{"host": "pc2022.codfw.wmnet", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3106, "only_in_self": ["Alternatives::Select[ip6tables]", "Alternatives::Select[iptables]", "Class[Profile::Firewall::Log::Ferm]", "Class[Ulogd]", "Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]", "Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]", "Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]", "Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]", "Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]", "Exec[update_alternative_ip6tables]", "Exec[update_alternative_iptables]", "Ferm::Conf[defs]", "Ferm::Conf[main]", "Ferm::Filter_log[filter-bootp]", "Ferm::Rule[drop-blocked-nets]", "Ferm::Rule[dscp-default]", "Ferm::Rule[filter_log_filter-bootp]", "Ferm::Rule[log-everything]", "Ferm::Service[full_monitoring_metrics_access_tcp]", "Ferm::Service[full_monitoring_metrics_access_udp]", "Ferm::Service[mariadb_internal]", "Ferm::Service[orchestrator]", "Ferm::Service[parsercache_mariadb_dba]", "Ferm::Service[ssh_from_bastion]", "Ferm::Service[ssh_from_cumin_masters]", "File[/etc/default/ferm]", "File[/etc/ferm/conf.d/00_defs]", "File[/etc/ferm/conf.d/01_drop-blocked-nets]", "File[/etc/ferm/conf.d/02_main]", "File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp]", "File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]", "File[/etc/ferm/conf.d/10_mariadb_internal]", "File[/etc/ferm/conf.d/10_orchestrator]", "File[/etc/ferm/conf.d/10_parsercache_mariadb_dba]", "File[/etc/ferm/conf.d/10_ssh_from_bastion]", "File[/etc/ferm/conf.d/10_ssh_from_cumin_masters]", "File[/etc/ferm/conf.d/98_filter_log_filter-bootp]", "File[/etc/ferm/conf.d/98_log-everything]", "File[/etc/ferm/conf.d/99_dscp-default]", "File[/etc/ferm/conf.d]", "File[/etc/ferm/ferm.conf]", "File[/etc/ferm/functions.conf]", "File[/etc/logrotate.d/ulogd]", "File[/etc/logrotate.d/wmf_auto_restart_ulogd2]", "File[/etc/nagios/nrpe.d/check_ferm_active.cfg]", "File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]", "File[/etc/rsyslog.d/40-ulogd.conf]", "File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf]", "File[/etc/sudoers.d/nrpe-check_ferm_active]", "File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf]", "File[/etc/systemd/system/ferm.service.d]", "File[/etc/ulogd.conf]", "File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]", "File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]", "File[/lib/systemd/system/wmf_auto_restart_ulogd2.service]", "File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer]", "File[/usr/local/lib/nagios/plugins/check_ferm]", "File[/var/log/ulogd]", "File[/var/log/wmf_auto_restart_ulogd2]", "File_line[auto_restart_file_presence_ulogd2]", "Logrotate::Conf[ulogd]", "Logrotate::Conf[wmf_auto_restart_ulogd2]", "Monitoring::Exported_nagios_service[pc2022 ferm_active]", "Monitoring::Service[ferm_active]", "Nrpe::Check[check_ferm_active]", "Nrpe::Monitor_service[ferm_active]", "Nrpe::Plugin[check_ferm]", "Package[ulogd2]", "Profile::Auto_restarts::Service[ulogd2]", "Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c]", "Rsyslog::Conf[nrpe2nodexp-ferm_active]", "Rsyslog::Conf[ulogd]", "Rsyslog::Conf[wmf_auto_restart_ulogd2]", "Service[ferm]", "Service[nrpe2nodexp-ferm_active.timer]", "Service[ulogd2]", "Service[wmf_auto_restart_ulogd2.timer]", "Sudo::User[nrpe-check_ferm_active]", "Systemd::Override[ferm-service-status-restart]", "Systemd::Service[nrpe2nodexp-ferm_active]", "Systemd::Service[wmf_auto_restart_ulogd2]", "Systemd::Syslog[ulogd]", "Systemd::Syslog[wmf_auto_restart_ulogd2]", "Systemd::Timer::Job[nrpe2nodexp-ferm_active]", "Systemd::Timer::Job[wmf_auto_restart_ulogd2]", "Systemd::Timer[nrpe2nodexp-ferm_active]", "Systemd::Timer[wmf_auto_restart_ulogd2]", "Systemd::Unit[ferm-ferm-service-status-restart]", "Systemd::Unit[nrpe2nodexp-ferm_active.service]", "Systemd::Unit[nrpe2nodexp-ferm_active.timer]", "Systemd::Unit[wmf_auto_restart_ulogd2.service]", "Systemd::Unit[wmf_auto_restart_ulogd2.timer]"], "only_in_other": ["Class[Nftables]", "Class[Profile::Firewall::Nftables_base_sets]", "Exec[systemd daemon-reload for nftables.service (nftables)]", "Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]", "Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]", "Exec[unmask_nftables.service]", "File[/etc/logrotate.d/prometheus-node-textfile-check-nft]", "File[/etc/nftables.conf]", "File[/etc/nftables/100_base_puppet.nft]", "File[/etc/nftables/]", "File[/etc/nftables/forward]", "File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]", "File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]", "File[/etc/nftables/input/10_mariadb_internal.nft]", "File[/etc/nftables/input/10_orchestrator.nft]", "File[/etc/nftables/input/10_parsercache_mariadb_dba.nft]", "File[/etc/nftables/input/10_ssh-from-bastion.nft]", "File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]", "File[/etc/nftables/input]", "File[/etc/nftables/main.nft]", "File[/etc/nftables/notrack/10_mariadb_internal.nft]", "File[/etc/nftables/notrack/10_orchestrator.nft]", "File[/etc/nftables/notrack]", "File[/etc/nftables/output]", "File[/etc/nftables/postrouting]", "File[/etc/nftables/prerouting]", "File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/CACHES_ipv4.nft]", "File[/etc/nftables/sets/CACHES_ipv6.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]", "File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]", "File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/INTERNAL_ipv4.nft]", "File[/etc/nftables/sets/INTERNAL_ipv6.nft]", "File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]", "File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]", "File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]", "File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]", "File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]", "File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]", "File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]", "File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]", "File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]", "File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]", "File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]", "File[/etc/nftables/sets]", "File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf]", "File[/etc/systemd/system/nftables.service.d/puppet-override.conf]", "File[/etc/systemd/system/nftables.service.d]", "File[/lib/systemd/system/prometheus-node-textfile-check-nft.service]", "File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer]", "File[/usr/local/bin/check-nft]", "File[/var/log/prometheus-node-textfile-check-nft]", "Logrotate::Conf[prometheus-node-textfile-check-nft]", "Nftables::File[base]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[mariadb_internal]", "Nftables::Service[orchestrator]", "Nftables::Service[parsercache_mariadb_dba]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Set[ANALYTICS_NETWORKS]", "Nftables::Set[AUX_KUBEPODS_NETWORKS]", "Nftables::Set[BASTION_HOSTS]", "Nftables::Set[CACHES]", "Nftables::Set[CLOUD_NETWORKS]", "Nftables::Set[CLOUD_NETWORKS_PUBLIC]", "Nftables::Set[CLOUD_PRIVATE_NETWORKS]", "Nftables::Set[CUMIN_MASTERS]", "Nftables::Set[DEPLOYMENT_HOSTS]", "Nftables::Set[DOMAIN_NETWORKS]", "Nftables::Set[DRUID_PUBLIC_HOSTS]", "Nftables::Set[DSE_KUBEPODS_NETWORKS]", "Nftables::Set[FRACK_NETWORKS]", "Nftables::Set[INSTALL_HOSTS]", "Nftables::Set[INTERNAL]", "Nftables::Set[KAFKAMON_HOSTS]", "Nftables::Set[KAFKA_BROKERS_JUMBO]", "Nftables::Set[KAFKA_BROKERS_LOGGING]", "Nftables::Set[KAFKA_BROKERS_MAIN]", "Nftables::Set[LABSTORE_HOSTS]", "Nftables::Set[LABS_NETWORKS]", "Nftables::Set[LINK_LOCAL]", "Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS]", "Nftables::Set[MGMT_NETWORKS]", "Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]", "Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]", "Nftables::Set[MONITORING_HOSTS]", "Nftables::Set[MW_APPSERVER_NETWORKS]", "Nftables::Set[MYSQL_ROOT_CLIENTS]", "Nftables::Set[NETWORK_INFRA]", "Nftables::Set[PRODUCTION_NETWORKS]", "Nftables::Set[PROMETHEUS_HOSTS]", "Nftables::Set[SANDBOX_NETWORKS]", "Nftables::Set[STAGING_KUBEPODS_NETWORKS]", "Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]", "Nftables::Set[ZOOKEEPER_FLINK_HOSTS]", "Nftables::Set[ZOOKEEPER_HOSTS_MAIN]", "Package[nftables]", "Prometheus::Node_textfile[check-nft]", "Rsyslog::Conf[prometheus-node-textfile-check-nft]", "Service[nftables]", "Service[prometheus-node-textfile-check-nft.timer]", "Systemd::Service[nftables]", "Systemd::Service[prometheus-node-textfile-check-nft]", "Systemd::Syslog[prometheus-node-textfile-check-nft]", "Systemd::Timer::Job[prometheus-node-textfile-check-nft]", "Systemd::Timer[prometheus-node-textfile-check-nft]", "Systemd::Unit[nftables]", "Systemd::Unit[prometheus-node-textfile-check-nft.service]", "Systemd::Unit[prometheus-node-textfile-check-nft.timer]", "Systemd::Unmask[nftables.service]"], "resource_diffs": [{"resource": "Systemd::Timer[nrpe2nodexp-ferm_active]", "parameters": "--- Systemd::Timer[nrpe2nodexp-ferm_active].orig\n+++ Systemd::Timer[nrpe2nodexp-ferm_active]\n\n-    fixed_random_delay => True\n-    splay              => 600\n-    timer_intervals    => [{'start': 'OnUnitInactiveSec', 'interval': '10min'}, {'interval': '1s', 'start': 'OnActiveSec'}]\n-    ensure             => present\n-    accuracy           => 15sec\n-    unit_name          => nrpe2nodexp-ferm_active.service\n"}, {"resource": "File[/etc/ferm/ferm.conf]", "parameters": "--- File[/etc/ferm/ferm.conf].orig\n+++ File[/etc/ferm/ferm.conf]\n\n-    require => Package[ferm]\n-    group   => root\n-    ensure  => file\n-    source  => puppet:///modules/ferm/ferm.conf\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "File[/etc/rsyslog.d/40-ulogd.conf]", "content": "--- /etc/rsyslog.d/40-ulogd.conf.orig\n+++ /etc/rsyslog.d/40-ulogd.conf\n@@ -1,10 +0,0 @@\n-# rsyslog.conf(5) configuration file for services.\n-# This file is managed by Puppet.\n-if $programname startswith \"ulogd\" then {\n-    action(\n-        type=\"omfile\" file=\"/var/log/ulogd/syslog.log\"\n-        fileOwner=\"root\" fileGroup=\"root\"\n-        fileCreateMode=\"0600\"\n-    )\n-    & stop\n-}", "parameters": "--- File[/etc/rsyslog.d/40-ulogd.conf].orig\n+++ File[/etc/rsyslog.d/40-ulogd.conf]\n\n-    group  => root\n-    ensure => present\n-    notify => Service[rsyslog]\n-    mode   => 0444\n-    owner  => root\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_ulogd2]", "content": "--- /etc/logrotate.d/wmf_auto_restart_ulogd2.orig\n+++ /etc/logrotate.d/wmf_auto_restart_ulogd2\n@@ -1,12 +0,0 @@\n-# logrotate(8) config for wmf_auto_restart_ulogd2\n-\n-/var/log/wmf_auto_restart_ulogd2/*.log {\n-    daily\n-    copytruncate\n-    missingok\n-    compress\n-    delaycompress\n-    notifempty\n-    rotate 15\n-    size 256M\n-}", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_ulogd2].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_ulogd2]\n\n-    owner  => root\n-    group  => root\n-    mode   => 0444\n-    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set KAFKAMON_HOSTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.32.11,\n+             10.192.16.139\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]", "content": "--- /etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft.orig\n+++ /etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft\n@@ -0,0 +1,14 @@\n+# Autogenerated by puppet\n+set KAFKA_BROKERS_JUMBO_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.130.10,\n+             10.64.131.16,\n+             10.64.132.21,\n+             10.64.134.9,\n+             10.64.135.16,\n+             10.64.136.11,\n+             10.64.154.15,\n+             10.64.160.16,\n+             10.64.0.126\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft].orig\n+++ File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]", "content": "--- /etc/nftables/input/10_ssh-from-cumin-masters.nft.orig\n+++ /etc/nftables/input/10_ssh-from-cumin-masters.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr @CUMIN_MASTERS_ipv4 tcp dport { 22 } accept\n+ip6 saddr @CUMIN_MASTERS_ipv6 tcp dport { 22 } accept", "parameters": "--- File[/etc/nftables/input/10_ssh-from-cumin-masters.nft].orig\n+++ File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]\n\n+    tag     => nft\n+    require => ['Nftables::Set[CUMIN_MASTERS]']\n+    group   => root\n+    ensure  => present\n+    mode    => 0444\n+    notify  => ['Service[nftables]']\n+    owner   => root\n"}, {"resource": "Nftables::File[base]", "parameters": "--- Nftables::File[base].orig\n+++ Nftables::File[base]\n\n+    order  => 100\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/BASTION_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/BASTION_HOSTS_ipv6.nft\n@@ -0,0 +1,12 @@\n+# Autogenerated by puppet\n+set BASTION_HOSTS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:1:208:80:154:7,\n+             2a02:ec80:300:3:185:15:59:99,\n+             2620:0:860:4:208:80:153:110,\n+             2620:0:863:3:198:35:26:104,\n+             2001:df2:e500:3:103:102:166:103,\n+             2a02:ec80:600:1:185:15:58:6,\n+             2a02:ec80:700:3:195:200:68:99\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]", "content": "--- /etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft.orig\n+++ /etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft\n@@ -0,0 +1,15 @@\n+# Autogenerated by puppet\n+set KAFKA_BROKERS_LOGGING_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:102:10:64:16:205,\n+             2620:0:861:10c:10:64:133:11,\n+             2620:0:861:13d:10:64:183:12,\n+             2620:0:861:10a:10:64:131:13,\n+             2620:0:861:10e:10:64:135:13,\n+             2620:0:860:113:10:192:23:29,\n+             2620:0:860:10c:10:192:11:28,\n+             2620:0:860:105:10:192:26:22,\n+             2620:0:860:10c:10:192:11:27,\n+             2620:0:860:11e:10:192:39:25\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft].orig\n+++ File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nrpe::Check[check_ferm_active]", "parameters": "--- Nrpe::Check[check_ferm_active].orig\n+++ Nrpe::Check[check_ferm_active]\n\n-    command   => /usr/local/lib/nagios/plugins/check_ferm\n-    sudo_user => root\n-    before    => Monitoring::Service[ferm_active]\n-    ensure    => present\n"}, {"resource": "Service[ulogd2]", "parameters": "--- Service[ulogd2].orig\n+++ Service[ulogd2]\n\n-    require => Package[ulogd2]\n-    enable  => True\n-    ensure  => running\n"}, {"resource": "Package[iptables]", "parameters": "--- Package[iptables].orig\n+++ Package[iptables]\n\n@@\n-    ensure => installed\n+    ensure => absent\n"}, {"resource": "Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]", "parameters": "--- Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS].orig\n+++ Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]\n\n+    hosts  => ['10.194.61.0/24', '2620:0:860:302::/64']\n+    ensure => present\n"}, {"resource": "Nftables::Service[parsercache_mariadb_dba]", "parameters": "--- Nftables::Service[parsercache_mariadb_dba].orig\n+++ Nftables::Service[parsercache_mariadb_dba]\n\n+    desc                => \n+    ensure              => present\n+    proto               => tcp\n+    src_sets            => ['MYSQL_ROOT_CLIENTS']\n+    port                => 3307\n+    prio                => 10\n+    notrack             => False\n+    unrestricted_access => False\n"}, {"resource": "File[/etc/nftables.conf]", "parameters": "--- File[/etc/nftables.conf].orig\n+++ File[/etc/nftables.conf]\n\n+    group  => root\n+    ensure => absent\n+    owner  => root\n"}, {"resource": "Class[Profile::Firewall::Nftables_base_sets]", "parameters": "--- Class[Profile::Firewall::Nftables_base_sets].orig\n+++ Class[Profile::Firewall::Nftables_base_sets]\n\n+    kafkamon_hosts        => ['10.64.32.11', '2620:0:861:103:10:64:32:11', '10.192.16.139', '2620:0:860:102:10:192:16:139']\n+    install_hosts         => {'eqiad': '208.80.154.134', 'codfw': '208.80.153.70', 'esams': '185.15.59.101', 'ulsfo': '198.35.26.98', 'eqsin': '103.102.166.104', 'drmrs': '185.15.58.7', 'magru': '195.200.68.100'}\n+    zookeeper_flink_hosts => ['10.64.16.9', '2620:0:861:102:10:64:16:9', '10.64.0.8', '2620:0:861:101:10:64:0:8', '10.64.32.41', '2620:0:861:103:10:64:32:41', '10.192.16.227', '2620:0:860:102:10:192:16:227', '10.192.32.179', '2620:0:860:103:10:192:32:179', '10.192.48.219', '2620:0:860:104:10:192:48:219']\n+    kafka_brokers_jumbo   => ['10.64.130.10', '2620:0:861:109:10:64:130:10', '10.64.131.16', '2620:0:861:10a:10:64:131:16', '10.64.132.21', '2620:0:861:10b:10:64:132:21', '10.64.134.9', '2620:0:861:10d:10:64:134:9', '10.64.135.16', '2620:0:861:10e:10:64:135:16', '10.64.136.11', '2620:0:861:10f:10:64:136:11', '10.64.154.15', '2620:0:861:122:10:64:154:15', '10.64.160.16', '2620:0:861:128:10:64:160:16', '10.64.0.126', '2620:0:861:101:10:64:0:126']\n+    monitoring_hosts      => ['208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']\n+    lb_health_checks      => ['10.64.0.136', '10.64.16.60', '10.64.158.19', '10.64.166.19', '10.64.133.19', '10.64.141.19', '10.64.169.19', '10.64.171.19', '10.64.173.19', '10.64.175.19', '10.64.177.19', '10.64.179.19', '10.64.181.19', '10.64.183.19', '10.64.185.19', '10.64.187.19', '10.64.189.19', '10.64.48.72', '10.64.37.17', '10.64.1.17', '10.64.17.17', '10.64.33.17', '10.64.130.20', '10.64.131.20', '10.64.132.20', '10.64.134.20', '10.64.135.20', '10.64.136.20', '10.64.158.20', '10.64.166.20', '10.64.133.20', '10.64.141.20', '10.64.169.20', '10.64.171.20', '10.64.173.20', '10.64.175.20', '10.64.177.20', '10.64.179.20', '10.64.181.20', '10.64.183.20', '10.64.185.20', '10.64.187.20', '10.64.189.20', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:107::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:119::/64', '2620:0:861:10c::/64', '2620:0:861:113::/64', '2620:0:861:119::/64', '2620:0:861:131::/64', '2620:0:861:133::/64', '2620:0:861:135::/64', '2620:0:861:137::/64', '2620:0:861:139::/64', '2620:0:861:13b::/64', '2620:0:861:13d::/64', '2620:0:861:13f::/64', '2620:0:861:142::/64', '2620:0:861:144::/64', '10.192.23.8', '10.192.0.29', '10.192.17.8', '10.192.33.8', '10.192.49.8', '10.192.23.2', '10.192.5.2', '10.192.6.2', '10.192.7.2', '10.192.8.2', '10.192.9.2', '10.192.10.2', '10.192.11.2', '10.192.12.2', '10.192.13.2', '10.192.14.2', '10.192.15.2', '10.192.21.2', '10.192.22.2', '10.192.4.2', '10.192.26.2', '10.192.27.2', '10.192.28.2', '10.192.29.2', '10.192.30.2', '10.192.31.2', '10.192.36.2', '10.192.37.2', '10.192.38.2', '10.192.39.2', '10.192.40.2', '10.192.41.2', '10.192.42.2', '10.192.43.2', '10.192.11.8', '10.192.16.140', '10.192.1.8', '10.192.33.9', '10.192.49.9', '10.192.23.3', '10.192.5.3', '10.192.6.3', '10.192.7.3', '10.192.8.3', '10.192.9.3', '10.192.10.3', '10.192.11.3', '10.192.12.3', '10.192.13.3', '10.192.14.3', '10.192.15.3', '10.192.21.3', '10.192.22.3', '10.192.4.3', '10.192.26.3', '10.192.27.3', '10.192.28.3', '10.192.29.3', '10.192.30.3', '10.192.31.3', '10.192.36.3', '10.192.37.3', '10.192.38.3', '10.192.39.4', '10.192.40.3', '10.192.41.3', '10.192.42.3', '10.192.43.3', '10.192.32.14', '10.192.1.9', '10.192.17.9', '10.192.49.10', '10.192.23.4', '10.192.5.4', '10.192.6.4', '10.192.7.4', '10.192.8.4', '10.192.9.4', '10.192.10.4', '10.192.11.4', '10.192.12.4', '10.192.13.4', '10.192.14.4', '10.192.15.4', '10.192.21.4', '10.192.22.4', '10.192.4.5', '10.192.26.5', '10.192.27.5', '10.192.28.5', '10.192.29.5', '10.192.30.5', '10.192.31.5', '10.192.36.5', '10.192.37.5', '10.192.38.5', '10.192.39.6', '10.192.40.5', '10.192.41.5', '10.192.42.5', '10.192.43.5', '10.192.48.213', '10.192.1.13', '10.192.17.10', '10.192.33.10', '10.192.23.5', '10.192.5.8', '10.192.6.5', '10.192.7.5', '10.192.8.5', '10.192.9.5', '10.192.10.5', '10.192.11.5', '10.192.12.5', '10.192.13.5', '10.192.14.5', '10.192.15.5', '10.192.21.5', '10.192.22.5', '10.192.4.5', '10.192.26.5', '10.192.27.5', '10.192.28.5', '10.192.29.5', '10.192.30.5', '10.192.31.5', '10.192.36.5', '10.192.37.5', '10.192.38.5', '10.192.39.6', '10.192.40.5', '10.192.41.5', '10.192.42.5', '10.192.43.5', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '10.80.0.3', '10.80.1.8', '10.80.1.14', '10.80.0.9', '10.80.0.2', '10.80.1.10', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '10.128.1.18', '10.128.0.9', '10.128.1.11', '2620:0:863:101::/64', '2620:0:863:102::/64', '10.132.0.39', '10.132.0.6', '10.132.0.7', '2001:df2:e500:101::/64', '10.136.0.16', '10.136.1.19', '10.136.1.15', '10.136.0.19', '10.136.0.17', '10.136.1.20', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '10.140.0.13', '10.140.1.2', '10.140.1.14', '10.140.0.2', '10.140.0.14', '10.140.1.3', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64']\n+    labstore_hosts        => ['208.80.154.142', '2620:0:861:2:208:80:154:142', '208.80.154.71', '2620:0:861:3:208:80:154:71']\n+    druid_public_hosts    => ['10.64.131.9', '2620:0:861:10a:10:64:131:9', '10.64.132.12', '2620:0:861:10b:10:64:132:12', '10.64.135.9', '2620:0:861:10e:10:64:135:9', '10.64.32.101', '2620:0:861:103:10:64:32:101', '10.64.48.185', '2620:0:861:107:10:64:48:185']\n+    kafka_brokers_logging => ['10.64.16.205', '2620:0:861:102:10:64:16:205', '10.64.133.11', '2620:0:861:10c:10:64:133:11', '10.64.183.12', '2620:0:861:13d:10:64:183:12', '10.64.131.13', '2620:0:861:10a:10:64:131:13', '10.64.135.13', '2620:0:861:10e:10:64:135:13', '10.192.23.29', '2620:0:860:113:10:192:23:29', '10.192.11.28', '2620:0:860:10c:10:192:11:28', '10.192.26.22', '2620:0:860:105:10:192:26:22', '10.192.11.27', '2620:0:860:10c:10:192:11:27', '10.192.39.25', '2620:0:860:11e:10:192:39:25']\n+    cumin_masters         => ['10.64.16.154', '2620:0:861:102:10:64:16:154', '10.192.32.49', '2620:0:860:103:10:192:32:49']\n+    deployment_hosts      => ['10.64.16.93', '2620:0:861:102:10:64:16:93', '10.192.32.7', '2620:0:860:103:10:192:32:7']\n+    prometheus_nodes      => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet']\n+    bastion_hosts         => ['208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.103', '2001:df2:e500:3:103:102:166:103', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    mysql_root_clients    => ['10.64.16.90', '10.192.16.191', '10.64.16.154', '10.192.32.49', '208.80.154.9', '10.64.0.20']\n+    install_hosts6        => {'eqiad': '2620:0:861:2:208:80:154:134', 'codfw': '2620:0:860:3:208:80:153:70', 'esams': '2a02:ec80:300:3:185:15:59:101', 'ulsfo': '2620:0:863:3:198:35:26:98', 'eqsin': '2001:df2:e500:3:103:102:166:104', 'drmrs': '2a02:ec80:600:1:185:15:58:7', 'magru': '2a02:ec80:700:3:195:200:68:100'}\n+    cache_hosts           => ['10.64.0.79', '2620:0:861:101:10:64:0:79', '10.64.0.229', '2620:0:861:101:10:64:0:229', '10.64.0.14', '2620:0:861:101:10:64:0:14', '10.64.0.51', '2620:0:861:101:10:64:0:51', '10.64.16.241', '2620:0:861:102:10:64:16:241', '10.64.16.94', '2620:0:861:102:10:64:16:94', '10.64.16.95', '2620:0:861:102:10:64:16:95', '10.64.16.240', '2620:0:861:102:10:64:16:240', '10.64.32.14', '2620:0:861:103:10:64:32:14', '10.64.32.60', '2620:0:861:103:10:64:32:60', '10.64.32.15', '2620:0:861:103:10:64:32:15', '10.64.32.65', '2620:0:861:103:10:64:32:65', '10.64.48.16', '2620:0:861:107:10:64:48:16', '10.64.48.41', '2620:0:861:107:10:64:48:41', '10.64.48.27', '2620:0:861:107:10:64:48:27', '10.64.48.28', '2620:0:861:107:10:64:48:28', '10.192.23.26', '2620:0:860:113:10:192:23:26', '10.192.6.20', '2620:0:860:107:10:192:6:20', '10.192.12.35', '2620:0:860:10d:10:192:12:35', '10.192.14.25', '2620:0:860:10f:10:192:14:25', '10.192.4.22', '2620:0:860:100:10:192:4:22', '10.192.29.26', '2620:0:860:116:10:192:29:26', '10.192.30.29', '2620:0:860:119:10:192:30:29', '10.192.36.19', '2620:0:860:11b:10:192:36:19', '10.192.40.25', '2620:0:860:11f:10:192:40:25', '10.192.41.21', '2620:0:860:120:10:192:41:21', '10.192.56.3', '2620:0:860:12b:10:192:56:3', '10.192.56.4', '2620:0:860:12b:10:192:56:4', '10.192.57.3', '2620:0:860:12c:10:192:57:3', '10.192.58.2', '2620:0:860:12d:10:192:58:2', '10.192.58.3', '2620:0:860:12d:10:192:58:3', '10.192.59.2', '2620:0:860:12e:10:192:59:2', '10.80.0.14', '2a02:ec80:300:101:10:80:0:14', '10.80.1.11', '2a02:ec80:300:102:10:80:1:11', '10.80.0.13', '2a02:ec80:300:101:10:80:0:13', '10.80.1.9', '2a02:ec80:300:102:10:80:1:9', '10.80.0.12', '2a02:ec80:300:101:10:80:0:12', '10.80.1.7', '2a02:ec80:300:102:10:80:1:7', '10.80.0.11', '2a02:ec80:300:101:10:80:0:11', '10.80.1.6', '2a02:ec80:300:102:10:80:1:6', '10.80.0.10', '2a02:ec80:300:101:10:80:0:10', '10.80.1.5', '2a02:ec80:300:102:10:80:1:5', '10.80.0.8', '2a02:ec80:300:101:10:80:0:8', '10.80.1.4', '2a02:ec80:300:102:10:80:1:4', '10.80.0.7', '2a02:ec80:300:101:10:80:0:7', '10.80.1.3', '2a02:ec80:300:102:10:80:1:3', '10.80.0.6', '2a02:ec80:300:101:10:80:0:6', '10.80.1.2', '2a02:ec80:300:102:10:80:1:2', '10.128.0.19', '2620:0:863:101:10:128:0:19', '10.128.1.27', '2620:0:863:102:10:128:1:27', '10.128.0.22', '2620:0:863:101:10:128:0:22', '10.128.1.28', '2620:0:863:102:10:128:1:28', '10.128.0.25', '2620:0:863:101:10:128:0:25', '10.128.1.29', '2620:0:863:102:10:128:1:29', '10.128.0.26', '2620:0:863:101:10:128:0:26', '10.128.1.31', '2620:0:863:102:10:128:1:31', '10.128.0.14', '2620:0:863:101:10:128:0:14', '10.128.1.35', '2620:0:863:102:10:128:1:35', '10.128.0.21', '2620:0:863:101:10:128:0:21', '10.128.1.36', '2620:0:863:102:10:128:1:36', '10.128.0.24', '2620:0:863:101:10:128:0:24', '10.128.1.10', '2620:0:863:102:10:128:1:10', '10.128.0.37', '2620:0:863:101:10:128:0:37', '10.128.1.12', '2620:0:863:102:10:128:1:12', '10.132.0.17', '2001:df2:e500:101:10:132:0:17', '10.132.0.18', '2001:df2:e500:101:10:132:0:18', '10.132.0.19', '2001:df2:e500:101:10:132:0:19', '10.132.0.24', '2001:df2:e500:101:10:132:0:24', '10.132.0.29', '2001:df2:e500:101:10:132:0:29', '10.132.0.30', '2001:df2:e500:101:10:132:0:30', '10.132.0.34', '2001:df2:e500:101:10:132:0:34', '10.132.0.35', '2001:df2:e500:101:10:132:0:35', '10.132.0.36', '2001:df2:e500:101:10:132:0:36', '10.132.0.37', '2001:df2:e500:101:10:132:0:37', '10.132.0.38', '2001:df2:e500:101:10:132:0:38', '10.132.0.25', '2001:df2:e500:101:10:132:0:25', '10.132.0.26', '2001:df2:e500:101:10:132:0:26', '10.132.0.27', '2001:df2:e500:101:10:132:0:27', '10.132.0.28', '2001:df2:e500:101:10:132:0:28', '10.132.0.16', '2001:df2:e500:101:10:132:0:16', '10.136.0.6', '2a02:ec80:600:101:10:136:0:6', '10.136.1.6', '2a02:ec80:600:102:10:136:1:6', '10.136.0.7', '2a02:ec80:600:101:10:136:0:7', '10.136.1.7', '2a02:ec80:600:102:10:136:1:7', '10.136.0.8', '2a02:ec80:600:101:10:136:0:8', '10.136.1.8', '2a02:ec80:600:102:10:136:1:8', '10.136.0.9', '2a02:ec80:600:101:10:136:0:9', '10.136.1.9', '2a02:ec80:600:102:10:136:1:9', '10.136.0.10', '2a02:ec80:600:101:10:136:0:10', '10.136.1.10', '2a02:ec80:600:102:10:136:1:10', '10.136.0.11', '2a02:ec80:600:101:10:136:0:11', '10.136.1.11', '2a02:ec80:600:102:10:136:1:11', '10.136.0.12', '2a02:ec80:600:101:10:136:0:12', '10.136.1.12', '2a02:ec80:600:102:10:136:1:12', '10.136.0.13', '2a02:ec80:600:101:10:136:0:13', '10.136.1.13', '2a02:ec80:600:102:10:136:1:13', '10.140.0.3', '2a02:ec80:700:101:10:140:0:3', '10.140.1.4', '2a02:ec80:700:102:10:140:1:4', '10.140.0.4', '2a02:ec80:700:101:10:140:0:4', '10.140.1.5', '2a02:ec80:700:102:10:140:1:5', '10.140.0.5', '2a02:ec80:700:101:10:140:0:5', '10.140.1.6', '2a02:ec80:700:102:10:140:1:6', '10.140.0.6', '2a02:ec80:700:101:10:140:0:6', '10.140.1.7', '2a02:ec80:700:102:10:140:1:7', '10.140.0.7', '2a02:ec80:700:101:10:140:0:7', '10.140.1.8', '2a02:ec80:700:102:10:140:1:8', '10.140.0.8', '2a02:ec80:700:101:10:140:0:8', '10.140.1.9', '2a02:ec80:700:102:10:140:1:9', '10.140.0.9', '2a02:ec80:700:101:10:140:0:9', '10.140.1.10', '2a02:ec80:700:102:10:140:1:10', '10.140.0.10', '2a02:ec80:700:101:10:140:0:10', '10.140.1.11', '2a02:ec80:700:102:10:140:1:11']\n+    zookeeper_hosts_main  => ['10.64.0.207', '2620:0:861:101:10:64:0:207', '10.64.16.110', '2620:0:861:102:10:64:16:110', '10.64.48.154', '2620:0:861:107:10:64:48:154', '10.192.16.45', '2620:0:860:102:10:192:16:45', '10.192.32.52', '2620:0:860:103:10:192:32:52', '10.192.48.59', '2620:0:860:104:10:192:48:59']\n+    kafka_brokers_main    => ['10.192.5.9', '2620:0:860:106:10:192:5:9', '10.192.22.6', '2620:0:860:112:10:192:22:6', '10.192.32.4', '2620:0:860:103:10:192:32:4', '10.192.48.33', '2620:0:860:104:10:192:48:33', '10.192.48.35', '2620:0:860:104:10:192:48:35', '10.64.0.101', '2620:0:861:101:10:64:0:101', '10.64.16.30', '2620:0:861:102:10:64:16:30', '10.64.32.45', '2620:0:861:103:10:64:32:45', '10.64.48.37', '2620:0:861:107:10:64:48:37', '10.64.152.5', '2620:0:861:120:10:64:152:5']\n"}, {"resource": "File[/etc/nftables/100_base_puppet.nft]", "content": "--- /etc/nftables/100_base_puppet.nft.orig\n+++ /etc/nftables/100_base_puppet.nft\n@@ -0,0 +1,45 @@\n+# SPDX-License-Identifier: Apache-2.0\n+table inet base {\n+\n+    # Include all Puppet-managed sets\n+    include \"/etc/nftables/sets/*.nft\"\n+\n+    chain prerouting {\n+        type filter hook prerouting priority -300;\n+\n+        # Include all Puppet-managed rules targetting prerouting chain\n+        include \"/etc/nftables/prerouting/*.nft\"\n+        # Include all Puppet-managed exceptions from connection tracking\n+        include \"/etc/nftables/notrack/*.nft\"\n+    }\n+\n+    chain input {\n+        type filter hook input priority 0 ; policy drop;\n+\n+        ct state related,established accept\n+        iifname \"lo\" accept\n+        pkttype multicast accept\n+        meta l4proto ipv6-icmp accept\n+        ip protocol icmp accept\n+\n+        # Include all Puppet-managed service definitions for incoming traffic\n+        include \"/etc/nftables/input/*.nft\"\n+    }\n+\n+    chain output {\n+        type filter hook output priority 0 ; policy accept;\n+\n+        # Include any Puppet-managed client definitions filtering outbound traffic\n+        include \"/etc/nftables/output/*.nft\"\n+    }\n+\n+    chain postrouting {\n+        type filter hook postrouting priority 0 ;\n+\n+        # Include any Puppet-managed custom rules to mark DSCP bits\n+        include \"/etc/nftables/postrouting/*.nft\"\n+        # Anything else mark as CS0 / default priority class\n+        ip dscp != cs0 ip dscp set cs0 counter\n+        ip6 dscp != cs0 ip6 dscp set cs0 counter\n+    }\n+}", "parameters": "--- File[/etc/nftables/100_base_puppet.nft].orig\n+++ File[/etc/nftables/100_base_puppet.nft]\n\n+    tag     => nft\n+    require => File[/etc/nftables/]\n+    group   => root\n+    ensure  => present\n+    mode    => 0444\n+    notify  => ['Service[nftables]']\n+    owner   => root\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]\n\n-    command     => /bin/systemctl daemon-reload\n-    before      => ['Service[wmf_auto_restart_ulogd2.timer]']\n-    refreshonly => True\n"}, {"resource": "Class[Profile::Apt]", "parameters": "--- Class[Profile::Apt].orig\n+++ Class[Profile::Apt]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[wmf-mariadb1011]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-common]', 'Package[monitoring-plugins-contrib]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[prometheus-mysqld-exporter]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[wmf-mariadb1011]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-common]', 'Package[monitoring-plugins-contrib]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[prometheus-mysqld-exporter]']\n"}, {"resource": "File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft\n@@ -0,0 +1,189 @@\n+# Autogenerated by puppet\n+set PRODUCTION_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.128.0.0/24,\n+             10.128.1.0/24,\n+             10.128.2.0/24,\n+             10.132.0.0/24,\n+             10.132.2.0/24,\n+             10.136.0.0/24,\n+             10.136.1.0/24,\n+             10.140.0.0/24,\n+             10.140.1.0/24,\n+             10.140.2.0/24,\n+             10.192.0.0/22,\n+             10.192.10.0/24,\n+             10.192.11.0/24,\n+             10.192.12.0/24,\n+             10.192.13.0/24,\n+             10.192.14.0/24,\n+             10.192.15.0/24,\n+             10.192.16.0/22,\n+             10.192.20.0/24,\n+             10.192.21.0/24,\n+             10.192.22.0/24,\n+             10.192.23.0/24,\n+             10.192.24.0/23,\n+             10.192.26.0/24,\n+             10.192.27.0/24,\n+             10.192.28.0/24,\n+             10.192.29.0/24,\n+             10.192.30.0/24,\n+             10.192.31.0/24,\n+             10.192.32.0/22,\n+             10.192.36.0/24,\n+             10.192.37.0/24,\n+             10.192.38.0/24,\n+             10.192.39.0/24,\n+             10.192.4.0/24,\n+             10.192.40.0/24,\n+             10.192.41.0/24,\n+             10.192.42.0/24,\n+             10.192.43.0/24,\n+             10.192.44.0/24,\n+             10.192.45.0/24,\n+             10.192.46.0/24,\n+             10.192.47.0/24,\n+             10.192.48.0/22,\n+             10.192.5.0/24,\n+             10.192.52.0/24,\n+             10.192.56.0/24,\n+             10.192.57.0/24,\n+             10.192.58.0/24,\n+             10.192.59.0/24,\n+             10.192.6.0/24,\n+             10.192.64.0/21,\n+             10.192.7.0/24,\n+             10.192.72.0/24,\n+             10.192.76.0/24,\n+             10.192.8.0/24,\n+             10.192.80.0/20,\n+             10.192.9.0/24,\n+             10.192.96.0/21,\n+             10.194.0.0/20,\n+             10.194.128.0/17,\n+             10.194.16.0/21,\n+             10.194.61.0/24,\n+             10.194.62.0/23,\n+             10.194.64.0/20,\n+             10.194.80.0/21,\n+             10.2.1.0/24,\n+             10.2.2.0/24,\n+             10.2.3.0/24,\n+             10.2.4.0/24,\n+             10.2.5.0/24,\n+             10.2.6.0/24,\n+             10.2.7.0/24,\n+             10.64.0.0/22,\n+             10.64.130.0/24,\n+             10.64.131.0/24,\n+             10.64.132.0/24,\n+             10.64.133.0/24,\n+             10.64.134.0/24,\n+             10.64.135.0/24,\n+             10.64.136.0/24,\n+             10.64.137.0/24,\n+             10.64.138.0/24,\n+             10.64.139.0/24,\n+             10.64.140.0/24,\n+             10.64.141.0/24,\n+             10.64.142.0/24,\n+             10.64.143.0/24,\n+             10.64.144.0/24,\n+             10.64.145.0/24,\n+             10.64.148.0/24,\n+             10.64.149.0/24,\n+             10.64.150.0/24,\n+             10.64.151.0/24,\n+             10.64.152.0/24,\n+             10.64.153.0/24,\n+             10.64.154.0/24,\n+             10.64.155.0/24,\n+             10.64.156.0/24,\n+             10.64.157.0/24,\n+             10.64.158.0/24,\n+             10.64.159.0/24,\n+             10.64.16.0/22,\n+             10.64.160.0/24,\n+             10.64.161.0/24,\n+             10.64.162.0/24,\n+             10.64.163.0/24,\n+             10.64.164.0/24,\n+             10.64.165.0/24,\n+             10.64.166.0/24,\n+             10.64.167.0/24,\n+             10.64.169.0/24,\n+             10.64.170.0/24,\n+             10.64.171.0/24,\n+             10.64.172.0/24,\n+             10.64.173.0/24,\n+             10.64.174.0/24,\n+             10.64.175.0/24,\n+             10.64.176.0/24,\n+             10.64.177.0/24,\n+             10.64.178.0/24,\n+             10.64.179.0/24,\n+             10.64.180.0/24,\n+             10.64.181.0/24,\n+             10.64.182.0/24,\n+             10.64.183.0/24,\n+             10.64.184.0/24,\n+             10.64.185.0/24,\n+             10.64.186.0/24,\n+             10.64.187.0/24,\n+             10.64.188.0/24,\n+             10.64.189.0/24,\n+             10.64.190.0/24,\n+             10.64.20.0/24,\n+             10.64.21.0/24,\n+             10.64.24.0/23,\n+             10.64.32.0/22,\n+             10.64.36.0/24,\n+             10.64.48.0/22,\n+             10.64.5.0/24,\n+             10.64.53.0/24,\n+             10.64.64.0/21,\n+             10.64.72.0/24,\n+             10.64.76.0/24,\n+             10.67.0.0/20,\n+             10.67.128.0/17,\n+             10.67.16.0/21,\n+             10.67.24.0/21,\n+             10.67.32.0/20,\n+             10.67.64.0/20,\n+             10.67.80.0/21,\n+             10.80.0.0/24,\n+             10.80.1.0/24,\n+             10.80.2.0/24,\n+             103.102.166.0/28,\n+             103.102.166.224/27,\n+             103.102.166.96/27,\n+             185.15.58.0/27,\n+             185.15.58.224/27,\n+             185.15.58.32/27,\n+             185.15.59.0/27,\n+             185.15.59.224/27,\n+             185.15.59.32/27,\n+             185.15.59.96/27,\n+             195.200.68.0/27,\n+             195.200.68.224/27,\n+             195.200.68.32/27,\n+             195.200.68.96/27,\n+             198.35.26.0/27,\n+             198.35.26.32/27,\n+             198.35.26.96/27,\n+             208.80.152.128/27,\n+             208.80.153.0/27,\n+             208.80.153.224/27,\n+             208.80.153.32/27,\n+             208.80.153.64/27,\n+             208.80.153.96/27,\n+             208.80.154.0/26,\n+             208.80.154.128/26,\n+             208.80.154.224/27,\n+             208.80.154.64/26,\n+             208.80.155.96/27\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft\n@@ -0,0 +1,13 @@\n+# Autogenerated by puppet\n+set SANDBOX_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2001:df2:e500:202::/64,\n+             2620:0:860:201::/64,\n+             2620:0:861:202::/64,\n+             2620:0:863:201::/64,\n+             2a02:ec80:300:202::/64,\n+             2a02:ec80:700:201::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft\n@@ -0,0 +1,27 @@\n+# Autogenerated by puppet\n+set CLOUD_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 172.16.0.0/21,\n+             172.16.128.0/24,\n+             172.16.129.0/24,\n+             172.16.130.0/24,\n+             172.16.131.0/24,\n+             172.16.16.0/21,\n+             172.16.24.0/24,\n+             172.16.8.0/21,\n+             172.20.1.0/24,\n+             172.20.2.0/24,\n+             172.20.254.0/24,\n+             172.20.255.0/24,\n+             172.20.3.0/24,\n+             172.20.4.0/24,\n+             172.20.5.0/24,\n+             185.15.56.0/25,\n+             185.15.56.160/28,\n+             185.15.57.0/29,\n+             185.15.57.16/29,\n+             185.15.57.24/29\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Class[Adduser]", "parameters": "--- Class[Adduser].orig\n+++ Class[Adduser]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[wmf-mariadb1011]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-common]', 'Package[monitoring-plugins-contrib]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[prometheus-mysqld-exporter]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[wmf-mariadb1011]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-common]', 'Package[monitoring-plugins-contrib]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[prometheus-mysqld-exporter]']\n"}, {"resource": "File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/MONITORING_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/MONITORING_HOSTS_ipv6.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set MONITORING_HOSTS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:3:208:80:154:78,\n+             2620:0:860:2:208:80:153:42\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]", "parameters": "--- Nftables::Set[MLSERVE_KUBEPODS_NETWORKS].orig\n+++ Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]\n\n+    hosts  => ['10.67.16.0/21', '2620:0:861:300::/64', '10.194.16.0/21', '2620:0:860:300::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set WIKIKUBE_KUBEPODS_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:861:cabe::/64,\n+             2620:0:860:cabe::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Service[mariadb_internal]", "parameters": "--- Nftables::Service[mariadb_internal].orig\n+++ Nftables::Service[mariadb_internal]\n\n+    desc                => \n+    ensure              => present\n+    proto               => tcp\n+    src_sets            => ['INTERNAL']\n+    notrack             => True\n+    port                => 3306\n+    prio                => 10\n+    unrestricted_access => False\n"}, {"resource": "Systemd::Service[nftables]", "parameters": "--- Systemd::Service[nftables].orig\n+++ Systemd::Service[nftables]\n\n+    monitoring_contact_group => admins\n+    unit_type                => service\n+    restart                  => False\n+    ensure                   => present\n+    monitoring_enabled       => False\n+    override                 => True\n+    monitoring_critical      => False\n+    migration_task           => T407130\n+    service_params           => {'hasrestart': True, 'restart': '/usr/bin/systemctl reload nftables'}\n"}, {"resource": "File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/LABS_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/LABS_NETWORKS_ipv6.nft\n@@ -0,0 +1,20 @@\n+# Autogenerated by puppet\n+set LABS_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2a02:ec80:a000:100::/64,\n+             2a02:ec80:a000:1::/64,\n+             2a02:ec80:a000:201::/64,\n+             2a02:ec80:a000:202::/64,\n+             2a02:ec80:a000:203::/64,\n+             2a02:ec80:a000:204::/64,\n+             2a02:ec80:a000:2ff::/64,\n+             2a02:ec80:a000:4000::/64,\n+             2a02:ec80:a100:100::/64,\n+             2a02:ec80:a100:1::/64,\n+             2a02:ec80:a100:205::/64,\n+             2a02:ec80:a100:2ff::/64,\n+             2a02:ec80:a100:4000::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[MYSQL_ROOT_CLIENTS]", "parameters": "--- Nftables::Set[MYSQL_ROOT_CLIENTS].orig\n+++ Nftables::Set[MYSQL_ROOT_CLIENTS]\n\n+    hosts  => ['10.64.16.90', '10.192.16.191', '10.64.16.154', '10.192.32.49', '208.80.154.9', '10.64.0.20']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/input/10_ssh-from-bastion.nft]", "content": "--- /etc/nftables/input/10_ssh-from-bastion.nft.orig\n+++ /etc/nftables/input/10_ssh-from-bastion.