_auto_restart_systemd-timesyncd.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_systemd-timesyncd]","target":"Systemd::Timer[wmf_auto_restart_systemd-timesyncd]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_systemd-timesyncd]","target":"Systemd::Syslog[wmf_auto_restart_systemd-timesyncd]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_exim4]","target":"Systemd::Unit[wmf_auto_restart_exim4.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_exim4]","target":"Systemd::Timer[wmf_auto_restart_exim4]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_exim4]","target":"Systemd::Syslog[wmf_auto_restart_exim4]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_prometheus-node-exporter]","target":"Systemd::Unit[wmf_auto_restart_prometheus-node-exporter.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_prometheus-node-exporter]","target":"Systemd::Timer[wmf_auto_restart_prometheus-node-exporter]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_prometheus-node-exporter]","target":"Systemd::Syslog[wmf_auto_restart_prometheus-node-exporter]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_rsyslog]","target":"Systemd::Unit[wmf_auto_restart_rsyslog.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_rsyslog]","target":"Systemd::Timer[wmf_auto_restart_rsyslog]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_rsyslog]","target":"Systemd::Syslog[wmf_auto_restart_rsyslog]"},{"source":"Rsyslog::Conf[exporter-base]","target":"File[/etc/rsyslog.d/10-exporter-base.conf]"},{"source":"Rsyslog::Conf[exporter]","target":"File[/etc/rsyslog.d/10-exporter.conf]"},{"source":"Systemd::Unit[cadvisor]","target":"File[/etc/systemd/system/cadvisor.service.d/puppet-override.conf]"},{"source":"Systemd::Unit[cadvisor]","target":"Exec[systemd daemon-reload for cadvisor.service (cadvisor)]"},{"source":"Stage[main]","target":"Class[Sysctl]"},{"source":"Class[Sysctl]","target":"File[/etc/sysctl.d]"},{"source":"Class[Sysctl]","target":"Exec[update_sysctl]"},{"source":"Sysctl::Conffile[ubuntu defaults]","target":"File[/etc/sysctl.d/51-ubuntu-defaults.conf]"},{"source":"Sysctl::Conffile[wikimedia base]","target":"File[/etc/sysctl.d/60-wikimedia-base.conf]"},{"source":"Sysctl::Conffile[disable_unprivileged_bpf]","target":"File[/etc/sysctl.d/70-disable_unprivileged_bpf.conf]"},{"source":"Sysctl::Conffile[unprivileged_userns_clone]","target":"File[/etc/sysctl.d/70-unprivileged_userns_clone.conf]"},{"source":"Sysctl::Conffile[fastopen]","target":"File[/etc/sysctl.d/70-fastopen.conf]"},{"source":"Sysctl::Conffile[tcp_min_snd_mss]","target":"File[/etc/sysctl.d/70-tcp_min_snd_mss.conf]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_lldpd]","target":"Systemd::Unit[wmf_auto_restart_lldpd.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_lldpd]","target":"Systemd::Timer[wmf_auto_restart_lldpd]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_lldpd]","target":"Systemd::Syslog[wmf_auto_restart_lldpd]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_systemd-journald]","target":"Systemd::Unit[wmf_auto_restart_systemd-journald.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_systemd-journald]","target":"Systemd::Timer[wmf_auto_restart_systemd-journald]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_systemd-journald]","target":"Systemd::Syslog[wmf_auto_restart_systemd-journald]"},{"source":"Sysctl::Conffile[core_dumps]","target":"File[/etc/sysctl.d/70-core_dumps.conf]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_ssh]","target":"Systemd::Unit[wmf_auto_restart_ssh.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_ssh]","target":"Systemd::Timer[wmf_auto_restart_ssh]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_ssh]","target":"Systemd::Syslog[wmf_auto_restart_ssh]"},{"source":"Systemd::Unit[kernel-purge.service]","target":"File[/lib/systemd/system/kernel-purge.service]"},{"source":"Systemd::Unit[kernel-purge.service]","target":"Exec[systemd daemon-reload for kernel-purge.service (kernel-purge.service)]"},{"source":"Systemd::Timer[kernel-purge]","target":"Systemd::Service[kernel-purge]"},{"source":"Systemd::Syslog[kernel-purge]","target":"File[/var/log/kernel-purge]"},{"source":"Systemd::Syslog[kernel-purge]","target":"Rsyslog::Conf[kernel-purge]"},{"source":"Systemd::Syslog[kernel-purge]","target":"Logrotate::Conf[kernel-purge]"},{"source":"Systemd::Unit[prometheus-debian-version-textfile.service]","target":"File[/lib/systemd/system/prometheus-debian-version-textfile.service]"},{"source":"Systemd::Unit[prometheus-debian-version-textfile.service]","target":"Exec[systemd daemon-reload for prometheus-debian-version-textfile.service (prometheus-debian-version-textfile.service)]"},{"source":"Systemd::Timer[prometheus-debian-version-textfile]","target":"Systemd::Service[prometheus-debian-version-textfile]"},{"source":"Systemd::Unit[prometheus-dpkg-success-textfile.service]","target":"File[/lib/systemd/system/prometheus-dpkg-success-textfile.service]"},{"source":"Systemd::Unit[prometheus-dpkg-success-textfile.service]","target":"Exec[systemd daemon-reload for prometheus-dpkg-success-textfile.service (prometheus-dpkg-success-textfile.service)]"},{"source":"Systemd::Timer[prometheus-dpkg-success-textfile]","target":"Systemd::Service[prometheus-dpkg-success-textfile]"},{"source":"Systemd::Unit[send_puppet_failure_emails.service]","target":"File[/lib/systemd/system/send_puppet_failure_emails.service]"},{"source":"Systemd::Unit[send_puppet_failure_emails.service]","target":"Exec[systemd daemon-reload for send_puppet_failure_emails.service (send_puppet_failure_emails.service)]"},{"source":"Systemd::Timer[send_puppet_failure_emails]","target":"Systemd::Service[send_puppet_failure_emails]"},{"source":"Systemd::Unit[cleanup_puppet_client_bucket.service]","target":"File[/lib/systemd/system/cleanup_puppet_client_bucket.service]"},{"source":"Systemd::Unit[cleanup_puppet_client_bucket.service]","target":"Exec[systemd daemon-reload for cleanup_puppet_client_bucket.service (cleanup_puppet_client_bucket.service)]"},{"source":"Systemd::Timer[cleanup_puppet_client_bucket]","target":"Systemd::Service[cleanup_puppet_client_bucket]"},{"source":"Concat::Fragment[/etc/openstack/clouds.yaml_novaobserver]","target":"Concat_fragment[/etc/openstack/clouds.yaml_novaobserver]"},{"source":"Concat::Fragment[/root/.config/openstack/clouds.yaml_novaobserver]","target":"Concat_fragment[/root/.config/openstack/clouds.yaml_novaobserver]"},{"source":"Concat::Fragment[/etc/openstack/clouds.yaml_ossystemobserver]","target":"Concat_fragment[/etc/openstack/clouds.yaml_ossystemobserver]"},{"source":"Concat::Fragment[/root/.config/openstack/clouds.yaml_ossystemobserver]","target":"Concat_fragment[/root/.config/openstack/clouds.yaml_ossystemobserver]"},{"source":"Concat[/etc/security/access.conf]","target":"Concat_file[/etc/security/access.conf]"},{"source":"Stage[main]","target":"Class[Security::Pam]"},{"source":"Class[Security::Pam]","target":"Exec[pam-auth-update]"},{"source":"Security::Pam::Config[local-pam-access]","target":"File[/usr/share/pam-configs/local-pam-access]"},{"source":"Concat::Fragment[security-access-labs-local]","target":"Concat_fragment[security-access-labs-local]"},{"source":"Concat::Fragment[security-access-labs-restrict-to-project]","target":"Concat_fragment[security-access-labs-restrict-to-project]"},{"source":"Systemd::Unit[sssd-nss.service-sssd-nss-auto-restart]","target":"File[/etc/systemd/system/sssd-nss.service.d]"},{"source":"Systemd::Unit[sssd-nss.service-sssd-nss-auto-restart]","target":"File[/etc/systemd/system/sssd-nss.service.d/sssd-nss-auto-restart.conf]"},{"source":"Systemd::Unit[sssd-nss.service-sssd-nss-auto-restart]","target":"Exec[systemd daemon-reload for sssd-nss.service (sssd-nss.service-sssd-nss-auto-restart)]"},{"source":"Systemd::Unit[prometheus_ssh_open_sessions.service]","target":"File[/lib/systemd/system/prometheus_ssh_open_sessions.service]"},{"source":"Systemd::Unit[prometheus_ssh_open_sessions.service]","target":"Exec[systemd daemon-reload for prometheus_ssh_open_sessions.service (prometheus_ssh_open_sessions.service)]"},{"source":"Systemd::Timer[prometheus_ssh_open_sessions]","target":"Systemd::Service[prometheus_ssh_open_sessions]"},{"source":"Systemd::Syslog[prometheus_ssh_open_sessions]","target":"File[/var/log/prometheus_ssh_open_sessions]"},{"source":"Systemd::Syslog[prometheus_ssh_open_sessions]","target":"Rsyslog::Conf[prometheus_ssh_open_sessions]"},{"source":"Systemd::Syslog[prometheus_ssh_open_sessions]","target":"Logrotate::Conf[prometheus_ssh_open_sessions]"},{"source":"Motd::Script[beta_warning_and_terms]","target":"File[/etc/update-motd.d/01-beta-warning-and-terms]"},{"source":"Concat[/etc/cfssl/mutual_tls_client_cert.pem]","target":"Concat_file[/etc/cfssl/mutual_tls_client_cert.pem]"},{"source":"Concat::Fragment[mtls_client_cert_leaf]","target":"Concat_fragment[mtls_client_cert_leaf]"},{"source":"Concat::Fragment[mtls_client_cert_chain]","target":"Concat_fragment[mtls_client_cert_chain]"},{"source":"Cfssl::Config[client-cfssl]","target":"File[/etc/cfssl/client-cfssl.conf]"},{"source":"Systemd::Service[cfssl-serve@proxy-client]","target":"Service[cfssl-serve@proxy-client]"},{"source":"Systemd::Service[cfssl-serve@proxy-client]","target":"Systemd::Unit[cfssl-serve@proxy-client]"},{"source":"Concat::Fragment[/etc/rsyslog.d/00-global.conf-maxMessageSize]","target":"Concat_fragment[/etc/rsyslog.d/00-global.conf-maxMessageSize]"},{"source":"Rsyslog::Conf[lookup_output]","target":"File[/etc/rsyslog.d/10-lookup-output.conf]"},{"source":"Rsyslog::Conf[template_syslog_json]","target":"File[/etc/rsyslog.d/10-template-syslog-json.conf]"},{"source":"Rsyslog::Conf[output_kafka]","target":"File[/etc/rsyslog.d/30-output-kafka.conf]"},{"source":"Rsyslog::Conf[output_local]","target":"File[/etc/rsyslog.d/95-output-local.conf]"},{"source":"Apt::Package_from_component[lshw-backport]","target":"Apt::Repository[component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"},{"source":"Apt::Package_from_component[lshw-backport]","target":"Exec[apt_package_from_component_lshw-backport]"},{"source":"Etcd::Client::Config[/etc/etcd/etcdrc]","target":"File[/etc/etcd/etcdrc]"},{"source":"Etcd::Client::Config[/root/.etcdrc]","target":"File[/root/.etcdrc]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"File[/etc/varnishkafka/ssl]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"Exec[Generate cert kafka__varnishkafka-deployment-prep_kafka_11]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"Exec[Generate cert kafka__varnishkafka-deployment-prep_kafka_11 refresh]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"Exec[renew certificate - kafka__varnishkafka-deployment-prep_kafka_11]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"File[/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.pem]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"File[/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.csr]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"File[/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11-key.pem]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"File[/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chain.pem]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"Exec[Generate cert kafka__varnishkafka-deployment-prep_kafka_11 refresh on intermediate ca change]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"Exec[create chained cert /etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chain.pem]"},{"source":"Cfssl::Cert[kafka__varnishkafka-deployment-prep_kafka_11]","target":"File[/etc/varnishkafka/ssl/kafka__varnishkafka-deployment-prep_kafka_11.chained.pem]"},{"source":"Stage[main]","target":"Class[Varnishkafka]"},{"source":"Class[Varnishkafka]","target":"Package[varnishkafka]"},{"source":"Class[Varnishkafka]","target":"File[/etc/varnishkafka]"},{"source":"Class[Varnishkafka]","target":"File[/var/cache/varnishkafka]"},{"source":"Class[Varnishkafka]","target":"Rsyslog::Conf[varnishkafka]"},{"source":"Class[Varnishkafka]","target":"File[/etc/logrotate.d/varnishkafka]"},{"source":"Class[Varnishkafka]","target":"Exec[stop-varnishkafka-service]"},{"source":"Class[Varnishkafka]","target":"File[/etc/init.d/varnishkafka]"},{"source":"Class[Varnishkafka]","target":"File[/etc/default/varnishkafka]"},{"source":"Class[Varnishkafka]","target":"Systemd::Service[varnishkafka-all]"},{"source":"Varnishkafka::Instance[webrequest]","target":"File[/etc/varnishkafka/webrequest.conf]"},{"source":"Varnishkafka::Instance[webrequest]","target":"File[/etc/logrotate.d/varnishkafka-webrequest-stats]"},{"source":"Varnishkafka::Instance[webrequest]","target":"Base::Service_unit[varnishkafka-webrequest]"},{"source":"Profile::Auto_restarts::Service[prometheus-varnishkafka-exporter]","target":"Systemd::Timer::Job[wmf_auto_restart_prometheus-varnishkafka-exporter]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"Cfssl::Csr[/etc/cfssl/csr/discovery2026__purged.csr]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"Exec[Generate