{"host": "alert1002.wikimedia.org", "state": "diff", "description": "Differences to Puppet defined resources", "diff": {"full": {"total": 9549, "only_in_self": [], "only_in_other": ["Nftables::Service[alertmanager-cluster]", "Nftables::Service[alertmanager-irc]", "Nftables::Service[alertmanager-prometheus-frack]", "Nftables::Service[alertmanager-prometheus]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[icinga-http]", "Nftables::Service[icinga-https]", "Nftables::Service[icinga-nsca]", "Nftables::Service[rsyncd_access_icinga-cache]", "Nftables::Service[rsyncd_access_icinga-lib]", "Nftables::Service[rsyncd_access_icinga-tmpfs]", "Nftables::Service[rsyncd_access_vopsbot-sync-db]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Service[tcpircbot_allowed]", "Nftables::Service[tcpircbot_cloud_allowed]"], "resource_diffs": [{"resource": "Nftables::Service[alertmanager-prometheus]", "parameters": "--- Nftables::Service[alertmanager-prometheus].orig\n+++ Nftables::Service[alertmanager-prometheus]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['10.128.2.3', '10.132.2.5', '10.136.1.24', '10.140.2.5', '10.192.0.160', '10.192.16.75', '10.192.32.160', '10.192.32.67', '10.192.39.10', '10.192.48.215', '10.192.9.11', '10.64.0.119', '10.64.0.82', '10.64.134.21', '10.64.16.62', '10.64.32.85', '10.64.48.167', '10.64.48.171', '10.80.2.5', '2001:df2:e500:103:10:132:2:5', '2620:0:860:101:10:192:0:160', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:160', '2620:0:860:103:10:192:32:67', '2620:0:860:104:10:192:48:215', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:861:101:10:64:0:119', '2620:0:861:101:10:64:0:82', '2620:0:861:102:10:64:16:62', '2620:0:861:103:10:64:32:85', '2620:0:861:107:10:64:48:167', '2620:0:861:107:10:64:48:171', '2620:0:861:10d:10:64:134:21', '2620:0:863:103:10:128:2:3', '2a02:ec80:300:103:10:80:2:5', '2a02:ec80:600:102:10:136:1:24', '2a02:ec80:700:103:10:140:2:5']\n+    port                => 9093\n"}, {"resource": "Nftables::Service[ssh-from-bastion]", "parameters": "--- Nftables::Service[ssh-from-bastion].orig\n+++ Nftables::Service[ssh-from-bastion]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['103.102.166.103', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:3:103:102:166:103', '208.80.153.110', '208.80.154.7', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n+    port                => 22\n"}, {"resource": "Nftables::Service[tcpircbot_cloud_allowed]", "parameters": "--- Nftables::Service[tcpircbot_cloud_allowed].orig\n+++ Nftables::Service[tcpircbot_cloud_allowed]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['10.192.32.140', '10.64.48.148', '2620:0:860:103:10:192:32:140', '2620:0:861:107:10:64:48:148']\n+    port                => 9201\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-tcp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-tcp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-tcp]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    port_range          => [1, 65535]\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['10.64.0.82', '10.64.16.62', '10.64.32.85', '10.64.48.171', '208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:101:10:64:0:82', '2620:0:861:102:10:64:16:62', '2620:0:861:103:10:64:32:85', '2620:0:861:107:10:64:48:171', '2620:0:861:3:208:80:154:78']\n"}, {"resource": "Nftables::Service[alertmanager-cluster]", "parameters": "--- Nftables::Service[alertmanager-cluster].orig\n+++ Nftables::Service[alertmanager-cluster]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['208.80.153.42', '208.80.154.78', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78', '2620:0:861:3:208:80:154:78']\n+    port                => 9094\n"}, {"resource": "Nftables::Service[alertmanager-prometheus-frack]", "parameters": "--- Nftables::Service[alertmanager-prometheus-frack].orig\n+++ Nftables::Service[alertmanager-prometheus-frack]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    src_sets            => ['FRACK_NETWORKS']\n+    desc                => \n+    notrack             => False\n+    port                => 9093\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-udp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-udp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-udp]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => udp\n+    port_range          => [1, 65535]\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['10.64.0.82', '10.64.16.62', '10.64.32.85', '10.64.48.171', '208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:101:10:64:0:82', '2620:0:861:102:10:64:16:62', '2620:0:861:103:10:64:32:85', '2620:0:861:107:10:64:48:171', '2620:0:861:3:208:80:154:78']\n"}, {"resource": "Nftables::Service[rsyncd_access_vopsbot-sync-db]", "parameters": "--- Nftables::Service[rsyncd_access_vopsbot-sync-db].orig\n+++ Nftables::Service[rsyncd_access_vopsbot-sync-db]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['208.80.153.42', '2620:0:860:2:208:80:153:42']\n+    