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr { 103.102.166.103, 185.15.58.6, 185.15.59.99, 195.200.68.99, 198.35.26.104, 208.80.153.110, 208.80.154.7 } tcp dport { 22 } accept\n+ip6 saddr { 2001:df2:e500:3:103:102:166:103, 2620:0:860:4:208:80:153:110, 2620:0:861:1:208:80:154:7, 2620:0:863:3:198:35:26:104, 2a02:ec80:300:3:185:15:59:99, 2a02:ec80:600:1:185:15:58:6, 2a02:ec80:700:3:195:200:68:99 } tcp dport { 22 } accept", "parameters": "--- File[/etc/nftables/input/10_ssh-from-bastion.nft].orig\n+++ File[/etc/nftables/input/10_ssh-from-bastion.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]", "parameters": "--- Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)].orig\n+++ Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]\n\n-    command     => /bin/systemctl daemon-reload\n-    before      => ['Service[ferm]']\n-    refreshonly => True\n"}, {"resource": "File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/FRACK_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/FRACK_NETWORKS_ipv6.nft\n@@ -0,0 +1,4 @@\n+# Autogenerated by puppet\n+set FRACK_NETWORKS_ipv6 {\n+    type ipv6_addr\n+}", "parameters": "--- File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nrpe::Monitor_service[ferm_active]", "parameters": "--- Nrpe::Monitor_service[ferm_active].orig\n+++ Nrpe::Monitor_service[ferm_active]\n\n-    nrpe_command                => /usr/local/lib/nagios/plugins/check_ferm\n-    notes_url                   => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm\n-    sudo_user                   => root\n-    enable_icinga_check         => True\n-    alertmanager_team           => observability\n-    timeout                     => 10\n-    enable_nrpe2nodexp          => True\n-    ensure                      => present\n-    retry_interval              => 1\n-    description                 => Check whether ferm is active by checking the default input chain\n-    nrpe2nodexp_parse_perf_data => False\n-    check_interval              => 30\n-    critical                    => False\n-    contact_group               => admins\n-    retries                     => 3\n-    migration_task              => T350694\n"}, {"resource": "Nftables::Set[INSTALL_HOSTS]", "parameters": "--- Nftables::Set[INSTALL_HOSTS].orig\n+++ Nftables::Set[INSTALL_HOSTS]\n\n+    hosts  => ['208.80.154.134', '208.80.153.70', '185.15.59.101', '198.35.26.98', '103.102.166.104', '185.15.58.7', '195.200.68.100', '2620:0:861:2:208:80:154:134', '2620:0:860:3:208:80:153:70', '2a02:ec80:300:3:185:15:59:101', '2620:0:863:3:198:35:26:98', '2001:df2:e500:3:103:102:166:104', '2a02:ec80:600:1:185:15:58:7', '2a02:ec80:700:3:195:200:68:100']\n+    ensure => present\n"}, {"resource": "Package[nftables]", "parameters": "--- Package[nftables].orig\n+++ Package[nftables]\n\n+    provider => apt\n+    ensure   => present\n"}, {"resource": "Nftables::Set[MW_APPSERVER_NETWORKS]", "parameters": "--- Nftables::Set[MW_APPSERVER_NETWORKS].orig\n+++ Nftables::Set[MW_APPSERVER_NETWORKS]\n\n+    hosts  => ['10.64.0.0/22', '10.64.130.0/24', '10.64.131.0/24', '10.64.132.0/24', '10.64.133.0/24', '10.64.134.0/24', '10.64.135.0/24', '10.64.136.0/24', '10.64.141.0/24', '10.64.152.0/24', '10.64.154.0/24', '10.64.156.0/24', '10.64.158.0/24', '10.64.16.0/22', '10.64.160.0/24', '10.64.162.0/24', '10.64.164.0/24', '10.64.166.0/24', '10.64.169.0/24', '10.64.171.0/24', '10.64.173.0/24', '10.64.175.0/24', '10.64.177.0/24', '10.64.179.0/24', '10.64.181.0/24', '10.64.183.0/24', '10.64.185.0/24', '10.64.187.0/24', '10.64.189.0/24', '10.64.32.0/22', '10.64.48.0/22', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:107::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10c::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:113::/64', '2620:0:861:119::/64', '2620:0:861:120::/64', '2620:0:861:122::/64', '2620:0:861:124::/64', '2620:0:861:126::/64', '2620:0:861:128::/64', '2620:0:861:12a::/64', '2620:0:861:12c::/64', '2620:0:861:12e::/64', '2620:0:861:131::/64', '2620:0:861:133::/64', '2620:0:861:135::/64', '2620:0:861:137::/64', '2620:0:861:139::/64', '2620:0:861:13b::/64', '2620:0:861:13d::/64', '2620:0:861:13f::/64', '2620:0:861:142::/64', '2620:0:861:144::/64', '10.192.0.0/22', '10.192.10.0/24', '10.192.11.0/24', '10.192.12.0/24', '10.192.13.0/24', '10.192.14.0/24', '10.192.15.0/24', '10.192.16.0/22', '10.192.21.0/24', '10.192.22.0/24', '10.192.23.0/24', '10.192.26.0/24', '10.192.27.0/24', '10.192.28.0/24', '10.192.29.0/24', '10.192.30.0/24', '10.192.31.0/24', '10.192.32.0/22', '10.192.36.0/24', '10.192.37.0/24', '10.192.38.0/24', '10.192.39.0/24', '10.192.4.0/24', '10.192.40.0/24', '10.192.41.0/24', '10.192.42.0/24', '10.192.43.0/24', '10.192.44.0/24', '10.192.45.0/24', '10.192.46.0/24', '10.192.47.0/24', '10.192.48.0/22', '10.192.5.0/24', '10.192.52.0/24', '10.192.56.0/24', '10.192.57.0/24', '10.192.58.0/24', '10.192.59.0/24', '10.192.6.0/24', '10.192.7.0/24', '10.192.8.0/24', '10.192.9.0/24', '2620:0:860:100::/64', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '2620:0:860:105::/64', '2620:0:860:106::/64', '2620:0:860:107::/64', '2620:0:860:108::/64', '2620:0:860:109::/64', '2620:0:860:10a::/64', '2620:0:860:10b::/64', '2620:0:860:10c::/64', '2620:0:860:10d::/64', '2620:0:860:10e::/64', '2620:0:860:10f::/64', '2620:0:860:110::/64', '2620:0:860:111::/64', '2620:0:860:112::/64', '2620:0:860:113::/64', '2620:0:860:114::/64', '2620:0:860:115::/64', '2620:0:860:116::/64', '2620:0:860:119::/64', '2620:0:860:11a::/64', '2620:0:860:11b::/64', '2620:0:860:11c::/64', '2620:0:860:11d::/64', '2620:0:860:11e::/64', '2620:0:860:11f::/64', '2620:0:860:120::/64', '2620:0:860:121::/64', '2620:0:860:122::/64', '2620:0:860:123::/64', '2620:0:860:124::/64', '2620:0:860:125::/64', '2620:0:860:126::/64', '2620:0:860:127::/64', '2620:0:860:12b::/64', '2620:0:860:12c::/64', '2620:0:860:12d::/64', '2620:0:860:12e::/64', '10.192.64.0/21', '10.192.96.0/21', '10.194.128.0/17', '10.194.16.0/21', '10.194.61.0/24', '10.194.80.0/21', '10.64.64.0/21', '10.67.128.0/17', '10.67.16.0/21', '10.67.24.0/21', '10.67.80.0/21', '2620:0:860:300::/64', '2620:0:860:302::/64', '2620:0:860:305::/64', '2620:0:860:308::/64', '2620:0:860:babe::/64', '2620:0:860:cabe::/64', '2620:0:861:300::/64', '2620:0:861:302::/64', '2620:0:861:305::/64', '2620:0:861:babe::/64', '2620:0:861:cabe::/64', '208.80.154.0/26', '208.80.154.128/26', '208.80.154.64/26', '208.80.155.96/27', '2620:0:861:1::/64', '2620:0:861:2::/64', '2620:0:861:3::/64', '2620:0:861:4::/64', '208.80.153.0/27', '208.80.153.32/27', '208.80.153.64/27', '208.80.153.96/27', '2620:0:860:1::/64', '2620:0:860:2::/64', '2620:0:860:3::/64', '2620:0:860:4::/64']\n+    ensure => present\n"}, {"resource": "Systemd::Timer::Job[prometheus-node-textfile-check-nft]", "parameters": "--- Systemd::Timer::Job[prometheus-node-textfile-check-nft].orig\n+++ Systemd::Timer::Job[prometheus-node-textfile-check-nft]\n\n+    monitoring_contact_groups => admins\n+    send_mail_only_on_error   => True\n+    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+    logfile_basedir           => /var/log\n+    logfile_name              => syslog.log\n+    send_mail_to              => root@pc2022.codfw.wmnet\n+    monitoring_enabled        => False\n+    private_tmp               => False\n+    logfile_perms             => all\n+    fixed_random_delay        => False\n+    ensure                    => present\n+    command                   => /usr/local/bin/check-nft\n+    interval                  => {'start': 'OnCalendar', 'interval': '*:0/30'}\n+    logfile_group             => root\n+    user                      => root\n+    description               => Systemd timer to gather node metrics for check-nft\n+    environment               => {}\n+    logging_enabled           => True\n+    syslog_match_startswith   => True\n+    success_exit_status       => []\n+    send_mail                 => False\n+    ignore_errors             => False\n+    syslog_force_stop         => True\n"}, {"resource": "Nftables::Set[LABSTORE_HOSTS]", "parameters": "--- Nftables::Set[LABSTORE_HOSTS].orig\n+++ Nftables::Set[LABSTORE_HOSTS]\n\n+    hosts  => ['208.80.154.142', '2620:0:861:2:208:80:154:142', '208.80.154.71', '2620:0:861:3:208:80:154:71']\n+    ensure => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_ulogd2.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_ulogd2.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_ulogd2.timer]\n\n-    require           => ['Class[Systemd]']\n-    restart           => False\n-    override          => False\n-    ensure            => present\n-    override_filename => puppet-override.conf\n-    unit              => wmf_auto_restart_ulogd2.timer\n"}, {"resource": "Systemd::Timer[prometheus-node-textfile-check-nft]", "parameters": "--- Systemd::Timer[prometheus-node-textfile-check-nft].orig\n+++ Systemd::Timer[prometheus-node-textfile-check-nft]\n\n+    fixed_random_delay => False\n+    splay              => 0\n+    timer_intervals    => [{'start': 'OnCalendar', 'interval': '*:0/30'}]\n+    ensure             => present\n+    accuracy           => 15sec\n+    unit_name          => prometheus-node-textfile-check-nft.service\n"}, {"resource": "Systemd::Override[ferm-service-status-restart]", "parameters": "--- Systemd::Override[ferm-service-status-restart].orig\n+++ Systemd::Override[ferm-service-status-restart]\n\n-    source  => puppet:///modules/ferm/ferm_systemd_override\n-    restart => False\n-    ensure  => present\n-    unit    => ferm\n"}, {"resource": "File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft\n@@ -0,0 +1,12 @@\n+# Autogenerated by puppet\n+set CLOUD_PRIVATE_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 172.20.1.0/24,\n+             172.20.2.0/24,\n+             172.20.3.0/24,\n+             172.20.4.0/24,\n+             172.20.5.0/24\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/ulogd.conf]", "content": "--- /etc/ulogd.conf.orig\n+++ /etc/ulogd.conf\n@@ -1,71 +0,0 @@\n-# MANAGED BY PUPPET\n-[global]\n-logfile=syslog\n-loglevel=3\n-\n-\n-stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,syslog1:SYSLOG\n-\n-\n-\n-\n-[ct1]\n-\n-[ct2]\n-hash_enable=0\n-\n-[mark]\n-\n-[log1]\n-group=0\n-\n-[log2]\n-group=1\n-\n-[log3]\n-group=2\n-\n-[logemu1]\n-sync=1\n-file=/var/log/ulog/syslogemu.log\n-\n-[emunfct1]\n-sync=1\n-file=/var/log/ulog/syslogemu_nfct.log\n-\n-[json1]\n-sync=1\n-file=/var/log/ulog/ulogd.json\n-\n-[jsonnfct1]\n-sync=1\n-file=/var/log/ulog/ulogd_nfct.json\n-\n-\n-[oprint1]\n-sync=1\n-file=/var/log/ulog/oprint.log\n-\n-[gprint1]\n-sync=1\n-file=/var/log/ulog/gprint.log\n-\n-[json1]\n-sync=1\n-file=/var/log/ulog/ulogd.json\n-\n-[xml1]\n-sync=1\n-file=/var/log/ulog/\n-\n-[pcap1]\n-sync=1\n-file=\n-\n-[nacct1]\n-sync=1\n-file=\n-\n-[syslog1]\n-facility=LOG_LOCAL7\n-level=LOG_INFO", "parameters": "--- File[/etc/ulogd.conf].orig\n+++ File[/etc/ulogd.conf]\n\n-    owner  => root\n-    group  => root\n-    notify => Service[ulogd2]\n-    ensure => file\n"}, {"resource": "File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft\n@@ -0,0 +1,8 @@\n+# Autogenerated by puppet\n+set MLSTAGE_KUBEPODS_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:860:302::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Exec[systemd daemon-reload for nftables.service (nftables)]", "parameters": "--- Exec[systemd daemon-reload for nftables.service (nftables)].orig\n+++ Exec[systemd daemon-reload for nftables.service (nftables)]\n\n+    command     => /bin/systemctl daemon-reload\n+    before      => ['Service[nftables]']\n+    refreshonly => True\n"}, {"resource": "File[/etc/nftables/]", "parameters": "--- File[/etc/nftables/].orig\n+++ File[/etc/nftables/]\n\n+    group   => root\n+    recurse => True\n+    path    => /etc/nftables\n+    ensure  => directory\n+    purge   => True\n+    owner   => root\n"}, {"resource": "File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft\n@@ -0,0 +1,183 @@\n+# Autogenerated by puppet\n+set DOMAIN_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2001:df2:e500:101::/64,\n+             2001:df2:e500:103::/64,\n+             2001:df2:e500:1::/64,\n+             2001:df2:e500:3::/64,\n+             2001:df2:e500:ed1a::/64,\n+             2620:0:860:100::/64,\n+             2620:0:860:101::/64,\n+             2620:0:860:102::/64,\n+             2620:0:860:103::/64,\n+             2620:0:860:104::/64,\n+             2620:0:860:105::/64,\n+             2620:0:860:106::/64,\n+             2620:0:860:107::/64,\n+             2620:0:860:108::/64,\n+             2620:0:860:109::/64,\n+             2620:0:860:10a::/64,\n+             2620:0:860:10b::/64,\n+             2620:0:860:10c::/64,\n+             2620:0:860:10d::/64,\n+             2620:0:860:10e::/64,\n+             2620:0:860:10f::/64,\n+             2620:0:860:110::/64,\n+             2620:0:860:111::/64,\n+             2620:0:860:112::/64,\n+             2620:0:860:113::/64,\n+             2620:0:860:114::/64,\n+             2620:0:860:115::/64,\n+             2620:0:860:116::/64,\n+             2620:0:860:118::/64,\n+             2620:0:860:119::/64,\n+             2620:0:860:11a::/64,\n+             2620:0:860:11b::/64,\n+             2620:0:860:11c::/64,\n+             2620:0:860:11d::/64,\n+             2620:0:860:11e::/64,\n+             2620:0:860:11f::/64,\n+             2620:0:860:120::/64,\n+             2620:0:860:121::/64,\n+             2620:0:860:122::/64,\n+             2620:0:860:123::/64,\n+             2620:0:860:124::/64,\n+             2620:0:860:125::/64,\n+             2620:0:860:126::/64,\n+             2620:0:860:127::/64,\n+             2620:0:860:12b::/64,\n+             2620:0:860:12c::/64,\n+             2620:0:860:12d::/64,\n+             2620:0:860:12e::/64,\n+             2620:0:860:140::/64,\n+             2620:0:860:1::/64,\n+             2620:0:860:2::/64,\n+             2620:0:860:300::/64,\n+             2620:0:860:301::/64,\n+             2620:0:860:302::/64,\n+             2620:0:860:303::/64,\n+             2620:0:860:304::/64,\n+             2620:0:860:305::/64,\n+             2620:0:860:307::/64,\n+             2620:0:860:308::/64,\n+             2620:0:860:3::/64,\n+             2620:0:860:4::/64,\n+             2620:0:860:5::/64,\n+             2620:0:860:babe::/64,\n+             2620:0:860:babf::/64,\n+             2620:0:860:cabe::/64,\n+             2620:0:860:cabf::/64,\n+             2620:0:860:ed1a::/64,\n+             2620:0:861:100::/64,\n+             2620:0:861:101::/64,\n+             2620:0:861:102::/64,\n+             2620:0:861:103::/64,\n+             2620:0:861:104::/64,\n+             2620:0:861:105::/64,\n+             2620:0:861:106::/64,\n+             2620:0:861:107::/64,\n+             2620:0:861:108::/64,\n+             2620:0:861:109::/64,\n+             2620:0:861:10a::/64,\n+             2620:0:861:10b::/64,\n+             2620:0:861:10c::/64,\n+             2620:0:861:10d::/64,\n+             2620:0:861:10e::/64,\n+             2620:0:861:10f::/64,\n+             2620:0:861:110::/64,\n+             2620:0:861:111::/64,\n+             2620:0:861:112::/64,\n+             2620:0:861:113::/64,\n+             2620:0:861:114::/64,\n+             2620:0:861:115::/64,\n+             2620:0:861:116::/64,\n+             2620:0:861:117::/64,\n+             2620:0:861:118::/64,\n+             2620:0:861:119::/64,\n+             2620:0:861:11a::/64,\n+             2620:0:861:11c::/64,\n+             2620:0:861:11d::/64,\n+             2620:0:861:11e::/64,\n+             2620:0:861:11f::/64,\n+             2620:0:861:120::/64,\n+             2620:0:861:121::/64,\n+             2620:0:861:122::/64,\n+             2620:0:861:123::/64,\n+             2620:0:861:124::/64,\n+             2620:0:861:125::/64,\n+             2620:0:861:126::/64,\n+             2620:0:861:127::/64,\n+             2620:0:861:128::/64,\n+             2620:0:861:129::/64,\n+             2620:0:861:12a::/64,\n+             2620:0:861:12b::/64,\n+             2620:0:861:12c::/64,\n+             2620:0:861:12d::/64,\n+             2620:0:861:12e::/64,\n+             2620:0:861:12f::/64,\n+             2620:0:861:131::/64,\n+             2620:0:861:132::/64,\n+             2620:0:861:133::/64,\n+             2620:0:861:134::/64,\n+             2620:0:861:135::/64,\n+             2620:0:861:136::/64,\n+             2620:0:861:137::/64,\n+             2620:0:861:138::/64,\n+             2620:0:861:139::/64,\n+             2620:0:861:13a::/64,\n+             2620:0:861:13b::/64,\n+             2620:0:861:13c::/64,\n+             2620:0:861:13d::/64,\n+             2620:0:861:13e::/64,\n+             2620:0:861:13f::/64,\n+             2620:0:861:140::/64,\n+             2620:0:861:141::/64,\n+             2620:0:861:142::/64,\n+             2620:0:861:143::/64,\n+             2620:0:861:144::/64,\n+             2620:0:861:145::/64,\n+             2620:0:861:1::/64,\n+             2620:0:861:2::/64,\n+             2620:0:861:300::/64,\n+             2620:0:861:301::/116,\n+             2620:0:861:302::/64,\n+             2620:0:861:303::/116,\n+             2620:0:861:304::/116,\n+             2620:0:861:305::/64,\n+             2620:0:861:3::/64,\n+             2620:0:861:4::/64,\n+             2620:0:861:babe::/64,\n+             2620:0:861:babf::/116,\n+             2620:0:861:cabe::/64,\n+             2620:0:861:cabf::/116,\n+             2620:0:861:ed1a::/64,\n+             2620:0:863:101::/64,\n+             2620:0:863:102::/64,\n+             2620:0:863:103::/64,\n+             2620:0:863:1::/64,\n+             2620:0:863:2::/64,\n+             2620:0:863:3::/64,\n+             2620:0:863:ed1a::/64,\n+             2a02:ec80:300:101::/64,\n+             2a02:ec80:300:102::/64,\n+             2a02:ec80:300:103::/64,\n+             2a02:ec80:300:1::/64,\n+             2a02:ec80:300:2::/64,\n+             2a02:ec80:300:3::/64,\n+             2a02:ec80:300:ed1a::/64,\n+             2a02:ec80:600:101::/64,\n+             2a02:ec80:600:102::/64,\n+             2a02:ec80:600:1::/64,\n+             2a02:ec80:600:2::/64,\n+             2a02:ec80:600:ed1a::/64,\n+             2a02:ec80:700:101::/64,\n+             2a02:ec80:700:102::/64,\n+             2a02:ec80:700:103::/64,\n+             2a02:ec80:700:1::/64,\n+             2a02:ec80:700:2::/64,\n+             2a02:ec80:700:3::/64,\n+             2a02:ec80:700:ed1a::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Package[ferm]", "parameters": "--- Package[ferm].orig\n+++ Package[ferm]\n\n@@\n-    ensure => installed\n+    ensure => purged\n"}, {"resource": "File[/etc/nftables/prerouting]", "parameters": "--- File[/etc/nftables/prerouting].orig\n+++ File[/etc/nftables/prerouting]\n\n+    group   => root\n+    recurse => True\n+    ensure  => directory\n+    purge   => True\n+    owner   => root\n"}, {"resource": "File[/var/log/ulogd]", "parameters": "--- File[/var/log/ulogd].orig\n+++ File[/var/log/ulogd]\n\n-    force  => True\n-    group  => root\n-    backup => False\n-    ensure => directory\n-    mode   => 0755\n-    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/BASTION_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/BASTION_HOSTS_ipv4.nft\n@@ -0,0 +1,12 @@\n+# Autogenerated by puppet\n+set BASTION_HOSTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 208.80.154.7,\n+             208.80.153.110,\n+             185.15.59.99,\n+             198.35.26.104,\n+             103.102.166.103,\n+             185.15.58.6,\n+             195.200.68.99\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml]", "parameters": "--- File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml].orig\n+++ File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]", "parameters": "--- Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS].orig\n+++ Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]\n\n+    hosts  => ['10.67.128.0/17', '2620:0:861:cabe::/64', '10.194.128.0/17', '2620:0:860:cabe::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft\n@@ -0,0 +1,189 @@\n+# Autogenerated by puppet\n+set DOMAIN_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.128.0.0/24,\n+             10.128.1.0/24,\n+             10.128.2.0/24,\n+             10.132.0.0/24,\n+             10.132.2.0/24,\n+             10.136.0.0/24,\n+             10.136.1.0/24,\n+             10.140.0.0/24,\n+             10.140.1.0/24,\n+             10.140.2.0/24,\n+             10.192.0.0/22,\n+             10.192.10.0/24,\n+             10.192.11.0/24,\n+             10.192.12.0/24,\n+             10.192.13.0/24,\n+             10.192.14.0/24,\n+             10.192.15.0/24,\n+             10.192.16.0/22,\n+             10.192.20.0/24,\n+             10.192.21.0/24,\n+             10.192.22.0/24,\n+             10.192.23.0/24,\n+             10.192.24.0/23,\n+             10.192.26.0/24,\n+             10.192.27.0/24,\n+             10.192.28.0/24,\n+             10.192.29.0/24,\n+             10.192.30.0/24,\n+             10.192.31.0/24,\n+             10.192.32.0/22,\n+             10.192.36.0/24,\n+             10.192.37.0/24,\n+             10.192.38.0/24,\n+             10.192.39.0/24,\n+             10.192.4.0/24,\n+             10.192.40.0/24,\n+             10.192.41.0/24,\n+             10.192.42.0/24,\n+             10.192.43.0/24,\n+             10.192.44.0/24,\n+             10.192.45.0/24,\n+             10.192.46.0/24,\n+             10.192.47.0/24,\n+             10.192.48.0/22,\n+             10.192.5.0/24,\n+             10.192.52.0/24,\n+             10.192.56.0/24,\n+             10.192.57.0/24,\n+             10.192.58.0/24,\n+             10.192.59.0/24,\n+             10.192.6.0/24,\n+             10.192.64.0/21,\n+             10.192.7.0/24,\n+             10.192.72.0/24,\n+             10.192.76.0/24,\n+             10.192.8.0/24,\n+             10.192.80.0/20,\n+             10.192.9.0/24,\n+             10.192.96.0/21,\n+             10.194.0.0/20,\n+             10.194.128.0/17,\n+             10.194.16.0/21,\n+             10.194.61.0/24,\n+             10.194.62.0/23,\n+             10.194.64.0/20,\n+             10.194.80.0/21,\n+             10.2.1.0/24,\n+             10.2.2.0/24,\n+             10.2.3.0/24,\n+             10.2.4.0/24,\n+             10.2.5.0/24,\n+             10.2.6.0/24,\n+             10.2.7.0/24,\n+             10.64.0.0/22,\n+             10.64.130.0/24,\n+             10.64.131.0/24,\n+             10.64.132.0/24,\n+             10.64.133.0/24,\n+             10.64.134.0/24,\n+             10.64.135.0/24,\n+             10.64.136.0/24,\n+             10.64.137.0/24,\n+             10.64.138.0/24,\n+             10.64.139.0/24,\n+             10.64.140.0/24,\n+             10.64.141.0/24,\n+             10.64.142.0/24,\n+             10.64.143.0/24,\n+             10.64.144.0/24,\n+             10.64.145.0/24,\n+             10.64.148.0/24,\n+             10.64.149.0/24,\n+             10.64.150.0/24,\n+             10.64.151.0/24,\n+             10.64.152.0/24,\n+             10.64.153.0/24,\n+             10.64.154.0/24,\n+             10.64.155.0/24,\n+             10.64.156.0/24,\n+             10.64.157.0/24,\n+             10.64.158.0/24,\n+             10.64.159.0/24,\n+             10.64.16.0/22,\n+             10.64.160.0/24,\n+             10.64.161.0/24,\n+             10.64.162.0/24,\n+             10.64.163.0/24,\n+             10.64.164.0/24,\n+             10.64.165.0/24,\n+             10.64.166.0/24,\n+             10.64.167.0/24,\n+             10.64.169.0/24,\n+             10.64.170.0/24,\n+             10.64.171.0/24,\n+             10.64.172.0/24,\n+             10.64.173.0/24,\n+             10.64.174.0/24,\n+             10.64.175.0/24,\n+             10.64.176.0/24,\n+             10.64.177.0/24,\n+             10.64.178.0/24,\n+             10.64.179.0/24,\n+             10.64.180.0/24,\n+             10.64.181.0/24,\n+             10.64.182.0/24,\n+             10.64.183.0/24,\n+             10.64.184.0/24,\n+             10.64.185.0/24,\n+             10.64.186.0/24,\n+             10.64.187.0/24,\n+             10.64.188.0/24,\n+             10.64.189.0/24,\n+             10.64.190.0/24,\n+             10.64.20.0/24,\n+             10.64.21.0/24,\n+             10.64.24.0/23,\n+             10.64.32.0/22,\n+             10.64.36.0/24,\n+             10.64.48.0/22,\n+             10.64.5.0/24,\n+             10.64.53.0/24,\n+             10.64.64.0/21,\n+             10.64.72.0/24,\n+             10.64.76.0/24,\n+             10.67.0.0/20,\n+             10.67.128.0/17,\n+             10.67.16.0/21,\n+             10.67.24.0/21,\n+             10.67.32.0/20,\n+             10.67.64.0/20,\n+             10.67.80.0/21,\n+             10.80.0.0/24,\n+             10.80.1.0/24,\n+             10.80.2.0/24,\n+             103.102.166.0/28,\n+             103.102.166.224/27,\n+             103.102.166.96/27,\n+             185.15.58.0/27,\n+             185.15.58.224/27,\n+             185.15.58.32/27,\n+             185.15.59.0/27,\n+             185.15.59.224/27,\n+             185.15.59.32/27,\n+             185.15.59.96/27,\n+             195.200.68.0/27,\n+             195.200.68.224/27,\n+             195.200.68.32/27,\n+             195.200.68.96/27,\n+             198.35.26.0/27,\n+             198.35.26.32/27,\n+             198.35.26.96/27,\n+             208.80.152.128/27,\n+             208.80.153.0/27,\n+             208.80.153.224/27,\n+             208.80.153.32/27,\n+             208.80.153.64/27,\n+             208.80.153.96/27,\n+             208.80.154.0/26,\n+             208.80.154.128/26,\n+             208.80.154.224/27,\n+             208.80.154.64/26,\n+             208.80.155.96/27\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]", "content": "--- /etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft.orig\n+++ /etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft\n@@ -0,0 +1,11 @@\n+# Autogenerated by puppet\n+set MYSQL_ROOT_CLIENTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.16.90,\n+             10.192.16.191,\n+             10.64.16.154,\n+             10.192.32.49,\n+             208.80.154.9,\n+             10.64.0.20\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/output]", "parameters": "--- File[/etc/nftables/output].orig\n+++ File[/etc/nftables/output]\n\n+    group   => root\n+    recurse => True\n+    ensure  => directory\n+    purge   => True\n+    owner   => root\n"}, {"resource": "Nrpe::Plugin[check_ferm]", "parameters": "--- Nrpe::Plugin[check_ferm].orig\n+++ Nrpe::Plugin[check_ferm]\n\n-    source => puppet:///modules/base/firewall/check_ferm\n-    ensure => present\n"}, {"resource": "Rsyslog::Conf[nrpe2nodexp-ferm_active]", "parameters": "--- Rsyslog::Conf[nrpe2nodexp-ferm_active].orig\n+++ Rsyslog::Conf[nrpe2nodexp-ferm_active]\n\n-    mode     => 0444\n-    ensure   => present\n-    priority => 25\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf]", "content": "--- /etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf.orig\n+++ /etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf\n@@ -1,10 +0,0 @@\n-# rsyslog.conf(5) configuration file for services.\n-# This file is managed by Puppet.\n-if $programname startswith \"wmf_auto_restart_ulogd2\" then {\n-    action(\n-        type=\"omfile\" file=\"/var/log/wmf_auto_restart_ulogd2/syslog.log\"\n-        fileOwner=\"root\" fileGroup=\"root\"\n-        fileCreateMode=\"0644\"\n-    )\n-    & stop\n-}", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf]\n\n-    group  => root\n-    ensure => present\n-    notify => Service[rsyslog]\n-    mode   => 0444\n-    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/INTERNAL_ipv6.nft]", "content": "--- /etc/nftables/sets/INTERNAL_ipv6.nft.orig\n+++ /etc/nftables/sets/INTERNAL_ipv6.nft\n@@ -0,0 +1,15 @@\n+# Autogenerated by puppet\n+set INTERNAL_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:860:100::/56,\n+             2620:0:861:100::/56,\n+             2620:0:863:100::/56,\n+             2a02:ec80:300:100::/56,\n+             2a02:ec80:600:100::/56,\n+             2a02:ec80:700:100::/56,\n+             2001:df2:e500:100::/56,\n+             2a02:ec80:ff00:100::/56\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/INTERNAL_ipv6.nft].orig\n+++ File[/etc/nftables/sets/INTERNAL_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]", "content": "--- /etc/nftables/sets/CUMIN_MASTERS_ipv6.nft.orig\n+++ /etc/nftables/sets/CUMIN_MASTERS_ipv6.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set CUMIN_MASTERS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:102:10:64:16:154,\n+             2620:0:860:103:10:192:32:49\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/ferm/conf.d/10_ssh_from_bastion]", "content": "--- /etc/ferm/conf.d/10_ssh_from_bastion.orig\n+++ /etc/ferm/conf.d/10_ssh_from_bastion\n@@ -1,6 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# \n-&R_SERVICE(tcp, 22, (103.102.166.103 185.15.58.6 185.15.59.99 195.200.68.99 198.35.26.104 2001:df2:e500:3:103:102:166:103 208.80.153.110 208.80.154.7 2620:0:860:4:208:80:153:110 2620:0:861:1:208:80:154:7 2620:0:863:3:198:35:26:104 2a02:ec80:300:3:185:15:59:99 2a02:ec80:600:1:185:15:58:6 2a02:ec80:700:3:195:200:68:99));\n-\n-", "parameters": "--- File[/etc/ferm/conf.d/10_ssh_from_bastion].orig\n+++ File[/etc/ferm/conf.d/10_ssh_from_bastion]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "Class[Ferm]", "parameters": "--- Class[Ferm].orig\n+++ Class[Ferm]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]", "content": "--- /etc/nftables/sets/CUMIN_MASTERS_ipv4.nft.orig\n+++ /etc/nftables/sets/CUMIN_MASTERS_ipv4.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set CUMIN_MASTERS_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.16.154,\n+             10.192.32.49\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]", "content": "--- /etc/ferm/conf.d/10_full_monitoring_metrics_access_udp.orig\n+++ /etc/ferm/conf.d/10_full_monitoring_metrics_access_udp\n@@ -1,6 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# \n-&R_SERVICE(udp, 1:65535, (10.192.16.75 10.192.32.67 10.192.39.10 10.192.9.11 208.80.153.42 208.80.154.78 2620:0:860:102:10:192:16:75 2620:0:860:103:10:192:32:67 2620:0:860:10a:10:192:9:11 2620:0:860:11e:10:192:39:10 2620:0:860:2:208:80:153:42 2620:0:861:3:208:80:154:78));\n-\n-", "parameters": "--- File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp].orig\n+++ File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "File[/etc/nftables/input/10_orchestrator.nft]", "content": "--- /etc/nftables/input/10_orchestrator.nft.orig\n+++ /etc/nftables/input/10_orchestrator.nft\n@@ -0,0 +1,3 @@\n+# Managed by puppet\n+# \n+ip saddr { 10.64.0.20, 208.80.154.9 } tcp dport { 3306 } accept", "parameters": "--- File[/etc/nftables/input/10_orchestrator.nft].orig\n+++ File[/etc/nftables/input/10_orchestrator.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft\n@@ -0,0 +1,38 @@\n+# Autogenerated by puppet\n+set ANALYTICS_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.64.137.0/24,\n+             10.64.138.0/24,\n+             10.64.139.0/24,\n+             10.64.140.0/24,\n+             10.64.142.0/24,\n+             10.64.143.0/24,\n+             10.64.144.0/24,\n+             10.64.145.0/24,\n+             10.64.153.0/24,\n+             10.64.155.0/24,\n+             10.64.157.0/24,\n+             10.64.159.0/24,\n+             10.64.161.0/24,\n+             10.64.163.0/24,\n+             10.64.165.0/24,\n+             10.64.167.0/24,\n+             10.64.170.0/24,\n+             10.64.172.0/24,\n+             10.64.174.0/24,\n+             10.64.176.0/24,\n+             10.64.178.0/24,\n+             10.64.180.0/24,\n+             10.64.182.0/24,\n+             10.64.184.0/24,\n+             10.64.186.0/24,\n+             10.64.188.0/24,\n+             10.64.190.0/24,\n+             10.64.21.0/24,\n+             10.64.36.0/24,\n+             10.64.5.0/24,\n+             10.64.53.0/24\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/ferm/conf.d]", "parameters": "--- File[/etc/ferm/conf.d].orig\n+++ File[/etc/ferm/conf.d]\n\n-    force   => True\n-    require => Package[ferm]\n-    recurse => True\n-    ensure  => directory\n-    notify  => Service[ferm]\n-    purge   => True\n-    owner   => root\n-    group   => adm\n-    ignore  => ['.*']\n-    mode    => 0551\n"}, {"resource": "Service[ferm]", "parameters": "--- Service[ferm].orig\n+++ Service[ferm]\n\n-    restart => /bin/systemctl reload-or-restart ferm\n-    ensure  => running\n"}, {"resource": "Ferm::Service[mariadb_internal]", "parameters": "--- Ferm::Service[mariadb_internal].orig\n+++ Ferm::Service[mariadb_internal]\n\n-    desc                => \n-    ensure              => present\n-    proto               => tcp\n-    src_sets            => ['INTERNAL']\n-    notrack             => True\n-    port                => 3306\n-    prio                => 10\n-    unrestricted_access => False\n"}, {"resource": "Systemd::Unit[prometheus-node-textfile-check-nft.service]", "parameters": "--- Systemd::Unit[prometheus-node-textfile-check-nft.service].orig\n+++ Systemd::Unit[prometheus-node-textfile-check-nft.service]\n\n+    require           => ['Class[Systemd]']\n+    restart           => False\n+    override          => False\n+    ensure            => present\n+    override_filename => puppet-override.conf\n+    unit              => prometheus-node-textfile-check-nft.service\n"}, {"resource": "File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft\n@@ -0,0 +1,11 @@\n+# Autogenerated by puppet\n+set ZOOKEEPER_FLINK_HOSTS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:102:10:64:16:9,\n+             2620:0:861:101:10:64:0:8,\n+             2620:0:861:103:10:64:32:41,\n+             2620:0:860:102:10:192:16:227,\n+             2620:0:860:103:10:192:32:179,\n+             2620:0:860:104:10:192:48:219\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/usr/local/lib/nagios/plugins/check_ferm]", "parameters": "--- File[/usr/local/lib/nagios/plugins/check_ferm].orig\n+++ File[/usr/local/lib/nagios/plugins/check_ferm]\n\n-    tag     => nrpe::plugin\n-    require => File[/usr/local/lib/nagios/plugins/]\n-    ensure  => file\n-    owner   => root\n-    source  => puppet:///modules/base/firewall/check_ferm\n-    mode    => 0555\n-    group   => root\n"}, {"resource": "Ferm::Conf[defs]", "parameters": "--- Ferm::Conf[defs].orig\n+++ Ferm::Conf[defs]\n\n-    prio   => 00\n-    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set AUX_KUBEPODS_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.67.80.0/21,\n+             10.194.80.0/21\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/default/ferm]", "parameters": "--- File[/etc/default/ferm].orig\n+++ File[/etc/default/ferm]\n\n-    require => Package[ferm]\n-    group   => root\n-    ensure  => file\n-    source  => puppet:///modules/ferm/ferm.default\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer]", "content": "--- /lib/systemd/system/prometheus-node-textfile-check-nft.timer.orig\n+++ /lib/systemd/system/prometheus-node-textfile-check-nft.timer\n@@ -0,0 +1,12 @@\n+[Unit]\n+Description=Periodic execution of prometheus-node-textfile-check-nft.service\n+\n+[Timer]\n+Unit=prometheus-node-textfile-check-nft.service\n+# Accuracy sets the maximum time interval around the execution time we want to allow\n+AccuracySec=15sec\n+OnCalendar=*:0/30\n+RandomizedDelaySec=0\n+\n+[Install]\n+WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer].orig\n+++ File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer]\n\n+    group  => root\n+    ensure => present\n+    notify => Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]\n+    mode   => 0444\n+    owner  => root\n"}, {"resource": "Class[Nftables]", "parameters": "--- Class[Nftables].orig\n+++ Class[Nftables]\n\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]", "content": "--- /etc/nftables/sets/NETWORK_INFRA_ipv4.nft.orig\n+++ /etc/nftables/sets/NETWORK_INFRA_ipv4.nft\n@@ -0,0 +1,19 @@\n+# Autogenerated by puppet\n+set NETWORK_INFRA_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 185.15.59.128/27,\n+             198.35.26.128/27,\n+             208.80.153.192/27,\n+             10.192.255.0/24,\n+             10.192.253.0/24,\n+             208.80.154.192/27,\n+             10.64.146.0/24,\n+             10.64.168.0/24,\n+             10.64.147.0/24,\n+             103.102.166.128/27,\n+             185.15.58.128/27,\n+             195.200.68.128/27\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft].orig\n+++ File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_ulogd2]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_ulogd2].orig\n+++ Logrotate::Conf[wmf_auto_restart_ulogd2]\n\n-    ensure => present\n"}, {"resource": "Nftables::Service[ssh-from-cumin-masters]", "parameters": "--- Nftables::Service[ssh-from-cumin-masters].orig\n+++ Nftables::Service[ssh-from-cumin-masters]\n\n+    desc                => \n+    ensure              => present\n+    proto               => tcp\n+    src_sets            => ['CUMIN_MASTERS']\n+    port                => 22\n+    prio                => 10\n+    notrack             => False\n+    unrestricted_access => False\n"}, {"resource": "File[/etc/ferm/conf.d/10_parsercache_mariadb_dba]", "content": "--- /etc/ferm/conf.d/10_parsercache_mariadb_dba.orig\n+++ /etc/ferm/conf.d/10_parsercache_mariadb_dba\n@@ -1,6 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# \n-&R_SERVICE(tcp, 3307, $MYSQL_ROOT_CLIENTS);\n-\n-", "parameters": "--- File[/etc/ferm/conf.d/10_parsercache_mariadb_dba].orig\n+++ File[/etc/ferm/conf.d/10_parsercache_mariadb_dba]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "Ferm::Rule[dscp-default]", "parameters": "--- Ferm::Rule[dscp-default].orig\n+++ Ferm::Rule[dscp-default]\n\n-    domain => (ip ip6)\n-    desc   => \n-    table  => mangle\n-    prio   => 99\n-    ensure => present\n-    rule   => DSCP set-dscp-class CS0;\n-    chain  => POSTROUTING\n"}, {"resource": "Ferm::Service[orchestrator]", "parameters": "--- Ferm::Service[orchestrator].orig\n+++ Ferm::Service[orchestrator]\n\n-    desc                => \n-    ensure              => present\n-    proto               => tcp\n-    notrack             => True\n-    port                => [3306]\n-    prio                => 10\n-    unrestricted_access => False\n-    srange              => ['dborch1001.wikimedia.org', 'dborch1002.wikimedia.org', 'dborch1003.eqiad.wmnet']\n"}, {"resource": "File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]", "content": "--- /etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft.orig\n+++ /etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft\n@@ -0,0 +1,15 @@\n+# Autogenerated by puppet\n+set KAFKA_BROKERS_LOGGING_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.16.205,\n+             10.64.133.11,\n+             10.64.183.12,\n+             10.64.131.13,\n+             10.64.135.13,\n+             10.192.23.29,\n+             10.192.11.28,\n+             10.192.26.22,\n+             10.192.11.27,\n+             10.192.39.25\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft].orig\n+++ File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Prometheus::Node_textfile[check-nft]", "parameters": "--- Prometheus::Node_textfile[check-nft].orig\n+++ Prometheus::Node_textfile[check-nft]\n\n+    extra_packages => []\n+    environment    => {}\n+    ensure         => present\n+    interval       => *:0/30\n+    user           => root\n+    filesource     => puppet:///modules/profile/firewall/check_nftables.py\n+    run_cmd        => /usr/local/bin/check-nft\n"}, {"resource": "Nftables::Service[orchestrator]", "parameters": "--- Nftables::Service[orchestrator].orig\n+++ Nftables::Service[orchestrator]\n\n+    desc                => \n+    ensure              => present\n+    proto               => tcp\n+    src_ips             => ['10.64.0.20', '208.80.154.9']\n+    notrack             => True\n+    port                => [3306]\n+    prio                => 10\n+    unrestricted_access => False\n"}, {"resource": "File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]", "content": "--- /etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf.orig\n+++ /etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf\n@@ -1,10 +0,0 @@\n-# SPDX-License-Identifier: Apache-2.0\n-if $programname contains \"nrpe2nodexp-ferm_active\" then {\n-    if ($msg contains \"\\\"ecs.version\\\": \\\"1.7.0\\\"\") then {\n-        # Send logs to kafka\n-        set $.log_outputs = \"kafka ecs_170 local\";\n-    } else {\n-        # Filter out non-relevant nrpe2nodexp messages\n-        stop\n-    }\n-}", "parameters": "--- File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf].orig\n+++ File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]\n\n-    group  => root\n-    ensure => present\n-    notify => Service[rsyslog]\n-    mode   => 0444\n-    owner  => root\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_ulogd2]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_ulogd2].orig\n+++ Rsyslog::Conf[wmf_auto_restart_ulogd2]\n\n-    priority => 40\n-    require  => File[/var/log/wmf_auto_restart_ulogd2]\n-    mode     => 0444\n-    ensure   => present\n"}, {"resource": "File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set WIKIKUBE_KUBEPODS_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.67.128.0/17,\n+             10.194.128.0/17\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Class[Ulogd]", "parameters": "--- Class[Ulogd].orig\n+++ Class[Ulogd]\n\n-    json_logfile        => /var/log/ulog/ulogd.json\n-    sync                => True\n-    acct                => []\n-    nacct_file          => /var/log/ulog/nacct.log\n-    syslog_facility     => local7\n-    nfct                => []\n-    oprint_logfile      => /var/log/ulog/oprint.log\n-    config_file         => /etc/ulogd.conf\n-    logemu_nfct_logfile => /var/log/ulog/syslogemu_nfct.log\n-    gprint_logfile      => /var/log/ulog/gprint.log\n-    log_level           => info\n-    logemu_logfile      => /var/log/ulog/syslogemu.log\n-    nflog               => ['SYSLOG']\n-    ensure              => present\n-    pcap_file           => /var/log/ulog/ulogd.pcap\n-    json_nfct_logfile   => /var/log/ulog/ulogd_nfct.json\n-    syslog_level        => info\n-    xml_directory       => /var/log/ulog/\n-    logfile             => syslog\n"}, {"resource": "Exec[unmask_nftables.service]", "parameters": "--- Exec[unmask_nftables.service].orig\n+++ Exec[unmask_nftables.service]\n\n+    command     => /bin/systemctl unmask nftables.service\n+    onlyif      => /bin/readlink -f /etc/systemd/system/nftables.service | grep -q /dev/null\n+    refreshonly => False\n"}, {"resource": "Systemd::Unit[nftables]", "parameters": "--- Systemd::Unit[nftables].orig\n+++ Systemd::Unit[nftables]\n\n+    require           => ['Class[Systemd]']\n+    restart           => False\n+    override          => True\n+    ensure            => present\n+    override_filename => puppet-override.conf\n+    unit              => nftables\n"}, {"resource": "File[/etc/ferm/conf.d/99_dscp-default]", "content": "--- /etc/ferm/conf.d/99_dscp-default.orig\n+++ /etc/ferm/conf.d/99_dscp-default\n@@ -1,11 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# 99_dscp-default: \n-\n-domain (ip ip6) {\n-\ttable mangle {\n-\t\tchain POSTROUTING {\n-\t\t\tDSCP set-dscp-class CS0;\n-\t\t}\n-\t}\n-}", "parameters": "--- File[/etc/ferm/conf.d/99_dscp-default].orig\n+++ File[/etc/ferm/conf.d/99_dscp-default]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "Systemd::Service[nrpe2nodexp-ferm_active]", "parameters": "--- Systemd::Service[nrpe2nodexp-ferm_active].orig\n+++ Systemd::Service[nrpe2nodexp-ferm_active]\n\n-    monitoring_contact_group => admins\n-    unit_type                => timer\n-    require                  => Systemd::Unit[nrpe2nodexp-ferm_active.service]\n-    restart                  => False\n-    ensure                   => present\n-    monitoring_enabled       => False\n-    override                 => False\n-    monitoring_critical      => False\n-    migration_task           => T407130\n-    service_params           => {}\n"}, {"resource": "Package[ulogd2]", "parameters": "--- Package[ulogd2].orig\n+++ Package[ulogd2]\n\n-    provider => apt\n-    ensure   => installed\n"}, {"resource": "Nftables::Set[FRACK_NETWORKS]", "parameters": "--- Nftables::Set[FRACK_NETWORKS].orig\n+++ Nftables::Set[FRACK_NETWORKS]\n\n+    hosts  => ['10.195.0.0/27', '10.195.0.128/29', '10.195.0.32/27', '10.195.0.64/28', '10.195.0.80/29', '10.195.0.96/27', '10.195.1.0/25', '10.64.40.0/27', '10.64.40.160/27', '10.64.40.192/26', '10.64.40.32/27', '10.64.40.64/27', '10.64.40.96/27', '208.80.152.224/28', '208.80.155.0/27']\n+    ensure => present\n"}, {"resource": "Exec[update_alternative_iptables]", "parameters": "--- Exec[update_alternative_iptables].orig\n+++ Exec[update_alternative_iptables]\n\n-    command => /usr/bin/update-alternatives --force --set iptables /usr/sbin/iptables-legacy\n-    unless  => /usr/bin/update-alternatives --query iptables | /bin/grep 'Value: /usr/sbin/iptables-legacy'\n"}, {"resource": "File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set DEPLOYMENT_HOSTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.16.93,\n+             10.192.32.7\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft\n@@ -0,0 +1,10 @@\n+# Autogenerated by puppet\n+set DRUID_PUBLIC_HOSTS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:10a:10:64:131:9,\n+             2620:0:861:10b:10:64:132:12,\n+             2620:0:861:10e:10:64:135:9,\n+             2620:0:861:103:10:64:32:101,\n+             2620:0:861:107:10:64:48:185\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Ferm::Service[ssh_from_cumin_masters]", "parameters": "--- Ferm::Service[ssh_from_cumin_masters].orig\n+++ Ferm::Service[ssh_from_cumin_masters]\n\n-    desc                => \n-    ensure              => present\n-    proto               => tcp\n-    src_sets            => ['CUMIN_MASTERS']\n-    port                => 22\n-    prio                => 10\n-    notrack             => False\n-    unrestricted_access => False\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_ulogd2.service]", "content": "--- /lib/systemd/system/wmf_auto_restart_ulogd2.service.orig\n+++ /lib/systemd/system/wmf_auto_restart_ulogd2.service\n@@ -1,8 +0,0 @@\n-[Unit]\n-Description=Auto restart job: ulogd2\n-Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n-\n-[Service]\n-Type=oneshot\n-User=root\n-ExecStart=/usr/local/sbin/wmf-auto-restart -s ulogd2", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_ulogd2.