Compilation results for gerrit2003.wikimedia.org: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3432
Resources added:	12
Resources removed:	0
Resources modified:	105
Change percentage:	3.41%

Resources only in the new catalog

Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet]
Ferm::Service[ssh_from_cumin_masters]
Ferm::Service[gerrit_ssh_cluster]
Ferm::Service[full_monitoring_metrics_access_udp]
Ferm::Service[rsyncd_access_lfs_replica_sync]
Ferm::Service[deployment_ssh]
Ferm::Service[gerrit_https]
Ferm::Service[envoy_tls_termination_src_sets]
Ferm::Service[ssh_from_bastion]
Ferm::Service[gerrit_ssh_cdn]
Ferm::Service[full_monitoring_metrics_access_tcp]
Ferm::Service[gerrit_http]

Resources modified

File[/etc/nftables/input/10_envoy_tls_termination_src_sets.nft]

Parameters differences:

--- File[/etc/nftables/input/10_envoy_tls_termination_src_sets.nft].orig
+++ File[/etc/nftables/input/10_envoy_tls_termination_src_sets.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CACHES_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CACHES_ipv4.nft].orig
+++ File[/etc/nftables/sets/CACHES_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft].orig
+++ File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[ssh_from_bastion]

Parameters differences:

--- Ferm::Service[ssh_from_bastion].orig
+++ Ferm::Service[ssh_from_bastion]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => 22
+    desc    => 
+    srange  => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']

File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]

Parameters differences:

--- File[/etc/nftables/input/10_ssh-from-cumin-masters.nft].orig
+++ File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[ssh_from_cumin_masters]

Parameters differences:

--- Ferm::Service[ssh_from_cumin_masters].orig
+++ Ferm::Service[ssh_from_cumin_masters]

+    proto    => tcp
+    prio     => 10
+    ensure   => present
+    notrack  => False
+    port     => 22
+    desc     => 
+    src_sets => ['CUMIN_MASTERS']

File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft].orig
+++ File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[deployment_ssh]

Parameters differences:

--- Ferm::Service[deployment_ssh].orig
+++ Ferm::Service[deployment_ssh]

+    proto    => tcp
+    prio     => 10
+    ensure   => present
+    notrack  => False
+    port     => 22
+    desc     => 
+    src_sets => ['DEPLOYMENT_HOSTS']

File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet]

Parameters differences:

--- Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet].orig
+++ Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => 9102
+    desc    => 
+    srange  => ['backup1014.eqiad.wmnet']

File[/etc/nftables/100_base_puppet.nft]

Parameters differences:

--- File[/etc/nftables/100_base_puppet.nft].orig
+++ File[/etc/nftables/100_base_puppet.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/09_drop-abuser-nets-v4.nft]

Parameters differences:

--- File[/etc/nftables/input/09_drop-abuser-nets-v4.nft].orig
+++ File[/etc/nftables/input/09_drop-abuser-nets-v4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_rsyncd_access_lfs_replica_sync.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_lfs_replica_sync.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_lfs_replica_sync.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/INTERNAL_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/INTERNAL_ipv6.nft].orig
+++ File[/etc/nftables/sets/INTERNAL_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_gerrit_ssh_cluster.nft]

Parameters differences:

--- File[/etc/nftables/input/10_gerrit_ssh_cluster.nft].orig
+++ File[/etc/nftables/input/10_gerrit_ssh_cluster.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ABUSERS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ABUSERS_ipv6.nft].orig
+++ File[/etc/nftables/sets/ABUSERS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[gerrit_ssh_cdn]

Parameters differences:

--- Ferm::Service[gerrit_ssh_cdn].orig
+++ Ferm::Service[gerrit_ssh_cdn]

+    proto    => tcp
+    prio     => 10
+    ensure   => present
+    notrack  => False
+    port     => 29418
+    desc     => 
+    src_sets => ['PRODUCTION_NETWORKS']

File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_gerrit_http.nft]

Parameters differences:

--- File[/etc/nftables/input/10_gerrit_http.nft].orig
+++ File[/etc/nftables/input/10_gerrit_http.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[gerrit_ssh_cluster]

Parameters differences:

--- Ferm::Service[gerrit_ssh_cluster].orig
+++ Ferm::Service[gerrit_ssh_cluster]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => 22
+    desc    => 
+    srange  => ['gerrit2003.wikimedia.org']

File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft].orig
+++ File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_deployment-ssh.nft]

Parameters differences:

--- File[/etc/nftables/input/10_deployment-ssh.nft].orig
+++ File[/etc/nftables/input/10_deployment-ssh.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[full_monitoring_metrics_access_udp]

Parameters differences:

--- Ferm::Service[full_monitoring_metrics_access_udp].orig
+++ Ferm::Service[full_monitoring_metrics_access_udp]

