{"host": "cloudservices2005-dev.codfw.wmnet", "state": "diff", "description": "Differences to Puppet defined resources", "diff": {"full": {"total": 3416, "only_in_self": [], "only_in_other": ["Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]", "Nftables::Service[bird-bfd-control]", "Nftables::Service[bird-bfd-echo]", "Nftables::Service[bird-bgp]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[ldap]", "Nftables::Service[mariadb_dba]", "Nftables::Service[mysql_designate]", "Nftables::Service[pdns-rest-api]", "Nftables::Service[recursor_tcp_dns_rec]", "Nftables::Service[recursor_udp_dns_rec]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cloudcumin-masters]", "Nftables::Service[ssh-from-cumin-masters]"], "resource_diffs": [{"resource": "Nftables::Service[bird-bfd-echo]", "parameters": "--- Nftables::Service[bird-bfd-echo].orig\n+++ Nftables::Service[bird-bfd-echo]\n\n+    notrack             => False\n+    port                => 3785\n+    desc                => \n+    src_ips             => ['172.20.5.1', '2a02:ec80:a100:205::1']\n+    proto               => udp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['LINK_LOCAL']\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-tcp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-tcp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-tcp]\n\n+    notrack             => False\n+    desc                => \n+    src_ips             => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    port_range          => [1, 65535]\n+    ensure              => present\n"}, {"resource": "Nftables::Service[ssh-from-bastion]", "parameters": "--- Nftables::Service[ssh-from-bastion].orig\n+++ Nftables::Service[ssh-from-bastion]\n\n+    notrack             => False\n+    port                => 22\n+    desc                => \n+    src_ips             => ['103.102.166.103', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:3:103:102:166:103', '208.80.153.110', '208.80.154.7', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[ssh-from-cloudcumin-masters]", "parameters": "--- Nftables::Service[ssh-from-cloudcumin-masters].orig\n+++ Nftables::Service[ssh-from-cloudcumin-masters]\n\n+    notrack             => False\n+    port                => 22\n+    desc                => \n+    src_ips             => ['10.192.32.140', '10.64.48.148', '2620:0:860:103:10:192:32:140', '2620:0:861:107:10:64:48:148']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]", "parameters": "--- Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet].orig\n+++ Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]\n\n+    notrack             => False\n+    port                => 9102\n+    desc                => \n+    src_ips             => ['10.64.183.10', '2620:0:861:13d:10:64:183:10']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[ssh-from-cumin-masters]", "parameters": "--- Nftables::Service[ssh-from-cumin-masters].orig\n+++ Nftables::Service[ssh-from-cumin-masters]\n\n+    notrack             => False\n+    port                => 22\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['CUMIN_MASTERS']\n"}, {"resource": "Nftables::Service[pdns-rest-api]", "parameters": "--- Nftables::Service[pdns-rest-api].orig\n+++ Nftables::Service[pdns-rest-api]\n\n+    notrack             => False\n+    port                => [8081]\n+    desc                => \n+    src_ips             => ['172.20.5.2', '172.20.5.22', '172.20.5.7', '185.15.57.25', '185.15.57.26', '2a02:ec80:a100:205::2', '2a02:ec80:a100:205::22', '2a02:ec80:a100:205::7', '2a02:ec80:a100:4000::2', '2a02:ec80:a100:4000::3']\n+    dst_ips             => ['172.20.5.9', '2a02:ec80:a100:205::9']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-udp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-udp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-udp]\n\n+    notrack             => False\n+    desc                => \n+    src_ips             => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n+    proto               => udp\n+    unrestricted_access => False\n+    prio                => 10\n+    port_range          => [1, 65535]\n+    ensure              => present\n"}, {"resource": "Nftables::Service[mysql_designate]", "parameters": "--- Nftables::Service[mysql_designate].orig\n+++ Nftables::Service[mysql_designate]\n\n+    notrack             => False\n+    port                => 3306\n+    desc                => \n+    src_ips             => ['172.20.5.2', '172.20.5.22', '172.20.5.7', '2a02:ec80:a100:205::2', '2a02:ec80:a100:205::22', '2a02:ec80:a100:205::7']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[recursor_tcp_dns_rec]", "parameters": "--- Nftables::Service[recursor_tcp_dns_rec].orig\n+++ Nftables::Service[recursor_tcp_dns_rec]\n\n+    notrack             => False\n+    port                => 53\n+    desc                => \n+    src_ips             => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '172.20.5.2', '172.20.5.22', '172.20.5.7', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.16/29', '185.15.57.24/29', '208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:205::2', '2a02:ec80:a100:205::22', '2a02:ec80:a100:205::7', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[ldap]", "parameters": "--- Nftables::Service[ldap].orig\n+++ Nftables::Service[ldap]\n\n+    notrack             => False\n+    port                => [389, 636]\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['PRODUCTION_NETWORKS', 'CLOUD_NETWORKS']\n"}, {"resource": "Nftables::Service[bird-bgp]", "parameters": "--- Nftables::Service[bird-bgp].orig\n+++ Nftables::Service[bird-bgp]\n\n+    notrack             => False\n+    port                => 179\n+    desc                => \n+    src_ips             => ['172.20.5.1', '2a02:ec80:a100:205::1']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[mariadb_dba]", "parameters": "--- Nftables::Service[mariadb_dba].orig\n+++ Nftables::Service[mariadb_dba]\n\n+    notrack             => False\n+    port                => 3306\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['MYSQL_ROOT_CLIENTS']\n"}, {"resource": "Nftables::Service[bird-bfd-control]", "parameters": "--- Nftables::Service[bird-bfd-control].orig\n+++ Nftables::Service[bird-bfd-control]\n\n+    notrack             => False\n+    port                => 3784\n+    desc                => \n+    src_ips             => ['172.20.5.1', '2a02:ec80:a100:205::1']\n+    proto               => udp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['LINK_LOCAL']\n"}, {"resource": "Nftables::Service[recursor_udp_dns_rec]", "parameters": "--- Nftables::Service[recursor_udp_dns_rec].orig\n+++ Nftables::Service[recursor_udp_dns_rec]\n\n+    notrack             => False\n+    port                => 53\n+    desc                => \n+    src_ips             => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '172.20.5.2', '172.20.5.22', '172.20.5.7', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.16/29', '185.15.57.24/29', '208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:205::2', '2a02:ec80:a100:205::22', '2a02:ec80:a100:205::7', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64']\n+    proto               => udp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}], "perc_changed": "0.88%"}, "core": null, "main": {"total": 3416, "only_in_self": [], "only_in_other": ["Nftables::Service[bacula-file-daemon-backup1014.eqiad.wmnet]", "Nftables::Service[bird-bfd-control]", "Nftables::Service[bird-bfd-echo]", "Nftables::Service[bird-bgp]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[ldap]", "Nftables::Service[mariadb_dba]", "Nftables::Service[mysql_designate]", "Nftables::Service[pdns-rest-api]", "Nftables::Service[recursor_tcp_dns_rec]", "Nftables::Service[recursor_udp_dns_rec]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cloudcumin-masters]", "Nftables::Service[ssh-from-cumin-masters]"], "resource_diffs": [], "perc_changed": "0.44%"}}}