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_ulogd2.service]\n\n-    group  => root\n-    ensure => present\n-    notify => Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]\n-    mode   => 0444\n-    owner  => root\n"}, {"resource": "Nftables::Set[CLOUD_NETWORKS]", "parameters": "--- Nftables::Set[CLOUD_NETWORKS].orig\n+++ Nftables::Set[CLOUD_NETWORKS]\n\n+    hosts  => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set AUX_KUBEPODS_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:861:305::/64,\n+             2620:0:860:305::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Ferm::Service[full_monitoring_metrics_access_udp]", "parameters": "--- Ferm::Service[full_monitoring_metrics_access_udp].orig\n+++ Ferm::Service[full_monitoring_metrics_access_udp]\n\n-    desc                => \n-    port_range          => [1, 65535]\n-    ensure              => present\n-    proto               => udp\n-    prio                => 10\n-    notrack             => False\n-    unrestricted_access => False\n-    srange              => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']\n"}, {"resource": "Class[Firewall]", "parameters": "--- Class[Firewall].orig\n+++ Class[Firewall]\n\n@@\n-    provider => ferm\n+    provider => nftables\n"}, {"resource": "File[/etc/nftables/sets/INTERNAL_ipv4.nft]", "content": "--- /etc/nftables/sets/INTERNAL_ipv4.nft.orig\n+++ /etc/nftables/sets/INTERNAL_ipv4.nft\n@@ -0,0 +1,8 @@\n+# Autogenerated by puppet\n+set INTERNAL_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.0.0.0/8\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/INTERNAL_ipv4.nft].orig\n+++ File[/etc/nftables/sets/INTERNAL_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[PROMETHEUS_HOSTS]", "parameters": "--- Nftables::Set[PROMETHEUS_HOSTS].orig\n+++ Nftables::Set[PROMETHEUS_HOSTS]\n\n+    hosts  => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet']\n+    ensure => present\n"}, {"resource": "Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c]", "parameters": "--- Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c].orig\n+++ Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c]\n\n-    dashboard          => TODO\n-    team               => observability\n-    severity           => info\n-    ensure             => present\n-    site               => codfw\n-    summary            => NRPE CHECK: Check whether ferm is active by checking the default input chain\n-    logs               => https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_ferm_active))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))\n-    description        => NRPE CHECK: Check whether ferm is active by checking the default input chain\n-    alert_name         => nrpe_Check_whether_ferm_is_active_by_checking_the_default_input_chain\n-    group              => nrpechecks\n-    instance           => ops\n-    runbook            => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm\n-    expr               => (nagios_nrpe_check_result{alert_rule_hash=\"bba0a2572329bb500b832470e08b381c\",check_name=\"check_ferm_active\", status=~\"(WARNING|CRITICAL)\", severity=~\"(warning|critical)\"} > 0) * on (instance) group_left (team) role_owner\n-    def_label_whitelst => ['team', 'severity']\n-    for                => 32m\n"}, {"resource": "File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]", "content": "--- /lib/systemd/system/nrpe2nodexp-ferm_active.service.orig\n+++ /lib/systemd/system/nrpe2nodexp-ferm_active.service\n@@ -1,11 +0,0 @@\n-[Unit]\n-Description=execution of nrpe2nodexp for the check_ferm_active command.\n-Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n-\n-[Service]\n-Type=oneshot\n-User=nagios\n-\n-Group=prometheus-node-exporter\n-SyslogIdentifier=nrpe2nodexp-ferm_active\n-ExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash \"bba0a2572329bb500b832470e08b381c\" --timeout 10 --check-command \"check_ferm_active\"", "parameters": "--- File[/lib/systemd/system/nrpe2nodexp-ferm_active.service].orig\n+++ File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]\n\n-    group  => root\n-    ensure => present\n-    notify => Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]\n-    mode   => 0444\n-    owner  => root\n"}, {"resource": "Systemd::Syslog[wmf_auto_restart_ulogd2]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_ulogd2].orig\n+++ Systemd::Syslog[wmf_auto_restart_ulogd2]\n\n-    log_filename           => syslog.log\n-    readable_by            => all\n-    ensure                 => present\n-    base_dir               => /var/log\n-    force_stop             => True\n-    owner                  => root\n-    group                  => root\n-    programname_comparison => startswith\n"}, {"resource": "File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/MONITORING_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/MONITORING_HOSTS_ipv4.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set MONITORING_HOSTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 208.80.154.78,\n+             208.80.153.42\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/CACHES_ipv6.nft]", "content": "--- /etc/nftables/sets/CACHES_ipv6.nft.orig\n+++ /etc/nftables/sets/CACHES_ipv6.nft\n@@ -0,0 +1,117 @@\n+# Autogenerated by puppet\n+set CACHES_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:101:10:64:0:79,\n+             2620:0:861:101:10:64:0:229,\n+             2620:0:861:101:10:64:0:14,\n+             2620:0:861:101:10:64:0:51,\n+             2620:0:861:102:10:64:16:241,\n+             2620:0:861:102:10:64:16:94,\n+             2620:0:861:102:10:64:16:95,\n+             2620:0:861:102:10:64:16:240,\n+             2620:0:861:103:10:64:32:14,\n+             2620:0:861:103:10:64:32:60,\n+             2620:0:861:103:10:64:32:15,\n+             2620:0:861:103:10:64:32:65,\n+             2620:0:861:107:10:64:48:16,\n+             2620:0:861:107:10:64:48:41,\n+             2620:0:861:107:10:64:48:27,\n+             2620:0:861:107:10:64:48:28,\n+             2620:0:860:113:10:192:23:26,\n+             2620:0:860:107:10:192:6:20,\n+             2620:0:860:10d:10:192:12:35,\n+             2620:0:860:10f:10:192:14:25,\n+             2620:0:860:100:10:192:4:22,\n+             2620:0:860:116:10:192:29:26,\n+             2620:0:860:119:10:192:30:29,\n+             2620:0:860:11b:10:192:36:19,\n+             2620:0:860:11f:10:192:40:25,\n+             2620:0:860:120:10:192:41:21,\n+             2620:0:860:12b:10:192:56:3,\n+             2620:0:860:12b:10:192:56:4,\n+             2620:0:860:12c:10:192:57:3,\n+             2620:0:860:12d:10:192:58:2,\n+             2620:0:860:12d:10:192:58:3,\n+             2620:0:860:12e:10:192:59:2,\n+             2a02:ec80:300:101:10:80:0:14,\n+             2a02:ec80:300:102:10:80:1:11,\n+             2a02:ec80:300:101:10:80:0:13,\n+             2a02:ec80:300:102:10:80:1:9,\n+             2a02:ec80:300:101:10:80:0:12,\n+             2a02:ec80:300:102:10:80:1:7,\n+             2a02:ec80:300:101:10:80:0:11,\n+             2a02:ec80:300:102:10:80:1:6,\n+             2a02:ec80:300:101:10:80:0:10,\n+             2a02:ec80:300:102:10:80:1:5,\n+             2a02:ec80:300:101:10:80:0:8,\n+             2a02:ec80:300:102:10:80:1:4,\n+             2a02:ec80:300:101:10:80:0:7,\n+             2a02:ec80:300:102:10:80:1:3,\n+             2a02:ec80:300:101:10:80:0:6,\n+             2a02:ec80:300:102:10:80:1:2,\n+             2620:0:863:101:10:128:0:19,\n+             2620:0:863:102:10:128:1:27,\n+             2620:0:863:101:10:128:0:22,\n+             2620:0:863:102:10:128:1:28,\n+             2620:0:863:101:10:128:0:25,\n+             2620:0:863:102:10:128:1:29,\n+             2620:0:863:101:10:128:0:26,\n+             2620:0:863:102:10:128:1:31,\n+             2620:0:863:101:10:128:0:14,\n+             2620:0:863:102:10:128:1:35,\n+             2620:0:863:101:10:128:0:21,\n+             2620:0:863:102:10:128:1:36,\n+             2620:0:863:101:10:128:0:24,\n+             2620:0:863:102:10:128:1:10,\n+             2620:0:863:101:10:128:0:37,\n+             2620:0:863:102:10:128:1:12,\n+             2001:df2:e500:101:10:132:0:17,\n+             2001:df2:e500:101:10:132:0:18,\n+             2001:df2:e500:101:10:132:0:19,\n+             2001:df2:e500:101:10:132:0:24,\n+             2001:df2:e500:101:10:132:0:29,\n+             2001:df2:e500:101:10:132:0:30,\n+             2001:df2:e500:101:10:132:0:34,\n+             2001:df2:e500:101:10:132:0:35,\n+             2001:df2:e500:101:10:132:0:36,\n+             2001:df2:e500:101:10:132:0:37,\n+             2001:df2:e500:101:10:132:0:38,\n+             2001:df2:e500:101:10:132:0:25,\n+             2001:df2:e500:101:10:132:0:26,\n+             2001:df2:e500:101:10:132:0:27,\n+             2001:df2:e500:101:10:132:0:28,\n+             2001:df2:e500:101:10:132:0:16,\n+             2a02:ec80:600:101:10:136:0:6,\n+             2a02:ec80:600:102:10:136:1:6,\n+             2a02:ec80:600:101:10:136:0:7,\n+             2a02:ec80:600:102:10:136:1:7,\n+             2a02:ec80:600:101:10:136:0:8,\n+             2a02:ec80:600:102:10:136:1:8,\n+             2a02:ec80:600:101:10:136:0:9,\n+             2a02:ec80:600:102:10:136:1:9,\n+             2a02:ec80:600:101:10:136:0:10,\n+             2a02:ec80:600:102:10:136:1:10,\n+             2a02:ec80:600:101:10:136:0:11,\n+             2a02:ec80:600:102:10:136:1:11,\n+             2a02:ec80:600:101:10:136:0:12,\n+             2a02:ec80:600:102:10:136:1:12,\n+             2a02:ec80:600:101:10:136:0:13,\n+             2a02:ec80:600:102:10:136:1:13,\n+             2a02:ec80:700:101:10:140:0:3,\n+             2a02:ec80:700:102:10:140:1:4,\n+             2a02:ec80:700:101:10:140:0:4,\n+             2a02:ec80:700:102:10:140:1:5,\n+             2a02:ec80:700:101:10:140:0:5,\n+             2a02:ec80:700:102:10:140:1:6,\n+             2a02:ec80:700:101:10:140:0:6,\n+             2a02:ec80:700:102:10:140:1:7,\n+             2a02:ec80:700:101:10:140:0:7,\n+             2a02:ec80:700:102:10:140:1:8,\n+             2a02:ec80:700:101:10:140:0:8,\n+             2a02:ec80:700:102:10:140:1:9,\n+             2a02:ec80:700:101:10:140:0:9,\n+             2a02:ec80:700:102:10:140:1:10,\n+             2a02:ec80:700:101:10:140:0:10,\n+             2a02:ec80:700:102:10:140:1:11\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CACHES_ipv6.nft].orig\n+++ File[/etc/nftables/sets/CACHES_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_ulogd2.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_ulogd2.service].orig\n+++ Systemd::Unit[wmf_auto_restart_ulogd2.service]\n\n-    require           => ['Class[Systemd]']\n-    restart           => False\n-    override          => False\n-    ensure            => present\n-    override_filename => puppet-override.conf\n-    unit              => wmf_auto_restart_ulogd2.service\n"}, {"resource": "File_line[auto_restart_file_presence_ulogd2]", "parameters": "--- File_line[auto_restart_file_presence_ulogd2].orig\n+++ File_line[auto_restart_file_presence_ulogd2]\n\n-    line    => ulogd2\n-    require => File[/etc/debdeploy-client/autorestarts.conf]\n-    path    => /etc/debdeploy-client/autorestarts.conf\n-    ensure  => present\n"}, {"resource": "File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl]", "parameters": "--- File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl].orig\n+++ File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/ferm/conf.d/10_orchestrator]", "content": "--- /etc/ferm/conf.d/10_orchestrator.orig\n+++ /etc/ferm/conf.d/10_orchestrator\n@@ -1,8 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# \n-&R_SERVICE(tcp, 3306, (10.64.0.20 208.80.154.9));\n-\n-\n-\n-&NO_TRACK(tcp, 3306);", "parameters": "--- File[/etc/ferm/conf.d/10_orchestrator].orig\n+++ File[/etc/ferm/conf.d/10_orchestrator]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set PROMETHEUS_HOSTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.192.16.75,\n+             10.192.32.67,\n+             10.192.9.11,\n+             10.192.39.10\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf]", "content": "--- /etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf.orig\n+++ /etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf\n@@ -0,0 +1,10 @@\n+# rsyslog.conf(5) configuration file for services.\n+# This file is managed by Puppet.\n+if $programname startswith \"prometheus-node-textfile-check-nft\" then {\n+    action(\n+        type=\"omfile\" file=\"/var/log/prometheus-node-textfile-check-nft/syslog.log\"\n+        fileOwner=\"root\" fileGroup=\"root\"\n+        fileCreateMode=\"0644\"\n+    )\n+    & stop\n+}", "parameters": "--- File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf].orig\n+++ File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf]\n\n+    group  => root\n+    ensure => present\n+    notify => Service[rsyslog]\n+    mode   => 0444\n+    owner  => root\n"}, {"resource": "Service[nrpe2nodexp-ferm_active.timer]", "parameters": "--- Service[nrpe2nodexp-ferm_active.timer].orig\n+++ Service[nrpe2nodexp-ferm_active.timer]\n\n-    provider => systemd\n-    enable   => True\n-    ensure   => running\n"}, {"resource": "Monitoring::Service[ferm_active]", "parameters": "--- Monitoring::Service[ferm_active].orig\n+++ Monitoring::Service[ferm_active]\n\n-    ensure         => present\n-    retry_interval => 1\n-    config_dir     => /etc/nagios\n-    description    => Check whether ferm is active by checking the default input chain\n-    notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm\n-    passive        => False\n-    host           => pc2022\n-    critical       => False\n-    check_command  => nrpe_check!check_ferm_active!10\n-    check_interval => 30\n-    contact_group  => admins\n-    retries        => 3\n-    freshness      => 36000\n-    migration_task => T350694\n"}, {"resource": "Systemd::Syslog[prometheus-node-textfile-check-nft]", "parameters": "--- Systemd::Syslog[prometheus-node-textfile-check-nft].orig\n+++ Systemd::Syslog[prometheus-node-textfile-check-nft]\n\n+    log_filename           => syslog.log\n+    readable_by            => all\n+    ensure                 => present\n+    base_dir               => /var/log\n+    force_stop             => True\n+    owner                  => root\n+    group                  => root\n+    programname_comparison => startswith\n"}, {"resource": "File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]", "content": "--- /etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft.orig\n+++ /etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft\n@@ -0,0 +1,43 @@\n+# Autogenerated by puppet\n+set LOAD_BALANCER_HEALTH_CHECKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:861:101::/64,\n+             2620:0:861:102::/64,\n+             2620:0:861:103::/64,\n+             2620:0:861:107::/64,\n+             2620:0:861:109::/64,\n+             2620:0:861:10a::/64,\n+             2620:0:861:10b::/64,\n+             2620:0:861:10d::/64,\n+             2620:0:861:10e::/64,\n+             2620:0:861:10f::/64,\n+             2620:0:861:119::/64,\n+             2620:0:861:10c::/64,\n+             2620:0:861:113::/64,\n+             2620:0:861:131::/64,\n+             2620:0:861:133::/64,\n+             2620:0:861:135::/64,\n+             2620:0:861:137::/64,\n+             2620:0:861:139::/64,\n+             2620:0:861:13b::/64,\n+             2620:0:861:13d::/64,\n+             2620:0:861:13f::/64,\n+             2620:0:861:142::/64,\n+             2620:0:861:144::/64,\n+             2620:0:860:101::/64,\n+             2620:0:860:102::/64,\n+             2620:0:860:103::/64,\n+             2620:0:860:104::/64,\n+             2a02:ec80:300:101::/64,\n+             2a02:ec80:300:102::/64,\n+             2620:0:863:101::/64,\n+             2620:0:863:102::/64,\n+             2001:df2:e500:101::/64,\n+             2a02:ec80:600:101::/64,\n+             2a02:ec80:600:102::/64,\n+             2a02:ec80:700:101::/64,\n+             2a02:ec80:700:102::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf]", "parameters": "--- File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf].orig\n+++ File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf]\n\n-    ensure => present\n-    owner  => root\n-    source => puppet:///modules/ferm/ferm_systemd_override\n-    mode   => 0444\n-    notify => Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]\n-    group  => root\n"}, {"resource": "Nftables::Set[AUX_KUBEPODS_NETWORKS]", "parameters": "--- Nftables::Set[AUX_KUBEPODS_NETWORKS].orig\n+++ Nftables::Set[AUX_KUBEPODS_NETWORKS]\n\n+    hosts  => ['10.67.80.0/21', '2620:0:861:305::/64', '10.194.80.0/21', '2620:0:860:305::/64']\n+    ensure => present\n"}, {"resource": "Ferm::Filter_log[filter-bootp]", "parameters": "--- Ferm::Filter_log[filter-bootp].orig\n+++ Ferm::Filter_log[filter-bootp]\n\n-    proto  => udp\n-    dport  => 68\n-    ensure => present\n-    sport  => 67\n-    daddr  => 255.255.255.255\n"}, {"resource": "File[/etc/systemd/system/nftables.service.d/puppet-override.conf]", "content": "--- /etc/systemd/system/nftables.service.d/puppet-override.conf.orig\n+++ /etc/systemd/system/nftables.service.d/puppet-override.conf\n@@ -0,0 +1,5 @@\n+[Service]\n+ExecStart=\n+ExecStart=/usr/sbin/nft -f /etc/nftables/main.nft\n+ExecReload=\n+ExecReload=/usr/sbin/nft -f /etc/nftables/main.nft", "parameters": "--- File[/etc/systemd/system/nftables.service.d/puppet-override.conf].orig\n+++ File[/etc/systemd/system/nftables.service.d/puppet-override.conf]\n\n+    group  => root\n+    ensure => present\n+    notify => Exec[systemd daemon-reload for nftables.service (nftables)]\n+    mode   => 0444\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/input]", "parameters": "--- File[/etc/nftables/input].orig\n+++ File[/etc/nftables/input]\n\n+    group   => root\n+    recurse => True\n+    ensure  => directory\n+    purge   => True\n+    owner   => root\n"}, {"resource": "File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set MLSERVE_KUBEPODS_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.67.16.0/21,\n+             10.194.16.0/21\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[KAFKA_BROKERS_JUMBO]", "parameters": "--- Nftables::Set[KAFKA_BROKERS_JUMBO].orig\n+++ Nftables::Set[KAFKA_BROKERS_JUMBO]\n\n+    hosts  => ['10.64.130.10', '2620:0:861:109:10:64:130:10', '10.64.131.16', '2620:0:861:10a:10:64:131:16', '10.64.132.21', '2620:0:861:10b:10:64:132:21', '10.64.134.9', '2620:0:861:10d:10:64:134:9', '10.64.135.16', '2620:0:861:10e:10:64:135:16', '10.64.136.11', '2620:0:861:10f:10:64:136:11', '10.64.154.15', '2620:0:861:122:10:64:154:15', '10.64.160.16', '2620:0:861:128:10:64:160:16', '10.64.0.126', '2620:0:861:101:10:64:0:126']\n+    ensure => present\n"}, {"resource": "Nftables::Set[DSE_KUBEPODS_NETWORKS]", "parameters": "--- Nftables::Set[DSE_KUBEPODS_NETWORKS].orig\n+++ Nftables::Set[DSE_KUBEPODS_NETWORKS]\n\n+    hosts  => ['10.67.24.0/21', '2620:0:861:302::/64', '10.192.96.0/21', '2620:0:860:308::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/MGMT_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/MGMT_NETWORKS_ipv4.nft\n@@ -0,0 +1,14 @@\n+# Autogenerated by puppet\n+set MGMT_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.65.0.0/16,\n+             10.128.128.0/17,\n+             10.193.0.0/16,\n+             10.80.128.0/17,\n+             10.132.128.0/17,\n+             10.136.128.0/17,\n+             10.140.128.0/17\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Class[Profile::Firewall]", "parameters": "--- Class[Profile::Firewall].orig\n+++ Class[Profile::Firewall]\n\n@@\n-    provider => ferm\n+    provider => nftables\n"}, {"resource": "File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft\n@@ -0,0 +1,38 @@\n+# Autogenerated by puppet\n+set ANALYTICS_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:861:100::/64,\n+             2620:0:861:104::/64,\n+             2620:0:861:105::/64,\n+             2620:0:861:106::/64,\n+             2620:0:861:108::/64,\n+             2620:0:861:110::/64,\n+             2620:0:861:111::/64,\n+             2620:0:861:112::/64,\n+             2620:0:861:114::/64,\n+             2620:0:861:115::/64,\n+             2620:0:861:116::/64,\n+             2620:0:861:117::/64,\n+             2620:0:861:11a::/64,\n+             2620:0:861:121::/64,\n+             2620:0:861:123::/64,\n+             2620:0:861:125::/64,\n+             2620:0:861:127::/64,\n+             2620:0:861:129::/64,\n+             2620:0:861:12b::/64,\n+             2620:0:861:12d::/64,\n+             2620:0:861:12f::/64,\n+             2620:0:861:132::/64,\n+             2620:0:861:134::/64,\n+             2620:0:861:136::/64,\n+             2620:0:861:138::/64,\n+             2620:0:861:13a::/64,\n+             2620:0:861:13c::/64,\n+             2620:0:861:13e::/64,\n+             2620:0:861:141::/64,\n+             2620:0:861:143::/64,\n+             2620:0:861:145::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[KAFKA_BROKERS_MAIN]", "parameters": "--- Nftables::Set[KAFKA_BROKERS_MAIN].orig\n+++ Nftables::Set[KAFKA_BROKERS_MAIN]\n\n+    hosts  => ['10.192.5.9', '2620:0:860:106:10:192:5:9', '10.192.22.6', '2620:0:860:112:10:192:22:6', '10.192.32.4', '2620:0:860:103:10:192:32:4', '10.192.48.33', '2620:0:860:104:10:192:48:33', '10.192.48.35', '2620:0:860:104:10:192:48:35', '10.64.0.101', '2620:0:861:101:10:64:0:101', '10.64.16.30', '2620:0:861:102:10:64:16:30', '10.64.32.45', '2620:0:861:103:10:64:32:45', '10.64.48.37', '2620:0:861:107:10:64:48:37', '10.64.152.5', '2620:0:861:120:10:64:152:5']\n+    ensure => present\n"}, {"resource": "Service[nftables]", "parameters": "--- Service[nftables].orig\n+++ Service[nftables]\n\n+    hasrestart => True\n+    enable     => True\n+    restart    => /usr/bin/systemctl reload nftables\n+    ensure     => running\n"}, {"resource": "Nftables::Set[MGMT_NETWORKS]", "parameters": "--- Nftables::Set[MGMT_NETWORKS].orig\n+++ Nftables::Set[MGMT_NETWORKS]\n\n+    hosts  => ['10.65.0.0/16', '10.128.128.0/17', '10.193.0.0/16', '10.80.128.0/17', '10.132.128.0/17', '10.136.128.0/17', '10.140.128.0/17']\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer]", "content": "--- /lib/systemd/system/wmf_auto_restart_ulogd2.timer.orig\n+++ /lib/systemd/system/wmf_auto_restart_ulogd2.timer\n@@ -1,12 +0,0 @@\n-[Unit]\n-Description=Periodic execution of wmf_auto_restart_ulogd2.service\n-\n-[Timer]\n-Unit=wmf_auto_restart_ulogd2.service\n-# Accuracy sets the maximum time interval around the execution time we want to allow\n-AccuracySec=15sec\n-OnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 7:40:00\n-RandomizedDelaySec=0\n-\n-[Install]\n-WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer]\n\n-    group  => root\n-    ensure => present\n-    notify => Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]\n-    mode   => 0444\n-    owner  => root\n"}, {"resource": "File[/etc/nftables/notrack]", "parameters": "--- File[/etc/nftables/notrack].orig\n+++ File[/etc/nftables/notrack]\n\n+    group   => root\n+    recurse => True\n+    ensure  => directory\n+    purge   => True\n+    owner   => root\n"}, {"resource": "File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/MGMT_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/MGMT_NETWORKS_ipv6.nft\n@@ -0,0 +1,4 @@\n+# Autogenerated by puppet\n+set MGMT_NETWORKS_ipv6 {\n+    type ipv6_addr\n+}", "parameters": "--- File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft\n@@ -0,0 +1,10 @@\n+# Autogenerated by puppet\n+set DRUID_PUBLIC_HOSTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.131.9,\n+             10.64.132.12,\n+             10.64.135.9,\n+             10.64.32.101,\n+             10.64.48.185\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Systemd::Service[wmf_auto_restart_ulogd2]", "parameters": "--- Systemd::Service[wmf_auto_restart_ulogd2].orig\n+++ Systemd::Service[wmf_auto_restart_ulogd2]\n\n-    monitoring_contact_group => admins\n-    unit_type                => timer\n-    require                  => Systemd::Unit[wmf_auto_restart_ulogd2.service]\n-    restart                  => False\n-    ensure                   => present\n-    monitoring_enabled       => False\n-    override                 => False\n-    monitoring_critical      => False\n-    migration_task           => T407130\n-    service_params           => {}\n"}, {"resource": "Rsyslog::Conf[ulogd]", "parameters": "--- Rsyslog::Conf[ulogd].orig\n+++ Rsyslog::Conf[ulogd]\n\n-    priority => 40\n-    require  => File[/var/log/ulogd]\n-    mode     => 0444\n-    ensure   => present\n"}, {"resource": "File[/etc/nftables/sets/CACHES_ipv4.nft]", "content": "--- /etc/nftables/sets/CACHES_ipv4.nft.orig\n+++ /etc/nftables/sets/CACHES_ipv4.nft\n@@ -0,0 +1,117 @@\n+# Autogenerated by puppet\n+set CACHES_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.0.79,\n+             10.64.0.229,\n+             10.64.0.14,\n+             10.64.0.51,\n+             10.64.16.241,\n+             10.64.16.94,\n+             10.64.16.95,\n+             10.64.16.240,\n+             10.64.32.14,\n+             10.64.32.60,\n+             10.64.32.15,\n+             10.64.32.65,\n+             10.64.48.16,\n+             10.64.48.41,\n+             10.64.48.27,\n+             10.64.48.28,\n+             10.192.23.26,\n+             10.192.6.20,\n+             10.192.12.35,\n+             10.192.14.25,\n+             10.192.4.22,\n+             10.192.29.26,\n+             10.192.30.29,\n+             10.192.36.19,\n+             10.192.40.25,\n+             10.192.41.21,\n+             10.192.56.3,\n+             10.192.56.4,\n+             10.192.57.3,\n+             10.192.58.2,\n+             10.192.58.3,\n+             10.192.59.2,\n+             10.80.0.14,\n+             10.80.1.11,\n+             10.80.0.13,\n+             10.80.1.9,\n+             10.80.0.12,\n+             10.80.1.7,\n+             10.80.0.11,\n+             10.80.1.6,\n+             10.80.0.10,\n+             10.80.1.5,\n+             10.80.0.8,\n+             10.80.1.4,\n+             10.80.0.7,\n+             10.80.1.3,\n+             10.80.0.6,\n+             10.80.1.2,\n+             10.128.0.19,\n+             10.128.1.27,\n+             10.128.0.22,\n+             10.128.1.28,\n+             10.128.0.25,\n+             10.128.1.29,\n+             10.128.0.26,\n+             10.128.1.31,\n+             10.128.0.14,\n+             10.128.1.35,\n+             10.128.0.21,\n+             10.128.1.36,\n+             10.128.0.24,\n+             10.128.1.10,\n+             10.128.0.37,\n+             10.128.1.12,\n+             10.132.0.17,\n+             10.132.0.18,\n+             10.132.0.19,\n+             10.132.0.24,\n+             10.132.0.29,\n+             10.132.0.30,\n+             10.132.0.34,\n+             10.132.0.35,\n+             10.132.0.36,\n+             10.132.0.37,\n+             10.132.0.38,\n+             10.132.0.25,\n+             10.132.0.26,\n+             10.132.0.27,\n+             10.132.0.28,\n+             10.132.0.16,\n+             10.136.0.6,\n+             10.136.1.6,\n+             10.136.0.7,\n+             10.136.1.7,\n+             10.136.0.8,\n+             10.136.1.8,\n+             10.136.0.9,\n+             10.136.1.9,\n+             10.136.0.10,\n+             10.136.1.10,\n+             10.136.0.11,\n+             10.136.1.11,\n+             10.136.0.12,\n+             10.136.1.12,\n+             10.136.0.13,\n+             10.136.1.13,\n+             10.140.0.3,\n+             10.140.1.4,\n+             10.140.0.4,\n+             10.140.1.5,\n+             10.140.0.5,\n+             10.140.1.6,\n+             10.140.0.6,\n+             10.140.1.7,\n+             10.140.0.7,\n+             10.140.1.8,\n+             10.140.0.8,\n+             10.140.1.9,\n+             10.140.0.9,\n+             10.140.1.10,\n+             10.140.0.10,\n+             10.140.1.11\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CACHES_ipv4.nft].orig\n+++ File[/etc/nftables/sets/CACHES_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/ferm/conf.d/02_main]", "parameters": "--- File[/etc/ferm/conf.d/02_main].orig\n+++ File[/etc/ferm/conf.d/02_main]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    ensure  => present\n-    notify  => Service[ferm]\n-    owner   => root\n-    group   => root\n-    mode    => 0400\n-    source  => puppet:///modules/base/firewall/main-input-default-drop.conf\n"}, {"resource": "Nftables::Set[DEPLOYMENT_HOSTS]", "parameters": "--- Nftables::Set[DEPLOYMENT_HOSTS].orig\n+++ Nftables::Set[DEPLOYMENT_HOSTS]\n\n+    hosts  => ['10.64.16.93', '2620:0:861:102:10:64:16:93', '10.192.32.7', '2620:0:860:103:10:192:32:7']\n+    ensure => present\n"}, {"resource": "Service[prometheus-node-textfile-check-nft.timer]", "parameters": "--- Service[prometheus-node-textfile-check-nft.timer].orig\n+++ Service[prometheus-node-textfile-check-nft.timer]\n\n+    provider => systemd\n+    enable   => True\n+    ensure   => running\n"}, {"resource": "File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft\n@@ -0,0 +1,11 @@\n+# Autogenerated by puppet\n+set ZOOKEEPER_FLINK_HOSTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.16.9,\n+             10.64.0.8,\n+             10.64.32.41,\n+             10.192.16.227,\n+             10.192.32.179,\n+             10.192.48.219\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Ferm::Rule[log-everything]", "parameters": "--- Ferm::Rule[log-everything].orig\n+++ Ferm::Rule[log-everything]\n\n-    domain => (ip ip6)\n-    desc   => \n-    table  => filter\n-    prio   => 98\n-    ensure => present\n-    rule   => NFLOG mod limit limit 1/second limit-burst 5 nflog-prefix \"[fw-in-drop]\";\n-    chain  => INPUT\n"}, {"resource": "Systemd::Service[prometheus-node-textfile-check-nft]", "parameters": "--- Systemd::Service[prometheus-node-textfile-check-nft].orig\n+++ Systemd::Service[prometheus-node-textfile-check-nft]\n\n+    monitoring_contact_group => admins\n+    unit_type                => timer\n+    require                  => Systemd::Unit[prometheus-node-textfile-check-nft.service]\n+    restart                  => False\n+    ensure                   => present\n+    monitoring_enabled       => False\n+    override                 => False\n+    monitoring_critical      => False\n+    migration_task           => T407130\n+    service_params           => {}\n"}, {"resource": "Systemd::Timer::Job[nrpe2nodexp-ferm_active]", "parameters": "--- Systemd::Timer::Job[nrpe2nodexp-ferm_active].orig\n+++ Systemd::Timer::Job[nrpe2nodexp-ferm_active]\n\n-    monitoring_contact_groups => admins\n-    splay                     => 600\n-    send_mail_only_on_error   => True\n-    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n-    logfile_basedir           => /var/log\n-    logfile_name              => syslog.log\n-    send_mail_to              => root@pc2022.codfw.wmnet\n-    monitoring_enabled        => False\n-    private_tmp               => False\n-    syslog_identifier         => nrpe2nodexp-ferm_active\n-    logfile_perms             => all\n-    fixed_random_delay        => True\n-    logfile_group             => root\n-    command                   => /usr/local/bin/nrpe2nodexp --alert-rule-hash \"bba0a2572329bb500b832470e08b381c\" --timeout 10 --check-command \"check_ferm_active\"\n-    interval                  => [{'start': 'OnUnitInactiveSec', 'interval': '10min'}]\n-    ensure                    => present\n-    user                      => nagios\n-    description               => execution of nrpe2nodexp for the check_ferm_active command.\n-    environment               => {}\n-    group                     => prometheus-node-exporter\n-    logging_enabled           => False\n-    syslog_match_startswith   => True\n-    success_exit_status       => []\n-    send_mail                 => False\n-    ignore_errors             => True\n-    syslog_force_stop         => True\n"}, {"resource": "File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]", "content": "--- /etc/nftables/input/10_full-monitoring-metrics-access-udp.nft.orig\n+++ /etc/nftables/input/10_full-monitoring-metrics-access-udp.