Compilation results for sretest1005.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources modified

• File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]

  Content differences:

  --- /etc/nftables/sets/BASTION_HOSTS_ipv4.nft.orig
  +++ /etc/nftables/sets/BASTION_HOSTS_ipv4.nft
  @@ -6,6 +6,7 @@
                     208.80.154.7,
                     208.80.153.110,
                     185.15.59.99,
  +                  198.35.26.104,
                     103.102.166.6,
                     185.15.58.6,
                     195.200.68.99

• Nftables::Set[BASTION_HOSTS]

  Parameters differences:

  --- Nftables::Set[BASTION_HOSTS].orig
  +++ Nftables::Set[BASTION_HOSTS]
  
  @@
  -    hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
  +    hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
  

• Firewall::Service[ssh-from-bastion]

  Parameters differences:

  --- Firewall::Service[ssh-from-bastion].orig
  +++ Firewall::Service[ssh-from-bastion]
  
  @@
  -    srange => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
  +    srange => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
  

• Class[Profile::Firewall]

  Parameters differences:

  --- Class[Profile::Firewall].orig
  +++ Class[Profile::Firewall]
  
  @@
  -    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
  +    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
  

• File[/etc/nftables/input/10_ssh-from-bastion.nft]

  Content differences:

  --- /etc/nftables/input/10_ssh-from-bastion.nft.orig
  +++ /etc/nftables/input/10_ssh-from-bastion.nft
  @@ -1,4 +1,4 @@
   # Managed by puppet
   # 
  -ip saddr { 103.102.166.6, 185.15.58.6, 185.15.59.99, 195.200.68.99, 208.80.153.110, 208.80.154.7, 208.80.155.110 } tcp dport { 22 } accept
  -ip6 saddr { 2001:df2:e500:1:103:102:166:6, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:861:4:208:80:155:110, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept
  +ip saddr { 103.102.166.6, 185.15.58.6, 185.15.59.99, 195.200.68.99, 198.35.26.104, 208.80.153.110, 208.80.154.7, 208.80.155.110 } tcp dport { 22 } accept
  +ip6 saddr { 2001:df2:e500:1:103:102:166:6, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:861:4:208:80:155:110, 2620:0:863:3:198:35:26:104, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept

• Class[Profile::Firewall::Nftables_base_sets]

  Parameters differences:

  --- Class[Profile::Firewall::Nftables_base_sets].orig
  +++ Class[Profile::Firewall::Nftables_base_sets]
  
  @@
  -    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
  +    bastion_hosts => ['208.80.155.110', '2620:0:861:4:208:80:155:110', '208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.6', '2001:df2:e500:1:103:102:166:6', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
  

• File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]

  Content differences:

  --- /etc/nftables/sets/BASTION_HOSTS_ipv6.nft.orig
  +++ /etc/nftables/sets/BASTION_HOSTS_ipv6.nft
  @@ -6,6 +6,7 @@
                     2620:0:861:1:208:80:154:7,
                     2a02:ec80:300:3:185:15:59:99,
                     2620:0:860:4:208:80:153:110,
  +                  2620:0:863:3:198:35:26:104,
                     2001:df2:e500:1:103:102:166:6,
                     2a02:ec80:600:1:185:15:58:6,
                     2a02:ec80:700:3:195:200:68:99

• Nftables::Service[ssh-from-bastion]

  Parameters differences:

  --- Nftables::Service[ssh-from-bastion].orig
  +++ Nftables::Service[ssh-from-bastion]
  
  @@
  -    src_ips => ['103.102.166.6', '185.15.58.6', '185.15.59.99', '195.200.68.99', '2001:df2:e500:1:103:102:166:6', '208.80.153.110', '208.80.154.7', '208.80.155.110', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:861:4:208:80:155:110', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']
  +    src_ips => ['103.102.166.6', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:1:103:102:166:6', '208.80.153.110', '208.80.154.7', '208.80.155.110', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:861:4:208:80:155:110', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']
  

Relevant files

• Production catalog
• Change catalog
• Production errors/warnings
• Change errors/warnings
• Core Diff
• Full Diff