cert discovery2026__purged]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"Exec[Generate cert discovery2026__purged refresh]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"Exec[renew certificate - discovery2026__purged]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"File[/etc/purged/ssl/discovery2026__purged.pem]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"File[/etc/purged/ssl/discovery2026__purged.csr]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"File[/etc/purged/ssl/discovery2026__purged-key.pem]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"File[/etc/purged/ssl/discovery2026__purged.chain.pem]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"Exec[Generate cert discovery2026__purged refresh on intermediate ca change]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"Exec[create chained cert /etc/purged/ssl/discovery2026__purged.chain.pem]"},{"source":"Cfssl::Cert[discovery2026__purged]","target":"File[/etc/purged/ssl/discovery2026__purged.chained.pem]"},{"source":"Systemd::Service[purged]","target":"Service[purged]"},{"source":"Systemd::Service[purged]","target":"Systemd::Unit[purged]"},{"source":"Profile::Auto_restarts::Service[purged]","target":"Systemd::Timer::Job[wmf_auto_restart_purged]"},{"source":"Kmod::Blacklist[cp-bl]","target":"File[/etc/modprobe.d/blacklist-cp-bl.conf]"},{"source":"Rsyslog::Conf[varnish]","target":"File[/etc/rsyslog.d/80-varnish.conf]"},{"source":"Rsyslog::Conf[varnish_pipeline]","target":"File[/etc/rsyslog.d/20-varnish-pipeline.conf]"},{"source":"Varnish::Logging::Mtail[default]","target":"File[/usr/local/bin/varnishmtail-default]"},{"source":"Varnish::Logging::Mtail[default]","target":"Systemd::Service[varnishmtail@default]"},{"source":"Varnish::Logging::Mtail[default]","target":"Mtail::Program[varnishreqstats]"},{"source":"Varnish::Logging::Mtail[default]","target":"Mtail::Program[varnishttfb]"},{"source":"Varnish::Logging::Mtail[default]","target":"Mtail::Program[varnishxcache]"},{"source":"Varnish::Logging::Mtail[default]","target":"Mtail::Program[varnishrls]"},{"source":"Varnish::Logging::Mtail[internal]","target":"File[/usr/local/bin/varnishmtail-internal]"},{"source":"Varnish::Logging::Mtail[internal]","target":"Systemd::Service[varnishmtail@internal]"},{"source":"Varnish::Logging::Mtail[internal]","target":"Mtail::Program[varnishprocessing]"},{"source":"Varnish::Logging::Mtail[internal]","target":"Mtail::Program[varnisherrors]"},{"source":"Varnish::Logging::Mtail[internal]","target":"Mtail::Program[varnishsli]"},{"source":"Systemd::Service[varnish-frontend-tlsinspector]","target":"Service[varnish-frontend-tlsinspector]"},{"source":"Systemd::Service[varnish-frontend-tlsinspector]","target":"Systemd::Unit[varnish-frontend-tlsinspector]"},{"source":"Systemd::Unit[traffic-pool.service]","target":"File[/lib/systemd/system/traffic-pool.service]"},{"source":"Systemd::Unit[traffic-pool.service]","target":"Exec[systemd daemon-reload for traffic-pool.service (traffic-pool.service)]"},{"source":"Sysctl::Parameters[TCP Fast Open]","target":"Sysctl::Conffile[TCP Fast Open]"},{"source":"Apt::Package_from_component[haproxy]","target":"Apt::Repository[thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"},{"source":"Apt::Package_from_component[haproxy]","target":"Exec[apt_package_from_component_haproxy]"},{"source":"Apt::Package_from_component[haproxy]","target":"Apt::Pin[apt_pin_haproxy]"},{"source":"Systemd::Tmpfile[haproxy]","target":"File[/etc/tmpfiles.d/haproxy.conf]"},{"source":"Systemd::Tmpfile[haproxy]","target":"Exec[Refresh tmpfile haproxy]"},{"source":"Systemd::Service[haproxy]","target":"Service[haproxy]"},{"source":"Systemd::Service[haproxy]","target":"Systemd::Unit[haproxy]"},{"source":"Nrpe::Monitor_service[haproxy]","target":"Nrpe::Check[check_haproxy]"},{"source":"Nrpe::Monitor_service[haproxy]","target":"Monitoring::Service[haproxy]"},{"source":"Nrpe::Monitor_service[haproxy]","target":"Package[python3-click]"},{"source":"Nrpe::Monitor_service[haproxy]","target":"Package[python3-box]"},{"source":"Nrpe::Monitor_service[haproxy]","target":"File[/usr/local/bin/nrpe2nodexp]"},{"source":"Nrpe::Monitor_service[haproxy]","target":"Prometheus::Alert::Rule[check_haproxy_8b4833c5a4a8470c54300abc1c3122e3]"},{"source":"Nrpe::Monitor_service[haproxy]","target":"Systemd::Timer::Job[nrpe2nodexp-haproxy]"},{"source":"Nrpe::Monitor_service[haproxy]","target":"Rsyslog::Conf[nrpe2nodexp-haproxy]"},{"source":"Nrpe::Monitor_service[haproxy]","target":"File[/var/lib/prometheus/node.d/check_haproxy.prom]"},{"source":"Nrpe::Monitor_service[haproxy_alive]","target":"Nrpe::Check[check_haproxy_alive]"},{"source":"Nrpe::Monitor_service[haproxy_alive]","target":"Monitoring::Service[haproxy_alive]"},{"source":"Nrpe::Monitor_service[haproxy_alive]","target":"Prometheus::Alert::Rule[check_haproxy_alive_0065d6c8589cde5ab0f2099cfdcb8eff]"},{"source":"Nrpe::Monitor_service[haproxy_alive]","target":"Systemd::Timer::Job[nrpe2nodexp-haproxy_alive]"},{"source":"Nrpe::Monitor_service[haproxy_alive]","target":"Rsyslog::Conf[nrpe2nodexp-haproxy_alive]"},{"source":"Nrpe::Monitor_service[haproxy_alive]","target":"File[/var/lib/prometheus/node.d/check_haproxy_alive.prom]"},{"source":"Systemd::Tmpfile[haproxy_secrets_tmpfile]","target":"File[/etc/tmpfiles.d/haproxy-secrets-tmpfile.conf]"},{"source":"Systemd::Tmpfile[haproxy_secrets_tmpfile]","target":"Exec[Refresh tmpfile haproxy_secrets_tmpfile]"},{"source":"Systemd::Timer::Job[haproxy_stek_job]","target":"Systemd::Unit[haproxy_stek_job.service]"},{"source":"Systemd::Timer::Job[haproxy_stek_job]","target":"Systemd::Timer[haproxy_stek_job]"},{"source":"Systemd::Timer::Job[haproxy_stek_job]","target":"Systemd::Syslog[haproxy_stek_job]"},{"source":"Systemd::Tmpfile[haproxy_tls_material]","target":"File[/etc/tmpfiles.d/haproxy-tls-material.conf]"},{"source":"Stage[main]","target":"Class[Acme_chief]"},{"source":"Class[Acme_chief]","target":"Sslcert::Ca[Lets_Encrypt_Authority_X3]"},{"source":"Class[Acme_chief]","target":"Sslcert::Ca[Lets_Encrypt_Authority_X4]"},{"source":"Acme_chief::Cert[unified]","target":"File[/etc/acmecerts]"},{"source":"Acme_chief::Cert[unified]","target":"File[/etc/acmecerts/unified]"},{"source":"Mediawiki::Errorpage[/etc/haproxy/tls-terminator-tls-plaintext-error.html]","target":"File[/etc/haproxy/tls-terminator-tls-plaintext-error.html]"},{"source":"Haproxy::Site[tls]","target":"File[/etc/haproxy/conf.d/tls.cfg]"},{"source":"Haproxy::Site[redirection_port]","target":"File[/etc/haproxy/conf.d/redirection-port.cfg]"},{"source":"Systemd::Service[haproxy-mtail@tls.socket]","target":"Service[haproxy-mtail@tls.socket]"},{"source":"Systemd::Service[haproxy-mtail@tls.socket]","target":"Systemd::Unit[haproxy-mtail@tls.socket]"},{"source":"Systemd::Service[haproxy-mtail@tls]","target":"Service[haproxy-mtail@tls]"},{"source":"Systemd::Service[haproxy-mtail@tls]","target":"Systemd::Unit[haproxy-mtail@tls]"},{"source":"Rsyslog::Conf[haproxy@tls]","target":"File[/etc/rsyslog.d/20-haproxy-tls.conf]"},{"source":"Stage[main]","target":"Class[Mtail]"},{"source":"Class[Mtail]","target":"Package[mtail]"},{"source":"Class[Mtail]","target":"File[/etc/default/mtail]"},{"source":"Class[Mtail]","target":"Systemd::Service[mtail]"},{"source":"Mtail::Program[cache_haproxy]","target":"File[/etc/haproxymtail]"},{"source":"Mtail::Program[cache_haproxy]","target":"File[/etc/haproxymtail/cache_haproxy.mtail]"},{"source":"Systemd::Mask[varnishncsa.service]","target":"Exec[mask_varnishncsa.service]"},{"source":"Systemd::Mask[varnishlog.service]","target":"Exec[mask_varnishlog.service]"},{"source":"Systemd::Timer::Job[wmfuniq-experiment-fetcher]","target":"Systemd::Unit[wmfuniq-experiment-fetcher.service]"},{"source":"Systemd::Timer::Job[wmfuniq-experiment-fetcher]","target":"Systemd::Timer[wmfuniq-experiment-fetcher]"},{"source":"Systemd::Timer::Job[wmfuniq-experiment-fetcher]","target":"Systemd::Syslog[wmfuniq-experiment-fetcher]"},{"source":"Systemd::Timer::Job[wmfuniq-experiment-fetcher]","target":"Systemd::Monitor[wmfuniq-experiment-fetcher]"},{"source":"Stage[main]","target":"Class[Confd]"},{"source":"Class[Confd]","target":"Package[confd]"},{"source":"Class[Confd]","target":"Package[python3-toml]"},{"source":"Class[Confd]","target":"File[/usr/local/bin/confd-lint-wrap]"},{"source":"Class[Confd]","target":"Nrpe::Plugin[check_confd_lint]"},{"source":"Class[Confd]","target":"Systemd::Tmpfile[/var/run/confd-template]"},{"source":"Class[Confd]","target":"Systemd::Timer::Job[clean-confd-rundir]"},{"source":"Class[Confd]","target":"Nrpe::Plugin[check_confd_template]"},{"source":"Class[Confd]","target":"File[/usr/local/bin/confd-prometheus-metrics]"},{"source":"Class[Confd]","target":"Logrotate::Conf[confd]"},{"source":"Class[Confd]","target":"Rsyslog::Conf[confd]"},{"source":"Class[Confd]","target":"Confd::Instance[main]"},{"source":"Confd::File[/etc/varnish/directors.frontend.vcl]","target":"File[/etc/confd/templates/_etc_varnish_directors.frontend.vcl.tmpl]"},{"source":"Confd::File[/etc/varnish/directors.frontend.vcl]","target":"File[/etc/confd/conf.d/_etc_varnish_directors.frontend.vcl.toml]"},{"source":"Confd::File[/etc/varnish/directors.frontend.vcl]","target":"File[/etc/varnish/directors.frontend.vcl]"},{"source":"Sysctl::Parameters[maximum map count]","target":"Sysctl::Conffile[maximum map count]"},{"source":"Systemd::Timer::Job[prometheus_varnishd_mmap_count]","target":"Systemd::Unit[prometheus_varnishd_mmap_count.service]"},{"source":"Systemd::Timer::Job[prometheus_varnishd_mmap_count]","target":"Systemd::Timer[prometheus_varnishd_mmap_count]"},{"source":"Systemd::Timer::Job[prometheus_varnishd_mmap_count]","target":"Systemd::Syslog[prometheus_varnishd_mmap_count]"},{"source":"Systemd::Timer::Job[prometheus_sysctl]","target":"Systemd::Unit[prometheus_sysctl.service]"},{"source":"Systemd::Timer::Job[prometheus_sysctl]","target":"Systemd::Timer[prometheus_sysctl]"},{"source":"Systemd::Timer::Job[prometheus_sysctl]","target":"Systemd::Syslog[prometheus_sysctl]"},{"source":"Prometheus::Node_varnish_params[prometheus-varnish-params]","target":"File[/var/lib/prometheus/node.d/varnish_params.prom]"},{"source":"Prometheus::Node_file_count[track vcache fds]","target":"File[/usr/local/bin/prometheus-file-count]"},{"source":"Prometheus::Node_file_count[track vcache fds]","target":"Systemd::Timer::Job[track_vcache_fds]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[normalize_path -frontend]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[geoip -frontend]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_text-frontend.vcl]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_text-frontend.vcl]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[/etc/varnish/text-frontend.inc.vcl]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[/usr/share/varnish/tests/text-frontend.inc.vcl]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_misc-frontend.vcl]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_misc-frontend.vcl]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[/etc/varnish/misc-frontend.inc.vcl]"},{"source":"Varnish::Instance[text-frontend]","target":"Varnish::Wikimedia_vcl[/usr/share/varnish/tests/misc-frontend.inc.vcl]"},{"source":"Varnish::Instance[text-frontend]","target":"Systemd::Service[varnish-frontend]"},{"source":"Varnish::Instance[text-frontend]","target":"Systemd::Service[varnish-frontend-slowlog]"},{"source":"Varnish::Instance[text-frontend]","target":"Profile::Auto_restarts::Service[varnish-frontend-slowlog]"},{"source":"Varnish::Instance[text-frontend]","target":"Systemd::Service[varnish-frontend-hospital]"},{"source":"Varnish::Instance[text-frontend]","target":"Profile::Auto_restarts::Service[varnish-frontend-hospital]"},{"source":"Varnish::Instance[text-frontend]","target":"Systemd::Service[varnish-frontend-fetcherr]"},{"source":"Varnish::Instance[text-frontend]","target":"Profile::Auto_restarts::Service[varnish-frontend-fetcherr]"},{"source":"Varnish::Instance[text-frontend]","target":"Exec[load-new-vcl-file-frontend]"},{"source":"Varnish::Instance[text-frontend]","target":"Exec[retry-load-new-vcl-file-frontend]"},{"source":"Prometheus::Varnish_exporter[frontend]","target":"Package[prometheus-varnish-exporter]"},{"source":"Prometheus::Varnish_exporter[frontend]","target":"Exec[mask_default_varnish_exporter_frontend]"},{"source":"Prometheus::Varnish_exporter[frontend]","target":"Systemd::Service[prometheus-varnish-exporter@frontend]"},{"source":"Systemd::Tmpfile[esitest]","target":"File[/etc/tmpfiles.d/esitest.conf]"},{"source":"Systemd::Tmpfile[esitest]","target":"Exec[Refresh