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr { 10.192.16.75, 10.192.32.67, 10.192.39.10, 10.192.9.11, 208.80.153.42, 208.80.154.78 } udp dport 1-65535 accept\n+ip6 saddr { 2620:0:860:102:10:192:16:75, 2620:0:860:103:10:192:32:67, 2620:0:860:10a:10:192:9:11, 2620:0:860:11e:10:192:39:10, 2620:0:860:2:208:80:153:42, 2620:0:861:3:208:80:154:78 } udp dport 1-65535 accept", "parameters": "--- File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft].orig\n+++ File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[MONITORING_HOSTS]", "parameters": "--- Nftables::Set[MONITORING_HOSTS].orig\n+++ Nftables::Set[MONITORING_HOSTS]\n\n+    hosts  => ['208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']\n+    ensure => present\n"}, {"resource": "File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp]", "content": "--- /etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp.orig\n+++ /etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp\n@@ -1,6 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# \n-&R_SERVICE(tcp, 1:65535, (10.192.16.75 10.192.32.67 10.192.39.10 10.192.9.11 208.80.153.42 208.80.154.78 2620:0:860:102:10:192:16:75 2620:0:860:103:10:192:32:67 2620:0:860:10a:10:192:9:11 2620:0:860:11e:10:192:39:10 2620:0:860:2:208:80:153:42 2620:0:861:3:208:80:154:78));\n-\n-", "parameters": "--- File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp].orig\n+++ File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "Profile::Auto_restarts::Service[ulogd2]", "parameters": "--- Profile::Auto_restarts::Service[ulogd2].orig\n+++ Profile::Auto_restarts::Service[ulogd2]\n\n-    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft\n@@ -0,0 +1,8 @@\n+# Autogenerated by puppet\n+set MLSTAGE_KUBEPODS_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.194.61.0/24\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/var/log/wmf_auto_restart_ulogd2]", "parameters": "--- File[/var/log/wmf_auto_restart_ulogd2].orig\n+++ File[/var/log/wmf_auto_restart_ulogd2]\n\n-    force  => True\n-    group  => root\n-    backup => False\n-    ensure => directory\n-    mode   => 0755\n-    owner  => root\n"}, {"resource": "Ferm::Service[parsercache_mariadb_dba]", "parameters": "--- Ferm::Service[parsercache_mariadb_dba].orig\n+++ Ferm::Service[parsercache_mariadb_dba]\n\n-    desc                => \n-    ensure              => present\n-    proto               => tcp\n-    src_sets            => ['MYSQL_ROOT_CLIENTS']\n-    port                => 3307\n-    prio                => 10\n-    notrack             => False\n-    unrestricted_access => False\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-tcp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-tcp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-tcp]\n\n+    desc                => \n+    port_range          => [1, 65535]\n+    ensure              => present\n+    proto               => tcp\n+    src_ips             => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n+    prio                => 10\n+    notrack             => False\n+    unrestricted_access => False\n"}, {"resource": "Nftables::Set[SANDBOX_NETWORKS]", "parameters": "--- Nftables::Set[SANDBOX_NETWORKS].orig\n+++ Nftables::Set[SANDBOX_NETWORKS]\n\n+    hosts  => ['103.102.166.72/29', '185.15.59.72/29', '195.200.68.64/29', '198.35.26.240/28', '2001:df2:e500:202::/64', '208.80.152.240/28', '208.80.155.64/28', '2620:0:860:201::/64', '2620:0:861:202::/64', '2620:0:863:201::/64', '2a02:ec80:300:202::/64', '2a02:ec80:700:201::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/ferm/conf.d/01_drop-blocked-nets]", "content": "--- /etc/ferm/conf.d/01_drop-blocked-nets.orig\n+++ /etc/ferm/conf.d/01_drop-blocked-nets\n@@ -1,11 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# 01_drop-blocked-nets: drop abuse/blocked_nets.yaml defined in the requestctl private repo\n-\n-domain (ip ip6) {\n-\ttable filter {\n-\t\tchain INPUT {\n-\t\t\tsaddr $BLOCKED_NETS DROP;\n-\t\t}\n-\t}\n-}", "parameters": "--- File[/etc/ferm/conf.d/01_drop-blocked-nets].orig\n+++ File[/etc/ferm/conf.d/01_drop-blocked-nets]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "Systemd::Unit[nrpe2nodexp-ferm_active.service]", "parameters": "--- Systemd::Unit[nrpe2nodexp-ferm_active.service].orig\n+++ Systemd::Unit[nrpe2nodexp-ferm_active.service]\n\n-    require           => ['Class[Systemd]']\n-    restart           => False\n-    override          => False\n-    ensure            => present\n-    override_filename => puppet-override.conf\n-    unit              => nrpe2nodexp-ferm_active.service\n"}, {"resource": "Nftables::Set[NETWORK_INFRA]", "parameters": "--- Nftables::Set[NETWORK_INFRA].orig\n+++ Nftables::Set[NETWORK_INFRA]\n\n+    hosts  => ['185.15.59.128/27', '2a02:ec80:300:fe00::/55', '198.35.26.128/27', '2620:0:863:fe00::/55', '208.80.153.192/27', '2620:0:860:fe00::/55', '10.192.255.0/24', '2620:0:860:13f::/64', '10.192.253.0/24', '2620:0:860:139::/64', '208.80.154.192/27', '2620:0:861:fe00::/55', '10.64.146.0/24', '2620:0:861:11b::/128', '10.64.168.0/24', '2620:0:861:130::/64', '10.64.147.0/24', '103.102.166.128/27', '2001:df2:e500:fe00::/55', '185.15.58.128/27', '2a02:ec80:600:fe00::/55', '195.200.68.128/27', '2a02:ec80:700:fe00::/55']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft\n@@ -0,0 +1,183 @@\n+# Autogenerated by puppet\n+set PRODUCTION_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2001:df2:e500:101::/64,\n+             2001:df2:e500:103::/64,\n+             2001:df2:e500:1::/64,\n+             2001:df2:e500:3::/64,\n+             2001:df2:e500:ed1a::/64,\n+             2620:0:860:100::/64,\n+             2620:0:860:101::/64,\n+             2620:0:860:102::/64,\n+             2620:0:860:103::/64,\n+             2620:0:860:104::/64,\n+             2620:0:860:105::/64,\n+             2620:0:860:106::/64,\n+             2620:0:860:107::/64,\n+             2620:0:860:108::/64,\n+             2620:0:860:109::/64,\n+             2620:0:860:10a::/64,\n+             2620:0:860:10b::/64,\n+             2620:0:860:10c::/64,\n+             2620:0:860:10d::/64,\n+             2620:0:860:10e::/64,\n+             2620:0:860:10f::/64,\n+             2620:0:860:110::/64,\n+             2620:0:860:111::/64,\n+             2620:0:860:112::/64,\n+             2620:0:860:113::/64,\n+             2620:0:860:114::/64,\n+             2620:0:860:115::/64,\n+             2620:0:860:116::/64,\n+             2620:0:860:118::/64,\n+             2620:0:860:119::/64,\n+             2620:0:860:11a::/64,\n+             2620:0:860:11b::/64,\n+             2620:0:860:11c::/64,\n+             2620:0:860:11d::/64,\n+             2620:0:860:11e::/64,\n+             2620:0:860:11f::/64,\n+             2620:0:860:120::/64,\n+             2620:0:860:121::/64,\n+             2620:0:860:122::/64,\n+             2620:0:860:123::/64,\n+             2620:0:860:124::/64,\n+             2620:0:860:125::/64,\n+             2620:0:860:126::/64,\n+             2620:0:860:127::/64,\n+             2620:0:860:12b::/64,\n+             2620:0:860:12c::/64,\n+             2620:0:860:12d::/64,\n+             2620:0:860:12e::/64,\n+             2620:0:860:140::/64,\n+             2620:0:860:1::/64,\n+             2620:0:860:2::/64,\n+             2620:0:860:300::/64,\n+             2620:0:860:301::/64,\n+             2620:0:860:302::/64,\n+             2620:0:860:303::/64,\n+             2620:0:860:304::/64,\n+             2620:0:860:305::/64,\n+             2620:0:860:307::/64,\n+             2620:0:860:308::/64,\n+             2620:0:860:3::/64,\n+             2620:0:860:4::/64,\n+             2620:0:860:5::/64,\n+             2620:0:860:babe::/64,\n+             2620:0:860:babf::/64,\n+             2620:0:860:cabe::/64,\n+             2620:0:860:cabf::/64,\n+             2620:0:860:ed1a::/64,\n+             2620:0:861:100::/64,\n+             2620:0:861:101::/64,\n+             2620:0:861:102::/64,\n+             2620:0:861:103::/64,\n+             2620:0:861:104::/64,\n+             2620:0:861:105::/64,\n+             2620:0:861:106::/64,\n+             2620:0:861:107::/64,\n+             2620:0:861:108::/64,\n+             2620:0:861:109::/64,\n+             2620:0:861:10a::/64,\n+             2620:0:861:10b::/64,\n+             2620:0:861:10c::/64,\n+             2620:0:861:10d::/64,\n+             2620:0:861:10e::/64,\n+             2620:0:861:10f::/64,\n+             2620:0:861:110::/64,\n+             2620:0:861:111::/64,\n+             2620:0:861:112::/64,\n+             2620:0:861:113::/64,\n+             2620:0:861:114::/64,\n+             2620:0:861:115::/64,\n+             2620:0:861:116::/64,\n+             2620:0:861:117::/64,\n+             2620:0:861:118::/64,\n+             2620:0:861:119::/64,\n+             2620:0:861:11a::/64,\n+             2620:0:861:11c::/64,\n+             2620:0:861:11d::/64,\n+             2620:0:861:11e::/64,\n+             2620:0:861:11f::/64,\n+             2620:0:861:120::/64,\n+             2620:0:861:121::/64,\n+             2620:0:861:122::/64,\n+             2620:0:861:123::/64,\n+             2620:0:861:124::/64,\n+             2620:0:861:125::/64,\n+             2620:0:861:126::/64,\n+             2620:0:861:127::/64,\n+             2620:0:861:128::/64,\n+             2620:0:861:129::/64,\n+             2620:0:861:12a::/64,\n+             2620:0:861:12b::/64,\n+             2620:0:861:12c::/64,\n+             2620:0:861:12d::/64,\n+             2620:0:861:12e::/64,\n+             2620:0:861:12f::/64,\n+             2620:0:861:131::/64,\n+             2620:0:861:132::/64,\n+             2620:0:861:133::/64,\n+             2620:0:861:134::/64,\n+             2620:0:861:135::/64,\n+             2620:0:861:136::/64,\n+             2620:0:861:137::/64,\n+             2620:0:861:138::/64,\n+             2620:0:861:139::/64,\n+             2620:0:861:13a::/64,\n+             2620:0:861:13b::/64,\n+             2620:0:861:13c::/64,\n+             2620:0:861:13d::/64,\n+             2620:0:861:13e::/64,\n+             2620:0:861:13f::/64,\n+             2620:0:861:140::/64,\n+             2620:0:861:141::/64,\n+             2620:0:861:142::/64,\n+             2620:0:861:143::/64,\n+             2620:0:861:144::/64,\n+             2620:0:861:145::/64,\n+             2620:0:861:1::/64,\n+             2620:0:861:2::/64,\n+             2620:0:861:300::/64,\n+             2620:0:861:301::/116,\n+             2620:0:861:302::/64,\n+             2620:0:861:303::/116,\n+             2620:0:861:304::/116,\n+             2620:0:861:305::/64,\n+             2620:0:861:3::/64,\n+             2620:0:861:4::/64,\n+             2620:0:861:babe::/64,\n+             2620:0:861:babf::/116,\n+             2620:0:861:cabe::/64,\n+             2620:0:861:cabf::/116,\n+             2620:0:861:ed1a::/64,\n+             2620:0:863:101::/64,\n+             2620:0:863:102::/64,\n+             2620:0:863:103::/64,\n+             2620:0:863:1::/64,\n+             2620:0:863:2::/64,\n+             2620:0:863:3::/64,\n+             2620:0:863:ed1a::/64,\n+             2a02:ec80:300:101::/64,\n+             2a02:ec80:300:102::/64,\n+             2a02:ec80:300:103::/64,\n+             2a02:ec80:300:1::/64,\n+             2a02:ec80:300:2::/64,\n+             2a02:ec80:300:3::/64,\n+             2a02:ec80:300:ed1a::/64,\n+             2a02:ec80:600:101::/64,\n+             2a02:ec80:600:102::/64,\n+             2a02:ec80:600:1::/64,\n+             2a02:ec80:600:2::/64,\n+             2a02:ec80:600:ed1a::/64,\n+             2a02:ec80:700:101::/64,\n+             2a02:ec80:700:102::/64,\n+             2a02:ec80:700:103::/64,\n+             2a02:ec80:700:1::/64,\n+             2a02:ec80:700:2::/64,\n+             2a02:ec80:700:3::/64,\n+             2a02:ec80:700:ed1a::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Alternatives::Select[iptables]", "parameters": "--- Alternatives::Select[iptables].orig\n+++ Alternatives::Select[iptables]\n\n-    require => Package[iptables]\n-    path    => /usr/sbin/iptables-legacy\n"}, {"resource": "Nftables::Service[ssh-from-bastion]", "parameters": "--- Nftables::Service[ssh-from-bastion].orig\n+++ Nftables::Service[ssh-from-bastion]\n\n+    desc                => \n+    ensure              => present\n+    proto               => tcp\n+    src_ips             => ['103.102.166.103', '185.15.58.6', '185.15.59.99', '195.200.68.99', '198.35.26.104', '2001:df2:e500:3:103:102:166:103', '208.80.153.110', '208.80.154.7', '2620:0:860:4:208:80:153:110', '2620:0:861:1:208:80:154:7', '2620:0:863:3:198:35:26:104', '2a02:ec80:300:3:185:15:59:99', '2a02:ec80:600:1:185:15:58:6', '2a02:ec80:700:3:195:200:68:99']\n+    prio                => 10\n+    port                => 22\n+    notrack             => False\n+    unrestricted_access => False\n"}, {"resource": "File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/FRACK_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/FRACK_NETWORKS_ipv4.nft\n@@ -0,0 +1,22 @@\n+# Autogenerated by puppet\n+set FRACK_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.195.0.0/27,\n+             10.195.0.128/29,\n+             10.195.0.32/27,\n+             10.195.0.64/28,\n+             10.195.0.80/29,\n+             10.195.0.96/27,\n+             10.195.1.0/25,\n+             10.64.40.0/27,\n+             10.64.40.160/27,\n+             10.64.40.192/26,\n+             10.64.40.32/27,\n+             10.64.40.64/27,\n+             10.64.40.96/27,\n+             208.80.152.224/28,\n+             208.80.155.0/27\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Ferm::Rule[drop-blocked-nets]", "parameters": "--- Ferm::Rule[drop-blocked-nets].orig\n+++ Ferm::Rule[drop-blocked-nets]\n\n-    domain => (ip ip6)\n-    desc   => drop abuse/blocked_nets.yaml defined in the requestctl private repo\n-    table  => filter\n-    prio   => 01\n-    ensure => present\n-    rule   => saddr $BLOCKED_NETS DROP;\n-    chain  => INPUT\n"}, {"resource": "File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set LABSTORE_HOSTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 208.80.154.142,\n+             208.80.154.71\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Ferm::Rule[filter_log_filter-bootp]", "parameters": "--- Ferm::Rule[filter_log_filter-bootp].orig\n+++ Ferm::Rule[filter_log_filter-bootp]\n\n-    domain => (ip ip6)\n-    desc   => \n-    table  => filter\n-    prio   => 98\n-    ensure => present\n-    rule   => proto udp  daddr 255.255.255.255 sport 67 dport 68 DROP;\n-    chain  => INPUT\n"}, {"resource": "File[/etc/ferm]", "parameters": "--- File[/etc/ferm].orig\n+++ File[/etc/ferm]\n\n@@\n-    ensure => directory\n+    ensure => absent\n"}, {"resource": "Nftables::Set[ANALYTICS_NETWORKS]", "parameters": "--- Nftables::Set[ANALYTICS_NETWORKS].orig\n+++ Nftables::Set[ANALYTICS_NETWORKS]\n\n+    hosts  => ['10.64.137.0/24', '10.64.138.0/24', '10.64.139.0/24', '10.64.140.0/24', '10.64.142.0/24', '10.64.143.0/24', '10.64.144.0/24', '10.64.145.0/24', '10.64.153.0/24', '10.64.155.0/24', '10.64.157.0/24', '10.64.159.0/24', '10.64.161.0/24', '10.64.163.0/24', '10.64.165.0/24', '10.64.167.0/24', '10.64.170.0/24', '10.64.172.0/24', '10.64.174.0/24', '10.64.176.0/24', '10.64.178.0/24', '10.64.180.0/24', '10.64.182.0/24', '10.64.184.0/24', '10.64.186.0/24', '10.64.188.0/24', '10.64.190.0/24', '10.64.21.0/24', '10.64.36.0/24', '10.64.5.0/24', '10.64.53.0/24', '2620:0:861:100::/64', '2620:0:861:104::/64', '2620:0:861:105::/64', '2620:0:861:106::/64', '2620:0:861:108::/64', '2620:0:861:110::/64', '2620:0:861:111::/64', '2620:0:861:112::/64', '2620:0:861:114::/64', '2620:0:861:115::/64', '2620:0:861:116::/64', '2620:0:861:117::/64', '2620:0:861:11a::/64', '2620:0:861:121::/64', '2620:0:861:123::/64', '2620:0:861:125::/64', '2620:0:861:127::/64', '2620:0:861:129::/64', '2620:0:861:12b::/64', '2620:0:861:12d::/64', '2620:0:861:12f::/64', '2620:0:861:132::/64', '2620:0:861:134::/64', '2620:0:861:136::/64', '2620:0:861:138::/64', '2620:0:861:13a::/64', '2620:0:861:13c::/64', '2620:0:861:13e::/64', '2620:0:861:141::/64', '2620:0:861:143::/64', '2620:0:861:145::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/sudoers.d/nrpe-check_ferm_active]", "content": "--- /etc/sudoers.d/nrpe-check_ferm_active.orig\n+++ /etc/sudoers.d/nrpe-check_ferm_active\n@@ -1,3 +0,0 @@\n-# This file is managed by Puppet!\n-\n-nagios ALL = (root) NOPASSWD: /usr/local/lib/nagios/plugins/check_ferm", "parameters": "--- File[/etc/sudoers.d/nrpe-check_ferm_active].orig\n+++ File[/etc/sudoers.d/nrpe-check_ferm_active]\n\n-    validate_cmd => /usr/sbin/visudo -cqf %\n-    require      => Package[nagios-nrpe-server]\n-    group        => root\n-    ensure       => present\n-    mode         => 0440\n-    owner        => root\n"}, {"resource": "File[/etc/nftables/input/10_parsercache_mariadb_dba.nft]", "content": "--- /etc/nftables/input/10_parsercache_mariadb_dba.nft.orig\n+++ /etc/nftables/input/10_parsercache_mariadb_dba.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr @MYSQL_ROOT_CLIENTS_ipv4 tcp dport { 3307 } accept\n+ip6 saddr @MYSQL_ROOT_CLIENTS_ipv6 tcp dport { 3307 } accept", "parameters": "--- File[/etc/nftables/input/10_parsercache_mariadb_dba.nft].orig\n+++ File[/etc/nftables/input/10_parsercache_mariadb_dba.nft]\n\n+    tag     => nft\n+    require => ['Nftables::Set[MYSQL_ROOT_CLIENTS]']\n+    group   => root\n+    ensure  => present\n+    mode    => 0444\n+    notify  => ['Service[nftables]']\n+    owner   => root\n"}, {"resource": "Nftables::Set[CLOUD_NETWORKS_PUBLIC]", "parameters": "--- Nftables::Set[CLOUD_NETWORKS_PUBLIC].orig\n+++ Nftables::Set[CLOUD_NETWORKS_PUBLIC]\n\n+    hosts  => ['185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:4000::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/forward]", "parameters": "--- File[/etc/nftables/forward].orig\n+++ File[/etc/nftables/forward]\n\n+    group   => root\n+    recurse => True\n+    ensure  => directory\n+    purge   => True\n+    owner   => root\n"}, {"resource": "File[/etc/modules-load.d/conntrack.conf]", "parameters": "--- File[/etc/modules-load.d/conntrack.conf].orig\n+++ File[/etc/modules-load.d/conntrack.conf]\n\n@@\n-    ensure => file\n+    ensure => absent\n"}, {"resource": "Sudo::User[nrpe-check_ferm_active]", "parameters": "--- Sudo::User[nrpe-check_ferm_active].orig\n+++ Sudo::User[nrpe-check_ferm_active]\n\n-    tag        => nrpe::check\n-    require    => ['Class[Sudo]']\n-    privileges => ['ALL = (root) NOPASSWD: /usr/local/lib/nagios/plugins/check_ferm']\n-    ensure     => present\n-    user       => nagios\n"}, {"resource": "Service[wmf_auto_restart_ulogd2.timer]", "parameters": "--- Service[wmf_auto_restart_ulogd2.timer].orig\n+++ Service[wmf_auto_restart_ulogd2.timer]\n\n-    provider => systemd\n-    enable   => True\n-    ensure   => running\n"}, {"resource": "Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]", "parameters": "--- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)].orig\n+++ Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]\n\n-    command     => /bin/systemctl daemon-reload\n-    before      => ['Service[nrpe2nodexp-ferm_active.timer]']\n-    refreshonly => True\n"}, {"resource": "File[/etc/nagios/nrpe.d/check_ferm_active.cfg]", "content": "--- /etc/nagios/nrpe.d/check_ferm_active.cfg.orig\n+++ /etc/nagios/nrpe.d/check_ferm_active.cfg\n@@ -1,2 +0,0 @@\n-# File generated by puppet. DO NOT edit by hand\n-command[check_ferm_active]=/usr/bin/sudo /usr/local/lib/nagios/plugins/check_ferm", "parameters": "--- File[/etc/nagios/nrpe.d/check_ferm_active.cfg].orig\n+++ File[/etc/nagios/nrpe.d/check_ferm_active.cfg]\n\n-    tag     => nrpe::check\n-    require => Package[nagios-nrpe-server]\n-    group   => root\n-    ensure  => present\n-    notify  => Service[nagios-nrpe-server]\n-    mode    => 0444\n-    owner   => root\n"}, {"resource": "File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]", "content": "--- /etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft.orig\n+++ /etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft\n@@ -0,0 +1,15 @@\n+# Autogenerated by puppet\n+set KAFKA_BROKERS_MAIN_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:860:106:10:192:5:9,\n+             2620:0:860:112:10:192:22:6,\n+             2620:0:860:103:10:192:32:4,\n+             2620:0:860:104:10:192:48:33,\n+             2620:0:860:104:10:192:48:35,\n+             2620:0:861:101:10:64:0:101,\n+             2620:0:861:102:10:64:16:30,\n+             2620:0:861:103:10:64:32:45,\n+             2620:0:861:107:10:64:48:37,\n+             2620:0:861:120:10:64:152:5\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft].orig\n+++ File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[LINK_LOCAL]", "parameters": "--- Nftables::Set[LINK_LOCAL].orig\n+++ Nftables::Set[LINK_LOCAL]\n\n+    hosts  => ['169.254.0.0/16', 'fe80::/10']\n+    ensure => present\n"}, {"resource": "Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]", "parameters": "--- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)].orig\n+++ Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]\n\n+    command     => /bin/systemctl daemon-reload\n+    before      => ['Service[prometheus-node-textfile-check-nft.timer]']\n+    refreshonly => True\n"}, {"resource": "File[/etc/ferm/conf.d/00_defs_requestctl]", "parameters": "--- File[/etc/ferm/conf.d/00_defs_requestctl].orig\n+++ File[/etc/ferm/conf.d/00_defs_requestctl]\n\n@@\n-    ensure => file\n+    ensure => absent\n"}, {"resource": "File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]", "content": "--- /etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft.orig\n+++ /etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set CLOUD_NETWORKS_PUBLIC_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2a02:ec80:a000:4000::/64,\n+             2a02:ec80:a100:4000::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft].orig\n+++ File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set MLSERVE_KUBEPODS_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:861:300::/64,\n+             2620:0:860:300::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[DOMAIN_NETWORKS]", "parameters": "--- Nftables::Set[DOMAIN_NETWORKS].orig\n+++ Nftables::Set[DOMAIN_NETWORKS]\n\n+    hosts  => ['10.128.0.0/24', '10.128.1.0/24', '10.128.2.0/24', '10.132.0.0/24', '10.132.2.0/24', '10.136.0.0/24', '10.136.1.0/24', '10.140.0.0/24', '10.140.1.0/24', '10.140.2.0/24', '10.192.0.0/22', '10.192.10.0/24', '10.192.11.0/24', '10.192.12.0/24', '10.192.13.0/24', '10.192.14.0/24', '10.192.15.0/24', '10.192.16.0/22', '10.192.20.0/24', '10.192.21.0/24', '10.192.22.0/24', '10.192.23.0/24', '10.192.24.0/23', '10.192.26.0/24', '10.192.27.0/24', '10.192.28.0/24', '10.192.29.0/24', '10.192.30.0/24', '10.192.31.0/24', '10.192.32.0/22', '10.192.36.0/24', '10.192.37.0/24', '10.192.38.0/24', '10.192.39.0/24', '10.192.4.0/24', '10.192.40.0/24', '10.192.41.0/24', '10.192.42.0/24', '10.192.43.0/24', '10.192.44.0/24', '10.192.45.0/24', '10.192.46.0/24', '10.192.47.0/24', '10.192.48.0/22', '10.192.5.0/24', '10.192.52.0/24', '10.192.56.0/24', '10.192.57.0/24', '10.192.58.0/24', '10.192.59.0/24', '10.192.6.0/24', '10.192.64.0/21', '10.192.7.0/24', '10.192.72.0/24', '10.192.76.0/24', '10.192.8.0/24', '10.192.80.0/20', '10.192.9.0/24', '10.192.96.0/21', '10.194.0.0/20', '10.194.128.0/17', '10.194.16.0/21', '10.194.61.0/24', '10.194.62.0/23', '10.194.64.0/20', '10.194.80.0/21', '10.2.1.0/24', '10.2.2.0/24', '10.2.3.0/24', '10.2.4.0/24', '10.2.5.0/24', '10.2.6.0/24', '10.2.7.0/24', '10.64.0.0/22', '10.64.130.0/24', '10.64.131.0/24', '10.64.132.0/24', '10.64.133.0/24', '10.64.134.0/24', '10.64.135.0/24', '10.64.136.0/24', '10.64.137.0/24', '10.64.138.0/24', '10.64.139.0/24', '10.64.140.0/24', '10.64.141.0/24', '10.64.142.0/24', '10.64.143.0/24', '10.64.144.0/24', '10.64.145.0/24', '10.64.148.0/24', '10.64.149.0/24', '10.64.150.0/24', '10.64.151.0/24', '10.64.152.0/24', '10.64.153.0/24', '10.64.154.0/24', '10.64.155.0/24', '10.64.156.0/24', '10.64.157.0/24', '10.64.158.0/24', '10.64.159.0/24', '10.64.16.0/22', '10.64.160.0/24', '10.64.161.0/24', '10.64.162.0/24', '10.64.163.0/24', '10.64.164.0/24', '10.64.165.0/24', '10.64.166.0/24', '10.64.167.0/24', '10.64.169.0/24', '10.64.170.0/24', '10.64.171.0/24', '10.64.172.0/24', '10.64.173.0/24', '10.64.174.0/24', '10.64.175.0/24', '10.64.176.0/24', '10.64.177.0/24', '10.64.178.0/24', '10.64.179.0/24', '10.64.180.0/24', '10.64.181.0/24', '10.64.182.0/24', '10.64.183.0/24', '10.64.184.0/24', '10.64.185.0/24', '10.64.186.0/24', '10.64.187.0/24', '10.64.188.0/24', '10.64.189.0/24', '10.64.190.0/24', '10.64.20.0/24', '10.64.21.0/24', '10.64.24.0/23', '10.64.32.0/22', '10.64.36.0/24', '10.64.48.0/22', '10.64.5.0/24', '10.64.53.0/24', '10.64.64.0/21', '10.64.72.0/24', '10.64.76.0/24', '10.67.0.0/20', '10.67.128.0/17', '10.67.16.0/21', '10.67.24.0/21', '10.67.32.0/20', '10.67.64.0/20', '10.67.80.0/21', '10.80.0.0/24', '10.80.1.0/24', '10.80.2.0/24', '103.102.166.0/28', '103.102.166.224/27', '103.102.166.96/27', '185.15.58.0/27', '185.15.58.224/27', '185.15.58.32/27', '185.15.59.0/27', '185.15.59.224/27', '185.15.59.32/27', '185.15.59.96/27', '195.200.68.0/27', '195.200.68.224/27', '195.200.68.32/27', '195.200.68.96/27', '198.35.26.0/27', '198.35.26.32/27', '198.35.26.96/27', '198.35.26.96/27', '2001:df2:e500:101::/64', '2001:df2:e500:103::/64', '2001:df2:e500:1::/64', '2001:df2:e500:3::/64', '2001:df2:e500:ed1a::/64', '208.80.152.128/27', '208.80.153.0/27', '208.80.153.224/27', '208.80.153.32/27', '208.80.153.64/27', '208.80.153.96/27', '208.80.154.0/26', '208.80.154.128/26', '208.80.154.224/27', '208.80.154.64/26', '208.80.155.96/27', '2620:0:860:100::/64', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '2620:0:860:105::/64', '2620:0:860:106::/64', '2620:0:860:107::/64', '2620:0:860:108::/64', '2620:0:860:109::/64', '2620:0:860:10a::/64', '2620:0:860:10b::/64', '2620:0:860:10c::/64', '2620:0:860:10d::/64', '2620:0:860:10e::/64', '2620:0:860:10f::/64', '2620:0:860:110::/64', '2620:0:860:111::/64', '2620:0:860:112::/64', '2620:0:860:113::/64', '2620:0:860:114::/64', '2620:0:860:115::/64', '2620:0:860:116::/64', '2620:0:860:118::/64', '2620:0:860:119::/64', '2620:0:860:11a::/64', '2620:0:860:11b::/64', '2620:0:860:11c::/64', '2620:0:860:11d::/64', '2620:0:860:11e::/64', '2620:0:860:11f::/64', '2620:0:860:120::/64', '2620:0:860:121::/64', '2620:0:860:122::/64', '2620:0:860:123::/64', '2620:0:860:124::/64', '2620:0:860:125::/64', '2620:0:860:126::/64', '2620:0:860:127::/64', '2620:0:860:12b::/64', '2620:0:860:12c::/64', '2620:0:860:12d::/64', '2620:0:860:12e::/64', '2620:0:860:140::/64', '2620:0:860:1::/64', '2620:0:860:2::/64', '2620:0:860:300::/64', '2620:0:860:301::/64', '2620:0:860:302::/64', '2620:0:860:303::/64', '2620:0:860:304::/64', '2620:0:860:305::/64', '2620:0:860:307::/64', '2620:0:860:308::/64', '2620:0:860:3::/64', '2620:0:860:4::/64', '2620:0:860:5::/64', '2620:0:860:babe::/64', '2620:0:860:babf::/64', '2620:0:860:cabe::/64', '2620:0:860:cabf::/64', '2620:0:860:ed1a::/64', '2620:0:861:100::/64', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:104::/64', '2620:0:861:105::/64', '2620:0:861:106::/64', '2620:0:861:107::/64', '2620:0:861:108::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10c::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:110::/64', '2620:0:861:111::/64', '2620:0:861:112::/64', '2620:0:861:113::/64', '2620:0:861:114::/64', '2620:0:861:115::/64', '2620:0:861:116::/64', '2620:0:861:117::/64', '2620:0:861:118::/64', '2620:0:861:119::/64', '2620:0:861:11a::/64', '2620:0:861:11c::/64', '2620:0:861:11d::/64', '2620:0:861:11e::/64', '2620:0:861:11f::/64', '2620:0:861:120::/64', '2620:0:861:121::/64', '2620:0:861:122::/64', '2620:0:861:123::/64', '2620:0:861:124::/64', '2620:0:861:125::/64', '2620:0:861:126::/64', '2620:0:861:127::/64', '2620:0:861:128::/64', '2620:0:861:129::/64', '2620:0:861:12a::/64', '2620:0:861:12b::/64', '2620:0:861:12c::/64', '2620:0:861:12d::/64', '2620:0:861:12e::/64', '2620:0:861:12f::/64', '2620:0:861:131::/64', '2620:0:861:132::/64', '2620:0:861:133::/64', '2620:0:861:134::/64', '2620:0:861:135::/64', '2620:0:861:136::/64', '2620:0:861:137::/64', '2620:0:861:138::/64', '2620:0:861:139::/64', '2620:0:861:13a::/64', '2620:0:861:13b::/64', '2620:0:861:13c::/64', '2620:0:861:13d::/64', '2620:0:861:13e::/64', '2620:0:861:13f::/64', '2620:0:861:140::/64', '2620:0:861:141::/64', '2620:0:861:142::/64', '2620:0:861:143::/64', '2620:0:861:144::/64', '2620:0:861:145::/64', '2620:0:861:1::/64', '2620:0:861:2::/64', '2620:0:861:300::/64', '2620:0:861:301::/116', '2620:0:861:302::/64', '2620:0:861:303::/116', '2620:0:861:304::/116', '2620:0:861:305::/64', '2620:0:861:3::/64', '2620:0:861:4::/64', '2620:0:861:babe::/64', '2620:0:861:babf::/116', '2620:0:861:cabe::/64', '2620:0:861:cabf::/116', '2620:0:861:ed1a::/64', '2620:0:863:101::/64', '2620:0:863:102::/64', '2620:0:863:103::/64', '2620:0:863:1::/64', '2620:0:863:2::/64', '2620:0:863:3::/64', '2620:0:863:ed1a::/64', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '2a02:ec80:300:103::/64', '2a02:ec80:300:1::/64', '2a02:ec80:300:2::/64', '2a02:ec80:300:3::/64', '2a02:ec80:300:ed1a::/64', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '2a02:ec80:600:1::/64', '2a02:ec80:600:2::/64', '2a02:ec80:600:ed1a::/64', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64', '2a02:ec80:700:103::/64', '2a02:ec80:700:1::/64', '2a02:ec80:700:2::/64', '2a02:ec80:700:3::/64', '2a02:ec80:700:ed1a::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/systemd/system/nftables.service.d]", "parameters": "--- File[/etc/systemd/system/nftables.service.d].orig\n+++ File[/etc/systemd/system/nftables.service.d]\n\n+    owner  => root\n+    group  => root\n+    mode   => 0555\n+    ensure => directory\n"}, {"resource": "File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]", "content": "--- /etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft.orig\n+++ /etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr { 10.192.16.75, 10.192.32.67, 10.192.39.10, 10.192.9.11, 208.80.153.42, 208.80.154.78 } tcp dport 1-65535 accept\n+ip6 saddr { 2620:0:860:102:10:192:16:75, 2620:0:860:103:10:192:32:67, 2620:0:860:10a:10:192:9:11, 2620:0:860:11e:10:192:39:10, 2620:0:860:2:208:80:153:42, 2620:0:861:3:208:80:154:78 } tcp dport 1-65535 accept", "parameters": "--- File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft].orig\n+++ File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]\n\n-    command     => /bin/systemctl daemon-reload\n-    refreshonly => True\n"}, {"resource": "Logrotate::Conf[ulogd]", "parameters": "--- Logrotate::Conf[ulogd].orig\n+++ Logrotate::Conf[ulogd]\n\n-    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]", "content": "--- /etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft.orig\n+++ /etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft\n@@ -0,0 +1,14 @@\n+# Autogenerated by puppet\n+set KAFKA_BROKERS_JUMBO_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:109:10:64:130:10,\n+             2620:0:861:10a:10:64:131:16,\n+             2620:0:861:10b:10:64:132:21,\n+             2620:0:861:10d:10:64:134:9,\n+             2620:0:861:10e:10:64:135:16,\n+             2620:0:861:10f:10:64:136:11,\n+             2620:0:861:122:10:64:154:15,\n+             2620:0:861:128:10:64:160:16,\n+             2620:0:861:101:10:64:0:126\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft].orig\n+++ File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/ferm/functions.conf]", "parameters": "--- File[/etc/ferm/functions.conf].orig\n+++ File[/etc/ferm/functions.conf]\n\n-    require => Package[ferm]\n-    group   => root\n-    ensure  => file\n-    source  => puppet:///modules/ferm/functions.conf\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "Systemd::Unit[ferm-ferm-service-status-restart]", "parameters": "--- Systemd::Unit[ferm-ferm-service-status-restart].orig\n+++ Systemd::Unit[ferm-ferm-service-status-restart]\n\n-    require           => ['Class[Systemd]']\n-    restart           => False\n-    override          => True\n-    ensure            => present\n-    override_filename => ferm-service-status-restart\n-    source            => puppet:///modules/ferm/ferm_systemd_override\n-    unit              => ferm\n"}, {"resource": "File[/etc/ferm/conf.d/98_filter_log_filter-bootp]", "content": "--- /etc/ferm/conf.d/98_filter_log_filter-bootp.orig\n+++ /etc/ferm/conf.d/98_filter_log_filter-bootp\n@@ -1,11 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# 98_filter_log_filter-bootp: \n-\n-domain (ip ip6) {\n-\ttable filter {\n-\t\tchain INPUT {\n-\t\t\tproto udp  daddr 255.255.255.255 sport 67 dport 68 DROP;\n-\t\t}\n-\t}\n-}", "parameters": "--- File[/etc/ferm/conf.d/98_filter_log_filter-bootp].orig\n+++ File[/etc/ferm/conf.d/98_filter_log_filter-bootp]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "File[/lib/systemd/system/prometheus-node-textfile-check-nft.service]", "content": "--- /lib/systemd/system/prometheus-node-textfile-check-nft.service.orig\n+++ /lib/systemd/system/prometheus-node-textfile-check-nft.service\n@@ -0,0 +1,8 @@\n+[Unit]\n+Description=Systemd timer to gather node metrics for check-nft\n+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+\n+[Service]\n+Type=oneshot\n+User=root\n+ExecStart=/usr/local/bin/check-nft", "parameters": "--- File[/lib/systemd/system/prometheus-node-textfile-check-nft.service].orig\n+++ File[/lib/systemd/system/prometheus-node-textfile-check-nft.service]\n\n+    group  => root\n+    ensure => present\n+    notify => Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]\n+    mode   => 0444\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set DEPLOYMENT_HOSTS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:102:10:64:16:93,\n+             2620:0:860:103:10:192:32:7\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]", "content": "--- /lib/systemd/system/nrpe2nodexp-ferm_active.timer.orig\n+++ /lib/systemd/system/nrpe2nodexp-ferm_active.timer\n@@ -1,14 +0,0 @@\n-[Unit]\n-Description=Periodic execution of nrpe2nodexp-ferm_active.service\n-\n-[Timer]\n-Unit=nrpe2nodexp-ferm_active.service\n-# Accuracy sets the maximum time interval around the execution time we want to allow\n-AccuracySec=15sec\n-OnUnitInactiveSec=10min\n-OnActiveSec=1s\n-RandomizedDelaySec=600\n-FixedRandomDelay=true\n-\n-[Install]\n-WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer].orig\n+++ File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]\n\n-    group  => root\n-    ensure => present\n-    notify => Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]\n-    mode   => 0444\n-    owner  => root\n"}, {"resource": "File[/etc/ferm/conf.d/10_mariadb_internal]", "content": "--- /etc/ferm/conf.d/10_mariadb_internal.orig\n+++ /etc/ferm/conf.d/10_mariadb_internal\n@@ -1,8 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# \n-&R_SERVICE(tcp, 3306, $INTERNAL);\n-\n-\n-\n-&NO_TRACK(tcp, 3306);", "parameters": "--- File[/etc/ferm/conf.d/10_mariadb_internal].orig\n+++ File[/etc/ferm/conf.d/10_mariadb_internal]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "File[/etc/ferm/conf.d/98_log-everything]", "content": "--- /etc/ferm/conf.d/98_log-everything.orig\n+++ /etc/ferm/conf.d/98_log-everything\n@@ -1,11 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# 98_log-everything: \n-\n-domain (ip ip6) {\n-\ttable filter {\n-\t\tchain INPUT {\n-\t\t\tNFLOG mod limit limit 1/second limit-burst 5 nflog-prefix \"[fw-in-drop]\";\n-\t\t}\n-\t}\n-}", "parameters": "--- File[/etc/ferm/conf.d/98_log-everything].orig\n+++ File[/etc/ferm/conf.d/98_log-everything]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "File[/etc/nftables/postrouting]", "parameters": "--- File[/etc/nftables/postrouting].orig\n+++ File[/etc/nftables/postrouting]\n\n+    group   => root\n+    recurse => True\n+    ensure  => directory\n+    purge   => True\n+    owner   => root\n"}, {"resource": "File[/etc/systemd/system/ferm.service.d]", "parameters": "--- File[/etc/systemd/system/ferm.service.d].orig\n+++ File[/etc/systemd/system/ferm.service.d]\n\n-    owner  => root\n-    group  => root\n-    mode   => 0555\n-    ensure => directory\n"}, {"resource": "Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS]", "parameters": "--- Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS].orig\n+++ Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS]\n\n+    hosts  => ['10.64.0.136', '10.64.16.60', '10.64.158.19', '10.64.166.19', '10.64.133.19', '10.64.141.19', '10.64.169.19', '10.64.171.19', '10.64.173.19', '10.64.175.19', '10.64.177.19', '10.64.179.19', '10.64.181.19', '10.64.183.19', '10.64.185.19', '10.64.187.19', '10.64.189.19', '10.64.48.72', '10.64.37.17', '10.64.1.17', '10.64.17.17', '10.64.33.17', '10.64.130.20', '10.64.131.20', '10.64.132.20', '10.64.134.20', '10.64.135.20', '10.64.136.20', '10.64.158.20', '10.64.166.20', '10.64.133.20', '10.64.141.20', '10.64.169.20', '10.64.171.20', '10.64.173.20', '10.64.175.20', '10.64.177.20', '10.64.179.20', '10.64.181.20', '10.64.183.20', '10.64.185.20', '10.64.187.20', '10.64.189.20', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:107::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:119::/64', '2620:0:861:10c::/64', '2620:0:861:113::/64', '2620:0:861:119::/64', '2620:0:861:131::/64', '2620:0:861:133::/64', '2620:0:861:135::/64', '2620:0:861:137::/64', '2620:0:861:139::/64', '2620:0:861:13b::/64', '2620:0:861:13d::/64', '2620:0:861:13f::/64', '2620:0:861:142::/64', '2620:0:861:144::/64', '10.192.23.8', '10.192.0.29', '10.192.17.8', '10.192.33.8', '10.192.49.8', '10.192.23.2', '10.192.5.2', '10.192.6.2', '10.192.7.2', '10.192.8.2', '10.192.9.2', '10.192.10.2', '10.192.11.2', '10.192.12.2', '10.192.13.2', '10.192.14.2', '10.192.15.2', '10.192.21.2', '10.192.22.2', '10.192.4.2', '10.192.26.2', '10.192.27.2', '10.192.28.2', '10.192.29.2', '10.192.30.2', '10.192.31.2', '10.192.36.2', '10.192.37.2', '10.192.38.2', '10.192.39.2', '10.192.40.2', '10.192.41.2', '10.192.42.2', '10.192.43.2', '10.192.11.8', '10.192.16.140', '10.192.1.8', '10.192.33.9', '10.192.49.9', '10.192.23.3', '10.192.5.3', '10.192.6.3', '10.192.7.3', '10.192.8.3', '10.192.9.3', '10.192.10.3', '10.192.11.3', '10.192.12.3', '10.192.13.3', '10.192.14.3', '10.192.15.3', '10.192.21.3', '10.192.22.3', '10.192.4.3', '10.192.26.3', '10.192.27.3', '10.192.28.3', '10.192.29.3', '10.192.30.3', '10.192.31.3', '10.192.36.3', '10.192.37.3', '10.192.38.3', '10.192.39.4', '10.192.40.3', '10.192.41.3', '10.192.42.3', '10.192.43.3', '10.192.32.14', '10.192.1.9', '10.192.17.9', '10.192.49.10', '10.192.23.4', '10.192.5.4', '10.192.6.4', '10.192.7.4', '10.192.8.4', '10.192.9.4', '10.192.10.4', '10.192.11.4', '10.192.12.4', '10.192.13.4', '10.192.14.4', '10.192.15.4', '10.192.21.4', '10.192.22.4', '10.192.4.5', '10.192.26.5', '10.192.27.5', '10.192.28.5', '10.192.29.5', '10.192.30.5', '10.192.31.5', '10.192.36.5', '10.192.37.5', '10.192.38.5', '10.192.39.6', '10.192.40.5', '10.192.41.5', '10.192.42.5', '10.192.43.5', '10.192.48.213', '10.192.1.13', '10.192.17.10', '10.192.33.10', '10.192.23.5', '10.192.5.8', '10.192.6.5', '10.192.7.5', '10.192.8.5', '10.192.9.5', '10.192.10.5', '10.192.11.5', '10.192.12.5', '10.192.13.5', '10.192.14.5', '10.192.15.5', '10.192.21.5', '10.192.22.5', '10.192.4.5', '10.192.26.5', '10.192.27.5', '10.192.28.5', '10.192.29.5', '10.192.30.5', '10.192.31.5', '10.192.36.5', '10.192.37.5', '10.192.38.5', '10.192.39.6', '10.192.40.5', '10.192.41.5', '10.192.42.5', '10.192.43.5', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '10.80.0.3', '10.80.1.8', '10.80.1.14', '10.80.0.9', '10.80.0.2', '10.80.1.10', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '10.128.1.18', '10.128.0.9', '10.128.1.11', '2620:0:863:101::/64', '2620:0:863:102::/64', '10.132.0.39', '10.132.0.6', '10.132.0.7', '2001:df2:e500:101::/64', '10.136.0.16', '10.136.1.19', '10.136.1.15', '10.136.0.19', '10.136.0.17', '10.136.1.20', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '10.140.0.13', '10.140.1.2', '10.140.1.14', '10.140.0.2', '10.140.0.14', '10.140.1.3', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set DSE_KUBEPODS_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.67.24.0/21,\n+             10.192.96.0/21\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]", "content": "--- /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft.orig\n+++ /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft\n@@ -0,0 +1,11 @@\n+# Autogenerated by puppet\n+set ZOOKEEPER_HOSTS_MAIN_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.0.207,\n+             10.64.16.110,\n+             10.64.48.154,\n+             10.192.16.45,\n+             10.192.32.52,\n+             10.192.48.59\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft].orig\n+++ File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]", "content": "--- /etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft.orig\n+++ /etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft\n@@ -0,0 +1,191 @@\n+# Autogenerated by puppet\n+set LOAD_BALANCER_HEALTH_CHECKS_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.64.0.136,\n+             10.64.16.60,\n+             10.64.158.19,\n+             10.64.166.19,\n+             10.64.133.19,\n+             10.64.141.19,\n+             10.64.169.19,\n+             10.64.171.19,\n+             10.64.173.19,\n+             10.64.175.19,\n+             10.64.177.19,\n+             10.64.179.19,\n+             10.64.181.19,\n+             10.64.183.19,\n+             10.64.185.19,\n+             10.64.187.19,\n+             10.64.189.19,\n+             10.64.48.72,\n+             10.64.37.17,\n+             10.64.1.17,\n+             10.64.17.17,\n+             10.64.33.17,\n+             10.64.130.20,\n+             10.64.131.20,\n+             10.64.132.20,\n+             10.64.134.20,\n+             10.64.135.20,\n+             10.64.136.20,\n+             10.64.158.20,\n+             10.64.166.20,\n+             10.64.133.20,\n+             10.64.141.20,\n+             10.64.169.20,\n+             10.64.171.20,\n+             10.64.173.20,\n+             10.64.175.20,\n+             10.64.177.20,\n+             10.64.179.20,\n+             10.64.181.20,\n+             10.64.183.20,\n+             10.64.185.20,\n+             10.64.187.20,\n+             10.64.189.20,\n+             10.192.23.8,\n+             10.192.0.29,\n+             10.192.17.8,\n+             10.192.33.8,\n+             10.192.49.8,\n+             10.192.23.2,\n+             10.192.5.2,\n+             10.192.6.2,\n+             10.192.7.2,\n+             10.192.8.2,\n+             10.192.9.2,\n+             10.192.10.2,\n+             10.192.11.2,\n+             10.192.12.2,\n+             10.192.13.2,\n+             10.192.14.2,\n+             10.192.15.2,\n+             10.192.21.2,\n+             10.192.22.2,\n+             10.192.4.2,\n+             10.192.26.2,\n+             10.192.27.2,\n+             10.192.28.2,\n+             10.192.29.2,\n+             10.192.30.2,\n+             10.192.31.2,\n+             10.192.36.2,\n+             10.192.37.2,\n+             10.192.38.2,\n+             10.192.39.2,\n+             10.192.40.2,\n+             10.192.41.2,\n+             10.192.42.2,\n+             10.192.43.2,\n+             10.192.11.8,\n+             10.192.16.140,\n+             10.192.1.8,\n+             10.192.33.9,\n+             10.192.49.9,\n+             10.192.23.3,\n+             10.192.5.3,\n+             10.192.6.3,\n+             10.192.7.3,\n+             10.192.8.3,\n+             10.192.9.3,\n+             10.192.10.3,\n+             10.192.11.3,\n+             10.192.12.3,\n+             10.192.13.3,\n+             10.192.14.3,\n+             10.192.15.3,\n+             10.192.21.3,\n+             10.192.22.3,\n+             10.192.4.3,\n+             10.192.26.3,\n+             10.192.27.3,\n+             10.192.28.3,\n+             10.192.29.3,\n+             10.192.30.3,\n+             10.192.31.3,\n+             10.192.36.3,\n+             10.192.37.3,\n+             10.192.38.3,\n+             10.192.39.4,\n+             10.192.40.3,\n+             10.192.41.3,\n+             10.192.42.3,\n+             10.192.43.3,\n+             10.192.32.14,\n+             10.192.1.9,\n+             10.192.17.9,\n+             10.192.49.10,\n+             10.192.23.4,\n+             10.192.5.4,\n+             10.192.6.4,\n+             10.192.7.4,\n+             10.192.8.4,\n+             10.192.9.4,\n+             10.192.10.4,\n+             10.192.11.4,\n+             10.192.12.4,\n+             10.192.13.4,\n+             10.192.14.4,\n+             10.192.15.4,\n+             10.192.21.4,\n+             10.192.22.4,\n+             10.192.4.5,\n+             10.192.26.5,\n+             10.192.27.5,\n+             10.192.28.5,\n+             10.192.29.5,\n+             10.192.30.5,\n+             10.192.31.5,\n+             10.192.36.5,\n+             10.192.37.5,\n+             10.192.38.5,\n+             10.192.39.6,\n+             10.192.40.5,\n+             10.192.41.5,\n+             10.192.42.5,\n+             10.192.43.5,\n+             10.192.48.213,\n+             10.192.1.13,\n+             10.192.17.10,\n+             10.192.33.10,\n+             10.192.23.5,\n+             10.192.5.8,\n+             10.192.6.5,\n+             10.192.7.5,\n+             10.192.8.5,\n+             10.192.9.5,\n+             10.192.10.5,\n+             10.192.11.5,\n+             10.192.12.5,\n+             10.192.13.5,\n+             10.192.14.5,\n+             10.192.15.5,\n+             10.192.21.5,\n+             10.192.22.5,\n+             10.80.0.3,\n+             10.80.1.8,\n+             10.80.1.14,\n+             10.80.0.9,\n+             10.80.0.2,\n+             10.80.1.10,\n+             10.128.1.18,\n+             10.128.0.9,\n+             10.128.1.11,\n+             10.132.0.39,\n+             10.132.0.6,\n+             10.132.0.7,\n+             10.136.0.16,\n+             10.136.1.19,\n+             10.136.1.15,\n+             10.136.0.19,\n+             10.136.0.17,\n+             10.136.1.20,\n+             10.140.0.13,\n+             10.140.1.2,\n+             10.140.1.14,\n+             10.140.0.2,\n+             10.140.0.14,\n+             10.140.1.3\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/notrack/10_mariadb_internal.nft]", "content": "--- /etc/nftables/notrack/10_mariadb_internal.nft.orig\n+++ /etc/nftables/notrack/10_mariadb_internal.