Compilation results for logging-logstash-04.logging.eqiad1.wikimedia.cloud: None system changes detected

Catalog differences

Summary

Resources only in the new catalog

• Nftables::Set[CLOUD_NETWORKS_PUBLIC]
• Nftables::Set[STAGING_KUBEPODS_NETWORKS]
• Nftables::Set[CUMIN_MASTERS]
• Nftables::Set[BASTION_HOSTS]
• Nftables::Set[DRUID_PUBLIC_HOSTS]
• Nftables::Set[MYSQL_ROOT_CLIENTS]
• Nftables::Set[ZOOKEEPER_HOSTS_MAIN]
• Nftables::Set[MW_APPSERVER_NETWORKS]
• Nftables::Set[KAFKA_BROKERS_LOGGING]
• Nftables::Set[AUX_KUBEPODS_NETWORKS]
• Nftables::Set[KAFKA_BROKERS_JUMBO]
• Nftables::Set[PRODUCTION_NETWORKS]
• Nftables::Set[LINK_LOCAL]
• Nftables::Service[full-monitoring-metrics-access-tcp]
• Nftables::Set[LABSTORE_HOSTS]
• Nftables::Set[KAFKA_BROKERS_MAIN]
• Nftables::Set[SANDBOX_NETWORKS]
• Nftables::Set[LABS_NETWORKS]
• Nftables::Set[INTERNAL]
• Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]
• Nftables::Service[full-monitoring-metrics-access-udp]
• Class[Profile::Firewall::Nftables_base_sets]
• Nftables::Set[PROMETHEUS_HOSTS]
• Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]
• Nftables::Set[DOMAIN_NETWORKS]
• Nftables::Set[MGMT_NETWORKS]
• Nftables::Set[CLOUD_NETWORKS]
• Nftables::Set[DEPLOYMENT_HOSTS]
• Nftables::Set[ZOOKEEPER_FLINK_HOSTS]
• Nftables::Set[FRACK_NETWORKS]
• Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]
• Nftables::Set[ANALYTICS_NETWORKS]
• Nftables::Set[KAFKAMON_HOSTS]
• Nftables::Service[ssh-from-bastion]
• Nftables::Service[ssh-from-cumin-masters]
• Nftables::Set[CACHES]
• Nftables::Set[NETWORK_INFRA]
• Nftables::Set[DSE_KUBEPODS_NETWORKS]
• Nftables::Set[CLOUD_PRIVATE_NETWORKS]

Resources modified

• Nftables::Set[KAFKA_BROKERS_MAIN]

  Parameters differences:

  --- Nftables::Set[KAFKA_BROKERS_MAIN].orig
  +++ Nftables::Set[KAFKA_BROKERS_MAIN]
  
  +    ensure => present
  +    hosts  => ['10.192.5.9', '2620:0:860:106:10:192:5:9', '10.192.22.6', '2620:0:860:112:10:192:22:6', '10.192.32.4', '2620:0:860:103:10:192:32:4', '10.192.48.33', '2620:0:860:104:10:192:48:33', '10.192.48.35', '2620:0:860:104:10:192:48:35', '10.64.0.101', '2620:0:861:101:10:64:0:101', '10.64.16.30', '2620:0:861:102:10:64:16:30', '10.64.32.45', '2620:0:861:103:10:64:32:45', '10.64.48.37', '2620:0:861:107:10:64:48:37', '10.64.152.5', '2620:0:861:120:10:64:152:5']
  

• Nftables::Service[ssh-from-cumin-masters]

  Parameters differences:

  --- Nftables::Service[ssh-from-cumin-masters].orig
  +++ Nftables::Service[ssh-from-cumin-masters]
  
  +    proto    => tcp
  +    prio     => 10
  +    ensure   => present
  +    notrack  => False
  +    port     => 22
  +    desc     => 
  +    src_sets => ['CUMIN_MASTERS']
  

• Nftables::Set[PRODUCTION_NETWORKS]

  Parameters differences:

  --- Nftables::Set[PRODUCTION_NETWORKS].orig
  +++ Nftables::Set[PRODUCTION_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.128.0.0/24', '10.128.2.0/24', '10.132.0.0/24', '10.136.0.0/24', '10.136.1.0/24', '10.140.0.0/24', '10.140.1.0/24', '10.140.2.0/24', '10.192.0.0/22', '10.192.10.0/24', '10.192.11.0/24', '10.192.12.0/24', '10.192.13.0/24', '10.192.14.0/24', '10.192.15.0/24', '10.192.16.0/22', '10.192.20.0/24', '10.192.21.0/24', '10.192.22.0/24', '10.192.23.0/24', '10.192.24.0/23', '10.192.26.0/24', '10.192.27.0/24', '10.192.28.0/24', '10.192.29.0/24', '10.192.30.0/24', '10.192.31.0/24', '10.192.32.0/22', '10.192.36.0/24', '10.192.37.0/24', '10.192.38.0/24', '10.192.39.0/24', '10.192.4.0/24', '10.192.40.0/24', '10.192.41.0/24', '10.192.42.0/24', '10.192.43.0/24', '10.192.44.0/24', '10.192.45.0/24', '10.192.46.0/24', '10.192.47.0/24', '10.192.48.0/22', '10.192.5.0/24', '10.192.52.0/24', '10.192.56.0/24', '10.192.57.0/24', '10.192.58.0/24', '10.192.59.0/24', '10.192.6.0/24', '10.192.64.0/21', '10.192.7.0/24', '10.192.72.0/24', '10.192.76.0/24', '10.192.8.0/24', '10.192.80.0/20', '10.192.9.0/24', '10.192.96.0/21', '10.194.0.0/20', '10.194.128.0/17', '10.194.16.0/21', '10.194.61.0/24', '10.194.62.0/23', '10.194.64.0/20', '10.194.80.0/21', '10.2.1.0/24', '10.2.2.0/24', '10.2.3.0/24', '10.2.4.0/24', '10.2.5.0/24', '10.2.6.0/24', '10.2.7.0/24', '10.64.0.0/22', '10.64.130.0/24', '10.64.131.0/24', '10.64.132.0/24', '10.64.133.0/24', '10.64.134.0/24', '10.64.135.0/24', '10.64.136.0/24', '10.64.137.0/24', '10.64.138.0/24', '10.64.139.0/24', '10.64.140.0/24', '10.64.141.0/24', '10.64.142.0/24', '10.64.143.0/24', '10.64.144.0/24', '10.64.145.0/24', '10.64.148.0/24', '10.64.149.0/24', '10.64.150.0/24', '10.64.151.0/24', '10.64.152.0/24', '10.64.153.0/24', '10.64.154.0/24', '10.64.155.0/24', '10.64.156.0/24', '10.64.157.0/24', '10.64.158.0/24', '10.64.159.0/24', '10.64.16.0/22', '10.64.160.0/24', '10.64.161.0/24', '10.64.162.0/24', '10.64.163.0/24', '10.64.164.0/24', '10.64.165.0/24', '10.64.166.0/24', '10.64.167.0/24', '10.64.169.0/24', '10.64.170.0/24', '10.64.171.0/24', '10.64.172.0/24', '10.64.173.0/24', '10.64.174.0/24', '10.64.175.0/24', '10.64.176.0/24', '10.64.177.0/24', '10.64.178.0/24', '10.64.179.0/24', '10.64.180.0/24', '10.64.181.0/24', '10.64.182.0/24', '10.64.183.0/24', '10.64.184.0/24', '10.64.185.0/24', '10.64.186.0/24', '10.64.187.0/24', '10.64.188.0/24', '10.64.189.0/24', '10.64.190.0/24', '10.64.20.0/24', '10.64.21.0/24', '10.64.24.0/23', '10.64.32.0/22', '10.64.36.0/24', '10.64.48.0/22', '10.64.5.0/24', '10.64.53.0/24', '10.64.64.0/21', '10.64.72.0/24', '10.64.76.0/24', '10.67.0.0/20', '10.67.128.0/17', '10.67.16.0/21', '10.67.24.0/21', '10.67.32.0/20', '10.67.64.0/20', '10.67.80.0/21', '10.80.0.0/24', '10.80.1.0/24', '10.80.2.0/24', '103.102.166.0/28', '103.102.166.224/27', '185.15.58.0/27', '185.15.58.224/27', '185.15.58.32/27', '185.15.59.0/27', '185.15.59.224/27', '185.15.59.32/27', '185.15.59.96/27', '195.200.68.0/27', '195.200.68.224/27', '195.200.68.32/27', '195.200.68.96/27', '198.35.26.0/28', '198.35.26.96/27', '198.35.26.96/27', '2001:df2:e500:101::/64', '2001:df2:e500:1::/64', '2001:df2:e500:ed1a::/64', '208.80.152.128/27', '208.80.153.0/27', '208.80.153.224/27', '208.80.153.32/27', '208.80.153.64/27', '208.80.153.96/27', '208.80.154.0/26', '208.80.154.128/26', '208.80.154.224/27', '208.80.154.64/26', '208.80.155.96/27', '2620:0:860:100::/64', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '2620:0:860:105::/64', '2620:0:860:106::/64', '2620:0:860:107::/64', '2620:0:860:108::/64', '2620:0:860:109::/64', '2620