tmpfile esitest]"},{"source":"Systemd::Service[esitest]","target":"Service[esitest]"},{"source":"Systemd::Service[esitest]","target":"Systemd::Unit[esitest]"},{"source":"Systemd::Timer::Job[refresh-dp-key]","target":"Systemd::Unit[refresh-dp-key.service]"},{"source":"Systemd::Timer::Job[refresh-dp-key]","target":"Systemd::Timer[refresh-dp-key]"},{"source":"Systemd::Timer::Job[refresh-dp-key]","target":"Systemd::Syslog[timer-refresh-dp-key]"},{"source":"Stage[main]","target":"Class[Trafficserver]"},{"source":"Class[Trafficserver]","target":"Systemd::Mask[trafficserver.service]"},{"source":"Class[Trafficserver]","target":"Package[trafficserver]"},{"source":"Class[Trafficserver]","target":"Package[trafficserver-experimental-plugins]"},{"source":"Class[Trafficserver]","target":"File[/usr/local/sbin/ats-restart]"},{"source":"Class[Trafficserver]","target":"Rsyslog::Conf[trafficserver]"},{"source":"Trafficserver::Instance[backend]","target":"Systemd::Unmask[trafficserver.service]"},{"source":"Trafficserver::Instance[backend]","target":"Udev::Rule[vdb]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/error_template]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/error_template/default]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/records.config]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/remap.config]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/cache.config]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/storage.config]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/volume.config]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/plugin.config]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/parent.config]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/logging.yaml]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/error_template/default/.body_factory_info]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/error_template/default/default]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/ip_allow.yaml]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/trafficserver/compress.config]"},{"source":"Trafficserver::Instance[backend]","target":"Systemd::Service[trafficserver]"},{"source":"Trafficserver::Instance[backend]","target":"File[/usr/local/sbin/ats-backend-restart]"},{"source":"Trafficserver::Instance[backend]","target":"File[/etc/logrotate.d/ats-backend]"},{"source":"Trafficserver::Lua_script[default]","target":"Trafficserver::Lua_infra[infra-trafficserver]"},{"source":"Trafficserver::Lua_script[default]","target":"File[/etc/trafficserver/lua/default_test.lua]"},{"source":"Trafficserver::Lua_script[default]","target":"File[/etc/trafficserver/lua/default.lua]"},{"source":"Trafficserver::Lua_script[x-mediawiki-original]","target":"File[/etc/trafficserver/lua/x-mediawiki-original_test.lua]"},{"source":"Trafficserver::Lua_script[x-mediawiki-original]","target":"File[/etc/trafficserver/lua/x-mediawiki-original.lua]"},{"source":"Trafficserver::Lua_script[normalize-path]","target":"File[/etc/trafficserver/lua/normalize-path.lua]"},{"source":"Trafficserver::Lua_script[rb-mw-mangling]","target":"File[/etc/trafficserver/lua/rb-mw-mangling.lua]"},{"source":"Trafficserver::Lua_script[x-wikimedia-debug-routing]","target":"File[/etc/trafficserver/lua/x-wikimedia-debug-routing.lua]"},{"source":"Trafficserver::Lua_script[multi-dc]","target":"File[/etc/trafficserver/lua/multi-dc.lua.conf]"},{"source":"Trafficserver::Lua_script[multi-dc]","target":"File[/etc/trafficserver/lua/multi-dc_test.lua]"},{"source":"Trafficserver::Lua_script[multi-dc]","target":"File[/etc/trafficserver/lua/multi-dc.lua]"},{"source":"Trafficserver::Lua_script[gateway-check]","target":"File[/etc/trafficserver/lua/gateway-check.lua.conf]"},{"source":"Trafficserver::Lua_script[gateway-check]","target":"File[/etc/trafficserver/lua/gateway-check_test.lua]"},{"source":"Trafficserver::Lua_script[gateway-check]","target":"File[/etc/trafficserver/lua/gateway-check.lua]"},{"source":"Trafficserver::Lua_script[mw-next-routing]","target":"File[/etc/trafficserver/lua/mw-next-routing.lua.conf]"},{"source":"Trafficserver::Lua_script[mw-next-routing]","target":"File[/etc/trafficserver/lua/mw-next-routing_test.lua]"},{"source":"Trafficserver::Lua_script[mw-next-routing]","target":"File[/etc/trafficserver/lua/mw-next-routing.lua]"},{"source":"Trafficserver::Lua_script[rb-mw-mangling-beta]","target":"File[/etc/trafficserver/lua/rb-mw-mangling-beta.lua]"},{"source":"Interface::Ipip[ipip_ipv4]","target":"Interface::Manual[ipip_ipv4]"},{"source":"Interface::Ipip[ipip_ipv4]","target":"Interface::Ip[ipip_ipv4 ipv4]"},{"source":"Interface::Ipip[ipip_ipv4]","target":"File_line[rm_ipip0_set_up]"},{"source":"Interface::Ipip[ipip_ipv4]","target":"File_line[rm_ipip0_add_up]"},{"source":"Interface::Ipip[ipip_ipv4]","target":"Exec[ip link del dev ipip0]"},{"source":"Interface::Ipip[ipip_ipv6]","target":"Interface::Manual[ipip_ipv6]"},{"source":"Interface::Ipip[ipip_ipv6]","target":"File_line[rm_ipip60_set_up]"},{"source":"Interface::Ipip[ipip_ipv6]","target":"File_line[rm_ipip60_add_up]"},{"source":"Interface::Ipip[ipip_ipv6]","target":"Exec[ip link del dev ipip60]"},{"source":"Interface::Clsact[clsact_lo]","target":"Interface::Post_up_command[clsact_lo]"},{"source":"Interface::Clsact[clsact_lo]","target":"Exec[/usr/sbin/tc qdisc del dev lo clsact]"},{"source":"Systemd::Service[tcp-mss-clamper]","target":"Service[tcp-mss-clamper]"},{"source":"Systemd::Service[tcp-mss-clamper]","target":"Systemd::Unit[tcp-mss-clamper]"},{"source":"Systemd::Service[tcp-mss-clamper]","target":"Systemd::Monitor[tcp-mss-clamper]"},{"source":"Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]","target":"File[/usr/local/bin/prometheus-lvs-realserver-mss]"},{"source":"Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]","target":"Systemd::Timer::Job[prometheus_lvs_realserver_mss]"},{"source":"Prometheus::Node_ferm_mss[ferm_clamped_ipport]","target":"File[/usr/local/bin/prometheus-ferm-mss]"},{"source":"Prometheus::Node_ferm_mss[ferm_clamped_ipport]","target":"Systemd::Timer::Job[prometheus_ferm_mss]"},{"source":"Varnishkafka::Instance[statsv]","target":"File[/etc/varnishkafka/statsv.conf]"},{"source":"Varnishkafka::Instance[statsv]","target":"File[/etc/logrotate.d/varnishkafka-statsv-stats]"},{"source":"Varnishkafka::Instance[statsv]","target":"Base::Service_unit[varnishkafka-statsv]"},{"source":"Systemd::Service[haproxykafka]","target":"Service[haproxykafka]"},{"source":"Systemd::Service[haproxykafka]","target":"Systemd::Unit[haproxykafka]"},{"source":"Systemd::Service[prometheus_puppet_agent_stats]","target":"Service[prometheus_puppet_agent_stats.timer]"},{"source":"Systemd::Service[prometheus_puppet_agent_stats]","target":"Systemd::Unit[prometheus_puppet_agent_stats.timer]"},{"source":"Rsyslog::Conf[prometheus_puppet_agent_stats]","target":"File[/etc/rsyslog.d/40-prometheus-puppet-agent-stats.conf]"},{"source":"Logrotate::Conf[prometheus_puppet_agent_stats]","target":"File[/etc/logrotate.d/prometheus_puppet_agent_stats]"},{"source":"Systemd::Service[clean_puppet_client_bucket]","target":"Service[clean_puppet_client_bucket.timer]"},{"source":"Systemd::Service[clean_puppet_client_bucket]","target":"Systemd::Unit[clean_puppet_client_bucket.timer]"},{"source":"Systemd::Service[puppet-agent-timer]","target":"Service[puppet-agent-timer.timer]"},{"source":"Systemd::Service[puppet-agent-timer]","target":"Systemd::Unit[puppet-agent-timer.timer]"},{"source":"Rsyslog::Conf[puppet-agent-timer]","target":"File[/etc/rsyslog.d/40-puppet-agent-timer.conf]"},{"source":"Logrotate::Conf[puppet-agent-timer]","target":"File[/etc/logrotate.d/puppet-agent-timer]"},{"source":"Systemd::Unit[wmf_auto_restart_systemd-timesyncd.service]","target":"File[/lib/systemd/system/wmf_auto_restart_systemd-timesyncd.service]"},{"source":"Systemd::Unit[wmf_auto_restart_systemd-timesyncd.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_systemd-timesyncd.service (wmf_auto_restart_systemd-timesyncd.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_systemd-timesyncd]","target":"Systemd::Service[wmf_auto_restart_systemd-timesyncd]"},{"source":"Systemd::Syslog[wmf_auto_restart_systemd-timesyncd]","target":"File[/var/log/wmf_auto_restart_systemd-timesyncd]"},{"source":"Systemd::Syslog[wmf_auto_restart_systemd-timesyncd]","target":"Rsyslog::Conf[wmf_auto_restart_systemd-timesyncd]"},{"source":"Systemd::Syslog[wmf_auto_restart_systemd-timesyncd]","target":"Logrotate::Conf[wmf_auto_restart_systemd-timesyncd]"},{"source":"Systemd::Unit[wmf_auto_restart_exim4.service]","target":"File[/lib/systemd/system/wmf_auto_restart_exim4.service]"},{"source":"Systemd::Unit[wmf_auto_restart_exim4.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_exim4.service (wmf_auto_restart_exim4.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_exim4]","target":"Systemd::Service[wmf_auto_restart_exim4]"},{"source":"Systemd::Syslog[wmf_auto_restart_exim4]","target":"File[/var/log/wmf_auto_restart_exim4]"},{"source":"Systemd::Syslog[wmf_auto_restart_exim4]","target":"Rsyslog::Conf[wmf_auto_restart_exim4]"},{"source":"Systemd::Syslog[wmf_auto_restart_exim4]","target":"Logrotate::Conf[wmf_auto_restart_exim4]"},{"source":"Systemd::Unit[wmf_auto_restart_prometheus-node-exporter.service]","target":"File[/lib/systemd/system/wmf_auto_restart_prometheus-node-exporter.service]"},{"source":"Systemd::Unit[wmf_auto_restart_prometheus-node-exporter.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_prometheus-node-exporter.service (wmf_auto_restart_prometheus-node-exporter.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_prometheus-node-exporter]","target":"Systemd::Service[wmf_auto_restart_prometheus-node-exporter]"},{"source":"Systemd::Syslog[wmf_auto_restart_prometheus-node-exporter]","target":"File[/var/log/wmf_auto_restart_prometheus-node-exporter]"},{"source":"Systemd::Syslog[wmf_auto_restart_prometheus-node-exporter]","target":"Rsyslog::Conf[wmf_auto_restart_prometheus-node-exporter]"},{"source":"Systemd::Syslog[wmf_auto_restart_prometheus-node-exporter]","target":"Logrotate::Conf[wmf_auto_restart_prometheus-node-exporter]"},{"source":"Systemd::Unit[wmf_auto_restart_rsyslog.service]","target":"File[/lib/systemd/system/wmf_auto_restart_rsyslog.service]"},{"source":"Systemd::Unit[wmf_auto_restart_rsyslog.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_rsyslog.service (wmf_auto_restart_rsyslog.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_rsyslog]","target":"Systemd::Service[wmf_auto_restart_rsyslog]"},{"source":"Systemd::Syslog[wmf_auto_restart_rsyslog]","target":"File[/var/log/wmf_auto_restart_rsyslog]"},{"source":"Systemd::Syslog[wmf_auto_restart_rsyslog]","target":"Rsyslog::Conf[wmf_auto_restart_rsyslog]"},{"source":"Systemd::Syslog[wmf_auto_restart_rsyslog]","target":"Logrotate::Conf[wmf_auto_restart_rsyslog]"},{"source":"Systemd::Unit[wmf_auto_restart_lldpd.service]","target":"File[/lib/systemd/system/wmf_auto_restart_lldpd.service]"},{"source":"Systemd::Unit[wmf_auto_restart_lldpd.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_lldpd.service (wmf_auto_restart_lldpd.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_lldpd]","target":"Systemd::Service[wmf_auto_restart_lldpd]"},{"source":"Systemd::Syslog[wmf_auto_restart_lldpd]","target":"File[/var/log/wmf_auto_restart_lldpd]"},{"source":"Systemd::Syslog[wmf_auto_restart_lldpd]","target":"Rsyslog::Conf[wmf_auto_restart_lldpd]"},{"source":"Systemd::Syslog[wmf_auto_restart_lldpd]","target":"Logrotate::Conf[wmf_auto_restart_lldpd]"},{"source":"Systemd::Unit[wmf_auto_restart_systemd-journald.service]","target":"File[/lib/systemd/system/wmf_auto_restart_systemd-journald.service]"},{"source":"Systemd::Unit[wmf_auto_restart_systemd-journald.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_systemd-journald.service (wmf_auto_restart_systemd-journald.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_systemd-journald]","target":"Systemd::Service[wmf_auto_restart_systemd-journald]"},{"source":"Systemd::Syslog[wmf_auto_restart_systemd-journald]","target":"File[/var/log/wmf_auto_restart_systemd-journald]"},{"source":"Systemd::Syslog[wmf_auto_restart_systemd-journald]","target":"Rsyslog::Conf[wmf_auto_restart_systemd-journald]"},{"source":"Systemd::Syslog[wmf_auto_restart_systemd-journald]","target":"Logrotate::Conf[wmf_auto_restart_systemd-journald]"},{"source":"Systemd::Unit[wmf_auto_restart_ssh.service]","target":"File[/lib/systemd/system/wmf_auto_restart_ssh.service]"},{"source":"Systemd::Unit[wmf_auto_restart_ssh.