{"host": "cloudcontrol1007.eqiad.wmnet", "state": "diff", "description": "Differences to Puppet defined resources", "diff": {"full": {"total": 4065, "only_in_self": [], "only_in_other": ["Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]", "Nftables::Service[cinder-api-backend]", "Nftables::Service[designate-api-backend]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[galera-backend]", "Nftables::Service[galera-cluster-tcp]", "Nftables::Service[galera-cluster-udp]", "Nftables::Service[glance-api-backend]", "Nftables::Service[heat-api-backend]", "Nftables::Service[keystone-api-backend]", "Nftables::Service[magnum-api-backend]", "Nftables::Service[mdns-axfr-tcp]", "Nftables::Service[mdns-axfr-udp]", "Nftables::Service[memcached]", "Nftables::Service[neutron-api-backend]", "Nftables::Service[nova-api-backend]", "Nftables::Service[nova-metadata-backend]", "Nftables::Service[octavia-amphora-healthcheck-udp]", "Nftables::Service[octavia-amphora-healthcheck]", "Nftables::Service[octavia-api-backend]", "Nftables::Service[placement-api-backend]", "Nftables::Service[radosgw-api-backend]", "Nftables::Service[rsyncd_access_keystonefernetkeys]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cloudcumin-masters]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Service[trove-api-backend]"], "resource_diffs": [{"resource": "Nftables::Service[octavia-amphora-healthcheck-udp]", "parameters": "--- Nftables::Service[octavia-amphora-healthcheck-udp].orig\n+++ Nftables::Service[octavia-amphora-healthcheck-udp]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => udp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.16.24.0/24', '2a02:ec80:a000:100::/64']\n+    port                => 5555\n"}, {"resource": "Nftables::Service[radosgw-api-backend]", "parameters": "--- Nftables::Service[radosgw-api-backend].orig\n+++ Nftables::Service[radosgw-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 18080\n"}, {"resource": "Nftables::Service[ssh-from-bastion]", "parameters": "--- Nftables::Service[ssh-from-bastion].orig\n+++ Nftables::Service[ssh-from-bastion]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['103.102.166.103', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:3:103:102:166:103', '208.80.153.110', '208.80.154.7', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n+    port                => 22\n"}, {"resource": "Nftables::Service[ssh-from-cumin-masters]", "parameters": "--- Nftables::Service[ssh-from-cumin-masters].orig\n+++ Nftables::Service[ssh-from-cumin-masters]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    src_sets            => ['CUMIN_MASTERS']\n+    desc                => \n+    notrack             => False\n+    port                => 22\n"}, {"resource": "Nftables::Service[trove-api-backend]", "parameters": "--- Nftables::Service[trove-api-backend].orig\n+++ Nftables::Service[trove-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 18779\n"}, {"resource": "Nftables::Service[glance-api-backend]", "parameters": "--- Nftables::Service[glance-api-backend].orig\n+++ Nftables::Service[glance-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 19292\n"}, {"resource": "Nftables::Service[mdns-axfr-udp]", "parameters": "--- Nftables::Service[mdns-axfr-udp].orig\n+++ Nftables::Service[mdns-axfr-udp]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => udp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.25', '172.20.1.5', '172.20.2.32', '172.20.2.4', '172.20.3.18', '185.15.56.162', '185.15.56.163', '2a02:ec80:a000:201::25', '2a02:ec80:a000:201::5', '2a02:ec80:a000:202::32', '2a02:ec80:a000:202::4', '2a02:ec80:a000:203::18', '2a02:ec80:a000:4000::2', '2a02:ec80:a000:4000::3']\n+    port                => 5354\n"}, {"resource": "Nftables::Service[placement-api-backend]", "parameters": "--- Nftables::Service[placement-api-backend].orig\n+++ Nftables::Service[placement-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 18778\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-tcp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-tcp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-tcp]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    port_range          => [1, 65535]\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['10.64.0.82', '10.64.16.62', '10.64.32.85', '10.64.48.171', '208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:101:10:64:0:82', '2620:0:861:102:10:64:16:62', '2620:0:861:103:10:64:32:85', '2620:0:861:107:10:64:48:171', '2620:0:861:3:208:80:154:78']\n"}, {"resource": "Nftables::Service[memcached]", "parameters": "--- Nftables::Service[memcached].orig\n+++ Nftables::Service[memcached]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    src_sets            => ['CLOUD_PRIVATE_NETWORKS']\n+    desc                => \n+    notrack             => False\n+    port                => 11211\n"}, {"resource": "Nftables::Service[neutron-api-backend]", "parameters": "--- Nftables::Service[neutron-api-backend].orig\n+++ Nftables::Service[neutron-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 19696\n"}, {"resource": "Nftables::Service[galera-backend]", "parameters": "--- Nftables::Service[galera-backend].orig\n+++ Nftables::Service[galera-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => [23306, 9990]\n"}, {"resource": "Nftables::Service[galera-cluster-tcp]", "parameters": "--- Nftables::Service[galera-cluster-tcp].orig\n+++ Nftables::Service[galera-cluster-tcp]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.25', '172.20.2.32', '172.20.3.18', '2a02:ec80:a000:201::25', '2a02:ec80:a000:202::32', '2a02:ec80:a000:203::18']\n+    port                => [23306, 4567, 4568, 4444]\n"}, {"resource": "Nftables::Service[keystone-api-backend]", "parameters": "--- Nftables::Service[keystone-api-backend].orig\n+++ Nftables::Service[keystone-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => [15000, 