:0:860:10a::/64', '2620:0:860:10b::/64', '2620:0:860:10c::/64', '2620:0:860:10d::/64', '2620:0:860:10e::/64', '2620:0:860:10f::/64', '2620:0:860:110::/64', '2620:0:860:111::/64', '2620:0:860:112::/64', '2620:0:860:113::/64', '2620:0:860:114::/64', '2620:0:860:115::/64', '2620:0:860:116::/64', '2620:0:860:118::/64', '2620:0:860:119::/64', '2620:0:860:11a::/64', '2620:0:860:11b::/64', '2620:0:860:11c::/64', '2620:0:860:11d::/64', '2620:0:860:11e::/64', '2620:0:860:11f::/64', '2620:0:860:120::/64', '2620:0:860:121::/64', '2620:0:860:122::/64', '2620:0:860:123::/64', '2620:0:860:124::/64', '2620:0:860:125::/64', '2620:0:860:126::/64', '2620:0:860:127::/64', '2620:0:860:12b::/64', '2620:0:860:12c::/64', '2620:0:860:12d::/64', '2620:0:860:12e::/64', '2620:0:860:140::/64', '2620:0:860:1::/64', '2620:0:860:2::/64', '2620:0:860:300::/64', '2620:0:860:301::/64', '2620:0:860:302::/64', '2620:0:860:303::/64', '2620:0:860:304::/64', '2620:0:860:305::/64', '2620:0:860:307::/64', '2620:0:860:308::/64', '2620:0:860:3::/64', '2620:0:860:4::/64', '2620:0:860:5::/64', '2620:0:860:babe::/64', '2620:0:860:babf::/64', '2620:0:860:cabe::/64', '2620:0:860:cabf::/64', '2620:0:860:ed1a::/64', '2620:0:861:100::/64', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:104::/64', '2620:0:861:105::/64', '2620:0:861:106::/64', '2620:0:861:107::/64', '2620:0:861:108::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10c::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:110::/64', '2620:0:861:111::/64', '2620:0:861:112::/64', '2620:0:861:113::/64', '2620:0:861:114::/64', '2620:0:861:115::/64', '2620:0:861:116::/64', '2620:0:861:117::/64', '2620:0:861:118::/64', '2620:0:861:119::/64', '2620:0:861:11a::/64', '2620:0:861:11c::/64', '2620:0:861:11d::/64', '2620:0:861:11e::/64', '2620:0:861:11f::/64', '2620:0:861:120::/64', '2620:0:861:121::/64', '2620:0:861:122::/64', '2620:0:861:123::/64', '2620:0:861:124::/64', '2620:0:861:125::/64', '2620:0:861:126::/64', '2620:0:861:127::/64', '2620:0:861:128::/64', '2620:0:861:129::/64', '2620:0:861:12a::/64', '2620:0:861:12b::/64', '2620:0:861:12c::/64', '2620:0:861:12d::/64', '2620:0:861:12e::/64', '2620:0:861:12f::/64', '2620:0:861:131::/64', '2620:0:861:132::/64', '2620:0:861:133::/64', '2620:0:861:134::/64', '2620:0:861:135::/64', '2620:0:861:136::/64', '2620:0:861:137::/64', '2620:0:861:138::/64', '2620:0:861:139::/64', '2620:0:861:13a::/64', '2620:0:861:13b::/64', '2620:0:861:13c::/64', '2620:0:861:13d::/64', '2620:0:861:13e::/64', '2620:0:861:13f::/64', '2620:0:861:140::/64', '2620:0:861:141::/64', '2620:0:861:142::/64', '2620:0:861:143::/64', '2620:0:861:144::/64', '2620:0:861:145::/64', '2620:0:861:1::/64', '2620:0:861:2::/64', '2620:0:861:300::/64', '2620:0:861:301::/116', '2620:0:861:302::/64', '2620:0:861:303::/116', '2620:0:861:304::/116', '2620:0:861:305::/64', '2620:0:861:3::/64', '2620:0:861:4::/64', '2620:0:861:babe::/64', '2620:0:861:babf::/116', '2620:0:861:cabe::/64', '2620:0:861:cabf::/116', '2620:0:861:ed1a::/64', '2620:0:863:101::/64', '2620:0:863:103::/64', '2620:0:863:1::/64', '2620:0:863:3::/64', '2620:0:863:ed1a::/64', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '2a02:ec80:300:103::/64', '2a02:ec80:300:1::/64', '2a02:ec80:300:2::/64', '2a02:ec80:300:3::/64', '2a02:ec80:300:ed1a::/64', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '2a02:ec80:600:1::/64', '2a02:ec80:600:2::/64', '2a02:ec80:600:ed1a::/64', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64', '2a02:ec80:700:103::/64', '2a02:ec80:700:1::/64', '2a02:ec80:700:2::/64', '2a02:ec80:700:3::/64', '2a02:ec80:700:ed1a::/64']
  