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr @INTERNAL_ipv4 tcp dport { 3306 } notrack\n+ip6 saddr @INTERNAL_ipv6 tcp dport { 3306 } notrack", "parameters": "--- File[/etc/nftables/notrack/10_mariadb_internal.nft].orig\n+++ File[/etc/nftables/notrack/10_mariadb_internal.nft]\n\n+    tag     => nft\n+    require => ['Nftables::Set[INTERNAL]']\n+    group   => root\n+    ensure  => present\n+    mode    => 0444\n+    notify  => ['Service[nftables]']\n+    owner   => root\n"}, {"resource": "Nftables::Set[CLOUD_PRIVATE_NETWORKS]", "parameters": "--- Nftables::Set[CLOUD_PRIVATE_NETWORKS].orig\n+++ Nftables::Set[CLOUD_PRIVATE_NETWORKS]\n\n+    hosts  => ['172.20.1.0/24', '172.20.2.0/24', '172.20.3.0/24', '172.20.4.0/24', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '172.20.5.0/24', '2a02:ec80:a100:205::/64']\n+    ensure => present\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_ulogd2]", "parameters": "--- Systemd::Timer[wmf_auto_restart_ulogd2].orig\n+++ Systemd::Timer[wmf_auto_restart_ulogd2]\n\n-    fixed_random_delay => False\n-    splay              => 0\n-    timer_intervals    => [{'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 7:40:00'}]\n-    ensure             => present\n-    accuracy           => 15sec\n-    unit_name          => wmf_auto_restart_ulogd2.service\n"}, {"resource": "File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/INSTALL_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/INSTALL_HOSTS_ipv6.nft\n@@ -0,0 +1,12 @@\n+# Autogenerated by puppet\n+set INSTALL_HOSTS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:2:208:80:154:134,\n+             2620:0:860:3:208:80:153:70,\n+             2a02:ec80:300:3:185:15:59:101,\n+             2620:0:863:3:198:35:26:98,\n+             2001:df2:e500:3:103:102:166:104,\n+             2a02:ec80:600:1:185:15:58:7,\n+             2a02:ec80:700:3:195:200:68:100\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[ZOOKEEPER_HOSTS_MAIN]", "parameters": "--- Nftables::Set[ZOOKEEPER_HOSTS_MAIN].orig\n+++ Nftables::Set[ZOOKEEPER_HOSTS_MAIN]\n\n+    hosts  => ['10.64.0.207', '2620:0:861:101:10:64:0:207', '10.64.16.110', '2620:0:861:102:10:64:16:110', '10.64.48.154', '2620:0:861:107:10:64:48:154', '10.192.16.45', '2620:0:860:102:10:192:16:45', '10.192.32.52', '2620:0:860:103:10:192:32:52', '10.192.48.59', '2620:0:860:104:10:192:48:59']\n+    ensure => present\n"}, {"resource": "Nftables::Set[KAFKA_BROKERS_LOGGING]", "parameters": "--- Nftables::Set[KAFKA_BROKERS_LOGGING].orig\n+++ Nftables::Set[KAFKA_BROKERS_LOGGING]\n\n+    hosts  => ['10.64.16.205', '2620:0:861:102:10:64:16:205', '10.64.133.11', '2620:0:861:10c:10:64:133:11', '10.64.183.12', '2620:0:861:13d:10:64:183:12', '10.64.131.13', '2620:0:861:10a:10:64:131:13', '10.64.135.13', '2620:0:861:10e:10:64:135:13', '10.192.23.29', '2620:0:860:113:10:192:23:29', '10.192.11.28', '2620:0:860:10c:10:192:11:28', '10.192.26.22', '2620:0:860:105:10:192:26:22', '10.192.11.27', '2620:0:860:10c:10:192:11:27', '10.192.39.25', '2620:0:860:11e:10:192:39:25']\n+    ensure => present\n"}, {"resource": "Nftables::Set[BASTION_HOSTS]", "parameters": "--- Nftables::Set[BASTION_HOSTS].orig\n+++ Nftables::Set[BASTION_HOSTS]\n\n+    hosts  => ['208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.103', '2001:df2:e500:3:103:102:166:103', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/LABS_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/LABS_NETWORKS_ipv4.nft\n@@ -0,0 +1,27 @@\n+# Autogenerated by puppet\n+set LABS_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 172.16.0.0/21,\n+             172.16.128.0/24,\n+             172.16.129.0/24,\n+             172.16.130.0/24,\n+             172.16.131.0/24,\n+             172.16.16.0/21,\n+             172.16.24.0/24,\n+             172.16.8.0/21,\n+             172.20.1.0/24,\n+             172.20.2.0/24,\n+             172.20.254.0/24,\n+             172.20.255.0/24,\n+             172.20.3.0/24,\n+             172.20.4.0/24,\n+             172.20.5.0/24,\n+             185.15.56.0/25,\n+             185.15.56.160/28,\n+             185.15.57.0/29,\n+             185.15.57.16/29,\n+             185.15.57.24/29\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/notrack/10_orchestrator.nft]", "content": "--- /etc/nftables/notrack/10_orchestrator.nft.orig\n+++ /etc/nftables/notrack/10_orchestrator.nft\n@@ -0,0 +1,3 @@\n+# Managed by puppet\n+# \n+ip saddr { 10.64.0.20, 208.80.154.9 } tcp dport { 3306 } notrack", "parameters": "--- File[/etc/nftables/notrack/10_orchestrator.nft].orig\n+++ File[/etc/nftables/notrack/10_orchestrator.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Systemd::Unit[prometheus-node-textfile-check-nft.timer]", "parameters": "--- Systemd::Unit[prometheus-node-textfile-check-nft.timer].orig\n+++ Systemd::Unit[prometheus-node-textfile-check-nft.timer]\n\n+    require           => ['Class[Systemd]']\n+    restart           => False\n+    override          => False\n+    ensure            => present\n+    override_filename => puppet-override.conf\n+    unit              => prometheus-node-textfile-check-nft.timer\n"}, {"resource": "Rsyslog::Conf[prometheus-node-textfile-check-nft]", "parameters": "--- Rsyslog::Conf[prometheus-node-textfile-check-nft].orig\n+++ Rsyslog::Conf[prometheus-node-textfile-check-nft]\n\n+    priority => 40\n+    require  => File[/var/log/prometheus-node-textfile-check-nft]\n+    mode     => 0444\n+    ensure   => present\n"}, {"resource": "File[/etc/nftables/main.nft]", "parameters": "--- File[/etc/nftables/main.nft].orig\n+++ File[/etc/nftables/main.nft]\n\n+    require => File[/etc/nftables]\n+    group   => root\n+    ensure  => present\n+    notify  => Service[nftables]\n+    source  => puppet:///modules/nftables/main.nft\n+    owner   => root\n"}, {"resource": "Ferm::Service[ssh_from_bastion]", "parameters": "--- Ferm::Service[ssh_from_bastion].orig\n+++ Ferm::Service[ssh_from_bastion]\n\n-    desc                => \n-    ensure              => present\n-    proto               => tcp\n-    port                => 22\n-    prio                => 10\n-    notrack             => False\n-    unrestricted_access => False\n-    srange              => ['208.80.154.7', '2620:0:861:1:208:80:154:7', '208.80.153.110', '2a02:ec80:300:3:185:15:59:99', '185.15.59.99', '2620:0:860:4:208:80:153:110', '198.35.26.104', '2620:0:863:3:198:35:26:104', '103.102.166.103', '2001:df2:e500:3:103:102:166:103', '185.15.58.6', '2a02:ec80:600:1:185:15:58:6', '195.200.68.99', '2a02:ec80:700:3:195:200:68:99']\n"}, {"resource": "File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft\n@@ -0,0 +1,99 @@\n+# Autogenerated by puppet\n+set MW_APPSERVER_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.64.0.0/22,\n+             10.64.130.0/24,\n+             10.64.131.0/24,\n+             10.64.132.0/24,\n+             10.64.133.0/24,\n+             10.64.134.0/24,\n+             10.64.135.0/24,\n+             10.64.136.0/24,\n+             10.64.141.0/24,\n+             10.64.152.0/24,\n+             10.64.154.0/24,\n+             10.64.156.0/24,\n+             10.64.158.0/24,\n+             10.64.16.0/22,\n+             10.64.160.0/24,\n+             10.64.162.0/24,\n+             10.64.164.0/24,\n+             10.64.166.0/24,\n+             10.64.169.0/24,\n+             10.64.171.0/24,\n+             10.64.173.0/24,\n+             10.64.175.0/24,\n+             10.64.177.0/24,\n+             10.64.179.0/24,\n+             10.64.181.0/24,\n+             10.64.183.0/24,\n+             10.64.185.0/24,\n+             10.64.187.0/24,\n+             10.64.189.0/24,\n+             10.64.32.0/22,\n+             10.64.48.0/22,\n+             10.192.0.0/22,\n+             10.192.10.0/24,\n+             10.192.11.0/24,\n+             10.192.12.0/24,\n+             10.192.13.0/24,\n+             10.192.14.0/24,\n+             10.192.15.0/24,\n+             10.192.16.0/22,\n+             10.192.21.0/24,\n+             10.192.22.0/24,\n+             10.192.23.0/24,\n+             10.192.26.0/24,\n+             10.192.27.0/24,\n+             10.192.28.0/24,\n+             10.192.29.0/24,\n+             10.192.30.0/24,\n+             10.192.31.0/24,\n+             10.192.32.0/22,\n+             10.192.36.0/24,\n+             10.192.37.0/24,\n+             10.192.38.0/24,\n+             10.192.39.0/24,\n+             10.192.4.0/24,\n+             10.192.40.0/24,\n+             10.192.41.0/24,\n+             10.192.42.0/24,\n+             10.192.43.0/24,\n+             10.192.44.0/24,\n+             10.192.45.0/24,\n+             10.192.46.0/24,\n+             10.192.47.0/24,\n+             10.192.48.0/22,\n+             10.192.5.0/24,\n+             10.192.52.0/24,\n+             10.192.56.0/24,\n+             10.192.57.0/24,\n+             10.192.58.0/24,\n+             10.192.59.0/24,\n+             10.192.6.0/24,\n+             10.192.7.0/24,\n+             10.192.8.0/24,\n+             10.192.9.0/24,\n+             10.192.64.0/21,\n+             10.192.96.0/21,\n+             10.194.128.0/17,\n+             10.194.16.0/21,\n+             10.194.61.0/24,\n+             10.194.80.0/21,\n+             10.64.64.0/21,\n+             10.67.128.0/17,\n+             10.67.16.0/21,\n+             10.67.24.0/21,\n+             10.67.80.0/21,\n+             208.80.154.0/26,\n+             208.80.154.128/26,\n+             208.80.154.64/26,\n+             208.80.155.96/27,\n+             208.80.153.0/27,\n+             208.80.153.32/27,\n+             208.80.153.64/27,\n+             208.80.153.96/27\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Systemd::Syslog[ulogd]", "parameters": "--- Systemd::Syslog[ulogd].orig\n+++ Systemd::Syslog[ulogd]\n\n-    log_filename           => syslog.log\n-    readable_by            => user\n-    ensure                 => present\n-    force_stop             => True\n-    base_dir               => /var/log\n-    owner                  => root\n-    group                  => root\n-    programname_comparison => startswith\n"}, {"resource": "File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]", "content": "--- /etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft.orig\n+++ /etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft\n@@ -0,0 +1,12 @@\n+# Autogenerated by puppet\n+set CLOUD_NETWORKS_PUBLIC_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 185.15.56.0/25,\n+             185.15.56.160/28,\n+             185.15.57.0/29,\n+             185.15.57.16/29,\n+             185.15.57.24/29\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft].orig\n+++ File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/usr/local/sbin/ferm-status]", "parameters": "--- File[/usr/local/sbin/ferm-status].orig\n+++ File[/usr/local/sbin/ferm-status]\n\n@@\n-    ensure => file\n+    ensure => absent\n"}, {"resource": "File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft\n@@ -0,0 +1,20 @@\n+# Autogenerated by puppet\n+set CLOUD_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2a02:ec80:a000:100::/64,\n+             2a02:ec80:a000:1::/64,\n+             2a02:ec80:a000:201::/64,\n+             2a02:ec80:a000:202::/64,\n+             2a02:ec80:a000:203::/64,\n+             2a02:ec80:a000:204::/64,\n+             2a02:ec80:a000:2ff::/64,\n+             2a02:ec80:a000:4000::/64,\n+             2a02:ec80:a100:100::/64,\n+             2a02:ec80:a100:1::/64,\n+             2a02:ec80:a100:205::/64,\n+             2a02:ec80:a100:2ff::/64,\n+             2a02:ec80:a100:4000::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set DSE_KUBEPODS_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:861:302::/64,\n+             2620:0:860:308::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]", "content": "--- /etc/nftables/sets/LINK_LOCAL_ipv4.nft.orig\n+++ /etc/nftables/sets/LINK_LOCAL_ipv4.nft\n@@ -0,0 +1,8 @@\n+# Autogenerated by puppet\n+set LINK_LOCAL_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 169.254.0.0/16\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft].orig\n+++ File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Exec[update_alternative_ip6tables]", "parameters": "--- Exec[update_alternative_ip6tables].orig\n+++ Exec[update_alternative_ip6tables]\n\n-    command => /usr/bin/update-alternatives --force --set ip6tables /usr/sbin/ip6tables-legacy\n-    unless  => /usr/bin/update-alternatives --query ip6tables | /bin/grep 'Value: /usr/sbin/ip6tables-legacy'\n"}, {"resource": "File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]", "content": "--- /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft.orig\n+++ /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft\n@@ -0,0 +1,11 @@\n+# Autogenerated by puppet\n+set ZOOKEEPER_HOSTS_MAIN_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:101:10:64:0:207,\n+             2620:0:861:102:10:64:16:110,\n+             2620:0:861:107:10:64:48:154,\n+             2620:0:860:102:10:192:16:45,\n+             2620:0:860:103:10:192:32:52,\n+             2620:0:860:104:10:192:48:59\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft].orig\n+++ File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set PROMETHEUS_HOSTS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:860:102:10:192:16:75,\n+             2620:0:860:103:10:192:32:67,\n+             2620:0:860:10a:10:192:9:11,\n+             2620:0:860:11e:10:192:39:10\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Nftables::Set[DRUID_PUBLIC_HOSTS]", "parameters": "--- Nftables::Set[DRUID_PUBLIC_HOSTS].orig\n+++ Nftables::Set[DRUID_PUBLIC_HOSTS]\n\n+    hosts  => ['10.64.131.9', '2620:0:861:10a:10:64:131:9', '10.64.132.12', '2620:0:861:10b:10:64:132:12', '10.64.135.9', '2620:0:861:10e:10:64:135:9', '10.64.32.101', '2620:0:861:103:10:64:32:101', '10.64.48.185', '2620:0:861:107:10:64:48:185']\n+    ensure => present\n"}, {"resource": "Ferm::Service[full_monitoring_metrics_access_tcp]", "parameters": "--- Ferm::Service[full_monitoring_metrics_access_tcp].orig\n+++ Ferm::Service[full_monitoring_metrics_access_tcp]\n\n-    desc                => \n-    port_range          => [1, 65535]\n-    ensure              => present\n-    proto               => tcp\n-    prio                => 10\n-    notrack             => False\n-    unrestricted_access => False\n-    srange              => ['prometheus2005.codfw.wmnet', 'prometheus2006.codfw.wmnet', 'prometheus2007.codfw.wmnet', 'prometheus2008.codfw.wmnet', '208.80.154.78', '2620:0:861:3:208:80:154:78', '208.80.153.42', '2620:0:860:2:208:80:153:42']\n"}, {"resource": "Nftables::Set[PRODUCTION_NETWORKS]", "parameters": "--- Nftables::Set[PRODUCTION_NETWORKS].orig\n+++ Nftables::Set[PRODUCTION_NETWORKS]\n\n+    hosts  => ['10.128.0.0/24', '10.128.1.0/24', '10.128.2.0/24', '10.132.0.0/24', '10.132.2.0/24', '10.136.0.0/24', '10.136.1.0/24', '10.140.0.0/24', '10.140.1.0/24', '10.140.2.0/24', '10.192.0.0/22', '10.192.10.0/24', '10.192.11.0/24', '10.192.12.0/24', '10.192.13.0/24', '10.192.14.0/24', '10.192.15.0/24', '10.192.16.0/22', '10.192.20.0/24', '10.192.21.0/24', '10.192.22.0/24', '10.192.23.0/24', '10.192.24.0/23', '10.192.26.0/24', '10.192.27.0/24', '10.192.28.0/24', '10.192.29.0/24', '10.192.30.0/24', '10.192.31.0/24', '10.192.32.0/22', '10.192.36.0/24', '10.192.37.0/24', '10.192.38.0/24', '10.192.39.0/24', '10.192.4.0/24', '10.192.40.0/24', '10.192.41.0/24', '10.192.42.0/24', '10.192.43.0/24', '10.192.44.0/24', '10.192.45.0/24', '10.192.46.0/24', '10.192.47.0/24', '10.192.48.0/22', '10.192.5.0/24', '10.192.52.0/24', '10.192.56.0/24', '10.192.57.0/24', '10.192.58.0/24', '10.192.59.0/24', '10.192.6.0/24', '10.192.64.0/21', '10.192.7.0/24', '10.192.72.0/24', '10.192.76.0/24', '10.192.8.0/24', '10.192.80.0/20', '10.192.9.0/24', '10.192.96.0/21', '10.194.0.0/20', '10.194.128.0/17', '10.194.16.0/21', '10.194.61.0/24', '10.194.62.0/23', '10.194.64.0/20', '10.194.80.0/21', '10.2.1.0/24', '10.2.2.0/24', '10.2.3.0/24', '10.2.4.0/24', '10.2.5.0/24', '10.2.6.0/24', '10.2.7.0/24', '10.64.0.0/22', '10.64.130.0/24', '10.64.131.0/24', '10.64.132.0/24', '10.64.133.0/24', '10.64.134.0/24', '10.64.135.0/24', '10.64.136.0/24', '10.64.137.0/24', '10.64.138.0/24', '10.64.139.0/24', '10.64.140.0/24', '10.64.141.0/24', '10.64.142.0/24', '10.64.143.0/24', '10.64.144.0/24', '10.64.145.0/24', '10.64.148.0/24', '10.64.149.0/24', '10.64.150.0/24', '10.64.151.0/24', '10.64.152.0/24', '10.64.153.0/24', '10.64.154.0/24', '10.64.155.0/24', '10.64.156.0/24', '10.64.157.0/24', '10.64.158.0/24', '10.64.159.0/24', '10.64.16.0/22', '10.64.160.0/24', '10.64.161.0/24', '10.64.162.0/24', '10.64.163.0/24', '10.64.164.0/24', '10.64.165.0/24', '10.64.166.0/24', '10.64.167.0/24', '10.64.169.0/24', '10.64.170.0/24', '10.64.171.0/24', '10.64.172.0/24', '10.64.173.0/24', '10.64.174.0/24', '10.64.175.0/24', '10.64.176.0/24', '10.64.177.0/24', '10.64.178.0/24', '10.64.179.0/24', '10.64.180.0/24', '10.64.181.0/24', '10.64.182.0/24', '10.64.183.0/24', '10.64.184.0/24', '10.64.185.0/24', '10.64.186.0/24', '10.64.187.0/24', '10.64.188.0/24', '10.64.189.0/24', '10.64.190.0/24', '10.64.20.0/24', '10.64.21.0/24', '10.64.24.0/23', '10.64.32.0/22', '10.64.36.0/24', '10.64.48.0/22', '10.64.5.0/24', '10.64.53.0/24', '10.64.64.0/21', '10.64.72.0/24', '10.64.76.0/24', '10.67.0.0/20', '10.67.128.0/17', '10.67.16.0/21', '10.67.24.0/21', '10.67.32.0/20', '10.67.64.0/20', '10.67.80.0/21', '10.80.0.0/24', '10.80.1.0/24', '10.80.2.0/24', '103.102.166.0/28', '103.102.166.224/27', '103.102.166.96/27', '185.15.58.0/27', '185.15.58.224/27', '185.15.58.32/27', '185.15.59.0/27', '185.15.59.224/27', '185.15.59.32/27', '185.15.59.96/27', '195.200.68.0/27', '195.200.68.224/27', '195.200.68.32/27', '195.200.68.96/27', '198.35.26.0/27', '198.35.26.32/27', '198.35.26.96/27', '198.35.26.96/27', '2001:df2:e500:101::/64', '2001:df2:e500:103::/64', '2001:df2:e500:1::/64', '2001:df2:e500:3::/64', '2001:df2:e500:ed1a::/64', '208.80.152.128/27', '208.80.153.0/27', '208.80.153.224/27', '208.80.153.32/27', '208.80.153.64/27', '208.80.153.96/27', '208.80.154.0/26', '208.80.154.128/26', '208.80.154.224/27', '208.80.154.64/26', '208.80.155.96/27', '2620:0:860:100::/64', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '2620:0:860:105::/64', '2620:0:860:106::/64', '2620:0:860:107::/64', '2620:0:860:108::/64', '2620:0:860:109::/64', '2620:0:860:10a::/64', '2620:0:860:10b::/64', '2620:0:860:10c::/64', '2620:0:860:10d::/64', '2620:0:860:10e::/64', '2620:0:860:10f::/64', '2620:0:860:110::/64', '2620:0:860:111::/64', '2620:0:860:112::/64', '2620:0:860:113::/64', '2620:0:860:114::/64', '2620:0:860:115::/64', '2620:0:860:116::/64', '2620:0:860:118::/64', '2620:0:860:119::/64', '2620:0:860:11a::/64', '2620:0:860:11b::/64', '2620:0:860:11c::/64', '2620:0:860:11d::/64', '2620:0:860:11e::/64', '2620:0:860:11f::/64', '2620:0:860:120::/64', '2620:0:860:121::/64', '2620:0:860:122::/64', '2620:0:860:123::/64', '2620:0:860:124::/64', '2620:0:860:125::/64', '2620:0:860:126::/64', '2620:0:860:127::/64', '2620:0:860:12b::/64', '2620:0:860:12c::/64', '2620:0:860:12d::/64', '2620:0:860:12e::/64', '2620:0:860:140::/64', '2620:0:860:1::/64', '2620:0:860:2::/64', '2620:0:860:300::/64', '2620:0:860:301::/64', '2620:0:860:302::/64', '2620:0:860:303::/64', '2620:0:860:304::/64', '2620:0:860:305::/64', '2620:0:860:307::/64', '2620:0:860:308::/64', '2620:0:860:3::/64', '2620:0:860:4::/64', '2620:0:860:5::/64', '2620:0:860:babe::/64', '2620:0:860:babf::/64', '2620:0:860:cabe::/64', '2620:0:860:cabf::/64', '2620:0:860:ed1a::/64', '2620:0:861:100::/64', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:104::/64', '2620:0:861:105::/64', '2620:0:861:106::/64', '2620:0:861:107::/64', '2620:0:861:108::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10c::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:110::/64', '2620:0:861:111::/64', '2620:0:861:112::/64', '2620:0:861:113::/64', '2620:0:861:114::/64', '2620:0:861:115::/64', '2620:0:861:116::/64', '2620:0:861:117::/64', '2620:0:861:118::/64', '2620:0:861:119::/64', '2620:0:861:11a::/64', '2620:0:861:11c::/64', '2620:0:861:11d::/64', '2620:0:861:11e::/64', '2620:0:861:11f::/64', '2620:0:861:120::/64', '2620:0:861:121::/64', '2620:0:861:122::/64', '2620:0:861:123::/64', '2620:0:861:124::/64', '2620:0:861:125::/64', '2620:0:861:126::/64', '2620:0:861:127::/64', '2620:0:861:128::/64', '2620:0:861:129::/64', '2620:0:861:12a::/64', '2620:0:861:12b::/64', '2620:0:861:12c::/64', '2620:0:861:12d::/64', '2620:0:861:12e::/64', '2620:0:861:12f::/64', '2620:0:861:131::/64', '2620:0:861:132::/64', '2620:0:861:133::/64', '2620:0:861:134::/64', '2620:0:861:135::/64', '2620:0:861:136::/64', '2620:0:861:137::/64', '2620:0:861:138::/64', '2620:0:861:139::/64', '2620:0:861:13a::/64', '2620:0:861:13b::/64', '2620:0:861:13c::/64', '2620:0:861:13d::/64', '2620:0:861:13e::/64', '2620:0:861:13f::/64', '2620:0:861:140::/64', '2620:0:861:141::/64', '2620:0:861:142::/64', '2620:0:861:143::/64', '2620:0:861:144::/64', '2620:0:861:145::/64', '2620:0:861:1::/64', '2620:0:861:2::/64', '2620:0:861:300::/64', '2620:0:861:301::/116', '2620:0:861:302::/64', '2620:0:861:303::/116', '2620:0:861:304::/116', '2620:0:861:305::/64', '2620:0:861:3::/64', '2620:0:861:4::/64', '2620:0:861:babe::/64', '2620:0:861:babf::/116', '2620:0:861:cabe::/64', '2620:0:861:cabf::/116', '2620:0:861:ed1a::/64', '2620:0:863:101::/64', '2620:0:863:102::/64', '2620:0:863:103::/64', '2620:0:863:1::/64', '2620:0:863:2::/64', '2620:0:863:3::/64', '2620:0:863:ed1a::/64', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '2a02:ec80:300:103::/64', '2a02:ec80:300:1::/64', '2a02:ec80:300:2::/64', '2a02:ec80:300:3::/64', '2a02:ec80:300:ed1a::/64', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '2a02:ec80:600:1::/64', '2a02:ec80:600:2::/64', '2a02:ec80:600:ed1a::/64', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64', '2a02:ec80:700:103::/64', '2a02:ec80:700:1::/64', '2a02:ec80:700:2::/64', '2a02:ec80:700:3::/64', '2a02:ec80:700:ed1a::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft\n@@ -0,0 +1,12 @@\n+# Autogenerated by puppet\n+set CLOUD_PRIVATE_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2a02:ec80:a000:201::/64,\n+             2a02:ec80:a000:202::/64,\n+             2a02:ec80:a000:203::/64,\n+             2a02:ec80:a000:204::/64,\n+             2a02:ec80:a100:205::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set STAGING_KUBEPODS_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:861:babe::/64,\n+             2620:0:860:babe::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]", "content": "--- /etc/nftables/sets/INSTALL_HOSTS_ipv4.nft.orig\n+++ /etc/nftables/sets/INSTALL_HOSTS_ipv4.nft\n@@ -0,0 +1,12 @@\n+# Autogenerated by puppet\n+set INSTALL_HOSTS_ipv4 {\n+    type ipv4_addr\n+    elements = { 208.80.154.134,\n+             208.80.153.70,\n+             185.15.59.101,\n+             198.35.26.98,\n+             103.102.166.104,\n+             185.15.58.7,\n+             195.200.68.100\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]", "content": "--- /etc/nftables/sets/LINK_LOCAL_ipv6.nft.orig\n+++ /etc/nftables/sets/LINK_LOCAL_ipv6.nft\n@@ -0,0 +1,8 @@\n+# Autogenerated by puppet\n+set LINK_LOCAL_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { fe80::/10\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft].orig\n+++ File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]", "content": "--- /etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft.orig\n+++ /etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft\n@@ -0,0 +1,99 @@\n+# Autogenerated by puppet\n+set MW_APPSERVER_NETWORKS_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2620:0:861:101::/64,\n+             2620:0:861:102::/64,\n+             2620:0:861:103::/64,\n+             2620:0:861:107::/64,\n+             2620:0:861:109::/64,\n+             2620:0:861:10a::/64,\n+             2620:0:861:10b::/64,\n+             2620:0:861:10c::/64,\n+             2620:0:861:10d::/64,\n+             2620:0:861:10e::/64,\n+             2620:0:861:10f::/64,\n+             2620:0:861:113::/64,\n+             2620:0:861:119::/64,\n+             2620:0:861:120::/64,\n+             2620:0:861:122::/64,\n+             2620:0:861:124::/64,\n+             2620:0:861:126::/64,\n+             2620:0:861:128::/64,\n+             2620:0:861:12a::/64,\n+             2620:0:861:12c::/64,\n+             2620:0:861:12e::/64,\n+             2620:0:861:131::/64,\n+             2620:0:861:133::/64,\n+             2620:0:861:135::/64,\n+             2620:0:861:137::/64,\n+             2620:0:861:139::/64,\n+             2620:0:861:13b::/64,\n+             2620:0:861:13d::/64,\n+             2620:0:861:13f::/64,\n+             2620:0:861:142::/64,\n+             2620:0:861:144::/64,\n+             2620:0:860:100::/64,\n+             2620:0:860:101::/64,\n+             2620:0:860:102::/64,\n+             2620:0:860:103::/64,\n+             2620:0:860:104::/64,\n+             2620:0:860:105::/64,\n+             2620:0:860:106::/64,\n+             2620:0:860:107::/64,\n+             2620:0:860:108::/64,\n+             2620:0:860:109::/64,\n+             2620:0:860:10a::/64,\n+             2620:0:860:10b::/64,\n+             2620:0:860:10c::/64,\n+             2620:0:860:10d::/64,\n+             2620:0:860:10e::/64,\n+             2620:0:860:10f::/64,\n+             2620:0:860:110::/64,\n+             2620:0:860:111::/64,\n+             2620:0:860:112::/64,\n+             2620:0:860:113::/64,\n+             2620:0:860:114::/64,\n+             2620:0:860:115::/64,\n+             2620:0:860:116::/64,\n+             2620:0:860:119::/64,\n+             2620:0:860:11a::/64,\n+             2620:0:860:11b::/64,\n+             2620:0:860:11c::/64,\n+             2620:0:860:11d::/64,\n+             2620:0:860:11e::/64,\n+             2620:0:860:11f::/64,\n+             2620:0:860:120::/64,\n+             2620:0:860:121::/64,\n+             2620:0:860:122::/64,\n+             2620:0:860:123::/64,\n+             2620:0:860:124::/64,\n+             2620:0:860:125::/64,\n+             2620:0:860:126::/64,\n+             2620:0:860:127::/64,\n+             2620:0:860:12b::/64,\n+             2620:0:860:12c::/64,\n+             2620:0:860:12d::/64,\n+             2620:0:860:12e::/64,\n+             2620:0:860:300::/64,\n+             2620:0:860:302::/64,\n+             2620:0:860:305::/64,\n+             2620:0:860:308::/64,\n+             2620:0:860:babe::/64,\n+             2620:0:860:cabe::/64,\n+             2620:0:861:300::/64,\n+             2620:0:861:302::/64,\n+             2620:0:861:305::/64,\n+             2620:0:861:babe::/64,\n+             2620:0:861:cabe::/64,\n+             2620:0:861:1::/64,\n+             2620:0:861:2::/64,\n+             2620:0:861:3::/64,\n+             2620:0:861:4::/64,\n+             2620:0:860:1::/64,\n+             2620:0:860:2::/64,\n+             2620:0:860:3::/64,\n+             2620:0:860:4::/64\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/var/log/prometheus-node-textfile-check-nft]", "parameters": "--- File[/var/log/prometheus-node-textfile-check-nft].orig\n+++ File[/var/log/prometheus-node-textfile-check-nft]\n\n+    force  => True\n+    group  => root\n+    backup => False\n+    ensure => directory\n+    mode   => 0755\n+    owner  => root\n"}, {"resource": "Confd::File[/etc/ferm/conf.d/00_defs_requestctl]", "parameters": "--- Confd::File[/etc/ferm/conf.d/00_defs_requestctl].orig\n+++ Confd::File[/etc/ferm/conf.d/00_defs_requestctl]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Nftables::Set[LABS_NETWORKS]", "parameters": "--- Nftables::Set[LABS_NETWORKS].orig\n+++ Nftables::Set[LABS_NETWORKS]\n\n+    hosts  => ['172.16.0.0/21', '172.16.128.0/24', '172.16.129.0/24', '172.16.130.0/24', '172.16.131.0/24', '172.16.16.0/21', '172.16.24.0/24', '172.16.8.0/21', '172.20.1.0/24', '172.20.2.0/24', '172.20.254.0/24', '172.20.255.0/24', '172.20.3.0/24', '172.20.4.0/24', '172.20.5.0/24', '185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:100::/64', '2a02:ec80:a000:1::/64', '2a02:ec80:a000:201::/64', '2a02:ec80:a000:202::/64', '2a02:ec80:a000:203::/64', '2a02:ec80:a000:204::/64', '2a02:ec80:a000:2ff::/64', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:100::/64', '2a02:ec80:a100:1::/64', '2a02:ec80:a100:205::/64', '2a02:ec80:a100:2ff::/64', '2a02:ec80:a100:4000::/64']\n+    ensure => present\n"}, {"resource": "Systemd::Unmask[nftables.service]", "parameters": "--- Systemd::Unmask[nftables.service].orig\n+++ Systemd::Unmask[nftables.service]\n\n+    unit        => nftables.service\n+    refreshonly => False\n"}, {"resource": "File[/etc/logrotate.d/ulogd]", "content": "--- /etc/logrotate.d/ulogd.orig\n+++ /etc/logrotate.d/ulogd\n@@ -1,12 +0,0 @@\n-# logrotate(8) config for ulogd\n-\n-/var/log/ulogd/*.log {\n-    daily\n-    copytruncate\n-    missingok\n-    compress\n-    delaycompress\n-    notifempty\n-    rotate 15\n-    size 256M\n-}", "parameters": "--- File[/etc/logrotate.d/ulogd].orig\n+++ File[/etc/logrotate.d/ulogd]\n\n-    owner  => root\n-    group  => root\n-    mode   => 0444\n-    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft\n@@ -0,0 +1,13 @@\n+# Autogenerated by puppet\n+set SANDBOX_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 103.102.166.72/29,\n+             185.15.59.72/29,\n+             195.200.68.64/29,\n+             198.35.26.240/28,\n+             208.80.152.240/28,\n+             208.80.155.64/28\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Class[Profile::Firewall::Log::Ferm]", "parameters": "--- Class[Profile::Firewall::Log::Ferm].orig\n+++ Class[Profile::Firewall::Log::Ferm]\n\n-    separate_file => True\n-    log_burst     => 5\n-    log_rate      => 1/second\n"}, {"resource": "File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set LABSTORE_HOSTS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:2:208:80:154:142,\n+             2620:0:861:3:208:80:154:71\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/ferm/conf.d/10_ssh_from_cumin_masters]", "content": "--- /etc/ferm/conf.d/10_ssh_from_cumin_masters.orig\n+++ /etc/ferm/conf.d/10_ssh_from_cumin_masters\n@@ -1,6 +0,0 @@\n-# Autogenerated by puppet. DO NOT EDIT BY HAND!\n-#\n-# \n-&R_SERVICE(tcp, 22, $CUMIN_MASTERS);\n-\n-", "parameters": "--- File[/etc/ferm/conf.d/10_ssh_from_cumin_masters].orig\n+++ File[/etc/ferm/conf.d/10_ssh_from_cumin_masters]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "Nftables::Set[CUMIN_MASTERS]", "parameters": "--- Nftables::Set[CUMIN_MASTERS].orig\n+++ Nftables::Set[CUMIN_MASTERS]\n\n+    hosts  => ['10.64.16.154', '2620:0:861:102:10:64:16:154', '10.192.32.49', '2620:0:860:103:10:192:32:49']\n+    ensure => present\n"}, {"resource": "Nftables::Set[INTERNAL]", "parameters": "--- Nftables::Set[INTERNAL].orig\n+++ Nftables::Set[INTERNAL]\n\n+    hosts  => ['10.0.0.0/8', '2620:0:860:100::/56', '2620:0:861:100::/56', '2620:0:863:100::/56', '2a02:ec80:300:100::/56', '2a02:ec80:600:100::/56', '2a02:ec80:700:100::/56', '2001:df2:e500:100::/56', '2a02:ec80:ff00:100::/56']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]", "content": "--- /etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft.orig\n+++ /etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft\n@@ -0,0 +1,9 @@\n+# Autogenerated by puppet\n+set STAGING_KUBEPODS_NETWORKS_ipv4 {\n+    type ipv4_addr\n+    flags interval\n+    auto-merge\n+    elements = { 10.64.64.0/21,\n+             10.192.64.0/21\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft].orig\n+++ File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]", "parameters": "--- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)].orig\n+++ Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]\n\n+    command     => /bin/systemctl daemon-reload\n+    refreshonly => True\n"}, {"resource": "Nftables::Set[STAGING_KUBEPODS_NETWORKS]", "parameters": "--- Nftables::Set[STAGING_KUBEPODS_NETWORKS].orig\n+++ Nftables::Set[STAGING_KUBEPODS_NETWORKS]\n\n+    hosts  => ['10.64.64.0/21', '2620:0:861:babe::/64', '10.192.64.0/21', '2620:0:860:babe::/64']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]", "content": "--- /etc/nftables/sets/NETWORK_INFRA_ipv6.nft.orig\n+++ /etc/nftables/sets/NETWORK_INFRA_ipv6.nft\n@@ -0,0 +1,18 @@\n+# Autogenerated by puppet\n+set NETWORK_INFRA_ipv6 {\n+    type ipv6_addr\n+    flags interval\n+    auto-merge\n+    elements = { 2a02:ec80:300:fe00::/55,\n+             2620:0:863:fe00::/55,\n+             2620:0:860:fe00::/55,\n+             2620:0:860:13f::/64,\n+             2620:0:860:139::/64,\n+             2620:0:861:fe00::/55,\n+             2620:0:861:11b::/128,\n+             2620:0:861:130::/64,\n+             2001:df2:e500:fe00::/55,\n+             2a02:ec80:600:fe00::/55,\n+             2a02:ec80:700:fe00::/55\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft].orig\n+++ File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]", "content": "--- /etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft.orig\n+++ /etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft\n@@ -0,0 +1,4 @@\n+# Autogenerated by puppet\n+set MYSQL_ROOT_CLIENTS_ipv6 {\n+    type ipv6_addr\n+}", "parameters": "--- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/etc/ferm/conf.d/00_defs]", "content": "--- /etc/ferm/conf.d/00_defs.orig\n+++ /etc/ferm/conf.d/00_defs\n@@ -1,1139 +0,0 @@\n-\n-@def $LINK_LOCAL = (169.254.0.0/16 fe80::/10);\n-@def $INTERNAL = (10.0.0.0/8 2620:0:860:100::/56 2620:0:861:100::/56 2620:0:863:100::/56 2001:df2:e500:100::/56 2a02:ec80:300:100::/56 2a02:ec80:600:100::/56 2a02:ec80:700:100::/56 2a02:ec80:ff00:100::/56);\n-# $DOMAIN_NETWORKS is a set of all networks belonging to a domain.