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_ssh.service (wmf_auto_restart_ssh.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_ssh]","target":"Systemd::Service[wmf_auto_restart_ssh]"},{"source":"Systemd::Syslog[wmf_auto_restart_ssh]","target":"File[/var/log/wmf_auto_restart_ssh]"},{"source":"Systemd::Syslog[wmf_auto_restart_ssh]","target":"Rsyslog::Conf[wmf_auto_restart_ssh]"},{"source":"Systemd::Syslog[wmf_auto_restart_ssh]","target":"Logrotate::Conf[wmf_auto_restart_ssh]"},{"source":"Systemd::Service[kernel-purge]","target":"Service[kernel-purge.timer]"},{"source":"Systemd::Service[kernel-purge]","target":"Systemd::Unit[kernel-purge.timer]"},{"source":"Rsyslog::Conf[kernel-purge]","target":"File[/etc/rsyslog.d/40-kernel-purge.conf]"},{"source":"Logrotate::Conf[kernel-purge]","target":"File[/etc/logrotate.d/kernel-purge]"},{"source":"Systemd::Service[prometheus-debian-version-textfile]","target":"Service[prometheus-debian-version-textfile.timer]"},{"source":"Systemd::Service[prometheus-debian-version-textfile]","target":"Systemd::Unit[prometheus-debian-version-textfile.timer]"},{"source":"Systemd::Service[prometheus-dpkg-success-textfile]","target":"Service[prometheus-dpkg-success-textfile.timer]"},{"source":"Systemd::Service[prometheus-dpkg-success-textfile]","target":"Systemd::Unit[prometheus-dpkg-success-textfile.timer]"},{"source":"Systemd::Service[send_puppet_failure_emails]","target":"Service[send_puppet_failure_emails.timer]"},{"source":"Systemd::Service[send_puppet_failure_emails]","target":"Systemd::Unit[send_puppet_failure_emails.timer]"},{"source":"Systemd::Service[cleanup_puppet_client_bucket]","target":"Service[cleanup_puppet_client_bucket.timer]"},{"source":"Systemd::Service[cleanup_puppet_client_bucket]","target":"Systemd::Unit[cleanup_puppet_client_bucket.timer]"},{"source":"Systemd::Service[prometheus_ssh_open_sessions]","target":"Service[prometheus_ssh_open_sessions.timer]"},{"source":"Systemd::Service[prometheus_ssh_open_sessions]","target":"Systemd::Unit[prometheus_ssh_open_sessions.timer]"},{"source":"Rsyslog::Conf[prometheus_ssh_open_sessions]","target":"File[/etc/rsyslog.d/40-prometheus-ssh-open-sessions.conf]"},{"source":"Logrotate::Conf[prometheus_ssh_open_sessions]","target":"File[/etc/logrotate.d/prometheus_ssh_open_sessions]"},{"source":"Systemd::Unit[cfssl-serve@proxy-client]","target":"File[/lib/systemd/system/cfssl-serve@proxy-client.service]"},{"source":"Systemd::Unit[cfssl-serve@proxy-client]","target":"Exec[systemd daemon-reload for cfssl-serve@proxy-client.service (cfssl-serve@proxy-client)]"},{"source":"Apt::Repository[component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia]","target":"Exec[apt_repository_component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"},{"source":"Apt::Repository[component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia]","target":"File[/etc/apt/sources.list.d/component-lshw-apt.wikimedia.org-wikimedia-bullseye-wikimedia.list]"},{"source":"Cfssl::Csr[/etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr]","target":"File[/etc/cfssl/csr/kafka__varnishkafka-deployment-prep_kafka_11.csr]"},{"source":"Rsyslog::Conf[varnishkafka]","target":"File[/etc/rsyslog.d/70-varnishkafka.conf]"},{"source":"Systemd::Service[varnishkafka-all]","target":"Service[varnishkafka-all]"},{"source":"Systemd::Service[varnishkafka-all]","target":"Systemd::Unit[varnishkafka-all]"},{"source":"Base::Service_unit[varnishkafka-webrequest]","target":"File[/lib/systemd/system/varnishkafka-webrequest.service]"},{"source":"Base::Service_unit[varnishkafka-webrequest]","target":"Exec[systemd reload for varnishkafka-webrequest]"},{"source":"Base::Service_unit[varnishkafka-webrequest]","target":"Service[varnishkafka-webrequest]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"Systemd::Unit[wmf_auto_restart_prometheus-varnishkafka-exporter.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"Systemd::Timer[wmf_auto_restart_prometheus-varnishkafka-exporter]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"Systemd::Syslog[wmf_auto_restart_prometheus-varnishkafka-exporter]"},{"source":"Cfssl::Csr[/etc/cfssl/csr/discovery2026__purged.csr]","target":"File[/etc/cfssl/csr/discovery2026__purged.csr]"},{"source":"Systemd::Unit[purged]","target":"File[/lib/systemd/system/purged.service]"},{"source":"Systemd::Unit[purged]","target":"Exec[systemd daemon-reload for purged.service (purged)]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_purged]","target":"Systemd::Unit[wmf_auto_restart_purged.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_purged]","target":"Systemd::Timer[wmf_auto_restart_purged]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_purged]","target":"Systemd::Syslog[wmf_auto_restart_purged]"},{"source":"Systemd::Service[varnishmtail@default]","target":"Service[varnishmtail@default]"},{"source":"Systemd::Service[varnishmtail@default]","target":"Systemd::Unit[varnishmtail@default]"},{"source":"Mtail::Program[varnishreqstats]","target":"File[/etc/mtail-default]"},{"source":"Mtail::Program[varnishreqstats]","target":"File[/etc/mtail-default/varnishreqstats.mtail]"},{"source":"Mtail::Program[varnishttfb]","target":"File[/etc/mtail-default/varnishttfb.mtail]"},{"source":"Mtail::Program[varnishxcache]","target":"File[/etc/mtail-default/varnishxcache.mtail]"},{"source":"Mtail::Program[varnishrls]","target":"File[/etc/mtail-default/varnishrls.mtail]"},{"source":"Systemd::Service[varnishmtail@internal]","target":"Service[varnishmtail@internal]"},{"source":"Systemd::Service[varnishmtail@internal]","target":"Systemd::Unit[varnishmtail@internal]"},{"source":"Mtail::Program[varnishprocessing]","target":"File[/etc/mtail-internal]"},{"source":"Mtail::Program[varnishprocessing]","target":"File[/etc/mtail-internal/varnishprocessing.mtail]"},{"source":"Mtail::Program[varnisherrors]","target":"File[/etc/mtail-internal/varnisherrors.mtail]"},{"source":"Mtail::Program[varnishsli]","target":"File[/etc/mtail-internal/varnishsli.mtail]"},{"source":"Systemd::Unit[varnish-frontend-tlsinspector]","target":"File[/lib/systemd/system/varnish-frontend-tlsinspector.service]"},{"source":"Systemd::Unit[varnish-frontend-tlsinspector]","target":"Exec[systemd daemon-reload for varnish-frontend-tlsinspector.service (varnish-frontend-tlsinspector)]"},{"source":"Sysctl::Conffile[TCP Fast Open]","target":"File[/etc/sysctl.d/70-TCP-Fast-Open.conf]"},{"source":"Apt::Repository[thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia]","target":"Exec[apt_repository_thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia]"},{"source":"Apt::Repository[thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia]","target":"File[/etc/apt/sources.list.d/thirdparty-haproxy28-apt.wikimedia.org-wikimedia-bullseye-wikimedia.list]"},{"source":"Apt::Pin[apt_pin_haproxy]","target":"Exec[apt_pin_apt_pin_haproxy]"},{"source":"Apt::Pin[apt_pin_haproxy]","target":"File[/etc/apt/preferences.d/apt_pin_haproxy.pref]"},{"source":"Systemd::Unit[haproxy]","target":"File[/lib/systemd/system/haproxy.service]"},{"source":"Systemd::Unit[haproxy]","target":"Exec[systemd daemon-reload for haproxy.service (haproxy)]"},{"source":"Stage[main]","target":"Class[Monitoring]"},{"source":"Monitoring::Service[haproxy]","target":"Monitoring::Exported_nagios_service[deployment-cache-text08 haproxy]"},{"source":"Stage[main]","target":"Class[Prometheus::Instances]"},{"source":"Systemd::Timer::Job[nrpe2nodexp-haproxy]","target":"Systemd::Unit[nrpe2nodexp-haproxy.service]"},{"source":"Systemd::Timer::Job[nrpe2nodexp-haproxy]","target":"Systemd::Timer[nrpe2nodexp-haproxy]"},{"source":"Rsyslog::Conf[nrpe2nodexp-haproxy]","target":"File[/etc/rsyslog.d/25-nrpe2nodexp-haproxy.conf]"},{"source":"Monitoring::Service[haproxy_alive]","target":"Monitoring::Exported_nagios_service[deployment-cache-text08 haproxy_alive]"},{"source":"Systemd::Timer::Job[nrpe2nodexp-haproxy_alive]","target":"Systemd::Unit[nrpe2nodexp-haproxy_alive.service]"},{"source":"Systemd::Timer::Job[nrpe2nodexp-haproxy_alive]","target":"Systemd::Timer[nrpe2nodexp-haproxy_alive]"},{"source":"Rsyslog::Conf[nrpe2nodexp-haproxy_alive]","target":"File[/etc/rsyslog.d/25-nrpe2nodexp-haproxy-alive.conf]"},{"source":"Systemd::Unit[haproxy_stek_job.service]","target":"File[/lib/systemd/system/haproxy_stek_job.service]"},{"source":"Systemd::Unit[haproxy_stek_job.service]","target":"Exec[systemd daemon-reload for haproxy_stek_job.service (haproxy_stek_job.service)]"},{"source":"Systemd::Timer[haproxy_stek_job]","target":"Systemd::Service[haproxy_stek_job]"},{"source":"Systemd::Syslog[haproxy_stek_job]","target":"File[/var/log/haproxy_stek_job]"},{"source":"Systemd::Syslog[haproxy_stek_job]","target":"Rsyslog::Conf[haproxy_stek_job]"},{"source":"Systemd::Syslog[haproxy_stek_job]","target":"Logrotate::Conf[haproxy_stek_job]"},{"source":"Sslcert::Ca[Lets_Encrypt_Authority_X3]","target":"File[/usr/local/share/ca-certificates/Lets_Encrypt_Authority_X3.crt]"},{"source":"Sslcert::Ca[Lets_Encrypt_Authority_X4]","target":"File[/usr/local/share/ca-certificates/Lets_Encrypt_Authority_X4.crt]"},{"source":"Systemd::Unit[haproxy-mtail@tls.socket]","target":"File[/lib/systemd/system/haproxy-mtail@tls.socket]"},{"source":"Systemd::Unit[haproxy-mtail@tls.socket]","target":"Exec[systemd daemon-reload for haproxy-mtail@tls.socket (haproxy-mtail@tls.socket)]"},{"source":"Systemd::Unit[haproxy-mtail@tls]","target":"File[/lib/systemd/system/haproxy-mtail@tls.service]"},{"source":"Systemd::Unit[haproxy-mtail@tls]","target":"Exec[systemd daemon-reload for haproxy-mtail@tls.service (haproxy-mtail@tls)]"},{"source":"Systemd::Service[mtail]","target":"Service[mtail]"},{"source":"Systemd::Service[mtail]","target":"Systemd::Unit[mtail]"},{"source":"Systemd::Unit[wmfuniq-experiment-fetcher.service]","target":"File[/lib/systemd/system/wmfuniq-experiment-fetcher.service]"},{"source":"Systemd::Unit[wmfuniq-experiment-fetcher.service]","target":"Exec[systemd daemon-reload for wmfuniq-experiment-fetcher.service (wmfuniq-experiment-fetcher.service)]"},{"source":"Systemd::Timer[wmfuniq-experiment-fetcher]","target":"Systemd::Service[wmfuniq-experiment-fetcher]"},{"source":"Systemd::Syslog[wmfuniq-experiment-fetcher]","target":"File[/var/log/wmfuniq-experiment-fetcher]"},{"source":"Systemd::Syslog[wmfuniq-experiment-fetcher]","target":"Rsyslog::Conf[wmfuniq-experiment-fetcher]"},{"source":"Systemd::Syslog[wmfuniq-experiment-fetcher]","target":"Logrotate::Conf[wmfuniq-experiment-fetcher]"},{"source":"Systemd::Monitor[wmfuniq-experiment-fetcher]","target":"Nrpe::Plugin[check_systemd_unit_status]"},{"source":"Systemd::Monitor[wmfuniq-experiment-fetcher]","target":"Nrpe::Monitor_service[check_wmfuniq-experiment-fetcher_status]"},{"source":"Systemd::Tmpfile[/var/run/confd-template]","target":"File[/etc/tmpfiles.d/-var-run-confd-template.conf]"},{"source":"Systemd::Tmpfile[/var/run/confd-template]","target":"Exec[Refresh tmpfile /var/run/confd-template]"},{"source":"Systemd::Timer::Job[clean-confd-rundir]","target":"Systemd::Unit[clean-confd-rundir.service]"},{"source":"Systemd::Timer::Job[clean-confd-rundir]","target":"Systemd::Timer[clean-confd-rundir]"},{"source":"Systemd::Timer::Job[clean-confd-rundir]","target":"Systemd::Syslog[clean-confd-rundir]"},{"source":"Logrotate::Conf[confd]","target":"File[/etc/logrotate.d/confd]"},{"source":"Rsyslog::Conf[confd]","target":"File[/etc/rsyslog.d/20-confd.conf]"},{"source":"Confd::Instance[main]","target":"File[/etc/confd]"},{"source":"Confd::Instance[main]","target":"File[/etc/confd/conf.d]"},{"source":"Confd::Instance[main]","target":"File[/etc/confd/templates]"},{"source":"Confd::Instance[main]","target":"Base::Service_unit[confd]"},{"source":"Confd::Instance[main]","target":"Systemd::Timer::Job[confd_prometheus_metrics]"},{"source":"Sysctl::Conffile[maximum map count]","target":"File[/etc/sysctl.d/70-maximum-map-count.conf]"},{"source":"Systemd::Unit[prometheus_varnishd_mmap_count.service]","target":"File[/lib/systemd/system/prometheus_varnishd_mmap_count.service]"},{"source":"Systemd::Unit[prometheus_varnishd_mmap_count.service]","target":"Exec[systemd daemon-reload for prometheus_varnishd_mmap_count.service (prometheus_varnishd_mmap_count.service)]"},{"source":"Systemd::Timer[prometheus_varnishd_mmap_count]","target":"Systemd::Service[prometheus_varnishd_mmap_count]"},{"source":"Systemd::Syslog[prometheus_varnishd_mmap_count]","target":"File[/var/log/prometheus_varnishd_mmap_count]"},{"source":"Systemd::Syslog[prometheus_varnishd_mmap_count]","target":"Rsyslog::Conf[prometheus_varnishd_mmap_count]"},{"source":"Systemd::Syslog[prometheus_varnishd_mmap_count]","target":"Logrotate::Conf[prometheus_varnishd_mmap_count]"},{"source":"Systemd::Unit[prometheus_sysctl.service]","target":"File[/lib/systemd/system/prometheus_sysctl.service]"},{"source":"Systemd::Unit[prometheus_sysctl.service]","target":"Exec[systemd