• Nftables::Set[BASTION_HOSTS]

  Parameters differences:

  --- Nftables::Set[BASTION_HOSTS].orig
  +++ Nftables::Set[BASTION_HOSTS]
  
  +    ensure => present
  +    hosts  => ['172.16.17.143', '2a02:ec80:a000:1::156', '172.16.18.237', '2a02:ec80:a000:1::442', '172.16.1.220']
  

• Nftables::Set[MYSQL_ROOT_CLIENTS]

  Parameters differences:

  --- Nftables::Set[MYSQL_ROOT_CLIENTS].orig
  +++ Nftables::Set[MYSQL_ROOT_CLIENTS]
  
  +    ensure => present
  +    hosts  => ['10.64.16.90', '10.192.16.191', '10.64.16.154', '10.192.32.49', '208.80.155.103', '208.80.154.9', '10.64.0.20']
  

• Nftables::Set[INTERNAL]

  Parameters differences:

  --- Nftables::Set[INTERNAL].orig
  +++ Nftables::Set[INTERNAL]
  
  +    ensure => present
  +    hosts  => ['10.0.0.0/8', '2620:0:860:100::/56', '2620:0:861:100::/56', '2620:0:863:100::/56', '2a02:ec80:300:100::/56', '2a02:ec80:600:100::/56', '2a02:ec80:700:100::/56', '2001:df2:e500:100::/56', '2a02:ec80:ff00:100::/56']
  

• Nftables::Set[KAFKA_BROKERS_JUMBO]

  Parameters differences:

  --- Nftables::Set[KAFKA_BROKERS_JUMBO].orig
  +++ Nftables::Set[KAFKA_BROKERS_JUMBO]
  
  +    ensure => present
  +    hosts  => ['10.64.130.10', '2620:0:861:109:10:64:130:10', '10.64.131.16', '2620:0:861:10a:10:64:131:16', '10.64.132.21', '2620:0:861:10b:10:64:132:21', '10.64.134.9', '2620:0:861:10d:10:64:134:9', '10.64.135.16', '2620:0:861:10e:10:64:135:16', '10.64.136.11', '2620:0:861:10f:10:64:136:11', '10.64.154.15', '2620:0:861:122:10:64:154:15', '10.64.160.16', '2620:0:861:128:10:64:160:16', '10.64.0.126', '2620:0:861:101:10:64:0:126']
  

• Nftables::Service[full-monitoring-metrics-access-tcp]

  Parameters differences:

  --- Nftables::Service[full-monitoring-metrics-access-tcp].orig
  +++ Nftables::Service[full-monitoring-metrics-access-tcp]
  
  +    proto      => tcp
  +    prio       => 10
  +    ensure     => present
  +    notrack    => False
  +    desc       => 
  +    src_ips    => ['172.16.17.93', '2a02:ec80:a000:1::222']
  +    port_range => [1, 65535]
  

• Nftables::Set[SANDBOX_NETWORKS]

  Parameters differences:

  --- Nftables::Set[SANDBOX_NETWORKS].orig
  +++ Nftables::Set[SANDBOX_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['103.102.166.16/28', '185.15.59.72/29', '195.200.68.64/29', '198.35.26.240/28', '2001:df2:e500:201::/64', '208.80.152.240/28', '208.80.155.64/28', '2620:0:860:201::/64', '2620:0:861:202::/64', '2620:0:863:201::/64', '2a02:ec80:300:202::/64', '2a02:ec80:700:201::/64']
  

• Nftables::Set[STAGING_KUBEPODS_NETWORKS]

  Parameters differences:

  --- Nftables::Set[STAGING_KUBEPODS_NETWORKS].orig
  +++ Nftables::Set[STAGING_KUBEPODS_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.64.64.0/21', '2620:0:861:babe::/64', '10.192.64.0/21', '2620:0:860:babe::/64']
  

• Nftables::Set[DRUID_PUBLIC_HOSTS]

  Parameters differences:

  --- Nftables::Set[DRUID_PUBLIC_HOSTS].orig
  +++ Nftables::Set[DRUID_PUBLIC_HOSTS]
  
  +    ensure => present
  +    hosts  => ['10.64.131.9', '2620:0:861:10a:10:64:131:9', '10.64.132.12', '2620:0:861:10b:10:64:132:12', '10.64.135.9', '2620:0:861:10e:10:64:135:9', '10.64.32.101', '2620:0:861:103:10:64:32:101', '10.64.48.185', '2620:0:861:107:10:64:48:185']
  