\n-# a domain is a realm currently, but the notion is more generic than that on purpose\n-@def $DOMAIN_NETWORKS = (10.128.0.0/24 10.128.1.0/24 10.128.2.0/24 10.132.0.0/24 10.132.2.0/24 10.136.0.0/24 10.136.1.0/24 10.140.0.0/24 10.140.1.0/24 10.140.2.0/24 10.192.0.0/22 10.192.10.0/24 10.192.11.0/24 10.192.12.0/24 10.192.13.0/24 10.192.14.0/24 10.192.15.0/24 10.192.16.0/22 10.192.20.0/24 10.192.21.0/24 10.192.22.0/24 10.192.23.0/24 10.192.24.0/23 10.192.26.0/24 10.192.27.0/24 10.192.28.0/24 10.192.29.0/24 10.192.30.0/24 10.192.31.0/24 10.192.32.0/22 10.192.36.0/24 10.192.37.0/24 10.192.38.0/24 10.192.39.0/24 10.192.4.0/24 10.192.40.0/24 10.192.41.0/24 10.192.42.0/24 10.192.43.0/24 10.192.44.0/24 10.192.45.0/24 10.192.46.0/24 10.192.47.0/24 10.192.48.0/22 10.192.5.0/24 10.192.52.0/24 10.192.56.0/24 10.192.57.0/24 10.192.58.0/24 10.192.59.0/24 10.192.6.0/24 10.192.64.0/21 10.192.7.0/24 10.192.72.0/24 10.192.76.0/24 10.192.8.0/24 10.192.80.0/20 10.192.9.0/24 10.192.96.0/21 10.194.0.0/20 10.194.128.0/17 10.194.16.0/21 10.194.61.0/24 10.194.62.0/23 10.194.64.0/20 10.194.80.0/21 10.2.1.0/24 10.2.2.0/24 10.2.3.0/24 10.2.4.0/24 10.2.5.0/24 10.2.6.0/24 10.2.7.0/24 10.64.0.0/22 10.64.130.0/24 10.64.131.0/24 10.64.132.0/24 10.64.133.0/24 10.64.134.0/24 10.64.135.0/24 10.64.136.0/24 10.64.137.0/24 10.64.138.0/24 10.64.139.0/24 10.64.140.0/24 10.64.141.0/24 10.64.142.0/24 10.64.143.0/24 10.64.144.0/24 10.64.145.0/24 10.64.148.0/24 10.64.149.0/24 10.64.150.0/24 10.64.151.0/24 10.64.152.0/24 10.64.153.0/24 10.64.154.0/24 10.64.155.0/24 10.64.156.0/24 10.64.157.0/24 10.64.158.0/24 10.64.159.0/24 10.64.16.0/22 10.64.160.0/24 10.64.161.0/24 10.64.162.0/24 10.64.163.0/24 10.64.164.0/24 10.64.165.0/24 10.64.166.0/24 10.64.167.0/24 10.64.169.0/24 10.64.170.0/24 10.64.171.0/24 10.64.172.0/24 10.64.173.0/24 10.64.174.0/24 10.64.175.0/24 10.64.176.0/24 10.64.177.0/24 10.64.178.0/24 10.64.179.0/24 10.64.180.0/24 10.64.181.0/24 10.64.182.0/24 10.64.183.0/24 10.64.184.0/24 10.64.185.0/24 10.64.186.0/24 10.64.187.0/24 10.64.188.0/24 10.64.189.0/24 10.64.190.0/24 10.64.20.0/24 10.64.21.0/24 10.64.24.0/23 10.64.32.0/22 10.64.36.0/24 10.64.48.0/22 10.64.5.0/24 10.64.53.0/24 10.64.64.0/21 10.64.72.0/24 10.64.76.0/24 10.67.0.0/20 10.67.128.0/17 10.67.16.0/21 10.67.24.0/21 10.67.32.0/20 10.67.64.0/20 10.67.80.0/21 10.80.0.0/24 10.80.1.0/24 10.80.2.0/24 103.102.166.0/28 103.102.166.224/27 103.102.166.96/27 185.15.58.0/27 185.15.58.224/27 185.15.58.32/27 185.15.59.0/27 185.15.59.224/27 185.15.59.32/27 185.15.59.96/27 195.200.68.0/27 195.200.68.224/27 195.200.68.32/27 195.200.68.96/27 198.35.26.0/27 198.35.26.32/27 198.35.26.96/27 198.35.26.96/27 2001:df2:e500:101::/64 2001:df2:e500:103::/64 2001:df2:e500:1::/64 2001:df2:e500:3::/64 2001:df2:e500:ed1a::/64 208.80.152.128/27 208.80.153.0/27 208.80.153.224/27 208.80.153.32/27 208.80.153.64/27 208.80.153.96/27 208.80.154.0/26 208.80.154.128/26 208.80.154.224/27 208.80.154.64/26 208.80.155.96/27 2620:0:860:100::/64 2620:0:860:101::/64 2620:0:860:102::/64 2620:0:860:103::/64 2620:0:860:104::/64 2620:0:860:105::/64 2620:0:860:106::/64 2620:0:860:107::/64 2620:0:860:108::/64 2620:0:860:109::/64 2620:0:860:10a::/64 2620:0:860:10b::/64 2620:0:860:10c::/64 2620:0:860:10d::/64 2620:0:860:10e::/64 2620:0:860:10f::/64 2620:0:860:110::/64 2620:0:860:111::/64 2620:0:860:112::/64 2620:0:860:113::/64 2620:0:860:114::/64 2620:0:860:115::/64 2620:0:860:116::/64 2620:0:860:118::/64 2620:0:860:119::/64 2620:0:860:11a::/64 2620:0:860:11b::/64 2620:0:860:11c::/64 2620:0:860:11d::/64 2620:0:860:11e::/64 2620:0:860:11f::/64 2620:0:860:120::/64 2620:0:860:121::/64 2620:0:860:122::/64 2620:0:860:123::/64 2620:0:860:124::/64 2620:0:860:125::/64 2620:0:860:126::/64 2620:0:860:127::/64 2620:0:860:12b::/64 2620:0:860:12c::/64 2620:0:860:12d::/64 2620:0:860:12e::/64 2620:0:860:140::/64 2620:0:860:1::/64 2620:0:860:2::/64 2620:0:860:300::/64 2620:0:860:301::/64 2620:0:860:302::/64 2620:0:860:303::/64 2620:0:860:304::/64 2620:0:860:305::/64 2620:0:860:307::/64 2620:0:860:308::/64 2620:0:860:3::/64 2620:0:860:4::/64 2620:0:860:5::/64 2620:0:860:babe::/64 2620:0:860:babf::/64 2620:0:860:cabe::/64 2620:0:860:cabf::/64 2620:0:860:ed1a::/64 2620:0:861:100::/64 2620:0:861:101::/64 2620:0:861:102::/64 2620:0:861:103::/64 2620:0:861:104::/64 2620:0:861:105::/64 2620:0:861:106::/64 2620:0:861:107::/64 2620:0:861:108::/64 2620:0:861:109::/64 2620:0:861:10a::/64 2620:0:861:10b::/64 2620:0:861:10c::/64 2620:0:861:10d::/64 2620:0:861:10e::/64 2620:0:861:10f::/64 2620:0:861:110::/64 2620:0:861:111::/64 2620:0:861:112::/64 2620:0:861:113::/64 2620:0:861:114::/64 2620:0:861:115::/64 2620:0:861:116::/64 2620:0:861:117::/64 2620:0:861:118::/64 2620:0:861:119::/64 2620:0:861:11a::/64 2620:0:861:11c::/64 2620:0:861:11d::/64 2620:0:861:11e::/64 2620:0:861:11f::/64 2620:0:861:120::/64 2620:0:861:121::/64 2620:0:861:122::/64 2620:0:861:123::/64 2620:0:861:124::/64 2620:0:861:125::/64 2620:0:861:126::/64 2620:0:861:127::/64 2620:0:861:128::/64 2620:0:861:129::/64 2620:0:861:12a::/64 2620:0:861:12b::/64 2620:0:861:12c::/64 2620:0:861:12d::/64 2620:0:861:12e::/64 2620:0:861:12f::/64 2620:0:861:131::/64 2620:0:861:132::/64 2620:0:861:133::/64 2620:0:861:134::/64 2620:0:861:135::/64 2620:0:861:136::/64 2620:0:861:137::/64 2620:0:861:138::/64 2620:0:861:139::/64 2620:0:861:13a::/64 2620:0:861:13b::/64 2620:0:861:13c::/64 2620:0:861:13d::/64 2620:0:861:13e::/64 2620:0:861:13f::/64 2620:0:861:140::/64 2620:0:861:141::/64 2620:0:861:142::/64 2620:0:861:143::/64 2620:0:861:144::/64 2620:0:861:145::/64 2620:0:861:1::/64 2620:0:861:2::/64 2620:0:861:300::/64 2620:0:861:301::/116 2620:0:861:302::/64 2620:0:861:303::/116 2620:0:861:304::/116 2620:0:861:305::/64 2620:0:861:3::/64 2620:0:861:4::/64 2620:0:861:babe::/64 2620:0:861:babf::/116 2620:0:861:cabe::/64 2620:0:861:cabf::/116 2620:0:861:ed1a::/64 2620:0:863:101::/64 2620:0:863:102::/64 2620:0:863:103::/64 2620:0:863:1::/64 2620:0:863:2::/64 2620:0:863:3::/64 2620:0:863:ed1a::/64 2a02:ec80:300:101::/64 2a02:ec80:300:102::/64 2a02:ec80:300:103::/64 2a02:ec80:300:1::/64 2a02:ec80:300:2::/64 2a02:ec80:300:3::/64 2a02:ec80:300:ed1a::/64 2a02:ec80:600:101::/64 2a02:ec80:600:102::/64 2a02:ec80:600:1::/64 2a02:ec80:600:2::/64 2a02:ec80:600:ed1a::/64 2a02:ec80:700:101::/64 2a02:ec80:700:102::/64 2a02:ec80:700:103::/64 2a02:ec80:700:1::/64 2a02:ec80:700:2::/64 2a02:ec80:700:3::/64 2a02:ec80:700:ed1a::/64 );\n-\n-# $PRODUCTION_NETWORKS is a set of all production networks\n-@def $PRODUCTION_NETWORKS = (10.128.0.0/24 10.128.1.0/24 10.128.2.0/24 10.132.0.0/24 10.132.2.0/24 10.136.0.0/24 10.136.1.0/24 10.140.0.0/24 10.140.1.0/24 10.140.2.0/24 10.192.0.0/22 10.192.10.0/24 10.192.11.0/24 10.192.12.0/24 10.192.13.0/24 10.192.14.0/24 10.192.15.0/24 10.192.16.0/22 10.192.20.0/24 10.192.21.0/24 10.192.22.0/24 10.192.23.0/24 10.192.24.0/23 10.192.26.0/24 10.192.27.0/24 10.192.28.0/24 10.192.29.0/24 10.192.30.0/24 10.192.31.0/24 10.192.32.0/22 10.192.36.0/24 10.192.37.0/24 10.192.38.0/24 10.192.39.0/24 10.192.4.0/24 10.192.40.0/24 10.192.41.0/24 10.192.42.0/24 10.192.43.0/24 10.192.44.0/24 10.192.45.0/24 10.192.46.0/24 10.192.47.0/24 10.192.48.0/22 10.192.5.0/24 10.192.52.0/24 10.192.56.0/24 10.192.57.0/24 10.192.58.0/24 10.192.59.0/24 10.192.6.0/24 10.192.64.0/21 10.192.7.0/24 10.192.72.0/24 10.192.76.0/24 10.192.8.0/24 10.192.80.0/20 10.192.9.0/24 10.192.96.0/21 10.194.0.0/20 10.194.128.0/17 10.194.16.0/21 10.194.61.0/24 10.194.62.0/23 10.194.64.0/20 10.194.80.0/21 10.2.1.0/24 10.2.2.0/24 10.2.3.0/24 10.2.4.0/24 10.2.5.0/24 10.2.6.0/24 10.2.7.0/24 10.64.0.0/22 10.64.130.0/24 10.64.131.0/24 10.64.132.0/24 10.64.133.0/24 10.64.134.0/24 10.64.135.0/24 10.64.136.0/24 10.64.137.0/24 10.64.138.0/24 10.64.139.0/24 10.64.140.0/24 10.64.141.0/24 10.64.142.0/24 10.64.143.0/24 10.64.144.0/24 10.64.145.0/24 10.64.148.0/24 10.64.149.0/24 10.64.150.0/24 10.64.151.0/24 10.64.152.0/24 10.64.153.0/24 10.64.154.0/24 10.64.155.0/24 10.64.156.0/24 10.64.157.0/24 10.64.158.0/24 10.64.159.0/24 10.64.16.0/22 10.64.160.0/24 10.64.161.0/24 10.64.162.0/24 10.64.163.0/24 10.64.164.0/24 10.64.165.0/24 10.64.166.0/24 10.64.167.0/24 10.64.169.0/24 10.64.170.0/24 10.64.171.0/24 10.64.172.0/24 10.64.173.0/24 10.64.174.0/24 10.64.175.0/24 10.64.176.0/24 10.64.177.0/24 10.64.178.0/24 10.64.179.0/24 10.64.180.0/24 10.64.181.0/24 10.64.182.0/24 10.64.183.0/24 10.64.184.0/24 10.64.185.0/24 10.64.186.0/24 10.64.187.0/24 10.64.188.0/24 10.64.189.0/24 10.64.190.0/24 10.64.20.0/24 10.64.21.0/24 10.64.24.0/23 10.64.32.0/22 10.64.36.0/24 10.64.48.0/22 10.64.5.0/24 10.64.53.0/24 10.64.64.0/21 10.64.72.0/24 10.64.76.0/24 10.67.0.0/20 10.67.128.0/17 10.67.16.0/21 10.67.24.0/21 10.67.32.0/20 10.67.64.0/20 10.67.80.0/21 10.80.0.0/24 10.80.1.0/24 10.80.2.0/24 103.102.166.0/28 103.102.166.224/27 103.102.166.96/27 185.15.58.0/27 185.15.58.224/27 185.15.58.32/27 185.15.59.0/27 185.15.59.224/27 185.15.59.32/27 185.15.59.96/27 195.200.68.0/27 195.200.68.224/27 195.200.68.32/27 195.200.68.96/27 198.35.26.0/27 198.35.26.32/27 198.35.26.96/27 198.35.26.96/27 2001:df2:e500:101::/64 2001:df2:e500:103::/64 2001:df2:e500:1::/64 2001:df2:e500:3::/64 2001:df2:e500:ed1a::/64 208.80.152.128/27 208.80.153.0/27 208.80.153.224/27 208.80.153.32/27 208.80.153.64/27 208.80.153.96/27 208.80.154.0/26 208.80.154.128/26 208.80.154.224/27 208.80.154.64/26 208.80.155.96/27 2620:0:860:100::/64 2620:0:860:101::/64 2620:0:860:102::/64 2620:0:860:103::/64 2620:0:860:104::/64 2620:0:860:105::/64 2620:0:860:106::/64 2620:0:860:107::/64 2620:0:860:108::/64 2620:0:860:109::/64 2620:0:860:10a::/64 2620:0:860:10b::/64 2620:0:860:10c::/64 2620:0:860:10d::/64 2620:0:860:10e::/64 2620:0:860:10f::/64 2620:0:860:110::/64 2620:0:860:111::/64 2620:0:860:112::/64 2620:0:860:113::/64 2620:0:860:114::/64 2620:0:860:115::/64 2620:0:860:116::/64 2620:0:860:118::/64 2620:0:860:119::/64 2620:0:860:11a::/64 2620:0:860:11b::/64 2620:0:860:11c::/64 2620:0:860:11d::/64 2620:0:860:11e::/64 2620:0:860:11f::/64 2620:0:860:120::/64 2620:0:860:121::/64 2620:0:860:122::/64 2620:0:860:123::/64 2620:0:860:124::/64 2620:0:860:125::/64 2620:0:860:126::/64 2620:0:860:127::/64 2620:0:860:12b::/64 2620:0:860:12c::/64 2620:0:860:12d::/64 2620:0:860:12e::/64 2620:0:860:140::/64 2620:0:860:1::/64 2620:0:860:2::/64 2620:0:860:300::/64 2620:0:860:301::/64 2620:0:860:302::/64 2620:0:860:303::/64 2620:0:860:304::/64 2620:0:860:305::/64 2620:0:860:307::/64 2620:0:860:308::/64 2620:0:860:3::/64 2620:0:860:4::/64 2620:0:860:5::/64 2620:0:860:babe::/64 2620:0:860:babf::/64 2620:0:860:cabe::/64 2620:0:860:cabf::/64 2620:0:860:ed1a::/64 2620:0:861:100::/64 2620:0:861:101::/64 2620:0:861:102::/64 2620:0:861:103::/64 2620:0:861:104::/64 2620:0:861:105::/64 2620:0:861:106::/64 2620:0:861:107::/64 2620:0:861:108::/64 2620:0:861:109::/64 2620:0:861:10a::/64 2620:0:861:10b::/64 2620:0:861:10c::/64 2620:0:861:10d::/64 2620:0:861:10e::/64 2620:0:861:10f::/64 2620:0:861:110::/64 2620:0:861:111::/64 2620:0:861:112::/64 2620:0:861:113::/64 2620:0:861:114::/64 2620:0:861:115::/64 2620:0:861:116::/64 2620:0:861:117::/64 2620:0:861:118::/64 2620:0:861:119::/64 2620:0:861:11a::/64 2620:0:861:11c::/64 2620:0:861:11d::/64 2620:0:861:11e::/64 2620:0:861:11f::/64 2620:0:861:120::/64 2620:0:861:121::/64 2620:0:861:122::/64 2620:0:861:123::/64 2620:0:861:124::/64 2620:0:861:125::/64 2620:0:861:126::/64 2620:0:861:127::/64 2620:0:861:128::/64 2620:0:861:129::/64 2620:0:861:12a::/64 2620:0:861:12b::/64 2620:0:861:12c::/64 2620:0:861:12d::/64 2620:0:861:12e::/64 2620:0:861:12f::/64 2620:0:861:131::/64 2620:0:861:132::/64 2620:0:861:133::/64 2620:0:861:134::/64 2620:0:861:135::/64 2620:0:861:136::/64 2620:0:861:137::/64 2620:0:861:138::/64 2620:0:861:139::/64 2620:0:861:13a::/64 2620:0:861:13b::/64 2620:0:861:13c::/64 2620:0:861:13d::/64 2620:0:861:13e::/64 2620:0:861:13f::/64 2620:0:861:140::/64 2620:0:861:141::/64 2620:0:861:142::/64 2620:0:861:143::/64 2620:0:861:144::/64 2620:0:861:145::/64 2620:0:861:1::/64 2620:0:861:2::/64 2620:0:861:300::/64 2620:0:861:301::/116 2620:0:861:302::/64 2620:0:861:303::/116 2620:0:861:304::/116 2620:0:861:305::/64 2620:0:861:3::/64 2620:0:861:4::/64 2620:0:861:babe::/64 2620:0:861:babf::/116 2620:0:861:cabe::/64 2620:0:861:cabf::/116 2620:0:861:ed1a::/64 2620:0:863:101::/64 2620:0:863:102::/64 2620:0:863:103::/64 2620:0:863:1::/64 2620:0:863:2::/64 2620:0:863:3::/64 2620:0:863:ed1a::/64 2a02:ec80:300:101::/64 2a02:ec80:300:102::/64 2a02:ec80:300:103::/64 2a02:ec80:300:1::/64 2a02:ec80:300:2::/64 2a02:ec80:300:3::/64 2a02:ec80:300:ed1a::/64 2a02:ec80:600:101::/64 2a02:ec80:600:102::/64 2a02:ec80:600:1::/64 2a02:ec80:600:2::/64 2a02:ec80:600:ed1a::/64 2a02:ec80:700:101::/64 2a02:ec80:700:102::/64 2a02:ec80:700:103::/64 2a02:ec80:700:1::/64 2a02:ec80:700:2::/64 2a02:ec80:700:3::/64 2a02:ec80:700:ed1a::/64 );\n-# $CLOUD_NETWORKS is a set of all Cloud VPS instance networks\n-@def $CLOUD_NETWORKS = (172.16.0.0/21 172.16.128.0/24 172.16.129.0/24 172.16.130.0/24 172.16.131.0/24 172.16.16.0/21 172.16.24.0/24 172.16.8.0/21 172.20.1.0/24 172.20.2.0/24 172.20.254.0/24 172.20.255.0/24 172.20.3.0/24 172.20.4.0/24 172.20.5.0/24 185.15.56.0/25 185.15.56.160/28 185.15.57.0/29 185.15.57.16/29 185.15.57.24/29 2a02:ec80:a000:100::/64 2a02:ec80:a000:1::/64 2a02:ec80:a000:201::/64 2a02:ec80:a000:202::/64 2a02:ec80:a000:203::/64 2a02:ec80:a000:204::/64 2a02:ec80:a000:2ff::/64 2a02:ec80:a000:4000::/64 2a02:ec80:a100:100::/64 2a02:ec80:a100:1::/64 2a02:ec80:a100:205::/64 2a02:ec80:a100:2ff::/64 2a02:ec80:a100:4000::/64 );\n-# $LABS_NETWORKS is a deprecated alias for $CLOUD_NETWORKS\n-@def $LABS_NETWORKS = (172.16.0.0/21 172.16.128.0/24 172.16.129.0/24 172.16.130.0/24 172.16.131.0/24 172.16.16.0/21 172.16.24.0/24 172.16.8.0/21 172.20.1.0/24 172.20.2.0/24 172.20.254.0/24 172.20.255.0/24 172.20.3.0/24 172.20.4.0/24 172.20.5.0/24 185.15.56.0/25 185.15.56.160/28 185.15.57.0/29 185.15.57.16/29 185.15.57.24/29 2a02:ec80:a000:100::/64 2a02:ec80:a000:1::/64 2a02:ec80:a000:201::/64 2a02:ec80:a000:202::/64 2a02:ec80:a000:203::/64 2a02:ec80:a000:204::/64 2a02:ec80:a000:2ff::/64 2a02:ec80:a000:4000::/64 2a02:ec80:a100:100::/64 2a02:ec80:a100:1::/64 2a02:ec80:a100:205::/64 2a02:ec80:a100:2ff::/64 2a02:ec80:a100:4000::/64 );\n-# $CLOUD_NETWORKS_PUBLIC is meant to be a set of all Cloud public networks\n-@def $CLOUD_NETWORKS_PUBLIC = (185.15.56.0/25 185.15.56.160/28 185.15.57.0/29 185.15.57.16/29 185.15.57.24/29 2a02:ec80:a000:4000::/64 2a02:ec80:a100:4000::/64 );\n-# $CLOUD_PRIVATE_NETWORKS is the cloud-private networks with WMCS\n-# hardware with cloud realm private 172.20.x.x addresses. These\n-# hosts are dual-homed, usually also in at least cloud-hosts.\n-@def $CLOUD_PRIVATE_NETWORKS = (172.20.1.0/24 172.20.2.0/24 172.20.3.0/24 172.20.4.0/24 2a02:ec80:a000:201::/64 2a02:ec80:a000:202::/64 2a02:ec80:a000:203::/64 2a02:ec80:a000:204::/64 172.20.5.0/24 2a02:ec80:a100:205::/64);\n-# $FRACK_NETWORKS is meant to be a set of all fundraising networks\n-@def $FRACK_NETWORKS = (10.195.0.0/27 10.195.0.128/29 10.195.0.32/27 10.195.0.64/28 10.195.0.80/29 10.195.0.96/27 10.195.1.0/25 10.64.40.0/27 10.64.40.160/27 10.64.40.192/26 10.64.40.32/27 10.64.40.64/27 10.64.40.96/27 208.80.152.224/28 208.80.155.0/27 );\n-\n-@def $ANALYTICS_NETWORKS = (10.64.137.0/24 10.64.138.0/24 10.64.139.0/24 10.64.140.0/24 10.64.142.0/24 10.64.143.0/24 10.64.144.0/24 10.64.145.0/24 10.64.153.0/24 10.64.155.0/24 10.64.157.0/24 10.64.159.0/24 10.64.161.0/24 10.64.163.0/24 10.64.165.0/24 10.64.167.0/24 10.64.170.0/24 10.64.172.0/24 10.64.174.0/24 10.64.176.0/24 10.64.178.0/24 10.64.180.0/24 10.64.182.0/24 10.64.184.0/24 10.64.186.0/24 10.64.188.0/24 10.64.190.0/24 10.64.21.0/24 10.64.36.0/24 10.64.5.0/24 10.64.53.0/24 2620:0:861:100::/64 2620:0:861:104::/64 2620:0:861:105::/64 2620:0:861:106::/64 2620:0:861:108::/64 2620:0:861:110::/64 2620:0:861:111::/64 2620:0:861:112::/64 2620:0:861:114::/64 2620:0:861:115::/64 2620:0:861:116::/64 2620:0:861:117::/64 2620:0:861:11a::/64 2620:0:861:121::/64 2620:0:861:123::/64 2620:0:861:125::/64 2620:0:861:127::/64 2620:0:861:129::/64 2620:0:861:12b::/64 2620:0:861:12d::/64 2620:0:861:12f::/64 2620:0:861:132::/64 2620:0:861:134::/64 2620:0:861:136::/64 2620:0:861:138::/64 2620:0:861:13a::/64 2620:0:861:13c::/64 2620:0:861:13e::/64 2620:0:861:141::/64 2620:0:861:143::/64 2620:0:861:145::/64 );\n-@def $MW_APPSERVER_NETWORKS = (10.64.0.0/22 10.64.130.0/24 10.64.131.0/24 10.64.132.0/24 10.64.133.0/24 10.64.134.0/24 10.64.135.0/24 10.64.136.0/24 10.64.141.0/24 10.64.152.0/24 10.64.154.0/24 10.64.156.0/24 10.64.158.0/24 10.64.16.0/22 10.64.160.0/24 10.64.162.0/24 10.64.164.0/24 10.64.166.0/24 10.64.169.0/24 10.64.171.0/24 10.64.173.0/24 10.64.175.0/24 10.64.177.0/24 10.64.179.0/24 10.64.181.0/24 10.64.183.0/24 10.64.185.0/24 10.64.187.0/24 10.64.189.0/24 10.64.32.0/22 10.64.48.0/22 2620:0:861:101::/64 2620:0:861:102::/64 2620:0:861:103::/64 2620:0:861:107::/64 2620:0:861:109::/64 2620:0:861:10a::/64 2620:0:861:10b::/64 2620:0:861:10c::/64 2620:0:861:10d::/64 2620:0:861:10e::/64 2620:0:861:10f::/64 2620:0:861:113::/64 2620:0:861:119::/64 2620:0:861:120::/64 2620:0:861:122::/64 2620:0:861:124::/64 2620:0:861:126::/64 2620:0:861:128::/64 2620:0:861:12a::/64 2620:0:861:12c::/64 2620:0:861:12e::/64 2620:0:861:131::/64 2620:0:861:133::/64 2620:0:861:135::/64 2620:0:861:137::/64 2620:0:861:139::/64 2620:0:861:13b::/64 2620:0:861:13d::/64 2620:0:861:13f::/64 2620:0:861:142::/64 2620:0:861:144::/64 10.192.0.0/22 10.192.10.0/24 10.192.11.0/24 10.192.12.0/24 10.192.13.0/24 10.192.14.0/24 10.192.15.0/24 10.192.16.0/22 10.192.21.0/24 10.192.22.0/24 10.192.23.0/24 10.192.26.0/24 10.192.27.0/24 10.192.28.0/24 10.192.29.0/24 10.192.30.0/24 10.192.31.0/24 10.192.32.0/22 10.192.36.0/24 10.192.37.0/24 10.192.38.0/24 10.192.39.0/24 10.192.4.0/24 10.192.40.0/24 10.192.41.0/24 10.192.42.0/24 10.192.43.0/24 10.192.44.0/24 10.192.45.0/24 10.192.46.0/24 10.192.47.0/24 10.192.48.0/22 10.192.5.0/24 10.192.52.0/24 10.192.56.0/24 10.192.57.0/24 10.192.58.0/24 10.192.59.0/24 10.192.6.0/24 10.192.7.0/24 10.192.8.0/24 10.192.9.0/24 2620:0:860:100::/64 2620:0:860:101::/64 2620:0:860:102::/64 2620:0:860:103::/64 2620:0:860:104::/64 2620:0:860:105::/64 2620:0:860:106::/64 2620:0:860:107::/64 2620:0:860:108::/64 2620:0:860:109::/64 2620:0:860:10a::/64 2620:0:860:10b::/64 2620:0:860:10c::/64 2620:0:860:10d::/64 2620:0:860:10e::/64 2620:0:860:10f::/64 2620:0:860:110::/64 2620:0:860:111::/64 2620:0:860:112::/64 2620:0:860:113::/64 2620:0:860:114::/64 2620:0:860:115::/64 2620:0:860:116::/64 2620:0:860:119::/64 2620:0:860:11a::/64 2620:0:860:11b::/64 2620:0:860:11c::/64 2620:0:860:11d::/64 2620:0:860:11e::/64 2620:0:860:11f::/64 2620:0:860:120::/64 2620:0:860:121::/64 2620:0:860:122::/64 2620:0:860:123::/64 2620:0:860:124::/64 2620:0:860:125::/64 2620:0:860:126::/64 2620:0:860:127::/64 2620:0:860:12b::/64 2620:0:860:12c::/64 2620:0:860:12d::/64 2620:0:860:12e::/64 10.192.64.0/21 10.192.96.0/21 10.194.128.0/17 10.194.16.0/21 10.194.61.0/24 10.194.80.0/21 10.64.64.0/21 10.67.128.0/17 10.67.16.0/21 10.67.24.0/21 10.67.80.0/21 2620:0:860:300::/64 2620:0:860:302::/64 2620:0:860:305::/64 2620:0:860:308::/64 2620:0:860:babe::/64 2620:0:860:cabe::/64 2620:0:861:300::/64 2620:0:861:302::/64 2620:0:861:305::/64 2620:0:861:babe::/64 2620:0:861:cabe::/64 208.80.154.0/26 208.80.154.128/26 208.80.154.64/26 208.80.155.96/27 2620:0:861:1::/64 2620:0:861:2::/64 2620:0:861:3::/64 2620:0:861:4::/64 208.80.153.0/27 208.80.153.32/27 208.80.153.64/27 208.80.153.96/27 2620:0:860:1::/64 2620:0:860:2::/64 2620:0:860:3::/64 2620:0:860:4::/64 );\n-@def $WIKIKUBE_KUBEPODS_NETWORKS  = (10.67.128.0/17 2620:0:861:cabe::/64 10.194.128.0/17 2620:0:860:cabe::/64 );\n-@def $STAGING_KUBEPODS_NETWORKS  = (10.64.64.0/21 2620:0:861:babe::/64 10.192.64.0/21 2620:0:860:babe::/64 );\n-@def $MLSERVE_KUBEPODS_NETWORKS = (10.67.16.0/21 2620:0:861:300::/64 10.194.16.0/21 2620:0:860:300::/64 );\n-@def $MLSTAGE_KUBEPODS_NETWORKS = (10.194.61.0/24 2620:0:860:302::/64 );\n-@def $DSE_KUBEPODS_NETWORKS = (10.67.24.0/21 2620:0:861:302::/64 10.192.96.0/21 2620:0:860:308::/64 );\n-@def $AUX_KUBEPODS_NETWORKS = (10.67.80.0/21 2620:0:861:305::/64 10.194.80.0/21 2620:0:860:305::/64 );\n-\n-@def $NETWORK_INFRA = (185.15.59.128/27 2a02:ec80:300:fe00::/55 198.35.26.128/27 2620:0:863:fe00::/55 208.80.153.192/27 2620:0:860:fe00::/55 10.192.255.0/24 2620:0:860:13f::/64 10.192.253.0/24 2620:0:860:139::/64 208.80.154.192/27 2620:0:861:fe00::/55 10.64.146.0/24 2620:0:861:11b::/128 10.64.168.0/24 2620:0:861:130::/64 10.64.147.0/24 103.102.166.128/27 2001:df2:e500:fe00::/55 185.15.58.128/27 2a02:ec80:600:fe00::/55 195.200.68.128/27 2a02:ec80:700:fe00::/55);\n-@def $MGMT_NETWORKS = (10.65.0.0/16 10.128.128.0/17 10.193.0.0/16 10.80.128.0/17 10.132.128.0/17 10.136.128.0/17 10.140.128.0/17 );\n-@def $SANDBOX_NETWORKS = (103.102.166.72/29 185.15.59.72/29 195.200.68.64/29 198.35.26.240/28 2001:df2:e500:202::/64 208.80.152.240/28 208.80.155.64/28 2620:0:860:201::/64 2620:0:861:202::/64 2620:0:863:201::/64 2a02:ec80:300:202::/64 2a02:ec80:700:201::/64 );\n-\n-@def $DEPLOYMENT_HOSTS = (10.64.16.93 2620:0:861:102:10:64:16:93 10.192.32.7 2620:0:860:103:10:192:32:7 );\n-@def $CUMIN_MASTERS = (10.64.16.154 2620:0:861:102:10:64:16:154 10.192.32.49 2620:0:860:103:10:192:32:49 );\n-@def $CACHES = (10.64.0.79 2620:0:861:101:10:64:0:79 10.64.0.229 2620:0:861:101:10:64:0:229 10.64.0.14 2620:0:861:101:10:64:0:14 10.64.0.51 2620:0:861:101:10:64:0:51 10.64.16.241 2620:0:861:102:10:64:16:241 10.64.16.94 2620:0:861:102:10:64:16:94 10.64.16.95 2620:0:861:102:10:64:16:95 10.64.16.240 2620:0:861:102:10:64:16:240 10.64.32.14 2620:0:861:103:10:64:32:14 10.64.32.60 2620:0:861:103:10:64:32:60 10.64.32.15 2620:0:861:103:10:64:32:15 10.64.32.65 2620:0:861:103:10:64:32:65 10.64.48.16 2620:0:861:107:10:64:48:16 10.64.48.41 2620:0:861:107:10:64:48:41 10.64.48.27 2620:0:861:107:10:64:48:27 10.64.48.28 2620:0:861:107:10:64:48:28 10.192.23.26 2620:0:860:113:10:192:23:26 10.192.6.20 2620:0:860:107:10:192:6:20 10.192.12.35 2620:0:860:10d:10:192:12:35 10.192.14.25 2620:0:860:10f:10:192:14:25 10.192.4.22 2620:0:860:100:10:192:4:22 10.192.29.26 2620:0:860:116:10:192:29:26 10.192.30.29 2620:0:860:119:10:192:30:29 10.192.36.19 2620:0:860:11b:10:192:36:19 10.192.40.25 2620:0:860:11f:10:192:40:25 10.192.41.21 2620:0:860:120:10:192:41:21 10.192.56.3 2620:0:860:12b:10:192:56:3 10.192.56.4 2620:0:860:12b:10:192:56:4 10.192.57.3 2620:0:860:12c:10:192:57:3 10.192.58.2 2620:0:860:12d:10:192:58:2 10.192.58.3 2620:0:860:12d:10:192:58:3 10.192.59.2 2620:0:860:12e:10:192:59:2 10.80.0.14 2a02:ec80:300:101:10:80:0:14 10.80.1.11 2a02:ec80:300:102:10:80:1:11 10.80.0.13 2a02:ec80:300:101:10:80:0:13 10.80.1.9 2a02:ec80:300:102:10:80:1:9 10.80.0.12 2a02:ec80:300:101:10:80:0:12 10.80.1.7 2a02:ec80:300:102:10:80:1:7 10.80.0.11 2a02:ec80:300:101:10:80:0:11 10.80.1.6 2a02:ec80:300:102:10:80:1:6 10.80.0.10 2a02:ec80:300:101:10:80:0:10 10.80.1.5 2a02:ec80:300:102:10:80:1:5 10.80.0.8 2a02:ec80:300:101:10:80:0:8 10.80.1.4 2a02:ec80:300:102:10:80:1:4 10.80.0.7 2a02:ec80:300:101:10:80:0:7 10.80.1.3 2a02:ec80:300:102:10:80:1:3 10.80.0.6 2a02:ec80:300:101:10:80:0:6 10.80.1.2 2a02:ec80:300:102:10:80:1:2 10.128.0.19 2620:0:863:101:10:128:0:19 10.128.1.27 2620:0:863:102:10:128:1:27 10.128.0.22 2620:0:863:101:10:128:0:22 10.128.1.28 2620:0:863:102:10:128:1:28 10.128.0.25 2620:0:863:101:10:128:0:25 10.128.1.29 2620:0:863:102:10:128:1:29 10.128.0.26 2620:0:863:101:10:128:0:26 10.128.1.31 2620:0:863:102:10:128:1:31 10.128.0.14 2620:0:863:101:10:128:0:14 10.128.1.35 2620:0:863:102:10:128:1:35 10.128.0.21 2620:0:863:101:10:128:0:21 10.128.1.36 2620:0:863:102:10:128:1:36 10.128.0.24 2620:0:863:101:10:128:0:24 10.128.1.10 2620:0:863:102:10:128:1:10 10.128.0.37 2620:0:863:101:10:128:0:37 10.128.1.12 2620:0:863:102:10:128:1:12 10.132.0.17 2001:df2:e500:101:10:132:0:17 10.132.0.18 2001:df2:e500:101:10:132:0:18 10.132.0.19 2001:df2:e500:101:10:132:0:19 10.132.0.24 2001:df2:e500:101:10:132:0:24 10.132.0.29 2001:df2:e500:101:10:132:0:29 10.132.0.30 2001:df2:e500:101:10:132:0:30 10.132.0.34 2001:df2:e500:101:10:132:0:34 10.132.0.35 2001:df2:e500:101:10:132:0:35 10.132.0.36 2001:df2:e500:101:10:132:0:36 10.132.0.37 2001:df2:e500:101:10:132:0:37 10.132.0.38 2001:df2:e500:101:10:132:0:38 10.132.0.25 2001:df2:e500:101:10:132:0:25 10.132.0.26 2001:df2:e500:101:10:132:0:26 10.132.0.27 2001:df2:e500:101:10:132:0:27 10.132.0.28 2001:df2:e500:101:10:132:0:28 10.132.0.16 2001:df2:e500:101:10:132:0:16 10.136.0.6 2a02:ec80:600:101:10:136:0:6 10.136.1.6 2a02:ec80:600:102:10:136:1:6 10.136.0.7 2a02:ec80:600:101:10:136:0:7 10.136.1.7 2a02:ec80:600:102:10:136:1:7 10.136.0.8 2a02:ec80:600:101:10:136:0:8 10.136.1.8 2a02:ec80:600:102:10:136:1:8 10.136.0.9 2a02:ec80:600:101:10:136:0:9 10.136.1.9 2a02:ec80:600:102:10:136:1:9 10.136.0.10 2a02:ec80:600:101:10:136:0:10 10.136.1.10 2a02:ec80:600:102:10:136:1:10 10.136.0.11 2a02:ec80:600:101:10:136:0:11 10.136.1.11 2a02:ec80:600:102:10:136:1:11 10.136.0.12 2a02:ec80:600:101:10:136:0:12 10.136.1.12 2a02:ec80:600:102:10:136:1:12 10.136.0.13 2a02:ec80:600:101:10:136:0:13 10.136.1.13 2a02:ec80:600:102:10:136:1:13 10.140.0.3 2a02:ec80:700:101:10:140:0:3 10.140.1.4 2a02:ec80:700:102:10:140:1:4 10.140.0.4 2a02:ec80:700:101:10:140:0:4 10.140.1.5 2a02:ec80:700:102:10:140:1:5 10.140.0.5 2a02:ec80:700:101:10:140:0:5 10.140.1.6 2a02:ec80:700:102:10:140:1:6 10.140.0.6 2a02:ec80:700:101:10:140:0:6 10.140.1.7 2a02:ec80:700:102:10:140:1:7 10.140.0.7 2a02:ec80:700:101:10:140:0:7 10.140.1.8 2a02:ec80:700:102:10:140:1:8 10.140.0.8 2a02:ec80:700:101:10:140:0:8 10.140.1.9 2a02:ec80:700:102:10:140:1:9 10.140.0.9 2a02:ec80:700:101:10:140:0:9 10.140.1.10 2a02:ec80:700:102:10:140:1:10 10.140.0.10 2a02:ec80:700:101:10:140:0:10 10.140.1.11 2a02:ec80:700:102:10:140:1:11 );\n-@def $LOAD_BALANCER_HEALTH_CHECKS = (10.64.0.136 10.64.16.60 10.64.158.19 10.64.166.19 10.64.133.19 10.64.141.19 10.64.169.19 10.64.171.19 10.64.173.19 10.64.175.19 10.64.177.19 10.64.179.19 10.64.181.19 10.64.183.19 10.64.185.19 10.64.187.19 10.64.189.19 10.64.48.72 10.64.37.17 10.64.1.17 10.64.17.17 10.64.33.17 10.64.130.20 10.64.131.20 10.64.132.20 10.64.134.20 10.64.135.20 10.64.136.20 10.64.158.20 10.64.166.20 10.64.133.20 10.64.141.20 10.64.169.20 10.64.171.20 10.64.173.20 10.64.175.20 10.64.177.20 10.64.179.20 10.64.181.20 10.64.183.20 10.64.185.20 10.64.187.20 10.64.189.20 2620:0:861:101::/64 2620:0:861:102::/64 2620:0:861:103::/64 2620:0:861:107::/64 2620:0:861:109::/64 2620:0:861:10a::/64 2620:0:861:10b::/64 2620:0:861:10d::/64 2620:0:861:10e::/64 2620:0:861:10f::/64 2620:0:861:119::/64 2620:0:861:10c::/64 2620:0:861:113::/64 2620:0:861:119::/64 2620:0:861:131::/64 2620:0:861:133::/64 2620:0:861:135::/64 2620:0:861:137::/64 2620:0:861:139::/64 2620:0:861:13b::/64 2620:0:861:13d::/64 2620:0:861:13f::/64 2620:0:861:142::/64 2620:0:861:144::/64 10.192.23.8 10.192.0.29 10.192.17.8 10.192.33.8 10.192.49.8 10.192.23.2 10.192.5.2 10.192.6.2 10.192.7.2 10.192.8.2 10.192.9.2 10.192.10.2 10.192.11.2 10.192.12.2 10.192.13.2 10.192.14.2 10.192.15.2 10.192.21.2 10.192.22.2 10.192.4.2 10.192.26.2 10.192.27.2 10.192.28.2 10.192.29.2 10.192.30.2 10.192.31.2 10.192.36.2 10.192.37.2 10.192.38.2 10.192.39.2 10.192.40.2 10.192.41.2 10.192.42.2 10.192.43.2 10.192.11.8 10.192.16.140 10.192.1.8 10.192.33.9 10.192.49.9 10.192.23.3 10.192.5.3 10.192.6.3 10.192.7.3 10.192.8.3 10.192.9.3 10.192.10.3 10.192.11.3 10.192.12.3 10.192.13.3 10.192.14.3 10.192.15.3 10.192.21.3 10.192.22.3 10.192.4.3 10.192.26.3 10.192.27.3 10.192.28.3 10.192.29.3 10.192.30.3 10.192.31.3 10.192.36.3 10.192.37.3 10.192.38.3 10.192.39.4 10.192.40.3 10.192.41.3 10.192.42.3 10.192.43.3 10.192.32.14 10.192.1.9 10.192.17.9 10.192.49.10 10.192.23.4 10.192.5.4 10.192.6.4 10.192.7.4 10.192.8.4 10.192.9.4 10.192.10.4 10.192.11.4 10.192.12.4 10.192.13.4 10.192.14.4 10.192.15.4 10.192.21.4 10.192.22.4 10.192.4.5 10.192.26.5 10.192.27.5 10.192.28.5 10.192.29.5 10.192.30.5 10.192.31.5 10.192.36.5 10.192.37.5 10.192.38.5 10.192.39.6 10.192.40.5 10.192.41.5 10.192.42.5 10.192.43.5 10.192.48.213 10.192.1.13 10.192.17.10 10.192.33.10 10.192.23.5 10.192.5.8 10.192.6.5 10.192.7.5 10.192.8.5 10.192.9.5 10.192.10.5 10.192.11.5 10.192.12.5 10.192.13.5 10.192.14.5 10.192.15.5 10.192.21.5 10.192.22.5 10.192.4.5 10.192.26.5 10.192.27.5 10.192.28.5 10.192.29.5 10.192.30.5 10.192.31.5 10.192.36.5 10.192.37.5 10.192.38.5 10.192.39.6 10.192.40.5 10.192.41.5 10.192.42.5 10.192.43.5 2620:0:860:101::/64 2620:0:860:102::/64 2620:0:860:103::/64 2620:0:860:104::/64 10.80.0.3 10.80.1.8 10.80.1.14 10.80.0.9 10.80.0.2 10.80.1.10 2a02:ec80:300:101::/64 2a02:ec80:300:102::/64 10.128.1.18 10.128.0.9 10.128.1.11 2620:0:863:101::/64 2620:0:863:102::/64 10.132.0.39 10.132.0.6 10.132.0.7 2001:df2:e500:101::/64 10.136.0.16 10.136.1.19 10.136.1.15 10.136.0.19 10.136.0.17 10.136.1.20 2a02:ec80:600:101::/64 2a02:ec80:600:102::/64 10.140.0.13 10.140.1.2 10.140.1.14 10.140.0.2 10.140.0.14 10.140.1.3 2a02:ec80:700:101::/64 2a02:ec80:700:102::/64 );\n-@def $KAFKA_BROKERS_MAIN = (10.192.5.9 2620:0:860:106:10:192:5:9 10.192.22.6 2620:0:860:112:10:192:22:6 10.192.32.4 2620:0:860:103:10:192:32:4 10.192.48.33 2620:0:860:104:10:192:48:33 10.192.48.35 2620:0:860:104:10:192:48:35 10.64.0.101 2620:0:861:101:10:64:0:101 10.64.16.30 2620:0:861:102:10:64:16:30 10.64.32.45 2620:0:861:103:10:64:32:45 10.64.48.37 2620:0:861:107:10:64:48:37 10.64.152.5 2620:0:861:120:10:64:152:5 );\n-@def $KAFKA_BROKERS_JUMBO = (10.64.130.10 2620:0:861:109:10:64:130:10 10.64.131.16 2620:0:861:10a:10:64:131:16 10.64.132.21 2620:0:861:10b:10:64:132:21 10.64.134.9 2620:0:861:10d:10:64:134:9 10.64.135.16 2620:0:861:10e:10:64:135:16 10.64.136.11 2620:0:861:10f:10:64:136:11 10.64.154.15 2620:0:861:122:10:64:154:15 10.64.160.16 2620:0:861:128:10:64:160:16 10.64.0.126 2620:0:861:101:10:64:0:126 );\n-@def $KAFKA_BROKERS_LOGGING = (10.64.16.205 2620:0:861:102:10:64:16:205 10.64.133.11 2620:0:861:10c:10:64:133:11 10.64.183.12 2620:0:861:13d:10:64:183:12 10.64.131.13 2620:0:861:10a:10:64:131:13 10.64.135.13 2620:0:861:10e:10:64:135:13 10.192.23.29 2620:0:860:113:10:192:23:29 10.192.11.28 2620:0:860:10c:10:192:11:28 10.192.26.22 2620:0:860:105:10:192:26:22 10.192.11.27 2620:0:860:10c:10:192:11:27 10.192.39.25 2620:0:860:11e:10:192:39:25 );\n-@def $KAFKAMON_HOSTS = (10.64.32.11 2620:0:861:103:10:64:32:11 10.192.16.139 2620:0:860:102:10:192:16:139 );\n-@def $ZOOKEEPER_HOSTS_MAIN = (10.64.0.207 2620:0:861:101:10:64:0:207 10.64.16.110 2620:0:861:102:10:64:16:110 10.64.48.154 2620:0:861:107:10:64:48:154 10.192.16.45 2620:0:860:102:10:192:16:45 10.192.32.52 2620:0:860:103:10:192:32:52 10.192.48.59 2620:0:860:104:10:192:48:59 );\n-@def $ZOOKEEPER_FLINK_HOSTS = (10.64.16.9 2620:0:861:102:10:64:16:9 10.64.0.8 2620:0:861:101:10:64:0:8 10.64.32.41 2620:0:861:103:10:64:32:41 10.192.16.227 2620:0:860:102:10:192:16:227 10.192.32.179 2620:0:860:103:10:192:32:179 10.192.48.219 2620:0:860:104:10:192:48:219 );\n-@def $DRUID_PUBLIC_HOSTS = (10.64.131.9 2620:0:861:10a:10:64:131:9 10.64.132.12 2620:0:861:10b:10:64:132:12 10.64.135.9 2620:0:861:10e:10:64:135:9 10.64.32.101 2620:0:861:103:10:64:32:101 10.64.48.185 2620:0:861:107:10:64:48:185 );\n-@def $LABSTORE_HOSTS = (208.80.154.142 2620:0:861:2:208:80:154:142 208.80.154.71 2620:0:861:3:208:80:154:71 );\n-@def $MYSQL_ROOT_CLIENTS = (10.64.16.90 10.192.16.191 10.64.16.154 10.192.32.49 208.80.154.9 10.64.0.20 );\n-\n-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-codfw-bgp-private-vips\n-@def $CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS_IPV4 = (172.20.254.0/24);\n-@def $CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS_IPV6 = (2a02:ec80:a100:2ff::/64);\n-@def $CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS = ($CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS_IPV4 $CODFW_PRIVATE_CLOUD_CODFW_BGP_PRIVATE_VIPS_IPV6 );\n-\n-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-instances-flat3-codfw\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW_IPV4 = (172.16.129.0/24);\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW_IPV6 = (2a02:ec80:a100:1::/64);\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW = ($CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW_IPV4 $CODFW_PRIVATE_CLOUD_INSTANCES_FLAT3_CODFW_IPV6 );\n-\n-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-instances-octavia-lb-mgmt-net-codfw1dev\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV_IPV4 = (172.16.131.0/24);\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV_IPV6 = (2a02:ec80:a100:100::/64);\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV = ($CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV_IPV4 $CODFW_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_CODFW1DEV_IPV6 );\n-\n-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-instances-vxlan-ipv4-only-codfw\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES_VXLAN_IPV4_ONLY_CODFW_IPV4 = (172.16.130.0/24);\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES_VXLAN_IPV4_ONLY_CODFW = ($CODFW_PRIVATE_CLOUD_INSTANCES_VXLAN_IPV4_ONLY_CODFW_IPV4 );\n-\n-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-instances2-b-codfw\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES2_B_CODFW_IPV4 = (172.16.128.0/24);\n-@def $CODFW_PRIVATE_CLOUD_INSTANCES2_B_CODFW = ($CODFW_PRIVATE_CLOUD_INSTANCES2_B_CODFW_IPV4 );\n-\n-# Realm: cloud, # Site: codfw, # Sphere: private, # Network: cloud-private-b1-codfw\n-@def $CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW_IPV4 = (172.20.5.0/24);\n-@def $CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW_IPV6 = (2a02:ec80:a100:205::/64);\n-@def $CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW = ($CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW_IPV4 $CODFW_PRIVATE_CLOUD_PRIVATE_B1_CODFW_IPV6 );\n-\n-# Realm: cloud, # Site: codfw, # Sphere: public, # Network: cloud-codfw1dev-bgp-public-vips\n-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS_IPV4 = (185.15.57.24/29);\n-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS_IPV6 = (2a02:ec80:a100:4000::/64);\n-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS = ($CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS_IPV4 $CODFW_PUBLIC_CLOUD_CODFW1DEV_BGP_PUBLIC_VIPS_IPV6 );\n-\n-# Realm: cloud, # Site: codfw, # Sphere: public, # Network: cloud-codfw1dev-floating\n-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_IPV4 = (185.15.57.0/29);\n-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING = ($CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_IPV4 );\n-\n-# Realm: cloud, # Site: codfw, # Sphere: public, # Network: cloud-codfw1dev-floating-additional\n-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_ADDITIONAL_IPV4 = (185.15.57.16/29);\n-@def $CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_ADDITIONAL = ($CODFW_PUBLIC_CLOUD_CODFW1DEV_FLOATING_ADDITIONAL_IPV4 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-eqiad-bgp-private-vips\n-@def $EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS_IPV4 = (172.20.255.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS_IPV6 = (2a02:ec80:a000:2ff::/64);\n-@def $EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS = ($EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS_IPV4 $EQIAD_PRIVATE_CLOUD_EQIAD_BGP_PRIVATE_VIPS_IPV6 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-instances-octavia-lb-mgmt-net-eqiad1\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1_IPV4 = (172.16.24.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1_IPV6 = (2a02:ec80:a000:100::/64);\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1 = ($EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1_IPV4 $EQIAD_PRIVATE_CLOUD_INSTANCES_OCTAVIA_LB_MGMT_NET_EQIAD1_IPV6 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-instances-vxlan-dualstack-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD_IPV4 = (172.16.16.0/21);\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD_IPV6 = (2a02:ec80:a000:1::/64);\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD = ($EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_DUALSTACK_EQIAD_IPV6 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-instances-vxlan-v4only-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_V4ONLY_EQIAD_IPV4 = (172.16.8.0/21);\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_V4ONLY_EQIAD = ($EQIAD_PRIVATE_CLOUD_INSTANCES_VXLAN_V4ONLY_EQIAD_IPV4 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-instances2-b-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES2_B_EQIAD_IPV4 = (172.16.0.0/21);\n-@def $EQIAD_PRIVATE_CLOUD_INSTANCES2_B_EQIAD = ($EQIAD_PRIVATE_CLOUD_INSTANCES2_B_EQIAD_IPV4 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-private-c8-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD_IPV4 = (172.20.1.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD_IPV6 = (2a02:ec80:a000:201::/64);\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD = ($EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_PRIVATE_C8_EQIAD_IPV6 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-private-d5-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD_IPV4 = (172.20.2.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD_IPV6 = (2a02:ec80:a000:202::/64);\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD = ($EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_PRIVATE_D5_EQIAD_IPV6 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-private-e4-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD_IPV4 = (172.20.3.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD_IPV6 = (2a02:ec80:a000:203::/64);\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD = ($EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_PRIVATE_E4_EQIAD_IPV6 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: private, # Network: cloud-private-f4-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD_IPV4 = (172.20.4.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD_IPV6 = (2a02:ec80:a000:204::/64);\n-@def $EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD = ($EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_PRIVATE_F4_EQIAD_IPV6 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: public, # Network: cloud-eqiad1-bgp-public-vips\n-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS_IPV4 = (185.15.56.160/28);\n-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS_IPV6 = (2a02:ec80:a000:4000::/64);\n-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS = ($EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS_IPV4 $EQIAD_PUBLIC_CLOUD_EQIAD1_BGP_PUBLIC_VIPS_IPV6 );\n-\n-# Realm: cloud, # Site: eqiad, # Sphere: public, # Network: cloud-eqiad1-floating\n-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_FLOATING_IPV4 = (185.15.56.0/25);\n-@def $EQIAD_PUBLIC_CLOUD_EQIAD1_FLOATING = ($EQIAD_PUBLIC_CLOUD_EQIAD1_FLOATING_IPV4 );\n-\n-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-administration-codfw\n-@def $CODFW_PRIVATE_FRACK_ADMINISTRATION_CODFW_IPV4 = (10.195.0.64/28);\n-@def $CODFW_PRIVATE_FRACK_ADMINISTRATION_CODFW = ($CODFW_PRIVATE_FRACK_ADMINISTRATION_CODFW_IPV4 );\n-\n-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-bastion-codfw\n-@def $CODFW_PRIVATE_FRACK_BASTION_CODFW_IPV4 = (10.195.0.128/29);\n-@def $CODFW_PRIVATE_FRACK_BASTION_CODFW = ($CODFW_PRIVATE_FRACK_BASTION_CODFW_IPV4 );\n-\n-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-fundraising-codfw\n-@def $CODFW_PRIVATE_FRACK_FUNDRAISING_CODFW_IPV4 = (10.195.0.32/27);\n-@def $CODFW_PRIVATE_FRACK_FUNDRAISING_CODFW = ($CODFW_PRIVATE_FRACK_FUNDRAISING_CODFW_IPV4 );\n-\n-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-listenerdmz-codfw\n-@def $CODFW_PRIVATE_FRACK_LISTENERDMZ_CODFW_IPV4 = (10.195.0.80/29);\n-@def $CODFW_PRIVATE_FRACK_LISTENERDMZ_CODFW = ($CODFW_PRIVATE_FRACK_LISTENERDMZ_CODFW_IPV4 );\n-\n-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-management-codfw\n-@def $CODFW_PRIVATE_FRACK_MANAGEMENT_CODFW_IPV4 = (10.195.1.0/25);\n-@def $CODFW_PRIVATE_FRACK_MANAGEMENT_CODFW = ($CODFW_PRIVATE_FRACK_MANAGEMENT_CODFW_IPV4 );\n-\n-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-management-legacy-codfw\n-@def $CODFW_PRIVATE_FRACK_MANAGEMENT_LEGACY_CODFW_IPV4 = (10.195.0.96/27);\n-@def $CODFW_PRIVATE_FRACK_MANAGEMENT_LEGACY_CODFW = ($CODFW_PRIVATE_FRACK_MANAGEMENT_LEGACY_CODFW_IPV4 );\n-\n-# Realm: frack, # Site: codfw, # Sphere: private, # Network: frack-payments-codfw\n-@def $CODFW_PRIVATE_FRACK_PAYMENTS_CODFW_IPV4 = (10.195.0.0/27);\n-@def $CODFW_PRIVATE_FRACK_PAYMENTS_CODFW = ($CODFW_PRIVATE_FRACK_PAYMENTS_CODFW_IPV4 );\n-\n-# Realm: frack, # Site: codfw, # Sphere: public, # Network: frack-external-codfw\n-@def $CODFW_PUBLIC_FRACK_EXTERNAL_CODFW_IPV4 = (208.80.152.224/28);\n-@def $CODFW_PUBLIC_FRACK_EXTERNAL_CODFW = ($CODFW_PUBLIC_FRACK_EXTERNAL_CODFW_IPV4 );\n-\n-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-administration1-e15-eqiad\n-@def $EQIAD_PRIVATE_FRACK_ADMINISTRATION1_E15_EQIAD_IPV4 = (10.64.40.64/27);\n-@def $EQIAD_PRIVATE_FRACK_ADMINISTRATION1_E15_EQIAD = ($EQIAD_PRIVATE_FRACK_ADMINISTRATION1_E15_EQIAD_IPV4 );\n-\n-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-bastion1-e15-eqiad\n-@def $EQIAD_PRIVATE_FRACK_BASTION1_E15_EQIAD_IPV4 = (10.64.40.32/27);\n-@def $EQIAD_PRIVATE_FRACK_BASTION1_E15_EQIAD = ($EQIAD_PRIVATE_FRACK_BASTION1_E15_EQIAD_IPV4 );\n-\n-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-fundraising1-e16-eqiad\n-@def $EQIAD_PRIVATE_FRACK_FUNDRAISING1_E16_EQIAD_IPV4 = (10.64.40.96/27);\n-@def $EQIAD_PRIVATE_FRACK_FUNDRAISING1_E16_EQIAD = ($EQIAD_PRIVATE_FRACK_FUNDRAISING1_E16_EQIAD_IPV4 );\n-\n-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-listenerdmz1-e15-eqiad\n-@def $EQIAD_PRIVATE_FRACK_LISTENERDMZ1_E15_EQIAD_IPV4 = (10.64.40.160/27);\n-@def $EQIAD_PRIVATE_FRACK_LISTENERDMZ1_E15_EQIAD = ($EQIAD_PRIVATE_FRACK_LISTENERDMZ1_E15_EQIAD_IPV4 );\n-\n-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-management1-eqiad\n-@def $EQIAD_PRIVATE_FRACK_MANAGEMENT1_EQIAD_IPV4 = (10.64.40.192/26);\n-@def $EQIAD_PRIVATE_FRACK_MANAGEMENT1_EQIAD = ($EQIAD_PRIVATE_FRACK_MANAGEMENT1_EQIAD_IPV4 );\n-\n-# Realm: frack, # Site: eqiad, # Sphere: private, # Network: frack-payments1-e15-eqiad\n-@def $EQIAD_PRIVATE_FRACK_PAYMENTS1_E15_EQIAD_IPV4 = (10.64.40.0/27);\n-@def $EQIAD_PRIVATE_FRACK_PAYMENTS1_E15_EQIAD = ($EQIAD_PRIVATE_FRACK_PAYMENTS1_E15_EQIAD_IPV4 );\n-\n-# Realm: frack, # Site: eqiad, # Sphere: public, # Network: frack-external1-eqiad\n-@def $EQIAD_PUBLIC_FRACK_EXTERNAL1_EQIAD_IPV4 = (208.80.155.0/27);\n-@def $EQIAD_PUBLIC_FRACK_EXTERNAL1_EQIAD = ($EQIAD_PUBLIC_FRACK_EXTERNAL1_EQIAD_IPV4 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: cloud-hosts1-b1-codfw\n-@def $CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW_IPV4 = (10.192.20.0/24);\n-@def $CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW_IPV6 = (2620:0:860:118::/64);\n-@def $CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW = ($CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW_IPV4 $CODFW_PRIVATE_CLOUD_HOSTS1_B1_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_A_CODFW_IPV4 = (10.192.0.0/22);\n-@def $CODFW_PRIVATE_PRIVATE1_A_CODFW_IPV6 = (2620:0:860:101::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_A_CODFW = ($CODFW_PRIVATE_PRIVATE1_A_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a2-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_A2_CODFW_IPV4 = (10.192.23.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_A2_CODFW_IPV6 = (2620:0:860:113::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_A2_CODFW = ($CODFW_PRIVATE_PRIVATE1_A2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A2_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a3-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_A3_CODFW_IPV4 = (10.192.5.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_A3_CODFW_IPV6 = (2620:0:860:106::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_A3_CODFW = ($CODFW_PRIVATE_PRIVATE1_A3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A3_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a4-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_A4_CODFW_IPV4 = (10.192.6.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_A4_CODFW_IPV6 = (2620:0:860:107::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_A4_CODFW = ($CODFW_PRIVATE_PRIVATE1_A4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A4_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a5-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_A5_CODFW_IPV4 = (10.192.7.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_A5_CODFW_IPV6 = (2620:0:860:108::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_A5_CODFW = ($CODFW_PRIVATE_PRIVATE1_A5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A5_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a6-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_A6_CODFW_IPV4 = (10.192.8.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_A6_CODFW_IPV6 = (2620:0:860:109::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_A6_CODFW = ($CODFW_PRIVATE_PRIVATE1_A6_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A6_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a7-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_A7_CODFW_IPV4 = (10.192.9.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_A7_CODFW_IPV6 = (2620:0:860:10a::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_A7_CODFW = ($CODFW_PRIVATE_PRIVATE1_A7_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A7_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-a8-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_A8_CODFW_IPV4 = (10.192.10.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_A8_CODFW_IPV6 = (2620:0:860:10b::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_A8_CODFW = ($CODFW_PRIVATE_PRIVATE1_A8_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_A8_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-aux-kubepods-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW_IPV4 = (10.194.80.0/21);\n-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW_IPV6 = (2620:0:860:305::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_AUX_KUBEPODS_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-aux-kubesvc-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW_IPV4 = (10.194.64.0/20);\n-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW_IPV6 = (2620:0:860:304::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_AUX_KUBESVC_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_B_CODFW_IPV4 = (10.192.16.0/22);\n-@def $CODFW_PRIVATE_PRIVATE1_B_CODFW_IPV6 = (2620:0:860:102::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_B_CODFW = ($CODFW_PRIVATE_PRIVATE1_B_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b2-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_B2_CODFW_IPV4 = (10.192.11.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_B2_CODFW_IPV6 = (2620:0:860:10c::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_B2_CODFW = ($CODFW_PRIVATE_PRIVATE1_B2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B2_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b3-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_B3_CODFW_IPV4 = (10.192.12.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_B3_CODFW_IPV6 = (2620:0:860:10d::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_B3_CODFW = ($CODFW_PRIVATE_PRIVATE1_B3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B3_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b4-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_B4_CODFW_IPV4 = (10.192.13.