{"host": "db1154.eqiad.wmnet", "state": "diff", "description": "Differences to Puppet defined resources", "diff": {"full": {"total": 3596, "only_in_self": [], "only_in_other": ["Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[s1_mariadb_dba]", "Nftables::Service[s1_mariadb_internal]", "Nftables::Service[s1_orchestrator]", "Nftables::Service[s3_mariadb_dba]", "Nftables::Service[s3_mariadb_internal]", "Nftables::Service[s3_orchestrator]", "Nftables::Service[s5_mariadb_dba]", "Nftables::Service[s5_mariadb_internal]", "Nftables::Service[s5_orchestrator]", "Nftables::Service[s8_mariadb_dba]", "Nftables::Service[s8_mariadb_internal]", "Nftables::Service[s8_orchestrator]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Service[x3_mariadb_dba]", "Nftables::Service[x3_mariadb_internal]", "Nftables::Service[x3_orchestrator]"], "resource_diffs": [{"resource": "Nftables::Service[s3_mariadb_dba]", "parameters": "--- Nftables::Service[s3_mariadb_dba].orig\n+++ Nftables::Service[s3_mariadb_dba]\n\n+    notrack             => False\n+    port                => 3333\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['MYSQL_ROOT_CLIENTS']\n"}, {"resource": "Nftables::Service[s5_orchestrator]", "parameters": "--- Nftables::Service[s5_orchestrator].orig\n+++ Nftables::Service[s5_orchestrator]\n\n+    notrack             => True\n+    port                => [3315]\n+    desc                => \n+    src_ips             => ['10.64.0.20', '208.80.154.9']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[x3_orchestrator]", "parameters": "--- Nftables::Service[x3_orchestrator].orig\n+++ Nftables::Service[x3_orchestrator]\n\n+    notrack             => True\n+    port                => [3363]\n+    desc                => \n+    src_ips             => ['10.64.0.20', '208.80.154.9']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[s5_mariadb_dba]", "parameters": "--- Nftables::Service[s5_mariadb_dba].orig\n+++ Nftables::Service[s5_mariadb_dba]\n\n+    notrack             => False\n+    port                => 3335\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['MYSQL_ROOT_CLIENTS']\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-tcp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-tcp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-tcp]\n\n+    notrack             => False\n+    desc                => \n+    src_ips             => ['10.64.0.82', '10.64.16.62', '10.64.32.85', '10.64.48.171', '208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:101:10:64:0:82', '2620:0:861:102:10:64:16:62', '2620:0:861:103:10:64:32:85', '2620:0:861:107:10:64:48:171', '2620:0:861:3:208:80:154:78']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    port_range          => [1, 65535]\n+    ensure              => present\n"}, {"resource": "Nftables::Service[ssh-from-bastion]", "parameters": "--- Nftables::Service[ssh-from-bastion].orig\n+++ Nftables::Service[ssh-from-bastion]\n\n+    notrack             => False\n+    port                => 22\n+    desc                => \n+    src_ips             => ['103.102.166.103', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:3:103:102:166:103', '208.80.153.110', '208.80.154.7', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[s1_orchestrator]", "parameters": "--- Nftables::Service[s1_orchestrator].orig\n+++ Nftables::Service[s1_orchestrator]\n\n+    notrack             => True\n+    port                => [3311]\n+    desc                => \n+    src_ips             => ['10.64.0.20', '208.80.154.9']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[ssh-from-cumin-masters]", "parameters": "--- Nftables::Service[ssh-from-cumin-masters].orig\n+++ Nftables::Service[ssh-from-cumin-masters]\n\n+    notrack             => False\n+    port                => 22\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['CUMIN_MASTERS']\n"}, {"resource": "Nftables::Service[s3_orchestrator]", "parameters": "--- Nftables::Service[s3_orchestrator].orig\n+++ Nftables::Service[s3_orchestrator]\n\n+    notrack             => True\n+    port                => [3313]\n+    desc                => \n+    src_ips             => ['10.64.0.20', '208.80.154.9']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-udp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-udp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-udp]\n\n+    