• Nftables::Set[PROMETHEUS_HOSTS]

  Parameters differences:

  --- Nftables::Set[PROMETHEUS_HOSTS].orig
  +++ Nftables::Set[PROMETHEUS_HOSTS]
  
  +    ensure => present
  +    hosts  => ['logging-alert-01.logging.eqiad1.wikimedia.cloud', 'logging-alert-02.logging.eqiad1.wikimedia.cloud']
  

• Nftables::Set[DEPLOYMENT_HOSTS]

  Parameters differences:

  --- Nftables::Set[DEPLOYMENT_HOSTS].orig
  +++ Nftables::Set[DEPLOYMENT_HOSTS]
  
  +    ensure => present
  +    hosts  => ['10.64.16.93', '2620:0:861:102:10:64:16:93', '10.192.32.7', '2620:0:860:103:10:192:32:7']
  

• Nftables::Set[CLOUD_NETWORKS_PUBLIC]

  Parameters differences:

  --- Nftables::Set[CLOUD_NETWORKS_PUBLIC].orig
  +++ Nftables::Set[CLOUD_NETWORKS_PUBLIC]
  
  +    ensure => present
  +    hosts  => ['185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:4000::/64']
  

• Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]

  Parameters differences:

  --- Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS].orig
  +++ Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.67.128.0/17', '2620:0:861:cabe::/64', '10.194.128.0/17', '2620:0:860:cabe::/64']
  

• Nftables::Set[CLOUD_NETWORKS]

  Parameters differences:

  --- Nftables::Set[CLOUD_NETWORKS].orig
  +++ Nftables::Set[CLOUD_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64']
  

• Nftables::Set[ANALYTICS_NETWORKS]

  Parameters differences:

  --- Nftables::Set[ANALYTICS_NETWORKS].orig
  +++ Nftables::Set[ANALYTICS_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.64.137.0/24', '10.64.138.0/24', '10.64.139.0/24', '10.64.140.0/24', '10.64.142.0/24', '10.64.143.0/24', '10.64.144.0/24', '10.64.145.0/24', '10.64.153.0/24', '10.64.155.0/24', '10.64.157.0/24', '10.64.159.0/24', '10.64.161.0/24', '10.64.163.0/24', '10.64.165.0/24', '10.64.167.0/24', '10.64.170.0/24', '10.64.172.0/24', '10.64.174.0/24', '10.64.176.0/24', '10.64.178.0/24', '10.64.180.0/24', '10.64.182.0/24', '10.64.184.0/24', '10.64.186.0/24', '10.64.188.0/24', '10.64.190.0/24', '10.64.21.0/24', '10.64.36.0/24', '10.64.5.0/24', '10.64.53.0/24', '2620:0:861:100::/64', '2620:0:861:104::/64', '2620:0:861:105::/64', '2620:0:861:106::/64', '2620:0:861:108::/64', '2620:0:861:110::/64', '2620:0:861:111::/64', '2620:0:861:112::/64', '2620:0:861:114::/64', '2620:0:861:115::/64', '2620:0:861:116::/64', '2620:0:861:117::/64', '2620:0:861:11a::/64', '2620:0:861:121::/64', '2620:0:861:123::/64', '2620:0:861:125::/64', '2620:0:861:127::/64', '2620:0:861:129::/64', '2620:0:861:12b::/64', '2620:0:861:12d::/64', '2620:0:861:12f::/64', '2620:0:861:132::/64', '2620:0:861:134::/64', '2620:0:861:136::/64', '2620:0:861:138::/64', '2620:0:861:13a::/64', '2620:0:861:13c::/64', '2620:0:861:13e::/64', '2620:0:861:141::/64', '2620:0:861:143::/64', '2620:0:861:145::/64']
  

• Nftables::Set[NETWORK_INFRA]

  Parameters differences:

  --- Nftables::Set[NETWORK_INFRA].orig
  +++ Nftables::Set[NETWORK_INFRA]
  
  +    ensure => present
  +    hosts  => ['185.15.59.128/27', '2a02:ec80:300:fe00::/55', '198.35.26.128/27', '2620:0:863:fe00::/55', '208.80.153.192/27', '2620:0:860:fe00::/55', '10.192.255.0/24', '2620:0:860:13f::/64', '10.192.253.0/24', '2620:0:860:139::/64', '208.80.154.192/27', '2620:0:861:fe00::/55', '10.64.146.0/24', '2620:0:861:11b::/128', '10.64.168.0/24', '2620:0:861:130::/64', '10.64.147.0/24', '103.102.166.128/27', '2001:df2:e500:fe00::/55', '185.15.58.128/27', '2a02:ec80:600:fe00::/55', '195.200.68.128/27', '2a02:ec80:700:fe00::/55']
  

