Compilation results for pki2002.codfw.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	4897
Resources added:	166
Resources removed:	92
Resources modified:	272
Change percentage:	10.82%

Resources only in the new catalog

File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]
File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]
File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]
File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]
Exec[systemd daemon-reload for nftables.service (nftables)]
File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]
Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]
File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]
File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]
Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]
File[/etc/nftables/sets/INTERNAL_ipv4.nft]
File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]
Systemd::Unmask[nftables.service]
File[/etc/logrotate.d/prometheus-node-textfile-check-nft]
Nftables::Service[csr_and_ocsp_responder]
Nftables::Service[ssh-from-cumin-masters]
Systemd::Unit[nftables]
Service[prometheus-node-textfile-check-nft.timer]
File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]
File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]
File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]
Nftables::File[base]
File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]
Nftables::Set[PRODUCTION_NETWORKS]
File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]
File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]
File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]
File[/etc/nftables/forward]
File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]
Nftables::Set[CUMIN_MASTERS]
File[/etc/nftables/input/10_csr_and_ocsp_responder.nft]
Nftables::Set[DRUID_PUBLIC_HOSTS]
File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]
Nftables::Set[KAFKA_BROKERS_MAIN]
File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]
Rsyslog::Conf[prometheus-node-textfile-check-nft]
Nftables::Set[MGMT_NETWORKS]
File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]
Nftables::Set[ZOOKEEPER_FLINK_HOSTS]
Nftables::Service[full-monitoring-metrics-access-udp]
Nftables::Set[CLOUD_NETWORKS_PUBLIC]
Nftables::Set[MW_APPSERVER_NETWORKS]
Nftables::Set[INTERNAL]
Class[Profile::Firewall::Nftables_base_sets]
File[/etc/nftables/prerouting]
File[/etc/nftables/main.nft]
Prometheus::Node_textfile[check-nft]
File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]
File[/etc/systemd/system/nftables.service.d]
File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]
File[/etc/nftables/sets/INTERNAL_ipv6.nft]
File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]
File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]
File[/etc/nftables/sets/CACHES_ipv6.nft]
Systemd::Unit[prometheus-node-textfile-check-nft.service]
File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]
Nftables::Set[DEPLOYMENT_HOSTS]
File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]
File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]
File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]
File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]
Nftables::Set[LABSTORE_HOSTS]
File[/etc/nftables/input]
Nftables::Set[MYSQL_ROOT_CLIENTS]
Nftables::Service[ssh-from-bastion]
Nftables::Service[multirootca tls termination]
Nftables::Set[DOMAIN_NETWORKS]
File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]
File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]
Nftables::Service[full-monitoring-metrics-access-tcp]
File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]
File[/etc/nftables/sets/CACHES_ipv4.nft]
Systemd::Timer[prometheus-node-textfile-check-nft]
File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]
Nftables::Set[PROMETHEUS_HOSTS]
File[/etc/nftables/]
Nftables::Set[KAFKAMON_HOSTS]
File[/etc/nftables/input/10_multirootca tls termination.nft]
File[/var/log/prometheus-node-textfile-check-nft]
Package[nftables]
File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf]
Nftables::Set[MONITORING_HOSTS]
File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]
File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]
Exec[unmask_nftables.service]
File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]
Nftables::Set[INSTALL_HOSTS]
File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]
File[/etc/nftables/postrouting]
File[/etc/nftables/input/10_ssh-from-bastion.nft]
File[/usr/local/bin/check-nft]
File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]
File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]
File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]
File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]
File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]
File[/etc/systemd/system/nftables.service.d/puppet-override.conf]
File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]
File[/etc/nftables/100_base_puppet.nft]
File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]
Nftables::Set[STAGING_KUBEPODS_NETWORKS]
Nftables::Set[CLOUD_NETWORKS]
File[/etc/nftables/input/10_multirootca-tls-termination-for-cfssl-issuer-k8s-pods.nft]
File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]
Nftables::Service[multirootca-tls-termination-for-cfssl-issuer-k8s-pods]
Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]
File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]
File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer]
Logrotate::Conf[prometheus-node-textfile-check-nft]
File[/etc/nftables.conf]
File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]
Nftables::Set[KAFKA_BROKERS_JUMBO]
Service[nftables]
File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]
Nftables::Set[DSE_KUBEPODS_NETWORKS]
Systemd::Service[nftables]
Nftables::Set[NETWORK_INFRA]
Nftables::Set[ANALYTICS_NETWORKS]
Nftables::Set[ZOOKEEPER_HOSTS_MAIN]
Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]
Systemd::Timer::Job[prometheus-node-textfile-check-nft]
File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]
File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]
File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]
Nftables::Set[LABS_NETWORKS]
File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]
File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]
Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS]
File[/lib/systemd/system/prometheus-node-textfile-check-nft.service]
File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]
File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]
Nftables::Set[CACHES]
Nftables::Set[SANDBOX_NETWORKS]
File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]
Nftables::Set[CLOUD_PRIVATE_NETWORKS]
File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]
Nftables::Set[AUX_KUBEPODS_NETWORKS]
Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]
File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]
Systemd::Service[prometheus-node-textfile-check-nft]
Nftables::Set[FRACK_NETWORKS]
File[/etc/nftables/sets]
File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]
File[/etc/nftables/notrack]
Systemd::Unit[prometheus-node-textfile-check-nft.timer]
File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]
File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]
Systemd::Syslog[prometheus-node-textfile-check-nft]
File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]
File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]
Nftables::Set[KAFKA_BROKERS_LOGGING]
File[/etc/nftables/output]
File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]
File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]
File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]
Class[Nftables]
File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]
File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]
File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]
File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]
File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]
Nftables::Set[BASTION_HOSTS]
File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]
File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]
Nftables::Set[LINK_LOCAL]
File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]

Resources only in the old catalog

File[/etc/nagios/nrpe.d/check_ferm_active.cfg]
Monitoring::Exported_nagios_service[pki2002 ferm_active]
Ferm::Filter_log[filter-bootp]
Exec[update_alternative_ip6tables]
File[/var/log/wmf_auto_restart_ulogd2]
Package[ulogd2]
Ferm::Conf[defs]
File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer]
Ferm::Service[full_monitoring_metrics_access_tcp]
Systemd::Override[ferm-service-status-restart]
Ferm::Service[ssh_from_cumin_masters]
File[/etc/ferm/conf.d/00_defs]
Systemd::Unit[nrpe2nodexp-ferm_active.service]
Systemd::Timer[nrpe2nodexp-ferm_active]
File[/etc/default/ferm]
File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf]
Rsyslog::Conf[ulogd]
Ferm::Service[csr_and_ocsp_responder]
File[/etc/ferm/ferm.conf]
Ferm::Service[multirootca_tls_termination]
File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf]
Systemd::Syslog[wmf_auto_restart_ulogd2]
File[/etc/ferm/functions.conf]
File[/etc/rsyslog.d/40-ulogd.conf]
Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]
Nrpe::Check[check_ferm_active]
Alternatives::Select[iptables]
Systemd::Timer[wmf_auto_restart_ulogd2]
File[/etc/ferm/conf.d/10_csr_and_ocsp_responder]
File[/etc/ferm/conf.d/10_ssh_from_bastion]
File_line[auto_restart_file_presence_ulogd2]
Ferm::Service[full_monitoring_metrics_access_udp]
File[/etc/logrotate.d/wmf_auto_restart_ulogd2]
File[/usr/local/lib/nagios/plugins/check_ferm]
File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]
Systemd::Unit[wmf_auto_restart_ulogd2.timer]
File[/etc/ferm/conf.d/98_log-everything]
File[/etc/ferm/conf.d/98_filter_log_filter-bootp]
File[/etc/systemd/system/ferm.service.d]
Systemd::Unit[wmf_auto_restart_ulogd2.service]
File[/etc/sudoers.d/nrpe-check_ferm_active]
File[/etc/logrotate.d/ulogd]
Ferm::Rule[log-everything]
Systemd::Unit[ferm-ferm-service-status-restart]
Sudo::User[nrpe-check_ferm_active]
Ferm::Rule[dscp-default]
File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp]
File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]
Systemd::Service[nrpe2nodexp-ferm_active]
File[/etc/ferm/conf.d/01_drop-blocked-nets]
Systemd::Unit[nrpe2nodexp-ferm_active.timer]
File[/etc/ferm/conf.d/99_dscp-default]
Class[Profile::Firewall::Log::Ferm]
Monitoring::Service[ferm_active]
File[/etc/ferm/conf.d]
Logrotate::Conf[wmf_auto_restart_ulogd2]
Service[ferm]
Logrotate::Conf[ulogd]
Service[ulogd2]
Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]
File[/var/log/ulogd]
Ferm::Service[multirootca_tls_termination_for_cfssl_issuer_k8s_pods]
File[/etc/ulogd.conf]
Ferm::Conf[main]
File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]
Nrpe::Plugin[check_ferm]
Ferm::Rule[filter_log_filter-bootp]
Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]
File[/lib/systemd/system/wmf_auto_restart_ulogd2.service]
Systemd::Timer::Job[nrpe2nodexp-ferm_active]
File[/etc/ferm/conf.d/02_main]
Class[Ulogd]
Ferm::Service[ssh_from_bastion]
File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]
Ferm::Rule[drop-blocked-nets]
Systemd::Service[wmf_auto_restart_ulogd2]
Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c]
Rsyslog::Conf[wmf_auto_restart_ulogd2]
File[/etc/ferm/conf.d/10_multirootca_tls_termination_for_cfssl_issuer_k8s_pods]
Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]
Alternatives::Select[ip6tables]
Nrpe::Monitor_service[ferm_active]
Systemd::Syslog[ulogd]
Service[wmf_auto_restart_ulogd2.timer]
File[/etc/ferm/conf.d/10_multirootca_tls_termination]
Systemd::Timer::Job[wmf_auto_restart_ulogd2]
Profile::Auto_restarts::Service[ulogd2]
Exec[update_alternative_iptables]
Service[nrpe2nodexp-ferm_active.timer]
File[/etc/ferm/conf.d/10_ssh_from_cumin_masters]
Rsyslog::Conf[nrpe2nodexp-ferm_active]
Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]

Resources modified

File[/etc/systemd/system/nftables.service.d]

Parameters differences:

--- File[/etc/systemd/system/nftables.service.d].orig
+++ File[/etc/systemd/system/nftables.service.d]

+    ensure => directory
+    owner  => root
+    mode   => 0555
+    group  => root

File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set STAGING_KUBEPODS_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:861:babe::/64,
+             2620:0:860:babe::/64
+    }
+}

File[/etc/nftables/sets]

Parameters differences:

--- File[/etc/nftables/sets].orig
+++ File[/etc/nftables/sets]

+    purge   => True
+    group   => root
+    recurse => True
+    ensure  => directory
+    owner   => root

Profile::Auto_restarts::Service[ulogd2]

Parameters differences:

--- Profile::Auto_restarts::Service[ulogd2].orig
+++ Profile::Auto_restarts::Service[ulogd2]

-    ensure => present

Rsyslog::Conf[nrpe2nodexp-ferm_active]

Parameters differences:

--- Rsyslog::Conf[nrpe2nodexp-ferm_active].orig
+++ Rsyslog::Conf[nrpe2nodexp-ferm_active]

-    ensure   => present
-    priority => 25
-    mode     => 0444

File[/etc/modules-load.d/conntrack.conf]

Parameters differences:

--- File[/etc/modules-load.d/conntrack.conf].orig
+++ File[/etc/modules-load.d/conntrack.conf]

@@
-    ensure => file
+    ensure => absent

File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/LABS_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/LABS_NETWORKS_ipv6.nft
@@ -0,0 +1,20 @@
+# Autogenerated by puppet
+set LABS_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2a02:ec80:a000:100::/64,
+             2a02:ec80:a000:1::/64,
+             2a02:ec80:a000:201::/64,
+             2a02:ec80:a000:202::/64,
+             2a02:ec80:a000:203::/64,
+             2a02:ec80:a000:204::/64,
+             2a02:ec80:a000:2ff::/64,
+             2a02:ec80:a000:4000::/64,
+             2a02:ec80:a100:100::/64,
+             2a02:ec80:a100:1::/64,
+             2a02:ec80:a100:205::/64,
+             2a02:ec80:a100:2ff::/64,
+             2a02:ec80:a100:4000::/64
+    }
+}

File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft.orig
+++ /etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set KAFKAMON_HOSTS_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.32.11,
+             10.192.16.139
+    }
+}

File[/usr/local/sbin/ferm-status]

Parameters differences:

--- File[/usr/local/sbin/ferm-status].orig
+++ File[/usr/local/sbin/ferm-status]

@@
-    ensure => file
+    ensure => absent

Service[wmf_auto_restart_ulogd2.timer]

Parameters differences:

--- Service[wmf_auto_restart_ulogd2.timer].orig
+++ Service[wmf_auto_restart_ulogd2.timer]

-    ensure   => running
-    enable   => True
-    provider => systemd

File[/etc/nftables/input]

Parameters differences:

--- File[/etc/nftables/input].orig
+++ File[/etc/nftables/input]

+    purge   => True
+    group   => root
+    recurse => True
+    ensure  => directory
+    owner   => root

File[/etc/ferm/conf.d/00_defs_requestctl]

Parameters differences:

--- File[/etc/ferm/conf.d/00_defs_requestctl].orig
+++ File[/etc/ferm/conf.d/00_defs_requestctl]

@@
-    ensure => file
+    ensure => absent

Exec[update_alternative_iptables]

Parameters differences:

--- Exec[update_alternative_iptables].orig
+++ Exec[update_alternative_iptables]

-    command => /usr/bin/update-alternatives --force --set iptables /usr/sbin/iptables-legacy
-    unless  => /usr/bin/update-alternatives --query iptables | /bin/grep 'Value: /usr/sbin/iptables-legacy'

Nftables::Set[PRODUCTION_NETWORKS]

Parameters differences:

--- Nftables::Set[PRODUCTION_NETWORKS].orig
+++ Nftables::Set[PRODUCTION_NETWORKS]

+    ensure => present
+    hosts  => ['10.128.0.0/24', '10.128.1.0/24', '10.128.2.0/24', '10.132.0.0/24', '10.132.2.0/24', '10.136.0.0/24', '10.136.1.0/24', '10.140.0.0/24', '10.140.1.0/24', '10.140.2.0/24', '10.192.0.0/22', '10.192.10.0/24', '10.192.11.0/24', '10.192.12.0/24', '10.192.13.0/24', '10.192.14.0/24', '10.192.15.0/24', '10.192.16.0/22', '10.192.20.0/24', '10.192.21.0/24', '10.192.22.0/24', '10.192.23.0/24', '10.192.24.0/23', '10.192.26.0/24', '10.192.27.0/24', '10.192.28.0/24', '10.192.29.0/24', '10.192.30.0/24', '10.192.31.0/24', '10.192.32.0/22', '10.192.36.0/24', '10.192.37.0/24', '10.192.38.0/24', '10.192.39.0/24', '10.192.4.0/24', '10.192.40.0/24', '10.192.41.0/24', '10.192.42.0/24', '10.192.43.0/24', '10.192.44.0/24', '10.192.45.0/24', '10.192.46.0/24', '10.192.47.0/24', '10.192.48.0/22', '10.192.5.0/24', '10.192.52.0/24', '10.192.56.0/24', '10.192.57.0/24', '10.192.58.0/24', '10.192.59.0/24', '10.192.6.0/24', '10.192.64.0/21', '10.192.7.0/24', '10.192.72.0/24', '10.192.76.0/24', '10.192.8.0/24', '10.192.80.0/20', '10.192.9.0/24', '10.192.96.0/21', '10.194.0.0/20', '10.194.128.0/17', '10.194.16.0/21', '10.194.61.0/24', '10.194.62.0/23', '10.194.64.0/20', '10.194.80.0/21', '10.2.1.0/24', '10.2.2.0/24', '10.2.3.0/24', '10.2.4.0/24', '10.2.5.0/24', '10.2.6.0/24', '10.2.7.0/24', '10.64.0.0/22', '10.64.130.0/24', '10.64.131.0/24', '10.64.132.0/24', '10.64.133.0/24', '10.64.134.0/24', '10.64.135.0/24', '10.64.136.0/24', '10.64.137.0/24', '10.64.138.0/24', '10.64.139.0/24', '10.64.140.0/24', '10.64.141.0/24', '10.64.142.0/24', '10.64.143.0/24', '10.64.144.0/24', '10.64.145.0/24', '10.64.148.0/24', '10.64.149.0/24', '10.64.150.0/24', '10.64.151.0/24', '10.64.152.0/24', '10.64.153.0/24', '10.64.154.0/24', '10.64.155.0/24', '10.64.156.0/24', '10.64.157.0/24', '10.64.158.0/24', '10.64.159.0/24', '10.64.16.0/22', '10.64.160.0/24', '10.64.161.0/24', '10.64.162.0/24', '10.64.163.0/24', '10.64.164.0/24', '10.64.165.0/24', '10.64.166.0/24', '10.64.167.0/24', '10.64.169.0/24', '10.64.170.0/24', '10.64.171.0/24', '10.64.172.0/24', '10.64.173.0/24', '10.64.174.0/24', '10.64.175.0/24', '10.64.176.0/24', '10.64.177.0/24', '10.64.178.0/24', '10.64.179.0/24', '10.64.180.0/24', '10.64.181.0/24', '10.64.182.0/24', '10.64.183.0/24', '10.64.184.0/24', '10.64.185.0/24', '10.64.186.0/24', '10.64.187.0/24', '10.64.188.0/24', '10.64.189.0/24', '10.64.190.0/24', '10.64.20.0/24', '10.64.21.0/24', '10.64.24.0/23', '10.64.32.0/22', '10.64.36.0/24', '10.64.48.0/22', '10.64.5.0/24', '10.64.53.0/24', '10.64.64.0/21', '10.64.72.0/24', '10.64.76.0/24', '10.67.0.0/20', '10.67.128.0/17', '10.67.16.0/21', '10.67.24.0/21', '10.67.32.0/20', '10.67.64.0/20', '10.67.80.0/21', '10.80.0.0/24', '10.80.1.0/24', '10.80.2.0/24', '103.102.166.0/28', '103.102.166.224/27', '103.102.166.96/27', '185.15.58.0/27', '185.15.58.224/27', '185.15.58.32/27', '185.15.59.0/27', '185.15.59.224/27', '185.15.59.32/27', '185.15.59.96/27', '195.200.68.0/27', '195.200.68.224/27', '195.200.68.32/27', '195.200.68.96/27', '198.35.26.0/27', '198.35.26.32/27', '198.35.26.96/27', '198.35.26.96/27', '2001:df2:e500:101::/64', '2001:df2:e500:103::/64', '2001:df2:e500:1::/64', '2001:df2:e500:3::/64', '2001:df2:e500:ed1a::/64', '208.80.152.128/27', '208.80.153.0/27', '208.80.153.224/27', '208.80.153.32/27', '208.80.153.64/27', '208.80.153.96/27', '208.80.154.0/26', '208.80.154.128/26', '208.80.154.224/27', '208.80.154.64/26', '208.80.155.96/27', '2620:0:860:100::/64', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '2620:0:860:105::/64', '2620:0:860:106::/64', '2620:0:860:107::/64', '2620:0:860:108::/64', '2620:0:860:109::/64', '2620:0:860:10a::/64', '2620:0:860:10b::/64', '2620:0:860:10c::/64', '2620:0:860:10d::/64', '2620:0:860:10e::/64', '2620:0:860:10f::/64', '2620:0:860:110::/64', '2620:0:860:111::/64', '2620:0:860:112::/64', '2620:0:860:113::/64', '2620:0:860:114::/64', '2620:0:860:115::/64', '2620:0:860:116::/64', '2620:0:860:118::/64', '2620:0:860:119::/64', '2620:0:860:11a::/64', '2620:0:860:11b::/64', '2620:0:860:11c::/64', '2620:0:860:11d::/64', '2620:0:860:11e::/64', '2620:0:860:11f::/64', '2620:0:860:120::/64', '2620:0:860:121::/64', '2620:0:860:122::/64', '2620:0:860:123::/64', '2620:0:860:124::/64', '2620:0:860:125::/64', '2620:0:860:126::/64', '2620:0:860:127::/64', '2620:0:860:12b::/64', '2620:0:860:12c::/64', '2620:0:860:12d::/64', '2620:0:860:12e::/64', '2620:0:860:140::/64', '2620:0:860:1::/64', '2620:0:860:2::/64', '2620:0:860:300::/64', '2620:0:860:301::/64', '2620:0:860:302::/64', '2620:0:860:303::/64', '2620:0:860:304::/64', '2620:0:860:305::/64', '2620:0:860:307::/64', '2620:0:860:308::/64', '2620:0:860:3::/64', '2620:0:860:4::/64', '2620:0:860:5::/64', '2620:0:860:babe::/64', '2620:0:860:babf::/64', '2620:0:860:cabe::/64', '2620:0:860:cabf::/64', '2620:0:860:ed1a::/64', '2620:0:861:100::/64', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:104::/64', '2620:0:861:105::/64', '2620:0:861:106::/64', '2620:0:861:107::/64', '2620:0:861:108::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10c::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:110::/64', '2620:0:861:111::/64', '2620:0:861:112::/64', '2620:0:861:113::/64', '2620:0:861:114::/64', '2620:0:861:115::/64', '2620:0:861:116::/64', '2620:0:861:117::/64', '2620:0:861:118::/64', '2620:0:861:119::/64', '2620:0:861:11a::/64', '2620:0:861:11c::/64', '2620:0:861:11d::/64', '2620:0:861:11e::/64', '2620:0:861:11f::/64', '2620:0:861:120::/64', '2620:0:861:121::/64', '2620:0:861:122::/64', '2620:0:861:123::/64', '2620:0:861:124::/64', '2620:0:861:125::/64', '2620:0:861:126::/64', '2620:0:861:127::/64', '2620:0:861:128::/64', '2620:0:861:129::/64', '2620:0:861:12a::/64', '2620:0:861:12b::/64', '2620:0:861:12c::/64', '2620:0:861:12d::/64', '2620:0:861:12e::/64', '2620:0:861:12f::/64', '2620:0:861:131::/64', '2620:0:861:132::/64', '2620:0:861:133::/64', '2620:0:861:134::/64', '2620:0:861:135::/64', '2620:0:861:136::/64', '2620:0:861:137::/64', '2620:0:861:138::/64', '2620:0:861:139::/64', '2620:0:861:13a::/64', '2620:0:861:13b::/64', '2620:0:861:13c::/64', '2620:0:861:13d::/64', '2620:0:861:13e::/64', '2620:0:861:13f::/64', '2620:0:861:140::/64', '2620:0:861:141::/64', '2620:0:861:142::/64', '2620:0:861:143::/64', '2620:0:861:144::/64', '2620:0:861:145::/64', '2620:0:861:1::/64', '2620:0:861:2::/64', '2620:0:861:300::/64', '2620:0:861:301::/116', '2620:0:861:302::/64', '2620:0:861:303::/116', '2620:0:861:304::/116', '2620:0:861:305::/64', '2620:0:861:3::/64', '2620:0:861:4::/64', '2620:0:861:babe::/64', '2620:0:861:babf::/116', '2620:0:861:cabe::/64', '2620:0:861:cabf::/116', '2620:0:861:ed1a::/64', '2620:0:863:101::/64', '2620:0:863:102::/64', '2620:0:863:103::/64', '2620:0:863:1::/64', '2620:0:863:2::/64', '2620:0:863:3::/64', '2620:0:863:ed1a::/64', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '2a02:ec80:300:103::/64', '2a02:ec80:300:1::/64', '2a02:ec80:300:2::/64', '2a02:ec80:300:3::/64', '2a02:ec80:300:ed1a::/64', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '2a02:ec80:600:1::/64', '2a02:ec80:600:2::/64', '2a02:ec80:600:ed1a::/64', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64', '2a02:ec80:700:103::/64', '2a02:ec80:700:1::/64', '2a02:ec80:700:2::/64', '2a02:ec80:700:3::/64', '2a02:ec80:700:ed1a::/64']

File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set DSE_KUBEPODS_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:861:302::/64,
+             2620:0:860:308::/64
+    }
+}

File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft.orig
+++ /etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft
@@ -0,0 +1,42 @@
+# Autogenerated by puppet
+set LOAD_BALANCER_HEALTH_CHECKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:861:101::/64,
+             2620:0:861:102::/64,
+             2620:0:861:103::/64,
+             2620:0:861:107::/64,
+             2620:0:861:109::/64,
+             2620:0:861:10a::/64,
+             2620:0:861:10b::/64,
+             2620:0:861:10d::/64,
+             2620:0:861:10e::/64,
+             2620:0:861:10f::/64,
+             2620:0:861:119::/64,
+             2620:0:861:10c::/64,
+             2620:0:861:113::/64,
+             2620:0:861:131::/64,
+             2620:0:861:133::/64,
+             2620:0:861:135::/64,
+             2620:0:861:137::/64,
+             2620:0:861:139::/64,
+             2620:0:861:13b::/64,
+             2620:0:861:13d::/64,
+             2620:0:861:13f::/64,
+             2620:0:861:142::/64,
+             2620:0:861:144::/64,
+             2620:0:860:101::/64,
+             2620:0:860:102::/64,
+             2620:0:860:103::/64,
+             2620:0:860:104::/64,
+             2a02:ec80:300:101::/64,
+             2a02:ec80:300:102::/64,
+             2620:0:863:101::/64,
+             2001:df2:e500:101::/64,
+             2a02:ec80:600:101::/64,
+             2a02:ec80:600:102::/64,
+             2a02:ec80:700:101::/64,
+             2a02:ec80:700:102::/64
+    }
+}

Systemd::Service[nftables]

Parameters differences:

--- Systemd::Service[nftables].orig
+++ Systemd::Service[nftables]

+    monitoring_enabled       => False
+    migration_task           => T407130
+    ensure                   => present
+    restart                  => False
+    monitoring_critical      => False
+    override                 => True
+    monitoring_contact_group => admins
+    service_params           => {'hasrestart': True, 'restart': '/usr/bin/systemctl reload nftables'}
+    unit_type                => service

File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]

Parameters differences:

--- File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer].orig
+++ File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]

-    group  => root
-    mode   => 0444
-    notify => Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]
-    ensure => present
-    owner  => root

Content differences:

--- /lib/systemd/system/nrpe2nodexp-ferm_active.timer.orig
+++ /lib/systemd/system/nrpe2nodexp-ferm_active.timer
@@ -1,14 +0,0 @@
-[Unit]
-Description=Periodic execution of nrpe2nodexp-ferm_active.service
-
-[Timer]
-Unit=nrpe2nodexp-ferm_active.service
-# Accuracy sets the maximum time interval around the execution time we want to allow
-AccuracySec=15sec
-OnUnitInactiveSec=10min
-OnActiveSec=1s
-RandomizedDelaySec=600
-FixedRandomDelay=true
-
-[Install]
-WantedBy=multi-user.target

File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft.orig
+++ /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft
@@ -0,0 +1,11 @@
+# Autogenerated by puppet
+set ZOOKEEPER_FLINK_HOSTS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:102:10:64:16:9,
+             2620:0:861:101:10:64:0:8,
+             2620:0:861:103:10:64:32:41,
+             2620:0:860:102:10:192:16:227,
+             2620:0:860:103:10:192:32:179,
+             2620:0:860:104:10:192:48:219
+    }
+}

File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft
@@ -0,0 +1,99 @@
+# Autogenerated by puppet
+set MW_APPSERVER_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:861:101::/64,
+             2620:0:861:102::/64,
+             2620:0:861:103::/64,
+             2620:0:861:107::/64,
+             2620:0:861:109::/64,
+             2620:0:861:10a::/64,
+             2620:0:861:10b::/64,
+             2620:0:861:10c::/64,
+             2620:0:861:10d::/64,
+             2620:0:861:10e::/64,
+             2620:0:861:10f::/64,
+             2620:0:861:113::/64,
+             2620:0:861:119::/64,
+             2620:0:861:120::/64,
+             2620:0:861:122::/64,
+             2620:0:861:124::/64,
+             2620:0:861:126::/64,
+             2620:0:861:128::/64,
+             2620:0:861:12a::/64,
+             2620:0:861:12c::/64,
+             2620:0:861:12e::/64,
+             2620:0:861:131::/64,
+             2620:0:861:133::/64,
+             2620:0:861:135::/64,
+             2620:0:861:137::/64,
+             2620:0:861:139::/64,
+             2620:0:861:13b::/64,
+             2620:0:861:13d::/64,
+             2620:0:861:13f::/64,
+             2620:0:861:142::/64,
+             2620:0:861:144::/64,
+             2620:0:860:100::/64,
+             2620:0:860:101::/64,
+             2620:0:860:102::/64,
+             2620:0:860:103::/64,
+             2620:0:860:104::/64,
+             2620:0:860:105::/64,
+             2620:0:860:106::/64,
+             2620:0:860:107::/64,
+             2620:0:860:108::/64,
+             2620:0:860:109::/64,
+             2620:0:860:10a::/64,
+             2620:0:860:10b::/64,
+             2620:0:860:10c::/64,
+             2620:0:860:10d::/64,
+             2620:0:860:10e::/64,
+             2620:0:860:10f::/64,
+             2620:0:860:110::/64,
+             2620:0:860:111::/64,
+             2620:0:860:112::/64,
+             2620:0:860:113::/64,
+             2620:0:860:114::/64,
+             2620:0:860:115::/64,
+             2620:0:860:116::/64,
+             2620:0:860:119::/64,
+             2620:0:860:11a::/64,
+             2620:0:860:11b::/64,
+             2620:0:860:11c::/64,
+             2620:0:860:11d::/64,
+             2620:0:860:11e::/64,
+             2620:0:860:11f::/64,
+             2620:0:860:120::/64,
+             2620:0:860:121::/64,
+             2620:0:860:122::/64,
+             2620:0:860:123::/64,
+             2620:0:860:124::/64,
+             2620:0:860:125::/64,
+             2620:0:860:126::/64,
+             2620:0:860:127::/64,
+             2620:0:860:12b::/64,
+             2620:0:860:12c::/64,
+             2620:0:860:12d::/64,
+             2620:0:860:12e::/64,
+             2620:0:860:300::/64,
+             2620:0:860:302::/64,
+             2620:0:860:305::/64,
+             2620:0:860:308::/64,
+             2620:0:860:babe::/64,
+             2620:0:860:cabe::/64,
+             2620:0:861:300::/64,
+             2620:0:861:302::/64,
+             2620:0:861:305::/64,
+             2620:0:861:babe::/64,
+             2620:0:861:cabe::/64,
+             2620:0:861:1::/64,
+             2620:0:861:2::/64,
+             2620:0:861:3::/64,
+             2620:0:861:4::/64,
+             2620:0:860:1::/64,
+             2620:0:860:2::/64,
+             2620:0:860:3::/64,
+             2620:0:860:4::/64
+    }
+}

File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/INSTALL_HOSTS_ipv4.nft.orig
+++ /etc/nftables/sets/INSTALL_HOSTS_ipv4.nft
@@ -0,0 +1,12 @@
+# Autogenerated by puppet
+set INSTALL_HOSTS_ipv4 {
+    type ipv4_addr
+    elements = { 208.80.154.134,
+             208.80.153.70,
+             185.15.59.101,
+             198.35.26.98,
+             103.102.166.11,
+             185.15.58.7,
+             195.200.68.100
+    }
+}

Nftables::Set[MW_APPSERVER_NETWORKS]

Parameters differences:

--- Nftables::Set[MW_APPSERVER_NETWORKS].orig
+++ Nftables::Set[MW_APPSERVER_NETWORKS]

+    ensure => present
+    hosts  => ['10.64.0.0/22', '10.64.130.0/24', '10.64.131.0/24', '10.64.132.0/24', '10.64.133.0/24', '10.64.134.0/24', '10.64.135.0/24', '10.64.136.0/24', '10.64.141.0/24', '10.64.152.0/24', '10.64.154.0/24', '10.64.156.0/24', '10.64.158.0/24', '10.64.16.0/22', '10.64.160.0/24', '10.64.162.0/24', '10.64.164.0/24', '10.64.166.0/24', '10.64.169.0/24', '10.64.171.0/24', '10.64.173.0/24', '10.64.175.0/24', '10.64.177.0/24', '10.64.179.0/24', '10.64.181.0/24', '10.64.183.0/24', '10.64.185.0/24', '10.64.187.0/24', '10.64.189.0/24', '10.64.32.0/22', '10.64.48.0/22', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:107::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10c::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:113::/64', '2620:0:861:119::/64', '2620:0:861:120::/64', '2620:0:861:122::/64', '2620:0:861:124::/64', '2620:0:861:126::/64', '2620:0:861:128::/64', '2620:0:861:12a::/64', '2620:0:861:12c::/64', '2620:0:861:12e::/64', '2620:0:861:131::/64', '2620:0:861:133::/64', '2620:0:861:135::/64', '2620:0:861:137::/64', '2620:0:861:139::/64', '2620:0:861:13b::/64', '2620:0:861:13d::/64', '2620:0:861:13f::/64', '2620:0:861:142::/64', '2620:0:861:144::/64', '10.192.0.0/22', '10.192.10.0/24', '10.192.11.0/24', '10.192.12.0/24', '10.192.13.0/24', '10.192.14.0/24', '10.192.15.0/24', '10.192.16.0/22', '10.192.21.0/24', '10.192.22.0/24', '10.192.23.0/24', '10.192.26.0/24', '10.192.27.0/24', '10.192.28.0/24', '10.192.29.0/24', '10.192.30.0/24', '10.192.31.0/24', '10.192.32.0/22', '10.192.36.0/24', '10.192.37.0/24', '10.192.38.0/24', '10.192.39.0/24', '10.192.4.0/24', '10.192.40.0/24', '10.192.41.0/24', '10.192.42.0/24', '10.192.43.0/24', '10.192.44.0/24', '10.192.45.0/24', '10.192.46.0/24', '10.192.47.0/24', '10.192.48.0/22', '10.192.5.0/24', '10.192.52.0/24', '10.192.56.0/24', '10.192.57.0/24', '10.192.58.0/24', '10.192.59.0/24', '10.192.6.0/24', '10.192.7.0/24', '10.192.8.0/24', '10.192.9.0/24', '2620:0:860:100::/64', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '2620:0:860:105::/64', '2620:0:860:106::/64', '2620:0:860:107::/64', '2620:0:860:108::/64', '2620:0:860:109::/64', '2620:0:860:10a::/64', '2620:0:860:10b::/64', '2620:0:860:10c::/64', '2620:0:860:10d::/64', '2620:0:860:10e::/64', '2620:0:860:10f::/64', '2620:0:860:110::/64', '2620:0:860:111::/64', '2620:0:860:112::/64', '2620:0:860:113::/64', '2620:0:860:114::/64', '2620:0:860:115::/64', '2620:0:860:116::/64', '2620:0:860:119::/64', '2620:0:860:11a::/64', '2620:0:860:11b::/64', '2620:0:860:11c::/64', '2620:0:860:11d::/64', '2620:0:860:11e::/64', '2620:0:860:11f::/64', '2620:0:860:120::/64', '2620:0:860:121::/64', '2620:0:860:122::/64', '2620:0:860:123::/64', '2620:0:860:124::/64', '2620:0:860:125::/64', '2620:0:860:126::/64', '2620:0:860:127::/64', '2620:0:860:12b::/64', '2620:0:860:12c::/64', '2620:0:860:12d::/64', '2620:0:860:12e::/64', '10.192.64.0/21', '10.192.96.0/21', '10.194.128.0/17', '10.194.16.0/21', '10.194.61.0/24', '10.194.80.0/21', '10.64.64.0/21', '10.67.128.0/17', '10.67.16.0/21', '10.67.24.0/21', '10.67.80.0/21', '2620:0:860:300::/64', '2620:0:860:302::/64', '2620:0:860:305::/64', '2620:0:860:308::/64', '2620:0:860:babe::/64', '2620:0:860:cabe::/64', '2620:0:861:300::/64', '2620:0:861:302::/64', '2620:0:861:305::/64', '2620:0:861:babe::/64', '2620:0:861:cabe::/64', '208.80.154.0/26', '208.80.154.128/26', '208.80.154.64/26', '208.80.155.96/27', '2620:0:861:1::/64', '2620:0:861:2::/64', '2620:0:861:3::/64', '2620:0:861:4::/64', '208.80.153.0/27', '208.80.153.32/27', '208.80.153.64/27', '208.80.153.96/27', '2620:0:860:1::/64', '2620:0:860:2::/64', '2620:0:860:3::/64', '2620:0:860:4::/64']

Systemd::Service[wmf_auto_restart_ulogd2]

Parameters differences:

--- Systemd::Service[wmf_auto_restart_ulogd2].orig
+++ Systemd::Service[wmf_auto_restart_ulogd2]

-    monitoring_enabled       => False
-    migration_task           => T407130
-    ensure                   => present
-    restart                  => False
-    monitoring_critical      => False
-    require                  => Systemd::Unit[wmf_auto_restart_ulogd2.service]
-    override                 => False
-    monitoring_contact_group => admins
-    service_params           => {}
-    unit_type                => timer

File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set STAGING_KUBEPODS_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.64.64.0/21,
+             10.192.64.0/21
+    }
+}

Systemd::Unit[nftables]

Parameters differences:

--- Systemd::Unit[nftables].orig
+++ Systemd::Unit[nftables]

+    require           => ['Class[Systemd]']
+    override          => True
+    ensure            => present
+    restart           => False
+    unit              => nftables
+    override_filename => puppet-override.conf

File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft].orig
+++ File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CUMIN_MASTERS_ipv4.nft.orig
+++ /etc/nftables/sets/CUMIN_MASTERS_ipv4.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set CUMIN_MASTERS_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.16.154,
+             10.192.32.49
+    }
+}

Nftables::Set[DOMAIN_NETWORKS]

Parameters differences:

--- Nftables::Set[DOMAIN_NETWORKS].orig
+++ Nftables::Set[DOMAIN_NETWORKS]