port                => [873, 1873]\n"}, {"resource": "Nftables::Service[icinga-nsca]", "parameters": "--- Nftables::Service[icinga-nsca].orig\n+++ Nftables::Service[icinga-nsca]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    src_sets            => ['DOMAIN_NETWORKS', 'FRACK_NETWORKS']\n+    desc                => \n+    notrack             => False\n+    port                => 5667\n"}, {"resource": "Nftables::Service[ssh-from-cumin-masters]", "parameters": "--- Nftables::Service[ssh-from-cumin-masters].orig\n+++ Nftables::Service[ssh-from-cumin-masters]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    src_sets            => ['CUMIN_MASTERS']\n+    desc                => \n+    notrack             => False\n+    port                => 22\n"}, {"resource": "Nftables::Service[tcpircbot_allowed]", "parameters": "--- Nftables::Service[tcpircbot_allowed].orig\n+++ Nftables::Service[tcpircbot_allowed]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['10.192.0.19', '10.192.32.10', '10.192.32.49', '10.192.32.7', '10.192.43.9', '10.64.0.23', '10.64.16.154', '10.64.16.19', '10.64.16.93', '10.64.32.39', '103.102.166.10', '103.102.166.8', '185.15.58.37', '185.15.58.5', '185.15.59.2', '185.15.59.34', '195.200.68.37', '195.200.68.4', '198.35.26.34', '198.35.26.7', '2001:df2:e500:1:103:102:166:10', '2001:df2:e500:1:103:102:166:8', '208.80.153.107', '208.80.153.48', '208.80.153.74', '208.80.154.153', '208.80.154.6', '208.80.154.77', '2620:0:860:101:10:192:0:19', '2620:0:860:103:10:192:32:10', '2620:0:860:103:10:192:32:49', '2620:0:860:103:10:192:32:7', '2620:0:860:122:10:192:43:9', '2620:0:860:2:208:80:153:48', '2620:0:860:3:208:80:153:74', '2620:0:860:4:208:80:153:107', '2620:0:861:101:10:64:0:23', '2620:0:861:102:10:64:16:154', '2620:0:861:102:10:64:16:19', '2620:0:861:102:10:64:16:93', '2620:0:861:103:10:64:32:39', '2620:0:861:1:208:80:154:6', '2620:0:861:2:208:80:154:153', '2620:0:861:3:208:80:154:77', '2620:0:863:1:198:35:26:7', '2620:0:863:2:198:35:26:34', '2a02:ec80:300:1:185:15:59:2', '2a02:ec80:300:2:185:15:59:34', '2a02:ec80:600:1:185:15:58:5', '2a02:ec80:600:2:185:15:58:37', '2a02:ec80:700:1:195:200:68:4', '2a02:ec80:700:2:195:200:68:37']\n+    port                => 9200\n"}, {"resource": "Nftables::Service[rsyncd_access_icinga-tmpfs]", "parameters": "--- Nftables::Service[rsyncd_access_icinga-tmpfs].orig\n+++ Nftables::Service[rsyncd_access_icinga-tmpfs]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n+    port                => [873, 1873]\n"}, {"resource": "Nftables::Service[icinga-https]", "parameters": "--- Nftables::Service[icinga-https].orig\n+++ Nftables::Service[icinga-https]\n\n+    notrack             => False\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    port                => 443\n+    ensure              => present\n+    desc                => \n"}, {"resource": "Nftables::Service[alertmanager-irc]", "parameters": "--- Nftables::Service[alertmanager-irc].orig\n+++ Nftables::Service[alertmanager-irc]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['208.80.153.42', '208.80.154.78', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78', '2620:0:861:3:208:80:154:78']\n+    port                => 19190\n"}, {"resource": "Nftables::Service[rsyncd_access_icinga-cache]", "parameters": "--- Nftables::Service[rsyncd_access_icinga-cache].orig\n+++ Nftables::Service[rsyncd_access_icinga-cache]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n+    port                => [873, 1873]\n"}, {"resource": "Nftables::Service[icinga-http]", "parameters": "--- Nftables::Service[icinga-http].orig\n+++ Nftables::Service[icinga-http]\n\n+    notrack             => False\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    port                => 80\n+    ensure              => present\n+    desc                => \n"}, {"resource": "Nftables::Service[rsyncd_access_icinga-lib]", "parameters": "--- Nftables::Service[rsyncd_access_icinga-lib].orig\n+++ Nftables::Service[rsyncd_access_icinga-lib]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n+    port                => [873, 1873]\n"}], "perc_changed": "0.36%"}, "core": null, "main": {"total": 9549, "only_in_self": [], "only_in_other": ["Nftables::Service[alertmanager-cluster]", "Nftables::Service[alertmanager-irc]", "Nftables::Service[alertmanager-prometheus-frack]", "Nftables::Service[alertmanager-prometheus]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[icinga-http]", "Nftables::Service[icinga-https]", "Nftables::Service[icinga-nsca]", "Nftables::Service[rsyncd_access_icinga-cache]", "Nftables::Service[rsyncd_access_icinga-lib]", "Nftables::Service[rsyncd_access_icinga-tmpfs]", "Nftables::Service[rsyncd_access_vopsbot-sync-db]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Service[tcpircbot_allowed]", "Nftables::Service[tcpircbot_cloud_allowed]"], "resource_diffs": [], "perc_changed": "0.18%"}}}