• Nftables::Set[MGMT_NETWORKS]

  Parameters differences:

  --- Nftables::Set[MGMT_NETWORKS].orig
  +++ Nftables::Set[MGMT_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.65.0.0/16', '10.128.128.0/17', '10.193.0.0/16', '10.80.128.0/17', '10.132.128.0/17', '10.136.128.0/17', '10.140.128.0/17']
  

• Nftables::Set[CUMIN_MASTERS]

  Parameters differences:

  --- Nftables::Set[CUMIN_MASTERS].orig
  +++ Nftables::Set[CUMIN_MASTERS]
  
  +    ensure => present
  +    hosts  => ['172.16.1.220']
  

• Nftables::Set[ZOOKEEPER_HOSTS_MAIN]

  Parameters differences:

  --- Nftables::Set[ZOOKEEPER_HOSTS_MAIN].orig
  +++ Nftables::Set[ZOOKEEPER_HOSTS_MAIN]
  
  +    ensure => present
  +    hosts  => ['10.64.0.207', '2620:0:861:101:10:64:0:207', '10.64.16.110', '2620:0:861:102:10:64:16:110', '10.64.48.154', '2620:0:861:107:10:64:48:154', '10.192.16.45', '2620:0:860:102:10:192:16:45', '10.192.32.52', '2620:0:860:103:10:192:32:52', '10.192.48.59', '2620:0:860:104:10:192:48:59']
  

• Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]

  Parameters differences:

  --- Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS].orig
  +++ Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.194.61.0/24', '2620:0:860:302::/64']
  

• Nftables::Service[ssh-from-bastion]

  Parameters differences:

  --- Nftables::Service[ssh-from-bastion].orig
  +++ Nftables::Service[ssh-from-bastion]
  
  +    proto   => tcp
  +    prio    => 10
  +    ensure  => present
  +    notrack => False
  +    port    => 22
  +    desc    => 
  +    src_ips => ['172.16.1.220', '172.16.17.143', '172.16.18.237', '2a02:ec80:a000:1::156', '2a02:ec80:a000:1::442']
  

• Nftables::Set[LABSTORE_HOSTS]

  Parameters differences:

  --- Nftables::Set[LABSTORE_HOSTS].orig
  +++ Nftables::Set[LABSTORE_HOSTS]
  
  +    ensure => present
  +    hosts  => ['208.80.154.142', '2620:0:861:2:208:80:154:142', '208.80.154.71', '2620:0:861:3:208:80:154:71']
  

• Class[Profile::Firewall::Nftables_base_sets]

  Parameters differences:

  --- Class[Profile::Firewall::Nftables_base_sets].orig
  +++ Class[Profile::Firewall::Nftables_base_sets]
  