+    ensure => present
+    hosts  => ['10.128.0.0/24', '10.128.1.0/24', '10.128.2.0/24', '10.132.0.0/24', '10.132.2.0/24', '10.136.0.0/24', '10.136.1.0/24', '10.140.0.0/24', '10.140.1.0/24', '10.140.2.0/24', '10.192.0.0/22', '10.192.10.0/24', '10.192.11.0/24', '10.192.12.0/24', '10.192.13.0/24', '10.192.14.0/24', '10.192.15.0/24', '10.192.16.0/22', '10.192.20.0/24', '10.192.21.0/24', '10.192.22.0/24', '10.192.23.0/24', '10.192.24.0/23', '10.192.26.0/24', '10.192.27.0/24', '10.192.28.0/24', '10.192.29.0/24', '10.192.30.0/24', '10.192.31.0/24', '10.192.32.0/22', '10.192.36.0/24', '10.192.37.0/24', '10.192.38.0/24', '10.192.39.0/24', '10.192.4.0/24', '10.192.40.0/24', '10.192.41.0/24', '10.192.42.0/24', '10.192.43.0/24', '10.192.44.0/24', '10.192.45.0/24', '10.192.46.0/24', '10.192.47.0/24', '10.192.48.0/22', '10.192.5.0/24', '10.192.52.0/24', '10.192.56.0/24', '10.192.57.0/24', '10.192.58.0/24', '10.192.59.0/24', '10.192.6.0/24', '10.192.64.0/21', '10.192.7.0/24', '10.192.72.0/24', '10.192.76.0/24', '10.192.8.0/24', '10.192.80.0/20', '10.192.9.0/24', '10.192.96.0/21', '10.194.0.0/20', '10.194.128.0/17', '10.194.16.0/21', '10.194.61.0/24', '10.194.62.0/23', '10.194.64.0/20', '10.194.80.0/21', '10.2.1.0/24', '10.2.2.0/24', '10.2.3.0/24', '10.2.4.0/24', '10.2.5.0/24', '10.2.6.0/24', '10.2.7.0/24', '10.64.0.0/22', '10.64.130.0/24', '10.64.131.0/24', '10.64.132.0/24', '10.64.133.0/24', '10.64.134.0/24', '10.64.135.0/24', '10.64.136.0/24', '10.64.137.0/24', '10.64.138.0/24', '10.64.139.0/24', '10.64.140.0/24', '10.64.141.0/24', '10.64.142.0/24', '10.64.143.0/24', '10.64.144.0/24', '10.64.145.0/24', '10.64.148.0/24', '10.64.149.0/24', '10.64.150.0/24', '10.64.151.0/24', '10.64.152.0/24', '10.64.153.0/24', '10.64.154.0/24', '10.64.155.0/24', '10.64.156.0/24', '10.64.157.0/24', '10.64.158.0/24', '10.64.159.0/24', '10.64.16.0/22', '10.64.160.0/24', '10.64.161.0/24', '10.64.162.0/24', '10.64.163.0/24', '10.64.164.0/24', '10.64.165.0/24', '10.64.166.0/24', '10.64.167.0/24', '10.64.169.0/24', '10.64.170.0/24', '10.64.171.0/24', '10.64.172.0/24', '10.64.173.0/24', '10.64.174.0/24', '10.64.175.0/24', '10.64.176.0/24', '10.64.177.0/24', '10.64.178.0/24', '10.64.179.0/24', '10.64.180.0/24', '10.64.181.0/24', '10.64.182.0/24', '10.64.183.0/24', '10.64.184.0/24', '10.64.185.0/24', '10.64.186.0/24', '10.64.187.0/24', '10.64.188.0/24', '10.64.189.0/24', '10.64.190.0/24', '10.64.20.0/24', '10.64.21.0/24', '10.64.24.0/23', '10.64.32.0/22', '10.64.36.0/24', '10.64.48.0/22', '10.64.5.0/24', '10.64.53.0/24', '10.64.64.0/21', '10.64.72.0/24', '10.64.76.0/24', '10.67.0.0/20', '10.67.128.0/17', '10.67.16.0/21', '10.67.24.0/21', '10.67.32.0/20', '10.67.64.0/20', '10.67.80.0/21', '10.80.0.0/24', '10.80.1.0/24', '10.80.2.0/24', '103.102.166.0/28', '103.102.166.224/27', '103.102.166.96/27', '185.15.58.0/27', '185.15.58.224/27', '185.15.58.32/27', '185.15.59.0/27', '185.15.59.224/27', '185.15.59.32/27', '185.15.59.96/27', '195.200.68.0/27', '195.200.68.224/27', '195.200.68.32/27', '195.200.68.96/27', '198.35.26.0/27', '198.35.26.32/27', '198.35.26.96/27', '198.35.26.96/27', '2001:df2:e500:101::/64', '2001:df2:e500:103::/64', '2001:df2:e500:1::/64', '2001:df2:e500:3::/64', '2001:df2:e500:ed1a::/64', '208.80.152.128/27', '208.80.153.0/27', '208.80.153.224/27', '208.80.153.32/27', '208.80.153.64/27', '208.80.153.96/27', '208.80.154.0/26', '208.80.154.128/26', '208.80.154.224/27', '208.80.154.64/26', '208.80.155.96/27', '2620:0:860:100::/64', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '2620:0:860:105::/64', '2620:0:860:106::/64', '2620:0:860:107::/64', '2620:0:860:108::/64', '2620:0:860:109::/64', '2620:0:860:10a::/64', '2620:0:860:10b::/64', '2620:0:860:10c::/64', '2620:0:860:10d::/64', '2620:0:860:10e::/64', '2620:0:860:10f::/64', '2620:0:860:110::/64', '2620:0:860:111::/64', '2620:0:860:112::/64', '2620:0:860:113::/64', '2620:0:860:114::/64', '2620:0:860:115::/64', '2620:0:860:116::/64', '2620:0:860:118::/64', '2620:0:860:119::/64', '2620:0:860:11a::/64', '2620:0:860:11b::/64', '2620:0:860:11c::/64', '2620:0:860:11d::/64', '2620:0:860:11e::/64', '2620:0:860:11f::/64', '2620:0:860:120::/64', '2620:0:860:121::/64', '2620:0:860:122::/64', '2620:0:860:123::/64', '2620:0:860:124::/64', '2620:0:860:125::/64', '2620:0:860:126::/64', '2620:0:860:127::/64', '2620:0:860:12b::/64', '2620:0:860:12c::/64', '2620:0:860:12d::/64', '2620:0:860:12e::/64', '2620:0:860:140::/64', '2620:0:860:1::/64', '2620:0:860:2::/64', '2620:0:860:300::/64', '2620:0:860:301::/64', '2620:0:860:302::/64', '2620:0:860:303::/64', '2620:0:860:304::/64', '2620:0:860:305::/64', '2620:0:860:307::/64', '2620:0:860:308::/64', '2620:0:860:3::/64', '2620:0:860:4::/64', '2620:0:860:5::/64', '2620:0:860:babe::/64', '2620:0:860:babf::/64', '2620:0:860:cabe::/64', '2620:0:860:cabf::/64', '2620:0:860:ed1a::/64', '2620:0:861:100::/64', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:104::/64', '2620:0:861:105::/64', '2620:0:861:106::/64', '2620:0:861:107::/64', '2620:0:861:108::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10c::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:110::/64', '2620:0:861:111::/64', '2620:0:861:112::/64', '2620:0:861:113::/64', '2620:0:861:114::/64', '2620:0:861:115::/64', '2620:0:861:116::/64', '2620:0:861:117::/64', '2620:0:861:118::/64', '2620:0:861:119::/64', '2620:0:861:11a::/64', '2620:0:861:11c::/64', '2620:0:861:11d::/64', '2620:0:861:11e::/64', '2620:0:861:11f::/64', '2620:0:861:120::/64', '2620:0:861:121::/64', '2620:0:861:122::/64', '2620:0:861:123::/64', '2620:0:861:124::/64', '2620:0:861:125::/64', '2620:0:861:126::/64', '2620:0:861:127::/64', '2620:0:861:128::/64', '2620:0:861:129::/64', '2620:0:861:12a::/64', '2620:0:861:12b::/64', '2620:0:861:12c::/64', '2620:0:861:12d::/64', '2620:0:861:12e::/64', '2620:0:861:12f::/64', '2620:0:861:131::/64', '2620:0:861:132::/64', '2620:0:861:133::/64', '2620:0:861:134::/64', '2620:0:861:135::/64', '2620:0:861:136::/64', '2620:0:861:137::/64', '2620:0:861:138::/64', '2620:0:861:139::/64', '2620:0:861:13a::/64', '2620:0:861:13b::/64', '2620:0:861:13c::/64', '2620:0:861:13d::/64', '2620:0:861:13e::/64', '2620:0:861:13f::/64', '2620:0:861:140::/64', '2620:0:861:141::/64', '2620:0:861:142::/64', '2620:0:861:143::/64', '2620:0:861:144::/64', '2620:0:861:145::/64', '2620:0:861:1::/64', '2620:0:861:2::/64', '2620:0:861:300::/64', '2620:0:861:301::/116', '2620:0:861:302::/64', '2620:0:861:303::/116', '2620:0:861:304::/116', '2620:0:861:305::/64', '2620:0:861:3::/64', '2620:0:861:4::/64', '2620:0:861:babe::/64', '2620:0:861:babf::/116', '2620:0:861:cabe::/64', '2620:0:861:cabf::/116', '2620:0:861:ed1a::/64', '2620:0:863:101::/64', '2620:0:863:102::/64', '2620:0:863:103::/64', '2620:0:863:1::/64', '2620:0:863:2::/64', '2620:0:863:3::/64', '2620:0:863:ed1a::/64', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '2a02:ec80:300:103::/64', '2a02:ec80:300:1::/64', '2a02:ec80:300:2::/64', '2a02:ec80:300:3::/64', '2a02:ec80:300:ed1a::/64', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '2a02:ec80:600:1::/64', '2a02:ec80:600:2::/64', '2a02:ec80:600:ed1a::/64', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64', '2a02:ec80:700:103::/64', '2a02:ec80:700:1::/64', '2a02:ec80:700:2::/64', '2a02:ec80:700:3::/64', '2a02:ec80:700:ed1a::/64']

Monitoring::Service[ferm_active]

Parameters differences:

--- Monitoring::Service[ferm_active].orig
+++ Monitoring::Service[ferm_active]

-    check_interval => 30
-    description    => Check whether ferm is active by checking the default input chain
-    contact_group  => admins
-    migration_task => T350694
-    notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm
-    ensure         => present
-    retry_interval => 1
-    freshness      => 36000
-    check_command  => nrpe_check!check_ferm_active!10
-    retries        => 3
-    config_dir     => /etc/nagios
-    passive        => False
-    host           => pki2002
-    critical       => False

File[/etc/ferm/conf.d/02_main]

Parameters differences:

--- File[/etc/ferm/conf.d/02_main].orig
+++ File[/etc/ferm/conf.d/02_main]

-    mode    => 0400
-    notify  => Service[ferm]
-    ensure  => present
-    source  => puppet:///modules/base/firewall/main-input-default-drop.conf
-    group   => root
-    require => File[/etc/ferm/conf.d]
-    tag     => ferm
-    owner   => root

File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft.orig
+++ /etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft
@@ -0,0 +1,15 @@
+# Autogenerated by puppet
+set KAFKA_BROKERS_LOGGING_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:102:10:64:16:205,
+             2620:0:861:10c:10:64:133:11,
+             2620:0:861:13d:10:64:183:12,
+             2620:0:861:10a:10:64:131:13,
+             2620:0:861:10e:10:64:135:13,
+             2620:0:860:113:10:192:23:29,
+             2620:0:860:10c:10:192:11:28,
+             2620:0:860:105:10:192:26:22,
+             2620:0:860:10c:10:192:11:27,
+             2620:0:860:11e:10:192:39:25
+    }
+}

Nftables::Set[KAFKA_BROKERS_LOGGING]

Parameters differences:

--- Nftables::Set[KAFKA_BROKERS_LOGGING].orig
+++ Nftables::Set[KAFKA_BROKERS_LOGGING]

+    ensure => present
+    hosts  => ['10.64.16.205', '2620:0:861:102:10:64:16:205', '10.64.133.11', '2620:0:861:10c:10:64:133:11', '10.64.183.12', '2620:0:861:13d:10:64:183:12', '10.64.131.13', '2620:0:861:10a:10:64:131:13', '10.64.135.13', '2620:0:861:10e:10:64:135:13', '10.192.23.29', '2620:0:860:113:10:192:23:29', '10.192.11.28', '2620:0:860:10c:10:192:11:28', '10.192.26.22', '2620:0:860:105:10:192:26:22', '10.192.11.27', '2620:0:860:10c:10:192:11:27', '10.192.39.25', '2620:0:860:11e:10:192:39:25']

Rsyslog::Conf[prometheus-node-textfile-check-nft]

Parameters differences:

--- Rsyslog::Conf[prometheus-node-textfile-check-nft].orig
+++ Rsyslog::Conf[prometheus-node-textfile-check-nft]

+    mode     => 0444
+    ensure   => present
+    priority => 40
+    require  => File[/var/log/prometheus-node-textfile-check-nft]

File[/var/log/prometheus-node-textfile-check-nft]

Parameters differences:

--- File[/var/log/prometheus-node-textfile-check-nft].orig
+++ File[/var/log/prometheus-node-textfile-check-nft]

+    group  => root
+    mode   => 0755
+    force  => True
+    ensure => directory
+    owner  => root
+    backup => False

Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]

Parameters differences:

--- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)].orig
+++ Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True

Systemd::Syslog[prometheus-node-textfile-check-nft]

Parameters differences:

--- Systemd::Syslog[prometheus-node-textfile-check-nft].orig
+++ Systemd::Syslog[prometheus-node-textfile-check-nft]

+    base_dir               => /var/log
+    readable_by            => all
+    ensure                 => present
+    log_filename           => syslog.log
+    force_stop             => True
+    group                  => root
+    owner                  => root
+    programname_comparison => startswith

Service[nrpe2nodexp-ferm_active.timer]

Parameters differences:

--- Service[nrpe2nodexp-ferm_active.timer].orig
+++ Service[nrpe2nodexp-ferm_active.timer]

-    ensure   => running
-    enable   => True
-    provider => systemd

Nftables::Set[CLOUD_NETWORKS_PUBLIC]

Parameters differences:

--- Nftables::Set[CLOUD_NETWORKS_PUBLIC].orig
+++ Nftables::Set[CLOUD_NETWORKS_PUBLIC]

+    ensure => present
+    hosts  => ['185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:4000::/64']

File[/etc/nftables/output]

Parameters differences:

--- File[/etc/nftables/output].orig
+++ File[/etc/nftables/output]

+    purge   => True
+    group   => root
+    recurse => True
+    ensure  => directory
+    owner   => root

File[/etc/nftables/sets/INTERNAL_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/INTERNAL_ipv4.nft].orig
+++ File[/etc/nftables/sets/INTERNAL_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/INTERNAL_ipv4.nft.orig
+++ /etc/nftables/sets/INTERNAL_ipv4.nft
@@ -0,0 +1,8 @@
+# Autogenerated by puppet
+set INTERNAL_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.0.0.0/8
+    }
+}

Nftables::File[base]

Parameters differences:

--- Nftables::File[base].orig
+++ Nftables::File[base]

+    ensure => present
+    order  => 100

File[/etc/nftables/100_base_puppet.nft]

Parameters differences:

--- File[/etc/nftables/100_base_puppet.nft].orig
+++ File[/etc/nftables/100_base_puppet.nft]

+    group   => root
+    mode    => 0444
+    require => File[/etc/nftables/]
+    notify  => ['Service[nftables]']
+    ensure  => present
+    owner   => root
+    tag     => nft

Content differences:

--- /etc/nftables/100_base_puppet.nft.orig
+++ /etc/nftables/100_base_puppet.nft
@@ -0,0 +1,45 @@
+# SPDX-License-Identifier: Apache-2.0
+table inet base {
+
+    # Include all Puppet-managed sets
+    include "/etc/nftables/sets/*.nft"
+
+    chain prerouting {
+        type filter hook prerouting priority -300;
+
+        # Include all Puppet-managed rules targetting prerouting chain
+        include "/etc/nftables/prerouting/*.nft"
+        # Include all Puppet-managed exceptions from connection tracking
+        include "/etc/nftables/notrack/*.nft"
+    }
+
+    chain input {
+        type filter hook input priority 0 ; policy drop;
+
+        ct state related,established accept
+        iifname "lo" accept
+        pkttype multicast accept
+        meta l4proto ipv6-icmp accept
+        ip protocol icmp accept
+
+        # Include all Puppet-managed service definitions for incoming traffic
+        include "/etc/nftables/input/*.nft"
+    }
+
+    chain output {
+        type filter hook output priority 0 ; policy accept;
+
+        # Include any Puppet-managed client definitions filtering outbound traffic
+        include "/etc/nftables/output/*.nft"
+    }
+
+    chain postrouting {
+        type filter hook postrouting priority 0 ;
+
+        # Include any Puppet-managed custom rules to mark DSCP bits
+        include "/etc/nftables/postrouting/*.nft"
+        # Anything else mark as CS0 / default priority class
+        ip dscp != cs0 ip dscp set cs0 counter
+        ip6 dscp != cs0 ip6 dscp set cs0 counter
+    }
+}

Rsyslog::Conf[wmf_auto_restart_ulogd2]

Parameters differences:

--- Rsyslog::Conf[wmf_auto_restart_ulogd2].orig
+++ Rsyslog::Conf[wmf_auto_restart_ulogd2]

-    mode     => 0444
-    ensure   => present
-    priority => 40
-    require  => File[/var/log/wmf_auto_restart_ulogd2]

File[/etc/nftables/input/10_csr_and_ocsp_responder.nft]

Parameters differences:

--- File[/etc/nftables/input/10_csr_and_ocsp_responder.nft].orig
+++ File[/etc/nftables/input/10_csr_and_ocsp_responder.nft]

+    group   => root
+    mode    => 0444
+    require => ['Nftables::Set[DOMAIN_NETWORKS]', 'Nftables::Set[MGMT_NETWORKS]']
+    notify  => ['Service[nftables]']
+    ensure  => present
+    owner   => root
+    tag     => nft

Content differences:

--- /etc/nftables/input/10_csr_and_ocsp_responder.nft.orig
+++ /etc/nftables/input/10_csr_and_ocsp_responder.nft
@@ -0,0 +1,6 @@
+# Managed by puppet
+# 
+ip saddr @DOMAIN_NETWORKS_ipv4 tcp dport { 80 } accept
+ip saddr @MGMT_NETWORKS_ipv4 tcp dport { 80 } accept
+ip6 saddr @DOMAIN_NETWORKS_ipv6 tcp dport { 80 } accept
+ip6 saddr @MGMT_NETWORKS_ipv6 tcp dport { 80 } accept

File[/etc/ferm/functions.conf]

Parameters differences:

--- File[/etc/ferm/functions.conf].orig
+++ File[/etc/ferm/functions.conf]

-    group   => root
-    mode    => 0400
-    require => Package[ferm]
-    notify  => Service[ferm]
-    ensure  => file
-    owner   => root
-    source  => puppet:///modules/ferm/functions.conf

Alternatives::Select[iptables]

Parameters differences:

--- Alternatives::Select[iptables].orig
+++ Alternatives::Select[iptables]

-    path    => /usr/sbin/iptables-legacy
-    require => Package[iptables]

Nftables::Service[ssh-from-bastion]

Parameters differences:

--- Nftables::Service[ssh-from-bastion].orig
+++ Nftables::Service[ssh-from-bastion]

+    port                => 22
+    notrack             => False
+    prio                => 10
+    ensure              => present
+    src_ips             => ['103.102.166.103', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:3:103:102:166:103', '208.80.153.110', '208.80.154.7', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']
+    unrestricted_access => False
+    proto               => tcp
+    desc                =>

File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set AUX_KUBEPODS_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.67.80.0/21,
+             10.194.80.0/21
+    }
+}

File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft.orig
+++ /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set DEPLOYMENT_HOSTS_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.16.93,
+             10.192.32.7
+    }
+}

File[/var/log/wmf_auto_restart_ulogd2]

Parameters differences:

--- File[/var/log/wmf_auto_restart_ulogd2].orig
+++ File[/var/log/wmf_auto_restart_ulogd2]

-    group  => root
-    mode   => 0755
-    force  => True
-    ensure => directory
-    owner  => root
-    backup => False

Nrpe::Check[check_ferm_active]

Parameters differences:

--- Nrpe::Check[check_ferm_active].orig
+++ Nrpe::Check[check_ferm_active]

-    command   => /usr/local/lib/nagios/plugins/check_ferm
-    ensure    => present
-    before    => Monitoring::Service[ferm_active]
-    sudo_user => root

Nftables::Set[DEPLOYMENT_HOSTS]

Parameters differences:

--- Nftables::Set[DEPLOYMENT_HOSTS].orig
+++ Nftables::Set[DEPLOYMENT_HOSTS]

+    ensure => present
+    hosts  => ['10.64.16.93', '2620:0:861:102:10:64:16:93', '10.192.32.7', '2620:0:860:103:10:192:32:7']

File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft
@@ -0,0 +1,8 @@
+# Autogenerated by puppet
+set MLSTAGE_KUBEPODS_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:860:302::/64
+    }
+}

Nftables::Set[LABSTORE_HOSTS]

Parameters differences:

--- Nftables::Set[LABSTORE_HOSTS].orig
+++ Nftables::Set[LABSTORE_HOSTS]

+    ensure => present
+    hosts  => ['208.80.154.142', '2620:0:861:2:208:80:154:142', '208.80.154.71', '2620:0:861:3:208:80:154:71']

File[/etc/nftables/sets/CACHES_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CACHES_ipv4.nft].orig
+++ File[/etc/nftables/sets/CACHES_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CACHES_ipv4.nft.orig
+++ /etc/nftables/sets/CACHES_ipv4.nft
@@ -0,0 +1,117 @@
+# Autogenerated by puppet
+set CACHES_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.0.79,
+             10.64.0.229,
+             10.64.0.14,
+             10.64.0.51,
+             10.64.16.241,
+             10.64.16.94,
+             10.64.16.95,
+             10.64.16.240,
+             10.64.32.14,
+             10.64.32.60,
+             10.64.32.15,
+             10.64.32.65,
+             10.64.48.16,
+             10.64.48.41,
+             10.64.48.27,
+             10.64.48.28,
+             10.192.23.26,
+             10.192.6.20,
+             10.192.12.35,
+             10.192.14.25,
+             10.192.4.22,
+             10.192.29.26,
+             10.192.30.29,
+             10.192.36.19,
+             10.192.40.25,
+             10.192.41.21,
+             10.192.56.3,
+             10.192.56.4,
+             10.192.57.3,
+             10.192.58.2,
+             10.192.58.3,
+             10.192.59.2,
+             10.80.0.14,
+             10.80.1.11,
+             10.80.0.13,
+             10.80.1.9,
+             10.80.0.12,
+             10.80.1.7,
+             10.80.0.11,
+             10.80.1.6,
+             10.80.0.10,
+             10.80.1.5,
+             10.80.0.8,
+             10.80.1.4,
+             10.80.0.7,
+             10.80.1.3,
+             10.80.0.6,
+             10.80.1.2,
+             10.128.0.19,
+             10.128.0.27,
+             10.128.0.22,
+             10.128.0.28,
+             10.128.0.25,
+             10.128.0.29,
+             10.128.0.26,
+             10.128.0.31,
+             10.128.0.14,
+             10.128.0.35,
+             10.128.0.21,
+             10.128.0.36,
+             10.128.0.24,
+             10.128.0.10,
+             10.128.0.37,
+             10.128.0.12,
+             10.132.0.17,
+             10.132.0.18,
+             10.132.0.19,
+             10.132.0.24,
+             10.132.0.29,
+             10.132.0.30,
+             10.132.0.34,
+             10.132.0.35,
+             10.132.0.36,
+             10.132.0.37,
+             10.132.0.38,
+             10.132.0.25,
+             10.132.0.26,
+             10.132.0.27,
+             10.132.0.28,
+             10.132.0.16,
+             10.136.0.6,
+             10.136.1.6,
+             10.136.0.7,
+             10.136.1.7,
+             10.136.0.8,
+             10.136.1.8,
+             10.136.0.9,
+             10.136.1.9,
+             10.136.0.10,
+             10.136.1.10,
+             10.136.0.11,
+             10.136.1.11,
+             10.136.0.12,
+             10.136.1.12,
+             10.136.0.13,
+             10.136.1.13,
+             10.140.0.3,
+             10.140.1.4,
+             10.140.0.4,
+             10.140.1.5,
+             10.140.0.5,
+             10.140.1.6,
+             10.140.0.6,
+             10.140.1.7,
+             10.140.0.7,
+             10.140.1.8,
+             10.140.0.8,
+             10.140.1.9,
+             10.140.0.9,
+             10.140.1.10,
+             10.140.0.10,
+             10.140.1.11
+    }
+}

Nftables::Set[DSE_KUBEPODS_NETWORKS]

Parameters differences:

--- Nftables::Set[DSE_KUBEPODS_NETWORKS].orig
+++ Nftables::Set[DSE_KUBEPODS_NETWORKS]

+    ensure => present
+    hosts  => ['10.67.24.0/21', '2620:0:861:302::/64', '10.192.96.0/21', '2620:0:860:308::/64']

Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)].orig
+++ Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True
+    before      => ['Service[prometheus-node-textfile-check-nft.timer]']

Nftables::Set[STAGING_KUBEPODS_NETWORKS]

Parameters differences:

--- Nftables::Set[STAGING_KUBEPODS_NETWORKS].orig
+++ Nftables::Set[STAGING_KUBEPODS_NETWORKS]

+    ensure => present
+    hosts  => ['10.64.64.0/21', '2620:0:861:babe::/64', '10.192.64.0/21', '2620:0:860:babe::/64']

Ferm::Filter_log[filter-bootp]

Parameters differences:

--- Ferm::Filter_log[filter-bootp].orig
+++ Ferm::Filter_log[filter-bootp]

-    proto  => udp
-    sport  => 67
-    ensure => present
-    daddr  => 255.255.255.255
-    dport  => 68

File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft
@@ -0,0 +1,38 @@
+# Autogenerated by puppet
+set ANALYTICS_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.64.137.0/24,
+             10.64.138.0/24,
+             10.64.139.0/24,
+             10.64.140.0/24,
+             10.64.142.0/24,
+             10.64.143.0/24,
+             10.64.144.0/24,
+             10.64.145.0/24,
+             10.64.153.0/24,
+             10.64.155.0/24,
+             10.64.157.0/24,
+             10.64.159.0/24,
+             10.64.161.0/24,
+             10.64.163.0/24,
+             10.64.165.0/24,
+             10.64.167.0/24,
+             10.64.170.0/24,
+             10.64.172.0/24,
+             10.64.174.0/24,
+             10.64.176.0/24,
+             10.64.178.0/24,
+             10.64.180.0/24,
+             10.64.182.0/24,
+             10.64.184.0/24,
+             10.64.186.0/24,
+             10.64.188.0/24,
+             10.64.190.0/24,
+             10.64.21.0/24,
+             10.64.36.0/24,
+             10.64.5.0/24,
+             10.64.53.0/24
+    }
+}

File[/lib/systemd/system/wmf_auto_restart_ulogd2.service]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_ulogd2.service].orig
+++ File[/lib/systemd/system/wmf_auto_restart_ulogd2.service]

-    group  => root
-    mode   => 0444
-    notify => Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]
-    ensure => present
-    owner  => root

Content differences:

--- /lib/systemd/system/wmf_auto_restart_ulogd2.service.orig
+++ /lib/systemd/system/wmf_auto_restart_ulogd2.service
@@ -1,8 +0,0 @@
-[Unit]
-Description=Auto restart job: ulogd2
-Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
-
-[Service]
-Type=oneshot
-User=root
-ExecStart=/usr/local/sbin/wmf-auto-restart -s ulogd2

File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]

Parameters differences:

--- File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft].orig
+++ File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/input/10_full-monitoring-metrics-access-udp.nft.orig
+++ /etc/nftables/input/10_full-monitoring-metrics-access-udp.nft
@@ -0,0 +1,4 @@
+# Managed by puppet
+# 
+ip saddr { 10.192.16.75, 10.192.32.67, 10.192.39.10, 10.192.9.11, 208.80.153.42, 208.80.154.78 } udp dport 1-65535 accept
+ip6 saddr { 2620:0:860:102:10:192:16:75, 2620:0:860:103:10:192:32:67, 2620:0:860:10a:10:192:9:11, 2620:0:860:11e:10:192:39:10, 2620:0:860:2:208:80:153:42, 2620:0:861:3:208:80:154:78 } udp dport 1-65535 accept

File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft
@@ -0,0 +1,12 @@
+# Autogenerated by puppet
+set CLOUD_PRIVATE_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2a02:ec80:a000:201::/64,
+             2a02:ec80:a000:202::/64,
+             2a02:ec80:a000:203::/64,
+             2a02:ec80:a000:204::/64,
+             2a02:ec80:a100:205::/64
+    }
+}

Exec[systemd daemon-reload for nftables.service (nftables)]

Parameters differences:

--- Exec[systemd daemon-reload for nftables.service (nftables)].orig
+++ Exec[systemd daemon-reload for nftables.service (nftables)]

+    command     => /bin/systemctl daemon-reload
+    refreshonly => True
+    before      => ['Service[nftables]']

Service[prometheus-node-textfile-check-nft.timer]

Parameters differences:

--- Service[prometheus-node-textfile-check-nft.timer].orig
+++ Service[prometheus-node-textfile-check-nft.timer]

+    ensure   => running
+    enable   => True
+    provider => systemd

File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft.orig
+++ /etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft
@@ -0,0 +1,15 @@
+# Autogenerated by puppet
+set KAFKA_BROKERS_MAIN_ipv4 {
+    type ipv4_addr
+    elements = { 10.192.5.9,
+             10.192.22.6,
+             10.192.32.4,
+             10.192.48.33,
+             10.192.48.35,
+             10.64.0.101,
+             10.64.16.30,
+             10.64.32.45,
+             10.64.48.37,
+             10.64.152.5
+    }
+}

Nftables::Set[MGMT_NETWORKS]

Parameters differences:

--- Nftables::Set[MGMT_NETWORKS].orig
+++ Nftables::Set[MGMT_NETWORKS]

+    ensure => present
+    hosts  => ['10.65.0.0/16', '10.128.128.0/17', '10.193.0.0/16', '10.80.128.0/17', '10.132.128.0/17', '10.136.128.0/17', '10.140.128.0/17']

File[/etc/nftables/main.nft]

Parameters differences:

--- File[/etc/nftables/main.nft].orig
+++ File[/etc/nftables/main.nft]

+    group   => root
+    require => File[/etc/nftables]
+    notify  => Service[nftables]
+    ensure  => present
+    owner   => root
+    source  => puppet:///modules/nftables/main.nft

File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft
@@ -0,0 +1,12 @@
+# Autogenerated by puppet
+set CLOUD_PRIVATE_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 172.20.1.0/24,
+             172.20.2.0/24,
+             172.20.3.0/24,
+             172.20.4.0/24,
+             172.20.5.0/24
+    }
+}

File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft.orig
+++ /etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set PROMETHEUS_HOSTS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:860:102:10:192:16:75,
+             2620:0:860:103:10:192:32:67,
+             2620:0:860:10a:10:192:9:11,
+             2620:0:860:11e:10:192:39:10
+    }
+}

File[/etc/rsyslog.d/40-ulogd.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-ulogd.conf].orig
+++ File[/etc/rsyslog.d/40-ulogd.conf]

-    group  => root
-    mode   => 0444
-    notify => Service[rsyslog]
-    ensure => present
-    owner  => root

Content differences:

--- /etc/rsyslog.d/40-ulogd.conf.orig
+++ /etc/rsyslog.d/40-ulogd.conf
@@ -1,10 +0,0 @@
-# rsyslog.conf(5) configuration file for services.
-# This file is managed by Puppet.
-if $programname startswith "ulogd" then {
-    action(
-        type="omfile" file="/var/log/ulogd/syslog.log"
-        fileOwner="root" fileGroup="root"
-        fileCreateMode="0600"
-    )
-    & stop
-}

File_line[auto_restart_file_presence_ulogd2]

Parameters differences:

--- File_line[auto_restart_file_presence_ulogd2].orig
+++ File_line[auto_restart_file_presence_ulogd2]

-    line    => ulogd2
-    ensure  => present
-    path    => /etc/debdeploy-client/autorestarts.conf
-    require => File[/etc/debdeploy-client/autorestarts.conf]

File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft.orig
+++ /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set DEPLOYMENT_HOSTS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:102:10:64:16:93,
+             2620:0:860:103:10:192:32:7
+    }
+}

File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft.orig
+++ /etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft
@@ -0,0 +1,10 @@
+# Autogenerated by puppet
+set DRUID_PUBLIC_HOSTS_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.131.9,
+             10.64.132.12,
+             10.64.135.9,
+             10.64.32.101,
+             10.64.48.185
+    }
+}

Nftables::Set[MYSQL_ROOT_CLIENTS]

Parameters differences:

--- Nftables::Set[MYSQL_ROOT_CLIENTS].orig
+++ Nftables::Set[MYSQL_ROOT_CLIENTS]

+    ensure => present
+    hosts  => ['10.64.16.90', '10.192.16.191', '10.64.16.154', '10.192.32.49', '208.80.155.103', '208.80.154.9', '10.64.0.20']

Systemd::Unit[wmf_auto_restart_ulogd2.timer]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_ulogd2.timer].orig
+++ Systemd::Unit[wmf_auto_restart_ulogd2.timer]

-    require           => ['Class[Systemd]']
-    override          => False
-    ensure            => present
-    restart           => False
-    unit              => wmf_auto_restart_ulogd2.timer
-    override_filename => puppet-override.conf

Nftables::Service[csr_and_ocsp_responder]

Parameters differences:

--- Nftables::Service[csr_and_ocsp_responder].orig
+++ Nftables::Service[csr_and_ocsp_responder]

+    port                => 80
+    notrack             => False
+    prio                => 10
+    ensure              => present
+    unrestricted_access => False
+    src_sets            => ['DOMAIN_NETWORKS', 'MGMT_NETWORKS']
+    proto               => tcp
+    desc                =>

Ferm::Service[multirootca_tls_termination]

Parameters differences:

--- Ferm::Service[multirootca_tls_termination].orig
+++ Ferm::Service[multirootca_tls_termination]

-    port                => 443
-    notrack             => False
-    prio                => 10
-    ensure              => present
-    unrestricted_access => False
-    src_sets            => ['DOMAIN_NETWORKS']
-    proto               => tcp
-    desc                =>

Nftables::Service[full-monitoring-metrics-access-udp]

Parameters differences:

--- Nftables::Service[full-monitoring-metrics-access-udp].orig
+++ Nftables::Service[full-monitoring-metrics-access-udp]

+    notrack             => False
+    prio                => 10
+    ensure              => present
+    src_ips             => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']
+    port_range          => [1, 65535]
+    unrestricted_access => False
+    proto               => udp
+    desc                =>

Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)].orig
+++ Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]

-    command     => /bin/systemctl daemon-reload
-    refreshonly => True
-    before      => ['Service[wmf_auto_restart_ulogd2.timer]']

File[/etc/nftables/sets/CACHES_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CACHES_ipv6.nft].orig
+++ File[/etc/nftables/sets/CACHES_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CACHES_ipv6.nft.orig
+++ /etc/nftables/sets/CACHES_ipv6.nft
@@ -0,0 +1,117 @@
+# Autogenerated by puppet
+set CACHES_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:101:10:64:0:79,
+             2620:0:861:101:10:64:0:229,
+             2620:0:861:101:10:64:0:14,
+             2620:0:861:101:10:64:0:51,
+             2620:0:861:102:10:64:16:241,
+             2620:0:861:102:10:64:16:94,
+             2620:0:861:102:10:64:16:95,
+             2620:0:861:102:10:64:16:240,
+             2620:0:861:103:10:64:32:14,
+             2620:0:861:103:10:64:32:60,
+             2620:0:861:103:10:64:32:15,
+             2620:0:861:103:10:64:32:65,
+             2620:0:861:107:10:64:48:16,
+             2620:0:861:107:10:64:48:41,
+             2620:0:861:107:10:64:48:27,
+             2620:0:861:107:10:64:48:28,
+             2620:0:860:113:10:192:23:26,
+             2620:0:860:107:10:192:6:20,
+             2620:0:860:10d:10:192:12:35,
+             2620:0:860:10f:10:192:14:25,
+             2620:0:860:100:10:192:4:22,
+             2620:0:860:116:10:192:29:26,
+             2620:0:860:119:10:192:30:29,
+             2620:0:860:11b:10:192:36:19,
+             2620:0:860:11f:10:192:40:25,
+             2620:0:860:120:10:192:41:21,
+             2620:0:860:12b:10:192:56:3,
+             2620:0:860:12b:10:192:56:4,
+             2620:0:860:12c:10:192:57:3,
+             2620:0:860:12d:10:192:58:2,
+             2620:0:860:12d:10:192:58:3,
+             2620:0:860:12e:10:192:59:2,
+             2a02:ec80:300:101:10:80:0:14,
+             2a02:ec80:300:102:10:80:1:11,
+             2a02:ec80:300:101:10:80:0:13,
+             2a02:ec80:300:102:10:80:1:9,
+             2a02:ec80:300:101:10:80:0:12,
+             2a02:ec80:300:102:10:80:1:7,
+             2a02:ec80:300:101:10:80:0:11,
+             2a02:ec80:300:102:10:80:1:6,
+             2a02:ec80:300:101:10:80:0:10,
+             2a02:ec80:300:102:10:80:1:5,
+             2a02:ec80:300:101:10:80:0:8,
+             2a02:ec80:300:102:10:80:1:4,
+             2a02:ec80:300:101:10:80:0:7,
+             2a02:ec80:300:102:10:80:1:3,
+             2a02:ec80:300:101:10:80:0:6,
+             2a02:ec80:300:102:10:80:1:2,
+             2620:0:863:101:10:128:0:19,
+             2620:0:863:101:10:128:0:27,
+             2620:0:863:101:10:128:0:22,
+             2620:0:863:101:10:128:0:28,
+             2620:0:863:101:10:128:0:25,
+             2620:0:863:101:10:128:0:29,
+             2620:0:863:101:10:128:0:26,
+             2620:0:863:101:10:128:0:31,
+             2620:0:863:101:10:128:0:14,
+             2620:0:863:101:10:128:0:35,
+             2620:0:863:101:10:128:0:21,
+             2620:0:863:101:10:128:0:36,
+             2620:0:863:101:10:128:0:24,
+             2620:0:863:101:10:128:0:10,
+             2620:0:863:101:10:128:0:37,
+             2620:0:863:101:10:128:0:12,
+             2001:df2:e500:101:10:132:0:17,
+             2001:df2:e500:101:10:132:0:18,
+             2001:df2:e500:101:10:132:0:19,
+             2001:df2:e500:101:10:132:0:24,
+             2001:df2:e500:101:10:132:0:29,
+             2001:df2:e500:101:10:132:0:30,
+             2001:df2:e500:101:10:132:0:34,
+             2001:df2:e500:101:10:132:0:35,
+             2001:df2:e500:101:10:132:0:36,
+             2001:df2:e500:101:10:132:0:37,
+             2001:df2:e500:101:10:132:0:38,
+             2001:df2:e500:101:10:132:0:25,
+             2001:df2:e500:101:10:132:0:26,
+             2001:df2:e500:101:10:132:0:27,
+             2001:df2:e500:101:10:132:0:28,
+             2001:df2:e500:101:10:132:0:16,
+             2a02:ec80:600:101:10:136:0:6,
+             2a02:ec80:600:102:10:136:1:6,
+             2a02:ec80:600:101:10:136:0:7,
+             2a02:ec80:600:102:10:136:1:7,
+             2a02:ec80:600:101:10:136:0:8,
+             2a02:ec80:600:102:10:136:1:8,
+             2a02:ec80:600:101:10:136:0:9,
+             2a02:ec80:600:102:10:136:1:9,
+             2a02:ec80:600:101:10:136:0:10,
+             2a02:ec80:600:102:10:136:1:10,
+             2a02:ec80:600:101:10:136:0:11,
+             2a02:ec80:600:102:10:136:1:11,
+             2a02:ec80:600:101:10:136:0:12,
+             2a02:ec80:600:102:10:136:1:12,
+             2a02:ec80:600:101:10:136:0:13,
+             2a02:ec80:600:102:10:136:1:13,
+             2a02:ec80:700:101:10:140:0:3,
+             2a02:ec80:700:102:10:140:1:4,
+             2a02:ec80:700:101:10:140:0:4,
+             2a02:ec80:700:102:10:140:1:5,
+             2a02:ec80:700:101:10:140:0:5,
+             2a02:ec80:700:102:10:140:1:6,
+             2a02:ec80:700:101:10:140:0:6,
+             2a02:ec80:700:102:10:140:1:7,
+             2a02:ec80:700:101:10:140:0:7,
+             2a02:ec80:700:102:10:140:1:8,
+             2a02:ec80:700:101:10:140:0:8,
+             2a02:ec80:700:102:10:140:1:9,
+             2a02:ec80:700:101:10:140:0:9,
+             2a02:ec80:700:102:10:140:1:10,
+             2a02:ec80:700:101:10:140:0:10,
+             2a02:ec80:700:102:10:140:1:11
+    }
+}

Systemd::Timer[prometheus-node-textfile-check-nft]

Parameters differences:

--- Systemd::Timer[prometheus-node-textfile-check-nft].orig
+++ Systemd::Timer[prometheus-node-textfile-check-nft]

+    accuracy           => 15sec
+    unit_name          => prometheus-node-textfile-check-nft.service
+    fixed_random_delay => False
+    ensure             => present
+    splay              => 0
+    timer_intervals    => [{'start': 'OnCalendar', 'interval': '*:0/30'}]

Nftables::Set[NETWORK_INFRA]

Parameters differences:

--- Nftables::Set[NETWORK_INFRA].orig
+++ Nftables::Set[NETWORK_INFRA]

+    ensure => present
+    hosts  => ['185.15.59.128/27', '2a02:ec80:300:fe00::/55', '198.35.26.128/27', '2620:0:863:fe00::/55', '208.80.153.192/27', '2620:0:860:fe00::/55', '10.192.255.0/24', '2620:0:860:13f::/64', '10.192.253.0/24', '2620:0:860:139::/64', '208.80.154.192/27', '2620:0:861:fe00::/55', '10.64.146.0/24', '2620:0:861:11b::/128', '10.64.168.0/24', '2620:0:861:130::/64', '10.64.147.0/24', '103.102.166.128/27', '2001:df2:e500:fe00::/55', '185.15.58.128/27', '2a02:ec80:600:fe00::/55', '195.200.68.128/27', '2a02:ec80:700:fe00::/55']

Package[nftables]

Parameters differences:

--- Package[nftables].orig
+++ Package[nftables]

+    ensure   => present
+    provider => apt

Service[ulogd2]

Parameters differences:

--- Service[ulogd2].orig
+++ Service[ulogd2]

-    ensure  => running
-    enable  => True
-    require => Package[ulogd2]

Nftables::Service[multirootca-tls-termination-for-cfssl-issuer-k8s-pods]

Parameters differences:

--- Nftables::Service[multirootca-tls-termination-for-cfssl-issuer-k8s-pods].orig
+++ Nftables::Service[multirootca-tls-termination-for-cfssl-issuer-k8s-pods]

+    port                => 8443
+    notrack             => False
+    prio                => 10
+    ensure              => present
+    unrestricted_access => False
+    src_sets            => ['WIKIKUBE_KUBEPODS_NETWORKS', 'STAGING_KUBEPODS_NETWORKS', 'MLSERVE_KUBEPODS_NETWORKS', 'MLSTAGE_KUBEPODS_NETWORKS', 'DSE_KUBEPODS_NETWORKS', 'AUX_KUBEPODS_NETWORKS']
+    proto               => tcp
+    desc                =>

Systemd::Timer::Job[nrpe2nodexp-ferm_active]

Parameters differences:

--- Systemd::Timer::Job[nrpe2nodexp-ferm_active].orig
+++ Systemd::Timer::Job[nrpe2nodexp-ferm_active]

-    logfile_group             => root
-    description               => execution of nrpe2nodexp for the check_ferm_active command.
-    monitoring_enabled        => False
-    syslog_identifier         => nrpe2nodexp-ferm_active
-    interval                  => [{'start': 'OnUnitInactiveSec', 'interval': '10min'}]
-    syslog_force_stop         => True
-    send_mail_only_on_error   => True
-    splay                     => 600
-    send_mail                 => False
-    ignore_errors             => True
-    user                      => nagios
-    command                   => /usr/local/bin/nrpe2nodexp --alert-rule-hash "bba0a2572329bb500b832470e08b381c" --timeout 10 --check-command "check_ferm_active"
-    group                     => prometheus-node-exporter
-    syslog_match_startswith   => True
-    monitoring_contact_groups => admins
-    send_mail_to              => root@pki2002.codfw.wmnet
-    logfile_basedir           => /var/log
-    success_exit_status       => []
-    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
-    fixed_random_delay        => True
-    logging_enabled           => False
-    ensure                    => present
-    logfile_name              => syslog.log
-    private_tmp               => False
-    environment               => {}
-    logfile_perms             => all

File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft.orig
+++ /etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft
@@ -0,0 +1,12 @@
+# Autogenerated by puppet
+set CLOUD_NETWORKS_PUBLIC_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 185.15.56.0/25,
+             185.15.56.160/28,
+             185.15.57.0/29,
+             185.15.57.16/29,
+             185.15.57.24/29
+    }
+}

Systemd::Syslog[ulogd]

Parameters differences:

--- Systemd::Syslog[ulogd].orig
+++ Systemd::Syslog[ulogd]

-    base_dir               => /var/log
-    readable_by            => user
-    ensure                 => present
-    log_filename           => syslog.log
-    force_stop             => True
-    group                  => root
-    owner                  => root
-    programname_comparison => startswith

File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/BASTION_HOSTS_ipv6.nft.orig
+++ /etc/nftables/sets/BASTION_HOSTS_ipv6.nft
@@ -0,0 +1,12 @@
+# Autogenerated by puppet
+set BASTION_HOSTS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:1:208:80:154:7,
+             2a02:ec80:300:3:185:15:59:99,
+             2620:0:860:4:208:80:153:110,
+             2620:0:863:3:198:35:26:104,
+             2001:df2:e500:3:103:102:166:103,
+             2a02:ec80:600:1:185:15:58:6,
+             2a02:ec80:700:3:195:200:68:99
+    }
+}

Nftables::Service[multirootca tls termination]

Parameters differences:

--- Nftables::Service[multirootca tls termination].orig
+++ Nftables::Service[multirootca tls termination]

+    port                => 443
+    notrack             => False
+    prio                => 10
+    ensure              => present
+    unrestricted_access => False
+    src_sets            => ['DOMAIN_NETWORKS']
+    proto               => tcp
+    desc                =>

Systemd::Unit[wmf_auto_restart_ulogd2.service]

Parameters differences:

--- Systemd::Unit[wmf_auto_restart_ulogd2.service].orig
+++ Systemd::Unit[wmf_auto_restart_ulogd2.service]

-    require           => ['Class[Systemd]']
-    override          => False
-    ensure            => present
-    restart           => False
-    unit              => wmf_auto_restart_ulogd2.service
-    override_filename => puppet-override.conf

