{"host": "contint2002.wikimedia.org", "state": "diff", "description": "Differences to Puppet defined resources", "diff": {"full": {"total": 3640, "only_in_self": [], "only_in_other": ["Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]", "Nftables::Service[ci-migration-rsync]", "Nftables::Service[ci_http]", "Nftables::Service[deployment-ssh]", "Nftables::Service[envoy_tls_termination_src_sets]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[gearman_from_zuul_mergers]", "Nftables::Service[git_daemon_internal_hosts]", "Nftables::Service[git_daemon_internal_sets]", "Nftables::Service[jenkins-contint]", "Nftables::Service[jenkins_controller_ssh]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]"], "resource_diffs": [{"resource": "Nftables::Service[ssh-from-bastion]", "parameters": "--- Nftables::Service[ssh-from-bastion].orig\n+++ Nftables::Service[ssh-from-bastion]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ desc => \n+ notrack => False\n+ src_ips => ['103.102.166.103', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:3:103:102:166:103', '208.80.153.110', '208.80.154.7', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n+ port => 22\n"}, {"resource": "Nftables::Service[ci_http]", "parameters": "--- Nftables::Service[ci_http].orig\n+++ Nftables::Service[ci_http]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ src_sets => ['CACHES']\n+ desc => \n+ notrack => False\n+ port => 80\n"}, {"resource": "Nftables::Service[ssh-from-cumin-masters]", "parameters": "--- Nftables::Service[ssh-from-cumin-masters].orig\n+++ Nftables::Service[ssh-from-cumin-masters]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ src_sets => ['CUMIN_MASTERS']\n+ desc => \n+ notrack => False\n+ port => 22\n"}, {"resource": "Nftables::Service[ci-migration-rsync]", "parameters": "--- Nftables::Service[ci-migration-rsync].orig\n+++ Nftables::Service[ci-migration-rsync]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ desc => \n+ notrack => False\n+ src_ips => ['208.80.154.132', '2620:0:861:2:208:80:154:132']\n+ port => 873\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-tcp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-tcp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-tcp]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ port_range => [1, 65535]\n+ ensure => present\n+ desc => \n+ notrack => False\n+ src_ips => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n"}, {"resource": "Nftables::Service[jenkins-contint]", "parameters": "--- Nftables::Service[jenkins-contint].orig\n+++ Nftables::Service[jenkins-contint]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ desc => \n+ notrack => False\n+ src_ips => ['208.80.154.132', '2620:0:861:2:208:80:154:132']\n+ port => 1443\n"}, {"resource": "Nftables::Service[git_daemon_internal_sets]", "parameters": "--- Nftables::Service[git_daemon_internal_sets].orig\n+++ Nftables::Service[git_daemon_internal_sets]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ src_sets => ['LABS_NETWORKS']\n+ desc => \n+ notrack => False\n+ port => 9418\n"}, {"resource": "Nftables::Service[gearman_from_zuul_mergers]", "parameters": "--- Nftables::Service[gearman_from_zuul_mergers].orig\n+++ Nftables::Service[gearman_from_zuul_mergers]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ desc => \n+ notrack => False\n+ src_ips => ['208.80.153.39', '208.80.154.132']\n+ port => 4730\n"}, {"resource": "Nftables::Service[jenkins_controller_ssh]", "parameters": "--- Nftables::Service[jenkins_controller_ssh].orig\n+++ Nftables::Service[jenkins_controller_ssh]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ desc => \n+ notrack => False\n+ src_ips => ['208.80.153.39', '208.80.154.132', '2620:0:860:2:208:80:153:39', '2620:0:861:2:208:80:154:132']\n+ port => 22\n"}, {"resource": "Nftables::Service[git_daemon_internal_hosts]", "parameters": "--- Nftables::Service[git_daemon_internal_hosts].orig\n+++ Nftables::Service[git_daemon_internal_hosts]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ desc => \n+ notrack => False\n+ src_ips => ['208.80.153.39', '208.80.154.132', '2620:0:860:2:208:80:153:39', '2620:0:861:2:208:80:154:132']\n+ port => 9418\n"}, {"resource": "Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]", "parameters": "--- Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet].orig\n+++ Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ desc => \n+ notrack => False\n+ src_ips => ['10.64.183.10', '2620:0:861:13d:10:64:183:10']\n+ port => 9102\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-udp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-udp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-udp]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => udp\n+ port_range => [1, 65535]\n+ ensure => present\n+ desc => \n+ notrack => False\n+ src_ips => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n"}, {"resource": "Nftables::Service[deployment-ssh]", "parameters": "--- Nftables::Service[deployment-ssh].orig\n+++ Nftables::Service[deployment-ssh]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ src_sets => ['DEPLOYMENT_HOSTS']\n+ ensure => present\n+ desc => \n+ notrack => False\n+ port => 22\n"}, {"resource": "Nftables::Service[envoy_tls_termination_src_sets]", "parameters": "--- Nftables::Service[envoy_tls_termination_src_sets].orig\n+++ Nftables::Service[envoy_tls_termination_src_sets]\n\n+ prio => 10\n+ unrestricted_access => False\n+ proto => tcp\n+ ensure => present\n+ src_sets => ['CACHES']\n+ notrack => True\n+ desc => \n+ port => 1443\n"}], "perc_changed": "0.77%"}, "core": null, "main": {"total": 3640, "only_in_self": [], "only_in_other": ["Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]", "Nftables::Service[ci-migration-rsync]", "Nftables::Service[ci_http]", "Nftables::Service[deployment-ssh]", "Nftables::Service[envoy_tls_termination_src_sets]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[gearman_from_zuul_mergers]", "Nftables::Service[git_daemon_internal_hosts]", "Nftables::Service[git_daemon_internal_sets]", "Nftables::Service[jenkins-contint]", "Nftables::Service[jenkins_controller_ssh]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]"], "resource_diffs": [], "perc_changed": "0.38%"}}}