daemon-reload for prometheus_sysctl.service (prometheus_sysctl.service)]"},{"source":"Systemd::Timer[prometheus_sysctl]","target":"Systemd::Service[prometheus_sysctl]"},{"source":"Systemd::Syslog[prometheus_sysctl]","target":"File[/var/log/prometheus_sysctl]"},{"source":"Systemd::Syslog[prometheus_sysctl]","target":"Rsyslog::Conf[prometheus_sysctl]"},{"source":"Systemd::Syslog[prometheus_sysctl]","target":"Logrotate::Conf[prometheus_sysctl]"},{"source":"Systemd::Timer::Job[track_vcache_fds]","target":"Systemd::Unit[track_vcache_fds.service]"},{"source":"Systemd::Timer::Job[track_vcache_fds]","target":"Systemd::Timer[track_vcache_fds]"},{"source":"Systemd::Timer::Job[track_vcache_fds]","target":"Systemd::Syslog[track_vcache_fds]"},{"source":"Varnish::Wikimedia_vcl[normalize_path -frontend]","target":"File[/etc/varnish/normalize_path.inc.vcl]"},{"source":"Varnish::Wikimedia_vcl[geoip -frontend]","target":"File[/etc/varnish/geoip.inc.vcl]"},{"source":"Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_text-frontend.vcl]","target":"File[/etc/varnish/wikimedia_text-frontend.vcl]"},{"source":"Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_text-frontend.vcl]","target":"File[/usr/share/varnish/tests/wikimedia_text-frontend.vcl]"},{"source":"Varnish::Wikimedia_vcl[/etc/varnish/text-frontend.inc.vcl]","target":"File[/etc/varnish/text-frontend.inc.vcl]"},{"source":"Varnish::Wikimedia_vcl[/usr/share/varnish/tests/text-frontend.inc.vcl]","target":"File[/usr/share/varnish/tests/text-frontend.inc.vcl]"},{"source":"Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_misc-frontend.vcl]","target":"File[/etc/varnish/wikimedia_misc-frontend.vcl]"},{"source":"Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_misc-frontend.vcl]","target":"File[/usr/share/varnish/tests/wikimedia_misc-frontend.vcl]"},{"source":"Varnish::Wikimedia_vcl[/etc/varnish/misc-frontend.inc.vcl]","target":"File[/etc/varnish/misc-frontend.inc.vcl]"},{"source":"Varnish::Wikimedia_vcl[/usr/share/varnish/tests/misc-frontend.inc.vcl]","target":"File[/usr/share/varnish/tests/misc-frontend.inc.vcl]"},{"source":"Systemd::Service[varnish-frontend]","target":"Service[varnish-frontend]"},{"source":"Systemd::Service[varnish-frontend]","target":"Systemd::Unit[varnish-frontend]"},{"source":"Systemd::Service[varnish-frontend-slowlog]","target":"Service[varnish-frontend-slowlog]"},{"source":"Systemd::Service[varnish-frontend-slowlog]","target":"Systemd::Unit[varnish-frontend-slowlog]"},{"source":"Profile::Auto_restarts::Service[varnish-frontend-slowlog]","target":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-slowlog]"},{"source":"Systemd::Service[varnish-frontend-hospital]","target":"Service[varnish-frontend-hospital]"},{"source":"Systemd::Service[varnish-frontend-hospital]","target":"Systemd::Unit[varnish-frontend-hospital]"},{"source":"Profile::Auto_restarts::Service[varnish-frontend-hospital]","target":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-hospital]"},{"source":"Systemd::Service[varnish-frontend-fetcherr]","target":"Service[varnish-frontend-fetcherr]"},{"source":"Systemd::Service[varnish-frontend-fetcherr]","target":"Systemd::Unit[varnish-frontend-fetcherr]"},{"source":"Profile::Auto_restarts::Service[varnish-frontend-fetcherr]","target":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-fetcherr]"},{"source":"Systemd::Service[prometheus-varnish-exporter@frontend]","target":"Service[prometheus-varnish-exporter@frontend]"},{"source":"Systemd::Service[prometheus-varnish-exporter@frontend]","target":"Systemd::Unit[prometheus-varnish-exporter@frontend]"},{"source":"Systemd::Unit[esitest]","target":"File[/lib/systemd/system/esitest.service]"},{"source":"Systemd::Unit[esitest]","target":"Exec[systemd daemon-reload for esitest.service (esitest)]"},{"source":"Systemd::Unit[refresh-dp-key.service]","target":"File[/lib/systemd/system/refresh-dp-key.service]"},{"source":"Systemd::Unit[refresh-dp-key.service]","target":"Exec[systemd daemon-reload for refresh-dp-key.service (refresh-dp-key.service)]"},{"source":"Systemd::Timer[refresh-dp-key]","target":"Systemd::Service[refresh-dp-key]"},{"source":"Systemd::Syslog[timer-refresh-dp-key]","target":"File[/var/log/timer-refresh-dp-key]"},{"source":"Systemd::Syslog[timer-refresh-dp-key]","target":"Rsyslog::Conf[timer-refresh-dp-key]"},{"source":"Systemd::Syslog[timer-refresh-dp-key]","target":"Logrotate::Conf[timer-refresh-dp-key]"},{"source":"Systemd::Mask[trafficserver.service]","target":"Exec[mask_trafficserver.service]"},{"source":"Rsyslog::Conf[trafficserver]","target":"File[/etc/rsyslog.d/20-trafficserver.conf]"},{"source":"Systemd::Unmask[trafficserver.service]","target":"Exec[unmask_trafficserver.service]"},{"source":"Stage[main]","target":"Class[Udev]"},{"source":"Class[Udev]","target":"Exec[udev_reload]"},{"source":"Udev::Rule[vdb]","target":"File[/etc/udev/rules.d/40-vdb.rules]"},{"source":"Systemd::Service[trafficserver]","target":"Service[trafficserver]"},{"source":"Systemd::Service[trafficserver]","target":"Systemd::Unit[trafficserver]"},{"source":"Trafficserver::Lua_infra[infra-trafficserver]","target":"Package[lua-busted]"},{"source":"Trafficserver::Lua_infra[infra-trafficserver]","target":"File[/etc/trafficserver/lua/]"},{"source":"Trafficserver::Lua_infra[infra-trafficserver]","target":"File[/etc/trafficserver/lua/mock.helper.lua]"},{"source":"Trafficserver::Lua_infra[infra-trafficserver]","target":"Exec[unit_tests_trafficserver]"},{"source":"Trafficserver::Lua_infra[infra-trafficserver]","target":"Exec[trigger_lua_reload_/etc/trafficserver]"},{"source":"Interface::Manual[ipip_ipv4]","target":"File_line[rm_ipip0_manual]"},{"source":"Interface::Manual[ipip_ipv4]","target":"File_line[rm_hotplug_ipip0]"},{"source":"Interface::Ip[ipip_ipv4 ipv4]","target":"File_line[rm_ipip0_127.0.0.42/32]"},{"source":"Interface::Ip[ipip_ipv4 ipv4]","target":"Exec[ip addr del 127.0.0.42/32 dev ipip0]"},{"source":"Interface::Manual[ipip_ipv6]","target":"File_line[rm_ipip60_manual]"},{"source":"Interface::Manual[ipip_ipv6]","target":"File_line[rm_hotplug_ipip60]"},{"source":"Interface::Post_up_command[clsact_lo]","target":"File_line[rm_post-up_lo_clsact_lo]"},{"source":"Systemd::Unit[tcp-mss-clamper]","target":"File[/lib/systemd/system/tcp-mss-clamper.service]"},{"source":"Systemd::Unit[tcp-mss-clamper]","target":"Exec[systemd daemon-reload for tcp-mss-clamper.service (tcp-mss-clamper)]"},{"source":"Systemd::Monitor[tcp-mss-clamper]","target":"Nrpe::Monitor_service[check_tcp-mss-clamper_status]"},{"source":"Systemd::Timer::Job[prometheus_lvs_realserver_mss]","target":"Systemd::Unit[prometheus_lvs_realserver_mss.service]"},{"source":"Systemd::Timer::Job[prometheus_lvs_realserver_mss]","target":"Systemd::Timer[prometheus_lvs_realserver_mss]"},{"source":"Systemd::Timer::Job[prometheus_lvs_realserver_mss]","target":"Systemd::Syslog[prometheus_lvs_realserver_mss]"},{"source":"Systemd::Timer::Job[prometheus_ferm_mss]","target":"Systemd::Unit[prometheus_ferm_mss.service]"},{"source":"Systemd::Timer::Job[prometheus_ferm_mss]","target":"Systemd::Timer[prometheus_ferm_mss]"},{"source":"Systemd::Timer::Job[prometheus_ferm_mss]","target":"Systemd::Syslog[prometheus_ferm_mss]"},{"source":"Base::Service_unit[varnishkafka-statsv]","target":"File[/lib/systemd/system/varnishkafka-statsv.service]"},{"source":"Base::Service_unit[varnishkafka-statsv]","target":"Exec[systemd reload for varnishkafka-statsv]"},{"source":"Base::Service_unit[varnishkafka-statsv]","target":"Service[varnishkafka-statsv]"},{"source":"Systemd::Unit[haproxykafka]","target":"File[/etc/systemd/system/haproxykafka.service.d/puppet-override.conf]"},{"source":"Systemd::Unit[haproxykafka]","target":"Exec[systemd daemon-reload for haproxykafka.service (haproxykafka)]"},{"source":"Systemd::Unit[prometheus_puppet_agent_stats.timer]","target":"File[/lib/systemd/system/prometheus_puppet_agent_stats.timer]"},{"source":"Systemd::Unit[prometheus_puppet_agent_stats.timer]","target":"Exec[systemd daemon-reload for prometheus_puppet_agent_stats.timer (prometheus_puppet_agent_stats.timer)]"},{"source":"Systemd::Unit[clean_puppet_client_bucket.timer]","target":"File[/lib/systemd/system/clean_puppet_client_bucket.timer]"},{"source":"Systemd::Unit[clean_puppet_client_bucket.timer]","target":"Exec[systemd daemon-reload for clean_puppet_client_bucket.timer (clean_puppet_client_bucket.timer)]"},{"source":"Systemd::Unit[puppet-agent-timer.timer]","target":"File[/lib/systemd/system/puppet-agent-timer.timer]"},{"source":"Systemd::Unit[puppet-agent-timer.timer]","target":"Exec[systemd daemon-reload for puppet-agent-timer.timer (puppet-agent-timer.timer)]"},{"source":"Systemd::Service[wmf_auto_restart_systemd-timesyncd]","target":"Service[wmf_auto_restart_systemd-timesyncd.timer]"},{"source":"Systemd::Service[wmf_auto_restart_systemd-timesyncd]","target":"Systemd::Unit[wmf_auto_restart_systemd-timesyncd.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_systemd-timesyncd]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-systemd-timesyncd.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_systemd-timesyncd]","target":"File[/etc/logrotate.d/wmf_auto_restart_systemd-timesyncd]"},{"source":"Systemd::Service[wmf_auto_restart_exim4]","target":"Service[wmf_auto_restart_exim4.timer]"},{"source":"Systemd::Service[wmf_auto_restart_exim4]","target":"Systemd::Unit[wmf_auto_restart_exim4.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_exim4]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-exim4.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_exim4]","target":"File[/etc/logrotate.d/wmf_auto_restart_exim4]"},{"source":"Systemd::Service[wmf_auto_restart_prometheus-node-exporter]","target":"Service[wmf_auto_restart_prometheus-node-exporter.timer]"},{"source":"Systemd::Service[wmf_auto_restart_prometheus-node-exporter]","target":"Systemd::Unit[wmf_auto_restart_prometheus-node-exporter.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_prometheus-node-exporter]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-prometheus-node-exporter.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_prometheus-node-exporter]","target":"File[/etc/logrotate.d/wmf_auto_restart_prometheus-node-exporter]"},{"source":"Systemd::Service[wmf_auto_restart_rsyslog]","target":"Service[wmf_auto_restart_rsyslog.timer]"},{"source":"Systemd::Service[wmf_auto_restart_rsyslog]","target":"Systemd::Unit[wmf_auto_restart_rsyslog.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_rsyslog]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-rsyslog.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_rsyslog]","target":"File[/etc/logrotate.d/wmf_auto_restart_rsyslog]"},{"source":"Systemd::Service[wmf_auto_restart_lldpd]","target":"Service[wmf_auto_restart_lldpd.timer]"},{"source":"Systemd::Service[wmf_auto_restart_lldpd]","target":"Systemd::Unit[wmf_auto_restart_lldpd.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_lldpd]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-lldpd.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_lldpd]","target":"File[/etc/logrotate.d/wmf_auto_restart_lldpd]"},{"source":"Systemd::Service[wmf_auto_restart_systemd-journald]","target":"Service[wmf_auto_restart_systemd-journald.timer]"},{"source":"Systemd::Service[wmf_auto_restart_systemd-journald]","target":"Systemd::Unit[wmf_auto_restart_systemd-journald.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_systemd-journald]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-systemd-journald.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_systemd-journald]","target":"File[/etc/logrotate.d/wmf_auto_restart_systemd-journald]"},{"source":"Systemd::Service[wmf_auto_restart_ssh]","target":"Service[wmf_auto_restart_ssh.timer]"},{"source":"Systemd::Service[wmf_auto_restart_ssh]","target":"Systemd::Unit[wmf_auto_restart_ssh.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_ssh]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-ssh.