{"host": "tcp-proxy3002.esams.wmnet", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 2766, "only_in_self": [], "only_in_other": ["Conftool::Scripts::Safe_service_restart[gitlab]", "File[/usr/local/bin/depool-gitlab]", "File[/usr/local/bin/pool-gitlab]", "File[/usr/local/sbin/restart-gitlab]"], "resource_diffs": [{"resource": "Class[Profile::Lvs::Realserver::Ipip]", "parameters": "--- Class[Profile::Lvs::Realserver::Ipip].orig\n+++ Class[Profile::Lvs::Realserver::Ipip]\n\n@@\n-    pools => {'gerrit-ssh': {'services': ['gerrit']}}\n+    pools => {'gerrit-ssh': {'services': ['gerrit']}, 'gitlab-ssh': {'services': ['gitlab']}}\n"}, {"resource": "File[/etc/ferm/conf.d/10_clamp-mss-ipv4]", "content": "--- /etc/ferm/conf.d/10_clamp-mss-ipv4.orig\n+++ /etc/ferm/conf.d/10_clamp-mss-ipv4\n@@ -5,7 +5,7 @@\n domain (ip) {\n \ttable filter {\n \t\tchain OUTPUT {\n-\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n+\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n \t\t}\n \t}\n }"}, {"resource": "Systemd::Service[tcp-mss-clamper]"}, {"resource": "File[/lib/systemd/system/prometheus_ferm_mss.service]", "content": "--- /lib/systemd/system/prometheus_ferm_mss.service.orig\n+++ /lib/systemd/system/prometheus_ferm_mss.service\n@@ -5,4 +5,4 @@\n [Service]\n Type=oneshot\n User=root\n-ExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+ExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222"}, {"resource": "Systemd::Unit[prometheus_ferm_mss.service]"}, {"resource": "Systemd::Timer::Job[prometheus_ferm_mss]", "parameters": "--- Systemd::Timer::Job[prometheus_ferm_mss].orig\n+++ Systemd::Timer::Job[prometheus_ferm_mss]\n\n@@\n-    command => /usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+    command => /usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222\n"}, {"resource": "File[/lib/systemd/system/tcp-mss-clamper.service]", "content": "--- /lib/systemd/system/tcp-mss-clamper.service.orig\n+++ /lib/systemd/system/tcp-mss-clamper.service\n@@ -7,5 +7,5 @@\n \n [Service]\n LimitMEMLOCK=infinity\n-ExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1440 --ipv6-mss 1400 -p :2200 -s \"185.15.59.225:29418,[2a02:ec80:300:ed1a::2]:29418\" -i ens13,lo\n+ExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1440 --ipv6-mss 1400 -p :2200 -s \"185.15.59.225:29418,185.15.59.228:2222,[2a02:ec80:300:ed1a::2]:29418,[2a02:ec80:300:ed1a::4]:2222\" -i ens13,lo\n Restart=on-failure"}, {"resource": "Conftool::Scripts::Safe_service_restart[gitlab]", "parameters": "--- Conftool::Scripts::Safe_service_restart[gitlab].orig\n+++ Conftool::Scripts::Safe_service_restart[gitlab]\n\n+    require         => ['Class[Conftool::Scripts]']\n+    lvs_pools       => ['gitlab-ssh']\n+    max_concurrency => 0\n"}, {"resource": "Systemd::Unit[tcp-mss-clamper]"}, {"resource": "Class[Lvs::Realserver]", "parameters": "--- Class[Lvs::Realserver].orig\n+++ Class[Lvs::Realserver]\n\n@@\n-    realserver_ips => ['185.15.59.225', '2a02:ec80:300:ed1a::2']\n+    realserver_ips => ['185.15.59.225', '185.15.59.228', '2a02:ec80:300:ed1a::2', '2a02:ec80:300:ed1a::4']\n"}, {"resource": "File[/etc/default/wikimedia-lvs-realserver]", "content": "--- /etc/default/wikimedia-lvs-realserver.orig\n+++ /etc/default/wikimedia-lvs-realserver\n@@ -7,4 +7,4 @@\n \n # LVS service IPs to be bound to the loopback interface,\n # separate using spaces\n-LVS_SERVICE_IPS=\"185.15.59.225 2a02:ec80:300:ed1a::2\"\n+LVS_SERVICE_IPS=\"185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2 2a02:ec80:300:ed1a::4\""}, {"resource": "File[/usr/local/bin/depool-gitlab]", "content": "--- /usr/local/bin/depool-gitlab.orig\n+++ /usr/local/bin/depool-gitlab\n@@ -0,0 +1,2 @@\n+#!