File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft
@@ -0,0 +1,183 @@
+# Autogenerated by puppet
+set PRODUCTION_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2001:df2:e500:101::/64,
+             2001:df2:e500:103::/64,
+             2001:df2:e500:1::/64,
+             2001:df2:e500:3::/64,
+             2001:df2:e500:ed1a::/64,
+             2620:0:860:100::/64,
+             2620:0:860:101::/64,
+             2620:0:860:102::/64,
+             2620:0:860:103::/64,
+             2620:0:860:104::/64,
+             2620:0:860:105::/64,
+             2620:0:860:106::/64,
+             2620:0:860:107::/64,
+             2620:0:860:108::/64,
+             2620:0:860:109::/64,
+             2620:0:860:10a::/64,
+             2620:0:860:10b::/64,
+             2620:0:860:10c::/64,
+             2620:0:860:10d::/64,
+             2620:0:860:10e::/64,
+             2620:0:860:10f::/64,
+             2620:0:860:110::/64,
+             2620:0:860:111::/64,
+             2620:0:860:112::/64,
+             2620:0:860:113::/64,
+             2620:0:860:114::/64,
+             2620:0:860:115::/64,
+             2620:0:860:116::/64,
+             2620:0:860:118::/64,
+             2620:0:860:119::/64,
+             2620:0:860:11a::/64,
+             2620:0:860:11b::/64,
+             2620:0:860:11c::/64,
+             2620:0:860:11d::/64,
+             2620:0:860:11e::/64,
+             2620:0:860:11f::/64,
+             2620:0:860:120::/64,
+             2620:0:860:121::/64,
+             2620:0:860:122::/64,
+             2620:0:860:123::/64,
+             2620:0:860:124::/64,
+             2620:0:860:125::/64,
+             2620:0:860:126::/64,
+             2620:0:860:127::/64,
+             2620:0:860:12b::/64,
+             2620:0:860:12c::/64,
+             2620:0:860:12d::/64,
+             2620:0:860:12e::/64,
+             2620:0:860:140::/64,
+             2620:0:860:1::/64,
+             2620:0:860:2::/64,
+             2620:0:860:300::/64,
+             2620:0:860:301::/64,
+             2620:0:860:302::/64,
+             2620:0:860:303::/64,
+             2620:0:860:304::/64,
+             2620:0:860:305::/64,
+             2620:0:860:307::/64,
+             2620:0:860:308::/64,
+             2620:0:860:3::/64,
+             2620:0:860:4::/64,
+             2620:0:860:5::/64,
+             2620:0:860:babe::/64,
+             2620:0:860:babf::/64,
+             2620:0:860:cabe::/64,
+             2620:0:860:cabf::/64,
+             2620:0:860:ed1a::/64,
+             2620:0:861:100::/64,
+             2620:0:861:101::/64,
+             2620:0:861:102::/64,
+             2620:0:861:103::/64,
+             2620:0:861:104::/64,
+             2620:0:861:105::/64,
+             2620:0:861:106::/64,
+             2620:0:861:107::/64,
+             2620:0:861:108::/64,
+             2620:0:861:109::/64,
+             2620:0:861:10a::/64,
+             2620:0:861:10b::/64,
+             2620:0:861:10c::/64,
+             2620:0:861:10d::/64,
+             2620:0:861:10e::/64,
+             2620:0:861:10f::/64,
+             2620:0:861:110::/64,
+             2620:0:861:111::/64,
+             2620:0:861:112::/64,
+             2620:0:861:113::/64,
+             2620:0:861:114::/64,
+             2620:0:861:115::/64,
+             2620:0:861:116::/64,
+             2620:0:861:117::/64,
+             2620:0:861:118::/64,
+             2620:0:861:119::/64,
+             2620:0:861:11a::/64,
+             2620:0:861:11c::/64,
+             2620:0:861:11d::/64,
+             2620:0:861:11e::/64,
+             2620:0:861:11f::/64,
+             2620:0:861:120::/64,
+             2620:0:861:121::/64,
+             2620:0:861:122::/64,
+             2620:0:861:123::/64,
+             2620:0:861:124::/64,
+             2620:0:861:125::/64,
+             2620:0:861:126::/64,
+             2620:0:861:127::/64,
+             2620:0:861:128::/64,
+             2620:0:861:129::/64,
+             2620:0:861:12a::/64,
+             2620:0:861:12b::/64,
+             2620:0:861:12c::/64,
+             2620:0:861:12d::/64,
+             2620:0:861:12e::/64,
+             2620:0:861:12f::/64,
+             2620:0:861:131::/64,
+             2620:0:861:132::/64,
+             2620:0:861:133::/64,
+             2620:0:861:134::/64,
+             2620:0:861:135::/64,
+             2620:0:861:136::/64,
+             2620:0:861:137::/64,
+             2620:0:861:138::/64,
+             2620:0:861:139::/64,
+             2620:0:861:13a::/64,
+             2620:0:861:13b::/64,
+             2620:0:861:13c::/64,
+             2620:0:861:13d::/64,
+             2620:0:861:13e::/64,
+             2620:0:861:13f::/64,
+             2620:0:861:140::/64,
+             2620:0:861:141::/64,
+             2620:0:861:142::/64,
+             2620:0:861:143::/64,
+             2620:0:861:144::/64,
+             2620:0:861:145::/64,
+             2620:0:861:1::/64,
+             2620:0:861:2::/64,
+             2620:0:861:300::/64,
+             2620:0:861:301::/116,
+             2620:0:861:302::/64,
+             2620:0:861:303::/116,
+             2620:0:861:304::/116,
+             2620:0:861:305::/64,
+             2620:0:861:3::/64,
+             2620:0:861:4::/64,
+             2620:0:861:babe::/64,
+             2620:0:861:babf::/116,
+             2620:0:861:cabe::/64,
+             2620:0:861:cabf::/116,
+             2620:0:861:ed1a::/64,
+             2620:0:863:101::/64,
+             2620:0:863:102::/64,
+             2620:0:863:103::/64,
+             2620:0:863:1::/64,
+             2620:0:863:2::/64,
+             2620:0:863:3::/64,
+             2620:0:863:ed1a::/64,
+             2a02:ec80:300:101::/64,
+             2a02:ec80:300:102::/64,
+             2a02:ec80:300:103::/64,
+             2a02:ec80:300:1::/64,
+             2a02:ec80:300:2::/64,
+             2a02:ec80:300:3::/64,
+             2a02:ec80:300:ed1a::/64,
+             2a02:ec80:600:101::/64,
+             2a02:ec80:600:102::/64,
+             2a02:ec80:600:1::/64,
+             2a02:ec80:600:2::/64,
+             2a02:ec80:600:ed1a::/64,
+             2a02:ec80:700:101::/64,
+             2a02:ec80:700:102::/64,
+             2a02:ec80:700:103::/64,
+             2a02:ec80:700:1::/64,
+             2a02:ec80:700:2::/64,
+             2a02:ec80:700:3::/64,
+             2a02:ec80:700:ed1a::/64
+    }
+}

File[/etc/nftables/forward]

Parameters differences:

--- File[/etc/nftables/forward].orig
+++ File[/etc/nftables/forward]

+    purge   => True
+    group   => root
+    recurse => True
+    ensure  => directory
+    owner   => root

File[/etc/ferm/conf.d/10_csr_and_ocsp_responder]

Parameters differences:

--- File[/etc/ferm/conf.d/10_csr_and_ocsp_responder].orig
+++ File[/etc/ferm/conf.d/10_csr_and_ocsp_responder]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/10_csr_and_ocsp_responder.orig
+++ /etc/ferm/conf.d/10_csr_and_ocsp_responder
@@ -1,6 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 
-&R_SERVICE(tcp, 80, ($DOMAIN_NETWORKS $MGMT_NETWORKS));
-
-

File[/etc/logrotate.d/wmf_auto_restart_ulogd2]

Parameters differences:

--- File[/etc/logrotate.d/wmf_auto_restart_ulogd2].orig
+++ File[/etc/logrotate.d/wmf_auto_restart_ulogd2]

-    ensure => present
-    owner  => root
-    mode   => 0444
-    group  => root

Content differences:

--- /etc/logrotate.d/wmf_auto_restart_ulogd2.orig
+++ /etc/logrotate.d/wmf_auto_restart_ulogd2
@@ -1,12 +0,0 @@
-# logrotate(8) config for wmf_auto_restart_ulogd2
-
-/var/log/wmf_auto_restart_ulogd2/*.log {
-    daily
-    copytruncate
-    missingok
-    compress
-    delaycompress
-    notifempty
-    rotate 15
-    size 256M
-}

Ferm::Rule[filter_log_filter-bootp]

Parameters differences:

--- Ferm::Rule[filter_log_filter-bootp].orig
+++ Ferm::Rule[filter_log_filter-bootp]

-    chain  => INPUT
-    prio   => 98
-    domain => (ip ip6)
-    ensure => present
-    table  => filter
-    rule   => proto udp  daddr 255.255.255.255 sport 67 dport 68 DROP;
-    desc   =>

File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft.orig
+++ /etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft
@@ -0,0 +1,4 @@
+# Autogenerated by puppet
+set MYSQL_ROOT_CLIENTS_ipv6 {
+    type ipv6_addr
+}

Ferm::Conf[defs]

Parameters differences:

--- Ferm::Conf[defs].orig
+++ Ferm::Conf[defs]

-    ensure => present
-    prio   => 00

File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft].orig
+++ File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CUMIN_MASTERS_ipv6.nft.orig
+++ /etc/nftables/sets/CUMIN_MASTERS_ipv6.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set CUMIN_MASTERS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:102:10:64:16:154,
+             2620:0:860:103:10:192:32:49
+    }
+}

Class[Profile::Firewall::Nftables_base_sets]

Parameters differences:

--- Class[Profile::Firewall::Nftables_base_sets].orig
+++ Class[Profile::Firewall::Nftables_base_sets]

+    install_hosts6        => {'eqiad': '2620:0:861:2:208:80:154:134', 'codfw': '2620:0:860:3:208:80:153:70', 'esams': '2a02:ec80:300:3:185:15:59:101', 'ulsfo': '2620:0:863:3:198:35:26:98', 'eqsin': '2001:df2:e500:1:103:102:166:11', 'drmrs': '2a02:ec80:600:1:185:15:58:7', 'magru': '2a02:ec80:700:3:195:200:68:100'}
+    druid_public_hosts    => ['10.64.131.9', '2620:0:861:10a:10:64:131:9', '10.64.132.12', '2620:0:861:10b:10:64:132:12', '10.64.135.9', '2620:0:861:10e:10:64:135:9', '10.64.32.101', '2620:0:861:103:10:64:32:101', '10.64.48.185', '2620:0:861:107:10:64:48:185']
+    prometheus_nodes      => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet']
+    mysql_root_clients    => ['10.64.16.90', '10.192.16.191', '10.64.16.154', '10.192.32.49', '208.80.155.103', '208.80.154.9', '10.64.0.20']
+    kafka_brokers_main    => ['10.192.5.9', '2620:0:860:106:10:192:5:9', '10.192.22.6', '2620:0:860:112:10:192:22:6', '10.192.32.4', '2620:0:860:103:10:192:32:4', '10.192.48.33', '2620:0:860:104:10:192:48:33', '10.192.48.35', '2620:0:860:104:10:192:48:35', '10.64.0.101', '2620:0:861:101:10:64:0:101', '10.64.16.30', '2620:0:861:102:10:64:16:30', '10.64.32.45', '2620:0:861:103:10:64:32:45', '10.64.48.37', '2620:0:861:107:10:64:48:37', '10.64.152.5', '2620:0:861:120:10:64:152:5']
+    deployment_hosts      => ['10.64.16.93', '2620:0:861:102:10:64:16:93', '10.192.32.7', '2620:0:860:103:10:192:32:7']
+    bastion_hosts         => ['208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.103', '2001:df2:e500:3:103:102:166:103', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
+    zookeeper_hosts_main  => ['10.64.0.207', '2620:0:861:101:10:64:0:207', '10.64.16.110', '2620:0:861:102:10:64:16:110', '10.64.48.154', '2620:0:861:107:10:64:48:154', '10.192.16.45', '2620:0:860:102:10:192:16:45', '10.192.32.52', '2620:0:860:103:10:192:32:52', '10.192.48.59', '2620:0:860:104:10:192:48:59']
+    kafka_brokers_logging => ['10.64.16.205', '2620:0:861:102:10:64:16:205', '10.64.133.11', '2620:0:861:10c:10:64:133:11', '10.64.183.12', '2620:0:861:13d:10:64:183:12', '10.64.131.13', '2620:0:861:10a:10:64:131:13', '10.64.135.13', '2620:0:861:10e:10:64:135:13', '10.192.23.29', '2620:0:860:113:10:192:23:29', '10.192.11.28', '2620:0:860:10c:10:192:11:28', '10.192.26.22', '2620:0:860:105:10:192:26:22', '10.192.11.27', '2620:0:860:10c:10:192:11:27', '10.192.39.25', '2620:0:860:11e:10:192:39:25']
+    monitoring_hosts      => ['208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']
+    kafka_brokers_jumbo   => ['10.64.130.10', '2620:0:861:109:10:64:130:10', '10.64.131.16', '2620:0:861:10a:10:64:131:16', '10.64.132.21', '2620:0:861:10b:10:64:132:21', '10.64.134.9', '2620:0:861:10d:10:64:134:9', '10.64.135.16', '2620:0:861:10e:10:64:135:16', '10.64.136.11', '2620:0:861:10f:10:64:136:11', '10.64.154.15', '2620:0:861:122:10:64:154:15', '10.64.160.16', '2620:0:861:128:10:64:160:16', '10.64.0.126', '2620:0:861:101:10:64:0:126']
+    cache_hosts           => ['10.64.0.79', '2620:0:861:101:10:64:0:79', '10.64.0.229', '2620:0:861:101:10:64:0:229', '10.64.0.14', '2620:0:861:101:10:64:0:14', '10.64.0.51', '2620:0:861:101:10:64:0:51', '10.64.16.241', '2620:0:861:102:10:64:16:241', '10.64.16.94', '2620:0:861:102:10:64:16:94', '10.64.16.95', '2620:0:861:102:10:64:16:95', '10.64.16.240', '2620:0:861:102:10:64:16:240', '10.64.32.14', '2620:0:861:103:10:64:32:14', '10.64.32.60', '2620:0:861:103:10:64:32:60', '10.64.32.15', '2620:0:861:103:10:64:32:15', '10.64.32.65', '2620:0:861:103:10:64:32:65', '10.64.48.16', '2620:0:861:107:10:64:48:16', '10.64.48.41', '2620:0:861:107:10:64:48:41', '10.64.48.27', '2620:0:861:107:10:64:48:27', '10.64.48.28', '2620:0:861:107:10:64:48:28', '10.192.23.26', '2620:0:860:113:10:192:23:26', '10.192.6.20', '2620:0:860:107:10:192:6:20', '10.192.12.35', '2620:0:860:10d:10:192:12:35', '10.192.14.25', '2620:0:860:10f:10:192:14:25', '10.192.4.22', '2620:0:860:100:10:192:4:22', '10.192.29.26', '2620:0:860:116:10:192:29:26', '10.192.30.29', '2620:0:860:119:10:192:30:29', '10.192.36.19', '2620:0:860:11b:10:192:36:19', '10.192.40.25', '2620:0:860:11f:10:192:40:25', '10.192.41.21', '2620:0:860:120:10:192:41:21', '10.192.56.3', '2620:0:860:12b:10:192:56:3', '10.192.56.4', '2620:0:860:12b:10:192:56:4', '10.192.57.3', '2620:0:860:12c:10:192:57:3', '10.192.58.2', '2620:0:860:12d:10:192:58:2', '10.192.58.3', '2620:0:860:12d:10:192:58:3', '10.192.59.2', '2620:0:860:12e:10:192:59:2', '10.80.0.14', '2a02:ec80:300:101:10:80:0:14', '10.80.1.11', '2a02:ec80:300:102:10:80:1:11', '10.80.0.13', '2a02:ec80:300:101:10:80:0:13', '10.80.1.9', '2a02:ec80:300:102:10:80:1:9', '10.80.0.12', '2a02:ec80:300:101:10:80:0:12', '10.80.1.7', '2a02:ec80:300:102:10:80:1:7', '10.80.0.11', '2a02:ec80:300:101:10:80:0:11', '10.80.1.6', '2a02:ec80:300:102:10:80:1:6', '10.80.0.10', '2a02:ec80:300:101:10:80:0:10', '10.80.1.5', '2a02:ec80:300:102:10:80:1:5', '10.80.0.8', '2a02:ec80:300:101:10:80:0:8', '10.80.1.4', '2a02:ec80:300:102:10:80:1:4', '10.80.0.7', '2a02:ec80:300:101:10:80:0:7', '10.80.1.3', '2a02:ec80:300:102:10:80:1:3', '10.80.0.6', '2a02:ec80:300:101:10:80:0:6', '10.80.1.2', '2a02:ec80:300:102:10:80:1:2', '10.128.0.19', '2620:0:863:101:10:128:0:19', '10.128.0.27', '2620:0:863:101:10:128:0:27', '10.128.0.22', '2620:0:863:101:10:128:0:22', '10.128.0.28', '2620:0:863:101:10:128:0:28', '10.128.0.25', '2620:0:863:101:10:128:0:25', '10.128.0.29', '2620:0:863:101:10:128:0:29', '10.128.0.26', '2620:0:863:101:10:128:0:26', '10.128.0.31', '2620:0:863:101:10:128:0:31', '10.128.0.14', '2620:0:863:101:10:128:0:14', '10.128.0.35', '2620:0:863:101:10:128:0:35', '10.128.0.21', '2620:0:863:101:10:128:0:21', '10.128.0.36', '2620:0:863:101:10:128:0:36', '10.128.0.24', '2620:0:863:101:10:128:0:24', '10.128.0.10', '2620:0:863:101:10:128:0:10', '10.128.0.37', '2620:0:863:101:10:128:0:37', '10.128.0.12', '2620:0:863:101:10:128:0:12', '10.132.0.17', '2001:df2:e500:101:10:132:0:17', '10.132.0.18', '2001:df2:e500:101:10:132:0:18', '10.132.0.19', '2001:df2:e500:101:10:132:0:19', '10.132.0.24', '2001:df2:e500:101:10:132:0:24', '10.132.0.29', '2001:df2:e500:101:10:132:0:29', '10.132.0.30', '2001:df2:e500:101:10:132:0:30', '10.132.0.34', '2001:df2:e500:101:10:132:0:34', '10.132.0.35', '2001:df2:e500:101:10:132:0:35', '10.132.0.36', '2001:df2:e500:101:10:132:0:36', '10.132.0.37', '2001:df2:e500:101:10:132:0:37', '10.132.0.38', '2001:df2:e500:101:10:132:0:38', '10.132.0.25', '2001:df2:e500:101:10:132:0:25', '10.132.0.26', '2001:df2:e500:101:10:132:0:26', '10.132.0.27', '2001:df2:e500:101:10:132:0:27', '10.132.0.28', '2001:df2:e500:101:10:132:0:28', '10.132.0.16', '2001:df2:e500:101:10:132:0:16', '10.136.0.6', '2a02:ec80:600:101:10:136:0:6', '10.136.1.6', '2a02:ec80:600:102:10:136:1:6', '10.136.0.7', '2a02:ec80:600:101:10:136:0:7', '10.136.1.7', '2a02:ec80:600:102:10:136:1:7', '10.136.0.8', '2a02:ec80:600:101:10:136:0:8', '10.136.1.8', '2a02:ec80:600:102:10:136:1:8', '10.136.0.9', '2a02:ec80:600:101:10:136:0:9', '10.136.1.9', '2a02:ec80:600:102:10:136:1:9', '10.136.0.10', '2a02:ec80:600:101:10:136:0:10', '10.136.1.10', '2a02:ec80:600:102:10:136:1:10', '10.136.0.11', '2a02:ec80:600:101:10:136:0:11', '10.136.1.11', '2a02:ec80:600:102:10:136:1:11', '10.136.0.12', '2a02:ec80:600:101:10:136:0:12', '10.136.1.12', '2a02:ec80:600:102:10:136:1:12', '10.136.0.13', '2a02:ec80:600:101:10:136:0:13', '10.136.1.13', '2a02:ec80:600:102:10:136:1:13', '10.140.0.3', '2a02:ec80:700:101:10:140:0:3', '10.140.1.4', '2a02:ec80:700:102:10:140:1:4', '10.140.0.4', '2a02:ec80:700:101:10:140:0:4', '10.140.1.5', '2a02:ec80:700:102:10:140:1:5', '10.140.0.5', '2a02:ec80:700:101:10:140:0:5', '10.140.1.6', '2a02:ec80:700:102:10:140:1:6', '10.140.0.6', '2a02:ec80:700:101:10:140:0:6', '10.140.1.7', '2a02:ec80:700:102:10:140:1:7', '10.140.0.7', '2a02:ec80:700:101:10:140:0:7', '10.140.1.8', '2a02:ec80:700:102:10:140:1:8', '10.140.0.8', '2a02:ec80:700:101:10:140:0:8', '10.140.1.9', '2a02:ec80:700:102:10:140:1:9', '10.140.0.9', '2a02:ec80:700:101:10:140:0:9', '10.140.1.10', '2a02:ec80:700:102:10:140:1:10', '10.140.0.10', '2a02:ec80:700:101:10:140:0:10', '10.140.1.11', '2a02:ec80:700:102:10:140:1:11']
+    kafkamon_hosts        => ['10.64.32.11', '2620:0:861:103:10:64:32:11', '10.192.16.139', '2620:0:860:102:10:192:16:139']
+    lb_health_checks      => ['10.64.0.136', '10.64.16.60', '10.64.158.19', '10.64.166.19', '10.64.133.19', '10.64.141.19', '10.64.169.19', '10.64.171.19', '10.64.173.19', '10.64.175.19', '10.64.177.19', '10.64.179.19', '10.64.181.19', '10.64.183.19', '10.64.185.19', '10.64.187.19', '10.64.189.19', '10.64.48.72', '10.64.37.17', '10.64.1.17', '10.64.17.17', '10.64.33.17', '10.64.130.20', '10.64.131.20', '10.64.132.20', '10.64.134.20', '10.64.135.20', '10.64.136.20', '10.64.158.20', '10.64.166.20', '10.64.133.20', '10.64.141.20', '10.64.169.20', '10.64.171.20', '10.64.173.20', '10.64.175.20', '10.64.177.20', '10.64.179.20', '10.64.181.20', '10.64.183.20', '10.64.185.20', '10.64.187.20', '10.64.189.20', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:107::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:119::/64', '2620:0:861:10c::/64', '2620:0:861:113::/64', '2620:0:861:119::/64', '2620:0:861:131::/64', '2620:0:861:133::/64', '2620:0:861:135::/64', '2620:0:861:137::/64', '2620:0:861:139::/64', '2620:0:861:13b::/64', '2620:0:861:13d::/64', '2620:0:861:13f::/64', '2620:0:861:142::/64', '2620:0:861:144::/64', '10.192.23.8', '10.192.0.29', '10.192.17.8', '10.192.33.8', '10.192.49.8', '10.192.23.2', '10.192.5.2', '10.192.6.2', '10.192.7.2', '10.192.8.2', '10.192.9.2', '10.192.10.2', '10.192.11.2', '10.192.12.2', '10.192.13.2', '10.192.14.2', '10.192.15.2', '10.192.21.2', '10.192.22.2', '10.192.4.2', '10.192.26.2', '10.192.27.2', '10.192.28.2', '10.192.29.2', '10.192.30.2', '10.192.31.2', '10.192.36.2', '10.192.37.2', '10.192.38.2', '10.192.39.2', '10.192.40.2', '10.192.41.2', '10.192.42.2', '10.192.43.2', '10.192.11.8', '10.192.16.140', '10.192.1.8', '10.192.33.9', '10.192.49.9', '10.192.23.3', '10.192.5.3', '10.192.6.3', '10.192.7.3', '10.192.8.3', '10.192.9.3', '10.192.10.3', '10.192.11.3', '10.192.12.3', '10.192.13.3', '10.192.14.3', '10.192.15.3', '10.192.21.3', '10.192.22.3', '10.192.4.3', '10.192.26.3', '10.192.27.3', '10.192.28.3', '10.192.29.3', '10.192.30.3', '10.192.31.3', '10.192.36.3', '10.192.37.3', '10.192.38.3', '10.192.39.4', '10.192.40.3', '10.192.41.3', '10.192.42.3', '10.192.43.3', '10.192.32.14', '10.192.1.9', '10.192.17.9', '10.192.49.10', '10.192.23.4', '10.192.5.4', '10.192.6.4', '10.192.7.4', '10.192.8.4', '10.192.9.4', '10.192.10.4', '10.192.11.4', '10.192.12.4', '10.192.13.4', '10.192.14.4', '10.192.15.4', '10.192.21.4', '10.192.22.4', '10.192.4.5', '10.192.26.5', '10.192.27.5', '10.192.28.5', '10.192.29.5', '10.192.30.5', '10.192.31.5', '10.192.36.5', '10.192.37.5', '10.192.38.5', '10.192.39.6', '10.192.40.5', '10.192.41.5', '10.192.42.5', '10.192.43.5', '10.192.48.213', '10.192.1.13', '10.192.17.10', '10.192.33.10', '10.192.23.5', '10.192.5.8', '10.192.6.5', '10.192.7.5', '10.192.8.5', '10.192.9.5', '10.192.10.5', '10.192.11.5', '10.192.12.5', '10.192.13.5', '10.192.14.5', '10.192.15.5', '10.192.21.5', '10.192.22.5', '10.192.4.5', '10.192.26.5', '10.192.27.5', '10.192.28.5', '10.192.29.5', '10.192.30.5', '10.192.31.5', '10.192.36.5', '10.192.37.5', '10.192.38.5', '10.192.39.6', '10.192.40.5', '10.192.41.5', '10.192.42.5', '10.192.43.5', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '10.80.0.3', '10.80.1.8', '10.80.1.14', '10.80.0.9', '10.80.0.2', '10.80.1.10', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '10.128.0.18', '10.128.0.9', '10.128.0.11', '2620:0:863:101::/64', '10.132.0.39', '10.132.0.6', '10.132.0.7', '2001:df2:e500:101::/64', '10.136.0.16', '10.136.1.19', '10.136.1.15', '10.136.0.19', '10.136.0.17', '10.136.1.20', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '10.140.0.13', '10.140.1.2', '10.140.1.14', '10.140.0.2', '10.140.0.14', '10.140.1.3', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64']
+    cumin_masters         => ['10.64.16.154', '2620:0:861:102:10:64:16:154', '10.192.32.49', '2620:0:860:103:10:192:32:49']
+    zookeeper_flink_hosts => ['10.64.16.9', '2620:0:861:102:10:64:16:9', '10.64.0.8', '2620:0:861:101:10:64:0:8', '10.64.32.41', '2620:0:861:103:10:64:32:41', '10.192.16.227', '2620:0:860:102:10:192:16:227', '10.192.32.179', '2620:0:860:103:10:192:32:179', '10.192.48.219', '2620:0:860:104:10:192:48:219']
+    install_hosts         => {'eqiad': '208.80.154.134', 'codfw': '208.80.153.70', 'esams': '185.15.59.101', 'ulsfo': '198.35.26.98', 'eqsin': '103.102.166.11', 'drmrs': '185.15.58.7', 'magru': '195.200.68.100'}
+    labstore_hosts        => ['208.80.154.142', '2620:0:861:2:208:80:154:142', '208.80.154.71', '2620:0:861:3:208:80:154:71']

File[/lib/systemd/system/prometheus-node-textfile-check-nft.service]

Parameters differences:

--- File[/lib/systemd/system/prometheus-node-textfile-check-nft.service].orig
+++ File[/lib/systemd/system/prometheus-node-textfile-check-nft.service]

+    group  => root
+    mode   => 0444
+    notify => Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]
+    ensure => present
+    owner  => root

Content differences:

--- /lib/systemd/system/prometheus-node-textfile-check-nft.service.orig
+++ /lib/systemd/system/prometheus-node-textfile-check-nft.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Systemd timer to gather node metrics for check-nft
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/local/bin/check-nft

File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft
@@ -0,0 +1,189 @@
+# Autogenerated by puppet
+set DOMAIN_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.128.0.0/24,
+             10.128.1.0/24,
+             10.128.2.0/24,
+             10.132.0.0/24,
+             10.132.2.0/24,
+             10.136.0.0/24,
+             10.136.1.0/24,
+             10.140.0.0/24,
+             10.140.1.0/24,
+             10.140.2.0/24,
+             10.192.0.0/22,
+             10.192.10.0/24,
+             10.192.11.0/24,
+             10.192.12.0/24,
+             10.192.13.0/24,
+             10.192.14.0/24,
+             10.192.15.0/24,
+             10.192.16.0/22,
+             10.192.20.0/24,
+             10.192.21.0/24,
+             10.192.22.0/24,
+             10.192.23.0/24,
+             10.192.24.0/23,
+             10.192.26.0/24,
+             10.192.27.0/24,
+             10.192.28.0/24,
+             10.192.29.0/24,
+             10.192.30.0/24,
+             10.192.31.0/24,
+             10.192.32.0/22,
+             10.192.36.0/24,
+             10.192.37.0/24,
+             10.192.38.0/24,
+             10.192.39.0/24,
+             10.192.4.0/24,
+             10.192.40.0/24,
+             10.192.41.0/24,
+             10.192.42.0/24,
+             10.192.43.0/24,
+             10.192.44.0/24,
+             10.192.45.0/24,
+             10.192.46.0/24,
+             10.192.47.0/24,
+             10.192.48.0/22,
+             10.192.5.0/24,
+             10.192.52.0/24,
+             10.192.56.0/24,
+             10.192.57.0/24,
+             10.192.58.0/24,
+             10.192.59.0/24,
+             10.192.6.0/24,
+             10.192.64.0/21,
+             10.192.7.0/24,
+             10.192.72.0/24,
+             10.192.76.0/24,
+             10.192.8.0/24,
+             10.192.80.0/20,
+             10.192.9.0/24,
+             10.192.96.0/21,
+             10.194.0.0/20,
+             10.194.128.0/17,
+             10.194.16.0/21,
+             10.194.61.0/24,
+             10.194.62.0/23,
+             10.194.64.0/20,
+             10.194.80.0/21,
+             10.2.1.0/24,
+             10.2.2.0/24,
+             10.2.3.0/24,
+             10.2.4.0/24,
+             10.2.5.0/24,
+             10.2.6.0/24,
+             10.2.7.0/24,
+             10.64.0.0/22,
+             10.64.130.0/24,
+             10.64.131.0/24,
+             10.64.132.0/24,
+             10.64.133.0/24,
+             10.64.134.0/24,
+             10.64.135.0/24,
+             10.64.136.0/24,
+             10.64.137.0/24,
+             10.64.138.0/24,
+             10.64.139.0/24,
+             10.64.140.0/24,
+             10.64.141.0/24,
+             10.64.142.0/24,
+             10.64.143.0/24,
+             10.64.144.0/24,
+             10.64.145.0/24,
+             10.64.148.0/24,
+             10.64.149.0/24,
+             10.64.150.0/24,
+             10.64.151.0/24,
+             10.64.152.0/24,
+             10.64.153.0/24,
+             10.64.154.0/24,
+             10.64.155.0/24,
+             10.64.156.0/24,
+             10.64.157.0/24,
+             10.64.158.0/24,
+             10.64.159.0/24,
+             10.64.16.0/22,
+             10.64.160.0/24,
+             10.64.161.0/24,
+             10.64.162.0/24,
+             10.64.163.0/24,
+             10.64.164.0/24,
+             10.64.165.0/24,
+             10.64.166.0/24,
+             10.64.167.0/24,
+             10.64.169.0/24,
+             10.64.170.0/24,
+             10.64.171.0/24,
+             10.64.172.0/24,
+             10.64.173.0/24,
+             10.64.174.0/24,
+             10.64.175.0/24,
+             10.64.176.0/24,
+             10.64.177.0/24,
+             10.64.178.0/24,
+             10.64.179.0/24,
+             10.64.180.0/24,
+             10.64.181.0/24,
+             10.64.182.0/24,
+             10.64.183.0/24,
+             10.64.184.0/24,
+             10.64.185.0/24,
+             10.64.186.0/24,
+             10.64.187.0/24,
+             10.64.188.0/24,
+             10.64.189.0/24,
+             10.64.190.0/24,
+             10.64.20.0/24,
+             10.64.21.0/24,
+             10.64.24.0/23,
+             10.64.32.0/22,
+             10.64.36.0/24,
+             10.64.48.0/22,
+             10.64.5.0/24,
+             10.64.53.0/24,
+             10.64.64.0/21,
+             10.64.72.0/24,
+             10.64.76.0/24,
+             10.67.0.0/20,
+             10.67.128.0/17,
+             10.67.16.0/21,
+             10.67.24.0/21,
+             10.67.32.0/20,
+             10.67.64.0/20,
+             10.67.80.0/21,
+             10.80.0.0/24,
+             10.80.1.0/24,
+             10.80.2.0/24,
+             103.102.166.0/28,
+             103.102.166.224/27,
+             103.102.166.96/27,
+             185.15.58.0/27,
+             185.15.58.224/27,
+             185.15.58.32/27,
+             185.15.59.0/27,
+             185.15.59.224/27,
+             185.15.59.32/27,
+             185.15.59.96/27,
+             195.200.68.0/27,
+             195.200.68.224/27,
+             195.200.68.32/27,
+             195.200.68.96/27,
+             198.35.26.0/27,
+             198.35.26.32/27,
+             198.35.26.96/27,
+             208.80.152.128/27,
+             208.80.153.0/27,
+             208.80.153.224/27,
+             208.80.153.32/27,
+             208.80.153.64/27,
+             208.80.153.96/27,
+             208.80.154.0/26,
+             208.80.154.128/26,
+             208.80.154.224/27,
+             208.80.154.64/26,
+             208.80.155.96/27
+    }
+}

File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft
@@ -0,0 +1,189 @@
+# Autogenerated by puppet
+set PRODUCTION_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.128.0.0/24,
+             10.128.1.0/24,
+             10.128.2.0/24,
+             10.132.0.0/24,
+             10.132.2.0/24,
+             10.136.0.0/24,
+             10.136.1.0/24,
+             10.140.0.0/24,
+             10.140.1.0/24,
+             10.140.2.0/24,
+             10.192.0.0/22,
+             10.192.10.0/24,
+             10.192.11.0/24,
+             10.192.12.0/24,
+             10.192.13.0/24,
+             10.192.14.0/24,
+             10.192.15.0/24,
+             10.192.16.0/22,
+             10.192.20.0/24,
+             10.192.21.0/24,
+             10.192.22.0/24,
+             10.192.23.0/24,
+             10.192.24.0/23,
+             10.192.26.0/24,
+             10.192.27.0/24,
+             10.192.28.0/24,
+             10.192.29.0/24,
+             10.192.30.0/24,
+             10.192.31.0/24,
+             10.192.32.0/22,
+             10.192.36.0/24,
+             10.192.37.0/24,
+             10.192.38.0/24,
+             10.192.39.0/24,
+             10.192.4.0/24,
+             10.192.40.0/24,
+             10.192.41.0/24,
+             10.192.42.0/24,
+             10.192.43.0/24,
+             10.192.44.0/24,
+             10.192.45.0/24,
+             10.192.46.0/24,
+             10.192.47.0/24,
+             10.192.48.0/22,
+             10.192.5.0/24,
+             10.192.52.0/24,
+             10.192.56.0/24,
+             10.192.57.0/24,
+             10.192.58.0/24,
+             10.192.59.0/24,
+             10.192.6.0/24,
+             10.192.64.0/21,
+             10.192.7.0/24,
+             10.192.72.0/24,
+             10.192.76.0/24,
+             10.192.8.0/24,
+             10.192.80.0/20,
+             10.192.9.0/24,
+             10.192.96.0/21,
+             10.194.0.0/20,
+             10.194.128.0/17,
+             10.194.16.0/21,
+             10.194.61.0/24,
+             10.194.62.0/23,
+             10.194.64.0/20,
+             10.194.80.0/21,
+             10.2.1.0/24,
+             10.2.2.0/24,
+             10.2.3.0/24,
+             10.2.4.0/24,
+             10.2.5.0/24,
+             10.2.6.0/24,
+             10.2.7.0/24,
+             10.64.0.0/22,
+             10.64.130.0/24,
+             10.64.131.0/24,
+             10.64.132.0/24,
+             10.64.133.0/24,
+             10.64.134.0/24,
+             10.64.135.0/24,
+             10.64.136.0/24,
+             10.64.137.0/24,
+             10.64.138.0/24,
+             10.64.139.0/24,
+             10.64.140.0/24,
+             10.64.141.0/24,
+             10.64.142.0/24,
+             10.64.143.0/24,
+             10.64.144.0/24,
+             10.64.145.0/24,
+             10.64.148.0/24,
+             10.64.149.0/24,
+             10.64.150.0/24,
+             10.64.151.0/24,
+             10.64.152.0/24,
+             10.64.153.0/24,
+             10.64.154.0/24,
+             10.64.155.0/24,
+             10.64.156.0/24,
+             10.64.157.0/24,
+             10.64.158.0/24,
+             10.64.159.0/24,
+             10.64.16.0/22,
+             10.64.160.0/24,
+             10.64.161.0/24,
+             10.64.162.0/24,
+             10.64.163.0/24,
+             10.64.164.0/24,
+             10.64.165.0/24,
+             10.64.166.0/24,
+             10.64.167.0/24,
+             10.64.169.0/24,
+             10.64.170.0/24,
+             10.64.171.0/24,
+             10.64.172.0/24,
+             10.64.173.0/24,
+             10.64.174.0/24,
+             10.64.175.0/24,
+             10.64.176.0/24,
+             10.64.177.0/24,
+             10.64.178.0/24,
+             10.64.179.0/24,
+             10.64.180.0/24,
+             10.64.181.0/24,
+             10.64.182.0/24,
+             10.64.183.0/24,
+             10.64.184.0/24,
+             10.64.185.0/24,
+             10.64.186.0/24,
+             10.64.187.0/24,
+             10.64.188.0/24,
+             10.64.189.0/24,
+             10.64.190.0/24,
+             10.64.20.0/24,
+             10.64.21.0/24,
+             10.64.24.0/23,
+             10.64.32.0/22,
+             10.64.36.0/24,
+             10.64.48.0/22,
+             10.64.5.0/24,
+             10.64.53.0/24,
+             10.64.64.0/21,
+             10.64.72.0/24,
+             10.64.76.0/24,
+             10.67.0.0/20,
+             10.67.128.0/17,
+             10.67.16.0/21,
+             10.67.24.0/21,
+             10.67.32.0/20,
+             10.67.64.0/20,
+             10.67.80.0/21,
+             10.80.0.0/24,
+             10.80.1.0/24,
+             10.80.2.0/24,
+             103.102.166.0/28,
+             103.102.166.224/27,
+             103.102.166.96/27,
+             185.15.58.0/27,
+             185.15.58.224/27,
+             185.15.58.32/27,
+             185.15.59.0/27,
+             185.15.59.224/27,
+             185.15.59.32/27,
+             185.15.59.96/27,
+             195.200.68.0/27,
+             195.200.68.224/27,
+             195.200.68.32/27,
+             195.200.68.96/27,
+             198.35.26.0/27,
+             198.35.26.32/27,
+             198.35.26.96/27,
+             208.80.152.128/27,
+             208.80.153.0/27,
+             208.80.153.224/27,
+             208.80.153.32/27,
+             208.80.153.64/27,
+             208.80.153.96/27,
+             208.80.154.0/26,
+             208.80.154.128/26,
+             208.80.154.224/27,
+             208.80.154.64/26,
+             208.80.155.96/27
+    }
+}

File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft.orig
+++ /etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set CLOUD_NETWORKS_PUBLIC_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2a02:ec80:a000:4000::/64,
+             2a02:ec80:a100:4000::/64
+    }
+}

File[/etc/ferm/ferm.conf]

Parameters differences:

--- File[/etc/ferm/ferm.conf].orig
+++ File[/etc/ferm/ferm.conf]

-    group   => root
-    mode    => 0400
-    require => Package[ferm]
-    notify  => Service[ferm]
-    ensure  => file
-    owner   => root
-    source  => puppet:///modules/ferm/ferm.conf

Service[ferm]

Parameters differences:

--- Service[ferm].orig
+++ Service[ferm]

-    ensure  => running
-    restart => /bin/systemctl reload-or-restart ferm

File[/etc/ferm/conf.d/00_defs]

Parameters differences:

--- File[/etc/ferm/conf.d/00_defs].orig
+++ File[/etc/ferm/conf.d/00_defs]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/00_defs.orig
+++ /etc/ferm/conf.d/00_defs
@@ -1,1139 +0,0 @@
-
-@def $LINK_LOCAL = (169.254.0.0/16 fe80::/10);
-@def $INTERNAL = (10.0.0.0/8 2620:0:860:100::/56 2620:0:861:100::/56 2620:0:863:100::/56 2001:df2:e500:100::/56 2a02:ec80:300:100::/56 2a02:ec80:600:100::/56 2a02:ec80:700:100::/56 2a02:ec80:ff00:100::/56);
-# $DOMAIN_NETWORKS is a set of all networks belonging to a domain.
-# a domain is a realm currently, but the notion is more generic than that on purpose
-@def $DOMAIN_NETWORKS = (10.128.0.0/24 10.128.1.0/24 10.128.2.0/24 10.132.0.0/24 10.132.2.0/24 10.136.0.0/24 10.136.1.0/24 10.140.0.0/24 10.140.1.0/24 10.140.2.0/24 10.192.0.0/22 10.192.10.0/24 10.192.11.0/24 10.192.12.0/24 10.192.13.0/24 10.192.14.0/24 10.192.15.0/24 10.192.16.0/22 10.192.20.0/24 10.192.21.0/24 10.192.22.0/24 10.192.23.0/24 10.192.24.0/23 10.192.26.0/24 10.192.27.0/24 10.192.28.0/24 10.192.29.0/24 10.192.30.0/24 10.192.31.0/24 10.192.32.0/22 10.192.36.0/24 10.192.37.0/24 10.192.38.0/24 10.192.39.0/24 10.192.4.0/24 10.192.40.0/24 10.192.41.0/24 10.192.42.0/24 10.192.43.0/24 10.192.44.0/24 10.192.45.0/24 10.192.46.0/24 10.192.47.0/24 10.192.48.0/22 10.192.5.0/24 10.192.52.0/24 10.192.56.0/24 10.192.57.0/24 10.192.58.0/24 10.192.59.0/24 10.192.6.0/24 10.192.64.0/21 10.192.7.0/24 10.192.72.0/24 10.192.76.0/24 10.192.8.0/24 10.192.80.0/20 10.192.9.0/24 10.192.96.0/21 10.194.0.0/20 10.194.128.0/17 10.194.16.0/21 10.194.61.0/24 10.194.62.0/23 10.194.64.0/20 10.194.80.0/21 10.2.1.0/24 10.2.2.0/24 10.2.3.0/24 10.2.4.0/24 10.2.5.0/24 10.2.6.0/24 10.2.7.0/24 10.64.0.0/22 10.64.130.0/24 10.64.131.0/24 10.64.132.0/24 10.64.133.0/24 10.64.134.0/24 10.64.135.0/24 10.64.136.0/24 10.64.137.0/24 10.64.138.0/24 10.64.139.0/24 10.64.140.0/24 10.64.141.0/24 10.64.142.0/24 10.64.143.0/24 10.64.144.0/24 10.64.145.0/24 10.64.148.0/24 10.64.149.0/24 10.64.150.0/24 10.64.151.0/24 10.64.152.0/24 10.64.153.0/24 10.64.154.0/24 10.64.155.0/24 10.64.156.0/24 10.64.157.0/24 10.64.158.0/24 10.64.159.0/24 10.64.16.0/22 10.64.160.0/24 10.64.161.0/24 10.64.162.0/24 10.64.163.0/24 10.64.164.0/24 10.64.165.0/24 10.64.166.0/24 10.64.167.0/24 10.64.169.0/24 10.64.170.0/24 10.64.171.0/24 10.64.172.0/24 10.64.173.0/24 10.64.174.0/24 10.64.175.0/24 10.64.176.0/24 10.64.177.0/24 10.64.178.0/24 10.64.179.0/24 10.64.180.0/24 10.64.181.0/24 10.64.182.0/24 10.64.183.0/24 10.64.184.0/24 10.64.185.0/24 10.64.186.0/24 10.64.187.0/24 10.64.188.0/24 10.64.189.0/24 10.64.190.0/24 10.64.20.0/24 10.64.21.0/24 10.64.24.0/23 10.64.32.0/22 10.64.36.0/24 10.64.48.0/22 10.64.5.0/24 10.64.53.0/24 10.64.64.0/21 10.64.72.0/24 10.64.76.0/24 10.67.0.0/20 10.67.128.0/17 10.67.16.0/21 10.67.24.0/21 10.67.32.0/20 10.67.64.0/20 10.67.80.0/21 10.80.0.0/24 10.80.1.0/24 10.80.2.0/24 103.102.166.0/28 103.102.166.224/27 103.102.166.96/27 185.15.58.0/27 185.15.58.224/27 185.15.58.32/27 185.15.59.0/27 185.15.59.224/27 185.15.59.32/27 185.15.59.96/27 195.200.68.0/27 195.200.68.224/27 195.200.68.32/27 195.200.68.96/27 198.35.26.0/27 198.35.26.32/27 198.35.26.96/27 198.35.26.96/27 2001:df2:e500:101::/64 2001:df2:e500:103::/64 2001:df2:e500:1::/64 2001:df2:e500:3::/64 2001:df2:e500:ed1a::/64 208.80.152.128/27 208.80.153.0/27 208.80.153.224/27 208.80.153.32/27 208.80.153.64/27 208.80.153.96/27 208.80.154.0/26 208.80.154.128/26 208.80.154.224/27 208.80.154.64/26 208.80.155.96/27 2620:0:860:100::/64 2620:0:860:101::/64 2620:0:860:102::/64 2620:0:860:103::/64 2620:0:860:104::/64 2620:0:860:105::/64 2620:0:860:106::/64 2620:0:860:107::/64 2620:0:860:108::/64 2620:0:860:109::/64 2620:0:860:10a::/64 2620:0:860:10b::/64 2620:0:860:10c::/64 2620:0:860:10d::/64 2620:0:860:10e::/64 2620:0:860:10f::/64 2620:0:860:110::/64 2620:0:860:111::/64 2620:0:860:112::/64 2620:0:860:113::/64 2620:0:860:114::/64 2620:0:860:115::/64 2620:0:860:116::/64 2620:0:860:118::/64 2620:0:860:119::/64 2620:0:860:11a::/64 2620:0:860:11b::/64 2620:0:860:11c::/64 2620:0:860:11d::/64 2620:0:860:11e::/64 2620:0:860:11f::/64 2620:0:860:120::/64 2620:0:860:121::/64 2620:0:860:122::/64 2620:0:860:123::/64 2620:0:860:124::/64 2620:0:860:125::/64 2620:0:860:126::/64 2620:0:860:127::/64 2620:0:860:12b::/64 2620:0:860:12c::/64 2620:0:860:12d::/64 2620:0:860:12e::/64 2620:0:860:140::/64 2620:0:860:1::/64 2620:0:860:2::/64 2620:0:860:300::/64 2620:0:860:301::/64 2620:0:860:302::/64 2620:0:860:303::/64 2620:0:860:304::/64 2620:0:860:305::/64 2620:0:860:307::/64 2620:0:860:308::/64 2620:0:860:3::/64 2620:0:860:4::/64 2620:0:860:5::/64 2620:0:860:babe::/64 2620:0:860:babf::/64 2620:0:860:cabe::/64 2620:0:860:cabf::/64 2620:0:860:ed1a::/64 2620:0:861:100::/64 2620:0:861:101::/64 2620:0:861:102::/64 2620:0:861:103::/64 2620:0:861:104::/64 2620:0:861:105::/64 2620:0:861:106::/64 2620:0:861:107::/64 2620:0:861:108::/64 2620:0:861:109::/64 2620:0:861:10a::/64 2620:0:861:10b::/64 2620:0:861:10c::/64 2620:0:861:10d::/64 2620:0:861:10e::/64 2620:0:861:10f::/64 2620:0:861:110::/64 2620:0:861:111::/64 2620:0:861:112::/64 2620:0:861:113::/64 2620:0:861:114::/64 2620:0:861:115::/64 2620:0:861:116::/64 2620:0:861:117::/64 2620:0:861:118::/64 2620:0:861:119::/64 2620:0:861:11a::/64 2620:0:861:11c::/64 2620:0:861:11d::/64 2620:0:861:11e::/64 2620:0:861:11f::/64 2620:0:861:120::/64 2620:0:861:121::/64 2620:0:861:122::/64 2620:0:861:123::/64 2620:0:861:124::/64 2620:0:861:125::/64 2620:0:861:126::/64 2620:0:861:127::/64 2620:0:861:128::/64 2620:0:861:129::/64 2620:0:861:12a::/64 2620:0:861:12b::/64 2620:0:861:12c::/64 2620:0:861:12d::/64 2620:0:861:12e::/64 2620:0:861:12f::/64 2620:0:861:131::/64 2620:0:861:132::/64 2620:0:861:133::/64 2620:0:861:134::/64 2620:0:861:135::/64 2620:0:861:136::/64 2620:0:861:137::/64 2620:0:861:138::/64 2620:0:861:139::/64 2620:0:861:13a::/64 2620:0:861:13b::/64 2620:0:861:13c::/64 2620:0:861:13d::/64 2620:0:861:13e::/64 2620:0:861:13f::/64 2620:0:861:140::/64 2620:0:861:141::/64 2620:0:861:142::/64 2620:0:861:143::/64 2620:0:861:144::/64 2620:0:861:145::/64 2620:0:861:1::/64 2620:0:861:2::/64 2620:0:861:300::/64 2620:0:861:301::/116 2620:0:861:302::/64 2620:0:861:303::/116 2620:0:861:304::/116 2620:0:861:305::/64 2620:0:861:3::/64 2620:0:861:4::/64 2620:0:861:babe::/64 2620:0:861:babf::/116 2620:0:861:cabe::/64 2620:0:861:cabf::/116 2620:0:861:ed1a::/64 2620:0:863:101::/64 2620:0:863:102::/64 2620:0:863:103::/64 2620:0:863:1::/64 2620:0:863:2::/64 2620:0:863:3::/64 2620:0:863:ed1a::/64 2a02:ec80:300:101::/64 2a02:ec80:300:102::/64 2a02:ec80:300:103::/64 2a02:ec80:300:1::/64 2a02:ec80:300:2::/64 2a02:ec80:300:3::/64 2a02:ec80:300:ed1a::/64 2a02:ec80:600:101::/64 2a02:ec80:600:102::/64 2a02:ec80:600:1::/64 2a02:ec80:600:2::/64 2a02:ec80:600:ed1a::/64 2a02:ec80:700:101::/64 2a02:ec80:700:102::/64 2a02:ec80:700:103::/64 2a02:ec80:700:1::/64 2a02:ec80:700:2::/64 2a02:ec80:700:3::/64 2a02:ec80:700:ed1a::/64 );
-
-# $PRODUCTION_NETWORKS is a set of all production networks
-@def $PRODUCTION_NETWORKS = (10.128.0.0/24 10.128.1.0/24 10.128.2.0/24 10.132.0.0/24 10.132.2.0/24 10.136.0.0/24 10.136.1.0/24 10.140.0.0/24 10.140.1.0/24 10.140.2.0/24 10.192.0.0/22 10.192.10.0/24 10.192.11.0/24 10.192.12.0/24 10.192.13.0/24 10.192.14.0/24 10.192.15.0/24 10.192.16.0/22 10.192.20.0/24 10.192.21.0/24 10.192.22.0/24 10.192.23.0/24 10.192.24.0/23 10.192.26.0/24 10.192.27.0/24 10.192.28.0/24 10.192.29.0/24 10.192.30.0/24 10.192.31.0/24 10.192.32.0/22 10.192.36.0/24 10.192.37.0/24 10.192.38.0/24 10.192.39.0/24 10.192.4.0/24 10.192.40.0/24 10.192.41.0/24 10.192.42.0/24 10.192.43.0/24 10.192.44.0/24 10.192.45.0/24 10.192.46.0/24 10.192.47.0/24 10.192.48.0/22 10.192.5.0/24 10.192.52.0/24 10.192.56.0/24 10.192.57.0/24 10.192.58.0/24 10.192.59.0/24 10.192.6.0/24 10.192.64.0/21 10.192.7.0/24 10.192.72.0/24 10.192.76.0/24 10.192.8.0/24 10.192.80.0/20 10.192.9.0/24 10.192.96.0/21 10.194.0.0/20 10.194.128.0/17 10.194.16.0/21 10.194.61.0/24 10.194.62.0/23 10.194.64.0/20 10.194.80.0/21 10.2.1.0/24 10.2.2.0/24 10.2.3.0/24 10.2.4.0/24 10.2.5.0/24 10.2.6.0/24 10.2.7.0/24 10.64.0.0/22 10.64.130.0/24 10.64.131.0/24 10.64.132.0/24 10.64.133.0/24 10.64.134.0/24 10.64.135.0/24 10.64.136.0/24 10.64.137.0/24 10.64.138.0/24 10.64.139.0/24 10.64.140.0/24 10.64.141.0/24 10.64.142.0/24 10.64.143.0/24 10.64.144.0/24 10.64.145.0/24 10.64.148.0/24 10.64.149.0/24 10.64.150.0/24 10.64.151.0/24 10.64.152.0/24 10.64.153.0/24 10.64.154.0/24 10.64.155.0/24 10.64.156.0/24 10.64.157.0/24 10.64.158.0/24 10.64.159.0/24 10.64.16.0/22 10.64.160.0/24 10.64.161.0/24 10.64.162.0/24 10.64.163.0/24 10.64.164.0/24 10.64.165.0/24 10.64.166.0/24 10.64.167.0/24 10.64.169.0/24 10.64.170.0/24 10.64.171.0/24 10.64.172.0/24 10.64.173.0/24 10.64.174.0/24 10.64.175.0/24 10.64.176.0/24 10.64.177.0/24 10.64.178.0/24 10.64.179.0/24 10.64.180.0/24 10.64.181.0/24 10.64.182.0/24 10.64.183.0/24 10.64.184.0/24 10.64.185.0/24 10.64.186.0/24 10.64.187.0/24 10.64.188.0/24 10.64.189.0/24 10.64.190.0/24 10.64.20.0/24 10.64.21.0/24 10.64.24.0/23 10.64.32.0/22 10.64.36.0/24 10.64.48.0/22 10.64.5.0/24 10.64.53.0/24 10.64.64.0/21 10.64.72.0/24 10.64.76.0/24 10.67.0.0/20 10.67.128.0/17 10.67.16.0/21 10.67.24.0/21 10.67.32.0/20 10.67.64.0/20 10.67.80.0/21 10.80.0.0/24 10.80.1.0/24 10.80.2.0/24 103.102.166.0/28 103.102.166.224/27 103.102.166.96/27 185.15.58.0/27 185.15.58.224/27 185.15.58.32/27 185.15.59.0/27 185.15.59.224/27 185.15.59.32/27 185.15.59.96/27 195.200.68.0/27 195.200.68.224/27 195.200.68.32/27 195.200.68.96/27 198.35.26.0/27 198.35.26.32/27 198.35.26.96/27 198.35.26.96/27 2001:df2:e500:101::/64 2001:df2:e500:103::/64 2001:df2:e500:1::/64 2001:df2:e500:3::/64 2001:df2:e500:ed1a::/64 208.80.152.128/27 208.80.153.0/27 208.80.153.224/27 208.80.153.32/27 208.80.153.64/27 208.80.153.96/27 208.80.154.0/26 208.80.154.128/26 208.80.154.224/27 208.80.154.64/26 208.80.155.96/27 2620:0:860:100::/64 2620:0:860:101::/64 2620:0:860:102::/64 2620:0:860:103::/64 2620:0:860:104::/64 2620:0:860:105::/64 2620:0:860:106::/64 2620:0:860:107::/64 2620:0:860:108::/64 2620:0:860:109::/64 2620:0:860:10a::/64 2620:0:860:10b::/64 2620:0:860:10c::/64 2620:0:860:10d::/64 2620:0:860:10e::/64 2620:0:860:10f::/64 2620:0:860:110::/64 2620:0:860:111::/64 2620:0:860:112::/64 2620:0:860:113::/64 2620:0:860:114::/64 2620:0:860:115::/64 2620:0:860:116::/64 2620:0:860:118::/64 2620:0:860:119::/64 2620:0:860:11a::/64 2620:0:860:11b::/64 2620:0:860:11c::/64 2620:0:860:11d::/64 2620:0:860:11e::/64 2620:0:860:11f::/64 2620:0:860:120::/64 2620:0:860:121::/64 2620:0:860:122::/64 2620:0:860:123::/64 2620:0:860:124::/64 2620:0:860:125::/64 2620:0:860:126::/64 2620:0:860:127::/64 2620:0:860:12b::/64 2620:0:860:12c::/64 2620:0:860:12d::/64 2620:0:860:12e::/64 2620:0:860:140::/64 2620:0:860:1::/64 2620:0:860:2::/64 2620:0:860:300::/64 2620:0:860:301::/64 2620:0:860:302::/64 2620:0:860:303::/64 2620:0:860:304::/64 2620:0:860:305::/64 2620:0:860:307::/64 2620:0:860:308::/64 2620:0:860:3::/64 2620:0:860:4::/64 2620:0:860:5::/64 2620:0:860:babe::/64 2620:0:860:babf::/64 2620:0:860:cabe::/64 2620:0:860:cabf::/64 2620:0:860:ed1a::/64 2620:0:861:100::/64 2620:0:861:101::/64 2620:0:861:102::/64 2620:0:861:103::/64 2620:0:861:104::/64 2620:0:861:105::/64 2620:0:861:106::/64 2620:0:861:107::/64 2620:0:861:108::/64 2620:0:861:109::/64 2620:0:861:10a::/64 2620:0:861:10b::/64 2620:0:861:10c::/64 2620:0:861:10d::/64 2620:0:861:10e::/64 2620:0:861:10f::/64 2620:0:861:110::/64 2620:0:861:111::/64 2620:0:861:112::/64 2620:0:861:113::/64 2620:0:861:114::/64 2620:0:861:115::/64 2620:0:861:116::/64 2620:0:861:117::/64 2620:0:861:118::/64 2620:0:861:119::/64 2620:0:861:11a::/64 2620:0:861:11c::/64 2620:0:861:11d::/64 2620:0:861:11e::/64 2620:0:861:11f::/64 2620:0:861:120::/64 2620:0:861:121::/64 2620:0:861:122::/64 2620:0:861:123::/64 2620:0:861:124::/64 2620:0:861:125::/64 2620:0:861:126::/64 2620:0:861:127::/64 2620:0:861:128::/64 2620:0:861:129::/64 2620:0:861:12a::/64 2620:0:861:12b::/64 2620:0:861:12c::/64 2620:0:861:12d::/64 2620:0:861:12e::/64 2620:0:861:12f::/64 2620:0:861:131::/64 2620:0:861:132::/64 2620:0:861:133::/64 2620:0:861:134::/64 2620:0:861:135::/64 2620:0:861:136::/64 2620:0:861:137::/64 2620:0:861:138::/64 2620:0:861:139::/64 2620:0:861:13a::/64 2620:0:861:13b::/64 2620:0:861:13c::/64 2620:0:861:13d::/64 2620:0:861:13e::/64 2620:0:861:13f::/64 2620:0:861:140::/64 2620:0:861:141::/64 2620:0:861:142::/64 2620:0:861:143::/64 2620:0:861:144::/64 2620:0:861:145::/64 2620:0:861:1::/64 2620:0:861:2::/64 2620:0:861:300::/64 2620:0:861:301::/116 2620:0:861:302::/64 2620:0:861:303::/116 2620:0:861:304::/116 2620:0:861:305::/64 2620:0:861:3::/64 2620:0:861:4::/64 2620:0:861:babe::/64 2620:0:861:babf::/116 2620:0:861:cabe::/64 2620:0:861:cabf::/116 2620:0:861:ed1a::/64 2620:0:863:101::/64 2620:0:863:102::/64 2620:0:863:103::/64 2620:0:863:1::/64 2620:0:863:2::/64 2620:0:863:3::/64 2620:0:863:ed1a::/64 2a02:ec80:300:101::/64 2a02:ec80:300:102::/64 2a02:ec80:300:103::/64 2a02:ec80:300:1::/64 2a02:ec80:300:2::/64 2a02:ec80:300:3::/64 2a02:ec80:300:ed1a::/64 2a02:ec80:600:101::/64 2a02:ec80:600:102::/64 2a02:ec80:600:1::/64 2a02:ec80:600:2::/64 2a02:ec80:600:ed1a::/64 2a02:ec80:700:101::/64 2a02:ec80:700:102::/64 2a02:ec80:700:103::/64 2a02:ec80:700:1::/64 2a02:ec80:700:2::/64 2a02:ec80:700:3::/64 2a02:ec80:700:ed1a::/64 );
-# $CLOUD_NETWORKS is a set of all Cloud VPS instance networks
-@def $CLOUD_NETWORKS = (172.16.0.0/21 172.16.128.0/24 172.16.129.0/24 172.16.130.0/24 172.16.131.0/24 172.16.16.0/21 172.16.24.0/24 172.16.8.0/21 172.20.1.0/24 172.20.2.0/24 172.20.254.0/24 172.20.255.0/24 172.20.3.0/24 172.20.4.0/24 172.20.5.0/24 185.15.56.0/25 185.15.56.160/28 185.15.57.0/29 185.15.57.16/29 185.15.57.24/29 2a02:ec80:a000:100::/64 2a02:ec80:a000:1::/64 2a02:ec80:a000:201::/64 2a02:ec80:a000:202::/64 2a02:ec80:a000:203::/64 2a02:ec80:a000:204::/64 2a02:ec80:a000:2ff::/64 2a02:ec80:a000:4000::/64 2a02:ec80:a100:100::/64 2a02:ec80:a100:1::/64 2a02:ec80:a100:205::/64 2a02:ec80:a100:2ff::/64 2a02:ec80:a100:4000::/64 );
-# $LABS_NETWORKS is a deprecated alias for $CLOUD_NETWORKS
-@def $LABS_NETWORKS = (172.16.0.0/21 172.16.128.0/24 172.16.129.0/24 172.16.130.0/24 172.16.131.0/24 172.16.16.0/21 172.16.24.0/24 172.16.8.0/21 172.20.1.0/24 172.20.2.0/24 172.20.254.0/24 172.20.255.0/24 172.20.3.0/24 172.20.4.0/24 172.20.5.0/24 185.15.56.0/25 185.15.56.160/28 185.15.57.0/29 185.15.57.16/29 185.15.57.24/29 2a02:ec80:a000:100::/64 2a02:ec80:a000:1::/64 2a02:ec80:a000:201::/64 2a02:ec80:a000:202::/64 2a02:ec80:a000:203::/64 2a02:ec80:a000:204::/64 2a02:ec80:a000:2ff::/64 2a02:ec80:a000:4000::/64 2a02:ec80:a100:100::/64 2a02:ec80:a100:1::/64 2a02:ec80:a100:205::/64 2a02:ec80:a100:2ff::/64 2a02:ec80:a100:4000::/64 );
-# $CLOUD_NETWORKS_PUBLIC is meant to be a set of all Cloud public networks
-@def $CLOUD_NETWORKS_PUBLIC = (185.15.56.0/25 185.15.56.160/28 185.15.57.0/29 185.15.57.16/29 185.15.57.24/29 2a02:ec80:a000:4000::/64 2a02:ec80:a100:4000::/64 );
-# $CLOUD_PRIVATE_NETWORKS is the cloud-private networks with WMCS
-# hardware with cloud realm private 172.20.x.x addresses. These
-# hosts are dual-homed, usually also in at least cloud-hosts.
-@def $CLOUD_PRIVATE_NETWORKS = (172.20.1.0/24 172.20.2.0/24 172.20.3.0/24 172.20.4.0/24 2a02:ec80:a000:201::/64 2a02:ec80:a000:202::/64 2a02:ec80:a000:203::/64 2a02:ec80:a000:204::/64 172.20.5.0/24 2a02:ec80:a100:205::/64);
-# $FRACK_NETWORKS is meant to be a set of all fundraising networks
-@def $FRACK_NETWORKS = (10.195.0.0/27 10.195.0.128/29 10.195.0.32/27 10.195.0.64/28 10.195.0.80/29 10.195.0.96/27 10.195.1.0/25 10.64.40.0/27 10.64.40.160/27 10.64.40.192/26 10.64.40.32/27 10.64.40.64/27 10.64.40.96/27 208.80.152.224/28 208.80.155.0/27 );
-
-@def $ANALYTICS_NETWORKS = (10.64.137.0/24 10.64.138.0/24 10.64.139.0/24 10.64.140.0/24 10.64.142.0/24 10.64.143.0/24 10.64.144.0/24 10.64.145.0/24 10.64.153.0/24 10.64.155.0/24 10.64.157.0/24 10.64.159.0/24 10.64.161.0/24 10.64.163.0/24 10.64.165.0/24 10.64.167.0/24 10.64.170.0/24 10.64.172.0/24 10.64.174.0/24 10.64.176.0/24 10.64.178.0/24 10.64.180.0/24 10.64.182.0/24 10.64.184.0/24 10.64.186.0/24 10.64.188.0/24 10.64.190.0/24 10.64.21.0/24 10.64.36.0/24 10.64.5.0/24 10.64.53.0/24 2620:0:861:100::/64 2620:0:861:104::/64 2620:0:861:105::/64 2620:0:861:106::/64 2620:0:861:108::/64 2620:0:861:110::/64 2620:0:861:111::/64 2620:0:861:112::/64 2620:0:861:114::/64 2620:0:861:115::/64 2620:0:861:116::/64 2620:0:861:117::/64 2620:0:861:11a::/64 2620:0:861:121::/64 2620:0:861:123::/64 2620:0:861:125::/64 2620:0:861:127::/64 2620:0:861:129::/64 2620:0:861:12b::/64 2620:0:861:12d::/64 2620:0:861:12f::/64 2620:0:861:132::/64 2620:0:861:134::/64 2620:0:861:136::/64 2620:0:861:138::/64 2620:0:861:13a::/64 2620:0:861:13c::/64 2620:0:861:13e::/64 2620:0:861:141::/64 2620:0:861:143::/64 2620:0:861:145::/64 );
-@def $MW_APPSERVER_NETWORKS = (10.64.0.0/22 10.64.130.0/24 10.64.131.0/24 10.64.132.0/24 10.64.133.0/24 10.64.134.0/24 10.64.135.0/24 10.64.136.0/24 10.64.141.0/24 10.64.152.0/24 10.64.154.0/24 10.64.156.0/24 10.64.158.0/24 10.64.16.0/22 10.64.160.0/24 10.64.162.0/24 10.64.164.0/24 10.64.166.0/24 10.64.169.0/24 10.64.171.0/24 10.64.173.0/24 10.64.175.0/24 10.64.177.0/24 10.64.179.0/24 10.64.181.0/24 10.64.183.0/24 10.64.185.0/24 10.64.187.0/24 10.64.189.0/24 10.64.32.0/22 10.64.48.0/22 2620:0:861:101::/64 2620:0:861:102::/64 2620:0:861:103::/64 2620:0:861:107::/64 2620:0:861:109::/64 2620:0:861:10a::/64 2620:0:861:10b::/64 2620:0:861:10c::/64 2620:0:861:10d::/64 2620:0:861:10e::/64 2620:0:861:10f::/64 2620:0:861:113::/64 2620:0:861:119::/64 2620:0:861:120::/64 2620:0:861:122::/64 2620:0:861:124::/64 2620:0:861:126::/64 2620:0:861:128::/64 2620:0:861:12a::/64 2620:0:861:12c::/64 2620:0:861:12e::/64 2620:0:861:131::/64 2620:0:861:133::/64 2620:0:861:135::/64 2620:0:861:137::/64 2620:0:861:139::/64 2620:0:861:13b::/64 2620:0:861:13d::/64 2620:0:861:13f::/64 2620:0:861:142::/64 2620:0:861:144::/64 10.192.0.0/22 10.192.10.0/24 10.192.11.0/24 10.192.12.0/24 10.192.13.0/24 10.192.14.0/24 10.192.15.0/24 10.192.16.0/22 10.192.21.0/24 10.192.22.0/24 10.192.23.0/24 10.192.26.0/24 10.192.27.0/24 10.192.28.0/24 10.192.29.0/24 10.192.30.0/24 10.192.31.0/24 10.192.32.0/22 10.192.36.0/24 10.192.37.0/24 10.192.38.0/24 10.192.39.0/24 10.192.4.0/24 10.192.40.0/24 10.192.41.0/24 10.192.42.0/24 10.192.43.0/24 10.192.44.0/24 10.192.45.0/24 10.192.46.0/24 10.192.47.0/24 10.192.48.0/22 10.192.5.0/24 10.192.52.0/24 10.192.56.0/24 10.192.57.0/24 10.192.58.0/24 10.192.59.0/24 10.192.6.0/24 10.192.7.0/24 10.192.8.0/24 10.192.9.0/24 2620:0:860:100::/64 2620:0:860:101::/64 2620:0:860:102::/64 2620:0:860:103::/64 2620:0:860:104::/64 2620:0:860:105::/64 2620:0:860:106::/64 2620:0:860:107::/64 2620:0:860:108::/64 2620:0:860:109::/64 2620:0:860:10a::/64 2620:0:860:10b::/64 2620:0:860:10c::/64 2620:0:860:10d::/64 2620:0:860:10e::/64 2620:0:860:10f::/64 2620:0:860:110::/64 2620:0:860:111::/64 2620:0:860:112::/64 2620:0:860:113::/64 2620:0:860:114::/64 2620:0:860:115::/64 2620:0:860:116::/64 2620:0:860:119::/64 2620:0:860:11a::/64 2620:0:860:11b::/64 2620:0:860:11c::/64 2620:0:860:11d::/64 2620:0:860:11e::/64 2620:0:860:11f::/64 2620:0:860:120::/64 2620:0:860:121::/64 2620:0:860:122::/64 2620:0:860:123::/64 2620:0:860:124::/64 2620:0:860:125::/64 2620:0:860:126::/64 2620:0:860:127::/64 2620:0:860:12b::/64 2620:0:860:12c::/64 2620:0:860:12d::/64 2620:0:860:12e::/64 10.192.64.0/21 10.192.96.0/21 10.194.128.0/17 10.194.16.0/21 10.194.61.0/24 10.194.80.0/21 10.64.64.0/21 10.67.128.0/17 10.67.16.0/21 10.67.24.0/21 10.67.80.0/21 2620:0:860:300::/64 2620:0:860:302::/64 2620:0:860:305::/64 2620:0:860:308::/64 2620:0:860:babe::/64 2620:0:860:cabe::/64 2620:0:861:300::/64 2620:0:861:302::/64 2620:0:861:305::/64 2620:0:861:babe::/64 2620:0:861:cabe::/64 208.80.154.0/26 208.80.154.128/26 208.80.154.64/26 208.80.155.96/27 2620:0:861:1::/64 2620:0:861:2::/64 2620:0:861:3::/64 2620:0:861:4::/64 208.80.153.0/27 208.80.153.32/27 208.80.153.64/27 208.80.153.96/27 2620:0:860:1::/64 2620:0:860:2::/64 2620:0:860:3::/64 2620:0:860:4::/64 );
-@def $WIKIKUBE_KUBEPODS_NETWORKS  = (10.67.128.0/17 2620:0:861:cabe::/64 10.194.128.0/17 2620:0:860:cabe::/64 );
-@def $STAGING_KUBEPODS_NETWORKS  = (10.64.64.0/21 2620:0:861:babe::/64 10.192.64.0/21 2620:0:860:babe::/64 );
-@def $MLSERVE_KUBEPODS_NETWORKS = (10.67.16.0/21 2620:0:861:300::/64 10.194.16.0/21 2620:0:860:300::/64 );
-@def $MLSTAGE_KUBEPODS_NETWORKS = (10.194.61.0/24 2620:0:860:302::/64 );
-@def $DSE_KUBEPODS_NETWORKS = (10.67.24.0/21 2620:0:861:302::/64 10.192.96.0/21 2620:0:860:308::/64 );
-@def $AUX_KUBEPODS_NETWORKS = (10.67.80.0/21 2620:0:861:305::/64 10.194.80.0/21 2620:0:860:305::/64 );
-
-@def $NETWORK_INFRA = (185.15.59.128/27 2a02:ec80:300:fe00::/55 198.35.26.128/27 2620:0:863:fe00::/55 208.80.153.192/27 2620:0:860:fe00::/55 10.192.255.0/24 2620:0:860:13f::/64 10.192.253.0/24 2620:0:860:139::/64 208.80.154.192/27 2620:0:861:fe00::/55 10.64.146.0/24 2620:0:861:11b::/128 10.64.168.0/24 2620:0:861:130::/64 10.64.147.0/24 103.102.166.128/27 2001:df2:e500:fe00::/55 185.15.58.128/27 2a02:ec80:600:fe00::/55 195.200.68.128/27 2a02:ec80:700:fe00::/55);
-@def $MGMT_NETWORKS = (10.65.0.0/16 10.128.128.0/17 10.193.0.0/16 10.80.128.0/17 10.132.128.0/17 10.136.128.0/17 10.140.128.0/17 );
-@def $SANDBOX_NETWORKS = (103.102.166.72/29 185.15.59.72/29 195.200.68.64/29 198.35.26.240/28 2001:df2:e500:202::/64 208.80.152.240/28 208.80.155.64/28 2620:0:860:201::/64 2620:0:861:202::/64 2620:0:863:201::/64 2a02:ec80:300:202::/64 2a02:ec80:700:201::/64 );
-
-@def $DEPLOYMENT_HOSTS = (10.64.16.93 2620:0:861:102:10:64:16:93 10.192.32.7 2620:0:860:103:10:192:32:7 );
-@def $CUMIN_MASTERS = (10.64.16.154 2620:0:861:102:10:64:16:154 10.192.32.49 2620:0:860:103:10:192:32:49 );
-@def $CACHES = (10.64.0.79 2620:0:861:101:10:64:0:79 10.64.0.229 2620:0:861:101:10:64:0:229 10.64.0.14 2620:0:861:101:10:64:0:14 10.64.0.51 2620:0:861:101:10:64:0:51 10.64.16.241 2620:0:861:102:10:64:16:241 10.64.16.94 2620:0:861:102:10:64:16:94 10.64.16.95 2620:0:861:102:10:64:16:95 10.64.16.240 2620:0:861:102:10:64:16:240 10.64.32.14 2620:0:861:103:10:64:32:14 10.64.32.60 2620:0:861:103:10:64:32:60 10.64.32.15 2620:0:861:103:10:64:32:15 10.64.32.65 2620:0:861:103:10:64:32:65 10.64.48.16 2620:0:861:107:10:64:48:16 10.64.48.41 2620:0:861:107:10:64:48:41 10.64.48.27 2620:0:861:107:10:64:48:27 10.64.48.28 2620:0:861:107:10:64:48:28 10.192.23.26 2620:0:860:113:10:192:23:26 10.192.6.20 2620:0:860:107:10:192:6:20 10.192.12.35 2620:0:860:10d:10:192:12:35 10.192.14.25 2620:0:860:10f:10:192:14:25 10.192.4.22 2620:0:860:100:10:192:4:22 10.192.29.26 2620:0:860:116:10:192:29:26 10.192.30.29 2620:0:860:119:10:192:30:29 10.192.36.19 2620:0:860:11b:10:192:36:19 10.192.40.25 2620:0:860:11f:10:192:40:25 10.192.41.21 2620:0:860:120:10:192:41:21 10.192.56.3 2620:0:860:12b:10:192:56:3 10.192.56.4 2620:0:860:12b:10:192:56:4 10.192.57.3 2620:0:860:12c:10:192:57:3 10.192.58.2 2620:0:860:12d:10:192:58:2 10.192.58.3 2620:0:860:12d:10:192:58:3 10.192.59.2 2620:0:860:12e:10:192:59:2 10.80.0.14 2a02:ec80:300:101:10:80:0:14 10.80.1.11 2a02:ec80:300:102:10:80:1:11 10.80.0.13 2a02:ec80:300:101:10:80:0:13 10.80.1.9 2a02:ec80:300:102:10:80:1:9 10.80.0.12 2a02:ec80:300:101:10:80:0:12 10.80.1.7 2a02:ec80:300:102:10:80:1:7 10.80.0.11 2a02:ec80:300:101:10:80:0:11 10.80.1.6 2a02:ec80:300:102:10:80:1:6 10.80.0.10 2a02:ec80:300:101:10:80:0:10 10.80.1.5 2a02:ec80:300:102:10:80:1:5 10.80.0.8 2a02:ec80:300:101:10:80:0:8 10.80.1.4 2a02:ec80:300:102:10:80:1:4 10.80.0.7 2a02:ec80:300:101:10:80:0:7 10.80.1.3 2a02:ec80:300:102:10:80:1:3 10.80.0.6 2a02:ec80:300:101:10:80:0:6 10.80.1.2 2a02:ec80:300:102:10:80:1:2 10.128.0.19 2620:0:863:101:10:128:0:19 10.128.0.27 2620:0:863:101:10:128:0:27 10.128.0.22 2620:0:863:101:10:128:0:22 10.128.0.28 2620:0:863:101:10:128:0:28 10.128.0.25 2620:0:863:101:10:128:0:25 10.128.0.29 2620:0:863:101:10:128:0:29 10.128.0.26 2620:0:863:101:10:128:0:26 10.128.0.31 2620:0:863:101:10:128:0:31 10.128.0.14 2620:0:863:101:10:128:0:14 10.128.0.35 2620:0:863:101:10:128:0:35 10.128.0.21 2620:0:863:101:10:128:0:21 10.128.0.36 2620:0:863:101:10:128:0:36 10.128.0.24 2620:0:863:101:10:128:0:24 10.128.0.10 2620:0:863:101:10:128:0:10 10.128.0.37 2620:0:863:101:10:128:0:37 10.128.0.12 2620:0:863:101:10:128:0:12 10.132.0.17 2001:df2:e500:101:10:132:0:17 10.132.0.18 2001:df2:e500:101:10:132:0:18 10.132.0.19 2001:df2:e500:101:10:132:0:19 10.132.0.24 2001:df2:e500:101:10:132:0:24 10.132.0.29 2001:df2:e500:101:10:132:0:29 10.132.0.30 2001:df2:e500:101:10:132:0:30 10.132.0.34 2001:df2:e500:101:10:132:0:34 10.132.0.35 2001:df2:e500:101:10:132:0:35 10.132.0.36 2001:df2:e500:101:10:132:0:36 10.132.0.37 2001:df2:e500:101:10:132:0:37 10.132.0.38 2001:df2:e500:101:10:132:0:38 10.132.0.25 2001:df2:e500:101:10:132:0:25 10.132.0.26 2001:df2:e500:101:10:132:0:26 10.132.0.27 2001:df2:e500:101:10:132:0:27 10.132.0.28 2001:df2:e500:101:10:132:0:28 10.132.0.16 2001:df2:e500:101:10:132:0:16 10.136.0.6 2a02:ec80:600:101:10:136:0:6 10.136.1.6 2a02:ec80:600:102:10:136:1:6 10.136.0.7 2a02:ec80:600:101:10:136:0:7 10.136.1.7 2a02:ec80:600:102:10:136:1:7 10.136.0.8 2a02:ec80:600:101:10:136:0:8 10.136.1.8 2a02:ec80:600:102:10:136:1:8 10.136.0.9 2a02:ec80:600:101:10:136:0:9 10.136.1.9 2a02:ec80:600:102:10:136:1:9 10.136.0.10 2a02:ec80:600:101:10:136:0:10 10.136.1.10 2a02:ec80:600:102:10:136:1:10 10.136.0.11 2a02:ec80:600:101:10:136:0:11 10.136.1.11 2a02:ec80:600:102:10:136:1:11 10.136.0.12 2a02:ec80:600:101:10:136:0:12 10.136.1.12 2a02:ec80:600:102:10:136:1:12 10.136.0.13 2a02:ec80:600:101:10:136:0:13 10.136.1.13 2a02:ec80:600:102:10:136:1:13 10.140.0.3 2a02:ec80:700:101:10:140:0:3 10.140.1.4 2a02:ec80:700:102:10:140:1:4 10.140.0.4 2a02:ec80:700:101:10:140:0:4 10.140.1.5 2a02:ec80:700:102:10:140:1:5 10.140.0.5 2a02:ec80:700:101:10:140:0:5 10.140.1.6 2a02:ec80:700:102:10:140:1:6 10.140.0.6 2a02:ec80:700:101:10:140:0:6 10.140.1.7 2a02:ec80:700:102:10:140:1:7 10.140.0.7 2a02:ec80:700:101:10:140:0:7 10.140.1.8 2a02:ec80:700:102:10:140:1:8 10.140.0.8 2a02:ec80:700:101:10:140:0:8 10.140.1.9 2a02:ec80:700:102:10:140:1:9 10.140.0.9 2a02:ec80:700:101:10:140:0:9 10.140.1.10 2a02:ec80:700:102:10:140:1:10 10.140.0.10 2a02:ec80:700:101:10:140:0:10 10.140.1.11 2a02:ec80:700:102:10:140:1:11 );
-@def $LOAD_BALANCER_HEALTH_CHECKS = (10.64.0.136 10.64.16.60 10.64.158.19 10.64.166.19 10.64.133.19 10.64.141.19 10.64.169.19 10.64.171.19 10.64.173.19 10.64.175.19 10.64.177.19 10.64.179.19 10.64.181.19 10.64.183.19 10.64.185.19 10.64.187.19 10.64.189.19 10.64.48.72 10.64.37.17 10.64.1.17 10.64.17.17 10.64.33.17 10.64.130.20 10.64.131.20 10.64.132.20 10.64.134.20 10.64.135.20 10.64.136.20 10.64.158.20 10.64.166.20 10.64.133.20 10.64.141.20 10.64.169.20 10.64.171.20 10.64.173.20 10.64.175.20 10.64.177.20 10.64.179.20 10.64.181.20 10.64.183.20 10.64.185.20 10.64.187.20 10.64.189.20 2620:0:861:101::/64 2620:0:861:102::/64 2620:0:861:103::/64 2620:0:861:107::/64 2620:0:861:109::/64 2620:0:861:10a::/64 2620:0:861:10b::/64 2620:0:861:10d::/64 2620:0:861:10e::/64 2620:0:861:10f::/64 2620:0:861:119::/64 2620:0:861:10c::/64 2620:0:861:113::/64 2620:0:861:119::/64 2620:0:861:131::/64 2620:0:861:133::/64 2620:0:861:135::/64 2620:0:861:137::/64 2620:0:861:139::/64 2620:0:861:13b::/64 2620:0:861:13d::/64 2620:0:861:13f::/64 2620:0:861:142::/64 2620:0:861:144::/64 10.192.23.8 10.192.0.29 10.192.17.8 10.192.33.8 10.192.49.8 10.192.23.2 10.192.5.2 10.192.6.2 10.192.7.2 10.192.8.2 10.192.9.2 10.192.10.2 10.192.11.2 10.192.12.2 10.192.13.2 10.192.14.2 10.192.15.2 10.192.21.2 10.192.22.2 10.192.4.2 10.192.26.2 10.192.27.2 10.192.28.2 10.192.29.2 10.192.30.2 10.192.31.2 10.192.36.2 10.192.37.2 10.192.38.2 10.192.39.2 10.192.40.2 10.192.41.2 10.192.42.2 10.192.43.2 10.192.11.8 10.192.16.140 10.192.1.8 10.192.33.9 10.192.49.9 10.192.23.3 10.192.5.3 10.192.6.3 10.192.7.3 10.192.8.3 10.192.9.3 10.192.10.3 10.192.11.3 10.192.12.3 10.192.13.3 10.192.14.3 10.192.15.3 10.192.21.3 10.192.22.3 10.192.4.3 10.192.26.3 10.192.27.3 10.192.28.3 10.192.29.3 10.192.30.3 10.192.31.3 10.192.36.3 10.192.37.3 10.192.38.3 10.192.39.4 10.192.40.3 10.192.41.3 10.192.42.3 10.192.43.3 10.192.32.14 10.192.1.9 10.192.17.9 10.192.49.10 10.192.23.4 10.192.5.4 10.192.6.4 10.192.7.4 10.192.8.4 10.192.9.4 10.192.10.4 10.192.11.4 10.192.12.4 10.192.13.4 10.192.14.4 10.192.15.4 10.192.21.4 10.192.22.4 10.192.4.5 10.192.26.5 10.192.27.5 10.192.28.5 10.192.29.5 10.192.30.5 10.192.31.5 10.192.36.5 10.192.37.5 10.192.38.5 10.192.39.6 10.192.40.5 10.192.41.5 10.192.42.5 10.192.43.5 10.192.48.213 10.192.1.13 10.192.17.10 10.192.33.10 10.192.23.5 10.192.5.8 10.192.6.5 10.192.7.5 10.192.8.5 10.192.9.5 10.192.10.5 10.192.11.5 10.192.12.5 10.192.13.5 10.192.14.5 10.192.15.5 10.192.21.5 10.192.22.5 10.192.4.5 10.192.26.5 10.192.27.5 10.192.28.5 10.192.29.5 10.192.30.5 10.192.31.5 10.192.36.5 10.192.37.5 10.192.38.5 10.192.39.6 10.192.40.5 10.192.41.5 10.192.42.5 10.192.43.5 2620:0:860:101::/64 2620:0:860:102::/64 2620:0:860:103::/64 2620:0:860:104::/64 10.80.0.3 10.80.1.8 10.80.1.14 10.80.0.9 10.80.0.2 10.80.1.10 2a02:ec80:300:101::/64 2a02:ec80:300:102::/64 10.128.0.18 10.128.0.9 10.128.0.11 2620:0:863:101::/64 10.132.0.39 10.132.0.6 10.132.0.7 2001:df2:e500:101::/64 10.136.0.16 10.136.1.19 10.136.1.15 10.136.0.19 10.136.0.17 10.136.1.20 2a02:ec80:600:101::/64 2a02:ec80:600:102::/64 10.140.0.13 10.140.1.2 10.140.1.14 10.140.0.2 10.140.0.14 10.140.1.3 2a02:ec80:700:101::/64 2a02:ec80:700:102::/64 );
-@def $KAFKA_BROKERS_MAIN = (10.192.5.9 2620:0:860:106:10:192:5:9 10.192.22.6 2620:0:860:112:10:192:22:6 10.192.32.4 2620:0:860:103:10:192:32:4 10.192.48.33 2620:0:860:104:10:192:48:33 10.192.48.35 2620:0:860:104:10:192:48:35 10.64.0.101 2620:0:861:101:10:64:0:101 10.64.16.30 2620:0:861:102:10:64:16:30 10.64.32.45 2620:0:861:103:10:64:32:45 10.64.48.37 2620:0:861:107:10:64:48:37 10.64.152.5 2620:0:861:120:10:64:152:5 );
-@def $KAFKA_BROKERS_JUMBO = (10.64.130.10 2620:0:861:109:10:64:130:10 10.64.131.16 2620:0:861:10a:10:64:131:16 10.64.132.21 2620:0:861:10b:10:64:132:21 10.64.134.9 2620:0:861:10d:10:64:134:9 10.64.135.16 2620:0:861:10e:10:64:135:16 10.64.136.11 2620:0:861:10f:10:64:136:11 10.64.154.15 2620:0:861:122:10:64:154:15 10.64.160.16 2620:0:861:128:10:64:160:16 10.64.0.126 2620:0:861:101:10:64:0:126 );
-@def $KAFKA_BROKERS_LOGGING = (10.64.16.205 2620:0:861:102:10:64:16:205 10.64.133.11 2620:0:861:10c:10:64:133:11 10.64.183.12 2620:0:861:13d:10:64:183:12 10.64.131.13 2620:0:861:10a:10:64:131:13 10.64.135.13 2620:0:861:10e:10:64:135:13 10.192.23.29 2620:0:860:113:10:192:23:29 10.192.11.28 2620:0:860:10c:10:192:11:28 10.192.26.22 2620:0:860:105:10:192:26:22 10.192.11.27 2620:0:860:10c:10:192:11:27 10.192.39.25 2620:0:860:11e:10:192:39:25 );
-@def $KAFKAMON_HOSTS = (10.64.32.11 2620:0:861:103:10:64:32:11 10.192.16.139 2620:0:860:102:10:192:16:139 );
-@def $ZOOKEEPER_HOSTS_MAIN = (10.64.0.207 2620:0:861:101:10:64:0:207 10.64.16.110 2620:0:861:102:10:64:16:110 10.64.48.154 2620:0:861:107:10:64:48:154 10.192.16.45 2620:0:860:102:10:192:16:45 10.192.32.52 2620:0:860:103:10:192:32:52 10.192.48.59 2620:0:860:104:10:192:48:59 );
-@def $ZOOKEEPER_FLINK_HOSTS = (10.64.16.9 2620:0:861:102:10:64:16:9 10.64.0.8 2620:0:861:101:10:64:0:8 10.64.32.41 2620:0:861:103:10:64:32:41 10.192.16.227 2620:0:860:102:10:192:16:227 10.192.32.179 2620:0:860:103:10:192:32:179 10.192.48.219 2620:0:860:104:10:192:48:219 );
-@def $DRUID_PUBLIC_HOSTS = (10.64.131.9 2620:0:861:10a:10:64:131:9 10.64.132.12 2620:0:861:10b:10:64:132:12 10.64.135.9 2620:0:861:10e:10:64:135:9 10.64.32.101 2620:0:861:103:10:64:32:101 10.64.48.185 2620:0:861:107:10:64:48:185 );
-@def $LABSTORE_HOSTS = (208.80.154.142 2620:0:861:2:208:80:154:142 208.80.154.71 2620:0:861:3:208:80:154:71 );
-@def $MYSQL_ROOT_CLIENTS = (10.64.16.90 10.192.16.191 10.64.16.154 10.192.32.49 208.80.155.103 208.80.154.9 10.64.0.20 );
-
-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-codfw-bgp-private-vips
-@def $CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS_IPV4 = (172.20.254.0/24);
-@def $CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS_IPV6 = (2a02:ec80:a100:2ff::/64);
-@def $CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS = ($CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS_IPV4 $CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS_IPV6 );
-
-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-instances-flat3-codfw
-@def $CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW_IPV4 = (172.16.129.0/24);
-@def $CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW_IPV6 = (2a02:ec80:a100:1::/64);
-@def $CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW = ($CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW_IPV4 $CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW_IPV6 );
-
-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-instances-octavia-lb-mgmt-net-codfw1dev
-@def $CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV_IPV4 = (172.16.131.0/24);
-@def $CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV_IPV6 = (2a02:ec80:a100:100::/64);
-@def $CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV = ($CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV_IPV4 $CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV_IPV6 );
-
-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-instances-vxlan-ipv4-only-codfw
-@def $CODFW_PRIVATE_CLOUD_INSTANCES_VXLAN_IPV4_ONLY_CODFW_IPV4 = (172.16.130.0/24);
-@def $CODFW_PRIVATE_CLOUD_INSTANCES_VXLAN_IPV4_ONLY_CODFW = ($CODFW_PRIVATE_CLOUD_INSTANCES_VXLAN_IPV4_ONLY_CODFW_IPV4 );
-
-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-instances2-b-codfw
-@def $CODFW_PRIVATE_CLOUD_INSTANCES2_B_CODFW_IPV4 = (172.16.128.0/24);
-@def $CODFW_PRIVATE_CLOUD_INSTANCES2_B_CODFW = ($CODFW_PRIVATE_CLOUD_INSTANCES2_B_CODFW_IPV4 );
-
-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-private-b1-codfw
-@def $CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW_IPV4 = (172.20.5.0/24);
-@def $CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW_IPV6 = (2a02:ec80:a100:205::/64);
-@def $CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW = ($CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW_IPV4 $CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW_IPV6 );
-
-# Realm: cloud, # Site: codfw, # Sphere: public, # Network: cloud-codfw1dev-bgp-public-vips
-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS_IPV4 = (185.15.57.24/29);
-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS_IPV6 = (2a02:ec80:a100:4000::/64);
-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS = ($CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS_IPV4 $CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS_IPV6 );
-
-# Realm: cloud, # Site: codfw, # Sphere: public, # Network: cloud-codfw1dev-floating
-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_IPV4 = (185.15.57.0/29);
-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING = ($CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_IPV4 );
-
-# Realm: cloud, # Site: codfw, # Sphere: public, # Network: cloud-codfw1dev-floating-additional
-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_ADDITIONAL_IPV4 = (185.15.57.16/29);
-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_ADDITIONAL = ($CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_ADDITIONAL_IPV4 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-eqiad-bgp-private-vips
-@def $EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS_IPV4 = (172.20.255.0/24);
-@def $EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS_IPV6 = (2a02:ec80:a000:2ff::/64);
-@def $EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS = ($EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS_IPV4 $EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS_IPV6 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-instances-octavia-lb-mgmt-net-eqiad1
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1_IPV4 = (172.16.24.0/24);
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1_IPV6 = (2a02:ec80:a000:100::/64);
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1 = ($EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1_IPV4 $EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1_IPV6 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-instances-vxlan-dualstack-eqiad
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD_IPV4 = (172.16.16.0/21);
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD_IPV6 = (2a02:ec80:a000:1::/64);
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD = ($EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD_IPV6 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-instances-vxlan-v4only-eqiad
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_V4ONLY_EQIAD_IPV4 = (172.16.8.0/21);
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_V4ONLY_EQIAD = ($EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_V4ONLY_EQIAD_IPV4 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-instances2-b-eqiad
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES2_B_EQIAD_IPV4 = (172.16.0.0/21);
-@def $EQIAD_PRIVATE_CLOUD_INSTANCES2_B_EQIAD = ($EQIAD_PRIVATE_CLOUD_INSTANCES2_B_EQIAD_IPV4 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-private-c8-eqiad
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD_IPV4 = (172.20.1.0/24);
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD_IPV6 = (2a02:ec80:a000:201::/64);
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD = ($EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD_IPV6 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-private-d5-eqiad
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD_IPV4 = (172.20.2.0/24);
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD_IPV6 = (2a02:ec80:a000:202::/64);
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD = ($EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD_IPV6 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-private-e4-eqiad
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD_IPV4 = (172.20.3.0/24);
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD_IPV6 = (2a02:ec80:a000:203::/64);
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD = ($EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD_IPV6 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-private-f4-eqiad
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD_IPV4 = (172.20.4.0/24);
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD_IPV6 = (2a02:ec80:a000:204::/64);
-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD = ($EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD_IPV6 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: public, # Network: cloud-eqiad1-bgp-public-vips
-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS_IPV4 = (185.15.56.160/28);
-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS_IPV6 = (2a02:ec80:a000:4000::/64);
-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS = ($EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS_IPV4 $EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS_IPV6 );
-
-# Realm: cloud, # Site: eqiad, # Sphere: public, # Network: cloud-eqiad1-floating
-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_FLOATING_IPV4 = (185.15.56.0/25);
-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_FLOATING = ($EQIAD_PUBLIC_CLOUD_EQIAD1_FLOATING_IPV4 );
-
-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-administration-codfw
-@def $CODFW_PRIVATE_FRACK_ADMINISTRATION_CODFW_IPV4 = (10.195.0.64/28);
-@def $CODFW_PRIVATE_FRACK_ADMINISTRATION_CODFW = ($CODFW_PRIVATE_FRACK_ADMINISTRATION_CODFW_IPV4 );
-
-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-bastion-codfw
-@def $CODFW_PRIVATE_FRACK_BASTION_CODFW_IPV4 = (10.195.0.128/29);
-@def $CODFW_PRIVATE_FRACK_BASTION_CODFW = ($CODFW_PRIVATE_FRACK_BASTION_CODFW_IPV4 );
-
-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-fundraising-codfw
-@def $CODFW_PRIVATE_FRACK_FUNDRAISING_CODFW_IPV4 = (10.195.0.32/27);
-@def $CODFW_PRIVATE_FRACK_FUNDRAISING_CODFW = ($CODFW_PRIVATE_FRACK_FUNDRAISING_CODFW_IPV4 );
-
-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-listenerdmz-codfw
-@def $CODFW_PRIVATE_FRACK_LISTENERDMZ_CODFW_IPV4 = (10.195.0.80/29);
-@def $CODFW_PRIVATE_FRACK_LISTENERDMZ_CODFW = ($CODFW_PRIVATE_FRACK_LISTENERDMZ_CODFW_IPV4 );
-
-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-management-codfw
-@def $CODFW_PRIVATE_FRACK_MANAGEMENT_CODFW_IPV4 = (10.195.1.0/25);
-@def $CODFW_PRIVATE_FRACK_MANAGEMENT_CODFW = ($CODFW_PRIVATE_FRACK_MANAGEMENT_CODFW_IPV4 );
-
-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-management-legacy-codfw
-@def $CODFW_PRIVATE_FRACK_MANAGEMENT_LEGACY_CODFW_IPV4 = (10.195.0.96/27);
-@def $CODFW_PRIVATE_FRACK_MANAGEMENT_LEGACY_CODFW = ($CODFW_PRIVATE_FRACK_MANAGEMENT_LEGACY_CODFW_IPV4 );
-
-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-payments-codfw
-@def $CODFW_PRIVATE_FRACK_PAYMENTS_CODFW_IPV4 = (10.195.0.0/27);
-@def $CODFW_PRIVATE_FRACK_PAYMENTS_CODFW = ($CODFW_PRIVATE_FRACK_PAYMENTS_CODFW_IPV4 );
-
-# Realm: frack, # Site: codfw, # Sphere: public, # Network: frack-external-codfw
-@def $CODFW_PUBLIC_FRACK_EXTERNAL_CODFW_IPV4 = (208.80.152.224/28);
-@def $CODFW_PUBLIC_FRACK_EXTERNAL_CODFW = ($CODFW_PUBLIC_FRACK_EXTERNAL_CODFW_IPV4 );
-
-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-administration1-e15-eqiad
-@def $EQIAD_PRIVATE_FRACK_ADMINISTRATION1_E15_EQIAD_IPV4 = (10.64.40.64/27);
-@def $EQIAD_PRIVATE_FRACK_ADMINISTRATION1_E15_EQIAD = ($EQIAD_PRIVATE_FRACK_ADMINISTRATION1_E15_EQIAD_IPV4 );
-
-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-bastion1-e15-eqiad
-@def $EQIAD_PRIVATE_FRACK_BASTION1_E15_EQIAD_IPV4 = (10.64.40.32/27);
-@def $EQIAD_PRIVATE_FRACK_BASTION1_E15_EQIAD = ($EQIAD_PRIVATE_FRACK_BASTION1_E15_EQIAD_IPV4 );
-
-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-fundraising1-e16-eqiad
-@def $EQIAD_PRIVATE_FRACK_FUNDRAISING1_E16_EQIAD_IPV4 = (10.64.40.96/27);
-@def $EQIAD_PRIVATE_FRACK_FUNDRAISING1_E16_EQIAD = ($EQIAD_PRIVATE_FRACK_FUNDRAISING1_E16_EQIAD_IPV4 );
-
-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-listenerdmz1-e15-eqiad
-@def $EQIAD_PRIVATE_FRACK_LISTENERDMZ1_E15_EQIAD_IPV4 = (10.64.40.160/27);
-@def $EQIAD_PRIVATE_FRACK_LISTENERDMZ1_E15_EQIAD = ($EQIAD_PRIVATE_FRACK_LISTENERDMZ1_E15_EQIAD_IPV4 );
-
-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-management1-eqiad
-@def $EQIAD_PRIVATE_FRACK_MANAGEMENT1_EQIAD_IPV4 = (10.64.40.192/26);
-@def $EQIAD_PRIVATE_FRACK_MANAGEMENT1_EQIAD = ($EQIAD_PRIVATE_FRACK_MANAGEMENT1_EQIAD_IPV4 );
-
-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-payments1-e15-eqiad
-@def $EQIAD_PRIVATE_FRACK_PAYMENTS1_E15_EQIAD_IPV4 = (10.64.40.0/27);
-@def $EQIAD_PRIVATE_FRACK_PAYMENTS1_E15_EQIAD = ($EQIAD_PRIVATE_FRACK_PAYMENTS1_E15_EQIAD_IPV4 );
-
-# Realm: frack, # Site: eqiad, # Sphere: public, # Network: frack-external1-eqiad
-@def $EQIAD_PUBLIC_FRACK_EXTERNAL1_EQIAD_IPV4 = (208.80.155.0/27);
-@def $EQIAD_PUBLIC_FRACK_EXTERNAL1_EQIAD = ($EQIAD_PUBLIC_FRACK_EXTERNAL1_EQIAD_IPV4 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: cloud-hosts1-b1-codfw
-@def $CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW_IPV4 = (10.192.20.0/24);
-@def $CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW_IPV6 = (2620:0:860:118::/64);
-@def $CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW = ($CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW_IPV4 $CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a-codfw
-@def $CODFW_PRIVATE_PRIVATE1_A_CODFW_IPV4 = (10.192.0.0/22);
-@def $CODFW_PRIVATE_PRIVATE1_A_CODFW_IPV6 = (2620:0:860:101::/64);
-@def $CODFW_PRIVATE_PRIVATE1_A_CODFW = ($CODFW_PRIVATE_PRIVATE1_A_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a2-codfw
-@def $CODFW_PRIVATE_PRIVATE1_A2_CODFW_IPV4 = (10.192.23.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_A2_CODFW_IPV6 = (2620:0:860:113::/64);
-@def $CODFW_PRIVATE_PRIVATE1_A2_CODFW = ($CODFW_PRIVATE_PRIVATE1_A2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A2_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a3-codfw
-@def $CODFW_PRIVATE_PRIVATE1_A3_CODFW_IPV4 = (10.192.5.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_A3_CODFW_IPV6 = (2620:0:860:106::/64);
-@def $CODFW_PRIVATE_PRIVATE1_A3_CODFW = ($CODFW_PRIVATE_PRIVATE1_A3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A3_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a4-codfw
-@def $CODFW_PRIVATE_PRIVATE1_A4_CODFW_IPV4 = (10.192.6.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_A4_CODFW_IPV6 = (2620:0:860:107::/64);
-@def $CODFW_PRIVATE_PRIVATE1_A4_CODFW = ($CODFW_PRIVATE_PRIVATE1_A4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A4_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a5-codfw
-@def $CODFW_PRIVATE_PRIVATE1_A5_CODFW_IPV4 = (10.192.7.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_A5_CODFW_IPV6 = (2620:0:860:108::/64);
-@def $CODFW_PRIVATE_PRIVATE1_A5_CODFW = ($CODFW_PRIVATE_PRIVATE1_A5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A5_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a6-codfw
-@def $CODFW_PRIVATE_PRIVATE1_A6_CODFW_IPV4 = (10.192.8.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_A6_CODFW_IPV6 = (2620:0:860:109::/64);
-@def $CODFW_PRIVATE_PRIVATE1_A6_CODFW = ($CODFW_PRIVATE_PRIVATE1_A6_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A6_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a7-codfw
-@def $CODFW_PRIVATE_PRIVATE1_A7_CODFW_IPV4 = (10.192.9.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_A7_CODFW_IPV6 = (2620:0:860:10a::/64);
-@def $CODFW_PRIVATE_PRIVATE1_A7_CODFW = ($CODFW_PRIVATE_PRIVATE1_A7_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A7_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a8-codfw
-@def $CODFW_PRIVATE_PRIVATE1_A8_CODFW_IPV4 = (10.192.10.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_A8_CODFW_IPV6 = (2620:0:860:10b::/64);
-@def $CODFW_PRIVATE_PRIVATE1_A8_CODFW = ($CODFW_PRIVATE_PRIVATE1_A8_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A8_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-aux-kubepods-codfw
-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW_IPV4 = (10.194.80.0/21);
-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW_IPV6 = (2620:0:860:305::/64);
-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-aux-kubesvc-codfw
-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW_IPV4 = (10.194.64.0/20);
-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW_IPV6 = (2620:0:860:304::/64);
-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b-codfw
-@def $CODFW_PRIVATE_PRIVATE1_B_CODFW_IPV4 = (10.192.16.0/22);
-@def $CODFW_PRIVATE_PRIVATE1_B_CODFW_IPV6 = (2620:0:860:102::/64);
-@def $CODFW_PRIVATE_PRIVATE1_B_CODFW = ($CODFW_PRIVATE_PRIVATE1_B_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b2-codfw
-@def $CODFW_PRIVATE_PRIVATE1_B2_CODFW_IPV4 = (10.192.11.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_B2_CODFW_IPV6 = (2620:0:860:10c::/64);
-@def $CODFW_PRIVATE_PRIVATE1_B2_CODFW = ($CODFW_PRIVATE_PRIVATE1_B2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B2_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b3-codfw
-@def $CODFW_PRIVATE_PRIVATE1_B3_CODFW_IPV4 = (10.192.12.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_B3_CODFW_IPV6 = (2620:0:860:10d::/64);
-@def $CODFW_PRIVATE_PRIVATE1_B3_CODFW = ($CODFW_PRIVATE_PRIVATE1_B3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B3_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b4-codfw
-@def $CODFW_PRIVATE_PRIVATE1_B4_CODFW_IPV4 = (10.192.13.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_B4_CODFW_IPV6 = (2620:0:860:10e::/64);
-@def $CODFW_PRIVATE_PRIVATE1_B4_CODFW = ($CODFW_PRIVATE_PRIVATE1_B4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B4_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b5-codfw
-@def $CODFW_PRIVATE_PRIVATE1_B5_CODFW_IPV4 = (10.192.14.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_B5_CODFW_IPV6 = (2620:0:860:10f::/64);
-@def $CODFW_PRIVATE_PRIVATE1_B5_CODFW = ($CODFW_PRIVATE_PRIVATE1_B5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B5_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b6-codfw
-@def $CODFW_PRIVATE_PRIVATE1_B6_CODFW_IPV4 = (10.192.15.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_B6_CODFW_IPV6 = (2620:0:860:110::/64);
-@def $CODFW_PRIVATE_PRIVATE1_B6_CODFW = ($CODFW_PRIVATE_PRIVATE1_B6_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B6_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b7-codfw
-@def $CODFW_PRIVATE_PRIVATE1_B7_CODFW_IPV4 = (10.192.21.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_B7_CODFW_IPV6 = (2620:0:860:111::/64);
-@def $CODFW_PRIVATE_PRIVATE1_B7_CODFW = ($CODFW_PRIVATE_PRIVATE1_B7_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B7_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b8-codfw
-@def $CODFW_PRIVATE_PRIVATE1_B8_CODFW_IPV4 = (10.192.22.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_B8_CODFW_IPV6 = (2620:0:860:112::/64);
-@def $CODFW_PRIVATE_PRIVATE1_B8_CODFW = ($CODFW_PRIVATE_PRIVATE1_B8_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B8_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c-codfw
-@def $CODFW_PRIVATE_PRIVATE1_C_CODFW_IPV4 = (10.192.32.0/22);
-@def $CODFW_PRIVATE_PRIVATE1_C_CODFW_IPV6 = (2620:0:860:103::/64);
-@def $CODFW_PRIVATE_PRIVATE1_C_CODFW = ($CODFW_PRIVATE_PRIVATE1_C_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c1-codfw
-@def $CODFW_PRIVATE_PRIVATE1_C1_CODFW_IPV4 = (10.192.4.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_C1_CODFW_IPV6 = (2620:0:860:100::/64);
-@def $CODFW_PRIVATE_PRIVATE1_C1_CODFW = ($CODFW_PRIVATE_PRIVATE1_C1_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C1_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c2-codfw
-@def $CODFW_PRIVATE_PRIVATE1_C2_CODFW_IPV4 = (10.192.26.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_C2_CODFW_IPV6 = (2620:0:860:105::/64);
-@def $CODFW_PRIVATE_PRIVATE1_C2_CODFW = ($CODFW_PRIVATE_PRIVATE1_C2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C2_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c3-codfw
-@def $CODFW_PRIVATE_PRIVATE1_C3_CODFW_IPV4 = (10.192.27.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_C3_CODFW_IPV6 = (2620:0:860:114::/64);
-@def $CODFW_PRIVATE_PRIVATE1_C3_CODFW = ($CODFW_PRIVATE_PRIVATE1_C3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C3_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c4-codfw
-@def $CODFW_PRIVATE_PRIVATE1_C4_CODFW_IPV4 = (10.192.28.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_C4_CODFW_IPV6 = (2620:0:860:115::/64);
-@def $CODFW_PRIVATE_PRIVATE1_C4_CODFW = ($CODFW_PRIVATE_PRIVATE1_C4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C4_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c5-codfw
-@def $CODFW_PRIVATE_PRIVATE1_C5_CODFW_IPV4 = (10.192.29.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_C5_CODFW_IPV6 = (2620:0:860:116::/64);
-@def $CODFW_PRIVATE_PRIVATE1_C5_CODFW = ($CODFW_PRIVATE_PRIVATE1_C5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C5_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c6-codfw
-@def $CODFW_PRIVATE_PRIVATE1_C6_CODFW_IPV4 = (10.192.30.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_C6_CODFW_IPV6 = (2620:0:860:119::/64);