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_B4_CODFW_IPV6 = (2620:0:860:10e::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_B4_CODFW = ($CODFW_PRIVATE_PRIVATE1_B4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B4_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b5-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_B5_CODFW_IPV4 = (10.192.14.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_B5_CODFW_IPV6 = (2620:0:860:10f::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_B5_CODFW = ($CODFW_PRIVATE_PRIVATE1_B5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B5_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b6-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_B6_CODFW_IPV4 = (10.192.15.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_B6_CODFW_IPV6 = (2620:0:860:110::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_B6_CODFW = ($CODFW_PRIVATE_PRIVATE1_B6_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B6_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b7-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_B7_CODFW_IPV4 = (10.192.21.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_B7_CODFW_IPV6 = (2620:0:860:111::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_B7_CODFW = ($CODFW_PRIVATE_PRIVATE1_B7_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B7_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-b8-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_B8_CODFW_IPV4 = (10.192.22.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_B8_CODFW_IPV6 = (2620:0:860:112::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_B8_CODFW = ($CODFW_PRIVATE_PRIVATE1_B8_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_B8_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_C_CODFW_IPV4 = (10.192.32.0/22);\n-@def $CODFW_PRIVATE_PRIVATE1_C_CODFW_IPV6 = (2620:0:860:103::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_C_CODFW = ($CODFW_PRIVATE_PRIVATE1_C_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c1-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_C1_CODFW_IPV4 = (10.192.4.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_C1_CODFW_IPV6 = (2620:0:860:100::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_C1_CODFW = ($CODFW_PRIVATE_PRIVATE1_C1_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C1_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c2-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_C2_CODFW_IPV4 = (10.192.26.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_C2_CODFW_IPV6 = (2620:0:860:105::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_C2_CODFW = ($CODFW_PRIVATE_PRIVATE1_C2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C2_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c3-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_C3_CODFW_IPV4 = (10.192.27.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_C3_CODFW_IPV6 = (2620:0:860:114::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_C3_CODFW = ($CODFW_PRIVATE_PRIVATE1_C3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C3_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c4-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_C4_CODFW_IPV4 = (10.192.28.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_C4_CODFW_IPV6 = (2620:0:860:115::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_C4_CODFW = ($CODFW_PRIVATE_PRIVATE1_C4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C4_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c5-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_C5_CODFW_IPV4 = (10.192.29.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_C5_CODFW_IPV6 = (2620:0:860:116::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_C5_CODFW = ($CODFW_PRIVATE_PRIVATE1_C5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C5_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c6-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_C6_CODFW_IPV4 = (10.192.30.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_C6_CODFW_IPV6 = (2620:0:860:119::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_C6_CODFW = ($CODFW_PRIVATE_PRIVATE1_C6_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C6_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-c7-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_C7_CODFW_IPV4 = (10.192.31.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_C7_CODFW_IPV6 = (2620:0:860:11a::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_C7_CODFW = ($CODFW_PRIVATE_PRIVATE1_C7_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_C7_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_D_CODFW_IPV4 = (10.192.48.0/22);\n-@def $CODFW_PRIVATE_PRIVATE1_D_CODFW_IPV6 = (2620:0:860:104::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_D_CODFW = ($CODFW_PRIVATE_PRIVATE1_D_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d1-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_D1_CODFW_IPV4 = (10.192.36.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_D1_CODFW_IPV6 = (2620:0:860:11b::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_D1_CODFW = ($CODFW_PRIVATE_PRIVATE1_D1_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D1_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d2-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_D2_CODFW_IPV4 = (10.192.37.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_D2_CODFW_IPV6 = (2620:0:860:11c::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_D2_CODFW = ($CODFW_PRIVATE_PRIVATE1_D2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D2_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d3-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_D3_CODFW_IPV4 = (10.192.38.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_D3_CODFW_IPV6 = (2620:0:860:11d::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_D3_CODFW = ($CODFW_PRIVATE_PRIVATE1_D3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D3_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d4-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_D4_CODFW_IPV4 = (10.192.39.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_D4_CODFW_IPV6 = (2620:0:860:11e::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_D4_CODFW = ($CODFW_PRIVATE_PRIVATE1_D4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D4_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d5-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_D5_CODFW_IPV4 = (10.192.40.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_D5_CODFW_IPV6 = (2620:0:860:11f::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_D5_CODFW = ($CODFW_PRIVATE_PRIVATE1_D5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D5_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d6-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_D6_CODFW_IPV4 = (10.192.41.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_D6_CODFW_IPV6 = (2620:0:860:120::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_D6_CODFW = ($CODFW_PRIVATE_PRIVATE1_D6_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D6_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d7-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_D7_CODFW_IPV4 = (10.192.42.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_D7_CODFW_IPV6 = (2620:0:860:121::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_D7_CODFW = ($CODFW_PRIVATE_PRIVATE1_D7_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D7_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-d8-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_D8_CODFW_IPV4 = (10.192.43.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_D8_CODFW_IPV6 = (2620:0:860:122::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_D8_CODFW = ($CODFW_PRIVATE_PRIVATE1_D8_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_D8_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-dse-kubepods-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW_IPV4 = (10.192.96.0/21);\n-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW_IPV6 = (2620:0:860:308::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_DSE_KUBEPODS_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-dse-kubesvc-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW_IPV4 = (10.192.80.0/20);\n-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW_IPV6 = (2620:0:860:307::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_DSE_KUBESVC_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e1-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_E1_CODFW_IPV4 = (10.192.56.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_E1_CODFW_IPV6 = (2620:0:860:12b::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_E1_CODFW = ($CODFW_PRIVATE_PRIVATE1_E1_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E1_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e2-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_E2_CODFW_IPV4 = (10.192.44.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_E2_CODFW_IPV6 = (2620:0:860:123::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_E2_CODFW = ($CODFW_PRIVATE_PRIVATE1_E2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E2_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e3-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_E3_CODFW_IPV4 = (10.192.57.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_E3_CODFW_IPV6 = (2620:0:860:12c::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_E3_CODFW = ($CODFW_PRIVATE_PRIVATE1_E3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E3_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e4-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_E4_CODFW_IPV4 = (10.192.45.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_E4_CODFW_IPV6 = (2620:0:860:124::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_E4_CODFW = ($CODFW_PRIVATE_PRIVATE1_E4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E4_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-e5-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_E5_CODFW_IPV4 = (10.192.46.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_E5_CODFW_IPV6 = (2620:0:860:125::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_E5_CODFW = ($CODFW_PRIVATE_PRIVATE1_E5_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_E5_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-f1-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_F1_CODFW_IPV4 = (10.192.58.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_F1_CODFW_IPV6 = (2620:0:860:12d::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_F1_CODFW = ($CODFW_PRIVATE_PRIVATE1_F1_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_F1_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-f2-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_F2_CODFW_IPV4 = (10.192.47.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_F2_CODFW_IPV6 = (2620:0:860:126::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_F2_CODFW = ($CODFW_PRIVATE_PRIVATE1_F2_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_F2_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-f3-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_F3_CODFW_IPV4 = (10.192.59.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_F3_CODFW_IPV6 = (2620:0:860:12e::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_F3_CODFW = ($CODFW_PRIVATE_PRIVATE1_F3_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_F3_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-f4-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_F4_CODFW_IPV4 = (10.192.52.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_F4_CODFW_IPV6 = (2620:0:860:127::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_F4_CODFW = ($CODFW_PRIVATE_PRIVATE1_F4_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_F4_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-lvs-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_LVS_CODFW_IPV4 = (10.2.1.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_LVS_CODFW = ($CODFW_PRIVATE_PRIVATE1_LVS_CODFW_IPV4 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-mlserve-kubepods-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW_IPV4 = (10.194.16.0/21);\n-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW_IPV6 = (2620:0:860:300::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-mlserve-kubesvc-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW_IPV4 = (10.194.0.0/20);\n-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW_IPV6 = (2620:0:860:301::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-mlstage-kubepods-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW_IPV4 = (10.194.61.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW_IPV6 = (2620:0:860:302::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBEPODS_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-mlstage-kubesvc-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW_IPV4 = (10.194.62.0/23);\n-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW_IPV6 = (2620:0:860:303::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_MLSTAGE_KUBESVC_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-services-kubepods-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW_IPV4 = (10.194.128.0/17);\n-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW_IPV6 = (2620:0:860:cabe::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-services-kubesvc-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW_IPV4 = (10.192.72.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW_IPV6 = (2620:0:860:cabf::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_SERVICES_KUBESVC_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-staging-kubepods-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW_IPV4 = (10.192.64.0/21);\n-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW_IPV6 = (2620:0:860:babe::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW = ($CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_STAGING_KUBEPODS_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-staging-kubesvc-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW_IPV4 = (10.192.76.0/24);\n-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW_IPV6 = (2620:0:860:babf::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW = ($CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_STAGING_KUBESVC_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: private, # Network: private1-virtual-codfw\n-@def $CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW_IPV4 = (10.192.24.0/23);\n-@def $CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW_IPV6 = (2620:0:860:140::/64);\n-@def $CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW = ($CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW_IPV4 $CODFW_PRIVATE_PRIVATE1_VIRTUAL_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-a-codfw\n-@def $CODFW_PUBLIC_PUBLIC1_A_CODFW_IPV4 = (208.80.153.0/27);\n-@def $CODFW_PUBLIC_PUBLIC1_A_CODFW_IPV6 = (2620:0:860:1::/64);\n-@def $CODFW_PUBLIC_PUBLIC1_A_CODFW = ($CODFW_PUBLIC_PUBLIC1_A_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_A_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-b-codfw\n-@def $CODFW_PUBLIC_PUBLIC1_B_CODFW_IPV4 = (208.80.153.32/27);\n-@def $CODFW_PUBLIC_PUBLIC1_B_CODFW_IPV6 = (2620:0:860:2::/64);\n-@def $CODFW_PUBLIC_PUBLIC1_B_CODFW = ($CODFW_PUBLIC_PUBLIC1_B_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_B_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-c-codfw\n-@def $CODFW_PUBLIC_PUBLIC1_C_CODFW_IPV4 = (208.80.153.64/27);\n-@def $CODFW_PUBLIC_PUBLIC1_C_CODFW_IPV6 = (2620:0:860:3::/64);\n-@def $CODFW_PUBLIC_PUBLIC1_C_CODFW = ($CODFW_PUBLIC_PUBLIC1_C_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_C_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-d-codfw\n-@def $CODFW_PUBLIC_PUBLIC1_D_CODFW_IPV4 = (208.80.153.96/27);\n-@def $CODFW_PUBLIC_PUBLIC1_D_CODFW_IPV6 = (2620:0:860:4::/64);\n-@def $CODFW_PUBLIC_PUBLIC1_D_CODFW = ($CODFW_PUBLIC_PUBLIC1_D_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_D_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-lvs-codfw\n-@def $CODFW_PUBLIC_PUBLIC1_LVS_CODFW_IPV4 = (208.80.153.224/27);\n-@def $CODFW_PUBLIC_PUBLIC1_LVS_CODFW_IPV6 = (2620:0:860:ed1a::/64);\n-@def $CODFW_PUBLIC_PUBLIC1_LVS_CODFW = ($CODFW_PUBLIC_PUBLIC1_LVS_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_LVS_CODFW_IPV6 );\n-\n-# Realm: production, # Site: codfw, # Sphere: public, # Network: public1-virtual-codfw\n-@def $CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW_IPV4 = (208.80.152.128/27);\n-@def $CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW_IPV6 = (2620:0:860:5::/64);\n-@def $CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW = ($CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW_IPV4 $CODFW_PUBLIC_PUBLIC1_VIRTUAL_CODFW_IPV6 );\n-\n-# Realm: production, # Site: drmrs, # Sphere: private, # Network: private1-b12-drmrs\n-@def $DRMRS_PRIVATE_PRIVATE1_B12_DRMRS_IPV4 = (10.136.0.0/24);\n-@def $DRMRS_PRIVATE_PRIVATE1_B12_DRMRS_IPV6 = (2a02:ec80:600:101::/64);\n-@def $DRMRS_PRIVATE_PRIVATE1_B12_DRMRS = ($DRMRS_PRIVATE_PRIVATE1_B12_DRMRS_IPV4 $DRMRS_PRIVATE_PRIVATE1_B12_DRMRS_IPV6 );\n-\n-# Realm: production, # Site: drmrs, # Sphere: private, # Network: private1-b13-drmrs\n-@def $DRMRS_PRIVATE_PRIVATE1_B13_DRMRS_IPV4 = (10.136.1.0/24);\n-@def $DRMRS_PRIVATE_PRIVATE1_B13_DRMRS_IPV6 = (2a02:ec80:600:102::/64);\n-@def $DRMRS_PRIVATE_PRIVATE1_B13_DRMRS = ($DRMRS_PRIVATE_PRIVATE1_B13_DRMRS_IPV4 $DRMRS_PRIVATE_PRIVATE1_B13_DRMRS_IPV6 );\n-\n-# Realm: production, # Site: drmrs, # Sphere: private, # Network: private1-lvs-drmrs\n-@def $DRMRS_PRIVATE_PRIVATE1_LVS_DRMRS_IPV4 = (10.2.6.0/24);\n-@def $DRMRS_PRIVATE_PRIVATE1_LVS_DRMRS = ($DRMRS_PRIVATE_PRIVATE1_LVS_DRMRS_IPV4 );\n-\n-# Realm: production, # Site: drmrs, # Sphere: public, # Network: public1-b12-drmrs\n-@def $DRMRS_PUBLIC_PUBLIC1_B12_DRMRS_IPV4 = (185.15.58.0/27);\n-@def $DRMRS_PUBLIC_PUBLIC1_B12_DRMRS_IPV6 = (2a02:ec80:600:1::/64);\n-@def $DRMRS_PUBLIC_PUBLIC1_B12_DRMRS = ($DRMRS_PUBLIC_PUBLIC1_B12_DRMRS_IPV4 $DRMRS_PUBLIC_PUBLIC1_B12_DRMRS_IPV6 );\n-\n-# Realm: production, # Site: drmrs, # Sphere: public, # Network: public1-b13-drmrs\n-@def $DRMRS_PUBLIC_PUBLIC1_B13_DRMRS_IPV4 = (185.15.58.32/27);\n-@def $DRMRS_PUBLIC_PUBLIC1_B13_DRMRS_IPV6 = (2a02:ec80:600:2::/64);\n-@def $DRMRS_PUBLIC_PUBLIC1_B13_DRMRS = ($DRMRS_PUBLIC_PUBLIC1_B13_DRMRS_IPV4 $DRMRS_PUBLIC_PUBLIC1_B13_DRMRS_IPV6 );\n-\n-# Realm: production, # Site: drmrs, # Sphere: public, # Network: public1-lvs-drmrs\n-@def $DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS_IPV4 = (185.15.58.224/27);\n-@def $DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS_IPV6 = (2a02:ec80:600:ed1a::/64);\n-@def $DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS = ($DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS_IPV4 $DRMRS_PUBLIC_PUBLIC1_LVS_DRMRS_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-a-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD_IPV4 = (10.64.5.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD_IPV6 = (2620:0:861:104::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_A_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-b-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_B_EQIAD_IPV4 = (10.64.21.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_B_EQIAD_IPV6 = (2620:0:861:105::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_B_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_B_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_B_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD_IPV4 = (10.64.36.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD_IPV6 = (2620:0:861:106::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c2-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD_IPV4 = (10.64.137.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD_IPV6 = (2620:0:861:110::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C2_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c3-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD_IPV4 = (10.64.145.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD_IPV6 = (2620:0:861:117::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C3_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c4-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD_IPV4 = (10.64.170.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD_IPV6 = (2620:0:861:11a::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C4_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c5-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD_IPV4 = (10.64.172.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD_IPV6 = (2620:0:861:132::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C5_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c6-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD_IPV4 = (10.64.174.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD_IPV6 = (2620:0:861:134::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C6_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-c7-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD_IPV4 = (10.64.176.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD_IPV6 = (2620:0:861:136::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_C7_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_D_EQIAD_IPV4 = (10.64.53.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D_EQIAD_IPV6 = (2620:0:861:108::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d1-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD_IPV4 = (10.64.178.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD_IPV6 = (2620:0:861:138::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D1_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d2-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD_IPV4 = (10.64.180.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD_IPV6 = (2620:0:861:13a::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D2_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d3-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD_IPV4 = (10.64.182.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD_IPV6 = (2620:0:861:13c::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D3_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d4-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD_IPV4 = (10.64.184.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD_IPV6 = (2620:0:861:13e::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D4_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d6-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD_IPV4 = (10.64.186.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD_IPV6 = (2620:0:861:141::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D6_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d7-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD_IPV4 = (10.64.188.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD_IPV6 = (2620:0:861:143::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D7_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-d8-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD_IPV4 = (10.64.190.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD_IPV6 = (2620:0:861:145::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_D8_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e1-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD_IPV4 = (10.64.138.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD_IPV6 = (2620:0:861:100::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E1_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e2-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD_IPV4 = (10.64.139.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD_IPV6 = (2620:0:861:111::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E2_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e3-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD_IPV4 = (10.64.140.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD_IPV6 = (2620:0:861:112::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E3_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e5-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD_IPV4 = (10.64.153.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD_IPV6 = (2620:0:861:121::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E5_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e6-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD_IPV4 = (10.64.155.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD_IPV6 = (2620:0:861:123::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E6_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e7-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD_IPV4 = (10.64.157.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD_IPV6 = (2620:0:861:125::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E7_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-e8-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD_IPV4 = (10.64.159.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD_IPV6 = (2620:0:861:127::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_E8_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f1-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD_IPV4 = (10.64.142.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD_IPV6 = (2620:0:861:114::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F1_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f2-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD_IPV4 = (10.64.143.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD_IPV6 = (2620:0:861:115::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F2_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f3-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD_IPV4 = (10.64.144.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD_IPV6 = (2620:0:861:116::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F3_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f5-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD_IPV4 = (10.64.161.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD_IPV6 = (2620:0:861:129::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F5_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f6-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD_IPV4 = (10.64.163.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD_IPV6 = (2620:0:861:12b::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F6_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f7-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD_IPV4 = (10.64.165.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD_IPV6 = (2620:0:861:12d::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F7_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: analytics1-f8-eqiad\n-@def $EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD_IPV4 = (10.64.167.0/24);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD_IPV6 = (2620:0:861:12f::/64);\n-@def $EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD = ($EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD_IPV4 $EQIAD_PRIVATE_ANALYTICS1_F8_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-c8-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD_IPV4 = (10.64.151.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD_IPV6 = (2620:0:861:11f::/64);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_C8_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-d5-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD_IPV4 = (10.64.150.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD_IPV6 = (2620:0:861:11e::/64);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_D5_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-e4-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD_IPV4 = (10.64.148.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD_IPV6 = (2620:0:861:11c::/64);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_E4_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD_IPV4 = (10.64.20.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD_IPV6 = (2620:0:861:118::/64);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: cloud-hosts1-f4-eqiad\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD_IPV4 = (10.64.149.0/24);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD_IPV6 = (2620:0:861:11d::/64);\n-@def $EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD = ($EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD_IPV4 $EQIAD_PRIVATE_CLOUD_HOSTS1_F4_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-a-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4 = (10.64.0.0/22);\n-@def $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV6 = (2620:0:861:101::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_A_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-aux-kubepods-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD_IPV4 = (10.67.80.0/21);\n-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD_IPV6 = (2620:0:861:305::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_AUX_KUBEPODS_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-aux-kubesvc-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD_IPV4 = (10.67.64.0/20);\n-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD_IPV6 = (2620:0:861:304::/116);\n-@def $EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_AUX_KUBESVC_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-b-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4 = (10.64.16.0/22);\n-@def $EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV6 = (2620:0:861:102::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_B_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_C_EQIAD_IPV4 = (10.64.32.0/22);\n-@def $EQIAD_PRIVATE_PRIVATE1_C_EQIAD_IPV6 = (2620:0:861:103::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_C_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c2-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_C2_EQIAD_IPV4 = (10.64.133.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_C2_EQIAD_IPV6 = (2620:0:861:10c::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_C2_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C2_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C2_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c3-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_C3_EQIAD_IPV4 = (10.64.141.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_C3_EQIAD_IPV6 = (2620:0:861:113::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_C3_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C3_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C3_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c4-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_C4_EQIAD_IPV4 = (10.64.169.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_C4_EQIAD_IPV6 = (2620:0:861:119::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_C4_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C4_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C4_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c5-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_C5_EQIAD_IPV4 = (10.64.171.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_C5_EQIAD_IPV6 = (2620:0:861:131::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_C5_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C5_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C5_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c6-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_C6_EQIAD_IPV4 = (10.64.173.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_C6_EQIAD_IPV6 = (2620:0:861:133::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_C6_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C6_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C6_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-c7-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_C7_EQIAD_IPV4 = (10.64.175.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_C7_EQIAD_IPV6 = (2620:0:861:135::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_C7_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_C7_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_C7_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_D_EQIAD_IPV4 = (10.64.48.0/22);\n-@def $EQIAD_PRIVATE_PRIVATE1_D_EQIAD_IPV6 = (2620:0:861:107::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_D_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d1-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_D1_EQIAD_IPV4 = (10.64.177.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_D1_EQIAD_IPV6 = (2620:0:861:137::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_D1_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D1_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D1_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d2-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_D2_EQIAD_IPV4 = (10.64.179.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_D2_EQIAD_IPV6 = (2620:0:861:139::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_D2_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D2_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D2_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d3-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_D3_EQIAD_IPV4 = (10.64.181.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_D3_EQIAD_IPV6 = (2620:0:861:13b::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_D3_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D3_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D3_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d4-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_D4_EQIAD_IPV4 = (10.64.183.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_D4_EQIAD_IPV6 = (2620:0:861:13d::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_D4_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D4_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D4_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d6-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_D6_EQIAD_IPV4 = (10.64.185.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_D6_EQIAD_IPV6 = (2620:0:861:13f::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_D6_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D6_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D6_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d7-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_D7_EQIAD_IPV4 = (10.64.187.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_D7_EQIAD_IPV6 = (2620:0:861:142::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_D7_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D7_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D7_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-d8-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_D8_EQIAD_IPV4 = (10.64.189.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_D8_EQIAD_IPV6 = (2620:0:861:144::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_D8_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_D8_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_D8_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-dse-kubepods-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD_IPV4 = (10.67.24.0/21);\n-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD_IPV6 = (2620:0:861:302::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_DSE_KUBEPODS_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-dse-kubesvc-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD_IPV4 = (10.67.32.0/20);\n-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD_IPV6 = (2620:0:861:303::/116);\n-@def $EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_DSE_KUBESVC_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e1-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_E1_EQIAD_IPV4 = (10.64.130.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_E1_EQIAD_IPV6 = (2620:0:861:109::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_E1_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E1_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E1_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e2-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_E2_EQIAD_IPV4 = (10.64.131.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_E2_EQIAD_IPV6 = (2620:0:861:10a::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_E2_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E2_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E2_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e3-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_E3_EQIAD_IPV4 = (10.64.132.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_E3_EQIAD_IPV6 = (2620:0:861:10b::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_E3_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E3_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E3_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e5-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_E5_EQIAD_IPV4 = (10.64.152.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_E5_EQIAD_IPV6 = (2620:0:861:120::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_E5_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E5_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E5_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e6-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_E6_EQIAD_IPV4 = (10.64.154.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_E6_EQIAD_IPV6 = (2620:0:861:122::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_E6_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E6_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E6_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e7-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_E7_EQIAD_IPV4 = (10.64.156.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_E7_EQIAD_IPV6 = (2620:0:861:124::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_E7_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E7_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E7_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-e8-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_E8_EQIAD_IPV4 = (10.64.158.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_E8_EQIAD_IPV6 = (2620:0:861:126::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_E8_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_E8_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_E8_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f1-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_F1_EQIAD_IPV4 = (10.64.134.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_F1_EQIAD_IPV6 = (2620:0:861:10d::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_F1_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F1_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F1_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f2-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_F2_EQIAD_IPV4 = (10.64.135.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_F2_EQIAD_IPV6 = (2620:0:861:10e::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_F2_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F2_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F2_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f3-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_F3_EQIAD_IPV4 = (10.64.136.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_F3_EQIAD_IPV6 = (2620:0:861:10f::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_F3_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F3_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F3_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f5-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_F5_EQIAD_IPV4 = (10.64.160.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_F5_EQIAD_IPV6 = (2620:0:861:128::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_F5_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F5_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F5_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f6-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_F6_EQIAD_IPV4 = (10.64.162.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_F6_EQIAD_IPV6 = (2620:0:861:12a::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_F6_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F6_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F6_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f7-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_F7_EQIAD_IPV4 = (10.64.164.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_F7_EQIAD_IPV6 = (2620:0:861:12c::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_F7_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F7_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F7_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-f8-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_F8_EQIAD_IPV4 = (10.64.166.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_F8_EQIAD_IPV6 = (2620:0:861:12e::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_F8_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_F8_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_F8_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-lvs-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_LVS_EQIAD_IPV4 = (10.2.2.