/bin/bash\n+/usr/local/bin/safe-service-restart --pools gitlab-ssh --depool --retries 10 --wait 5", "parameters": "--- File[/usr/local/bin/depool-gitlab].orig\n+++ File[/usr/local/bin/depool-gitlab]\n\n+    mode   => 0555\n+    ensure => present\n+    group  => root\n+    owner  => root\n"}, {"resource": "Prometheus::Node_ferm_mss[ferm_clamped_ipport]", "parameters": "--- Prometheus::Node_ferm_mss[ferm_clamped_ipport].orig\n+++ Prometheus::Node_ferm_mss[ferm_clamped_ipport]\n\n@@\n-    clamped_ipport => ['185.15.59.225:29418', '[2a02:ec80:300:ed1a::2]:29418']\n+    clamped_ipport => ['185.15.59.225:29418', '185.15.59.228:2222', '[2a02:ec80:300:ed1a::2]:29418', '[2a02:ec80:300:ed1a::4]:2222']\n"}, {"resource": "File[/usr/local/bin/pool-gitlab]", "content": "--- /usr/local/bin/pool-gitlab.orig\n+++ /usr/local/bin/pool-gitlab\n@@ -0,0 +1,2 @@\n+#!/bin/bash\n+/usr/local/bin/safe-service-restart --pools gitlab-ssh --pool --retries 10 --wait 5", "parameters": "--- File[/usr/local/bin/pool-gitlab].orig\n+++ File[/usr/local/bin/pool-gitlab]\n\n+    mode   => 0555\n+    ensure => present\n+    group  => root\n+    owner  => root\n"}, {"resource": "Class[Profile::Lvs::Realserver]", "parameters": "--- Class[Profile::Lvs::Realserver].orig\n+++ Class[Profile::Lvs::Realserver]\n\n@@\n-    pools => {'gerrit-ssh': {'services': ['gerrit']}}\n+    pools => {'gerrit-ssh': {'services': ['gerrit']}, 'gitlab-ssh': {'services': ['gitlab']}}\n"}, {"resource": "Systemd::Timer::Job[prometheus_lvs_realserver_mss]", "parameters": "--- Systemd::Timer::Job[prometheus_lvs_realserver_mss].orig\n+++ Systemd::Timer::Job[prometheus_lvs_realserver_mss]\n\n@@\n-    command => /usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+    command => /usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222\n"}, {"resource": "File[/etc/ferm/conf.d/10_clamp-mss-ipv6]", "content": "--- /etc/ferm/conf.d/10_clamp-mss-ipv6.orig\n+++ /etc/ferm/conf.d/10_clamp-mss-ipv6\n@@ -5,7 +5,7 @@\n domain (ip6) {\n \ttable filter {\n \t\tchain OUTPUT {\n-\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n+\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n \t\t}\n \t}\n }"}, {"resource": "Ferm::Rule[clamp-mss-ipv6]", "parameters": "--- Ferm::Rule[clamp-mss-ipv6].orig\n+++ Ferm::Rule[clamp-mss-ipv6]\n\n@@\n-    rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n+    rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n"}, {"resource": "File[/usr/local/sbin/restart-gitlab]", "content": "--- /usr/local/sbin/restart-gitlab.orig\n+++ /usr/local/sbin/restart-gitlab\n@@ -0,0 +1,2 @@\n+#!/bin/bash\n+/usr/local/bin/safe-service-restart --pools gitlab-ssh --services gitlab --retries 10 --wait 5 $@", "parameters": "--- File[/usr/local/sbin/restart-gitlab].orig\n+++ File[/usr/local/sbin/restart-gitlab]\n\n+    mode   => 0555\n+    ensure => present\n+    group  => root\n+    owner  => root\n"}, {"resource": "Ferm::Rule[clamp-mss-ipv4]", "parameters": "--- Ferm::Rule[clamp-mss-ipv4].orig\n+++ Ferm::Rule[clamp-mss-ipv4]\n\n@@\n-    rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n+    rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n"}, {"resource": "Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]", "parameters": "--- Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport].orig\n+++ Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]\n\n@@\n-    clamped_ipport => ['185.15.59.225:29418', '[2a02:ec80:300:ed1a::2]:29418']\n+    clamped_ipport => ['185.15.59.225:29418', '185.15.59.228:2222', '[2a02:ec80:300:ed1a::2]:29418', '[2a02:ec80:300:ed1a::4]:2222']\n"}, {"resource": "Systemd::Unit[prometheus_lvs_realserver_mss.service]"}, {"resource": "File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]", "content": "--- /lib/systemd/system/prometheus_lvs_realserver_mss.service.orig\n+++ /lib/systemd/system/prometheus_lvs_realserver_mss.service\n@@ -5,4 +5,4 @@\n [Service]\n Type=oneshot\n User=root\n-ExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+ExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222"}, {"resource": "File[/etc/conftool/local_services.yaml]", "content": "--- /etc/conftool/local_services.yaml.orig\n+++ /etc/conftool/local_services.yaml\n@@ -5,3 +5,9 @@\n   servers:\n   - pybal-high-traffic1-esams.wikimedia.org\n   port: 29418\n+gitlab-ssh:\n+  cluster: tcp-proxy\n+  service: gitlab\n+  servers:\n+  - pybal-high-traffic1-esams.wikimedia.org\n+  port: 2222"}], "perc_changed": "1.01%"}, "core": {"total": 2766, "only_in_self": [], "only_in_other": ["File[/usr/local/bin/depool-gitlab]", "File[/usr/local/bin/pool-gitlab]", "File[/usr/local/sbin/restart-gitlab]"], "resource_diffs": [{"resource": "File[/etc/ferm/conf.d/10_clamp-mss-ipv4]", "content": "--- /etc/ferm/conf.d/10_clamp-mss-ipv4.orig\n+++ /etc/ferm/conf.d/10_clamp-mss-ipv4\n@@ -5,7 +5,7 @@\n domain (ip) {\n \ttable filter {\n \t\tchain OUTPUT {\n-\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n+\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n \t\t}\n \t}\n }"}, {"resource": "File[/lib/systemd/system/prometheus_ferm_mss.service]", "content": "--- /lib/systemd/system/prometheus_ferm_mss.service.orig\n+++ /lib/systemd/system/prometheus_ferm_mss.service\n@@ -5,4 +5,4 @@\n [Service]\n Type=oneshot\n User=root\n-ExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+ExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222"}, {"resource": "File[/lib/systemd/system/tcp-mss-clamper.service]", "content": "--- /lib/systemd/system/tcp-mss-clamper.service.orig\n+++ /lib/systemd/system/tcp-mss-clamper.service\n@@ -7,5 +7,5 @@\n \n [Service]\n LimitMEMLOCK=infinity\n-ExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1440 --ipv6-mss 1400 -p :2200 -s \"185.15.59.225:29418,[2a02:ec80:300:ed1a::2]:29418\" -i ens13,lo\n+ExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1440 --ipv6-mss 1400 -p :2200 -s \"185.15.59.225:29418,185.15.59.228:2222,[2a02:ec80:300:ed1a::2]:29418,[2a02:ec80:300:ed1a::4]:2222\" -i ens13,lo\n Restart=on-failure"}, {"resource": "File[/etc/ferm/conf.d/10_clamp-mss-ipv6]", "content": "--- /etc/ferm/conf.d/10_clamp-mss-ipv6.orig\n+++ /etc/ferm/conf.d/10_clamp-mss-ipv6\n@@ -5,7 +5,7 @@\n domain (ip6) {\n \ttable filter {\n \t\tchain OUTPUT {\n-\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n+\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n \t\t}\n \t}\n }"}, {"resource": "File[/etc/default/wikimedia-lvs-realserver]", "content": "--- /etc/default/wikimedia-lvs-realserver.orig\n+++ /etc/default/wikimedia-lvs-realserver\n@@ -7,4 +7,4 @@\n \n # LVS service IPs to be bound to the loopback interface,\n # separate using spaces\n-LVS_SERVICE_IPS=\"185.15.59.225 2a02:ec80:300:ed1a::2\"\n+LVS_SERVICE_IPS=\"185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2 2a02:ec80:300:ed1a::4\""}, {"resource": "File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]", "content": "--- /lib/systemd/system/prometheus_lvs_realserver_mss.service.orig\n+++ /lib/systemd/system/prometheus_lvs_realserver_mss.service\n@@ -5,4 +5,4 @@\n [Service]\n Type=oneshot\n User=root\n-ExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+ExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222"}, {"resource": "File[/etc/conftool/local_services.yaml]", "content": "--- /etc/conftool/local_services.yaml.orig\n+++ /etc/conftool/local_services.yaml\n@@ -5,3 +5,9 @@\n   servers:\n   - pybal-high-traffic1-esams.wikimedia.org\n   port: 29418\n+gitlab-ssh:\n+  cluster: tcp-proxy\n+  service: gitlab\n+  servers:\n+  - pybal-high-traffic1-esams.wikimedia.org\n+  port: 2222"}], "perc_changed": "0.36%"}, "main": {"total": 2766, "only_in_self": [], "only_in_other": ["Conftool::Scripts::Safe_service_restart[gitlab]", "File[/usr/local/bin/depool-gitlab]", "File[/usr/local/bin/pool-gitlab]", "File[/usr/local/sbin/restart-gitlab]"], "resource_diffs": [{"resource": "Class[Profile::Lvs::Realserver::Ipip]", "parameters": "--- Class[Profile::Lvs::Realserver::Ipip].orig\n+++ Class[Profile::Lvs::Realserver::Ipip]\n\n@@\n-    pools => {'gerrit-ssh': {'services': ['gerrit']}}\n+    pools => {'gerrit-ssh': {'services': ['gerrit']}, 'gitlab-ssh': {'services': ['gitlab']}}\n"}, {"resource": "File[/etc/ferm/conf.d/10_clamp-mss-ipv4]", "content": "--- /etc/ferm/conf.d/10_clamp-mss-ipv4.orig\n+++ /etc/ferm/conf.d/10_clamp-mss-ipv4\n@@ -5,7 +5,7 @@\n domain (ip) {\n \ttable filter {\n \t\tchain OUTPUT {\n-\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n+\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n \t\t}\n \t}\n }"}, {"resource": "Class[Profile::Lvs::Realserver]", "parameters": "--- Class[Profile::Lvs::Realserver].orig\n+++ Class[Profile::Lvs::Realserver]\n\n@@\n-    pools => {'gerrit-ssh': {'services': ['gerrit']}}\n+    pools => {'gerrit-ssh': {'services': ['gerrit']}, 'gitlab-ssh': {'services': ['gitlab']}}\n"}, {"resource": "Systemd::Service[tcp-mss-clamper]"}, {"resource": "File[/lib/systemd/system/prometheus_ferm_mss.service]", "content": "--- /lib/systemd/system/prometheus_ferm_mss.service.orig\n+++ /lib/systemd/system/prometheus_ferm_mss.service\n@@ -5,4 +5,4 @@\n [Service]\n Type=oneshot\n User=root\n-ExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+ExecStart=/usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222"}, {"resource": "Systemd::Unit[prometheus_ferm_mss.service]"}, {"resource": "Systemd::Timer::Job[prometheus_lvs_realserver_mss]", "parameters": "--- Systemd::Timer::Job[prometheus_lvs_realserver_mss].orig\n+++ Systemd::Timer::Job[prometheus_lvs_realserver_mss]\n\n@@\n-    command => /usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+    command => /usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222\n"}, {"resource": "Systemd::Timer::Job[prometheus_ferm_mss]", "parameters": "--- Systemd::Timer::Job[prometheus_ferm_mss].orig\n+++ Systemd::Timer::Job[prometheus_ferm_mss]\n\n@@\n-    command => /usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+    command => /usr/local/bin/prometheus-ferm-mss -o /var/lib/prometheus/node.d/ferm-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222\n"}, {"resource": "File[/lib/systemd/system/tcp-mss-clamper.service]", "content": "--- /lib/systemd/system/tcp-mss-clamper.service.orig\n+++ /lib/systemd/system/tcp-mss-clamper.service\n@@ -7,5 +7,5 @@\n \n [Service]\n LimitMEMLOCK=infinity\n-ExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1440 --ipv6-mss 1400 -p :2200 -s \"185.15.59.225:29418,[2a02:ec80:300:ed1a::2]:29418\" -i ens13,lo\n+ExecStart=/usr/bin/tcp-mss-clamper --ipv4-mss 1440 --ipv6-mss 1400 -p :2200 -s \"185.15.59.225:29418,185.15.59.228:2222,[2a02:ec80:300:ed1a::2]:29418,[2a02:ec80:300:ed1a::4]:2222\" -i ens13,lo\n Restart=on-failure"}, {"resource": "Systemd::Unit[tcp-mss-clamper]"}, {"resource": "File[/etc/ferm/conf.d/10_clamp-mss-ipv6]", "content": "--- /etc/ferm/conf.d/10_clamp-mss-ipv6.orig\n+++ /etc/ferm/conf.d/10_clamp-mss-ipv6\n@@ -5,7 +5,7 @@\n domain (ip6) {\n \ttable filter {\n \t\tchain OUTPUT {\n-\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n+\t\t\touterface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n \t\t}\n \t}\n }"}, {"resource": "Ferm::Rule[clamp-mss-ipv6]", "parameters": "--- Ferm::Rule[clamp-mss-ipv6].orig\n+++ Ferm::Rule[clamp-mss-ipv6]\n\n@@\n-    rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n+    rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1400;\n"}, {"resource": "Ferm::Rule[clamp-mss-ipv4]", "parameters": "--- Ferm::Rule[clamp-mss-ipv4].orig\n+++ Ferm::Rule[clamp-mss-ipv4]\n\n@@\n-    rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 2a02:ec80:300:ed1a::2])) proto tcp sport (29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n+    rule => outerface (ens13 lo) saddr @ipfilter((185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2] 2a02:ec80:300:ed1a::4])) proto tcp sport (2222 29418) tcp-flags (SYN) SYN TCPMSS set-mss 1440;\n"}, {"resource": "Class[Lvs::Realserver]", "parameters": "--- Class[Lvs::Realserver].orig\n+++ Class[Lvs::Realserver]\n\n@@\n-    realserver_ips => ['185.15.59.225', '2a02:ec80:300:ed1a::2']\n+    realserver_ips => ['185.15.59.225', '185.15.59.228', '2a02:ec80:300:ed1a::2', '2a02:ec80:300:ed1a::4']\n"}, {"resource": "Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]", "parameters": "--- Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport].orig\n+++ Prometheus::Node_lvs_realserver_mss[lvs_clamped_ipport]\n\n@@\n-    clamped_ipport => ['185.15.59.225:29418', '[2a02:ec80:300:ed1a::2]:29418']\n+    clamped_ipport => ['185.15.59.225:29418', '185.15.59.228:2222', '[2a02:ec80:300:ed1a::2]:29418', '[2a02:ec80:300:ed1a::4]:2222']\n"}, {"resource": "Systemd::Unit[prometheus_lvs_realserver_mss.service]"}, {"resource": "File[/etc/default/wikimedia-lvs-realserver]", "content": "--- /etc/default/wikimedia-lvs-realserver.orig\n+++ /etc/default/wikimedia-lvs-realserver\n@@ -7,4 +7,4 @@\n \n # LVS service IPs to be bound to the loopback interface,\n # separate using spaces\n-LVS_SERVICE_IPS=\"185.15.59.225 2a02:ec80:300:ed1a::2\"\n+LVS_SERVICE_IPS=\"185.15.59.225 185.15.59.228 2a02:ec80:300:ed1a::2 2a02:ec80:300:ed1a::4\""}, {"resource": "Prometheus::Node_ferm_mss[ferm_clamped_ipport]", "parameters": "--- Prometheus::Node_ferm_mss[ferm_clamped_ipport].orig\n+++ Prometheus::Node_ferm_mss[ferm_clamped_ipport]\n\n@@\n-    clamped_ipport => ['185.15.59.225:29418', '[2a02:ec80:300:ed1a::2]:29418']\n+    clamped_ipport => ['185.15.59.225:29418', '185.15.59.228:2222', '[2a02:ec80:300:ed1a::2]:29418', '[2a02:ec80:300:ed1a::4]:2222']\n"}, {"resource": "File[/lib/systemd/system/prometheus_lvs_realserver_mss.service]", "content": "--- /lib/systemd/system/prometheus_lvs_realserver_mss.service.orig\n+++ /lib/systemd/system/prometheus_lvs_realserver_mss.service\n@@ -5,4 +5,4 @@\n [Service]\n Type=oneshot\n User=root\n-ExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e [2a02:ec80:300:ed1a::2]:29418\n+ExecStart=/usr/local/bin/prometheus-lvs-realserver-mss -o /var/lib/prometheus/node.d/lvs-realserver-mss.prom -e 185.15.59.225:29418 -e 185.15.59.228:2222 -e [2a02:ec80:300:ed1a::2]:29418 -e [2a02:ec80:300:ed1a::4]:2222"}, {"resource": "File[/etc/conftool/local_services.yaml]", "content": "--- /etc/conftool/local_services.yaml.orig\n+++ /etc/conftool/local_services.yaml\n@@ -5,3 +5,9 @@\n   servers:\n   - pybal-high-traffic1-esams.wikimedia.org\n   port: 29418\n+gitlab-ssh:\n+  cluster: tcp-proxy\n+  service: gitlab\n+  servers:\n+  - pybal-high-traffic1-esams.wikimedia.org\n+  port: 2222"}], "perc_changed": "0.87%"}}}