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_ssh]","target":"File[/etc/logrotate.d/wmf_auto_restart_ssh]"},{"source":"Systemd::Unit[kernel-purge.timer]","target":"File[/lib/systemd/system/kernel-purge.timer]"},{"source":"Systemd::Unit[kernel-purge.timer]","target":"Exec[systemd daemon-reload for kernel-purge.timer (kernel-purge.timer)]"},{"source":"Systemd::Unit[prometheus-debian-version-textfile.timer]","target":"File[/lib/systemd/system/prometheus-debian-version-textfile.timer]"},{"source":"Systemd::Unit[prometheus-debian-version-textfile.timer]","target":"Exec[systemd daemon-reload for prometheus-debian-version-textfile.timer (prometheus-debian-version-textfile.timer)]"},{"source":"Systemd::Unit[prometheus-dpkg-success-textfile.timer]","target":"File[/lib/systemd/system/prometheus-dpkg-success-textfile.timer]"},{"source":"Systemd::Unit[prometheus-dpkg-success-textfile.timer]","target":"Exec[systemd daemon-reload for prometheus-dpkg-success-textfile.timer (prometheus-dpkg-success-textfile.timer)]"},{"source":"Systemd::Unit[send_puppet_failure_emails.timer]","target":"File[/lib/systemd/system/send_puppet_failure_emails.timer]"},{"source":"Systemd::Unit[send_puppet_failure_emails.timer]","target":"Exec[systemd daemon-reload for send_puppet_failure_emails.timer (send_puppet_failure_emails.timer)]"},{"source":"Systemd::Unit[cleanup_puppet_client_bucket.timer]","target":"File[/lib/systemd/system/cleanup_puppet_client_bucket.timer]"},{"source":"Systemd::Unit[cleanup_puppet_client_bucket.timer]","target":"Exec[systemd daemon-reload for cleanup_puppet_client_bucket.timer (cleanup_puppet_client_bucket.timer)]"},{"source":"Systemd::Unit[prometheus_ssh_open_sessions.timer]","target":"File[/lib/systemd/system/prometheus_ssh_open_sessions.timer]"},{"source":"Systemd::Unit[prometheus_ssh_open_sessions.timer]","target":"Exec[systemd daemon-reload for prometheus_ssh_open_sessions.timer (prometheus_ssh_open_sessions.timer)]"},{"source":"Systemd::Unit[varnishkafka-all]","target":"File[/lib/systemd/system/varnishkafka-all.service]"},{"source":"Systemd::Unit[varnishkafka-all]","target":"Exec[systemd daemon-reload for varnishkafka-all.service (varnishkafka-all)]"},{"source":"Systemd::Unit[wmf_auto_restart_prometheus-varnishkafka-exporter.service]","target":"File[/lib/systemd/system/wmf_auto_restart_prometheus-varnishkafka-exporter.service]"},{"source":"Systemd::Unit[wmf_auto_restart_prometheus-varnishkafka-exporter.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_prometheus-varnishkafka-exporter.service (wmf_auto_restart_prometheus-varnishkafka-exporter.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"Systemd::Service[wmf_auto_restart_prometheus-varnishkafka-exporter]"},{"source":"Systemd::Syslog[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"File[/var/log/wmf_auto_restart_prometheus-varnishkafka-exporter]"},{"source":"Systemd::Syslog[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"Rsyslog::Conf[wmf_auto_restart_prometheus-varnishkafka-exporter]"},{"source":"Systemd::Syslog[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"Logrotate::Conf[wmf_auto_restart_prometheus-varnishkafka-exporter]"},{"source":"Systemd::Unit[wmf_auto_restart_purged.service]","target":"File[/lib/systemd/system/wmf_auto_restart_purged.service]"},{"source":"Systemd::Unit[wmf_auto_restart_purged.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_purged.service (wmf_auto_restart_purged.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_purged]","target":"Systemd::Service[wmf_auto_restart_purged]"},{"source":"Systemd::Syslog[wmf_auto_restart_purged]","target":"File[/var/log/wmf_auto_restart_purged]"},{"source":"Systemd::Syslog[wmf_auto_restart_purged]","target":"Rsyslog::Conf[wmf_auto_restart_purged]"},{"source":"Systemd::Syslog[wmf_auto_restart_purged]","target":"Logrotate::Conf[wmf_auto_restart_purged]"},{"source":"Systemd::Unit[varnishmtail@default]","target":"File[/lib/systemd/system/varnishmtail@default.service]"},{"source":"Systemd::Unit[varnishmtail@default]","target":"Exec[systemd daemon-reload for varnishmtail@default.service (varnishmtail@default)]"},{"source":"Systemd::Unit[varnishmtail@internal]","target":"File[/lib/systemd/system/varnishmtail@internal.service]"},{"source":"Systemd::Unit[varnishmtail@internal]","target":"Exec[systemd daemon-reload for varnishmtail@internal.service (varnishmtail@internal)]"},{"source":"Systemd::Unit[nrpe2nodexp-haproxy.service]","target":"File[/lib/systemd/system/nrpe2nodexp-haproxy.service]"},{"source":"Systemd::Unit[nrpe2nodexp-haproxy.service]","target":"Exec[systemd daemon-reload for nrpe2nodexp-haproxy.service (nrpe2nodexp-haproxy.service)]"},{"source":"Systemd::Timer[nrpe2nodexp-haproxy]","target":"Systemd::Service[nrpe2nodexp-haproxy]"},{"source":"Systemd::Unit[nrpe2nodexp-haproxy_alive.service]","target":"File[/lib/systemd/system/nrpe2nodexp-haproxy_alive.service]"},{"source":"Systemd::Unit[nrpe2nodexp-haproxy_alive.service]","target":"Exec[systemd daemon-reload for nrpe2nodexp-haproxy_alive.service (nrpe2nodexp-haproxy_alive.service)]"},{"source":"Systemd::Timer[nrpe2nodexp-haproxy_alive]","target":"Systemd::Service[nrpe2nodexp-haproxy_alive]"},{"source":"Systemd::Service[haproxy_stek_job]","target":"Service[haproxy_stek_job.timer]"},{"source":"Systemd::Service[haproxy_stek_job]","target":"Systemd::Unit[haproxy_stek_job.timer]"},{"source":"Rsyslog::Conf[haproxy_stek_job]","target":"File[/etc/rsyslog.d/40-haproxy-stek-job.conf]"},{"source":"Logrotate::Conf[haproxy_stek_job]","target":"File[/etc/logrotate.d/haproxy_stek_job]"},{"source":"Systemd::Unit[mtail]","target":"File[/etc/systemd/system/mtail.service.d/puppet-override.conf]"},{"source":"Systemd::Unit[mtail]","target":"Exec[systemd daemon-reload for mtail.service (mtail)]"},{"source":"Systemd::Service[wmfuniq-experiment-fetcher]","target":"Service[wmfuniq-experiment-fetcher.timer]"},{"source":"Systemd::Service[wmfuniq-experiment-fetcher]","target":"Systemd::Unit[wmfuniq-experiment-fetcher.timer]"},{"source":"Rsyslog::Conf[wmfuniq-experiment-fetcher]","target":"File[/etc/rsyslog.d/40-wmfuniq-experiment-fetcher.conf]"},{"source":"Logrotate::Conf[wmfuniq-experiment-fetcher]","target":"File[/etc/logrotate.d/wmfuniq-experiment-fetcher]"},{"source":"Nrpe::Monitor_service[check_wmfuniq-experiment-fetcher_status]","target":"Nrpe::Check[check_check_wmfuniq-experiment-fetcher_status]"},{"source":"Nrpe::Monitor_service[check_wmfuniq-experiment-fetcher_status]","target":"Monitoring::Service[check_wmfuniq-experiment-fetcher_status]"},{"source":"Nrpe::Monitor_service[check_wmfuniq-experiment-fetcher_status]","target":"Prometheus::Alert::Rule[check_check_wmfuniq-experiment-fetcher_status_50dc98e51dafd8e982310a5038c4adc0]"},{"source":"Nrpe::Monitor_service[check_wmfuniq-experiment-fetcher_status]","target":"Systemd::Timer::Job[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]"},{"source":"Nrpe::Monitor_service[check_wmfuniq-experiment-fetcher_status]","target":"Rsyslog::Conf[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]"},{"source":"Nrpe::Monitor_service[check_wmfuniq-experiment-fetcher_status]","target":"File[/var/lib/prometheus/node.d/check_check_wmfuniq-experiment-fetcher_status.prom]"},{"source":"Systemd::Unit[clean-confd-rundir.service]","target":"File[/lib/systemd/system/clean-confd-rundir.service]"},{"source":"Systemd::Unit[clean-confd-rundir.service]","target":"Exec[systemd daemon-reload for clean-confd-rundir.service (clean-confd-rundir.service)]"},{"source":"Systemd::Timer[clean-confd-rundir]","target":"Systemd::Service[clean-confd-rundir]"},{"source":"Systemd::Syslog[clean-confd-rundir]","target":"File[/var/log/clean-confd-rundir]"},{"source":"Systemd::Syslog[clean-confd-rundir]","target":"Rsyslog::Conf[clean-confd-rundir]"},{"source":"Systemd::Syslog[clean-confd-rundir]","target":"Logrotate::Conf[clean-confd-rundir]"},{"source":"Base::Service_unit[confd]","target":"File[/lib/systemd/system/confd.service]"},{"source":"Base::Service_unit[confd]","target":"Exec[systemd reload for confd]"},{"source":"Base::Service_unit[confd]","target":"Service[confd]"},{"source":"Systemd::Timer::Job[confd_prometheus_metrics]","target":"Systemd::Unit[confd_prometheus_metrics.service]"},{"source":"Systemd::Timer::Job[confd_prometheus_metrics]","target":"Systemd::Timer[confd_prometheus_metrics]"},{"source":"Systemd::Timer::Job[confd_prometheus_metrics]","target":"Systemd::Syslog[confd_prometheus_metrics]"},{"source":"Systemd::Service[prometheus_varnishd_mmap_count]","target":"Service[prometheus_varnishd_mmap_count.timer]"},{"source":"Systemd::Service[prometheus_varnishd_mmap_count]","target":"Systemd::Unit[prometheus_varnishd_mmap_count.timer]"},{"source":"Rsyslog::Conf[prometheus_varnishd_mmap_count]","target":"File[/etc/rsyslog.d/40-prometheus-varnishd-mmap-count.conf]"},{"source":"Logrotate::Conf[prometheus_varnishd_mmap_count]","target":"File[/etc/logrotate.d/prometheus_varnishd_mmap_count]"},{"source":"Systemd::Service[prometheus_sysctl]","target":"Service[prometheus_sysctl.timer]"},{"source":"Systemd::Service[prometheus_sysctl]","target":"Systemd::Unit[prometheus_sysctl.timer]"},{"source":"Rsyslog::Conf[prometheus_sysctl]","target":"File[/etc/rsyslog.d/40-prometheus-sysctl.conf]"},{"source":"Logrotate::Conf[prometheus_sysctl]","target":"File[/etc/logrotate.d/prometheus_sysctl]"},{"source":"Systemd::Unit[track_vcache_fds.service]","target":"File[/lib/systemd/system/track_vcache_fds.service]"},{"source":"Systemd::Unit[track_vcache_fds.service]","target":"Exec[systemd daemon-reload for track_vcache_fds.service (track_vcache_fds.service)]"},{"source":"Systemd::Timer[track_vcache_fds]","target":"Systemd::Service[track_vcache_fds]"},{"source":"Systemd::Syslog[track_vcache_fds]","target":"File[/var/log/track_vcache_fds]"},{"source":"Systemd::Syslog[track_vcache_fds]","target":"Rsyslog::Conf[track_vcache_fds]"},{"source":"Systemd::Syslog[track_vcache_fds]","target":"Logrotate::Conf[track_vcache_fds]"},{"source":"Systemd::Unit[varnish-frontend]","target":"File[/lib/systemd/system/varnish-frontend.service]"},{"source":"Systemd::Unit[varnish-frontend]","target":"Exec[systemd daemon-reload for varnish-frontend.service (varnish-frontend)]"},{"source":"Systemd::Unit[varnish-frontend-slowlog]","target":"File[/lib/systemd/system/varnish-frontend-slowlog.service]"},{"source":"Systemd::Unit[varnish-frontend-slowlog]","target":"Exec[systemd daemon-reload for varnish-frontend-slowlog.service (varnish-frontend-slowlog)]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-slowlog]","target":"Systemd::Unit[wmf_auto_restart_varnish-frontend-slowlog.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-slowlog]","target":"Systemd::Timer[wmf_auto_restart_varnish-frontend-slowlog]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-slowlog]","target":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-slowlog]"},{"source":"Systemd::Unit[varnish-frontend-hospital]","target":"File[/lib/systemd/system/varnish-frontend-hospital.service]"},{"source":"Systemd::Unit[varnish-frontend-hospital]","target":"Exec[systemd daemon-reload for varnish-frontend-hospital.service (varnish-frontend-hospital)]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-hospital]","target":"Systemd::Unit[wmf_auto_restart_varnish-frontend-hospital.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-hospital]","target":"Systemd::Timer[wmf_auto_restart_varnish-frontend-hospital]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-hospital]","target":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-hospital]"},{"source":"Systemd::Unit[varnish-frontend-fetcherr]","target":"File[/lib/systemd/system/varnish-frontend-fetcherr.service]"},{"source":"Systemd::Unit[varnish-frontend-fetcherr]","target":"Exec[systemd daemon-reload for varnish-frontend-fetcherr.service (varnish-frontend-fetcherr)]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-fetcherr]","target":"Systemd::Unit[wmf_auto_restart_varnish-frontend-fetcherr.service]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-fetcherr]","target":"Systemd::Timer[wmf_auto_restart_varnish-frontend-fetcherr]"},{"source":"Systemd::Timer::Job[wmf_auto_restart_varnish-frontend-fetcherr]","target":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-fetcherr]"},{"source":"Systemd::Unit[prometheus-varnish-exporter@frontend]","target":"File[/lib/systemd/system/prometheus-varnish-exporter@frontend.service]"},{"source":"Systemd::Unit[prometheus-varnish-exporter@frontend]","target":"Exec[systemd daemon-reload for prometheus-varnish-exporter@frontend.service (prometheus-varnish-exporter@frontend)]"},{"source":"Systemd::Service[refresh-dp-key]","target":"Service[refresh-dp-key.timer]"},{"source":"Systemd::Service[refresh-dp-key]","target":"Systemd::Unit[refresh-dp-key.timer]"},{"source":"Rsyslog::Conf[timer-refresh-dp-key]","target":"File[/etc/rsyslog.d/40-timer-refresh-dp-key.conf]"},{"source":"Logrotate::Conf[timer-refresh-dp-key]","target":"File[/etc/logrotate.d/timer-refresh-dp-key]"},{"source":"Systemd::Unit[trafficserver]","target":"File[/etc/systemd/system/trafficserver.service.d]"},{"source":"Systemd::Unit[trafficserver]","target":"File[/etc/systemd/system/trafficserver.service.d/puppet-override.conf]"},{"source":"Systemd::Unit[trafficserver]","target":"Exec[systemd