Compilation results for phab1004.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3687
Resources added:	13
Resources removed:	0
Resources modified:	102
Change percentage:	3.12%

Resources only in the new catalog

Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet]
Ferm::Service[ssh_from_cumin_masters]
Ferm::Service[phabmain_http]
Ferm::Service[full_monitoring_metrics_access_udp]
Ferm::Service[ssh_cluster]
Ferm::Service[phabmain_smtp]
Ferm::Service[deployment_ssh]
Ferm::Service[envoy_tls_termination_src_sets]
Ferm::Service[ssh_from_bastion]
Ferm::Service[rsyncd_access_phabricator_home_dirs]
Ferm::Service[rsyncd_access_phabricator_repos]
Ferm::Service[full_monitoring_metrics_access_tcp]
Ferm::Service[rsyncd_access_srv_dumps]

Resources modified

File[/etc/nftables/input/10_envoy_tls_termination_src_sets.nft]

Parameters differences:

--- File[/etc/nftables/input/10_envoy_tls_termination_src_sets.nft].orig
+++ File[/etc/nftables/input/10_envoy_tls_termination_src_sets.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[rsyncd_access_phabricator_repos]

Parameters differences:

--- Ferm::Service[rsyncd_access_phabricator_repos].orig
+++ Ferm::Service[rsyncd_access_phabricator_repos]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => [873, 1873]
+    desc    => 
+    srange  => ['phab2002.codfw.wmnet']

File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CACHES_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CACHES_ipv4.nft].orig
+++ File[/etc/nftables/sets/CACHES_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft].orig
+++ File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_rsyncd_access_srv-dumps.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_srv-dumps.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_srv-dumps.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[phabmain_smtp]

Parameters differences:

--- Ferm::Service[phabmain_smtp].orig
+++ Ferm::Service[phabmain_smtp]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => 25
+    desc    => 
+    srange  => ['mx-in1001.wikimedia.org', 'mx-in2001.wikimedia.org']

File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[ssh_from_bastion]

Parameters differences:

--- Ferm::Service[ssh_from_bastion].orig
+++ Ferm::Service[ssh_from_bastion]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => 22
+    desc    => 
+    srange  => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']

File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]

Parameters differences:

--- File[/etc/nftables/input/10_ssh-from-cumin-masters.nft].orig
+++ File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[ssh_from_cumin_masters]

Parameters differences:

--- Ferm::Service[ssh_from_cumin_masters].orig
+++ Ferm::Service[ssh_from_cumin_masters]

+    proto    => tcp
+    prio     => 10
+    ensure   => present
+    notrack  => False
+    port     => 22
+    desc     => 
+    src_sets => ['CUMIN_MASTERS']

File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_ssh_cluster.nft]

Parameters differences:

--- File[/etc/nftables/input/10_ssh_cluster.nft].orig
+++ File[/etc/nftables/input/10_ssh_cluster.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft].orig
+++ File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[deployment_ssh]

Parameters differences:

--- Ferm::Service[deployment_ssh].orig
+++ Ferm::Service[deployment_ssh]

+    proto    => tcp
+    prio     => 10
+    ensure   => present
+    notrack  => False
+    port     => 22
+    desc     => 
+    src_sets => ['DEPLOYMENT_HOSTS']

File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_rsyncd_access_phabricator-repos.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_phabricator-repos.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_phabricator-repos.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet]

Parameters differences:

--- Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet].orig
+++ Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => 9102
+    desc    => 
+    srange  => ['backup1014.eqiad.wmnet']

File[/etc/nftables/100_base_puppet.nft]

Parameters differences:

--- File[/etc/nftables/100_base_puppet.nft].orig
+++ File[/etc/nftables/100_base_puppet.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/INTERNAL_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/INTERNAL_ipv6.nft].orig
+++ File[/etc/nftables/sets/INTERNAL_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[rsyncd_access_phabricator_home_dirs]

Parameters differences:

--- Ferm::Service[rsyncd_access_phabricator_home_dirs].orig
+++ Ferm::Service[rsyncd_access_phabricator_home_dirs]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => [873, 1873]
+    desc    => 
+    srange  => ['phab2002.codfw.wmnet']

File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_phabmain-smtp.nft]

Parameters differences:

--- File[/etc/nftables/input/10_phabmain-smtp.nft].orig
+++ File[/etc/nftables/input/10_phabmain-smtp.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[rsyncd_access_srv_dumps]

Parameters differences:

--- Ferm::Service[rsyncd_access_srv_dumps].orig
+++ Ferm::Service[rsyncd_access_srv_dumps]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => [873, 1873]
+    desc    => 
+    srange  => ['phab1004.eqiad.wmnet', 'phab2002.codfw.wmnet', 'clouddumps1001.wikimedia.org', 'clouddumps1002.wikimedia.org']

File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft].orig
+++ File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_deployment-ssh.nft]

Parameters differences:

--- File[/etc/nftables/input/10_deployment-ssh.nft].orig
+++ File[/etc/nftables/input/10_deployment-ssh.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[full_monitoring_metrics_access_udp]

Parameters differences:

--- Ferm::Service[full_monitoring_metrics_access_udp].orig
+++ Ferm::Service[full_monitoring_metrics_access_udp]

+    proto      => udp
+    prio       => 10
+    ensure     => present
+    notrack    => False
+    desc       => 
+    srange     => ['prometheus1005.eqiad.wmnet', 'prometheus1006.eqiad.wmnet', 'prometheus1007.eqiad.wmnet', 'prometheus1008.eqiad.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']
+    port_range => [1, 65535]

File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft].orig
+++ File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/INTERNAL_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/INTERNAL_ipv4.nft].orig
+++ File[/etc/nftables/sets/INTERNAL_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_rsyncd_access_phabricator-home-dirs.nft]

Parameters differences:

--- File[/etc/nftables/input/10_rsyncd_access_phabricator-home-dirs.nft].orig
+++ File[/etc/nftables/input/10_rsyncd_access_phabricator-home-dirs.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[full_monitoring_metrics_access_tcp]

Parameters differences:

--- Ferm::Service[full_monitoring_metrics_access_tcp].orig
+++ Ferm::Service[full_monitoring_metrics_access_tcp]

+    proto      => tcp
+    prio       => 10
+    ensure     => present
+    notrack    => False
+    desc       => 
+    srange     => ['prometheus1005.eqiad.wmnet', 'prometheus1006.eqiad.wmnet', 'prometheus1007.eqiad.wmnet', 'prometheus1008.eqiad.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']
+    port_range => [1, 65535]

File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_ssh-from-bastion.nft]

Parameters differences:

--- File[/etc/nftables/input/10_ssh-from-bastion.nft].orig
+++ File[/etc/nftables/input/10_ssh-from-bastion.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_bacula-file-daemon-backup1014.eqiad.wmnet.nft]

Parameters differences:

--- File[/etc/nftables/input/10_bacula-file-daemon-backup1014.eqiad.wmnet.nft].orig
+++ File[/etc/nftables/input/10_bacula-file-daemon-backup1014.eqiad.wmnet.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CACHES_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CACHES_ipv6.nft].orig
+++ File[/etc/nftables/sets/CACHES_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]

Parameters differences:

--- File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft].orig
+++ File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft].orig
+++ File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/notrack/10_envoy_tls_termination_src_sets.nft]

Parameters differences:

--- File[/etc/nftables/notrack/10_envoy_tls_termination_src_sets.nft].orig
+++ File[/etc/nftables/notrack/10_envoy_tls_termination_src_sets.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[ssh_cluster]

Parameters differences:

--- Ferm::Service[ssh_cluster].orig
+++ Ferm::Service[ssh_cluster]

+    proto   => tcp
+    prio    => 10
+    ensure  => present
+    notrack => False
+    port    => 22
+    desc    => 
+    srange  => ['phab1004.eqiad.wmnet', 'phab2002.codfw.wmnet']

File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[envoy_tls_termination_src_sets]

Parameters differences:

--- Ferm::Service[envoy_tls_termination_src_sets].orig
+++ Ferm::Service[envoy_tls_termination_src_sets]

+    proto    => tcp
+    prio     => 10
+    ensure   => present
+    notrack  => True
+    port     => 443
+    desc     => 
+    src_sets => ['CACHES']

File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]

Parameters differences:

--- File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft].orig
+++ File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft].orig
+++ File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/input/10_phabmain_http.nft]

Parameters differences:

--- File[/etc/nftables/input/10_phabmain_http.nft].orig
+++ File[/etc/nftables/input/10_phabmain_http.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Ferm::Service[phabmain_http]

Parameters differences:

--- Ferm::Service[phabmain_http].orig
+++ Ferm::Service[phabmain_http]

+    proto    => tcp
+    prio     => 10
+    ensure   => present
+    notrack  => False
+    port     => 80
+    desc     => 
+    src_sets => ['DEPLOYMENT_HOSTS']

File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]

@@
-    notify => Service[nftables]
+    notify => ['Service[nftables]']

Compilation results for phab1004.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files