+    proto      => udp
+    prio       => 10
+    ensure     => present
+    notrack    => False
+    desc       => 
+    srange     => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']
+    port_range => [1, 65535]

File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft].orig
+++ File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/INTERNAL_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/INTERNAL_ipv4.nft].orig
+++ File[/etc/nftables/sets/INTERNAL_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[full_monitoring_metrics_access_tcp]

Parameters differences:

--- Ferm::Service[full_monitoring_metrics_access_tcp].orig
+++ Ferm::Service[full_monitoring_metrics_access_tcp]

+    proto      => tcp
+    prio       => 10
+    ensure     => present
+    notrack    => False
+    desc       => 
+    srange     => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']
+    port_range => [1, 65535]

File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_ssh-from-bastion.nft]

Parameters differences:

--- File[/etc/nftables/input/10_ssh-from-bastion.nft].orig
+++ File[/etc/nftables/input/10_ssh-from-bastion.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_bacula-file-daemon-backup1014.eqiad.wmnet.nft]

Parameters differences:

--- File[/etc/nftables/input/10_bacula-file-daemon-backup1014.eqiad.wmnet.nft].orig
+++ File[/etc/nftables/input/10_bacula-file-daemon-backup1014.eqiad.wmnet.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ABUSERS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ABUSERS_ipv4.nft].orig
+++ File[/etc/nftables/sets/ABUSERS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[gerrit_http]

Parameters differences:

--- Ferm::Service[gerrit_http].orig
+++ Ferm::Service[gerrit_http]

+    drange   => ['208.80.153.111', '2620:0:860:4:208:80:153:111']
+    prio     => 10
+    notrack  => False
+    desc     => 
+    src_sets => ['CACHES', 'BASTION_HOSTS', 'DEPLOYMENT_HOSTS', 'CUMIN_MASTERS']
+    proto    => tcp
+    ensure   => present
+    port     => 80

File[/etc/nftables/099_throttling-chain_puppet.nft]

Parameters differences:

--- File[/etc/nftables/099_throttling-chain_puppet.nft].orig
+++ File[/etc/nftables/099_throttling-chain_puppet.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CACHES_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CACHES_ipv6.nft].orig
+++ File[/etc/nftables/sets/CACHES_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]

Parameters differences:

--- File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft].orig
+++ File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft].orig
+++ File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/notrack/10_envoy_tls_termination_src_sets.nft]

Parameters differences:

--- File[/etc/nftables/notrack/10_envoy_tls_termination_src_sets.nft].orig
+++ File[/etc/nftables/notrack/10_envoy_tls_termination_src_sets.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_gerrit_https.nft]

Parameters differences:

--- File[/etc/nftables/input/10_gerrit_https.nft].orig
+++ File[/etc/nftables/input/10_gerrit_https.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_gerrit_ssh_cdn.nft]

Parameters differences:

--- File[/etc/nftables/input/10_gerrit_ssh_cdn.nft].orig
+++ File[/etc/nftables/input/10_gerrit_ssh_cdn.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[rsyncd_access_lfs_replica_sync]

Parameters differences:

--- Ferm::Service[rsyncd_access_lfs_replica_sync].orig
+++ Ferm::Service[rsyncd_access_lfs_replica_sync]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => [873, 1873]
+    desc    => 
+    srange  => ['gerrit1003.wikimedia.org', 'gerrit2002.wikimedia.org']

File[/etc/nftables/input/09_drop-abuser-nets-v6.nft]

Parameters differences:

--- File[/etc/nftables/input/09_drop-abuser-nets-v6.nft].orig
+++ File[/etc/nftables/input/09_drop-abuser-nets-v6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[gerrit_https]

Parameters differences:

--- Ferm::Service[gerrit_https].orig
+++ Ferm::Service[gerrit_https]

+    drange   => ['208.80.153.111', '2620:0:860:4:208:80:153:111', '208.80.153.116', '2620:0:860:4:208:80:153:116']
+    prio     => 10
+    notrack  => False
+    desc     => 
+    src_sets => ['CACHES', 'BASTION_HOSTS', 'DEPLOYMENT_HOSTS', 'CUMIN_MASTERS']
+    proto    => tcp
+    ensure   => present
+    port     => 443

File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[envoy_tls_termination_src_sets]

Parameters differences:

--- Ferm::Service[envoy_tls_termination_src_sets].orig
+++ Ferm::Service[envoy_tls_termination_src_sets]

+    proto    => tcp
+    prio     => 10
+    ensure   => present
+    notrack  => True
+    port     => 8443
+    desc     => 
+    src_sets => ['CACHES', 'BASTION_HOSTS']

File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]

Parameters differences:

--- File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft].orig
+++ File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft].orig
+++ File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Compilation results for gerrit2003.wikimedia.org: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files