Compilation results for people2004.codfw.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

• Ferm::Service[full_monitoring_metrics_access_udp]
• Ferm::Service[people_http_deployment]
• Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet]
• Ferm::Service[envoy_tls_termination_src_sets]
• Ferm::Service[full_monitoring_metrics_access_tcp]
• Ferm::Service[people_http]
• Ferm::Service[rsyncd_access_people_home]
• Ferm::Service[people_https]
• Ferm::Service[ssh_from_bastion]
• Ferm::Service[ssh_from_cumin_masters]

Resources modified

• Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet]

  Parameters differences:

  --- Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet].orig
  +++ Ferm::Service[bacula_file_daemon_backup1014_eqiad_wmnet]
  
  +    notrack             => False
  +    port                => 9102
  +    desc                => 
  +    srange              => ['backup1014.eqiad.wmnet']
  +    proto               => tcp
  +    unrestricted_access => False
  +    prio                => 10
  +    ensure              => present
  

• Nftables::Service[full-monitoring-metrics-access-tcp]

  Parameters differences:

  --- Nftables::Service[full-monitoring-metrics-access-tcp].orig
  +++ Nftables::Service[full-monitoring-metrics-access-tcp]
  
  @@
  -    src_ips => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']
  +    src_ips => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']
  

• Ferm::Service[ssh_from_cumin_masters]

  Parameters differences:

  --- Ferm::Service[ssh_from_cumin_masters].orig
  +++ Ferm::Service[ssh_from_cumin_masters]
  
  +    notrack             => False
  +    port                => 22
  +    desc                => 
  +    proto               => tcp
  +    unrestricted_access => False
  +    prio                => 10
  +    ensure              => present
  +    src_sets            => ['CUMIN_MASTERS']
  

• Ferm::Service[full_monitoring_metrics_access_udp]

  Parameters differences:

  --- Ferm::Service[full_monitoring_metrics_access_udp].orig
  +++ Ferm::Service[full_monitoring_metrics_access_udp]
  
  +    notrack             => False
  +    desc                => 
  +    srange              => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']
  +    proto               => udp
  +    unrestricted_access => False
  +    prio                => 10
  +    port_range          => [1, 65535]
  +    ensure              => present
  

• Ferm::Service[envoy_tls_termination_src_sets]

  Parameters differences:

  --- Ferm::Service[envoy_tls_termination_src_sets].orig
  +++ Ferm::Service[envoy_tls_termination_src_sets]
  
  +    notrack             => True
  +    port                => 443
  +    desc                => 
  +    proto               => tcp
  +    unrestricted_access => False
  +    prio                => 10
  +    ensure              => present
  +    src_sets            => ['CACHES', 'DEPLOYMENT_HOSTS']
  

• Ferm::Service[people_http]

  Parameters differences:

  --- Ferm::Service[people_http].orig
  +++ Ferm::Service[people_http]
  
  +    notrack             => False
  +    port                => 80
  +    desc                => 
  +    proto               => tcp
  +    unrestricted_access => False
  +    prio                => 10
  +    ensure              => present
  +    src_sets            => ['CACHES', 'STAGING_KUBEPODS_NETWORKS', 'WIKIKUBE_KUBEPODS_NETWORKS']
  

• Ferm::Service[people_https]

  Parameters differences:

  --- Ferm::Service[people_https].orig
  +++ Ferm::Service[people_https]
  
  +    notrack             => False
  +    port                => 443
  +    desc                => 
  +    proto               => tcp
  +    unrestricted_access => False
  +    prio                => 10
  +    ensure              => present
  +    src_sets            => ['CACHES', 'STAGING_KUBEPODS_NETWORKS', 'WIKIKUBE_KUBEPODS_NETWORKS']
  

• Ferm::Service[people_http_deployment]

  Parameters differences:

  --- Ferm::Service[people_http_deployment].orig
  +++ Ferm::Service[people_http_deployment]
  
  +    notrack             => False
  +    port                => 80
  +    desc                => 
  +    proto               => tcp
  +    unrestricted_access => False
  +    prio                => 10
  +    ensure              => present
  +    src_sets            => ['DEPLOYMENT_HOSTS']
  

• Ferm::Service[full_monitoring_metrics_access_tcp]

  Parameters differences:

  --- Ferm::Service[full_monitoring_metrics_access_tcp].orig
  +++ Ferm::Service[full_monitoring_metrics_access_tcp]
  
  +    notrack             => False
  +    desc                => 
  +    srange              => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']
  +    proto               => tcp
  +    unrestricted_access => False
  +    prio                => 10
  +    port_range          => [1, 65535]
  +    ensure              => present
  

• Ferm::Service[ssh_from_bastion]

  Parameters differences:

  --- Ferm::Service[ssh_from_bastion].orig
  +++ Ferm::Service[ssh_from_bastion]
  
  +    notrack             => False
  +    port                => 22
  +    desc                => 
  +    srange              => ['208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.103', '2001:df2:e500:3:103:102:166:103', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
  +    proto               => tcp
  +    unrestricted_access => False
  +    prio                => 10
  +    ensure              => present
  

• File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]

  Content differences:

  --- /etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft.orig
  +++ /etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft
  @@ -1,4 +1,4 @@
   # Managed by puppet
   # 
   ip saddr { 10.192.16.75, 10.192.32.67, 10.192.39.10, 10.192.9.11, 208.80.153.42, 208.80.154.78 } tcp dport 1-65535 accept
  -ip6 saddr { 2620:0:860:102:10:192:16:75, 2620:0:860:103:10:192:32:67, 2620:0:860:10a:10:192:9:11, 2620:0:860:11e:10:192:39:10, 2620:0:860:2:208:80:153:42, 2620:0:861:3:208:80:154:78 } tcp dport 1-65535 accept
  +ip6 saddr { 2620:0:860:103:10:192:32:67, 2620:0:860:10a:10:192:9:11, 2620:0:860:11e:10:192:39:10, 2620:0:860:2:208:80:153:42, 2620:0:861:3:208:80:154:78 } tcp dport 1-65535 accept

• Ferm::Service[rsyncd_access_people_home]

  Parameters differences:

  --- Ferm::Service[rsyncd_access_people_home].orig
  +++ Ferm::Service[rsyncd_access_people_home]
  
  +    notrack             => False
  +    port                => [873, 1873]
  +    desc                => 
  +    srange              => ['people1005.eqiad.wmnet']
  +    proto               => tcp
  +    unrestricted_access => False
  +    prio                => 10
  +    ensure              => present
  

Relevant files

• Production catalog
• Change catalog
• Production errors/warnings
• Change errors/warnings
• Core Diff
• Standard Diff