{"host": "sretest1005.eqiad.wmnet", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 2907, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "Firewall::Service[ssh-from-bastion]", "parameters": "--- Firewall::Service[ssh-from-bastion].orig\n+++ Firewall::Service[ssh-from-bastion]\n\n@@\n-    srange => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    srange => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n"}, {"resource": "File[/etc/nftables/input/10_ssh-from-bastion.nft]", "content": "--- /etc/nftables/input/10_ssh-from-bastion.nft.orig\n+++ /etc/nftables/input/10_ssh-from-bastion.nft\n@@ -1,4 +1,4 @@\n # Managed by puppet\n # \n-ip saddr { 103.102.166.6, 185.15.58.6, 185.15.59.99, 195.200.68.99, 208.80.153.110, 208.80.154.7, 208.80.155.110 } tcp dport { 22 } accept\n-ip6 saddr { 2001:df2:e500:1:103:102:166:6, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:861:4:208:80:155:110, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept\n+ip saddr { 103.102.166.6, 185.15.58.6, 185.15.59.99, 195.200.68.99, 198.35.26.104, 208.80.153.110, 208.80.154.7, 208.80.155.110 } tcp dport { 22 } accept\n+ip6 saddr { 2001:df2:e500:1:103:102:166:6, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:861:4:208:80:155:110, 2620:0:863:3:198:35:26:104, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept"}, {"resource": "File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/BASTION_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/BASTION_HOSTS_ipv6.nft\n@@ -6,6 +6,7 @@\n                   2620:0:861:1:208:80:154:7,\n                   2a02:ec80:300:3:185:15:59:99,\n                   2620:0:860:4:208:80:153:110,\n+                  2620:0:863:3:198:35:26:104,\n                   2001:df2:e500:1:103:102:166:6,\n                   2a02:ec80:600:1:185:15:58:6,\n                   2a02:ec80:700:3:195:200:68:99"}, {"resource": "Nftables::Service[ssh-from-bastion]", "parameters": "--- Nftables::Service[ssh-from-bastion].orig\n+++ Nftables::Service[ssh-from-bastion]\n\n@@\n-    src_ips => ['103.102.166.6', '185.15.58.6', '185.15.59.99', '195.200.68.99', '2001:df2:e500:1:103:102:166:6', '208.80.153.110', '208.80.154.7', '208.80.155.110', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:861:4:208:80:155:110', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n+    src_ips => ['103.102.166.6', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:1:103:102:166:6', '208.80.153.110', '208.80.154.7', '208.80.155.110', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:861:4:208:80:155:110', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n"}, {"resource": "File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/BASTION_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/BASTION_HOSTS_ipv4.nft\n@@ -6,6 +6,7 @@\n                   208.80.154.7,\n                   208.80.153.110,\n                   185.15.59.99,\n+                  198.35.26.104,\n                   103.102.166.6,\n                   185.15.58.6,\n                   195.200.68.99"}, {"resource": "Nftables::Set[BASTION_HOSTS]", "parameters": "--- Nftables::Set[BASTION_HOSTS].orig\n+++ Nftables::Set[BASTION_HOSTS]\n\n@@\n-    hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n"}, {"resource": "Class[Profile::Firewall]", "parameters": "--- Class[Profile::Firewall].orig\n+++ Class[Profile::Firewall]\n\n@@\n-    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n"}, {"resource": "Class[Profile::Firewall::Nftables_base_sets]", "parameters": "--- Class[Profile::Firewall::Nftables_base_sets].orig\n+++ Class[Profile::Firewall::Nftables_base_sets]\n\n@@\n-    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n"}], "perc_changed": "0.28%"}, "core": {"total": 2907, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/BASTION_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/BASTION_HOSTS_ipv4.nft\n@@ -6,6 +6,7 @@\n                   208.80.154.7,\n                   208.80.153.110,\n                   185.15.59.99,\n+                  198.35.26.104,\n                   103.102.166.6,\n                   185.15.58.6,\n                   195.200.68.99"}, {"resource": "File[/etc/nftables/input/10_ssh-from-bastion.nft]", "content": "--- /etc/nftables/input/10_ssh-from-bastion.nft.orig\n+++ /etc/nftables/input/10_ssh-from-bastion.nft\n@@ -1,4 +1,4 @@\n # Managed by puppet\n # \n-ip saddr { 103.102.166.6, 185.15.58.6, 185.15.59.99, 195.200.68.99, 208.80.153.110, 208.80.154.7, 208.80.155.110 } tcp dport { 22 } accept\n-ip6 saddr { 