-@def $CODFW_PRIVATE_PRIVATE1_C6_CODFW = ($CODFW_PRIVATE_PRIVATE1_C6_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C6_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c7-codfw
-@def $CODFW_PRIVATE_PRIVATE1_C7_CODFW_IPV4 = (10.192.31.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_C7_CODFW_IPV6 = (2620:0:860:11a::/64);
-@def $CODFW_PRIVATE_PRIVATE1_C7_CODFW = ($CODFW_PRIVATE_PRIVATE1_C7_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C7_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d-codfw
-@def $CODFW_PRIVATE_PRIVATE1_D_CODFW_IPV4 = (10.192.48.0/22);
-@def $CODFW_PRIVATE_PRIVATE1_D_CODFW_IPV6 = (2620:0:860:104::/64);
-@def $CODFW_PRIVATE_PRIVATE1_D_CODFW = ($CODFW_PRIVATE_PRIVATE1_D_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d1-codfw
-@def $CODFW_PRIVATE_PRIVATE1_D1_CODFW_IPV4 = (10.192.36.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_D1_CODFW_IPV6 = (2620:0:860:11b::/64);
-@def $CODFW_PRIVATE_PRIVATE1_D1_CODFW = ($CODFW_PRIVATE_PRIVATE1_D1_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D1_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d2-codfw
-@def $CODFW_PRIVATE_PRIVATE1_D2_CODFW_IPV4 = (10.192.37.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_D2_CODFW_IPV6 = (2620:0:860:11c::/64);
-@def $CODFW_PRIVATE_PRIVATE1_D2_CODFW = ($CODFW_PRIVATE_PRIVATE1_D2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D2_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d3-codfw
-@def $CODFW_PRIVATE_PRIVATE1_D3_CODFW_IPV4 = (10.192.38.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_D3_CODFW_IPV6 = (2620:0:860:11d::/64);
-@def $CODFW_PRIVATE_PRIVATE1_D3_CODFW = ($CODFW_PRIVATE_PRIVATE1_D3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D3_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d4-codfw
-@def $CODFW_PRIVATE_PRIVATE1_D4_CODFW_IPV4 = (10.192.39.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_D4_CODFW_IPV6 = (2620:0:860:11e::/64);
-@def $CODFW_PRIVATE_PRIVATE1_D4_CODFW = ($CODFW_PRIVATE_PRIVATE1_D4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D4_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d5-codfw
-@def $CODFW_PRIVATE_PRIVATE1_D5_CODFW_IPV4 = (10.192.40.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_D5_CODFW_IPV6 = (2620:0:860:11f::/64);
-@def $CODFW_PRIVATE_PRIVATE1_D5_CODFW = ($CODFW_PRIVATE_PRIVATE1_D5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D5_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d6-codfw
-@def $CODFW_PRIVATE_PRIVATE1_D6_CODFW_IPV4 = (10.192.41.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_D6_CODFW_IPV6 = (2620:0:860:120::/64);
-@def $CODFW_PRIVATE_PRIVATE1_D6_CODFW = ($CODFW_PRIVATE_PRIVATE1_D6_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D6_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d7-codfw
-@def $CODFW_PRIVATE_PRIVATE1_D7_CODFW_IPV4 = (10.192.42.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_D7_CODFW_IPV6 = (2620:0:860:121::/64);
-@def $CODFW_PRIVATE_PRIVATE1_D7_CODFW = ($CODFW_PRIVATE_PRIVATE1_D7_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D7_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d8-codfw
-@def $CODFW_PRIVATE_PRIVATE1_D8_CODFW_IPV4 = (10.192.43.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_D8_CODFW_IPV6 = (2620:0:860:122::/64);
-@def $CODFW_PRIVATE_PRIVATE1_D8_CODFW = ($CODFW_PRIVATE_PRIVATE1_D8_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D8_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-dse-kubepods-codfw
-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW_IPV4 = (10.192.96.0/21);
-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW_IPV6 = (2620:0:860:308::/64);
-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-dse-kubesvc-codfw
-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW_IPV4 = (10.192.80.0/20);
-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW_IPV6 = (2620:0:860:307::/64);
-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e1-codfw
-@def $CODFW_PRIVATE_PRIVATE1_E1_CODFW_IPV4 = (10.192.56.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_E1_CODFW_IPV6 = (2620:0:860:12b::/64);
-@def $CODFW_PRIVATE_PRIVATE1_E1_CODFW = ($CODFW_PRIVATE_PRIVATE1_E1_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E1_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e2-codfw
-@def $CODFW_PRIVATE_PRIVATE1_E2_CODFW_IPV4 = (10.192.44.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_E2_CODFW_IPV6 = (2620:0:860:123::/64);
-@def $CODFW_PRIVATE_PRIVATE1_E2_CODFW = ($CODFW_PRIVATE_PRIVATE1_E2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E2_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e3-codfw
-@def $CODFW_PRIVATE_PRIVATE1_E3_CODFW_IPV4 = (10.192.57.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_E3_CODFW_IPV6 = (2620:0:860:12c::/64);
-@def $CODFW_PRIVATE_PRIVATE1_E3_CODFW = ($CODFW_PRIVATE_PRIVATE1_E3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E3_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e4-codfw
-@def $CODFW_PRIVATE_PRIVATE1_E4_CODFW_IPV4 = (10.192.45.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_E4_CODFW_IPV6 = (2620:0:860:124::/64);
-@def $CODFW_PRIVATE_PRIVATE1_E4_CODFW = ($CODFW_PRIVATE_PRIVATE1_E4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E4_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e5-codfw
-@def $CODFW_PRIVATE_PRIVATE1_E5_CODFW_IPV4 = (10.192.46.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_E5_CODFW_IPV6 = (2620:0:860:125::/64);
-@def $CODFW_PRIVATE_PRIVATE1_E5_CODFW = ($CODFW_PRIVATE_PRIVATE1_E5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E5_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-f1-codfw
-@def $CODFW_PRIVATE_PRIVATE1_F1_CODFW_IPV4 = (10.192.58.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_F1_CODFW_IPV6 = (2620:0:860:12d::/64);
-@def $CODFW_PRIVATE_PRIVATE1_F1_CODFW = ($CODFW_PRIVATE_PRIVATE1_F1_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_F1_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-f2-codfw
-@def $CODFW_PRIVATE_PRIVATE1_F2_CODFW_IPV4 = (10.192.47.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_F2_CODFW_IPV6 = (2620:0:860:126::/64);
-@def $CODFW_PRIVATE_PRIVATE1_F2_CODFW = ($CODFW_PRIVATE_PRIVATE1_F2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_F2_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-f3-codfw
-@def $CODFW_PRIVATE_PRIVATE1_F3_CODFW_IPV4 = (10.192.59.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_F3_CODFW_IPV6 = (2620:0:860:12e::/64);
-@def $CODFW_PRIVATE_PRIVATE1_F3_CODFW = ($CODFW_PRIVATE_PRIVATE1_F3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_F3_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-f4-codfw
-@def $CODFW_PRIVATE_PRIVATE1_F4_CODFW_IPV4 = (10.192.52.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_F4_CODFW_IPV6 = (2620:0:860:127::/64);
-@def $CODFW_PRIVATE_PRIVATE1_F4_CODFW = ($CODFW_PRIVATE_PRIVATE1_F4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_F4_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-lvs-codfw
-@def $CODFW_PRIVATE_PRIVATE1_LVS_CODFW_IPV4 = (10.2.1.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_LVS_CODFW = ($CODFW_PRIVATE_PRIVATE1_LVS_CODFW_IPV4 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-mlserve-kubepods-codfw
-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW_IPV4 = (10.194.16.0/21);
-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW_IPV6 = (2620:0:860:300::/64);
-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-mlserve-kubesvc-codfw
-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW_IPV4 = (10.194.0.0/20);
-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW_IPV6 = (2620:0:860:301::/64);
-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-mlstage-kubepods-codfw
-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW_IPV4 = (10.194.61.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW_IPV6 = (2620:0:860:302::/64);
-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-mlstage-kubesvc-codfw
-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW_IPV4 = (10.194.62.0/23);
-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW_IPV6 = (2620:0:860:303::/64);
-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-services-kubepods-codfw
-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW_IPV4 = (10.194.128.0/17);
-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW_IPV6 = (2620:0:860:cabe::/64);
-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-services-kubesvc-codfw
-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW_IPV4 = (10.192.72.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW_IPV6 = (2620:0:860:cabf::/64);
-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-staging-kubepods-codfw
-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW_IPV4 = (10.192.64.0/21);
-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW_IPV6 = (2620:0:860:babe::/64);
-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-staging-kubesvc-codfw
-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW_IPV4 = (10.192.76.0/24);
-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW_IPV6 = (2620:0:860:babf::/64);
-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-virtual-codfw
-@def $CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW_IPV4 = (10.192.24.0/23);
-@def $CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW_IPV6 = (2620:0:860:140::/64);
-@def $CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW = ($CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-a-codfw
-@def $CODFW_PUBLIC_PUBLIC1_A_CODFW_IPV4 = (208.80.153.0/27);
-@def $CODFW_PUBLIC_PUBLIC1_A_CODFW_IPV6 = (2620:0:860:1::/64);
-@def $CODFW_PUBLIC_PUBLIC1_A_CODFW = ($CODFW_PUBLIC_PUBLIC1_A_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_A_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-b-codfw
-@def $CODFW_PUBLIC_PUBLIC1_B_CODFW_IPV4 = (208.80.153.32/27);
-@def $CODFW_PUBLIC_PUBLIC1_B_CODFW_IPV6 = (2620:0:860:2::/64);
-@def $CODFW_PUBLIC_PUBLIC1_B_CODFW = ($CODFW_PUBLIC_PUBLIC1_B_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_B_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-c-codfw
-@def $CODFW_PUBLIC_PUBLIC1_C_CODFW_IPV4 = (208.80.153.64/27);
-@def $CODFW_PUBLIC_PUBLIC1_C_CODFW_IPV6 = (2620:0:860:3::/64);
-@def $CODFW_PUBLIC_PUBLIC1_C_CODFW = ($CODFW_PUBLIC_PUBLIC1_C_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_C_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-d-codfw
-@def $CODFW_PUBLIC_PUBLIC1_D_CODFW_IPV4 = (208.80.153.96/27);
-@def $CODFW_PUBLIC_PUBLIC1_D_CODFW_IPV6 = (2620:0:860:4::/64);
-@def $CODFW_PUBLIC_PUBLIC1_D_CODFW = ($CODFW_PUBLIC_PUBLIC1_D_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_D_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-lvs-codfw
-@def $CODFW_PUBLIC_PUBLIC1_LVS_CODFW_IPV4 = (208.80.153.224/27);
-@def $CODFW_PUBLIC_PUBLIC1_LVS_CODFW_IPV6 = (2620:0:860:ed1a::/64);
-@def $CODFW_PUBLIC_PUBLIC1_LVS_CODFW = ($CODFW_PUBLIC_PUBLIC1_LVS_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_LVS_CODFW_IPV6 );
-
-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-virtual-codfw
-@def $CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW_IPV4 = (208.80.152.128/27);
-@def $CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW_IPV6 = (2620:0:860:5::/64);
-@def $CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW = ($CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW_IPV6 );
-
-# Realm: production, # Site: drmrs, # Sphere: private, # Network: private1-b12-drmrs
-@def $DRMRS_PRIVATE_PRIVATE1_B12_DRMRS_IPV4 = (10.136.0.0/24);
-@def $DRMRS_PRIVATE_PRIVATE1_B12_DRMRS_IPV6 = (2a02:ec80:600:101::/64);
-@def $DRMRS_PRIVATE_PRIVATE1_B12_DRMRS = ($DRMRS_PRIVATE_PRIVATE1_B12_DRMRS_IPV4 $DRMRS_PRIVATE_PRIVATE1_B12_DRMRS_IPV6 );
-
-# Realm: production, # Site: drmrs, # Sphere: private, # Network: private1-b13-drmrs
-@def $DRMRS_PRIVATE_PRIVATE1_B13_DRMRS_IPV4 = (10.136.1.0/24);
-@def $DRMRS_PRIVATE_PRIVATE1_B13_DRMRS_IPV6 = (2a02:ec80:600:102::/64);
-@def $DRMRS_PRIVATE_PRIVATE1_B13_DRMRS = ($DRMRS_PRIVATE_PRIVATE1_B13_DRMRS_IPV4 $DRMRS_PRIVATE_PRIVATE1_B13_DRMRS_IPV6 );
-
-# Realm: production, # Site: drmrs, # Sphere: private, # Network: private1-lvs-drmrs
-@def $DRMRS_PRIVATE_PRIVATE1_LVS_DRMRS_IPV4 = (10.2.6.0/24);
-@def $DRMRS_PRIVATE_PRIVATE1_LVS_DRMRS = ($DRMRS_PRIVATE_PRIVATE1_LVS_DRMRS_IPV4 );
-
-# Realm: production, # Site: drmrs, # Sphere: public, # Network: public1-b12-drmrs
-@def $DRMRS_PUBLIC_PUBLIC1_B12_DRMRS_IPV4 = (185.15.58.0/27);
-@def $DRMRS_PUBLIC_PUBLIC1_B12_DRMRS_IPV6 = (2a02:ec80:600:1::/64);
-@def $DRMRS_PUBLIC_PUBLIC1_B12_DRMRS = ($DRMRS_PUBLIC_PUBLIC1_B12_DRMRS_IPV4 $DRMRS_PUBLIC_PUBLIC1_B12_DRMRS_IPV6 );
-
-# Realm: production, # Site: drmrs, # Sphere: public, # Network: public1-b13-drmrs
-@def $DRMRS_PUBLIC_PUBLIC1_B13_DRMRS_IPV4 = (185.15.58.32/27);
-@def $DRMRS_PUBLIC_PUBLIC1_B13_DRMRS_IPV6 = (2a02:ec80:600:2::/64);
-@def $DRMRS_PUBLIC_PUBLIC1_B13_DRMRS = ($DRMRS_PUBLIC_PUBLIC1_B13_DRMRS_IPV4 $DRMRS_PUBLIC_PUBLIC1_B13_DRMRS_IPV6 );
-
-# Realm: production, # Site: drmrs, # Sphere: public, # Network: public1-lvs-drmrs
-@def $DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS_IPV4 = (185.15.58.224/27);
-@def $DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS_IPV6 = (2a02:ec80:600:ed1a::/64);
-@def $DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS = ($DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS_IPV4 $DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-a-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD_IPV4 = (10.64.5.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD_IPV6 = (2620:0:861:104::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_A_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-b-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_B_EQIAD_IPV4 = (10.64.21.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_B_EQIAD_IPV6 = (2620:0:861:105::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_B_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_B_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_B_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD_IPV4 = (10.64.36.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD_IPV6 = (2620:0:861:106::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c2-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD_IPV4 = (10.64.137.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD_IPV6 = (2620:0:861:110::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c3-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD_IPV4 = (10.64.145.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD_IPV6 = (2620:0:861:117::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c4-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD_IPV4 = (10.64.170.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD_IPV6 = (2620:0:861:11a::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c5-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD_IPV4 = (10.64.172.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD_IPV6 = (2620:0:861:132::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c6-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD_IPV4 = (10.64.174.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD_IPV6 = (2620:0:861:134::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c7-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD_IPV4 = (10.64.176.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD_IPV6 = (2620:0:861:136::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_D_EQIAD_IPV4 = (10.64.53.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_D_EQIAD_IPV6 = (2620:0:861:108::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_D_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d1-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD_IPV4 = (10.64.178.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD_IPV6 = (2620:0:861:138::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d2-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD_IPV4 = (10.64.180.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD_IPV6 = (2620:0:861:13a::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d3-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD_IPV4 = (10.64.182.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD_IPV6 = (2620:0:861:13c::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d4-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD_IPV4 = (10.64.184.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD_IPV6 = (2620:0:861:13e::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d6-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD_IPV4 = (10.64.186.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD_IPV6 = (2620:0:861:141::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d7-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD_IPV4 = (10.64.188.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD_IPV6 = (2620:0:861:143::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d8-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD_IPV4 = (10.64.190.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD_IPV6 = (2620:0:861:145::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e1-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD_IPV4 = (10.64.138.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD_IPV6 = (2620:0:861:100::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e2-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD_IPV4 = (10.64.139.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD_IPV6 = (2620:0:861:111::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e3-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD_IPV4 = (10.64.140.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD_IPV6 = (2620:0:861:112::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e5-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD_IPV4 = (10.64.153.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD_IPV6 = (2620:0:861:121::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e6-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD_IPV4 = (10.64.155.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD_IPV6 = (2620:0:861:123::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e7-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD_IPV4 = (10.64.157.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD_IPV6 = (2620:0:861:125::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e8-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD_IPV4 = (10.64.159.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD_IPV6 = (2620:0:861:127::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f1-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD_IPV4 = (10.64.142.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD_IPV6 = (2620:0:861:114::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f2-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD_IPV4 = (10.64.143.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD_IPV6 = (2620:0:861:115::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f3-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD_IPV4 = (10.64.144.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD_IPV6 = (2620:0:861:116::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f5-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD_IPV4 = (10.64.161.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD_IPV6 = (2620:0:861:129::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f6-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD_IPV4 = (10.64.163.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD_IPV6 = (2620:0:861:12b::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f7-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD_IPV4 = (10.64.165.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD_IPV6 = (2620:0:861:12d::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f8-eqiad
-@def $EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD_IPV4 = (10.64.167.0/24);
-@def $EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD_IPV6 = (2620:0:861:12f::/64);
-@def $EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-c8-eqiad
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD_IPV4 = (10.64.151.0/24);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD_IPV6 = (2620:0:861:11f::/64);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-d5-eqiad
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD_IPV4 = (10.64.150.0/24);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD_IPV6 = (2620:0:861:11e::/64);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-e4-eqiad
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD_IPV4 = (10.64.148.0/24);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD_IPV6 = (2620:0:861:11c::/64);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-eqiad
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD_IPV4 = (10.64.20.0/24);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD_IPV6 = (2620:0:861:118::/64);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-f4-eqiad
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD_IPV4 = (10.64.149.0/24);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD_IPV6 = (2620:0:861:11d::/64);
-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-a-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4 = (10.64.0.0/22);
-@def $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV6 = (2620:0:861:101::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_A_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-aux-kubepods-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD_IPV4 = (10.67.80.0/21);
-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD_IPV6 = (2620:0:861:305::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-aux-kubesvc-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD_IPV4 = (10.67.64.0/20);
-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD_IPV6 = (2620:0:861:304::/116);
-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-b-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4 = (10.64.16.0/22);
-@def $EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV6 = (2620:0:861:102::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_B_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_C_EQIAD_IPV4 = (10.64.32.0/22);
-@def $EQIAD_PRIVATE_PRIVATE1_C_EQIAD_IPV6 = (2620:0:861:103::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_C_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c2-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_C2_EQIAD_IPV4 = (10.64.133.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_C2_EQIAD_IPV6 = (2620:0:861:10c::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_C2_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C2_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C2_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c3-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_C3_EQIAD_IPV4 = (10.64.141.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_C3_EQIAD_IPV6 = (2620:0:861:113::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_C3_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C3_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C3_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c4-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_C4_EQIAD_IPV4 = (10.64.169.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_C4_EQIAD_IPV6 = (2620:0:861:119::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_C4_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C4_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C4_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c5-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_C5_EQIAD_IPV4 = (10.64.171.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_C5_EQIAD_IPV6 = (2620:0:861:131::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_C5_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C5_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C5_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c6-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_C6_EQIAD_IPV4 = (10.64.173.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_C6_EQIAD_IPV6 = (2620:0:861:133::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_C6_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C6_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C6_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c7-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_C7_EQIAD_IPV4 = (10.64.175.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_C7_EQIAD_IPV6 = (2620:0:861:135::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_C7_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C7_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C7_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_D_EQIAD_IPV4 = (10.64.48.0/22);
-@def $EQIAD_PRIVATE_PRIVATE1_D_EQIAD_IPV6 = (2620:0:861:107::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_D_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d1-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_D1_EQIAD_IPV4 = (10.64.177.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_D1_EQIAD_IPV6 = (2620:0:861:137::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_D1_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D1_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D1_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d2-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_D2_EQIAD_IPV4 = (10.64.179.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_D2_EQIAD_IPV6 = (2620:0:861:139::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_D2_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D2_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D2_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d3-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_D3_EQIAD_IPV4 = (10.64.181.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_D3_EQIAD_IPV6 = (2620:0:861:13b::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_D3_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D3_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D3_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d4-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_D4_EQIAD_IPV4 = (10.64.183.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_D4_EQIAD_IPV6 = (2620:0:861:13d::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_D4_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D4_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D4_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d6-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_D6_EQIAD_IPV4 = (10.64.185.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_D6_EQIAD_IPV6 = (2620:0:861:13f::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_D6_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D6_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D6_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d7-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_D7_EQIAD_IPV4 = (10.64.187.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_D7_EQIAD_IPV6 = (2620:0:861:142::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_D7_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D7_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D7_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d8-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_D8_EQIAD_IPV4 = (10.64.189.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_D8_EQIAD_IPV6 = (2620:0:861:144::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_D8_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D8_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D8_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-dse-kubepods-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD_IPV4 = (10.67.24.0/21);
-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD_IPV6 = (2620:0:861:302::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-dse-kubesvc-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD_IPV4 = (10.67.32.0/20);
-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD_IPV6 = (2620:0:861:303::/116);
-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e1-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_E1_EQIAD_IPV4 = (10.64.130.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_E1_EQIAD_IPV6 = (2620:0:861:109::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_E1_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E1_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E1_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e2-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_E2_EQIAD_IPV4 = (10.64.131.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_E2_EQIAD_IPV6 = (2620:0:861:10a::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_E2_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E2_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E2_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e3-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_E3_EQIAD_IPV4 = (10.64.132.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_E3_EQIAD_IPV6 = (2620:0:861:10b::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_E3_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E3_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E3_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e5-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_E5_EQIAD_IPV4 = (10.64.152.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_E5_EQIAD_IPV6 = (2620:0:861:120::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_E5_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E5_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E5_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e6-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_E6_EQIAD_IPV4 = (10.64.154.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_E6_EQIAD_IPV6 = (2620:0:861:122::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_E6_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E6_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E6_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e7-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_E7_EQIAD_IPV4 = (10.64.156.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_E7_EQIAD_IPV6 = (2620:0:861:124::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_E7_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E7_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E7_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e8-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_E8_EQIAD_IPV4 = (10.64.158.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_E8_EQIAD_IPV6 = (2620:0:861:126::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_E8_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E8_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E8_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f1-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_F1_EQIAD_IPV4 = (10.64.134.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_F1_EQIAD_IPV6 = (2620:0:861:10d::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_F1_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F1_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F1_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f2-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_F2_EQIAD_IPV4 = (10.64.135.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_F2_EQIAD_IPV6 = (2620:0:861:10e::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_F2_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F2_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F2_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f3-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_F3_EQIAD_IPV4 = (10.64.136.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_F3_EQIAD_IPV6 = (2620:0:861:10f::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_F3_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F3_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F3_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f5-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_F5_EQIAD_IPV4 = (10.64.160.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_F5_EQIAD_IPV6 = (2620:0:861:128::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_F5_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F5_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F5_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f6-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_F6_EQIAD_IPV4 = (10.64.162.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_F6_EQIAD_IPV6 = (2620:0:861:12a::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_F6_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F6_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F6_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f7-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_F7_EQIAD_IPV4 = (10.64.164.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_F7_EQIAD_IPV6 = (2620:0:861:12c::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_F7_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F7_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F7_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f8-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_F8_EQIAD_IPV4 = (10.64.166.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_F8_EQIAD_IPV6 = (2620:0:861:12e::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_F8_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F8_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F8_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-lvs-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_LVS_EQIAD_IPV4 = (10.2.2.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_LVS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_LVS_EQIAD_IPV4 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-mlserve-kubepods-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD_IPV4 = (10.67.16.0/21);
-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD_IPV6 = (2620:0:861:300::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-mlserve-kubesvc-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD_IPV4 = (10.67.0.0/20);
-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD_IPV6 = (2620:0:861:301::/116);
-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-services-kubepods-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD_IPV4 = (10.67.128.0/17);
-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD_IPV6 = (2620:0:861:cabe::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-services-kubesvc-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD_IPV4 = (10.64.72.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD_IPV6 = (2620:0:861:cabf::/116);
-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-staging-kubepods-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD_IPV4 = (10.64.64.0/21);
-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD_IPV6 = (2620:0:861:babe::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-staging-kubesvc-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD_IPV4 = (10.64.76.0/24);
-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD_IPV6 = (2620:0:861:babf::/116);
-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-virtual-eqiad
-@def $EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD_IPV4 = (10.64.24.0/23);
-@def $EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD_IPV6 = (2620:0:861:140::/64);
-@def $EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-a-eqiad
-@def $EQIAD_PUBLIC_PUBLIC1_A_EQIAD_IPV4 = (208.80.154.0/26);
-@def $EQIAD_PUBLIC_PUBLIC1_A_EQIAD_IPV6 = (2620:0:861:1::/64);
-@def $EQIAD_PUBLIC_PUBLIC1_A_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_A_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_A_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-b-eqiad
-@def $EQIAD_PUBLIC_PUBLIC1_B_EQIAD_IPV4 = (208.80.154.128/26);
-@def $EQIAD_PUBLIC_PUBLIC1_B_EQIAD_IPV6 = (2620:0:861:2::/64);
-@def $EQIAD_PUBLIC_PUBLIC1_B_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_B_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_B_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-c-eqiad
-@def $EQIAD_PUBLIC_PUBLIC1_C_EQIAD_IPV4 = (208.80.154.64/26);
-@def $EQIAD_PUBLIC_PUBLIC1_C_EQIAD_IPV6 = (2620:0:861:3::/64);
-@def $EQIAD_PUBLIC_PUBLIC1_C_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_C_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_C_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-d-eqiad
-@def $EQIAD_PUBLIC_PUBLIC1_D_EQIAD_IPV4 = (208.80.155.96/27);
-@def $EQIAD_PUBLIC_PUBLIC1_D_EQIAD_IPV6 = (2620:0:861:4::/64);
-@def $EQIAD_PUBLIC_PUBLIC1_D_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_D_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_D_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-lvs-eqiad
-@def $EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD_IPV4 = (208.80.154.224/27);
-@def $EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD_IPV6 = (2620:0:861:ed1a::/64);
-@def $EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD_IPV6 );
-
-# Realm: production, # Site: eqsin, # Sphere: private, # Network: private1-eqsin
-@def $EQSIN_PRIVATE_PRIVATE1_EQSIN_IPV4 = (10.132.0.0/24);
-@def $EQSIN_PRIVATE_PRIVATE1_EQSIN_IPV6 = (2001:df2:e500:101::/64);
-@def $EQSIN_PRIVATE_PRIVATE1_EQSIN = ($EQSIN_PRIVATE_PRIVATE1_EQSIN_IPV4 $EQSIN_PRIVATE_PRIVATE1_EQSIN_IPV6 );
-
-# Realm: production, # Site: eqsin, # Sphere: private, # Network: private1-lvs-eqsin
-@def $EQSIN_PRIVATE_PRIVATE1_LVS_EQSIN_IPV4 = (10.2.5.0/24);
-@def $EQSIN_PRIVATE_PRIVATE1_LVS_EQSIN = ($EQSIN_PRIVATE_PRIVATE1_LVS_EQSIN_IPV4 );
-
-# Realm: production, # Site: eqsin, # Sphere: private, # Network: private1-virtual-eqsin
-@def $EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN_IPV4 = (10.132.2.0/24);
-@def $EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN_IPV6 = (2001:df2:e500:103::/64);
-@def $EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN = ($EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN_IPV4 $EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN_IPV6 );
-
-# Realm: production, # Site: eqsin, # Sphere: public, # Network: public1-eqsin
-@def $EQSIN_PUBLIC_PUBLIC1_EQSIN_IPV4 = (103.102.166.0/28);
-@def $EQSIN_PUBLIC_PUBLIC1_EQSIN_IPV6 = (2001:df2:e500:1::/64);
-@def $EQSIN_PUBLIC_PUBLIC1_EQSIN = ($EQSIN_PUBLIC_PUBLIC1_EQSIN_IPV4 $EQSIN_PUBLIC_PUBLIC1_EQSIN_IPV6 );
-
-# Realm: production, # Site: eqsin, # Sphere: public, # Network: public1-lvs-eqsin
-@def $EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN_IPV4 = (103.102.166.224/27);
-@def $EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN_IPV6 = (2001:df2:e500:ed1a::/64);
-@def $EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN = ($EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN_IPV4 $EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN_IPV6 );
-
-# Realm: production, # Site: eqsin, # Sphere: public, # Network: public1-virtual-eqsin
-@def $EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN_IPV4 = (103.102.166.96/27);
-@def $EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN_IPV6 = (2001:df2:e500:3::/64);
-@def $EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN = ($EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN_IPV4 $EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN_IPV6 );
-
-# Realm: production, # Site: esams, # Sphere: private, # Network: private1-bw27-esams
-@def $ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS_IPV4 = (10.80.0.0/24);
-@def $ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS_IPV6 = (2a02:ec80:300:101::/64);
-@def $ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS = ($ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS_IPV4 $ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS_IPV6 );
-
-# Realm: production, # Site: esams, # Sphere: private, # Network: private1-by27-esams
-@def $ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS_IPV4 = (10.80.1.0/24);
-@def $ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS_IPV6 = (2a02:ec80:300:102::/64);
-@def $ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS = ($ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS_IPV4 $ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS_IPV6 );
-
-# Realm: production, # Site: esams, # Sphere: private, # Network: private1-lvs-esams
-@def $ESAMS_PRIVATE_PRIVATE1_LVS_ESAMS_IPV4 = (10.2.3.0/24);
-@def $ESAMS_PRIVATE_PRIVATE1_LVS_ESAMS = ($ESAMS_PRIVATE_PRIVATE1_LVS_ESAMS_IPV4 );
-
-# Realm: production, # Site: esams, # Sphere: private, # Network: private1-virtual-esams
-@def $ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS_IPV4 = (10.80.2.0/24);
-@def $ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS_IPV6 = (2a02:ec80:300:103::/64);
-@def $ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS = ($ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS_IPV4 $ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS_IPV6 );
-
-# Realm: production, # Site: esams, # Sphere: public, # Network: public1-bw27-esams
-@def $ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS_IPV4 = (185.15.59.0/27);
-@def $ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS_IPV6 = (2a02:ec80:300:1::/64);
-@def $ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS = ($ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS_IPV4 $ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS_IPV6 );
-
-# Realm: production, # Site: esams, # Sphere: public, # Network: public1-by27-esams
-@def $ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS_IPV4 = (185.15.59.32/27);
-@def $ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS_IPV6 = (2a02:ec80:300:2::/64);
-@def $ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS = ($ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS_IPV4 $ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS_IPV6 );
-
-# Realm: production, # Site: esams, # Sphere: public, # Network: public1-lvs-esams
-@def $ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS_IPV4 = (185.15.59.224/27);
-@def $ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS_IPV6 = (2a02:ec80:300:ed1a::/64);
-@def $ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS = ($ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS_IPV4 $ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS_IPV6 );
-
-# Realm: production, # Site: esams, # Sphere: public, # Network: public1-virtual-esams
-@def $ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS_IPV4 = (185.15.59.96/27);
-@def $ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS_IPV6 = (2a02:ec80:300:3::/64);
-@def $ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS = ($ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS_IPV4 $ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS_IPV6 );
-
-# Realm: production, # Site: magru, # Sphere: private, # Network: private1-b3-magru
-@def $MAGRU_PRIVATE_PRIVATE1_B3_MAGRU_IPV4 = (10.140.0.0/24);
-@def $MAGRU_PRIVATE_PRIVATE1_B3_MAGRU_IPV6 = (2a02:ec80:700:101::/64);
-@def $MAGRU_PRIVATE_PRIVATE1_B3_MAGRU = ($MAGRU_PRIVATE_PRIVATE1_B3_MAGRU_IPV4 $MAGRU_PRIVATE_PRIVATE1_B3_MAGRU_IPV6 );
-
-# Realm: production, # Site: magru, # Sphere: private, # Network: private1-b4-magru
-@def $MAGRU_PRIVATE_PRIVATE1_B4_MAGRU_IPV4 = (10.140.1.0/24);
-@def $MAGRU_PRIVATE_PRIVATE1_B4_MAGRU_IPV6 = (2a02:ec80:700:102::/64);
-@def $MAGRU_PRIVATE_PRIVATE1_B4_MAGRU = ($MAGRU_PRIVATE_PRIVATE1_B4_MAGRU_IPV4 $MAGRU_PRIVATE_PRIVATE1_B4_MAGRU_IPV6 );
-
-# Realm: production, # Site: magru, # Sphere: private, # Network: private1-lvs-magru
-@def $MAGRU_PRIVATE_PRIVATE1_LVS_MAGRU_IPV4 = (10.2.7.0/24);
-@def $MAGRU_PRIVATE_PRIVATE1_LVS_MAGRU = ($MAGRU_PRIVATE_PRIVATE1_LVS_MAGRU_IPV4 );
-
-# Realm: production, # Site: magru, # Sphere: private, # Network: private1-virtual-magru
-@def $MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU_IPV4 = (10.140.2.0/24);
-@def $MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU_IPV6 = (2a02:ec80:700:103::/64);
-@def $MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU = ($MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU_IPV4 $MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU_IPV6 );
-
-# Realm: production, # Site: magru, # Sphere: public, # Network: public1-b3-magru
-@def $MAGRU_PUBLIC_PUBLIC1_B3_MAGRU_IPV4 = (195.200.68.0/27);
-@def $MAGRU_PUBLIC_PUBLIC1_B3_MAGRU_IPV6 = (2a02:ec80:700:1::/64);
-@def $MAGRU_PUBLIC_PUBLIC1_B3_MAGRU = ($MAGRU_PUBLIC_PUBLIC1_B3_MAGRU_IPV4 $MAGRU_PUBLIC_PUBLIC1_B3_MAGRU_IPV6 );
-
-# Realm: production, # Site: magru, # Sphere: public, # Network: public1-b4-magru
-@def $MAGRU_PUBLIC_PUBLIC1_B4_MAGRU_IPV4 = (195.200.68.32/27);
-@def $MAGRU_PUBLIC_PUBLIC1_B4_MAGRU_IPV6 = (2a02:ec80:700:2::/64);
-@def $MAGRU_PUBLIC_PUBLIC1_B4_MAGRU = ($MAGRU_PUBLIC_PUBLIC1_B4_MAGRU_IPV4 $MAGRU_PUBLIC_PUBLIC1_B4_MAGRU_IPV6 );
-
-# Realm: production, # Site: magru, # Sphere: public, # Network: public1-lvs-magru
-@def $MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU_IPV4 = (195.200.68.224/27);
-@def $MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU_IPV6 = (2a02:ec80:700:ed1a::/64);
-@def $MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU = ($MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU_IPV4 $MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU_IPV6 );
-
-# Realm: production, # Site: magru, # Sphere: public, # Network: public1-virtual-magru
-@def $MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU_IPV4 = (195.200.68.96/27);
-@def $MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU_IPV6 = (2a02:ec80:700:3::/64);
-@def $MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU = ($MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU_IPV4 $MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU_IPV6 );
-
-# Realm: production, # Site: ulsfo, # Sphere: private, # Network: private1-22-ulsfo
-@def $ULSFO_PRIVATE_PRIVATE1_22_ULSFO_IPV4 = (10.128.0.0/24);
-@def $ULSFO_PRIVATE_PRIVATE1_22_ULSFO_IPV6 = (2620:0:863:101::/64);
-@def $ULSFO_PRIVATE_PRIVATE1_22_ULSFO = ($ULSFO_PRIVATE_PRIVATE1_22_ULSFO_IPV4 $ULSFO_PRIVATE_PRIVATE1_22_ULSFO_IPV6 );
-
-# Realm: production, # Site: ulsfo, # Sphere: private, # Network: private1-23-ulsfo
-@def $ULSFO_PRIVATE_PRIVATE1_23_ULSFO_IPV4 = (10.128.1.0/24);
-@def $ULSFO_PRIVATE_PRIVATE1_23_ULSFO_IPV6 = (2620:0:863:102::/64);
-@def $ULSFO_PRIVATE_PRIVATE1_23_ULSFO = ($ULSFO_PRIVATE_PRIVATE1_23_ULSFO_IPV4 $ULSFO_PRIVATE_PRIVATE1_23_ULSFO_IPV6 );
-
-# Realm: production, # Site: ulsfo, # Sphere: private, # Network: private1-lvs-ulsfo
-@def $ULSFO_PRIVATE_PRIVATE1_LVS_ULSFO_IPV4 = (10.2.4.0/24);
-@def $ULSFO_PRIVATE_PRIVATE1_LVS_ULSFO = ($ULSFO_PRIVATE_PRIVATE1_LVS_ULSFO_IPV4 );
-
-# Realm: production, # Site: ulsfo, # Sphere: private, # Network: private1-virtual-ulsfo
-@def $ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO_IPV4 = (10.128.2.0/24);
-@def $ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO_IPV6 = (2620:0:863:103::/64);
-@def $ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO = ($ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO_IPV4 $ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO_IPV6 );
-
-# Realm: production, # Site: ulsfo, # Sphere: public, # Network: public1-22-ulsfo
-@def $ULSFO_PUBLIC_PUBLIC1_22_ULSFO_IPV4 = (198.35.26.0/27);
-@def $ULSFO_PUBLIC_PUBLIC1_22_ULSFO_IPV6 = (2620:0:863:1::/64);
-@def $ULSFO_PUBLIC_PUBLIC1_22_ULSFO = ($ULSFO_PUBLIC_PUBLIC1_22_ULSFO_IPV4 $ULSFO_PUBLIC_PUBLIC1_22_ULSFO_IPV6 );
-
-# Realm: production, # Site: ulsfo, # Sphere: public, # Network: public1-23-ulsfo
-@def $ULSFO_PUBLIC_PUBLIC1_23_ULSFO_IPV4 = (198.35.26.32/27);
-@def $ULSFO_PUBLIC_PUBLIC1_23_ULSFO_IPV6 = (2620:0:863:2::/64);
-@def $ULSFO_PUBLIC_PUBLIC1_23_ULSFO = ($ULSFO_PUBLIC_PUBLIC1_23_ULSFO_IPV4 $ULSFO_PUBLIC_PUBLIC1_23_ULSFO_IPV6 );
-
-# Realm: production, # Site: ulsfo, # Sphere: public, # Network: public1-lvs-ulsfo
-@def $ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO_IPV4 = (198.35.26.96/27);
-@def $ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO_IPV6 = (2620:0:863:ed1a::/64);
-@def $ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO = ($ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO_IPV4 $ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO_IPV6 );
-
-# Realm: production, # Site: ulsfo, # Sphere: public, # Network: public1-virtual-ulsfo
-@def $ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO_IPV4 = (198.35.26.96/27);
-@def $ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO_IPV6 = (2620:0:863:3::/64);
-@def $ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO = ($ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO_IPV4 $ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO_IPV6 );
-
-# Realm: sandbox, # Site: codfw, # Sphere: public, # Network: sandbox1-a-codfw
-@def $CODFW_PUBLIC_SANDBOX1_A_CODFW_IPV4 = (208.80.152.240/28);
-@def $CODFW_PUBLIC_SANDBOX1_A_CODFW_IPV6 = (2620:0:860:201::/64);
-@def $CODFW_PUBLIC_SANDBOX1_A_CODFW = ($CODFW_PUBLIC_SANDBOX1_A_CODFW_IPV4 $CODFW_PUBLIC_SANDBOX1_A_CODFW_IPV6 );
-
-# Realm: sandbox, # Site: eqiad, # Sphere: public, # Network: sandbox1-b-eqiad
-@def $EQIAD_PUBLIC_SANDBOX1_B_EQIAD_IPV4 = (208.80.155.64/28);
-@def $EQIAD_PUBLIC_SANDBOX1_B_EQIAD_IPV6 = (2620:0:861:202::/64);
-@def $EQIAD_PUBLIC_SANDBOX1_B_EQIAD = ($EQIAD_PUBLIC_SANDBOX1_B_EQIAD_IPV4 $EQIAD_PUBLIC_SANDBOX1_B_EQIAD_IPV6 );
-
-# Realm: sandbox, # Site: eqsin, # Sphere: public, # Network: sandbox1-virtual-eqsin
-@def $EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN_IPV4 = (103.102.166.72/29);
-@def $EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN_IPV6 = (2001:df2:e500:202::/64);
-@def $EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN = ($EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN_IPV4 $EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN_IPV6 );
-
-# Realm: sandbox, # Site: esams, # Sphere: public, # Network: sandbox1-virtual-esams
-@def $ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS_IPV4 = (185.15.59.72/29);
-@def $ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS_IPV6 = (2a02:ec80:300:202::/64);
-@def $ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS = ($ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS_IPV4 $ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS_IPV6 );
-
-# Realm: sandbox, # Site: magru, # Sphere: public, # Network: sandbox1-virtual-magru
-@def $MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU_IPV4 = (195.200.68.64/29);
-@def $MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU_IPV6 = (2a02:ec80:700:201::/64);
-@def $MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU = ($MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU_IPV4 $MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU_IPV6 );
-
-# Realm: sandbox, # Site: ulsfo, # Sphere: public, # Network: sandbox1-ulsfo
-@def $ULSFO_PUBLIC_SANDBOX1_ULSFO_IPV4 = (198.35.26.240/28);
-@def $ULSFO_PUBLIC_SANDBOX1_ULSFO_IPV6 = (2620:0:863:201::/64);
-@def $ULSFO_PUBLIC_SANDBOX1_ULSFO = ($ULSFO_PUBLIC_SANDBOX1_ULSFO_IPV4 $ULSFO_PUBLIC_SANDBOX1_ULSFO_IPV6 );