15357]\n"}, {"resource": "Nftables::Service[rsyncd_access_keystonefernetkeys]", "parameters": "--- Nftables::Service[rsyncd_access_keystonefernetkeys].orig\n+++ Nftables::Service[rsyncd_access_keystonefernetkeys]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.25', '172.20.2.32', '172.20.3.18', '2a02:ec80:a000:201::25', '2a02:ec80:a000:202::32', '2a02:ec80:a000:203::18']\n+    port                => [873, 1873]\n"}, {"resource": "Nftables::Service[mdns-axfr-tcp]", "parameters": "--- Nftables::Service[mdns-axfr-tcp].orig\n+++ Nftables::Service[mdns-axfr-tcp]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.25', '172.20.1.5', '172.20.2.32', '172.20.2.4', '172.20.3.18', '185.15.56.162', '185.15.56.163', '2a02:ec80:a000:201::25', '2a02:ec80:a000:201::5', '2a02:ec80:a000:202::32', '2a02:ec80:a000:202::4', '2a02:ec80:a000:203::18', '2a02:ec80:a000:4000::2', '2a02:ec80:a000:4000::3']\n+    port                => 5354\n"}, {"resource": "Nftables::Service[galera-cluster-udp]", "parameters": "--- Nftables::Service[galera-cluster-udp].orig\n+++ Nftables::Service[galera-cluster-udp]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => udp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.25', '172.20.2.32', '172.20.3.18', '2a02:ec80:a000:201::25', '2a02:ec80:a000:202::32', '2a02:ec80:a000:203::18']\n+    port                => 4567\n"}, {"resource": "Nftables::Service[cinder-api-backend]", "parameters": "--- Nftables::Service[cinder-api-backend].orig\n+++ Nftables::Service[cinder-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 18776\n"}, {"resource": "Nftables::Service[magnum-api-backend]", "parameters": "--- Nftables::Service[magnum-api-backend].orig\n+++ Nftables::Service[magnum-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 19511\n"}, {"resource": "Nftables::Service[ssh-from-cloudcumin-masters]", "parameters": "--- Nftables::Service[ssh-from-cloudcumin-masters].orig\n+++ Nftables::Service[ssh-from-cloudcumin-masters]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['10.192.32.140', '10.64.48.148', '2620:0:860:103:10:192:32:140', '2620:0:861:107:10:64:48:148']\n+    port                => 22\n"}, {"resource": "Nftables::Service[designate-api-backend]", "parameters": "--- Nftables::Service[designate-api-backend].orig\n+++ Nftables::Service[designate-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 9001\n"}, {"resource": "Nftables::Service[nova-metadata-backend]", "parameters": "--- Nftables::Service[nova-metadata-backend].orig\n+++ Nftables::Service[nova-metadata-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 18775\n"}, {"resource": "Nftables::Service[heat-api-backend]", "parameters": "--- Nftables::Service[heat-api-backend].orig\n+++ Nftables::Service[heat-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => [18004, 18000]\n"}, {"resource": "Nftables::Service[octavia-amphora-healthcheck]", "parameters": "--- Nftables::Service[octavia-amphora-healthcheck].orig\n+++ Nftables::Service[octavia-amphora-healthcheck]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.16.24.0/24', '2a02:ec80:a000:100::/64']\n+    port                => 5555\n"}, {"resource": "Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]", "parameters": "--- Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet].orig\n+++ Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['10.64.183.10', '2620:0:861:13d:10:64:183:10']\n+    port                => 9102\n"}, {"resource": "Nftables::Service[nova-api-backend]", "parameters": "--- Nftables::Service[nova-api-backend].orig\n+++ Nftables::Service[nova-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 18774\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-udp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-udp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-udp]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => udp\n+    port_range          => [1, 65535]\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['10.64.0.82', '10.64.16.62', '10.64.32.85', '10.64.48.171', '208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:101:10:64:0:82', '2620:0:861:102:10:64:16:62', '2620:0:861:103:10:64:32:85', '2620:0:861:107:10:64:48:171', '2620:0:861:3:208:80:154:78']\n"}, {"resource": "Nftables::Service[octavia-api-backend]", "parameters": "--- Nftables::Service[octavia-api-backend].orig\n+++ Nftables::Service[octavia-api-backend]\n\n+    prio                => 10\n+    unrestricted_access => False\n+    proto               => tcp\n+    ensure              => present\n+    desc                => \n+    notrack             => False\n+    src_ips             => ['172.20.1.2', '172.20.2.2', '2a02:ec80:a000:201::2', '2a02:ec80:a000:202::2']\n+    port                => 9876\n"}], "perc_changed": "1.38%"}, "core": null, "main": {"total": 4065, "only_in_self": [], "only_in_other": ["Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]", "Nftables::Service[cinder-api-backend]", "Nftables::Service[designate-api-backend]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[galera-backend]", "Nftables::Service[galera-cluster-tcp]", "Nftables::Service[galera-cluster-udp]", "Nftables::Service[glance-api-backend]", "Nftables::Service[heat-api-backend]", "Nftables::Service[keystone-api-backend]", "Nftables::Service[magnum-api-backend]", "Nftables::Service[mdns-axfr-tcp]", "Nftables::Service[mdns-axfr-udp]", "Nftables::Service[memcached]", "Nftables::Service[neutron-api-backend]", "Nftables::Service[nova-api-backend]", "Nftables::Service[nova-metadata-backend]", "Nftables::Service[octavia-amphora-healthcheck-udp]", "Nftables::Service[octavia-amphora-healthcheck]", "Nftables::Service[octavia-api-backend]", "Nftables::Service[placement-api-backend]", "Nftables::Service[radosgw-api-backend]", "Nftables::Service[rsyncd_access_keystonefernetkeys]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cloudcumin-masters]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Service[trove-api-backend]"], "resource_diffs": [], "perc_changed": "0.69%"}}}