2001:df2:e500:1:103:102:166:6, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:861:4:208:80:155:110, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept\n+ip saddr { 103.102.166.6, 185.15.58.6, 185.15.59.99, 195.200.68.99, 198.35.26.104, 208.80.153.110, 208.80.154.7, 208.80.155.110 } tcp dport { 22 } accept\n+ip6 saddr { 2001:df2:e500:1:103:102:166:6, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:861:4:208:80:155:110, 2620:0:863:3:198:35:26:104, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept"}, {"resource": "File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/BASTION_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/BASTION_HOSTS_ipv6.nft\n@@ -6,6 +6,7 @@\n                   2620:0:861:1:208:80:154:7,\n                   2a02:ec80:300:3:185:15:59:99,\n                   2620:0:860:4:208:80:153:110,\n+                  2620:0:863:3:198:35:26:104,\n                   2001:df2:e500:1:103:102:166:6,\n                   2a02:ec80:600:1:185:15:58:6,\n                   2a02:ec80:700:3:195:200:68:99"}], "perc_changed": "0.10%"}, "main": {"total": 2907, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/BASTION_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/BASTION_HOSTS_ipv4.nft\n@@ -6,6 +6,7 @@\n                   208.80.154.7,\n                   208.80.153.110,\n                   185.15.59.99,\n+                  198.35.26.104,\n                   103.102.166.6,\n                   185.15.58.6,\n                   195.200.68.99"}, {"resource": "Nftables::Set[BASTION_HOSTS]", "parameters": "--- Nftables::Set[BASTION_HOSTS].orig\n+++ Nftables::Set[BASTION_HOSTS]\n\n@@\n-    hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n"}, {"resource": "Firewall::Service[ssh-from-bastion]", "parameters": "--- Firewall::Service[ssh-from-bastion].orig\n+++ Firewall::Service[ssh-from-bastion]\n\n@@\n-    srange => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    srange => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n"}, {"resource": "Class[Profile::Firewall]", "parameters": "--- Class[Profile::Firewall].orig\n+++ Class[Profile::Firewall]\n\n@@\n-    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n"}, {"resource": "File[/etc/nftables/input/10_ssh-from-bastion.nft]", "content": "--- /etc/nftables/input/10_ssh-from-bastion.nft.orig\n+++ /etc/nftables/input/10_ssh-from-bastion.nft\n@@ -1,4 +1,4 @@\n # Managed by puppet\n # \n-ip saddr { 103.102.166.6, 185.15.58.6, 185.15.59.99, 195.200.68.99, 208.80.153.110, 208.80.154.7, 208.80.155.110 } tcp dport { 22 } accept\n-ip6 saddr { 2001:df2:e500:1:103:102:166:6, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:861:4:208:80:155:110, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept\n+ip saddr { 103.102.166.6, 185.15.58.6, 185.15.59.99, 195.200.68.99, 198.35.26.104, 208.80.153.110, 208.80.154.7, 208.80.155.110 } tcp dport { 22 } accept\n+ip6 saddr { 2001:df2:e500:1:103:102:166:6, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:861:4:208:80:155:110, 2620:0:863:3:198:35:26:104, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept"}, {"resource": "Class[Profile::Firewall::Nftables_base_sets]", "parameters": "--- Class[Profile::Firewall::Nftables_base_sets].orig\n+++ Class[Profile::Firewall::Nftables_base_sets]\n\n@@\n-    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n"}, {"resource": "File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/BASTION_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/BASTION_HOSTS_ipv6.nft\n@@ -6,6 +6,7 @@\n                   2620:0:861:1:208:80:154:7,\n                   2a02:ec80:300:3:185:15:59:99,\n                   2620:0:860:4:208:80:153:110,\n+                  2620:0:863:3:198:35:26:104,\n                   2001:df2:e500:1:103:102:166:6,\n                   2a02:ec80:600:1:185:15:58:6,\n                   2a02:ec80:700:3:195:200:68:99"}, {"resource": "Nftables::Service[ssh-from-bastion]", "parameters": "--- Nftables::Service[ssh-from-bastion].orig\n+++ Nftables::Service[ssh-from-bastion]\n\n@@\n-    src_ips => ['103.102.166.6', '185.15.58.6', '185.15.59.99', '195.200.68.99', '2001:df2:e500:1:103:102:166:6', '208.80.153.110', '208.80.154.7', '208.80.155.110', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:861:4:208:80:155:110', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n+    src_ips => ['103.102.166.6', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:1:103:102:166:6', '208.80.153.110', '208.80.154.7', '208.80.155.110', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:861:4:208:80:155:110', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n"}], "perc_changed": "0.28%"}}}