daemon-reload for trafficserver.service (trafficserver)]"},{"source":"Nrpe::Monitor_service[check_tcp-mss-clamper_status]","target":"Nrpe::Check[check_check_tcp-mss-clamper_status]"},{"source":"Nrpe::Monitor_service[check_tcp-mss-clamper_status]","target":"Monitoring::Service[check_tcp-mss-clamper_status]"},{"source":"Nrpe::Monitor_service[check_tcp-mss-clamper_status]","target":"Prometheus::Alert::Rule[check_check_tcp-mss-clamper_status_295d6d5dd0a784bb9ba1d5983fd1894f]"},{"source":"Nrpe::Monitor_service[check_tcp-mss-clamper_status]","target":"Systemd::Timer::Job[nrpe2nodexp-check_tcp-mss-clamper_status]"},{"source":"Nrpe::Monitor_service[check_tcp-mss-clamper_status]","target":"Rsyslog::Conf[nrpe2nodexp-check_tcp-mss-clamper_status]"},{"source":"Nrpe::Monitor_service[check_tcp-mss-clamper_status]","target":"File[/var/lib/prometheus/node.d/check_check_tcp-mss-clamper_status.prom]"},{"source":"Systemd::Unit[prometheus_lvs_realserver_mss.service]","target":"File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]"},{"source":"Systemd::Unit[prometheus_lvs_realserver_mss.service]","target":"Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.service (prometheus_lvs_realserver_mss.service)]"},{"source":"Systemd::Timer[prometheus_lvs_realserver_mss]","target":"Systemd::Service[prometheus_lvs_realserver_mss]"},{"source":"Systemd::Syslog[prometheus_lvs_realserver_mss]","target":"File[/var/log/prometheus_lvs_realserver_mss]"},{"source":"Systemd::Syslog[prometheus_lvs_realserver_mss]","target":"Rsyslog::Conf[prometheus_lvs_realserver_mss]"},{"source":"Systemd::Syslog[prometheus_lvs_realserver_mss]","target":"Logrotate::Conf[prometheus_lvs_realserver_mss]"},{"source":"Systemd::Unit[prometheus_ferm_mss.service]","target":"File[/lib/systemd/system/prometheus_ferm_mss.service]"},{"source":"Systemd::Unit[prometheus_ferm_mss.service]","target":"Exec[systemd daemon-reload for prometheus_ferm_mss.service (prometheus_ferm_mss.service)]"},{"source":"Systemd::Timer[prometheus_ferm_mss]","target":"Systemd::Service[prometheus_ferm_mss]"},{"source":"Systemd::Syslog[prometheus_ferm_mss]","target":"File[/var/log/prometheus_ferm_mss]"},{"source":"Systemd::Syslog[prometheus_ferm_mss]","target":"Rsyslog::Conf[prometheus_ferm_mss]"},{"source":"Systemd::Syslog[prometheus_ferm_mss]","target":"Logrotate::Conf[prometheus_ferm_mss]"},{"source":"Systemd::Unit[wmf_auto_restart_systemd-timesyncd.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_systemd-timesyncd.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_systemd-timesyncd.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_systemd-timesyncd.timer (wmf_auto_restart_systemd-timesyncd.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_exim4.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_exim4.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_exim4.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_exim4.timer (wmf_auto_restart_exim4.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_prometheus-node-exporter.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_prometheus-node-exporter.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_prometheus-node-exporter.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_prometheus-node-exporter.timer (wmf_auto_restart_prometheus-node-exporter.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_rsyslog.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_rsyslog.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_rsyslog.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_rsyslog.timer (wmf_auto_restart_rsyslog.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_lldpd.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_lldpd.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_lldpd.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_lldpd.timer (wmf_auto_restart_lldpd.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_systemd-journald.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_systemd-journald.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_systemd-journald.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_systemd-journald.timer (wmf_auto_restart_systemd-journald.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_ssh.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_ssh.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_ssh.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_ssh.timer (wmf_auto_restart_ssh.timer)]"},{"source":"Systemd::Service[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"Service[wmf_auto_restart_prometheus-varnishkafka-exporter.timer]"},{"source":"Systemd::Service[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"Systemd::Unit[wmf_auto_restart_prometheus-varnishkafka-exporter.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-prometheus-varnishkafka-exporter.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_prometheus-varnishkafka-exporter]","target":"File[/etc/logrotate.d/wmf_auto_restart_prometheus-varnishkafka-exporter]"},{"source":"Systemd::Service[wmf_auto_restart_purged]","target":"Service[wmf_auto_restart_purged.timer]"},{"source":"Systemd::Service[wmf_auto_restart_purged]","target":"Systemd::Unit[wmf_auto_restart_purged.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_purged]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-purged.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_purged]","target":"File[/etc/logrotate.d/wmf_auto_restart_purged]"},{"source":"Systemd::Service[nrpe2nodexp-haproxy]","target":"Service[nrpe2nodexp-haproxy.timer]"},{"source":"Systemd::Service[nrpe2nodexp-haproxy]","target":"Systemd::Unit[nrpe2nodexp-haproxy.timer]"},{"source":"Systemd::Service[nrpe2nodexp-haproxy_alive]","target":"Service[nrpe2nodexp-haproxy_alive.timer]"},{"source":"Systemd::Service[nrpe2nodexp-haproxy_alive]","target":"Systemd::Unit[nrpe2nodexp-haproxy_alive.timer]"},{"source":"Systemd::Unit[haproxy_stek_job.timer]","target":"File[/lib/systemd/system/haproxy_stek_job.timer]"},{"source":"Systemd::Unit[haproxy_stek_job.timer]","target":"Exec[systemd daemon-reload for haproxy_stek_job.timer (haproxy_stek_job.timer)]"},{"source":"Systemd::Unit[wmfuniq-experiment-fetcher.timer]","target":"File[/lib/systemd/system/wmfuniq-experiment-fetcher.timer]"},{"source":"Systemd::Unit[wmfuniq-experiment-fetcher.timer]","target":"Exec[systemd daemon-reload for wmfuniq-experiment-fetcher.timer (wmfuniq-experiment-fetcher.timer)]"},{"source":"Monitoring::Service[check_wmfuniq-experiment-fetcher_status]","target":"Monitoring::Exported_nagios_service[deployment-cache-text08 check_wmfuniq-experiment-fetcher_status]"},{"source":"Systemd::Timer::Job[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]","target":"Systemd::Unit[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service]"},{"source":"Systemd::Timer::Job[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]","target":"Systemd::Timer[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]"},{"source":"Rsyslog::Conf[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]","target":"File[/etc/rsyslog.d/25-nrpe2nodexp-check-wmfuniq-experiment-fetcher-status.conf]"},{"source":"Systemd::Service[clean-confd-rundir]","target":"Service[clean-confd-rundir.timer]"},{"source":"Systemd::Service[clean-confd-rundir]","target":"Systemd::Unit[clean-confd-rundir.timer]"},{"source":"Rsyslog::Conf[clean-confd-rundir]","target":"File[/etc/rsyslog.d/40-clean-confd-rundir.conf]"},{"source":"Logrotate::Conf[clean-confd-rundir]","target":"File[/etc/logrotate.d/clean-confd-rundir]"},{"source":"Systemd::Unit[confd_prometheus_metrics.service]","target":"File[/lib/systemd/system/confd_prometheus_metrics.service]"},{"source":"Systemd::Unit[confd_prometheus_metrics.service]","target":"Exec[systemd daemon-reload for confd_prometheus_metrics.service (confd_prometheus_metrics.service)]"},{"source":"Systemd::Timer[confd_prometheus_metrics]","target":"Systemd::Service[confd_prometheus_metrics]"},{"source":"Systemd::Syslog[confd_prometheus_metrics]","target":"File[/var/log/confd_prometheus_metrics]"},{"source":"Systemd::Syslog[confd_prometheus_metrics]","target":"Rsyslog::Conf[confd_prometheus_metrics]"},{"source":"Systemd::Syslog[confd_prometheus_metrics]","target":"Logrotate::Conf[confd_prometheus_metrics]"},{"source":"Systemd::Unit[prometheus_varnishd_mmap_count.timer]","target":"File[/lib/systemd/system/prometheus_varnishd_mmap_count.timer]"},{"source":"Systemd::Unit[prometheus_varnishd_mmap_count.timer]","target":"Exec[systemd daemon-reload for prometheus_varnishd_mmap_count.timer (prometheus_varnishd_mmap_count.timer)]"},{"source":"Systemd::Unit[prometheus_sysctl.timer]","target":"File[/lib/systemd/system/prometheus_sysctl.timer]"},{"source":"Systemd::Unit[prometheus_sysctl.timer]","target":"Exec[systemd daemon-reload for prometheus_sysctl.timer (prometheus_sysctl.timer)]"},{"source":"Systemd::Service[track_vcache_fds]","target":"Service[track_vcache_fds.timer]"},{"source":"Systemd::Service[track_vcache_fds]","target":"Systemd::Unit[track_vcache_fds.timer]"},{"source":"Rsyslog::Conf[track_vcache_fds]","target":"File[/etc/rsyslog.d/40-track-vcache-fds.conf]"},{"source":"Logrotate::Conf[track_vcache_fds]","target":"File[/etc/logrotate.d/track_vcache_fds]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-slowlog.service]","target":"File[/lib/systemd/system/wmf_auto_restart_varnish-frontend-slowlog.service]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-slowlog.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-slowlog.service (wmf_auto_restart_varnish-frontend-slowlog.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_varnish-frontend-slowlog]","target":"Systemd::Service[wmf_auto_restart_varnish-frontend-slowlog]"},{"source":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-slowlog]","target":"File[/var/log/wmf_auto_restart_varnish-frontend-slowlog]"},{"source":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-slowlog]","target":"Rsyslog::Conf[wmf_auto_restart_varnish-frontend-slowlog]"},{"source":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-slowlog]","target":"Logrotate::Conf[wmf_auto_restart_varnish-frontend-slowlog]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-hospital.service]","target":"File[/lib/systemd/system/wmf_auto_restart_varnish-frontend-hospital.service]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-hospital.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-hospital.service (wmf_auto_restart_varnish-frontend-hospital.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_varnish-frontend-hospital]","target":"Systemd::Service[wmf_auto_restart_varnish-frontend-hospital]"},{"source":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-hospital]","target":"File[/var/log/wmf_auto_restart_varnish-frontend-hospital]"},{"source":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-hospital]","target":"Rsyslog::Conf[wmf_auto_restart_varnish-frontend-hospital]"},{"source":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-hospital]","target":"Logrotate::Conf[wmf_auto_restart_varnish-frontend-hospital]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-fetcherr.service]","target":"File[/lib/systemd/system/wmf_auto_restart_varnish-frontend-fetcherr.service]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-fetcherr.service]","target":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-fetcherr.service (wmf_auto_restart_varnish-frontend-fetcherr.service)]"},{"source":"Systemd::Timer[wmf_auto_restart_varnish-frontend-fetcherr]","target":"Systemd::Service[wmf_auto_restart_varnish-frontend-fetcherr]"},{"source":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-fetcherr]","target":"File[/var/log/wmf_auto_restart_varnish-frontend-fetcherr]"},{"source":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-fetcherr]","target":"Rsyslog::Conf[wmf_auto_restart_varnish-frontend-fetcherr]"},{"source":"Systemd::Syslog[wmf_auto_restart_varnish-frontend-fetcherr]","target":"Logrotate::Conf[wmf_auto_restart_varnish-frontend-fetcherr]"},{"source":"Systemd::Unit[refresh-dp-key.timer]","target":"File[/lib/systemd/system/refresh-dp-key.timer]"},{"source":"Systemd::Unit[refresh-dp-key.timer]","target":"Exec[systemd daemon-reload for refresh-dp-key.timer (refresh-dp-key.timer)]"},{"source":"Monitoring::Service[check_tcp-mss-clamper_status]","target":"Monitoring::Exported_nagios_service[deployment-cache-text08 check_tcp-mss-clamper_status]"},{"source":"Systemd::Timer::Job[nrpe2nodexp-check_tcp-mss-clamper_status]","target":"Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service]"},{"source":"Systemd::Timer::Job[nrpe2nodexp-check_tcp-mss-clamper_status]","target":"Systemd::Timer[nrpe2nodexp-check_tcp-mss-clamper_status]"},{"source":"Rsyslog::Conf[nrpe2nodexp-check_tcp-mss-clamper_status]","target":"File[/etc/rsyslog.d/25-nrpe2nodexp-check-tcp-mss-clamper-status.conf]"},{"source":"Systemd::Service[prometheus_lvs_realserver_mss]","target":"Service[prometheus_lvs_realserver_mss.timer]"},{"source":"Systemd::Service[prometheus_lvs_realserver_mss]","target":"Systemd::Unit[prometheus_lvs_realserver_mss.timer]"},{"source":"Rsyslog::Conf[prometheus_lvs_realserver_mss]","target":"File[/etc/rsyslog.d/40-prometheus-lvs-realserver-mss.conf]"},{"source":"Logrotate::Conf[prometheus_lvs_realserver_mss]","target":"File[/etc/logrotate.d/prometheus_lvs_realserver_mss]"},{"source":"Systemd::Service[prometheus_ferm_mss]","target":"Service[prometheus_ferm_mss.timer]"},{"source":"Systemd::Service[prometheus_ferm_mss]","target":"Systemd::Unit[prometheus_ferm_mss.timer]"},{"source":"Rsyslog::Conf[prometheus_ferm_mss]","target":"File[/etc/rsyslog.d/40-prometheus-ferm-mss.conf]"},{"source":"Logrotate::Conf[prometheus_ferm_mss]","target":"File[/etc/logrotate.d/prometheus_ferm_mss]"},{"source":"Systemd::Unit[wmf_auto_restart_prometheus-varnishkafka-exporter.