  +    install_hosts         => {}
  +    labstore_hosts        => ['208.80.154.142', '2620:0:861:2:208:80:154:142', '208.80.154.71', '2620:0:861:3:208:80:154:71']
  +    monitoring_hosts      => []
  +    kafkamon_hosts        => ['10.64.32.11', '2620:0:861:103:10:64:32:11', '10.192.16.139', '2620:0:860:102:10:192:16:139']
  +    cumin_masters         => ['172.16.1.220']
  +    kafka_brokers_main    => ['10.192.5.9', '2620:0:860:106:10:192:5:9', '10.192.22.6', '2620:0:860:112:10:192:22:6', '10.192.32.4', '2620:0:860:103:10:192:32:4', '10.192.48.33', '2620:0:860:104:10:192:48:33', '10.192.48.35', '2620:0:860:104:10:192:48:35', '10.64.0.101', '2620:0:861:101:10:64:0:101', '10.64.16.30', '2620:0:861:102:10:64:16:30', '10.64.32.45', '2620:0:861:103:10:64:32:45', '10.64.48.37', '2620:0:861:107:10:64:48:37', '10.64.152.5', '2620:0:861:120:10:64:152:5']
  +    lb_health_checks      => []
  +    bastion_hosts         => ['172.16.17.143', '2a02:ec80:a000:1::156', '172.16.18.237', '2a02:ec80:a000:1::442', '172.16.1.220']
  +    zookeeper_hosts_main  => ['10.64.0.207', '2620:0:861:101:10:64:0:207', '10.64.16.110', '2620:0:861:102:10:64:16:110', '10.64.48.154', '2620:0:861:107:10:64:48:154', '10.192.16.45', '2620:0:860:102:10:192:16:45', '10.192.32.52', '2620:0:860:103:10:192:32:52', '10.192.48.59', '2620:0:860:104:10:192:48:59']
  +    prometheus_nodes      => ['logging-alert-01.logging.eqiad1.wikimedia.cloud', 'logging-alert-02.logging.eqiad1.wikimedia.cloud']
  +    cache_hosts           => ['172.16.19.232', '2a02:ec80:a000:1::2f3', '172.16.17.55', '2a02:ec80:a000:1::31d']
  +    kafka_brokers_jumbo   => ['10.64.130.10', '2620:0:861:109:10:64:130:10', '10.64.131.16', '2620:0:861:10a:10:64:131:16', '10.64.132.21', '2620:0:861:10b:10:64:132:21', '10.64.134.9', '2620:0:861:10d:10:64:134:9', '10.64.135.16', '2620:0:861:10e:10:64:135:16', '10.64.136.11', '2620:0:861:10f:10:64:136:11', '10.64.154.15', '2620:0:861:122:10:64:154:15', '10.64.160.16', '2620:0:861:128:10:64:160:16', '10.64.0.126', '2620:0:861:101:10:64:0:126']
  +    mysql_root_clients    => ['10.64.16.90', '10.192.16.191', '10.64.16.154', '10.192.32.49', '208.80.155.103', '208.80.154.9', '10.64.0.20']
  +    kafka_brokers_logging => ['10.64.16.205', '2620:0:861:102:10:64:16:205', '10.64.32.142', '2620:0:861:103:10:64:32:142', '10.64.48.66', '2620:0:861:107:10:64:48:66', '10.64.131.13', '2620:0:861:10a:10:64:131:13', '10.64.135.13', '2620:0:861:10e:10:64:135:13', '10.192.0.94', '2620:0:860:101:10:192:0:94', '10.192.16.50', '2620:0:860:102:10:192:16:50', '10.192.32.24', '2620:0:860:103:10:192:32:24', '10.192.16.38', '2620:0:860:102:10:192:16:38', '10.192.48.85', '2620:0:860:104:10:192:48:85']
  +    zookeeper_flink_hosts => ['10.64.16.9', '2620:0:861:102:10:64:16:9', '10.64.0.8', '2620:0:861:101:10:64:0:8', '10.64.32.41', '2620:0:861:103:10:64:32:41', '10.192.16.227', '2620:0:860:102:10:192:16:227', '10.192.32.179', '2620:0:860:103:10:192:32:179', '10.192.48.219', '2620:0:860:104:10:192:48:219']
  +    druid_public_hosts    => ['10.64.131.9', '2620:0:861:10a:10:64:131:9', '10.64.132.12', '2620:0:861:10b:10:64:132:12', '10.64.135.9', '2620:0:861:10e:10:64:135:9', '10.64.32.101', '2620:0:861:103:10:64:32:101', '10.64.48.185', '2620:0:861:107:10:64:48:185']
  +    install_hosts6        => {}
  +    deployment_hosts      => ['10.64.16.93', '2620:0:861:102:10:64:16:93', '10.192.32.7', '2620:0:860:103:10:192:32:7']
  

• Nftables::Set[LINK_LOCAL]

  Parameters differences:

  --- Nftables::Set[LINK_LOCAL].orig
  +++ Nftables::Set[LINK_LOCAL]
  
  +    ensure => present
  +    hosts  => ['169.254.0.0/16', 'fe80::/10']
  

• Nftables::Set[DOMAIN_NETWORKS]

  Parameters differences:

  --- Nftables::Set[DOMAIN_NETWORKS].orig
  +++ Nftables::Set[DOMAIN_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64']
  

• Nftables::Set[DSE_KUBEPODS_NETWORKS]

  Parameters differences:

  --- Nftables::Set[DSE_KUBEPODS_NETWORKS].orig
  +++ Nftables::Set[DSE_KUBEPODS_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.67.24.0/21', '2620:0:861:302::/64', '10.192.96.0/21', '2620:0:860:308::/64']
  

• Nftables::Set[CLOUD_PRIVATE_NETWORKS]

  Parameters differences:

  --- Nftables::Set[CLOUD_PRIVATE_NETWORKS].orig
  +++ Nftables::Set[CLOUD_PRIVATE_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['172.20.1.0/24', '172.20.2.0/24', '172.20.3.0/24', '172.20.4.0/24', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '172.20.5.0/24', '2a02:ec80:a100:205::/64']
  

• Nftables::Set[LABS_NETWORKS]

  Parameters differences:

  --- Nftables::Set[LABS_NETWORKS].orig
  +++ Nftables::Set[LABS_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64']
  

