{"host": "enc-4.cloudinfra.eqiad1.wikimedia.cloud", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 1118, "only_in_self": ["Ferm::Rule[metricsinfra-prometheus-all]", "Ferm::Service[dhcp6-response]", "File[/etc/ferm/conf.d/10_dhcp6-response]", "File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all]"], "only_in_other": ["Ferm::Service[dhcp6_response]", "Ferm::Service[metricsinfra_prometheus_all_tcp]", "Ferm::Service[metricsinfra_prometheus_all_udp]", "File[/etc/ferm/conf.d/10_dhcp6_response]", "File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp]", "File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp]", "Firewall::Service[dhcp6-response]", "Firewall::Service[metricsinfra-prometheus-all-tcp]", "Firewall::Service[metricsinfra-prometheus-all-udp]", "Nftables::Service[dhcp6-response]", "Nftables::Service[metricsinfra-prometheus-all-tcp]", "Nftables::Service[metricsinfra-prometheus-all-udp]"], "resource_diffs": [{"resource": "Ferm::Rule[metricsinfra-prometheus-all]", "parameters": "--- Ferm::Rule[metricsinfra-prometheus-all].orig\n+++ Ferm::Rule[metricsinfra-prometheus-all]\n\n- rule => saddr @resolve((metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud)) ACCEPT;\n- ensure => present\n- chain => INPUT\n- desc => \n- table => filter\n- prio => 10\n- domain => (ip ip6)\n"}, {"resource": "Firewall::Service[dhcp6-response]", "parameters": "--- Firewall::Service[dhcp6-response].orig\n+++ Firewall::Service[dhcp6-response]\n\n+ proto => udp\n+ srange => ['fe80::/10']\n+ unrestricted_access => False\n+ ensure => present\n+ prio => 10\n+ notrack => False\n+ port => 546\n+ desc => \n+ drange => ['fe80::/10']\n"}, {"resource": "File[/etc/ferm/conf.d/10_dhcp6_response]", "content": "--- /etc/ferm/conf.d/10_dhcp6_response.orig\n+++ /etc/ferm/conf.d/10_dhcp6_response\n@@ -0,0 +1,6 @@\n+# Autogenerated by puppet. DO NOT EDIT BY HAND!\n+#\n+# \n+&RD_SERVICE(udp, 546, (fe80::/10), (fe80::/10));\n+\n+", "parameters": "--- File[/etc/ferm/conf.d/10_dhcp6_response].orig\n+++ File[/etc/ferm/conf.d/10_dhcp6_response]\n\n+ require => File[/etc/ferm/conf.d]\n+ group => root\n+ ensure => present\n+ notify => Service[ferm]\n+ owner => root\n+ tag => ferm\n+ mode => 0400\n"}, {"resource": "Nftables::Service[metricsinfra-prometheus-all-udp]", "parameters": "--- Nftables::Service[metricsinfra-prometheus-all-udp].orig\n+++ Nftables::Service[metricsinfra-prometheus-all-udp]\n\n+ src_ips => ['172.16.0.229', '172.16.6.65']\n+ proto => udp\n+ unrestricted_access => False\n+ ensure => present\n+ prio => 10\n+ notrack => False\n+ port_range => [1, 65535]\n+ desc => \n"}, {"resource": "Ferm::Service[dhcp6-response]", "parameters": "--- Ferm::Service[dhcp6-response].orig\n+++ Ferm::Service[dhcp6-response]\n\n- proto => udp\n- srange => fe80::/10\n- unrestricted_access => False\n- ensure => present\n- prio => 10\n- notrack => False\n- port => 546\n- desc => \n- drange => fe80::/10\n"}, {"resource": "Ferm::Service[metricsinfra_prometheus_all_tcp]", "parameters": "--- Ferm::Service[metricsinfra_prometheus_all_tcp].orig\n+++ Ferm::Service[metricsinfra_prometheus_all_tcp]\n\n+ proto => tcp\n+ srange => ['metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud', 'metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud']\n+ unrestricted_access => False\n+ ensure => present\n+ prio => 10\n+ notrack => False\n+ port_range => [1, 65535]\n+ desc => \n"}, {"resource": "Firewall::Service[metricsinfra-prometheus-all-udp]", "parameters": "--- Firewall::Service[metricsinfra-prometheus-all-udp].orig\n+++ Firewall::Service[metricsinfra-prometheus-all-udp]\n\n+ proto => udp\n+ srange => ['metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud', 'metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud']\n+ unrestricted_access => False\n+ ensure => present\n+ prio => 10\n+ notrack => False\n+ port_range => [1, 65535]\n+ desc => \n"}, {"resource": "File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp]", "content": "--- /etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp.orig\n+++ /etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp\n@@ -0,0 +1,6 @@\n+# Autogenerated by puppet. DO NOT EDIT BY HAND!\n+#\n+# \n+&R_SERVICE(tcp, 1:65535, (172.16.0.229 172.16.6.65));\n+\n+", "parameters": "--- File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp].orig\n+++ File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp]\n\n+ require => File[/etc/ferm/conf.d]\n+ group => root\n+ ensure => present\n+ notify => Service[ferm]\n+ owner => root\n+ tag => ferm\n+ mode => 0400\n"}, {"resource": "Ferm::Service[dhcp6_response]", "parameters": "--- Ferm::Service[dhcp6_response].orig\n+++ Ferm::Service[dhcp6_response]\n\n+ proto => udp\n+ srange => ['fe80::/10']\n+ unrestricted_access => False\n+ ensure => present\n+ prio => 10\n+ notrack => False\n+ port => 546\n+ desc => \n+ drange => ['fe80::/10']\n"}, {"resource": "Ferm::Service[metricsinfra_prometheus_all_udp]", "parameters": "--- Ferm::Service[metricsinfra_prometheus_all_udp].orig\n+++ Ferm::Service[metricsinfra_prometheus_all_udp]\n\n+ proto => udp\n+ srange => ['metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud', 'metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud']\n+ unrestricted_access => False\n+ ensure => present\n+ prio => 10\n+ notrack => False\n+ port_range => [1, 65535]\n+ desc => \n"}, {"resource": "Nftables::Service[metricsinfra-prometheus-all-tcp]", "parameters": "--- Nftables::Service[metricsinfra-prometheus-all-tcp].orig\n+++ Nftables::Service[metricsinfra-prometheus-all-tcp]\n\n+ src_ips => ['172.16.0.229', '172.16.6.65']\n+ proto => tcp\n+ unrestricted_access => False\n+ ensure => present\n+ prio => 10\n+ notrack => False\n+ port_range => [1, 65535]\n+ desc => \n"}, {"resource": "Firewall::Service[metricsinfra-prometheus-all-tcp]", "parameters": "--- Firewall::Service[metricsinfra-prometheus-all-tcp].orig\n+++ Firewall::Service[metricsinfra-prometheus-all-tcp]\n\n+ proto => tcp\n+ srange => ['metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud', 'metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud']\n+ unrestricted_access => False\n+ ensure => present\n+ prio => 10\n+ notrack => False\n+ port_range => [1, 65535]\n+ desc => \n"}, {"resource": "File[/etc/ferm/conf.d/10_dhcp6-response]", "content": "--- /etc/ferm/conf.d/10_dhcp6-response.orig\n+++ /etc/ferm/conf.d/10_dhcp6-response\n@@ -1,6 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# \n-&RD_SERVICE(udp, 546, fe80::/10, fe80::/10);\n-\n-", "parameters": "--- File[/etc/ferm/conf.d/10_dhcp6-response].orig\n+++ File[/etc/ferm/conf.d/10_dhcp6-response]\n\n- require => File[/etc/ferm/conf.d]\n- group => root\n- ensure => present\n- notify => Service[ferm]\n- owner => root\n- tag => ferm\n- mode => 0400\n"}, {"resource": "Nftables::Service[dhcp6-response]", "parameters": "--- Nftables::Service[dhcp6-response].orig\n+++ Nftables::Service[dhcp6-response]\n\n+ src_ips => ['fe80::/10']\n+ proto => udp\n+ unrestricted_access => False\n+ ensure => present\n+ prio => 10\n+ notrack => False\n+ port => 546\n+ dst_ips => ['fe80::/10']\n+ desc => \n"}, {"resource": "File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp]", "content": "--- /etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp.orig\n+++ /etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp\n@@ -0,0 +1,6 @@\n+# Autogenerated by puppet. DO NOT EDIT BY HAND!\n+#\n+# \n+&R_SERVICE(udp, 1:65535, (172.16.0.229 172.16.6.65));\n+\n+", "parameters": "--- File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp].orig\n+++ File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp]\n\n+ require => File[/etc/ferm/conf.d]\n+ group => root\n+ ensure => present\n+ notify => Service[ferm]\n+ owner => root\n+ tag => ferm\n+ mode => 0400\n"}, {"resource": "File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all]", "content": "--- /etc/ferm/conf.d/10_metricsinfra-prometheus-all.orig\n+++ /etc/ferm/conf.d/10_metricsinfra-prometheus-all\n@@ -1,11 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# 10_metricsinfra-prometheus-all: \n-\n-domain (ip ip6) {\n-\ttable filter {\n-\t\tchain INPUT {\n-\t\t\tsaddr @resolve((metricsinfra-prometheus-2.metricsinfra.eqiad1.wikimedia.cloud metricsinfra-prometheus-3.metricsinfra.eqiad1.wikimedia.cloud)) ACCEPT;\n-\t\t}\n-\t}\n-}", "parameters": "--- File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all].orig\n+++ File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all]\n\n- require => File[/etc/ferm/conf.d]\n- group => root\n- ensure => present\n- notify => Service[ferm]\n- owner => root\n- tag => ferm\n- mode => 0400\n"}], "perc_changed": "2.86%"}, "core": {"total": 1118, "only_in_self": ["File[/etc/ferm/conf.d/10_dhcp6-response]", "File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all]"], "only_in_other": ["File[/etc/ferm/conf.d/10_dhcp6_response]", "File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp]", "File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp]"], "resource_diffs": [], "perc_changed": "0.45%"}, "main": {"total": 1118, "only_in_self": ["Ferm::Rule[metricsinfra-prometheus-all]", "Ferm::Service[dhcp6-response]", "File[/etc/ferm/conf.d/10_dhcp6-response]", "File[/etc/ferm/conf.d/10_metricsinfra-prometheus-all]"], "only_in_other": ["Ferm::Service[dhcp6_response]", "Ferm::Service[metricsinfra_prometheus_all_tcp]", "Ferm::Service[metricsinfra_prometheus_all_udp]", "File[/etc/ferm/conf.d/10_dhcp6_response]", "File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_tcp]", "File[/etc/ferm/conf.d/10_metricsinfra_prometheus_all_udp]", "Firewall::Service[dhcp6-response]", "Firewall::Service[metricsinfra-prometheus-all-tcp]", "Firewall::Service[metricsinfra-prometheus-all-udp]", "Nftables::Service[dhcp6-response]", "Nftables::Service[metricsinfra-prometheus-all-tcp]", "Nftables::Service[metricsinfra-prometheus-all-udp]"], "resource_diffs": [], "perc_changed": "1.43%"}}}