Systemd::Unit[prometheus-node-textfile-check-nft.service]

Parameters differences:

--- Systemd::Unit[prometheus-node-textfile-check-nft.service].orig
+++ Systemd::Unit[prometheus-node-textfile-check-nft.service]

+    require           => ['Class[Systemd]']
+    override          => False
+    ensure            => present
+    restart           => False
+    unit              => prometheus-node-textfile-check-nft.service
+    override_filename => puppet-override.conf

Nftables::Set[INSTALL_HOSTS]

Parameters differences:

--- Nftables::Set[INSTALL_HOSTS].orig
+++ Nftables::Set[INSTALL_HOSTS]

+    ensure => present
+    hosts  => ['208.80.154.134', '208.80.153.70', '185.15.59.101', '198.35.26.98', '103.102.166.11', '185.15.58.7', '195.200.68.100', '2620:0:861:2:208:80:154:134', '2620:0:860:3:208:80:153:70', '2a02:ec80:300:3:185:15:59:101', '2620:0:863:3:198:35:26:98', '2001:df2:e500:1:103:102:166:11', '2a02:ec80:600:1:185:15:58:7', '2a02:ec80:700:3:195:200:68:100']

File[/usr/local/bin/check-nft]

Parameters differences:

--- File[/usr/local/bin/check-nft].orig
+++ File[/usr/local/bin/check-nft]

+    group  => root
+    mode   => 0555
+    ensure => present
+    owner  => root
+    source => puppet:///modules/profile/firewall/check_nftables.py

File[/etc/nftables/notrack]

Parameters differences:

--- File[/etc/nftables/notrack].orig
+++ File[/etc/nftables/notrack]

+    purge   => True
+    group   => root
+    recurse => True
+    ensure  => directory
+    owner   => root

Monitoring::Exported_nagios_service[pki2002 ferm_active]

Parameters differences:

--- Monitoring::Exported_nagios_service[pki2002 ferm_active].orig
+++ Monitoring::Exported_nagios_service[pki2002 ferm_active]

-    check_freshness        => 0
-    notification_period    => 24x7
-    servicegroups          => pki_codfw
-    passive_checks_enabled => 1
-    retry_interval         => 1
-    host_name              => pki2002
-    contact_groups         => admins
-    check_command          => nrpe_check!check_ferm_active!10
-    notification_interval  => 0
-    check_interval         => 30
-    notifications_enabled  => 1
-    notification_options   => c,r,f
-    notes_url              => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm
-    ensure                 => present
-    service_description    => Check whether ferm is active by checking the default input chain
-    active_checks_enabled  => 1
-    max_check_attempts     => 3
-    is_volatile            => 0
-    check_period           => 24x7

File[/etc/ferm/conf.d]

Parameters differences:

--- File[/etc/ferm/conf.d].orig
+++ File[/etc/ferm/conf.d]

-    purge   => True
-    mode    => 0551
-    recurse => True
-    notify  => Service[ferm]
-    force   => True
-    ensure  => directory
-    group   => adm
-    require => Package[ferm]
-    ignore  => ['.*']
-    owner   => root

Class[Profile::Apt]

Parameters differences:

--- Class[Profile::Apt].orig
+++ Class[Profile::Apt]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[atop]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[apache2]', 'Package[links]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[python3-pymysql]', 'Package[python3-cryptography]']
+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[atop]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[apache2]', 'Package[links]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[python3-pymysql]', 'Package[python3-cryptography]']

File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/FRACK_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/FRACK_NETWORKS_ipv6.nft
@@ -0,0 +1,4 @@
+# Autogenerated by puppet
+set FRACK_NETWORKS_ipv6 {
+    type ipv6_addr
+}

Ferm::Service[full_monitoring_metrics_access_tcp]

Parameters differences:

--- Ferm::Service[full_monitoring_metrics_access_tcp].orig
+++ Ferm::Service[full_monitoring_metrics_access_tcp]

-    notrack             => False
-    srange              => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']
-    prio                => 10
-    ensure              => present
-    port_range          => [1, 65535]
-    unrestricted_access => False
-    proto               => tcp
-    desc                =>

File[/etc/ferm/conf.d/10_ssh_from_bastion]

Parameters differences:

--- File[/etc/ferm/conf.d/10_ssh_from_bastion].orig
+++ File[/etc/ferm/conf.d/10_ssh_from_bastion]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/10_ssh_from_bastion.orig
+++ /etc/ferm/conf.d/10_ssh_from_bastion
@@ -1,6 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 
-&R_SERVICE(tcp, 22, (103.102.166.103 185.15.58.6 185.15.59.99 195.200.68.99 198.35.26.104 2001:df2:e500:3:103:102:166:103 208.80.153.110 208.80.154.7 2620:0:860:4:208:80:153:110 2620:0:861:1:208:80:154:7 2620:0:863:3:198:35:26:104 2a02:ec80:300:3:185:15:59:99 2a02:ec80:600:1:185:15:58:6 2a02:ec80:700:3:195:200:68:99));
-
-

File[/etc/ulogd.conf]

Parameters differences:

--- File[/etc/ulogd.conf].orig
+++ File[/etc/ulogd.conf]

-    ensure => file
-    owner  => root
-    group  => root
-    notify => Service[ulogd2]

Content differences:

--- /etc/ulogd.conf.orig
+++ /etc/ulogd.conf
@@ -1,71 +0,0 @@
-# MANAGED BY PUPPET
-[global]
-logfile=syslog
-loglevel=3
-
-
-stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,syslog1:SYSLOG
-
-
-
-
-[ct1]
-
-[ct2]
-hash_enable=0
-
-[mark]
-
-[log1]
-group=0
-
-[log2]
-group=1
-
-[log3]
-group=2
-
-[logemu1]
-sync=1
-file=/var/log/ulog/syslogemu.log
-
-[emunfct1]
-sync=1
-file=/var/log/ulog/syslogemu_nfct.log
-
-[json1]
-sync=1
-file=/var/log/ulog/ulogd.json
-
-[jsonnfct1]
-sync=1
-file=/var/log/ulog/ulogd_nfct.json
-
-
-[oprint1]
-sync=1
-file=/var/log/ulog/oprint.log
-
-[gprint1]
-sync=1
-file=/var/log/ulog/gprint.log
-
-[json1]
-sync=1
-file=/var/log/ulog/ulogd.json
-
-[xml1]
-sync=1
-file=/var/log/ulog/
-
-[pcap1]
-sync=1
-file=
-
-[nacct1]
-sync=1
-file=
-
-[syslog1]
-facility=LOG_LOCAL7
-level=LOG_INFO

Service[nftables]

Parameters differences:

--- Service[nftables].orig
+++ Service[nftables]

+    ensure     => running
+    restart    => /usr/bin/systemctl reload nftables
+    enable     => True
+    hasrestart => True

Nftables::Set[LINK_LOCAL]

Parameters differences:

--- Nftables::Set[LINK_LOCAL].orig
+++ Nftables::Set[LINK_LOCAL]

+    ensure => present
+    hosts  => ['169.254.0.0/16', 'fe80::/10']

Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]

Parameters differences:

--- Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS].orig
+++ Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]

+    ensure => present
+    hosts  => ['10.67.128.0/17', '2620:0:861:cabe::/64', '10.194.128.0/17', '2620:0:860:cabe::/64']

File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set DSE_KUBEPODS_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.67.24.0/21,
+             10.192.96.0/21
+    }
+}

File[/etc/nftables.conf]

Parameters differences:

--- File[/etc/nftables.conf].orig
+++ File[/etc/nftables.conf]

+    ensure => absent
+    owner  => root
+    group  => root

File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft.orig
+++ /etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft
@@ -0,0 +1,191 @@
+# Autogenerated by puppet
+set LOAD_BALANCER_HEALTH_CHECKS_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.0.136,
+             10.64.16.60,
+             10.64.158.19,
+             10.64.166.19,
+             10.64.133.19,
+             10.64.141.19,
+             10.64.169.19,
+             10.64.171.19,
+             10.64.173.19,
+             10.64.175.19,
+             10.64.177.19,
+             10.64.179.19,
+             10.64.181.19,
+             10.64.183.19,
+             10.64.185.19,
+             10.64.187.19,
+             10.64.189.19,
+             10.64.48.72,
+             10.64.37.17,
+             10.64.1.17,
+             10.64.17.17,
+             10.64.33.17,
+             10.64.130.20,
+             10.64.131.20,
+             10.64.132.20,
+             10.64.134.20,
+             10.64.135.20,
+             10.64.136.20,
+             10.64.158.20,
+             10.64.166.20,
+             10.64.133.20,
+             10.64.141.20,
+             10.64.169.20,
+             10.64.171.20,
+             10.64.173.20,
+             10.64.175.20,
+             10.64.177.20,
+             10.64.179.20,
+             10.64.181.20,
+             10.64.183.20,
+             10.64.185.20,
+             10.64.187.20,
+             10.64.189.20,
+             10.192.23.8,
+             10.192.0.29,
+             10.192.17.8,
+             10.192.33.8,
+             10.192.49.8,
+             10.192.23.2,
+             10.192.5.2,
+             10.192.6.2,
+             10.192.7.2,
+             10.192.8.2,
+             10.192.9.2,
+             10.192.10.2,
+             10.192.11.2,
+             10.192.12.2,
+             10.192.13.2,
+             10.192.14.2,
+             10.192.15.2,
+             10.192.21.2,
+             10.192.22.2,
+             10.192.4.2,
+             10.192.26.2,
+             10.192.27.2,
+             10.192.28.2,
+             10.192.29.2,
+             10.192.30.2,
+             10.192.31.2,
+             10.192.36.2,
+             10.192.37.2,
+             10.192.38.2,
+             10.192.39.2,
+             10.192.40.2,
+             10.192.41.2,
+             10.192.42.2,
+             10.192.43.2,
+             10.192.11.8,
+             10.192.16.140,
+             10.192.1.8,
+             10.192.33.9,
+             10.192.49.9,
+             10.192.23.3,
+             10.192.5.3,
+             10.192.6.3,
+             10.192.7.3,
+             10.192.8.3,
+             10.192.9.3,
+             10.192.10.3,
+             10.192.11.3,
+             10.192.12.3,
+             10.192.13.3,
+             10.192.14.3,
+             10.192.15.3,
+             10.192.21.3,
+             10.192.22.3,
+             10.192.4.3,
+             10.192.26.3,
+             10.192.27.3,
+             10.192.28.3,
+             10.192.29.3,
+             10.192.30.3,
+             10.192.31.3,
+             10.192.36.3,
+             10.192.37.3,
+             10.192.38.3,
+             10.192.39.4,
+             10.192.40.3,
+             10.192.41.3,
+             10.192.42.3,
+             10.192.43.3,
+             10.192.32.14,
+             10.192.1.9,
+             10.192.17.9,
+             10.192.49.10,
+             10.192.23.4,
+             10.192.5.4,
+             10.192.6.4,
+             10.192.7.4,
+             10.192.8.4,
+             10.192.9.4,
+             10.192.10.4,
+             10.192.11.4,
+             10.192.12.4,
+             10.192.13.4,
+             10.192.14.4,
+             10.192.15.4,
+             10.192.21.4,
+             10.192.22.4,
+             10.192.4.5,
+             10.192.26.5,
+             10.192.27.5,
+             10.192.28.5,
+             10.192.29.5,
+             10.192.30.5,
+             10.192.31.5,
+             10.192.36.5,
+             10.192.37.5,
+             10.192.38.5,
+             10.192.39.6,
+             10.192.40.5,
+             10.192.41.5,
+             10.192.42.5,
+             10.192.43.5,
+             10.192.48.213,
+             10.192.1.13,
+             10.192.17.10,
+             10.192.33.10,
+             10.192.23.5,
+             10.192.5.8,
+             10.192.6.5,
+             10.192.7.5,
+             10.192.8.5,
+             10.192.9.5,
+             10.192.10.5,
+             10.192.11.5,
+             10.192.12.5,
+             10.192.13.5,
+             10.192.14.5,
+             10.192.15.5,
+             10.192.21.5,
+             10.192.22.5,
+             10.80.0.3,
+             10.80.1.8,
+             10.80.1.14,
+             10.80.0.9,
+             10.80.0.2,
+             10.80.1.10,
+             10.128.0.18,
+             10.128.0.9,
+             10.128.0.11,
+             10.132.0.39,
+             10.132.0.6,
+             10.132.0.7,
+             10.136.0.16,
+             10.136.1.19,
+             10.136.1.15,
+             10.136.0.19,
+             10.136.0.17,
+             10.136.1.20,
+             10.140.0.13,
+             10.140.1.2,
+             10.140.1.14,
+             10.140.0.2,
+             10.140.0.14,
+             10.140.1.3
+    }
+}

File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft].orig
+++ File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/NETWORK_INFRA_ipv4.nft.orig
+++ /etc/nftables/sets/NETWORK_INFRA_ipv4.nft
@@ -0,0 +1,19 @@
+# Autogenerated by puppet
+set NETWORK_INFRA_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 185.15.59.128/27,
+             198.35.26.128/27,
+             208.80.153.192/27,
+             10.192.255.0/24,
+             10.192.253.0/24,
+             208.80.154.192/27,
+             10.64.146.0/24,
+             10.64.168.0/24,
+             10.64.147.0/24,
+             103.102.166.128/27,
+             185.15.58.128/27,
+             195.200.68.128/27
+    }
+}

File[/etc/ferm/conf.d/99_dscp-default]

Parameters differences:

--- File[/etc/ferm/conf.d/99_dscp-default].orig
+++ File[/etc/ferm/conf.d/99_dscp-default]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/99_dscp-default.orig
+++ /etc/ferm/conf.d/99_dscp-default
@@ -1,11 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 99_dscp-default: 
-
-domain (ip ip6) {
-	table mangle {
-		chain POSTROUTING {
-			DSCP set-dscp-class CS0;
-		}
-	}
-}

Logrotate::Conf[wmf_auto_restart_ulogd2]

Parameters differences:

--- Logrotate::Conf[wmf_auto_restart_ulogd2].orig
+++ Logrotate::Conf[wmf_auto_restart_ulogd2]

-    ensure => present

File[/etc/nagios/nrpe.d/check_ferm_active.cfg]

Parameters differences:

--- File[/etc/nagios/nrpe.d/check_ferm_active.cfg].orig
+++ File[/etc/nagios/nrpe.d/check_ferm_active.cfg]

-    group   => root
-    mode    => 0444
-    require => Package[nagios-nrpe-server]
-    notify  => Service[nagios-nrpe-server]
-    ensure  => present
-    owner   => root
-    tag     => nrpe::check

Content differences:

--- /etc/nagios/nrpe.d/check_ferm_active.cfg.orig
+++ /etc/nagios/nrpe.d/check_ferm_active.cfg
@@ -1,2 +0,0 @@
-# File generated by puppet. DO NOT edit by hand
-command[check_ferm_active]=/usr/bin/sudo /usr/local/lib/nagios/plugins/check_ferm

File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set WIKIKUBE_KUBEPODS_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:861:cabe::/64,
+             2620:0:860:cabe::/64
+    }
+}

Systemd::Unmask[nftables.service]

Parameters differences:

--- Systemd::Unmask[nftables.service].orig
+++ Systemd::Unmask[nftables.service]

+    refreshonly => False
+    unit        => nftables.service

Systemd::Unit[nrpe2nodexp-ferm_active.service]

Parameters differences:

--- Systemd::Unit[nrpe2nodexp-ferm_active.service].orig
+++ Systemd::Unit[nrpe2nodexp-ferm_active.service]

-    require           => ['Class[Systemd]']
-    override          => False
-    ensure            => present
-    restart           => False
-    unit              => nrpe2nodexp-ferm_active.service
-    override_filename => puppet-override.conf

File[/etc/default/ferm]

Parameters differences:

--- File[/etc/default/ferm].orig
+++ File[/etc/default/ferm]

-    group   => root
-    mode    => 0400
-    require => Package[ferm]
-    notify  => Service[ferm]
-    ensure  => file
-    owner   => root
-    source  => puppet:///modules/ferm/ferm.default

Systemd::Timer[wmf_auto_restart_ulogd2]

Parameters differences:

--- Systemd::Timer[wmf_auto_restart_ulogd2].orig
+++ Systemd::Timer[wmf_auto_restart_ulogd2]

-    accuracy           => 15sec
-    unit_name          => wmf_auto_restart_ulogd2.service
-    fixed_random_delay => False
-    ensure             => present
-    splay              => 0
-    timer_intervals    => [{'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 4:8:00'}]

File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set WIKIKUBE_KUBEPODS_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.67.128.0/17,
+             10.194.128.0/17
+    }
+}

File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft.orig
+++ /etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set LABSTORE_HOSTS_ipv4 {
+    type ipv4_addr
+    elements = { 208.80.154.142,
+             208.80.154.71
+    }
+}

Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]

Parameters differences:

--- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)].orig
+++ Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]

-    command     => /bin/systemctl daemon-reload
-    refreshonly => True

Logrotate::Conf[prometheus-node-textfile-check-nft]

Parameters differences:

--- Logrotate::Conf[prometheus-node-textfile-check-nft].orig
+++ Logrotate::Conf[prometheus-node-textfile-check-nft]

+    ensure => present

Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS]

Parameters differences:

--- Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS].orig
+++ Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS]

+    ensure => present
+    hosts  => ['10.64.0.136', '10.64.16.60', '10.64.158.19', '10.64.166.19', '10.64.133.19', '10.64.141.19', '10.64.169.19', '10.64.171.19', '10.64.173.19', '10.64.175.19', '10.64.177.19', '10.64.179.19', '10.64.181.19', '10.64.183.19', '10.64.185.19', '10.64.187.19', '10.64.189.19', '10.64.48.72', '10.64.37.17', '10.64.1.17', '10.64.17.17', '10.64.33.17', '10.64.130.20', '10.64.131.20', '10.64.132.20', '10.64.134.20', '10.64.135.20', '10.64.136.20', '10.64.158.20', '10.64.166.20', '10.64.133.20', '10.64.141.20', '10.64.169.20', '10.64.171.20', '10.64.173.20', '10.64.175.20', '10.64.177.20', '10.64.179.20', '10.64.181.20', '10.64.183.20', '10.64.185.20', '10.64.187.20', '10.64.189.20', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:107::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:119::/64', '2620:0:861:10c::/64', '2620:0:861:113::/64', '2620:0:861:119::/64', '2620:0:861:131::/64', '2620:0:861:133::/64', '2620:0:861:135::/64', '2620:0:861:137::/64', '2620:0:861:139::/64', '2620:0:861:13b::/64', '2620:0:861:13d::/64', '2620:0:861:13f::/64', '2620:0:861:142::/64', '2620:0:861:144::/64', '10.192.23.8', '10.192.0.29', '10.192.17.8', '10.192.33.8', '10.192.49.8', '10.192.23.2', '10.192.5.2', '10.192.6.2', '10.192.7.2', '10.192.8.2', '10.192.9.2', '10.192.10.2', '10.192.11.2', '10.192.12.2', '10.192.13.2', '10.192.14.2', '10.192.15.2', '10.192.21.2', '10.192.22.2', '10.192.4.2', '10.192.26.2', '10.192.27.2', '10.192.28.2', '10.192.29.2', '10.192.30.2', '10.192.31.2', '10.192.36.2', '10.192.37.2', '10.192.38.2', '10.192.39.2', '10.192.40.2', '10.192.41.2', '10.192.42.2', '10.192.43.2', '10.192.11.8', '10.192.16.140', '10.192.1.8', '10.192.33.9', '10.192.49.9', '10.192.23.3', '10.192.5.3', '10.192.6.3', '10.192.7.3', '10.192.8.3', '10.192.9.3', '10.192.10.3', '10.192.11.3', '10.192.12.3', '10.192.13.3', '10.192.14.3', '10.192.15.3', '10.192.21.3', '10.192.22.3', '10.192.4.3', '10.192.26.3', '10.192.27.3', '10.192.28.3', '10.192.29.3', '10.192.30.3', '10.192.31.3', '10.192.36.3', '10.192.37.3', '10.192.38.3', '10.192.39.4', '10.192.40.3', '10.192.41.3', '10.192.42.3', '10.192.43.3', '10.192.32.14', '10.192.1.9', '10.192.17.9', '10.192.49.10', '10.192.23.4', '10.192.5.4', '10.192.6.4', '10.192.7.4', '10.192.8.4', '10.192.9.4', '10.192.10.4', '10.192.11.4', '10.192.12.4', '10.192.13.4', '10.192.14.4', '10.192.15.4', '10.192.21.4', '10.192.22.4', '10.192.4.5', '10.192.26.5', '10.192.27.5', '10.192.28.5', '10.192.29.5', '10.192.30.5', '10.192.31.5', '10.192.36.5', '10.192.37.5', '10.192.38.5', '10.192.39.6', '10.192.40.5', '10.192.41.5', '10.192.42.5', '10.192.43.5', '10.192.48.213', '10.192.1.13', '10.192.17.10', '10.192.33.10', '10.192.23.5', '10.192.5.8', '10.192.6.5', '10.192.7.5', '10.192.8.5', '10.192.9.5', '10.192.10.5', '10.192.11.5', '10.192.12.5', '10.192.13.5', '10.192.14.5', '10.192.15.5', '10.192.21.5', '10.192.22.5', '10.192.4.5', '10.192.26.5', '10.192.27.5', '10.192.28.5', '10.192.29.5', '10.192.30.5', '10.192.31.5', '10.192.36.5', '10.192.37.5', '10.192.38.5', '10.192.39.6', '10.192.40.5', '10.192.41.5', '10.192.42.5', '10.192.43.5', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '10.80.0.3', '10.80.1.8', '10.80.1.14', '10.80.0.9', '10.80.0.2', '10.80.1.10', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '10.128.0.18', '10.128.0.9', '10.128.0.11', '2620:0:863:101::/64', '10.132.0.39', '10.132.0.6', '10.132.0.7', '2001:df2:e500:101::/64', '10.136.0.16', '10.136.1.19', '10.136.1.15', '10.136.0.19', '10.136.0.17', '10.136.1.20', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '10.140.0.13', '10.140.1.2', '10.140.1.14', '10.140.0.2', '10.140.0.14', '10.140.1.3', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64']