• Nftables::Set[MW_APPSERVER_NETWORKS]

  Parameters differences:

  --- Nftables::Set[MW_APPSERVER_NETWORKS].orig
  +++ Nftables::Set[MW_APPSERVER_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64', '127.0.0.1']
  

• Nftables::Set[KAFKA_BROKERS_LOGGING]

  Parameters differences:

  --- Nftables::Set[KAFKA_BROKERS_LOGGING].orig
  +++ Nftables::Set[KAFKA_BROKERS_LOGGING]
  
  +    ensure => present
  +    hosts  => ['10.64.16.205', '2620:0:861:102:10:64:16:205', '10.64.32.142', '2620:0:861:103:10:64:32:142', '10.64.48.66', '2620:0:861:107:10:64:48:66', '10.64.131.13', '2620:0:861:10a:10:64:131:13', '10.64.135.13', '2620:0:861:10e:10:64:135:13', '10.192.0.94', '2620:0:860:101:10:192:0:94', '10.192.16.50', '2620:0:860:102:10:192:16:50', '10.192.32.24', '2620:0:860:103:10:192:32:24', '10.192.16.38', '2620:0:860:102:10:192:16:38', '10.192.48.85', '2620:0:860:104:10:192:48:85']
  

• Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]

  Parameters differences:

  --- Nftables::Set[MLSERVE_KUBEPODS_NETWORKS].orig
  +++ Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.67.16.0/21', '2620:0:861:300::/64', '10.194.16.0/21', '2620:0:860:300::/64']
  

• Nftables::Set[ZOOKEEPER_FLINK_HOSTS]

  Parameters differences:

  --- Nftables::Set[ZOOKEEPER_FLINK_HOSTS].orig
  +++ Nftables::Set[ZOOKEEPER_FLINK_HOSTS]
  
  +    ensure => present
  +    hosts  => ['10.64.16.9', '2620:0:861:102:10:64:16:9', '10.64.0.8', '2620:0:861:101:10:64:0:8', '10.64.32.41', '2620:0:861:103:10:64:32:41', '10.192.16.227', '2620:0:860:102:10:192:16:227', '10.192.32.179', '2620:0:860:103:10:192:32:179', '10.192.48.219', '2620:0:860:104:10:192:48:219']
  

• Nftables::Service[full-monitoring-metrics-access-udp]

  Parameters differences:

  --- Nftables::Service[full-monitoring-metrics-access-udp].orig
  +++ Nftables::Service[full-monitoring-metrics-access-udp]
  
  +    proto      => udp
  +    prio       => 10
  +    ensure     => present
  +    notrack    => False
  +    desc       => 
  +    src_ips    => ['172.16.17.93', '2a02:ec80:a000:1::222']
  +    port_range => [1, 65535]
  

• Nftables::Set[AUX_KUBEPODS_NETWORKS]

  Parameters differences:

  --- Nftables::Set[AUX_KUBEPODS_NETWORKS].orig
  +++ Nftables::Set[AUX_KUBEPODS_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.67.80.0/21', '2620:0:861:305::/64', '10.194.80.0/21', '2620:0:860:305::/64']
  

• Nftables::Set[KAFKAMON_HOSTS]

  Parameters differences:

  --- Nftables::Set[KAFKAMON_HOSTS].orig
  +++ Nftables::Set[KAFKAMON_HOSTS]
  
  +    ensure => present
  +    hosts  => ['10.64.32.11', '2620:0:861:103:10:64:32:11', '10.192.16.139', '2620:0:860:102:10:192:16:139']
  

• Nftables::Set[CACHES]

  Parameters differences:

  --- Nftables::Set[CACHES].orig
  +++ Nftables::Set[CACHES]
  
  +    ensure => present
  +    hosts  => ['172.16.19.232', '2a02:ec80:a000:1::2f3', '172.16.17.55', '2a02:ec80:a000:1::31d']
  

• Nftables::Set[FRACK_NETWORKS]

  Parameters differences:

  --- Nftables::Set[FRACK_NETWORKS].orig
  +++ Nftables::Set[FRACK_NETWORKS]
  
  +    ensure => present
  +    hosts  => ['10.195.0.0/27', '10.195.0.128/29', '10.195.0.32/27', '10.195.0.64/28', '10.195.0.80/29', '10.195.0.96/27', '10.195.1.0/25', '10.64.40.0/27', '10.64.40.160/27', '10.64.40.192/26', '10.64.40.32/27', '10.64.40.64/27', '10.64.40.96/27', '208.80.152.224/28', '208.80.155.0/27']
  

Relevant files

• Production catalog
• Change catalog
• Production errors/warnings
• Change errors/warnings
• Core Diff
• Standard Diff