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_prometheus-varnishkafka-exporter.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_prometheus-varnishkafka-exporter.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_prometheus-varnishkafka-exporter.timer (wmf_auto_restart_prometheus-varnishkafka-exporter.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_purged.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_purged.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_purged.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_purged.timer (wmf_auto_restart_purged.timer)]"},{"source":"Systemd::Unit[nrpe2nodexp-haproxy.timer]","target":"File[/lib/systemd/system/nrpe2nodexp-haproxy.timer]"},{"source":"Systemd::Unit[nrpe2nodexp-haproxy.timer]","target":"Exec[systemd daemon-reload for nrpe2nodexp-haproxy.timer (nrpe2nodexp-haproxy.timer)]"},{"source":"Systemd::Unit[nrpe2nodexp-haproxy_alive.timer]","target":"File[/lib/systemd/system/nrpe2nodexp-haproxy_alive.timer]"},{"source":"Systemd::Unit[nrpe2nodexp-haproxy_alive.timer]","target":"Exec[systemd daemon-reload for nrpe2nodexp-haproxy_alive.timer (nrpe2nodexp-haproxy_alive.timer)]"},{"source":"Systemd::Unit[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service]","target":"File[/lib/systemd/system/nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service]"},{"source":"Systemd::Unit[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service]","target":"Exec[systemd daemon-reload for nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service (nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.service)]"},{"source":"Systemd::Timer[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]","target":"Systemd::Service[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]"},{"source":"Systemd::Unit[clean-confd-rundir.timer]","target":"File[/lib/systemd/system/clean-confd-rundir.timer]"},{"source":"Systemd::Unit[clean-confd-rundir.timer]","target":"Exec[systemd daemon-reload for clean-confd-rundir.timer (clean-confd-rundir.timer)]"},{"source":"Systemd::Service[confd_prometheus_metrics]","target":"Service[confd_prometheus_metrics.timer]"},{"source":"Systemd::Service[confd_prometheus_metrics]","target":"Systemd::Unit[confd_prometheus_metrics.timer]"},{"source":"Rsyslog::Conf[confd_prometheus_metrics]","target":"File[/etc/rsyslog.d/40-confd-prometheus-metrics.conf]"},{"source":"Logrotate::Conf[confd_prometheus_metrics]","target":"File[/etc/logrotate.d/confd_prometheus_metrics]"},{"source":"Systemd::Unit[track_vcache_fds.timer]","target":"File[/lib/systemd/system/track_vcache_fds.timer]"},{"source":"Systemd::Unit[track_vcache_fds.timer]","target":"Exec[systemd daemon-reload for track_vcache_fds.timer (track_vcache_fds.timer)]"},{"source":"Systemd::Service[wmf_auto_restart_varnish-frontend-slowlog]","target":"Service[wmf_auto_restart_varnish-frontend-slowlog.timer]"},{"source":"Systemd::Service[wmf_auto_restart_varnish-frontend-slowlog]","target":"Systemd::Unit[wmf_auto_restart_varnish-frontend-slowlog.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_varnish-frontend-slowlog]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-varnish-frontend-slowlog.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_varnish-frontend-slowlog]","target":"File[/etc/logrotate.d/wmf_auto_restart_varnish-frontend-slowlog]"},{"source":"Systemd::Service[wmf_auto_restart_varnish-frontend-hospital]","target":"Service[wmf_auto_restart_varnish-frontend-hospital.timer]"},{"source":"Systemd::Service[wmf_auto_restart_varnish-frontend-hospital]","target":"Systemd::Unit[wmf_auto_restart_varnish-frontend-hospital.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_varnish-frontend-hospital]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-varnish-frontend-hospital.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_varnish-frontend-hospital]","target":"File[/etc/logrotate.d/wmf_auto_restart_varnish-frontend-hospital]"},{"source":"Systemd::Service[wmf_auto_restart_varnish-frontend-fetcherr]","target":"Service[wmf_auto_restart_varnish-frontend-fetcherr.timer]"},{"source":"Systemd::Service[wmf_auto_restart_varnish-frontend-fetcherr]","target":"Systemd::Unit[wmf_auto_restart_varnish-frontend-fetcherr.timer]"},{"source":"Rsyslog::Conf[wmf_auto_restart_varnish-frontend-fetcherr]","target":"File[/etc/rsyslog.d/40-wmf-auto-restart-varnish-frontend-fetcherr.conf]"},{"source":"Logrotate::Conf[wmf_auto_restart_varnish-frontend-fetcherr]","target":"File[/etc/logrotate.d/wmf_auto_restart_varnish-frontend-fetcherr]"},{"source":"Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service]","target":"File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.service]"},{"source":"Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.service]","target":"Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.service (nrpe2nodexp-check_tcp-mss-clamper_status.service)]"},{"source":"Systemd::Timer[nrpe2nodexp-check_tcp-mss-clamper_status]","target":"Systemd::Service[nrpe2nodexp-check_tcp-mss-clamper_status]"},{"source":"Systemd::Unit[prometheus_lvs_realserver_mss.timer]","target":"File[/lib/systemd/system/prometheus_lvs_realserver_mss.timer]"},{"source":"Systemd::Unit[prometheus_lvs_realserver_mss.timer]","target":"Exec[systemd daemon-reload for prometheus_lvs_realserver_mss.timer (prometheus_lvs_realserver_mss.timer)]"},{"source":"Systemd::Unit[prometheus_ferm_mss.timer]","target":"File[/lib/systemd/system/prometheus_ferm_mss.timer]"},{"source":"Systemd::Unit[prometheus_ferm_mss.timer]","target":"Exec[systemd daemon-reload for prometheus_ferm_mss.timer (prometheus_ferm_mss.timer)]"},{"source":"Systemd::Service[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]","target":"Service[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer]"},{"source":"Systemd::Service[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status]","target":"Systemd::Unit[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer]"},{"source":"Systemd::Unit[confd_prometheus_metrics.timer]","target":"File[/lib/systemd/system/confd_prometheus_metrics.timer]"},{"source":"Systemd::Unit[confd_prometheus_metrics.timer]","target":"Exec[systemd daemon-reload for confd_prometheus_metrics.timer (confd_prometheus_metrics.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-slowlog.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_varnish-frontend-slowlog.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-slowlog.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-slowlog.timer (wmf_auto_restart_varnish-frontend-slowlog.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-hospital.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_varnish-frontend-hospital.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-hospital.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-hospital.timer (wmf_auto_restart_varnish-frontend-hospital.timer)]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-fetcherr.timer]","target":"File[/lib/systemd/system/wmf_auto_restart_varnish-frontend-fetcherr.timer]"},{"source":"Systemd::Unit[wmf_auto_restart_varnish-frontend-fetcherr.timer]","target":"Exec[systemd daemon-reload for wmf_auto_restart_varnish-frontend-fetcherr.timer (wmf_auto_restart_varnish-frontend-fetcherr.timer)]"},{"source":"Systemd::Service[nrpe2nodexp-check_tcp-mss-clamper_status]","target":"Service[nrpe2nodexp-check_tcp-mss-clamper_status.timer]"},{"source":"Systemd::Service[nrpe2nodexp-check_tcp-mss-clamper_status]","target":"Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.timer]"},{"source":"Systemd::Unit[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer]","target":"File[/lib/systemd/system/nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer]"},{"source":"Systemd::Unit[nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer]","target":"Exec[systemd daemon-reload for nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer (nrpe2nodexp-check_wmfuniq-experiment-fetcher_status.timer)]"},{"source":"Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.timer]","target":"File[/lib/systemd/system/nrpe2nodexp-check_tcp-mss-clamper_status.timer]"},{"source":"Systemd::Unit[nrpe2nodexp-check_tcp-mss-clamper_status.timer]","target":"Exec[systemd daemon-reload for nrpe2nodexp-check_tcp-mss-clamper_status.timer (nrpe2nodexp-check_tcp-mss-clamper_status.timer)]"}],"classes":["profile::beta::motd","profile::locales::base","profile::pki::client","profile::rsyslog::kafka_shipper","role::cache::text","settings","default","role::wmcs::instance","profile::base::labs","profile::base","profile::adduser","adduser","profile::puppet::agent","debian","puppet::agent","puppet_statsd","prometheus::node_puppet_agent","profile::puppet::client_bucket","profile::base::certificates","sslcert","sslcert::trusted_ca","profile::apt","apt","profile::systemd::timesyncd","systemd::timesyncd","grub::defaults","grub","passwords::root","network::constants","profile::resolving","resolvconf","profile::mail::default_mail_relay","exim4","profile::logrotate","logrotate","profile::prometheus::node_exporter","prometheus::node_exporter","profile::rsyslog","rsyslog","profile::syslog::remote","profile::prometheus::rsyslog_exporter","profile::prometheus::cadvisor","prometheus::cadvisor","profile::prometheus::ethtool_exporter","base::sysctl","motd","motd::defaults","base::standard_packages","profile::environment","base::sysctl::core_dumps","profile::ssh::client","ssh::client","profile::ssh::server","ssh::server","base::kernel","profile::debdeploy::client","debdeploy::client","base::initramfs","profile::auto_restarts","prometheus::node_debian_version","prometheus::node_dpkg_success","apt::unattendedupgrades","profile::openstack::eqiad1::observerenv","profile::openstack::base::observerenv","profile::openstack::eqiad1::clientpackages::vms","profile::openstack::base::clientpackages::vms","openstack::clientpackages::vms::common","profile::openstack::eqiad1::cumin::target","cumin::selector","profile::wmcs::instance","sudo","profile::ldap::client::labs","profile::ldap::client::utils","ldap::client::config","ldap::client::sssd","prometheus::node_ssh_open_sessions","cinderutils","systemd","initramfs","security::access","profile::beta::motd","profile::locales::base","profile::pki::client","cfssl::client","cfssl","profile::rsyslog::kafka_shipper","role::cache::text","profile::base::production","profile::cache::base","profile::conftool::client","passwords::etcd","etcd::client::globalconfig","conftool::config","profile::base::systemd","systemd::config","profile::cache::kafka::webrequest","profile::cache::kafka::certificate","profile::prometheus::varnishkafka_exporter","prometheus::varnishkafka_exporter","profile::cache::purge","purged","conftool::scripts","geoip","geoip::bin","geoip::dev","varnish::common","varnish::common::errorpage","varnish::common::browsersec","varnish::netmapper_update_common","varnish::logging","cacheproxy::traffic_pool","profile::tcp_fast_open","profile::cache::haproxy","sslcert::dhparam","haproxy","profile::cache::varnish::frontend","varnish::common::vcl","prometheus::node_varnishd_mmap_count","prometheus::node_sysctl","profile::prometheus::varnish_exporter","profile::cache::varnish::frontend::text","esitest","profile::trafficserver::backend","profile::lvs::realserver::ipip","wmflib::service::catalog","profile::cache::kafka::statsv","profile::cache::haproxykafka","haproxykafka","sysctl","security::pam","varnishkafka","acme_chief","mtail","confd","trafficserver","monitoring","prometheus::instances","udev"]}