Nftables::Set[CLOUD_PRIVATE_NETWORKS]

Parameters differences:

--- Nftables::Set[CLOUD_PRIVATE_NETWORKS].orig
+++ Nftables::Set[CLOUD_PRIVATE_NETWORKS]

+    ensure => present
+    hosts  => ['172.20.1.0/24', '172.20.2.0/24', '172.20.3.0/24', '172.20.4.0/24', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '172.20.5.0/24', '2a02:ec80:a100:205::/64']

Exec[update_alternative_ip6tables]

Parameters differences:

--- Exec[update_alternative_ip6tables].orig
+++ Exec[update_alternative_ip6tables]

-    command => /usr/bin/update-alternatives --force --set ip6tables /usr/sbin/ip6tables-legacy
-    unless  => /usr/bin/update-alternatives --query ip6tables | /bin/grep 'Value: /usr/sbin/ip6tables-legacy'

Sudo::User[nrpe-check_ferm_active]

Parameters differences:

--- Sudo::User[nrpe-check_ferm_active].orig
+++ Sudo::User[nrpe-check_ferm_active]

-    user       => nagios
-    privileges => ['ALL = (root) NOPASSWD: /usr/local/lib/nagios/plugins/check_ferm']
-    require    => ['Class[Sudo]']
-    ensure     => present
-    tag        => nrpe::check

Nrpe::Monitor_service[ferm_active]

Parameters differences:

--- Nrpe::Monitor_service[ferm_active].orig
+++ Nrpe::Monitor_service[ferm_active]

-    sudo_user                   => root
-    description                 => Check whether ferm is active by checking the default input chain
-    migration_task              => T350694
-    alertmanager_team           => observability
-    retry_interval              => 1
-    timeout                     => 10
-    enable_nrpe2nodexp          => True
-    critical                    => False
-    check_interval              => 30
-    nrpe_command                => /usr/local/lib/nagios/plugins/check_ferm
-    contact_group               => admins
-    notes_url                   => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm
-    ensure                      => present
-    enable_icinga_check         => True
-    retries                     => 3
-    nrpe2nodexp_parse_perf_data => False

Ferm::Conf[main]

Parameters differences:

--- Ferm::Conf[main].orig
+++ Ferm::Conf[main]

-    ensure => present
-    prio   => 02
-    source => puppet:///modules/base/firewall/main-input-default-drop.conf

Nftables::Set[CACHES]

Parameters differences:

--- Nftables::Set[CACHES].orig
+++ Nftables::Set[CACHES]

+    ensure => present
+    hosts  => ['10.64.0.79', '2620:0:861:101:10:64:0:79', '10.64.0.229', '2620:0:861:101:10:64:0:229', '10.64.0.14', '2620:0:861:101:10:64:0:14', '10.64.0.51', '2620:0:861:101:10:64:0:51', '10.64.16.241', '2620:0:861:102:10:64:16:241', '10.64.16.94', '2620:0:861:102:10:64:16:94', '10.64.16.95', '2620:0:861:102:10:64:16:95', '10.64.16.240', '2620:0:861:102:10:64:16:240', '10.64.32.14', '2620:0:861:103:10:64:32:14', '10.64.32.60', '2620:0:861:103:10:64:32:60', '10.64.32.15', '2620:0:861:103:10:64:32:15', '10.64.32.65', '2620:0:861:103:10:64:32:65', '10.64.48.16', '2620:0:861:107:10:64:48:16', '10.64.48.41', '2620:0:861:107:10:64:48:41', '10.64.48.27', '2620:0:861:107:10:64:48:27', '10.64.48.28', '2620:0:861:107:10:64:48:28', '10.192.23.26', '2620:0:860:113:10:192:23:26', '10.192.6.20', '2620:0:860:107:10:192:6:20', '10.192.12.35', '2620:0:860:10d:10:192:12:35', '10.192.14.25', '2620:0:860:10f:10:192:14:25', '10.192.4.22', '2620:0:860:100:10:192:4:22', '10.192.29.26', '2620:0:860:116:10:192:29:26', '10.192.30.29', '2620:0:860:119:10:192:30:29', '10.192.36.19', '2620:0:860:11b:10:192:36:19', '10.192.40.25', '2620:0:860:11f:10:192:40:25', '10.192.41.21', '2620:0:860:120:10:192:41:21', '10.192.56.3', '2620:0:860:12b:10:192:56:3', '10.192.56.4', '2620:0:860:12b:10:192:56:4', '10.192.57.3', '2620:0:860:12c:10:192:57:3', '10.192.58.2', '2620:0:860:12d:10:192:58:2', '10.192.58.3', '2620:0:860:12d:10:192:58:3', '10.192.59.2', '2620:0:860:12e:10:192:59:2', '10.80.0.14', '2a02:ec80:300:101:10:80:0:14', '10.80.1.11', '2a02:ec80:300:102:10:80:1:11', '10.80.0.13', '2a02:ec80:300:101:10:80:0:13', '10.80.1.9', '2a02:ec80:300:102:10:80:1:9', '10.80.0.12', '2a02:ec80:300:101:10:80:0:12', '10.80.1.7', '2a02:ec80:300:102:10:80:1:7', '10.80.0.11', '2a02:ec80:300:101:10:80:0:11', '10.80.1.6', '2a02:ec80:300:102:10:80:1:6', '10.80.0.10', '2a02:ec80:300:101:10:80:0:10', '10.80.1.5', '2a02:ec80:300:102:10:80:1:5', '10.80.0.8', '2a02:ec80:300:101:10:80:0:8', '10.80.1.4', '2a02:ec80:300:102:10:80:1:4', '10.80.0.7', '2a02:ec80:300:101:10:80:0:7', '10.80.1.3', '2a02:ec80:300:102:10:80:1:3', '10.80.0.6', '2a02:ec80:300:101:10:80:0:6', '10.80.1.2', '2a02:ec80:300:102:10:80:1:2', '10.128.0.19', '2620:0:863:101:10:128:0:19', '10.128.0.27', '2620:0:863:101:10:128:0:27', '10.128.0.22', '2620:0:863:101:10:128:0:22', '10.128.0.28', '2620:0:863:101:10:128:0:28', '10.128.0.25', '2620:0:863:101:10:128:0:25', '10.128.0.29', '2620:0:863:101:10:128:0:29', '10.128.0.26', '2620:0:863:101:10:128:0:26', '10.128.0.31', '2620:0:863:101:10:128:0:31', '10.128.0.14', '2620:0:863:101:10:128:0:14', '10.128.0.35', '2620:0:863:101:10:128:0:35', '10.128.0.21', '2620:0:863:101:10:128:0:21', '10.128.0.36', '2620:0:863:101:10:128:0:36', '10.128.0.24', '2620:0:863:101:10:128:0:24', '10.128.0.10', '2620:0:863:101:10:128:0:10', '10.128.0.37', '2620:0:863:101:10:128:0:37', '10.128.0.12', '2620:0:863:101:10:128:0:12', '10.132.0.17', '2001:df2:e500:101:10:132:0:17', '10.132.0.18', '2001:df2:e500:101:10:132:0:18', '10.132.0.19', '2001:df2:e500:101:10:132:0:19', '10.132.0.24', '2001:df2:e500:101:10:132:0:24', '10.132.0.29', '2001:df2:e500:101:10:132:0:29', '10.132.0.30', '2001:df2:e500:101:10:132:0:30', '10.132.0.34', '2001:df2:e500:101:10:132:0:34', '10.132.0.35', '2001:df2:e500:101:10:132:0:35', '10.132.0.36', '2001:df2:e500:101:10:132:0:36', '10.132.0.37', '2001:df2:e500:101:10:132:0:37', '10.132.0.38', '2001:df2:e500:101:10:132:0:38', '10.132.0.25', '2001:df2:e500:101:10:132:0:25', '10.132.0.26', '2001:df2:e500:101:10:132:0:26', '10.132.0.27', '2001:df2:e500:101:10:132:0:27', '10.132.0.28', '2001:df2:e500:101:10:132:0:28', '10.132.0.16', '2001:df2:e500:101:10:132:0:16', '10.136.0.6', '2a02:ec80:600:101:10:136:0:6', '10.136.1.6', '2a02:ec80:600:102:10:136:1:6', '10.136.0.7', '2a02:ec80:600:101:10:136:0:7', '10.136.1.7', '2a02:ec80:600:102:10:136:1:7', '10.136.0.8', '2a02:ec80:600:101:10:136:0:8', '10.136.1.8', '2a02:ec80:600:102:10:136:1:8', '10.136.0.9', '2a02:ec80:600:101:10:136:0:9', '10.136.1.9', '2a02:ec80:600:102:10:136:1:9', '10.136.0.10', '2a02:ec80:600:101:10:136:0:10', '10.136.1.10', '2a02:ec80:600:102:10:136:1:10', '10.136.0.11', '2a02:ec80:600:101:10:136:0:11', '10.136.1.11', '2a02:ec80:600:102:10:136:1:11', '10.136.0.12', '2a02:ec80:600:101:10:136:0:12', '10.136.1.12', '2a02:ec80:600:102:10:136:1:12', '10.136.0.13', '2a02:ec80:600:101:10:136:0:13', '10.136.1.13', '2a02:ec80:600:102:10:136:1:13', '10.140.0.3', '2a02:ec80:700:101:10:140:0:3', '10.140.1.4', '2a02:ec80:700:102:10:140:1:4', '10.140.0.4', '2a02:ec80:700:101:10:140:0:4', '10.140.1.5', '2a02:ec80:700:102:10:140:1:5', '10.140.0.5', '2a02:ec80:700:101:10:140:0:5', '10.140.1.6', '2a02:ec80:700:102:10:140:1:6', '10.140.0.6', '2a02:ec80:700:101:10:140:0:6', '10.140.1.7', '2a02:ec80:700:102:10:140:1:7', '10.140.0.7', '2a02:ec80:700:101:10:140:0:7', '10.140.1.8', '2a02:ec80:700:102:10:140:1:8', '10.140.0.8', '2a02:ec80:700:101:10:140:0:8', '10.140.1.9', '2a02:ec80:700:102:10:140:1:9', '10.140.0.9', '2a02:ec80:700:101:10:140:0:9', '10.140.1.10', '2a02:ec80:700:102:10:140:1:10', '10.140.0.10', '2a02:ec80:700:101:10:140:0:10', '10.140.1.11', '2a02:ec80:700:102:10:140:1:11']

File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]

Parameters differences:

--- File[/etc/nftables/input/10_ssh-from-cumin-masters.nft].orig
+++ File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]

+    group   => root
+    mode    => 0444
+    require => ['Nftables::Set[CUMIN_MASTERS]']
+    notify  => ['Service[nftables]']
+    ensure  => present
+    owner   => root
+    tag     => nft

Content differences:

--- /etc/nftables/input/10_ssh-from-cumin-masters.nft.orig
+++ /etc/nftables/input/10_ssh-from-cumin-masters.nft
@@ -0,0 +1,4 @@
+# Managed by puppet
+# 
+ip saddr @CUMIN_MASTERS_ipv4 tcp dport { 22 } accept
+ip6 saddr @CUMIN_MASTERS_ipv6 tcp dport { 22 } accept

Class[Profile::Firewall]

Parameters differences:

--- Class[Profile::Firewall].orig
+++ Class[Profile::Firewall]

@@
-    provider => ferm
+    provider => nftables

Package[ulogd2]

Parameters differences:

--- Package[ulogd2].orig
+++ Package[ulogd2]

-    ensure   => installed
-    provider => apt

File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft.orig
+++ /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft
@@ -0,0 +1,11 @@
+# Autogenerated by puppet
+set ZOOKEEPER_FLINK_HOSTS_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.16.9,
+             10.64.0.8,
+             10.64.32.41,
+             10.192.16.227,
+             10.192.32.179,
+             10.192.48.219
+    }
+}

Nrpe::Plugin[check_ferm]

Parameters differences:

--- Nrpe::Plugin[check_ferm].orig
+++ Nrpe::Plugin[check_ferm]

-    ensure => present
-    source => puppet:///modules/base/firewall/check_ferm

File[/etc/ferm]

Parameters differences:

--- File[/etc/ferm].orig
+++ File[/etc/ferm]

@@
-    ensure => directory
+    ensure => absent

File[/etc/nftables/prerouting]

Parameters differences:

--- File[/etc/nftables/prerouting].orig
+++ File[/etc/nftables/prerouting]

+    purge   => True
+    group   => root
+    recurse => True
+    ensure  => directory
+    owner   => root

File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft.orig
+++ /etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set LABSTORE_HOSTS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:2:208:80:154:142,
+             2620:0:861:3:208:80:154:71
+    }
+}

File[/etc/nftables/sets/INTERNAL_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/INTERNAL_ipv6.nft].orig
+++ File[/etc/nftables/sets/INTERNAL_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/INTERNAL_ipv6.nft.orig
+++ /etc/nftables/sets/INTERNAL_ipv6.nft
@@ -0,0 +1,15 @@
+# Autogenerated by puppet
+set INTERNAL_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:860:100::/56,
+             2620:0:861:100::/56,
+             2620:0:863:100::/56,
+             2a02:ec80:300:100::/56,
+             2a02:ec80:600:100::/56,
+             2a02:ec80:700:100::/56,
+             2001:df2:e500:100::/56,
+             2a02:ec80:ff00:100::/56
+    }
+}

File[/etc/systemd/system/ferm.service.d]

Parameters differences:

--- File[/etc/systemd/system/ferm.service.d].orig
+++ File[/etc/systemd/system/ferm.service.d]

-    ensure => directory
-    owner  => root
-    mode   => 0555
-    group  => root

Nftables::Set[KAFKAMON_HOSTS]

Parameters differences:

--- Nftables::Set[KAFKAMON_HOSTS].orig
+++ Nftables::Set[KAFKAMON_HOSTS]

+    ensure => present
+    hosts  => ['10.64.32.11', '2620:0:861:103:10:64:32:11', '10.192.16.139', '2620:0:860:102:10:192:16:139']

File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf].orig
+++ File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf]

+    group  => root
+    mode   => 0444
+    notify => Service[rsyslog]
+    ensure => present
+    owner  => root

Content differences:

--- /etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf.orig
+++ /etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf
@@ -0,0 +1,10 @@
+# rsyslog.conf(5) configuration file for services.
+# This file is managed by Puppet.
+if $programname startswith "prometheus-node-textfile-check-nft" then {
+    action(
+        type="omfile" file="/var/log/prometheus-node-textfile-check-nft/syslog.log"
+        fileOwner="root" fileGroup="root"
+        fileCreateMode="0644"
+    )
+    & stop
+}

File[/etc/nftables/input/10_ssh-from-bastion.nft]

Parameters differences:

--- File[/etc/nftables/input/10_ssh-from-bastion.nft].orig
+++ File[/etc/nftables/input/10_ssh-from-bastion.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/input/10_ssh-from-bastion.nft.orig
+++ /etc/nftables/input/10_ssh-from-bastion.nft
@@ -0,0 +1,4 @@
+# Managed by puppet
+# 
+ip saddr { 103.102.166.103, 185.15.58.6, 185.15.59.99, 195.200.68.99, 198.35.26.104, 208.80.153.110, 208.80.154.7 } tcp dport { 22 } accept
+ip6 saddr { 2001:df2:e500:3:103:102:166:103, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:863:3:198:35:26:104, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept

Systemd::Unit[prometheus-node-textfile-check-nft.timer]

Parameters differences:

--- Systemd::Unit[prometheus-node-textfile-check-nft.timer].orig
+++ Systemd::Unit[prometheus-node-textfile-check-nft.timer]

+    require           => ['Class[Systemd]']
+    override          => False
+    ensure            => present
+    restart           => False
+    unit              => prometheus-node-textfile-check-nft.timer
+    override_filename => puppet-override.conf

Alternatives::Select[ip6tables]

Parameters differences:

--- Alternatives::Select[ip6tables].orig
+++ Alternatives::Select[ip6tables]

-    path    => /usr/sbin/ip6tables-legacy
-    require => Package[iptables]

File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft].orig
+++ File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/NETWORK_INFRA_ipv6.nft.orig
+++ /etc/nftables/sets/NETWORK_INFRA_ipv6.nft
@@ -0,0 +1,18 @@
+# Autogenerated by puppet
+set NETWORK_INFRA_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2a02:ec80:300:fe00::/55,
+             2620:0:863:fe00::/55,
+             2620:0:860:fe00::/55,
+             2620:0:860:13f::/64,
+             2620:0:860:139::/64,
+             2620:0:861:fe00::/55,
+             2620:0:861:11b::/128,
+             2620:0:861:130::/64,
+             2001:df2:e500:fe00::/55,
+             2a02:ec80:600:fe00::/55,
+             2a02:ec80:700:fe00::/55
+    }
+}

File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MGMT_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/MGMT_NETWORKS_ipv6.nft
@@ -0,0 +1,4 @@
+# Autogenerated by puppet
+set MGMT_NETWORKS_ipv6 {
+    type ipv6_addr
+}

File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft.orig
+++ /etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft
@@ -0,0 +1,10 @@
+# Autogenerated by puppet
+set DRUID_PUBLIC_HOSTS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:10a:10:64:131:9,
+             2620:0:861:10b:10:64:132:12,
+             2620:0:861:10e:10:64:135:9,
+             2620:0:861:103:10:64:32:101,
+             2620:0:861:107:10:64:48:185
+    }
+}

File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer]

Parameters differences:

--- File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer].orig
+++ File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer]

+    group  => root
+    mode   => 0444
+    notify => Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]
+    ensure => present
+    owner  => root

Content differences:

--- /lib/systemd/system/prometheus-node-textfile-check-nft.timer.orig
+++ /lib/systemd/system/prometheus-node-textfile-check-nft.timer
@@ -0,0 +1,12 @@
+[Unit]
+Description=Periodic execution of prometheus-node-textfile-check-nft.service
+
+[Timer]
+Unit=prometheus-node-textfile-check-nft.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnCalendar=*:0/30
+RandomizedDelaySec=0
+
+[Install]
+WantedBy=multi-user.target

File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft.orig
+++ /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft
@@ -0,0 +1,11 @@
+# Autogenerated by puppet
+set ZOOKEEPER_HOSTS_MAIN_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:101:10:64:0:207,
+             2620:0:861:102:10:64:16:110,
+             2620:0:861:107:10:64:48:154,
+             2620:0:860:102:10:192:16:45,
+             2620:0:860:103:10:192:32:52,
+             2620:0:860:104:10:192:48:59
+    }
+}

Nftables::Set[DRUID_PUBLIC_HOSTS]

Parameters differences:

--- Nftables::Set[DRUID_PUBLIC_HOSTS].orig
+++ Nftables::Set[DRUID_PUBLIC_HOSTS]

+    ensure => present
+    hosts  => ['10.64.131.9', '2620:0:861:10a:10:64:131:9', '10.64.132.12', '2620:0:861:10b:10:64:132:12', '10.64.135.9', '2620:0:861:10e:10:64:135:9', '10.64.32.101', '2620:0:861:103:10:64:32:101', '10.64.48.185', '2620:0:861:107:10:64:48:185']

File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]

Parameters differences:

--- File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp].orig
+++ File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/10_full_monitoring_metrics_access_udp.orig
+++ /etc/ferm/conf.d/10_full_monitoring_metrics_access_udp
@@ -1,6 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 
-&R_SERVICE(udp, 1:65535, (10.192.16.75 10.192.32.67 10.192.39.10 10.192.9.11 208.80.153.42 208.80.154.78 2620:0:860:102:10:192:16:75 2620:0:860:103:10:192:32:67 2620:0:860:10a:10:192:9:11 2620:0:860:11e:10:192:39:10 2620:0:860:2:208:80:153:42 2620:0:861:3:208:80:154:78));
-
-

Systemd::Service[prometheus-node-textfile-check-nft]

Parameters differences:

--- Systemd::Service[prometheus-node-textfile-check-nft].orig
+++ Systemd::Service[prometheus-node-textfile-check-nft]

+    monitoring_enabled       => False
+    migration_task           => T407130
+    ensure                   => present
+    restart                  => False
+    monitoring_critical      => False
+    require                  => Systemd::Unit[prometheus-node-textfile-check-nft.service]
+    override                 => False
+    monitoring_contact_group => admins
+    service_params           => {}
+    unit_type                => timer

Nftables::Set[SANDBOX_NETWORKS]

Parameters differences:

--- Nftables::Set[SANDBOX_NETWORKS].orig
+++ Nftables::Set[SANDBOX_NETWORKS]

+    ensure => present
+    hosts  => ['103.102.166.72/29', '185.15.59.72/29', '195.200.68.64/29', '198.35.26.240/28', '2001:df2:e500:202::/64', '208.80.152.240/28', '208.80.155.64/28', '2620:0:860:201::/64', '2620:0:861:202::/64', '2620:0:863:201::/64', '2a02:ec80:300:202::/64', '2a02:ec80:700:201::/64']

File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft
@@ -0,0 +1,13 @@
+# Autogenerated by puppet
+set SANDBOX_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 103.102.166.72/29,
+             185.15.59.72/29,
+             195.200.68.64/29,
+             198.35.26.240/28,
+             208.80.152.240/28,
+             208.80.155.64/28
+    }
+}

File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft
@@ -0,0 +1,99 @@
+# Autogenerated by puppet
+set MW_APPSERVER_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.64.0.0/22,
+             10.64.130.0/24,
+             10.64.131.0/24,
+             10.64.132.0/24,
+             10.64.133.0/24,
+             10.64.134.0/24,
+             10.64.135.0/24,
+             10.64.136.0/24,
+             10.64.141.0/24,
+             10.64.152.0/24,
+             10.64.154.0/24,
+             10.64.156.0/24,
+             10.64.158.0/24,
+             10.64.16.0/22,
+             10.64.160.0/24,
+             10.64.162.0/24,
+             10.64.164.0/24,
+             10.64.166.0/24,
+             10.64.169.0/24,
+             10.64.171.0/24,
+             10.64.173.0/24,
+             10.64.175.0/24,
+             10.64.177.0/24,
+             10.64.179.0/24,
+             10.64.181.0/24,
+             10.64.183.0/24,
+             10.64.185.0/24,
+             10.64.187.0/24,
+             10.64.189.0/24,
+             10.64.32.0/22,
+             10.64.48.0/22,
+             10.192.0.0/22,
+             10.192.10.0/24,
+             10.192.11.0/24,
+             10.192.12.0/24,
+             10.192.13.0/24,
+             10.192.14.0/24,
+             10.192.15.0/24,
+             10.192.16.0/22,
+             10.192.21.0/24,
+             10.192.22.0/24,
+             10.192.23.0/24,
+             10.192.26.0/24,
+             10.192.27.0/24,
+             10.192.28.0/24,
+             10.192.29.0/24,
+             10.192.30.0/24,
+             10.192.31.0/24,
+             10.192.32.0/22,
+             10.192.36.0/24,
+             10.192.37.0/24,
+             10.192.38.0/24,
+             10.192.39.0/24,
+             10.192.4.0/24,
+             10.192.40.0/24,
+             10.192.41.0/24,
+             10.192.42.0/24,
+             10.192.43.0/24,
+             10.192.44.0/24,
+             10.192.45.0/24,
+             10.192.46.0/24,
+             10.192.47.0/24,
+             10.192.48.0/22,
+             10.192.5.0/24,
+             10.192.52.0/24,
+             10.192.56.0/24,
+             10.192.57.0/24,
+             10.192.58.0/24,
+             10.192.59.0/24,
+             10.192.6.0/24,
+             10.192.7.0/24,
+             10.192.8.0/24,
+             10.192.9.0/24,
+             10.192.64.0/21,
+             10.192.96.0/21,
+             10.194.128.0/17,
+             10.194.16.0/21,
+             10.194.61.0/24,
+             10.194.80.0/21,
+             10.64.64.0/21,
+             10.67.128.0/17,
+             10.67.16.0/21,
+             10.67.24.0/21,
+             10.67.80.0/21,
+             208.80.154.0/26,
+             208.80.154.128/26,
+             208.80.154.64/26,
+             208.80.155.96/27,
+             208.80.153.0/27,
+             208.80.153.32/27,
+             208.80.153.64/27,
+             208.80.153.96/27
+    }
+}

Nftables::Set[INTERNAL]

Parameters differences:

--- Nftables::Set[INTERNAL].orig
+++ Nftables::Set[INTERNAL]

+    ensure => present
+    hosts  => ['10.0.0.0/8', '2620:0:860:100::/56', '2620:0:861:100::/56', '2620:0:863:100::/56', '2a02:ec80:300:100::/56', '2a02:ec80:600:100::/56', '2a02:ec80:700:100::/56', '2001:df2:e500:100::/56', '2a02:ec80:ff00:100::/56']

File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/LABS_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/LABS_NETWORKS_ipv4.nft
@@ -0,0 +1,27 @@
+# Autogenerated by puppet
+set LABS_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 172.16.0.0/21,
+             172.16.128.0/24,
+             172.16.129.0/24,
+             172.16.130.0/24,
+             172.16.131.0/24,
+             172.16.16.0/21,
+             172.16.24.0/24,
+             172.16.8.0/21,
+             172.20.1.0/24,
+             172.20.2.0/24,
+             172.20.254.0/24,
+             172.20.255.0/24,
+             172.20.3.0/24,
+             172.20.4.0/24,
+             172.20.5.0/24,
+             185.15.56.0/25,
+             185.15.56.160/28,
+             185.15.57.0/29,
+             185.15.57.16/29,
+             185.15.57.24/29
+    }
+}

Systemd::Unit[ferm-ferm-service-status-restart]

Parameters differences:

--- Systemd::Unit[ferm-ferm-service-status-restart].orig
+++ Systemd::Unit[ferm-ferm-service-status-restart]

-    require           => ['Class[Systemd]']
-    override          => True
-    ensure            => present
-    restart           => False
-    unit              => ferm
-    override_filename => ferm-service-status-restart
-    source            => puppet:///modules/ferm/ferm_systemd_override

Systemd::Timer::Job[prometheus-node-textfile-check-nft]

Parameters differences:

--- Systemd::Timer::Job[prometheus-node-textfile-check-nft].orig
+++ Systemd::Timer::Job[prometheus-node-textfile-check-nft]

+    logfile_group             => root
+    description               => Systemd timer to gather node metrics for check-nft
+    monitoring_enabled        => False
+    interval                  => {'start': 'OnCalendar', 'interval': '*:0/30'}
+    syslog_force_stop         => True
+    send_mail_only_on_error   => True
+    send_mail                 => False
+    ignore_errors             => False
+    user                      => root
+    command                   => /usr/local/bin/check-nft
+    syslog_match_startswith   => True
+    monitoring_contact_groups => admins
+    send_mail_to              => root@pki2002.codfw.wmnet
+    logfile_basedir           => /var/log
+    success_exit_status       => []
+    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+    fixed_random_delay        => False
+    logging_enabled           => True
+    ensure                    => present
+    logfile_name              => syslog.log
+    private_tmp               => False
+    environment               => {}
+    logfile_perms             => all

Confd::File[/etc/ferm/conf.d/00_defs_requestctl]

Parameters differences:

--- Confd::File[/etc/ferm/conf.d/00_defs_requestctl].orig
+++ Confd::File[/etc/ferm/conf.d/00_defs_requestctl]

@@
-    ensure => present
+    ensure => absent

Ferm::Service[ssh_from_cumin_masters]

Parameters differences:

--- Ferm::Service[ssh_from_cumin_masters].orig
+++ Ferm::Service[ssh_from_cumin_masters]

-    port                => 22
-    notrack             => False
-    prio                => 10
-    ensure              => present
-    unrestricted_access => False
-    src_sets            => ['CUMIN_MASTERS']
-    proto               => tcp
-    desc                =>

File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf]

Parameters differences:

--- File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf].orig
+++ File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf]

-    group  => root
-    mode   => 0444
-    notify => Service[rsyslog]
-    ensure => present
-    owner  => root

Content differences:

--- /etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf.orig
+++ /etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf
@@ -1,10 +0,0 @@
-# rsyslog.conf(5) configuration file for services.
-# This file is managed by Puppet.
-if $programname startswith "wmf_auto_restart_ulogd2" then {
-    action(
-        type="omfile" file="/var/log/wmf_auto_restart_ulogd2/syslog.log"
-        fileOwner="root" fileGroup="root"
-        fileCreateMode="0644"
-    )
-    & stop
-}

Systemd::Syslog[wmf_auto_restart_ulogd2]

Parameters differences:

--- Systemd::Syslog[wmf_auto_restart_ulogd2].orig
+++ Systemd::Syslog[wmf_auto_restart_ulogd2]

-    base_dir               => /var/log
-    readable_by            => all
-    ensure                 => present
-    log_filename           => syslog.log
-    force_stop             => True
-    group                  => root
-    owner                  => root
-    programname_comparison => startswith

File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/INSTALL_HOSTS_ipv6.nft.orig
+++ /etc/nftables/sets/INSTALL_HOSTS_ipv6.nft
@@ -0,0 +1,12 @@
+# Autogenerated by puppet
+set INSTALL_HOSTS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:2:208:80:154:134,
+             2620:0:860:3:208:80:153:70,
+             2a02:ec80:300:3:185:15:59:101,
+             2620:0:863:3:198:35:26:98,
+             2001:df2:e500:1:103:102:166:11,
+             2a02:ec80:600:1:185:15:58:7,
+             2a02:ec80:700:3:195:200:68:100
+    }
+}

File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft.orig
+++ /etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft
@@ -0,0 +1,15 @@
+# Autogenerated by puppet
+set KAFKA_BROKERS_MAIN_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:860:106:10:192:5:9,
+             2620:0:860:112:10:192:22:6,
+             2620:0:860:103:10:192:32:4,
+             2620:0:860:104:10:192:48:33,
+             2620:0:860:104:10:192:48:35,
+             2620:0:861:101:10:64:0:101,
+             2620:0:861:102:10:64:16:30,
+             2620:0:861:103:10:64:32:45,
+             2620:0:861:107:10:64:48:37,
+             2620:0:861:120:10:64:152:5
+    }
+}

Nftables::Set[ANALYTICS_NETWORKS]

Parameters differences:

--- Nftables::Set[ANALYTICS_NETWORKS].orig
+++ Nftables::Set[ANALYTICS_NETWORKS]

+    ensure => present
+    hosts  => ['10.64.137.0/24', '10.64.138.0/24', '10.64.139.0/24', '10.64.140.0/24', '10.64.142.0/24', '10.64.143.0/24', '10.64.144.0/24', '10.64.145.0/24', '10.64.153.0/24', '10.64.155.0/24', '10.64.157.0/24', '10.64.159.0/24', '10.64.161.0/24', '10.64.163.0/24', '10.64.165.0/24', '10.64.167.0/24', '10.64.170.0/24', '10.64.172.0/24', '10.64.174.0/24', '10.64.176.0/24', '10.64.178.0/24', '10.64.180.0/24', '10.64.182.0/24', '10.64.184.0/24', '10.64.186.0/24', '10.64.188.0/24', '10.64.190.0/24', '10.64.21.0/24', '10.64.36.0/24', '10.64.5.0/24', '10.64.53.0/24', '2620:0:861:100::/64', '2620:0:861:104::/64', '2620:0:861:105::/64', '2620:0:861:106::/64', '2620:0:861:108::/64', '2620:0:861:110::/64', '2620:0:861:111::/64', '2620:0:861:112::/64', '2620:0:861:114::/64', '2620:0:861:115::/64', '2620:0:861:116::/64', '2620:0:861:117::/64', '2620:0:861:11a::/64', '2620:0:861:121::/64', '2620:0:861:123::/64', '2620:0:861:125::/64', '2620:0:861:127::/64', '2620:0:861:129::/64', '2620:0:861:12b::/64', '2620:0:861:12d::/64', '2620:0:861:12f::/64', '2620:0:861:132::/64', '2620:0:861:134::/64', '2620:0:861:136::/64', '2620:0:861:138::/64', '2620:0:861:13a::/64', '2620:0:861:13c::/64', '2620:0:861:13e::/64', '2620:0:861:141::/64', '2620:0:861:143::/64', '2620:0:861:145::/64']

Ferm::Service[full_monitoring_metrics_access_udp]

Parameters differences:

--- Ferm::Service[full_monitoring_metrics_access_udp].orig
+++ Ferm::Service[full_monitoring_metrics_access_udp]

-    notrack             => False
-    srange              => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']
-    prio                => 10
-    ensure              => present
-    port_range          => [1, 65535]
-    unrestricted_access => False
-    proto               => udp
-    desc                =>

Nftables::Set[AUX_KUBEPODS_NETWORKS]

Parameters differences:

--- Nftables::Set[AUX_KUBEPODS_NETWORKS].orig
+++ Nftables::Set[AUX_KUBEPODS_NETWORKS]

+    ensure => present
+    hosts  => ['10.67.80.0/21', '2620:0:861:305::/64', '10.194.80.0/21', '2620:0:860:305::/64']

Systemd::Service[nrpe2nodexp-ferm_active]

Parameters differences:

--- Systemd::Service[nrpe2nodexp-ferm_active].orig
+++ Systemd::Service[nrpe2nodexp-ferm_active]

-    monitoring_enabled       => False
-    migration_task           => T407130
-    ensure                   => present
-    restart                  => False
-    monitoring_critical      => False
-    require                  => Systemd::Unit[nrpe2nodexp-ferm_active.service]
-    override                 => False
-    monitoring_contact_group => admins
-    service_params           => {}
-    unit_type                => timer

File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft.orig
+++ /etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set KAFKAMON_HOSTS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:103:10:64:32:11,
+             2620:0:860:102:10:192:16:139
+    }
+}

Ferm::Rule[drop-blocked-nets]

Parameters differences:

--- Ferm::Rule[drop-blocked-nets].orig
+++ Ferm::Rule[drop-blocked-nets]

-    prio   => 01
-    desc   => drop abuse/blocked_nets.yaml defined in the requestctl private repo
-    domain => (ip ip6)
-    ensure => present
-    table  => filter
-    rule   => saddr $BLOCKED_NETS DROP;
-    chain  => INPUT

Class[Nftables]

Parameters differences:

--- Class[Nftables].orig
+++ Class[Nftables]

+    ensure => present

Systemd::Override[ferm-service-status-restart]

Parameters differences:

--- Systemd::Override[ferm-service-status-restart].orig
+++ Systemd::Override[ferm-service-status-restart]

-    ensure  => present
-    unit    => ferm
-    restart => False
-    source  => puppet:///modules/ferm/ferm_systemd_override

Ferm::Service[csr_and_ocsp_responder]

Parameters differences:

--- Ferm::Service[csr_and_ocsp_responder].orig
+++ Ferm::Service[csr_and_ocsp_responder]

-    port                => 80
-    notrack             => False
-    prio                => 10
-    ensure              => present
-    unrestricted_access => False
-    src_sets            => ['DOMAIN_NETWORKS', 'MGMT_NETWORKS']
-    proto               => tcp
-    desc                =>

File[/etc/logrotate.d/ulogd]

Parameters differences:

--- File[/etc/logrotate.d/ulogd].orig
+++ File[/etc/logrotate.d/ulogd]

-    ensure => present
-    owner  => root
-    mode   => 0444
-    group  => root

Content differences:

--- /etc/logrotate.d/ulogd.orig
+++ /etc/logrotate.d/ulogd
@@ -1,12 +0,0 @@
-# logrotate(8) config for ulogd
-
-/var/log/ulogd/*.log {
-    daily
-    copytruncate
-    missingok
-    compress
-    delaycompress
-    notifempty
-    rotate 15
-    size 256M
-}

File[/etc/nftables/input/10_multirootca tls termination.nft]

Parameters differences:

--- File[/etc/nftables/input/10_multirootca tls termination.nft].orig
+++ File[/etc/nftables/input/10_multirootca tls termination.nft]

+    group   => root
+    mode    => 0444
+    require => ['Nftables::Set[DOMAIN_NETWORKS]']
+    notify  => ['Service[nftables]']
+    ensure  => present
+    owner   => root
+    tag     => nft

Content differences:

--- /etc/nftables/input/10_multirootca tls termination.nft.orig
+++ /etc/nftables/input/10_multirootca tls termination.nft
@@ -0,0 +1,4 @@
+# Managed by puppet
+# 
+ip saddr @DOMAIN_NETWORKS_ipv4 tcp dport { 443 } accept
+ip6 saddr @DOMAIN_NETWORKS_ipv6 tcp dport { 443 } accept

File[/etc/nftables/input/10_multirootca-tls-termination-for-cfssl-issuer-k8s-pods.nft]

Parameters differences:

--- File[/etc/nftables/input/10_multirootca-tls-termination-for-cfssl-issuer-k8s-pods.nft].orig
+++ File[/etc/nftables/input/10_multirootca-tls-termination-for-cfssl-issuer-k8s-pods.nft]

+    group   => root
+    mode    => 0444
+    require => ['Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]', 'Nftables::Set[STAGING_KUBEPODS_NETWORKS]', 'Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]', 'Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]', 'Nftables::Set[DSE_KUBEPODS_NETWORKS]', 'Nftables::Set[AUX_KUBEPODS_NETWORKS]']
+    notify  => ['Service[nftables]']
+    ensure  => present
+    owner   => root
+    tag     => nft

Content differences:

--- /etc/nftables/input/10_multirootca-tls-termination-for-cfssl-issuer-k8s-pods.nft.orig
+++ /etc/nftables/input/10_multirootca-tls-termination-for-cfssl-issuer-k8s-pods.nft
@@ -0,0 +1,14 @@
+# Managed by puppet
+# 
+ip saddr @AUX_KUBEPODS_NETWORKS_ipv4 tcp dport { 8443 } accept
+ip saddr @DSE_KUBEPODS_NETWORKS_ipv4 tcp dport { 8443 } accept
+ip saddr @MLSERVE_KUBEPODS_NETWORKS_ipv4 tcp dport { 8443 } accept
+ip saddr @MLSTAGE_KUBEPODS_NETWORKS_ipv4 tcp dport { 8443 } accept
+ip saddr @STAGING_KUBEPODS_NETWORKS_ipv4 tcp dport { 8443 } accept
+ip saddr @WIKIKUBE_KUBEPODS_NETWORKS_ipv4 tcp dport { 8443 } accept
+ip6 saddr @AUX_KUBEPODS_NETWORKS_ipv6 tcp dport { 8443 } accept
+ip6 saddr @DSE_KUBEPODS_NETWORKS_ipv6 tcp dport { 8443 } accept
+ip6 saddr @MLSERVE_KUBEPODS_NETWORKS_ipv6 tcp dport { 8443 } accept
+ip6 saddr @MLSTAGE_KUBEPODS_NETWORKS_ipv6 tcp dport { 8443 } accept
+ip6 saddr @STAGING_KUBEPODS_NETWORKS_ipv6 tcp dport { 8443 } accept
+ip6 saddr @WIKIKUBE_KUBEPODS_NETWORKS_ipv6 tcp dport { 8443 } accept

Nftables::Set[LABS_NETWORKS]

Parameters differences:

--- Nftables::Set[LABS_NETWORKS].orig
+++ Nftables::Set[LABS_NETWORKS]

+    ensure => present
+    hosts  => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64']

File[/etc/ferm/conf.d/10_multirootca_tls_termination]

Parameters differences:

--- File[/etc/ferm/conf.d/10_multirootca_tls_termination].orig
+++ File[/etc/ferm/conf.d/10_multirootca_tls_termination]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/10_multirootca_tls_termination.orig
+++ /etc/ferm/conf.d/10_multirootca_tls_termination
@@ -1,6 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 
-&R_SERVICE(tcp, 443, $DOMAIN_NETWORKS);
-
-

Ferm::Service[multirootca_tls_termination_for_cfssl_issuer_k8s_pods]

Parameters differences:

--- Ferm::Service[multirootca_tls_termination_for_cfssl_issuer_k8s_pods].orig
+++ Ferm::Service[multirootca_tls_termination_for_cfssl_issuer_k8s_pods]

-    port                => 8443
-    notrack             => False
-    prio                => 10
-    ensure              => present
-    unrestricted_access => False
-    src_sets            => ['WIKIKUBE_KUBEPODS_NETWORKS', 'STAGING_KUBEPODS_NETWORKS', 'MLSERVE_KUBEPODS_NETWORKS', 'MLSTAGE_KUBEPODS_NETWORKS', 'DSE_KUBEPODS_NETWORKS', 'AUX_KUBEPODS_NETWORKS']
-    proto               => tcp
-    desc                =>

File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/BASTION_HOSTS_ipv4.nft.orig
+++ /etc/nftables/sets/BASTION_HOSTS_ipv4.nft
@@ -0,0 +1,12 @@
+# Autogenerated by puppet
+set BASTION_HOSTS_ipv4 {
+    type ipv4_addr
+    elements = { 208.80.154.7,
+             208.80.153.110,
+             185.15.59.99,
+             198.35.26.104,
+             103.102.166.103,
+             185.15.58.6,
+             195.200.68.99
+    }
+}