notrack             => False\n+    desc                => \n+    src_ips             => ['10.64.0.82', '10.64.16.62', '10.64.32.85', '10.64.48.171', '208.80.153.42', '208.80.154.78', '2620:0:860:2:208:80:153:42', '2620:0:861:101:10:64:0:82', '2620:0:861:102:10:64:16:62', '2620:0:861:103:10:64:32:85', '2620:0:861:107:10:64:48:171', '2620:0:861:3:208:80:154:78']\n+    proto               => udp\n+    unrestricted_access => False\n+    prio                => 10\n+    port_range          => [1, 65535]\n+    ensure              => present\n"}, {"resource": "Nftables::Service[x3_mariadb_dba]", "parameters": "--- Nftables::Service[x3_mariadb_dba].orig\n+++ Nftables::Service[x3_mariadb_dba]\n\n+    notrack             => False\n+    port                => 3383\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['MYSQL_ROOT_CLIENTS']\n"}, {"resource": "Nftables::Service[s8_mariadb_internal]", "parameters": "--- Nftables::Service[s8_mariadb_internal].orig\n+++ Nftables::Service[s8_mariadb_internal]\n\n+    notrack             => True\n+    port                => 3318\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['INTERNAL']\n"}, {"resource": "Nftables::Service[s8_orchestrator]", "parameters": "--- Nftables::Service[s8_orchestrator].orig\n+++ Nftables::Service[s8_orchestrator]\n\n+    notrack             => True\n+    port                => [3318]\n+    desc                => \n+    src_ips             => ['10.64.0.20', '208.80.154.9']\n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n"}, {"resource": "Nftables::Service[s8_mariadb_dba]", "parameters": "--- Nftables::Service[s8_mariadb_dba].orig\n+++ Nftables::Service[s8_mariadb_dba]\n\n+    notrack             => False\n+    port                => 3338\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['MYSQL_ROOT_CLIENTS']\n"}, {"resource": "Nftables::Service[x3_mariadb_internal]", "parameters": "--- Nftables::Service[x3_mariadb_internal].orig\n+++ Nftables::Service[x3_mariadb_internal]\n\n+    notrack             => True\n+    port                => 3363\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['INTERNAL']\n"}, {"resource": "Nftables::Service[s1_mariadb_internal]", "parameters": "--- Nftables::Service[s1_mariadb_internal].orig\n+++ Nftables::Service[s1_mariadb_internal]\n\n+    notrack             => True\n+    port                => 3311\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['INTERNAL']\n"}, {"resource": "Nftables::Service[s5_mariadb_internal]", "parameters": "--- Nftables::Service[s5_mariadb_internal].orig\n+++ Nftables::Service[s5_mariadb_internal]\n\n+    notrack             => True\n+    port                => 3315\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['INTERNAL']\n"}, {"resource": "Nftables::Service[s1_mariadb_dba]", "parameters": "--- Nftables::Service[s1_mariadb_dba].orig\n+++ Nftables::Service[s1_mariadb_dba]\n\n+    notrack             => False\n+    port                => 3331\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['MYSQL_ROOT_CLIENTS']\n"}, {"resource": "Nftables::Service[s3_mariadb_internal]", "parameters": "--- Nftables::Service[s3_mariadb_internal].orig\n+++ Nftables::Service[s3_mariadb_internal]\n\n+    notrack             => True\n+    port                => 3313\n+    desc                => \n+    proto               => tcp\n+    unrestricted_access => False\n+    prio                => 10\n+    ensure              => present\n+    src_sets            => ['INTERNAL']\n"}], "perc_changed": "1.06%"}, "core": null, "main": {"total": 3596, "only_in_self": [], "only_in_other": ["Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[s1_mariadb_dba]", "Nftables::Service[s1_mariadb_internal]", "Nftables::Service[s1_orchestrator]", "Nftables::Service[s3_mariadb_dba]", "Nftables::Service[s3_mariadb_internal]", "Nftables::Service[s3_orchestrator]", "Nftables::Service[s5_mariadb_dba]", "Nftables::Service[s5_mariadb_internal]", "Nftables::Service[s5_orchestrator]", "Nftables::Service[s8_mariadb_dba]", "Nftables::Service[s8_mariadb_internal]", "Nftables::Service[s8_orchestrator]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Service[x3_mariadb_dba]", "Nftables::Service[x3_mariadb_internal]", "Nftables::Service[x3_orchestrator]"], "resource_diffs": [], "perc_changed": "0.53%"}}}