File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft
@@ -0,0 +1,13 @@
+# Autogenerated by puppet
+set SANDBOX_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2001:df2:e500:202::/64,
+             2620:0:860:201::/64,
+             2620:0:861:202::/64,
+             2620:0:863:201::/64,
+             2a02:ec80:300:202::/64,
+             2a02:ec80:700:201::/64
+    }
+}

Class[Firewall]

Parameters differences:

--- Class[Firewall].orig
+++ Class[Firewall]

@@
-    provider => ferm
+    provider => nftables

Rsyslog::Conf[ulogd]

Parameters differences:

--- Rsyslog::Conf[ulogd].orig
+++ Rsyslog::Conf[ulogd]

-    mode     => 0444
-    ensure   => present
-    priority => 40
-    require  => File[/var/log/ulogd]

File[/usr/local/lib/nagios/plugins/check_ferm]

Parameters differences:

--- File[/usr/local/lib/nagios/plugins/check_ferm].orig
+++ File[/usr/local/lib/nagios/plugins/check_ferm]

-    group   => root
-    mode    => 0555
-    require => File[/usr/local/lib/nagios/plugins/]
-    ensure  => file
-    owner   => root
-    tag     => nrpe::plugin
-    source  => puppet:///modules/base/firewall/check_ferm

File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set AUX_KUBEPODS_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:861:305::/64,
+             2620:0:860:305::/64
+    }
+}

File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl]

Parameters differences:

--- File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl].orig
+++ File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl]

@@
-    ensure => present
+    ensure => absent

File[/etc/ferm/conf.d/01_drop-blocked-nets]

Parameters differences:

--- File[/etc/ferm/conf.d/01_drop-blocked-nets].orig
+++ File[/etc/ferm/conf.d/01_drop-blocked-nets]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/01_drop-blocked-nets.orig
+++ /etc/ferm/conf.d/01_drop-blocked-nets
@@ -1,11 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 01_drop-blocked-nets: drop abuse/blocked_nets.yaml defined in the requestctl private repo
-
-domain (ip ip6) {
-	table filter {
-		chain INPUT {
-			saddr $BLOCKED_NETS DROP;
-		}
-	}
-}

Nftables::Set[CLOUD_NETWORKS]

Parameters differences:

--- Nftables::Set[CLOUD_NETWORKS].orig
+++ Nftables::Set[CLOUD_NETWORKS]

+    ensure => present
+    hosts  => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64']

File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft
@@ -0,0 +1,27 @@
+# Autogenerated by puppet
+set CLOUD_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 172.16.0.0/21,
+             172.16.128.0/24,
+             172.16.129.0/24,
+             172.16.130.0/24,
+             172.16.131.0/24,
+             172.16.16.0/21,
+             172.16.24.0/24,
+             172.16.8.0/21,
+             172.20.1.0/24,
+             172.20.2.0/24,
+             172.20.254.0/24,
+             172.20.255.0/24,
+             172.20.3.0/24,
+             172.20.4.0/24,
+             172.20.5.0/24,
+             185.15.56.0/25,
+             185.15.56.160/28,
+             185.15.57.0/29,
+             185.15.57.16/29,
+             185.15.57.24/29
+    }
+}

Ferm::Service[ssh_from_bastion]

Parameters differences:

--- Ferm::Service[ssh_from_bastion].orig
+++ Ferm::Service[ssh_from_bastion]

-    port                => 22
-    notrack             => False
-    srange              => ['208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.103', '2001:df2:e500:3:103:102:166:103', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']
-    prio                => 10
-    ensure              => present
-    unrestricted_access => False
-    proto               => tcp
-    desc                =>

File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft].orig
+++ File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/LINK_LOCAL_ipv6.nft.orig
+++ /etc/nftables/sets/LINK_LOCAL_ipv6.nft
@@ -0,0 +1,8 @@
+# Autogenerated by puppet
+set LINK_LOCAL_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { fe80::/10
+    }
+}

File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft
@@ -0,0 +1,183 @@
+# Autogenerated by puppet
+set DOMAIN_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2001:df2:e500:101::/64,
+             2001:df2:e500:103::/64,
+             2001:df2:e500:1::/64,
+             2001:df2:e500:3::/64,
+             2001:df2:e500:ed1a::/64,
+             2620:0:860:100::/64,
+             2620:0:860:101::/64,
+             2620:0:860:102::/64,
+             2620:0:860:103::/64,
+             2620:0:860:104::/64,
+             2620:0:860:105::/64,
+             2620:0:860:106::/64,
+             2620:0:860:107::/64,
+             2620:0:860:108::/64,
+             2620:0:860:109::/64,
+             2620:0:860:10a::/64,
+             2620:0:860:10b::/64,
+             2620:0:860:10c::/64,
+             2620:0:860:10d::/64,
+             2620:0:860:10e::/64,
+             2620:0:860:10f::/64,
+             2620:0:860:110::/64,
+             2620:0:860:111::/64,
+             2620:0:860:112::/64,
+             2620:0:860:113::/64,
+             2620:0:860:114::/64,
+             2620:0:860:115::/64,
+             2620:0:860:116::/64,
+             2620:0:860:118::/64,
+             2620:0:860:119::/64,
+             2620:0:860:11a::/64,
+             2620:0:860:11b::/64,
+             2620:0:860:11c::/64,
+             2620:0:860:11d::/64,
+             2620:0:860:11e::/64,
+             2620:0:860:11f::/64,
+             2620:0:860:120::/64,
+             2620:0:860:121::/64,
+             2620:0:860:122::/64,
+             2620:0:860:123::/64,
+             2620:0:860:124::/64,
+             2620:0:860:125::/64,
+             2620:0:860:126::/64,
+             2620:0:860:127::/64,
+             2620:0:860:12b::/64,
+             2620:0:860:12c::/64,
+             2620:0:860:12d::/64,
+             2620:0:860:12e::/64,
+             2620:0:860:140::/64,
+             2620:0:860:1::/64,
+             2620:0:860:2::/64,
+             2620:0:860:300::/64,
+             2620:0:860:301::/64,
+             2620:0:860:302::/64,
+             2620:0:860:303::/64,
+             2620:0:860:304::/64,
+             2620:0:860:305::/64,
+             2620:0:860:307::/64,
+             2620:0:860:308::/64,
+             2620:0:860:3::/64,
+             2620:0:860:4::/64,
+             2620:0:860:5::/64,
+             2620:0:860:babe::/64,
+             2620:0:860:babf::/64,
+             2620:0:860:cabe::/64,
+             2620:0:860:cabf::/64,
+             2620:0:860:ed1a::/64,
+             2620:0:861:100::/64,
+             2620:0:861:101::/64,
+             2620:0:861:102::/64,
+             2620:0:861:103::/64,
+             2620:0:861:104::/64,
+             2620:0:861:105::/64,
+             2620:0:861:106::/64,
+             2620:0:861:107::/64,
+             2620:0:861:108::/64,
+             2620:0:861:109::/64,
+             2620:0:861:10a::/64,
+             2620:0:861:10b::/64,
+             2620:0:861:10c::/64,
+             2620:0:861:10d::/64,
+             2620:0:861:10e::/64,
+             2620:0:861:10f::/64,
+             2620:0:861:110::/64,
+             2620:0:861:111::/64,
+             2620:0:861:112::/64,
+             2620:0:861:113::/64,
+             2620:0:861:114::/64,
+             2620:0:861:115::/64,
+             2620:0:861:116::/64,
+             2620:0:861:117::/64,
+             2620:0:861:118::/64,
+             2620:0:861:119::/64,
+             2620:0:861:11a::/64,
+             2620:0:861:11c::/64,
+             2620:0:861:11d::/64,
+             2620:0:861:11e::/64,
+             2620:0:861:11f::/64,
+             2620:0:861:120::/64,
+             2620:0:861:121::/64,
+             2620:0:861:122::/64,
+             2620:0:861:123::/64,
+             2620:0:861:124::/64,
+             2620:0:861:125::/64,
+             2620:0:861:126::/64,
+             2620:0:861:127::/64,
+             2620:0:861:128::/64,
+             2620:0:861:129::/64,
+             2620:0:861:12a::/64,
+             2620:0:861:12b::/64,
+             2620:0:861:12c::/64,
+             2620:0:861:12d::/64,
+             2620:0:861:12e::/64,
+             2620:0:861:12f::/64,
+             2620:0:861:131::/64,
+             2620:0:861:132::/64,
+             2620:0:861:133::/64,
+             2620:0:861:134::/64,
+             2620:0:861:135::/64,
+             2620:0:861:136::/64,
+             2620:0:861:137::/64,
+             2620:0:861:138::/64,
+             2620:0:861:139::/64,
+             2620:0:861:13a::/64,
+             2620:0:861:13b::/64,
+             2620:0:861:13c::/64,
+             2620:0:861:13d::/64,
+             2620:0:861:13e::/64,
+             2620:0:861:13f::/64,
+             2620:0:861:140::/64,
+             2620:0:861:141::/64,
+             2620:0:861:142::/64,
+             2620:0:861:143::/64,
+             2620:0:861:144::/64,
+             2620:0:861:145::/64,
+             2620:0:861:1::/64,
+             2620:0:861:2::/64,
+             2620:0:861:300::/64,
+             2620:0:861:301::/116,
+             2620:0:861:302::/64,
+             2620:0:861:303::/116,
+             2620:0:861:304::/116,
+             2620:0:861:305::/64,
+             2620:0:861:3::/64,
+             2620:0:861:4::/64,
+             2620:0:861:babe::/64,
+             2620:0:861:babf::/116,
+             2620:0:861:cabe::/64,
+             2620:0:861:cabf::/116,
+             2620:0:861:ed1a::/64,
+             2620:0:863:101::/64,
+             2620:0:863:102::/64,
+             2620:0:863:103::/64,
+             2620:0:863:1::/64,
+             2620:0:863:2::/64,
+             2620:0:863:3::/64,
+             2620:0:863:ed1a::/64,
+             2a02:ec80:300:101::/64,
+             2a02:ec80:300:102::/64,
+             2a02:ec80:300:103::/64,
+             2a02:ec80:300:1::/64,
+             2a02:ec80:300:2::/64,
+             2a02:ec80:300:3::/64,
+             2a02:ec80:300:ed1a::/64,
+             2a02:ec80:600:101::/64,
+             2a02:ec80:600:102::/64,
+             2a02:ec80:600:1::/64,
+             2a02:ec80:600:2::/64,
+             2a02:ec80:600:ed1a::/64,
+             2a02:ec80:700:101::/64,
+             2a02:ec80:700:102::/64,
+             2a02:ec80:700:103::/64,
+             2a02:ec80:700:1::/64,
+             2a02:ec80:700:2::/64,
+             2a02:ec80:700:3::/64,
+             2a02:ec80:700:ed1a::/64
+    }
+}

Package[iptables]

Parameters differences:

--- Package[iptables].orig
+++ Package[iptables]

@@
-    ensure => installed
+    ensure => absent

File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft.orig
+++ /etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft
@@ -0,0 +1,15 @@
+# Autogenerated by puppet
+set KAFKA_BROKERS_LOGGING_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.16.205,
+             10.64.133.11,
+             10.64.183.12,
+             10.64.131.13,
+             10.64.135.13,
+             10.192.23.29,
+             10.192.11.28,
+             10.192.26.22,
+             10.192.11.27,
+             10.192.39.25
+    }
+}

File[/etc/ferm/conf.d/10_ssh_from_cumin_masters]

Parameters differences:

--- File[/etc/ferm/conf.d/10_ssh_from_cumin_masters].orig
+++ File[/etc/ferm/conf.d/10_ssh_from_cumin_masters]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/10_ssh_from_cumin_masters.orig
+++ /etc/ferm/conf.d/10_ssh_from_cumin_masters
@@ -1,6 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 
-&R_SERVICE(tcp, 22, $CUMIN_MASTERS);
-
-

File[/etc/logrotate.d/prometheus-node-textfile-check-nft]

Parameters differences:

--- File[/etc/logrotate.d/prometheus-node-textfile-check-nft].orig
+++ File[/etc/logrotate.d/prometheus-node-textfile-check-nft]

+    ensure => present
+    owner  => root
+    mode   => 0444
+    group  => root

Content differences:

--- /etc/logrotate.d/prometheus-node-textfile-check-nft.orig
+++ /etc/logrotate.d/prometheus-node-textfile-check-nft
@@ -0,0 +1,12 @@
+# logrotate(8) config for prometheus-node-textfile-check-nft
+
+/var/log/prometheus-node-textfile-check-nft/*.log {
+    daily
+    copytruncate
+    missingok
+    compress
+    delaycompress
+    notifempty
+    rotate 15
+    size 256M
+}

Class[Profile::Firewall::Log::Ferm]

Parameters differences:

--- Class[Profile::Firewall::Log::Ferm].orig
+++ Class[Profile::Firewall::Log::Ferm]

-    log_burst     => 5
-    log_rate      => 1/second
-    separate_file => True

Class[Ferm]

Parameters differences:

--- Class[Ferm].orig
+++ Class[Ferm]

@@
-    ensure => present
+    ensure => absent

Nftables::Set[BASTION_HOSTS]

Parameters differences:

--- Nftables::Set[BASTION_HOSTS].orig
+++ Nftables::Set[BASTION_HOSTS]

+    ensure => present
+    hosts  => ['208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.103', '2001:df2:e500:3:103:102:166:103', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']

File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer]

Parameters differences:

--- File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer].orig
+++ File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer]

-    group  => root
-    mode   => 0444
-    notify => Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]
-    ensure => present
-    owner  => root

Content differences:

--- /lib/systemd/system/wmf_auto_restart_ulogd2.timer.orig
+++ /lib/systemd/system/wmf_auto_restart_ulogd2.timer
@@ -1,12 +0,0 @@
-[Unit]
-Description=Periodic execution of wmf_auto_restart_ulogd2.service
-
-[Timer]
-Unit=wmf_auto_restart_ulogd2.service
-# Accuracy sets the maximum time interval around the execution time we want to allow
-AccuracySec=15sec
-OnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 4:8:00
-RandomizedDelaySec=0
-
-[Install]
-WantedBy=multi-user.target

File[/etc/ferm/conf.d/98_log-everything]

Parameters differences:

--- File[/etc/ferm/conf.d/98_log-everything].orig
+++ File[/etc/ferm/conf.d/98_log-everything]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/98_log-everything.orig
+++ /etc/ferm/conf.d/98_log-everything
@@ -1,11 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 98_log-everything: 
-
-domain (ip ip6) {
-	table filter {
-		chain INPUT {
-			NFLOG mod limit limit 1/second limit-burst 5 nflog-prefix "[fw-in-drop]";
-		}
-	}
-}

Nftables::Set[ZOOKEEPER_HOSTS_MAIN]

Parameters differences:

--- Nftables::Set[ZOOKEEPER_HOSTS_MAIN].orig
+++ Nftables::Set[ZOOKEEPER_HOSTS_MAIN]

+    ensure => present
+    hosts  => ['10.64.0.207', '2620:0:861:101:10:64:0:207', '10.64.16.110', '2620:0:861:102:10:64:16:110', '10.64.48.154', '2620:0:861:107:10:64:48:154', '10.192.16.45', '2620:0:860:102:10:192:16:45', '10.192.32.52', '2620:0:860:103:10:192:32:52', '10.192.48.59', '2620:0:860:104:10:192:48:59']

File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft].orig
+++ File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft.orig
+++ /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft
@@ -0,0 +1,11 @@
+# Autogenerated by puppet
+set ZOOKEEPER_HOSTS_MAIN_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.0.207,
+             10.64.16.110,
+             10.64.48.154,
+             10.192.16.45,
+             10.192.32.52,
+             10.192.48.59
+    }
+}

File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set MLSERVE_KUBEPODS_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.67.16.0/21,
+             10.194.16.0/21
+    }
+}

Systemd::Timer::Job[wmf_auto_restart_ulogd2]

Parameters differences:

--- Systemd::Timer::Job[wmf_auto_restart_ulogd2].orig
+++ Systemd::Timer::Job[wmf_auto_restart_ulogd2]

-    logfile_group             => root
-    description               => Auto restart job: ulogd2
-    monitoring_enabled        => False
-    interval                  => {'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 4:8:00'}
-    syslog_force_stop         => True
-    send_mail_only_on_error   => True
-    send_mail                 => False
-    ignore_errors             => False
-    user                      => root
-    command                   => /usr/local/sbin/wmf-auto-restart -s ulogd2
-    syslog_match_startswith   => True
-    require                   => File[/usr/local/sbin/wmf-auto-restart]
-    send_mail_to              => root@pki2002.codfw.wmnet
-    monitoring_contact_groups => admins
-    logfile_basedir           => /var/log
-    success_exit_status       => []
-    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
-    fixed_random_delay        => False
-    logging_enabled           => True
-    ensure                    => present
-    logfile_name              => syslog.log
-    private_tmp               => False
-    environment               => {}
-    logfile_perms             => all

File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft
@@ -0,0 +1,20 @@
+# Autogenerated by puppet
+set CLOUD_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2a02:ec80:a000:100::/64,
+             2a02:ec80:a000:1::/64,
+             2a02:ec80:a000:201::/64,
+             2a02:ec80:a000:202::/64,
+             2a02:ec80:a000:203::/64,
+             2a02:ec80:a000:204::/64,
+             2a02:ec80:a000:2ff::/64,
+             2a02:ec80:a000:4000::/64,
+             2a02:ec80:a100:100::/64,
+             2a02:ec80:a100:1::/64,
+             2a02:ec80:a100:205::/64,
+             2a02:ec80:a100:2ff::/64,
+             2a02:ec80:a100:4000::/64
+    }
+}

File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft
@@ -0,0 +1,8 @@
+# Autogenerated by puppet
+set MLSTAGE_KUBEPODS_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.194.61.0/24
+    }
+}

File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/FRACK_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/FRACK_NETWORKS_ipv4.nft
@@ -0,0 +1,22 @@
+# Autogenerated by puppet
+set FRACK_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.195.0.0/27,
+             10.195.0.128/29,
+             10.195.0.32/27,
+             10.195.0.64/28,
+             10.195.0.80/29,
+             10.195.0.96/27,
+             10.195.1.0/25,
+             10.64.40.0/27,
+             10.64.40.160/27,
+             10.64.40.192/26,
+             10.64.40.32/27,
+             10.64.40.64/27,
+             10.64.40.96/27,
+             208.80.152.224/28,
+             208.80.155.0/27
+    }
+}

File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MONITORING_HOSTS_ipv6.nft.orig
+++ /etc/nftables/sets/MONITORING_HOSTS_ipv6.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set MONITORING_HOSTS_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:3:208:80:154:78,
+             2620:0:860:2:208:80:153:42
+    }
+}

Systemd::Timer[nrpe2nodexp-ferm_active]

Parameters differences:

--- Systemd::Timer[nrpe2nodexp-ferm_active].orig
+++ Systemd::Timer[nrpe2nodexp-ferm_active]

-    accuracy           => 15sec
-    unit_name          => nrpe2nodexp-ferm_active.service
-    fixed_random_delay => True
-    ensure             => present
-    splay              => 600
-    timer_intervals    => [{'start': 'OnUnitInactiveSec', 'interval': '10min'}, {'interval': '1s', 'start': 'OnActiveSec'}]

File[/var/log/ulogd]

Parameters differences:

--- File[/var/log/ulogd].orig
+++ File[/var/log/ulogd]

-    group  => root
-    mode   => 0755
-    force  => True
-    ensure => directory
-    owner  => root
-    backup => False

File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]

Parameters differences:

--- File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf].orig
+++ File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]

-    group  => root
-    mode   => 0444
-    notify => Service[rsyslog]
-    ensure => present
-    owner  => root

Content differences:

--- /etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf.orig
+++ /etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf
@@ -1,10 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-if $programname contains "nrpe2nodexp-ferm_active" then {
-    if ($msg contains "\"ecs.version\": \"1.7.0\"") then {
-        # Send logs to kafka
-        set $.log_outputs = "kafka ecs_170 local";
-    } else {
-        # Filter out non-relevant nrpe2nodexp messages
-        stop
-    }
-}

Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]

Parameters differences:

--- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)].orig
+++ Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]

-    command     => /bin/systemctl daemon-reload
-    refreshonly => True
-    before      => ['Service[nrpe2nodexp-ferm_active.timer]']

File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml]

Parameters differences:

--- File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml].orig
+++ File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml]

@@
-    ensure => present
+    ensure => absent

Class[Adduser]

Parameters differences:

--- Class[Adduser].orig
+++ Class[Adduser]

@@
-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[atop]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[apache2]', 'Package[links]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[python3-pymysql]', 'Package[python3-cryptography]']
+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[quickstack]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[atop]', 'Package[libpython2.7]', 'Package[libpython2.7-dev]', 'Package[libpython2.7-minimal]', 'Package[python2.7]', 'Package[libpython2.7-stdlib]', 'Package[python2.7-dev]', 'Package[python2.7-minimal]', 'Package[python2.7-dbg]', 'Package[python2.7-doc]', 'Package[python2.7-examples]', 'Package[libpython2.7-testsuite]', 'Package[intel-microcode]', 'Package[rasdaemon]', 'Package[libsnmp30]', 'Package[libdns-export1104]', 'Package[libdns1104]', 'Package[libisc-export1100]', 'Package[libisc1100]', 'Package[multiarch-support]', 'Package[libjson-c3]', 'Package[libpython3.7]', 'Package[libpython3.7-minimal]', 'Package[libpython3.7-stdlib]', 'Package[python3.7]', 'Package[python3.7-minimal]', 'Package[libevent-2.1-6]', 'Package[libwireshark11]', 'Package[libwiretap8]', 'Package[libwsutil9]', 'Package[libwscodecs2]', 'Package[libperl5.28]', 'Package[libmpdec2]', 'Package[perl-modules-5.28]', 'Package[libhogweed4]', 'Package[libnettle6]', 'Package[libprocps7]', 'Package[libip6tc0]', 'Package[libip4tc0]', 'Package[libiptc0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[apache2]', 'Package[links]', 'Package[ruby-sys-filesystem]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[python3-pymysql]', 'Package[python3-cryptography]']

File[/etc/nftables/]

Parameters differences:

--- File[/etc/nftables/].orig
+++ File[/etc/nftables/]

+    purge   => True
+    group   => root
+    recurse => True
+    ensure  => directory
+    owner   => root
+    path    => /etc/nftables

Nftables::Set[MONITORING_HOSTS]

Parameters differences:

--- Nftables::Set[MONITORING_HOSTS].orig
+++ Nftables::Set[MONITORING_HOSTS]

+    ensure => present
+    hosts  => ['208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']

Logrotate::Conf[ulogd]

Parameters differences:

--- Logrotate::Conf[ulogd].orig
+++ Logrotate::Conf[ulogd]

-    ensure => present

Nftables::Set[FRACK_NETWORKS]

Parameters differences:

--- Nftables::Set[FRACK_NETWORKS].orig
+++ Nftables::Set[FRACK_NETWORKS]

+    ensure => present
+    hosts  => ['10.195.0.0/27', '10.195.0.128/29', '10.195.0.32/27', '10.195.0.64/28', '10.195.0.80/29', '10.195.0.96/27', '10.195.1.0/25', '10.64.40.0/27', '10.64.40.160/27', '10.64.40.192/26', '10.64.40.32/27', '10.64.40.64/27', '10.64.40.96/27', '208.80.152.224/28', '208.80.155.0/27']

Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]

Parameters differences:

--- Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)].orig
+++ Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]

-    command     => /bin/systemctl daemon-reload
-    refreshonly => True
-    before      => ['Service[ferm]']

Nftables::Set[KAFKA_BROKERS_MAIN]

Parameters differences:

--- Nftables::Set[KAFKA_BROKERS_MAIN].orig
+++ Nftables::Set[KAFKA_BROKERS_MAIN]

+    ensure => present
+    hosts  => ['10.192.5.9', '2620:0:860:106:10:192:5:9', '10.192.22.6', '2620:0:860:112:10:192:22:6', '10.192.32.4', '2620:0:860:103:10:192:32:4', '10.192.48.33', '2620:0:860:104:10:192:48:33', '10.192.48.35', '2620:0:860:104:10:192:48:35', '10.64.0.101', '2620:0:861:101:10:64:0:101', '10.64.16.30', '2620:0:861:102:10:64:16:30', '10.64.32.45', '2620:0:861:103:10:64:32:45', '10.64.48.37', '2620:0:861:107:10:64:48:37', '10.64.152.5', '2620:0:861:120:10:64:152:5']

Nftables::Service[full-monitoring-metrics-access-tcp]

Parameters differences:

--- Nftables::Service[full-monitoring-metrics-access-tcp].orig
+++ Nftables::Service[full-monitoring-metrics-access-tcp]

+    notrack             => False
+    prio                => 10
+    ensure              => present
+    src_ips             => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']
+    port_range          => [1, 65535]
+    unrestricted_access => False
+    proto               => tcp
+    desc                =>

File[/etc/sudoers.d/nrpe-check_ferm_active]

Parameters differences:

--- File[/etc/sudoers.d/nrpe-check_ferm_active].orig
+++ File[/etc/sudoers.d/nrpe-check_ferm_active]

-    validate_cmd => /usr/sbin/visudo -cqf %
-    group        => root
-    mode         => 0440
-    require      => Package[nagios-nrpe-server]
-    ensure       => present
-    owner        => root

Content differences:

--- /etc/sudoers.d/nrpe-check_ferm_active.orig
+++ /etc/sudoers.d/nrpe-check_ferm_active
@@ -1,3 +0,0 @@
-# This file is managed by Puppet!
-
-nagios ALL = (root) NOPASSWD: /usr/local/lib/nagios/plugins/check_ferm

Ferm::Rule[dscp-default]

Parameters differences:

--- Ferm::Rule[dscp-default].orig
+++ Ferm::Rule[dscp-default]

-    chain  => POSTROUTING
-    prio   => 99
-    domain => (ip ip6)
-    ensure => present
-    table  => mangle
-    rule   => DSCP set-dscp-class CS0;
-    desc   =>

File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]

Parameters differences:

--- File[/lib/systemd/system/nrpe2nodexp-ferm_active.service].orig
+++ File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]

-    group  => root
-    mode   => 0444
-    notify => Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]
-    ensure => present
-    owner  => root

Content differences:

--- /lib/systemd/system/nrpe2nodexp-ferm_active.service.orig
+++ /lib/systemd/system/nrpe2nodexp-ferm_active.service
@@ -1,11 +0,0 @@
-[Unit]
-Description=execution of nrpe2nodexp for the check_ferm_active command.
-Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
-
-[Service]
-Type=oneshot
-User=nagios
-
-Group=prometheus-node-exporter
-SyslogIdentifier=nrpe2nodexp-ferm_active
-ExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash "bba0a2572329bb500b832470e08b381c" --timeout 10 --check-command "check_ferm_active"

File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MGMT_NETWORKS_ipv4.nft.orig
+++ /etc/nftables/sets/MGMT_NETWORKS_ipv4.nft
@@ -0,0 +1,14 @@
+# Autogenerated by puppet
+set MGMT_NETWORKS_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 10.65.0.0/16,
+             10.128.128.0/17,
+             10.193.0.0/16,
+             10.80.128.0/17,
+             10.132.128.0/17,
+             10.136.128.0/17,
+             10.140.128.0/17
+    }
+}

Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]

Parameters differences:

--- Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS].orig
+++ Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]

+    ensure => present
+    hosts  => ['10.194.61.0/24', '2620:0:860:302::/64']

Nftables::Service[ssh-from-cumin-masters]

Parameters differences:

--- Nftables::Service[ssh-from-cumin-masters].orig
+++ Nftables::Service[ssh-from-cumin-masters]

+    port                => 22
+    notrack             => False
+    prio                => 10
+    ensure              => present
+    unrestricted_access => False
+    src_sets            => ['CUMIN_MASTERS']
+    proto               => tcp
+    desc                =>

Nftables::Set[PROMETHEUS_HOSTS]

Parameters differences:

--- Nftables::Set[PROMETHEUS_HOSTS].orig
+++ Nftables::Set[PROMETHEUS_HOSTS]

+    ensure => present
+    hosts  => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet']

File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft].orig
+++ File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/LINK_LOCAL_ipv4.nft.orig
+++ /etc/nftables/sets/LINK_LOCAL_ipv4.nft
@@ -0,0 +1,8 @@
+# Autogenerated by puppet
+set LINK_LOCAL_ipv4 {
+    type ipv4_addr
+    flags interval
+    auto-merge
+    elements = { 169.254.0.0/16
+    }
+}

File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set MLSERVE_KUBEPODS_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:861:300::/64,
+             2620:0:860:300::/64
+    }
+}

File[/etc/ferm/conf.d/10_multirootca_tls_termination_for_cfssl_issuer_k8s_pods]

Parameters differences:

--- File[/etc/ferm/conf.d/10_multirootca_tls_termination_for_cfssl_issuer_k8s_pods].orig
+++ File[/etc/ferm/conf.d/10_multirootca_tls_termination_for_cfssl_issuer_k8s_pods]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/10_multirootca_tls_termination_for_cfssl_issuer_k8s_pods.orig
+++ /etc/ferm/conf.d/10_multirootca_tls_termination_for_cfssl_issuer_k8s_pods
@@ -1,6 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 
-&R_SERVICE(tcp, 8443, ($WIKIKUBE_KUBEPODS_NETWORKS $STAGING_KUBEPODS_NETWORKS $MLSERVE_KUBEPODS_NETWORKS $MLSTAGE_KUBEPODS_NETWORKS $DSE_KUBEPODS_NETWORKS $AUX_KUBEPODS_NETWORKS));
-
-

File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft.orig
+++ /etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft
@@ -0,0 +1,12 @@
+# Autogenerated by puppet
+set MYSQL_ROOT_CLIENTS_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.16.90,
+             10.192.16.191,
+             10.64.16.154,
+             10.192.32.49,
+             208.80.155.103,
+             208.80.154.9,
+             10.64.0.20
+    }
+}

File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft.orig
+++ /etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft
@@ -0,0 +1,9 @@
+# Autogenerated by puppet
+set PROMETHEUS_HOSTS_ipv4 {
+    type ipv4_addr
+    elements = { 10.192.16.75,
+             10.192.32.67,
+             10.192.9.11,
+             10.192.39.10
+    }
+}

Exec[unmask_nftables.service]

Parameters differences:

--- Exec[unmask_nftables.service].orig
+++ Exec[unmask_nftables.service]

+    command     => /bin/systemctl unmask nftables.service
+    refreshonly => False
+    onlyif      => /bin/readlink -f /etc/systemd/system/nftables.service | grep -q /dev/null

Nftables::Set[CUMIN_MASTERS]

Parameters differences:

--- Nftables::Set[CUMIN_MASTERS].orig
+++ Nftables::Set[CUMIN_MASTERS]

+    ensure => present
+    hosts  => ['10.64.16.154', '2620:0:861:102:10:64:16:154', '10.192.32.49', '2620:0:860:103:10:192:32:49']

Ferm::Rule[log-everything]

Parameters differences:

--- Ferm::Rule[log-everything].orig
+++ Ferm::Rule[log-everything]

-    chain  => INPUT
-    prio   => 98
-    domain => (ip ip6)
-    ensure => present
-    table  => filter
-    rule   => NFLOG mod limit limit 1/second limit-burst 5 nflog-prefix "[fw-in-drop]";
-    desc   =>

File[/etc/nftables/postrouting]

Parameters differences:

--- File[/etc/nftables/postrouting].orig
+++ File[/etc/nftables/postrouting]

+    purge   => True
+    group   => root
+    recurse => True
+    ensure  => directory
+    owner   => root

Package[ferm]

Parameters differences:

--- Package[ferm].orig
+++ Package[ferm]

@@
-    ensure => installed
+    ensure => purged

File[/etc/ferm/conf.d/98_filter_log_filter-bootp]

Parameters differences:

--- File[/etc/ferm/conf.d/98_filter_log_filter-bootp].orig
+++ File[/etc/ferm/conf.d/98_filter_log_filter-bootp]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/98_filter_log_filter-bootp.orig
+++ /etc/ferm/conf.d/98_filter_log_filter-bootp
@@ -1,11 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 98_filter_log_filter-bootp: 
-
-domain (ip ip6) {
-	table filter {
-		chain INPUT {
-			proto udp  daddr 255.255.255.255 sport 67 dport 68 DROP;
-		}
-	}
-}

File[/etc/systemd/system/nftables.service.d/puppet-override.conf]

Parameters differences:

--- File[/etc/systemd/system/nftables.service.d/puppet-override.conf].orig
+++ File[/etc/systemd/system/nftables.service.d/puppet-override.conf]

+    group  => root
+    mode   => 0444
+    notify => Exec[systemd daemon-reload for nftables.service (nftables)]
+    ensure => present
+    owner  => root

Content differences:

--- /etc/systemd/system/nftables.service.d/puppet-override.conf.orig
+++ /etc/systemd/system/nftables.service.d/puppet-override.conf
@@ -0,0 +1,5 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/nft -f /etc/nftables/main.nft
+ExecReload=
+ExecReload=/usr/sbin/nft -f /etc/nftables/main.nft

Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]

Parameters differences:

--- Nftables::Set[MLSERVE_KUBEPODS_NETWORKS].orig
+++ Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]

+    ensure => present
+    hosts  => ['10.67.16.0/21', '2620:0:861:300::/64', '10.194.16.0/21', '2620:0:860:300::/64']

Class[Ulogd]

Parameters differences:

--- Class[Ulogd].orig
+++ Class[Ulogd]

-    acct                => []
-    oprint_logfile      => /var/log/ulog/oprint.log
-    nflog               => ['SYSLOG']
-    syslog_facility     => local7
-    json_nfct_logfile   => /var/log/ulog/ulogd_nfct.json
-    logemu_nfct_logfile => /var/log/ulog/syslogemu_nfct.log
-    nacct_file          => /var/log/ulog/nacct.log
-    syslog_level        => info
-    json_logfile        => /var/log/ulog/ulogd.json
-    config_file         => /etc/ulogd.conf
-    nfct                => []
-    ensure              => present
-    gprint_logfile      => /var/log/ulog/gprint.log
-    xml_directory       => /var/log/ulog/
-    pcap_file           => /var/log/ulog/ulogd.pcap
-    log_level           => info
-    logfile             => syslog
-    logemu_logfile      => /var/log/ulog/syslogemu.log
-    sync                => True

File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]

Parameters differences:

--- File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft].orig
+++ File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft.orig
+++ /etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft
@@ -0,0 +1,4 @@
+# Managed by puppet
+# 
+ip saddr { 10.192.16.75, 10.192.32.67, 10.192.39.10, 10.192.9.11, 208.80.153.42, 208.80.154.78 } tcp dport 1-65535 accept
+ip6 saddr { 2620:0:860:102:10:192:16:75, 2620:0:860:103:10:192:32:67, 2620:0:860:10a:10:192:9:11, 2620:0:860:11e:10:192:39:10, 2620:0:860:2:208:80:153:42, 2620:0:861:3:208:80:154:78 } tcp dport 1-65535 accept

File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft.orig
+++ /etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft
@@ -0,0 +1,14 @@
+# Autogenerated by puppet
+set KAFKA_BROKERS_JUMBO_ipv4 {
+    type ipv4_addr
+    elements = { 10.64.130.10,
+             10.64.131.16,
+             10.64.132.21,
+             10.64.134.9,
+             10.64.135.16,
+             10.64.136.11,
+             10.64.154.15,
+             10.64.160.16,
+             10.64.0.126
+    }
+}

File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp]

Parameters differences:

--- File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp].orig
+++ File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp]

-    group   => root
-    mode    => 0400
-    require => File[/etc/ferm/conf.d]
-    notify  => Service[ferm]
-    ensure  => present
-    owner   => root
-    tag     => ferm

Content differences:

--- /etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp.orig
+++ /etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp
@@ -1,6 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 
-&R_SERVICE(tcp, 1:65535, (10.192.16.75 10.192.32.67 10.192.39.10 10.192.9.11 208.80.153.42 208.80.154.78 2620:0:860:102:10:192:16:75 2620:0:860:103:10:192:32:67 2620:0:860:10a:10:192:9:11 2620:0:860:11e:10:192:39:10 2620:0:860:2:208:80:153:42 2620:0:861:3:208:80:154:78));
-
-

Systemd::Unit[nrpe2nodexp-ferm_active.timer]

Parameters differences:

--- Systemd::Unit[nrpe2nodexp-ferm_active.timer].orig
+++ Systemd::Unit[nrpe2nodexp-ferm_active.timer]

-    require           => ['Class[Systemd]']
-    override          => False
-    ensure            => present
-    restart           => False
-    unit              => nrpe2nodexp-ferm_active.timer
-    override_filename => puppet-override.conf

File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf]

Parameters differences:

--- File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf].orig
+++ File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf]

-    group  => root
-    mode   => 0444
-    notify => Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]
-    ensure => present
-    owner  => root
-    source => puppet:///modules/ferm/ferm_systemd_override

Prometheus::Node_textfile[check-nft]

Parameters differences:

--- Prometheus::Node_textfile[check-nft].orig
+++ Prometheus::Node_textfile[check-nft]

+    user           => root
+    environment    => {}
+    run_cmd        => /usr/local/bin/check-nft
+    filesource     => puppet:///modules/profile/firewall/check_nftables.py
+    ensure         => present
+    interval       => *:0/30
+    extra_packages => []

File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft].orig
+++ File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft.orig
+++ /etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft
@@ -0,0 +1,38 @@
+# Autogenerated by puppet
+set ANALYTICS_NETWORKS_ipv6 {
+    type ipv6_addr
+    flags interval
+    auto-merge
+    elements = { 2620:0:861:100::/64,
+             2620:0:861:104::/64,
+             2620:0:861:105::/64,
+             2620:0:861:106::/64,
+             2620:0:861:108::/64,
+             2620:0:861:110::/64,
+             2620:0:861:111::/64,
+             2620:0:861:112::/64,
+             2620:0:861:114::/64,
+             2620:0:861:115::/64,
+             2620:0:861:116::/64,
+             2620:0:861:117::/64,
+             2620:0:861:11a::/64,
+             2620:0:861:121::/64,
+             2620:0:861:123::/64,
+             2620:0:861:125::/64,
+             2620:0:861:127::/64,
+             2620:0:861:129::/64,
+             2620:0:861:12b::/64,
+             2620:0:861:12d::/64,
+             2620:0:861:12f::/64,
+             2620:0:861:132::/64,
+             2620:0:861:134::/64,
+             2620:0:861:136::/64,
+             2620:0:861:138::/64,
+             2620:0:861:13a::/64,
+             2620:0:861:13c::/64,
+             2620:0:861:13e::/64,
+             2620:0:861:141::/64,
+             2620:0:861:143::/64,
+             2620:0:861:145::/64
+    }
+}

File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]

Parameters differences:

--- File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft].orig
+++ File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/MONITORING_HOSTS_ipv4.nft.orig
+++ /etc/nftables/sets/MONITORING_HOSTS_ipv4.nft
@@ -0,0 +1,7 @@
+# Autogenerated by puppet
+set MONITORING_HOSTS_ipv4 {
+    type ipv4_addr
+    elements = { 208.80.154.78,
+             208.80.153.42
+    }
+}

Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]

Parameters differences:

--- Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)].orig
+++ Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]

-    command     => /bin/systemctl daemon-reload
-    refreshonly => True

Nftables::Set[ZOOKEEPER_FLINK_HOSTS]

Parameters differences:

--- Nftables::Set[ZOOKEEPER_FLINK_HOSTS].orig
+++ Nftables::Set[ZOOKEEPER_FLINK_HOSTS]

+    ensure => present
+    hosts  => ['10.64.16.9', '2620:0:861:102:10:64:16:9', '10.64.0.8', '2620:0:861:101:10:64:0:8', '10.64.32.41', '2620:0:861:103:10:64:32:41', '10.192.16.227', '2620:0:860:102:10:192:16:227', '10.192.32.179', '2620:0:860:103:10:192:32:179', '10.192.48.219', '2620:0:860:104:10:192:48:219']

Nftables::Set[KAFKA_BROKERS_JUMBO]

Parameters differences:

--- Nftables::Set[KAFKA_BROKERS_JUMBO].orig
+++ Nftables::Set[KAFKA_BROKERS_JUMBO]

+    ensure => present
+    hosts  => ['10.64.130.10', '2620:0:861:109:10:64:130:10', '10.64.131.16', '2620:0:861:10a:10:64:131:16', '10.64.132.21', '2620:0:861:10b:10:64:132:21', '10.64.134.9', '2620:0:861:10d:10:64:134:9', '10.64.135.16', '2620:0:861:10e:10:64:135:16', '10.64.136.11', '2620:0:861:10f:10:64:136:11', '10.64.154.15', '2620:0:861:122:10:64:154:15', '10.64.160.16', '2620:0:861:128:10:64:160:16', '10.64.0.126', '2620:0:861:101:10:64:0:126']

Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c]

Parameters differences:

--- Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c].orig
+++ Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c]

-    def_label_whitelst => ['team', 'severity']
-    alert_name         => nrpe_Check_whether_ferm_is_active_by_checking_the_default_input_chain
-    description        => NRPE CHECK: Check whether ferm is active by checking the default input chain
-    site               => codfw
-    ensure             => present
-    logs               => https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_ferm_active))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))
-    instance           => ops
-    severity           => info
-    summary            => NRPE CHECK: Check whether ferm is active by checking the default input chain
-    for                => 32m
-    group              => nrpechecks
-    expr               => (nagios_nrpe_check_result{alert_rule_hash="bba0a2572329bb500b832470e08b381c",check_name="check_ferm_active", status=~"(WARNING|CRITICAL)", severity=~"(warning|critical)"} > 0) * on (instance) group_left (team) role_owner
-    runbook            => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm
-    team               => observability
-    dashboard          => TODO

File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]

Parameters differences:

--- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft].orig
+++ File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]

+    group  => root
+    mode   => 0444
+    notify => ['Service[nftables]']
+    ensure => present
+    owner  => root
+    tag    => nft

Content differences:

--- /etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft.orig
+++ /etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft
@@ -0,0 +1,14 @@
+# Autogenerated by puppet
+set KAFKA_BROKERS_JUMBO_ipv6 {
+    type ipv6_addr
+    elements = { 2620:0:861:109:10:64:130:10,
+             2620:0:861:10a:10:64:131:16,
+             2620:0:861:10b:10:64:132:21,
+             2620:0:861:10d:10:64:134:9,
+             2620:0:861:10e:10:64:135:16,
+             2620:0:861:10f:10:64:136:11,
+             2620:0:861:122:10:64:154:15,
+             2620:0:861:128:10:64:160:16,
+             2620:0:861:101:10:64:0:126
+    }
+}

Compilation results for pki2002.codfw.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources only in the old catalog

Resources modified

Relevant files