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_LVS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_LVS_EQIAD_IPV4 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-mlserve-kubepods-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD_IPV4 = (10.67.16.0/21);\n-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD_IPV6 = (2620:0:861:300::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBEPODS_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-mlserve-kubesvc-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD_IPV4 = (10.67.0.0/20);\n-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD_IPV6 = (2620:0:861:301::/116);\n-@def $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_MLSERVE_KUBESVC_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-services-kubepods-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD_IPV4 = (10.67.128.0/17);\n-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD_IPV6 = (2620:0:861:cabe::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBEPODS_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-services-kubesvc-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD_IPV4 = (10.64.72.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD_IPV6 = (2620:0:861:cabf::/116);\n-@def $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_SERVICES_KUBESVC_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-staging-kubepods-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD_IPV4 = (10.64.64.0/21);\n-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD_IPV6 = (2620:0:861:babe::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBEPODS_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-staging-kubesvc-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD_IPV4 = (10.64.76.0/24);\n-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD_IPV6 = (2620:0:861:babf::/116);\n-@def $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_STAGING_KUBESVC_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: private, # Network: private1-virtual-eqiad\n-@def $EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD_IPV4 = (10.64.24.0/23);\n-@def $EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD_IPV6 = (2620:0:861:140::/64);\n-@def $EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD = ($EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_VIRTUAL_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-a-eqiad\n-@def $EQIAD_PUBLIC_PUBLIC1_A_EQIAD_IPV4 = (208.80.154.0/26);\n-@def $EQIAD_PUBLIC_PUBLIC1_A_EQIAD_IPV6 = (2620:0:861:1::/64);\n-@def $EQIAD_PUBLIC_PUBLIC1_A_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_A_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_A_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-b-eqiad\n-@def $EQIAD_PUBLIC_PUBLIC1_B_EQIAD_IPV4 = (208.80.154.128/26);\n-@def $EQIAD_PUBLIC_PUBLIC1_B_EQIAD_IPV6 = (2620:0:861:2::/64);\n-@def $EQIAD_PUBLIC_PUBLIC1_B_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_B_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_B_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-c-eqiad\n-@def $EQIAD_PUBLIC_PUBLIC1_C_EQIAD_IPV4 = (208.80.154.64/26);\n-@def $EQIAD_PUBLIC_PUBLIC1_C_EQIAD_IPV6 = (2620:0:861:3::/64);\n-@def $EQIAD_PUBLIC_PUBLIC1_C_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_C_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_C_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-d-eqiad\n-@def $EQIAD_PUBLIC_PUBLIC1_D_EQIAD_IPV4 = (208.80.155.96/27);\n-@def $EQIAD_PUBLIC_PUBLIC1_D_EQIAD_IPV6 = (2620:0:861:4::/64);\n-@def $EQIAD_PUBLIC_PUBLIC1_D_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_D_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_D_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqiad, # Sphere: public, # Network: public1-lvs-eqiad\n-@def $EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD_IPV4 = (208.80.154.224/27);\n-@def $EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD_IPV6 = (2620:0:861:ed1a::/64);\n-@def $EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD = ($EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD_IPV4 $EQIAD_PUBLIC_PUBLIC1_LVS_EQIAD_IPV6 );\n-\n-# Realm: production, # Site: eqsin, # Sphere: private, # Network: private1-eqsin\n-@def $EQSIN_PRIVATE_PRIVATE1_EQSIN_IPV4 = (10.132.0.0/24);\n-@def $EQSIN_PRIVATE_PRIVATE1_EQSIN_IPV6 = (2001:df2:e500:101::/64);\n-@def $EQSIN_PRIVATE_PRIVATE1_EQSIN = ($EQSIN_PRIVATE_PRIVATE1_EQSIN_IPV4 $EQSIN_PRIVATE_PRIVATE1_EQSIN_IPV6 );\n-\n-# Realm: production, # Site: eqsin, # Sphere: private, # Network: private1-lvs-eqsin\n-@def $EQSIN_PRIVATE_PRIVATE1_LVS_EQSIN_IPV4 = (10.2.5.0/24);\n-@def $EQSIN_PRIVATE_PRIVATE1_LVS_EQSIN = ($EQSIN_PRIVATE_PRIVATE1_LVS_EQSIN_IPV4 );\n-\n-# Realm: production, # Site: eqsin, # Sphere: private, # Network: private1-virtual-eqsin\n-@def $EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN_IPV4 = (10.132.2.0/24);\n-@def $EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN_IPV6 = (2001:df2:e500:103::/64);\n-@def $EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN = ($EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN_IPV4 $EQSIN_PRIVATE_PRIVATE1_VIRTUAL_EQSIN_IPV6 );\n-\n-# Realm: production, # Site: eqsin, # Sphere: public, # Network: public1-eqsin\n-@def $EQSIN_PUBLIC_PUBLIC1_EQSIN_IPV4 = (103.102.166.0/28);\n-@def $EQSIN_PUBLIC_PUBLIC1_EQSIN_IPV6 = (2001:df2:e500:1::/64);\n-@def $EQSIN_PUBLIC_PUBLIC1_EQSIN = ($EQSIN_PUBLIC_PUBLIC1_EQSIN_IPV4 $EQSIN_PUBLIC_PUBLIC1_EQSIN_IPV6 );\n-\n-# Realm: production, # Site: eqsin, # Sphere: public, # Network: public1-lvs-eqsin\n-@def $EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN_IPV4 = (103.102.166.224/27);\n-@def $EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN_IPV6 = (2001:df2:e500:ed1a::/64);\n-@def $EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN = ($EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN_IPV4 $EQSIN_PUBLIC_PUBLIC1_LVS_EQSIN_IPV6 );\n-\n-# Realm: production, # Site: eqsin, # Sphere: public, # Network: public1-virtual-eqsin\n-@def $EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN_IPV4 = (103.102.166.96/27);\n-@def $EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN_IPV6 = (2001:df2:e500:3::/64);\n-@def $EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN = ($EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN_IPV4 $EQSIN_PUBLIC_PUBLIC1_VIRTUAL_EQSIN_IPV6 );\n-\n-# Realm: production, # Site: esams, # Sphere: private, # Network: private1-bw27-esams\n-@def $ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS_IPV4 = (10.80.0.0/24);\n-@def $ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS_IPV6 = (2a02:ec80:300:101::/64);\n-@def $ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS = ($ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS_IPV4 $ESAMS_PRIVATE_PRIVATE1_BW27_ESAMS_IPV6 );\n-\n-# Realm: production, # Site: esams, # Sphere: private, # Network: private1-by27-esams\n-@def $ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS_IPV4 = (10.80.1.0/24);\n-@def $ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS_IPV6 = (2a02:ec80:300:102::/64);\n-@def $ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS = ($ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS_IPV4 $ESAMS_PRIVATE_PRIVATE1_BY27_ESAMS_IPV6 );\n-\n-# Realm: production, # Site: esams, # Sphere: private, # Network: private1-lvs-esams\n-@def $ESAMS_PRIVATE_PRIVATE1_LVS_ESAMS_IPV4 = (10.2.3.0/24);\n-@def $ESAMS_PRIVATE_PRIVATE1_LVS_ESAMS = ($ESAMS_PRIVATE_PRIVATE1_LVS_ESAMS_IPV4 );\n-\n-# Realm: production, # Site: esams, # Sphere: private, # Network: private1-virtual-esams\n-@def $ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS_IPV4 = (10.80.2.0/24);\n-@def $ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS_IPV6 = (2a02:ec80:300:103::/64);\n-@def $ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS = ($ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS_IPV4 $ESAMS_PRIVATE_PRIVATE1_VIRTUAL_ESAMS_IPV6 );\n-\n-# Realm: production, # Site: esams, # Sphere: public, # Network: public1-bw27-esams\n-@def $ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS_IPV4 = (185.15.59.0/27);\n-@def $ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS_IPV6 = (2a02:ec80:300:1::/64);\n-@def $ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS = ($ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS_IPV4 $ESAMS_PUBLIC_PUBLIC1_BW27_ESAMS_IPV6 );\n-\n-# Realm: production, # Site: esams, # Sphere: public, # Network: public1-by27-esams\n-@def $ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS_IPV4 = (185.15.59.32/27);\n-@def $ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS_IPV6 = (2a02:ec80:300:2::/64);\n-@def $ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS = ($ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS_IPV4 $ESAMS_PUBLIC_PUBLIC1_BY27_ESAMS_IPV6 );\n-\n-# Realm: production, # Site: esams, # Sphere: public, # Network: public1-lvs-esams\n-@def $ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS_IPV4 = (185.15.59.224/27);\n-@def $ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS_IPV6 = (2a02:ec80:300:ed1a::/64);\n-@def $ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS = ($ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS_IPV4 $ESAMS_PUBLIC_PUBLIC1_LVS_ESAMS_IPV6 );\n-\n-# Realm: production, # Site: esams, # Sphere: public, # Network: public1-virtual-esams\n-@def $ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS_IPV4 = (185.15.59.96/27);\n-@def $ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS_IPV6 = (2a02:ec80:300:3::/64);\n-@def $ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS = ($ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS_IPV4 $ESAMS_PUBLIC_PUBLIC1_VIRTUAL_ESAMS_IPV6 );\n-\n-# Realm: production, # Site: magru, # Sphere: private, # Network: private1-b3-magru\n-@def $MAGRU_PRIVATE_PRIVATE1_B3_MAGRU_IPV4 = (10.140.0.0/24);\n-@def $MAGRU_PRIVATE_PRIVATE1_B3_MAGRU_IPV6 = (2a02:ec80:700:101::/64);\n-@def $MAGRU_PRIVATE_PRIVATE1_B3_MAGRU = ($MAGRU_PRIVATE_PRIVATE1_B3_MAGRU_IPV4 $MAGRU_PRIVATE_PRIVATE1_B3_MAGRU_IPV6 );\n-\n-# Realm: production, # Site: magru, # Sphere: private, # Network: private1-b4-magru\n-@def $MAGRU_PRIVATE_PRIVATE1_B4_MAGRU_IPV4 = (10.140.1.0/24);\n-@def $MAGRU_PRIVATE_PRIVATE1_B4_MAGRU_IPV6 = (2a02:ec80:700:102::/64);\n-@def $MAGRU_PRIVATE_PRIVATE1_B4_MAGRU = ($MAGRU_PRIVATE_PRIVATE1_B4_MAGRU_IPV4 $MAGRU_PRIVATE_PRIVATE1_B4_MAGRU_IPV6 );\n-\n-# Realm: production, # Site: magru, # Sphere: private, # Network: private1-lvs-magru\n-@def $MAGRU_PRIVATE_PRIVATE1_LVS_MAGRU_IPV4 = (10.2.7.0/24);\n-@def $MAGRU_PRIVATE_PRIVATE1_LVS_MAGRU = ($MAGRU_PRIVATE_PRIVATE1_LVS_MAGRU_IPV4 );\n-\n-# Realm: production, # Site: magru, # Sphere: private, # Network: private1-virtual-magru\n-@def $MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU_IPV4 = (10.140.2.0/24);\n-@def $MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU_IPV6 = (2a02:ec80:700:103::/64);\n-@def $MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU = ($MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU_IPV4 $MAGRU_PRIVATE_PRIVATE1_VIRTUAL_MAGRU_IPV6 );\n-\n-# Realm: production, # Site: magru, # Sphere: public, # Network: public1-b3-magru\n-@def $MAGRU_PUBLIC_PUBLIC1_B3_MAGRU_IPV4 = (195.200.68.0/27);\n-@def $MAGRU_PUBLIC_PUBLIC1_B3_MAGRU_IPV6 = (2a02:ec80:700:1::/64);\n-@def $MAGRU_PUBLIC_PUBLIC1_B3_MAGRU = ($MAGRU_PUBLIC_PUBLIC1_B3_MAGRU_IPV4 $MAGRU_PUBLIC_PUBLIC1_B3_MAGRU_IPV6 );\n-\n-# Realm: production, # Site: magru, # Sphere: public, # Network: public1-b4-magru\n-@def $MAGRU_PUBLIC_PUBLIC1_B4_MAGRU_IPV4 = (195.200.68.32/27);\n-@def $MAGRU_PUBLIC_PUBLIC1_B4_MAGRU_IPV6 = (2a02:ec80:700:2::/64);\n-@def $MAGRU_PUBLIC_PUBLIC1_B4_MAGRU = ($MAGRU_PUBLIC_PUBLIC1_B4_MAGRU_IPV4 $MAGRU_PUBLIC_PUBLIC1_B4_MAGRU_IPV6 );\n-\n-# Realm: production, # Site: magru, # Sphere: public, # Network: public1-lvs-magru\n-@def $MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU_IPV4 = (195.200.68.224/27);\n-@def $MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU_IPV6 = (2a02:ec80:700:ed1a::/64);\n-@def $MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU = ($MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU_IPV4 $MAGRU_PUBLIC_PUBLIC1_LVS_MAGRU_IPV6 );\n-\n-# Realm: production, # Site: magru, # Sphere: public, # Network: public1-virtual-magru\n-@def $MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU_IPV4 = (195.200.68.96/27);\n-@def $MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU_IPV6 = (2a02:ec80:700:3::/64);\n-@def $MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU = ($MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU_IPV4 $MAGRU_PUBLIC_PUBLIC1_VIRTUAL_MAGRU_IPV6 );\n-\n-# Realm: production, # Site: ulsfo, # Sphere: private, # Network: private1-22-ulsfo\n-@def $ULSFO_PRIVATE_PRIVATE1_22_ULSFO_IPV4 = (10.128.0.0/24);\n-@def $ULSFO_PRIVATE_PRIVATE1_22_ULSFO_IPV6 = (2620:0:863:101::/64);\n-@def $ULSFO_PRIVATE_PRIVATE1_22_ULSFO = ($ULSFO_PRIVATE_PRIVATE1_22_ULSFO_IPV4 $ULSFO_PRIVATE_PRIVATE1_22_ULSFO_IPV6 );\n-\n-# Realm: production, # Site: ulsfo, # Sphere: private, # Network: private1-23-ulsfo\n-@def $ULSFO_PRIVATE_PRIVATE1_23_ULSFO_IPV4 = (10.128.1.0/24);\n-@def $ULSFO_PRIVATE_PRIVATE1_23_ULSFO_IPV6 = (2620:0:863:102::/64);\n-@def $ULSFO_PRIVATE_PRIVATE1_23_ULSFO = ($ULSFO_PRIVATE_PRIVATE1_23_ULSFO_IPV4 $ULSFO_PRIVATE_PRIVATE1_23_ULSFO_IPV6 );\n-\n-# Realm: production, # Site: ulsfo, # Sphere: private, # Network: private1-lvs-ulsfo\n-@def $ULSFO_PRIVATE_PRIVATE1_LVS_ULSFO_IPV4 = (10.2.4.0/24);\n-@def $ULSFO_PRIVATE_PRIVATE1_LVS_ULSFO = ($ULSFO_PRIVATE_PRIVATE1_LVS_ULSFO_IPV4 );\n-\n-# Realm: production, # Site: ulsfo, # Sphere: private, # Network: private1-virtual-ulsfo\n-@def $ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO_IPV4 = (10.128.2.0/24);\n-@def $ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO_IPV6 = (2620:0:863:103::/64);\n-@def $ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO = ($ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO_IPV4 $ULSFO_PRIVATE_PRIVATE1_VIRTUAL_ULSFO_IPV6 );\n-\n-# Realm: production, # Site: ulsfo, # Sphere: public, # Network: public1-22-ulsfo\n-@def $ULSFO_PUBLIC_PUBLIC1_22_ULSFO_IPV4 = (198.35.26.0/27);\n-@def $ULSFO_PUBLIC_PUBLIC1_22_ULSFO_IPV6 = (2620:0:863:1::/64);\n-@def $ULSFO_PUBLIC_PUBLIC1_22_ULSFO = ($ULSFO_PUBLIC_PUBLIC1_22_ULSFO_IPV4 $ULSFO_PUBLIC_PUBLIC1_22_ULSFO_IPV6 );\n-\n-# Realm: production, # Site: ulsfo, # Sphere: public, # Network: public1-23-ulsfo\n-@def $ULSFO_PUBLIC_PUBLIC1_23_ULSFO_IPV4 = (198.35.26.32/27);\n-@def $ULSFO_PUBLIC_PUBLIC1_23_ULSFO_IPV6 = (2620:0:863:2::/64);\n-@def $ULSFO_PUBLIC_PUBLIC1_23_ULSFO = ($ULSFO_PUBLIC_PUBLIC1_23_ULSFO_IPV4 $ULSFO_PUBLIC_PUBLIC1_23_ULSFO_IPV6 );\n-\n-# Realm: production, # Site: ulsfo, # Sphere: public, # Network: public1-lvs-ulsfo\n-@def $ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO_IPV4 = (198.35.26.96/27);\n-@def $ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO_IPV6 = (2620:0:863:ed1a::/64);\n-@def $ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO = ($ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO_IPV4 $ULSFO_PUBLIC_PUBLIC1_LVS_ULSFO_IPV6 );\n-\n-# Realm: production, # Site: ulsfo, # Sphere: public, # Network: public1-virtual-ulsfo\n-@def $ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO_IPV4 = (198.35.26.96/27);\n-@def $ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO_IPV6 = (2620:0:863:3::/64);\n-@def $ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO = ($ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO_IPV4 $ULSFO_PUBLIC_PUBLIC1_VIRTUAL_ULSFO_IPV6 );\n-\n-# Realm: sandbox, # Site: codfw, # Sphere: public, # Network: sandbox1-a-codfw\n-@def $CODFW_PUBLIC_SANDBOX1_A_CODFW_IPV4 = (208.80.152.240/28);\n-@def $CODFW_PUBLIC_SANDBOX1_A_CODFW_IPV6 = (2620:0:860:201::/64);\n-@def $CODFW_PUBLIC_SANDBOX1_A_CODFW = ($CODFW_PUBLIC_SANDBOX1_A_CODFW_IPV4 $CODFW_PUBLIC_SANDBOX1_A_CODFW_IPV6 );\n-\n-# Realm: sandbox, # Site: eqiad, # Sphere: public, # Network: sandbox1-b-eqiad\n-@def $EQIAD_PUBLIC_SANDBOX1_B_EQIAD_IPV4 = (208.80.155.64/28);\n-@def $EQIAD_PUBLIC_SANDBOX1_B_EQIAD_IPV6 = (2620:0:861:202::/64);\n-@def $EQIAD_PUBLIC_SANDBOX1_B_EQIAD = ($EQIAD_PUBLIC_SANDBOX1_B_EQIAD_IPV4 $EQIAD_PUBLIC_SANDBOX1_B_EQIAD_IPV6 );\n-\n-# Realm: sandbox, # Site: eqsin, # Sphere: public, # Network: sandbox1-virtual-eqsin\n-@def $EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN_IPV4 = (103.102.166.72/29);\n-@def $EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN_IPV6 = (2001:df2:e500:202::/64);\n-@def $EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN = ($EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN_IPV4 $EQSIN_PUBLIC_SANDBOX1_VIRTUAL_EQSIN_IPV6 );\n-\n-# Realm: sandbox, # Site: esams, # Sphere: public, # Network: sandbox1-virtual-esams\n-@def $ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS_IPV4 = (185.15.59.72/29);\n-@def $ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS_IPV6 = (2a02:ec80:300:202::/64);\n-@def $ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS = ($ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS_IPV4 $ESAMS_PUBLIC_SANDBOX1_VIRTUAL_ESAMS_IPV6 );\n-\n-# Realm: sandbox, # Site: magru, # Sphere: public, # Network: sandbox1-virtual-magru\n-@def $MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU_IPV4 = (195.200.68.64/29);\n-@def $MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU_IPV6 = (2a02:ec80:700:201::/64);\n-@def $MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU = ($MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU_IPV4 $MAGRU_PUBLIC_SANDBOX1_VIRTUAL_MAGRU_IPV6 );\n-\n-# Realm: sandbox, # Site: ulsfo, # Sphere: public, # Network: sandbox1-ulsfo\n-@def $ULSFO_PUBLIC_SANDBOX1_ULSFO_IPV4 = (198.35.26.240/28);\n-@def $ULSFO_PUBLIC_SANDBOX1_ULSFO_IPV6 = (2620:0:863:201::/64);\n-@def $ULSFO_PUBLIC_SANDBOX1_ULSFO = ($ULSFO_PUBLIC_SANDBOX1_ULSFO_IPV4 $ULSFO_PUBLIC_SANDBOX1_ULSFO_IPV6 );", "parameters": "--- File[/etc/ferm/conf.d/00_defs].orig\n+++ File[/etc/ferm/conf.d/00_defs]\n\n-    tag     => ferm\n-    require => File[/etc/ferm/conf.d]\n-    group   => root\n-    ensure  => present\n-    mode    => 0400\n-    notify  => Service[ferm]\n-    owner   => root\n"}, {"resource": "Nftables::Set[KAFKAMON_HOSTS]", "parameters": "--- Nftables::Set[KAFKAMON_HOSTS].orig\n+++ Nftables::Set[KAFKAMON_HOSTS]\n\n+    hosts  => ['10.64.32.11', '2620:0:861:103:10:64:32:11', '10.192.16.139', '2620:0:860:102:10:192:16:139']\n+    ensure => present\n"}, {"resource": "Monitoring::Exported_nagios_service[pc2022 ferm_active]", "parameters": "--- Monitoring::Exported_nagios_service[pc2022 ferm_active].orig\n+++ Monitoring::Exported_nagios_service[pc2022 ferm_active]\n\n-    servicegroups          => mysql_codfw\n-    notifications_enabled  => 1\n-    notification_period    => 24x7\n-    is_volatile            => 0\n-    notes_url              => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm\n-    notification_options   => c,r,f\n-    contact_groups         => admins\n-    host_name              => pc2022\n-    notification_interval  => 0\n-    active_checks_enabled  => 1\n-    check_freshness        => 0\n-    service_description    => Check whether ferm is active by checking the default input chain\n-    ensure                 => present\n-    retry_interval         => 1\n-    passive_checks_enabled => 1\n-    check_interval         => 30\n-    check_command          => nrpe_check!check_ferm_active!10\n-    max_check_attempts     => 3\n-    check_period           => 24x7\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_ulogd2]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_ulogd2].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_ulogd2]\n\n-    monitoring_contact_groups => admins\n-    require                   => File[/usr/local/sbin/wmf-auto-restart]\n-    send_mail_only_on_error   => True\n-    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n-    logfile_basedir           => /var/log\n-    logfile_name              => syslog.log\n-    send_mail_to              => root@pc2022.codfw.wmnet\n-    monitoring_enabled        => False\n-    private_tmp               => False\n-    logfile_perms             => all\n-    fixed_random_delay        => False\n-    ensure                    => present\n-    command                   => /usr/local/sbin/wmf-auto-restart -s ulogd2\n-    interval                  => {'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 7:40:00'}\n-    logfile_group             => root\n-    user                      => root\n-    description               => Auto restart job: ulogd2\n-    environment               => {}\n-    logging_enabled           => True\n-    syslog_match_startswith   => True\n-    success_exit_status       => []\n-    send_mail                 => False\n-    ignore_errors             => False\n-    syslog_force_stop         => True\n"}, {"resource": "Alternatives::Select[ip6tables]", "parameters": "--- Alternatives::Select[ip6tables].orig\n+++ Alternatives::Select[ip6tables]\n\n-    require => Package[iptables]\n-    path    => /usr/sbin/ip6tables-legacy\n"}, {"resource": "Ferm::Conf[main]", "parameters": "--- Ferm::Conf[main].orig\n+++ Ferm::Conf[main]\n\n-    source => puppet:///modules/base/firewall/main-input-default-drop.conf\n-    prio   => 02\n-    ensure => present\n"}, {"resource": "File[/etc/nftables/input/10_mariadb_internal.nft]", "content": "--- /etc/nftables/input/10_mariadb_internal.nft.orig\n+++ /etc/nftables/input/10_mariadb_internal.nft\n@@ -0,0 +1,4 @@\n+# Managed by puppet\n+# \n+ip saddr @INTERNAL_ipv4 tcp dport { 3306 } accept\n+ip6 saddr @INTERNAL_ipv6 tcp dport { 3306 } accept", "parameters": "--- File[/etc/nftables/input/10_mariadb_internal.nft].orig\n+++ File[/etc/nftables/input/10_mariadb_internal.nft]\n\n+    tag     => nft\n+    require => ['Nftables::Set[INTERNAL]']\n+    group   => root\n+    ensure  => present\n+    mode    => 0444\n+    notify  => ['Service[nftables]']\n+    owner   => root\n"}, {"resource": "File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]", "content": "--- /etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft.orig\n+++ /etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft\n@@ -0,0 +1,15 @@\n+# Autogenerated by puppet\n+set KAFKA_BROKERS_MAIN_ipv4 {\n+    type ipv4_addr\n+    elements = { 10.192.5.9,\n+             10.192.22.6,\n+             10.192.32.4,\n+             10.192.48.33,\n+             10.192.48.35,\n+             10.64.0.101,\n+             10.64.16.30,\n+             10.64.32.45,\n+             10.64.48.37,\n+             10.64.152.5\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft].orig\n+++ File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "File[/usr/local/bin/check-nft]", "parameters": "--- File[/usr/local/bin/check-nft].orig\n+++ File[/usr/local/bin/check-nft]\n\n+    ensure => present\n+    owner  => root\n+    source => puppet:///modules/profile/firewall/check_nftables.py\n+    mode   => 0555\n+    group  => root\n"}, {"resource": "File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]", "content": "--- /etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft.orig\n+++ /etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft\n@@ -0,0 +1,7 @@\n+# Autogenerated by puppet\n+set KAFKAMON_HOSTS_ipv6 {\n+    type ipv6_addr\n+    elements = { 2620:0:861:103:10:64:32:11,\n+             2620:0:860:102:10:192:16:139\n+    }\n+}", "parameters": "--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft].orig\n+++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]\n\n+    tag    => nft\n+    group  => root\n+    ensure => present\n+    mode   => 0444\n+    notify => ['Service[nftables]']\n+    owner  => root\n"}, {"resource": "Logrotate::Conf[prometheus-node-textfile-check-nft]", "parameters": "--- Logrotate::Conf[prometheus-node-textfile-check-nft].orig\n+++ Logrotate::Conf[prometheus-node-textfile-check-nft]\n\n+    ensure => present\n"}, {"resource": "Nftables::Set[ZOOKEEPER_FLINK_HOSTS]", "parameters": "--- Nftables::Set[ZOOKEEPER_FLINK_HOSTS].orig\n+++ Nftables::Set[ZOOKEEPER_FLINK_HOSTS]\n\n+    hosts  => ['10.64.16.9', '2620:0:861:102:10:64:16:9', '10.64.0.8', '2620:0:861:101:10:64:0:8', '10.64.32.41', '2620:0:861:103:10:64:32:41', '10.192.16.227', '2620:0:860:102:10:192:16:227', '10.192.32.179', '2620:0:860:103:10:192:32:179', '10.192.48.219', '2620:0:860:104:10:192:48:219']\n+    ensure => present\n"}, {"resource": "Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]", "parameters": "--- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)].orig\n+++ Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]\n\n-    command     => /bin/systemctl daemon-reload\n-    refreshonly => True\n"}, {"resource": "Nftables::Set[CACHES]", "parameters": "--- Nftables::Set[CACHES].orig\n+++ Nftables::Set[CACHES]\n\n+    hosts  => ['10.64.0.79', '2620:0:861:101:10:64:0:79', '10.64.0.229', '2620:0:861:101:10:64:0:229', '10.64.0.14', '2620:0:861:101:10:64:0:14', '10.64.0.51', '2620:0:861:101:10:64:0:51', '10.64.16.241', '2620:0:861:102:10:64:16:241', '10.64.16.94', '2620:0:861:102:10:64:16:94', '10.64.16.95', '2620:0:861:102:10:64:16:95', '10.64.16.240', '2620:0:861:102:10:64:16:240', '10.64.32.14', '2620:0:861:103:10:64:32:14', '10.64.32.60', '2620:0:861:103:10:64:32:60', '10.64.32.15', '2620:0:861:103:10:64:32:15', '10.64.32.65', '2620:0:861:103:10:64:32:65', '10.64.48.16', '2620:0:861:107:10:64:48:16', '10.64.48.41', '2620:0:861:107:10:64:48:41', '10.64.48.27', '2620:0:861:107:10:64:48:27', '10.64.48.28', '2620:0:861:107:10:64:48:28', '10.192.23.26', '2620:0:860:113:10:192:23:26', '10.192.6.20', '2620:0:860:107:10:192:6:20', '10.192.12.35', '2620:0:860:10d:10:192:12:35', '10.192.14.25', '2620:0:860:10f:10:192:14:25', '10.192.4.22', '2620:0:860:100:10:192:4:22', '10.192.29.26', '2620:0:860:116:10:192:29:26', '10.192.30.29', '2620:0:860:119:10:192:30:29', '10.192.36.19', '2620:0:860:11b:10:192:36:19', '10.192.40.25', '2620:0:860:11f:10:192:40:25', '10.192.41.21', '2620:0:860:120:10:192:41:21', '10.192.56.3', '2620:0:860:12b:10:192:56:3', '10.192.56.4', '2620:0:860:12b:10:192:56:4', '10.192.57.3', '2620:0:860:12c:10:192:57:3', '10.192.58.2', '2620:0:860:12d:10:192:58:2', '10.192.58.3', '2620:0:860:12d:10:192:58:3', '10.192.59.2', '2620:0:860:12e:10:192:59:2', '10.80.0.14', '2a02:ec80:300:101:10:80:0:14', '10.80.1.11', '2a02:ec80:300:102:10:80:1:11', '10.80.0.13', '2a02:ec80:300:101:10:80:0:13', '10.80.1.9', '2a02:ec80:300:102:10:80:1:9', '10.80.0.12', '2a02:ec80:300:101:10:80:0:12', '10.80.1.7', '2a02:ec80:300:102:10:80:1:7', '10.80.0.11', '2a02:ec80:300:101:10:80:0:11', '10.80.1.6', '2a02:ec80:300:102:10:80:1:6', '10.80.0.10', '2a02:ec80:300:101:10:80:0:10', '10.80.1.5', '2a02:ec80:300:102:10:80:1:5', '10.80.0.8', '2a02:ec80:300:101:10:80:0:8', '10.80.1.4', '2a02:ec80:300:102:10:80:1:4', '10.80.0.7', '2a02:ec80:300:101:10:80:0:7', '10.80.1.3', '2a02:ec80:300:102:10:80:1:3', '10.80.0.6', '2a02:ec80:300:101:10:80:0:6', '10.80.1.2', '2a02:ec80:300:102:10:80:1:2', '10.128.0.19', '2620:0:863:101:10:128:0:19', '10.128.1.27', '2620:0:863:102:10:128:1:27', '10.128.0.22', '2620:0:863:101:10:128:0:22', '10.128.1.28', '2620:0:863:102:10:128:1:28', '10.128.0.25', '2620:0:863:101:10:128:0:25', '10.128.1.29', '2620:0:863:102:10:128:1:29', '10.128.0.26', '2620:0:863:101:10:128:0:26', '10.128.1.31', '2620:0:863:102:10:128:1:31', '10.128.0.14', '2620:0:863:101:10:128:0:14', '10.128.1.35', '2620:0:863:102:10:128:1:35', '10.128.0.21', '2620:0:863:101:10:128:0:21', '10.128.1.36', '2620:0:863:102:10:128:1:36', '10.128.0.24', '2620:0:863:101:10:128:0:24', '10.128.1.10', '2620:0:863:102:10:128:1:10', '10.128.0.37', '2620:0:863:101:10:128:0:37', '10.128.1.12', '2620:0:863:102:10:128:1:12', '10.132.0.17', '2001:df2:e500:101:10:132:0:17', '10.132.0.18', '2001:df2:e500:101:10:132:0:18', '10.132.0.19', '2001:df2:e500:101:10:132:0:19', '10.132.0.24', '2001:df2:e500:101:10:132:0:24', '10.132.0.29', '2001:df2:e500:101:10:132:0:29', '10.132.0.30', '2001:df2:e500:101:10:132:0:30', '10.132.0.34', '2001:df2:e500:101:10:132:0:34', '10.132.0.35', '2001:df2:e500:101:10:132:0:35', '10.132.0.36', '2001:df2:e500:101:10:132:0:36', '10.132.0.37', '2001:df2:e500:101:10:132:0:37', '10.132.0.38', '2001:df2:e500:101:10:132:0:38', '10.132.0.25', '2001:df2:e500:101:10:132:0:25', '10.132.0.26', '2001:df2:e500:101:10:132:0:26', '10.132.0.27', '2001:df2:e500:101:10:132:0:27', '10.132.0.28', '2001:df2:e500:101:10:132:0:28', '10.132.0.16', '2001:df2:e500:101:10:132:0:16', '10.136.0.6', '2a02:ec80:600:101:10:136:0:6', '10.136.1.6', '2a02:ec80:600:102:10:136:1:6', '10.136.0.7', '2a02:ec80:600:101:10:136:0:7', '10.136.1.7', '2a02:ec80:600:102:10:136:1:7', '10.136.0.8', '2a02:ec80:600:101:10:136:0:8', '10.136.1.8', '2a02:ec80:600:102:10:136:1:8', '10.136.0.9', '2a02:ec80:600:101:10:136:0:9', '10.136.1.9', '2a02:ec80:600:102:10:136:1:9', '10.136.0.10', '2a02:ec80:600:101:10:136:0:10', '10.136.1.10', '2a02:ec80:600:102:10:136:1:10', '10.136.0.11', '2a02:ec80:600:101:10:136:0:11', '10.136.1.11', '2a02:ec80:600:102:10:136:1:11', '10.136.0.12', '2a02:ec80:600:101:10:136:0:12', '10.136.1.12', '2a02:ec80:600:102:10:136:1:12', '10.136.0.13', '2a02:ec80:600:101:10:136:0:13', '10.136.1.13', '2a02:ec80:600:102:10:136:1:13', '10.140.0.3', '2a02:ec80:700:101:10:140:0:3', '10.140.1.4', '2a02:ec80:700:102:10:140:1:4', '10.140.0.4', '2a02:ec80:700:101:10:140:0:4', '10.140.1.5', '2a02:ec80:700:102:10:140:1:5', '10.140.0.5', '2a02:ec80:700:101:10:140:0:5', '10.140.1.6', '2a02:ec80:700:102:10:140:1:6', '10.140.0.6', '2a02:ec80:700:101:10:140:0:6', '10.140.1.7', '2a02:ec80:700:102:10:140:1:7', '10.140.0.7', '2a02:ec80:700:101:10:140:0:7', '10.140.1.8', '2a02:ec80:700:102:10:140:1:8', '10.140.0.8', '2a02:ec80:700:101:10:140:0:8', '10.140.1.9', '2a02:ec80:700:102:10:140:1:9', '10.140.0.9', '2a02:ec80:700:101:10:140:0:9', '10.140.1.10', '2a02:ec80:700:102:10:140:1:10', '10.140.0.10', '2a02:ec80:700:101:10:140:0:10', '10.140.1.11', '2a02:ec80:700:102:10:140:1:11']\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/sets]", "parameters": "--- File[/etc/nftables/sets].orig\n+++ File[/etc/nftables/sets]\n\n+    group   => root\n+    recurse => True\n+    ensure  => directory\n+    purge   => True\n+    owner   => root\n"}, {"resource": "File[/etc/logrotate.d/prometheus-node-textfile-check-nft]", "content": "--- /etc/logrotate.d/prometheus-node-textfile-check-nft.orig\n+++ /etc/logrotate.d/prometheus-node-textfile-check-nft\n@@ -0,0 +1,12 @@\n+# logrotate(8) config for prometheus-node-textfile-check-nft\n+\n+/var/log/prometheus-node-textfile-check-nft/*.log {\n+    daily\n+    copytruncate\n+    missingok\n+    compress\n+    delaycompress\n+    notifempty\n+    rotate 15\n+    size 256M\n+}", "parameters": "--- File[/etc/logrotate.d/prometheus-node-textfile-check-nft].orig\n+++ File[/etc/logrotate.d/prometheus-node-textfile-check-nft]\n\n+    owner  => root\n+    group  => root\n+    mode   => 0444\n+    ensure => present\n"}, {"resource": "Systemd::Unit[nrpe2nodexp-ferm_active.timer]", "parameters": "--- Systemd::Unit[nrpe2nodexp-ferm_active.timer].orig\n+++ Systemd::Unit[nrpe2nodexp-ferm_active.timer]\n\n-    require           => ['Class[Systemd]']\n-    restart           => False\n-    override          => False\n-    ensure            => present\n-    override_filename => puppet-override.conf\n-    unit              => nrpe2nodexp-ferm_active.timer\n"}, {"resource": "Nftables::Service[full-monitoring-metrics-access-udp]", "parameters": "--- Nftables::Service[full-monitoring-metrics-access-udp].orig\n+++ Nftables::Service[full-monitoring-metrics-access-udp]\n\n+    desc                => \n+    port_range          => [1, 65535]\n+    ensure              => present\n+    proto               => udp\n+    src_ips             => ['10.192.16.75', '10.192.32.67', '10.192.39.10', '10.192.9.11', '208.80.153.42', '208.80.154.78', '2620:0:860:102:10:192:16:75', '2620:0:860:103:10:192:32:67', '2620:0:860:10a:10:192:9:11', '2620:0:860:11e:10:192:39:10', '2620:0:860:2:208:80:153:42', '2620:0:861:3:208:80:154:78']\n+    prio                => 10\n+    notrack             => False\n+    unrestricted_access => False\n"}], "perc_changed": "17.19%"}, "core": {"total": 3106, "only_in_self": ["Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]", "Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]", "Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]", "Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]", "Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]", "Exec[update_alternative_ip6tables]", "Exec[update_alternative_iptables]", "File[/etc/default/ferm]", "File[/etc/ferm/conf.d/00_defs]", "File[/etc/ferm/conf.d/01_drop-blocked-nets]", "File[/etc/ferm/conf.d/02_main]", "File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp]", "File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]", "File[/etc/ferm/conf.d/10_mariadb_internal]", "File[/etc/ferm/conf.d/10_orchestrator]", "File[/etc/ferm/conf.d/10_parsercache_mariadb_dba]", "File[/etc/ferm/conf.d/10_ssh_from_bastion]", "File[/etc/ferm/conf.d/10_ssh_from_cumin_masters]", "File[/etc/ferm/conf.d/98_filter_log_filter-bootp]", "File[/etc/ferm/conf.d/98_log-everything]", "File[/etc/ferm/conf.d/99_dscp-default]", "File[/etc/ferm/conf.d]", "File[/etc/ferm/ferm.conf]", "File[/etc/ferm/functions.conf]", "File[/etc/logrotate.d/ulogd]", "File[/etc/logrotate.d/wmf_auto_restart_ulogd2]", "File[/etc/nagios/nrpe.d/check_ferm_active.cfg]", "File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]", "File[/etc/rsyslog.d/40-ulogd.conf]", "File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf]", "File[/etc/sudoers.d/nrpe-check_ferm_active]", "File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf]", "File[/etc/systemd/system/ferm.service.d]", "File[/etc/ulogd.conf]", "File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]", "File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]", "File[/lib/systemd/system/wmf_auto_restart_ulogd2.service]", "File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer]", "File[/usr/local/lib/nagios/plugins/check_ferm]", "File[/var/log/ulogd]", "File[/var/log/wmf_auto_restart_ulogd2]", "File_line[auto_restart_file_presence_ulogd2]", "Package[ulogd2]", "Service[ferm]", "Service[nrpe2nodexp-ferm_active.timer]", "Service[ulogd2]", "Service[wmf_auto_restart_ulogd2.timer]"], "only_in_other": ["Exec[systemd daemon-reload for nftables.service (nftables)]", "Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]", "Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]", "Exec[unmask_nftables.service]", "File[/etc/logrotate.d/prometheus-node-textfile-check-nft]", "File[/etc/nftables.conf]", "File[/etc/nftables/100_base_puppet.nft]", "File[/etc/nftables/]", "File[/etc/nftables/forward]", "File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]", "File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]", "File[/etc/nftables/input/10_mariadb_internal.nft]", "File[/etc/nftables/input/10_orchestrator.nft]", "File[/etc/nftables/input/10_parsercache_mariadb_dba.nft]", "File[/etc/nftables/input/10_ssh-from-bastion.nft]", "File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]", "File[/etc/nftables/input]", "File[/etc/nftables/main.nft]", "File[/etc/nftables/notrack/10_mariadb_internal.nft]", "File[/etc/nftables/notrack/10_orchestrator.nft]", "File[/etc/nftables/notrack]", "File[/etc/nftables/output]", "File[/etc/nftables/postrouting]", "File[/etc/nftables/prerouting]", "File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/CACHES_ipv4.nft]", "File[/etc/nftables/sets/CACHES_ipv6.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]", "File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]", "File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/INTERNAL_ipv4.nft]", "File[/etc/nftables/sets/INTERNAL_ipv6.nft]", "File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]", "File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]", "File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]", "File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]", "File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]", "File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]", "File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]", "File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]", "File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]", "File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]", "File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]", "File[/etc/nftables/sets]", "File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf]", "File[/etc/systemd/system/nftables.service.d/puppet-override.conf]", "File[/etc/systemd/system/nftables.service.d]", "File[/lib/systemd/system/prometheus-node-textfile-check-nft.service]", "File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer]", "File[/usr/local/bin/check-nft]", "File[/var/log/prometheus-node-textfile-check-nft]", "Package[nftables]", "Service[nftables]", "Service[prometheus-node-textfile-check-nft.timer]"], "resource_diffs": [{"resource": "Package[iptables]", "parameters": "--- Package[iptables].orig\n+++ Package[iptables]\n\n@@\n-    ensure => installed\n+    ensure => absent\n"}, {"resource": "File[/etc/ferm]", "parameters": "--- File[/etc/ferm].orig\n+++ File[/etc/ferm]\n\n@@\n-    ensure => directory\n+    ensure => absent\n"}, {"resource": "File[/etc/modules-load.d/conntrack.conf]", "parameters": "--- File[/etc/modules-load.d/conntrack.conf].orig\n+++ File[/etc/modules-load.d/conntrack.conf]\n\n@@\n-    ensure => file\n+    ensure => absent\n"}, {"resource": "File[/etc/ferm/conf.d/00_defs_requestctl]", "parameters": "--- File[/etc/ferm/conf.d/00_defs_requestctl].orig\n+++ File[/etc/ferm/conf.d/00_defs_requestctl]\n\n@@\n-    ensure => file\n+    ensure => absent\n"}, {"resource": "Package[ferm]", "parameters": "--- Package[ferm].orig\n+++ Package[ferm]\n\n@@\n-    ensure => installed\n+    ensure => purged\n"}, {"resource": "File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml]", "parameters": "--- File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml].orig\n+++ File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/usr/local/sbin/ferm-status]", "parameters": "--- File[/usr/local/sbin/ferm-status].orig\n+++ File[/usr/local/sbin/ferm-status]\n\n@@\n-    ensure => file\n+    ensure => absent\n"}, {"resource": "File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl]", "parameters": "--- File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl].orig\n+++ File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}], "perc_changed": "5.28%"}, "main": {"total": 3106, "only_in_self": ["Alternatives::Select[ip6tables]", "Alternatives::Select[iptables]", "Class[Profile::Firewall::Log::Ferm]", "Class[Ulogd]", "Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]", "Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]", "Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]", "Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]", "Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]", "Exec[update_alternative_ip6tables]", "Exec[update_alternative_iptables]", "Ferm::Conf[defs]", "Ferm::Conf[main]", "Ferm::Filter_log[filter-bootp]", "Ferm::Rule[drop-blocked-nets]", "Ferm::Rule[dscp-default]", "Ferm::Rule[filter_log_filter-bootp]", "Ferm::Rule[log-everything]", "Ferm::Service[full_monitoring_metrics_access_tcp]", "Ferm::Service[full_monitoring_metrics_access_udp]", "Ferm::Service[mariadb_internal]", "Ferm::Service[orchestrator]", "Ferm::Service[parsercache_mariadb_dba]", "Ferm::Service[ssh_from_bastion]", "Ferm::Service[ssh_from_cumin_masters]", "File[/etc/default/ferm]", "File[/etc/ferm/conf.d/00_defs]", "File[/etc/ferm/conf.d/01_drop-blocked-nets]", "File[/etc/ferm/conf.d/02_main]", "File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp]", "File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]", "File[/etc/ferm/conf.d/10_mariadb_internal]", "File[/etc/ferm/conf.d/10_orchestrator]", "File[/etc/ferm/conf.d/10_parsercache_mariadb_dba]", "File[/etc/ferm/conf.d/10_ssh_from_bastion]", "File[/etc/ferm/conf.d/10_ssh_from_cumin_masters]", "File[/etc/ferm/conf.d/98_filter_log_filter-bootp]", "File[/etc/ferm/conf.d/98_log-everything]", "File[/etc/ferm/conf.d/99_dscp-default]", "File[/etc/ferm/conf.d]", "File[/etc/ferm/ferm.conf]", "File[/etc/ferm/functions.conf]", "File[/etc/logrotate.d/ulogd]", "File[/etc/logrotate.d/wmf_auto_restart_ulogd2]", "File[/etc/nagios/nrpe.d/check_ferm_active.cfg]", "File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]", "File[/etc/rsyslog.d/40-ulogd.conf]", "File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf]", "File[/etc/sudoers.d/nrpe-check_ferm_active]", "File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf]", "File[/etc/systemd/system/ferm.service.d]", "File[/etc/ulogd.conf]", "File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]", "File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]", "File[/lib/systemd/system/wmf_auto_restart_ulogd2.service]", "File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer]", "File[/usr/local/lib/nagios/plugins/check_ferm]", "File[/var/log/ulogd]", "File[/var/log/wmf_auto_restart_ulogd2]", "File_line[auto_restart_file_presence_ulogd2]", "Logrotate::Conf[ulogd]", "Logrotate::Conf[wmf_auto_restart_ulogd2]", "Monitoring::Exported_nagios_service[pc2022 ferm_active]", "Monitoring::Service[ferm_active]", "Nrpe::Check[check_ferm_active]", "Nrpe::Monitor_service[ferm_active]", "Nrpe::Plugin[check_ferm]", "Package[ulogd2]", "Profile::Auto_restarts::Service[ulogd2]", "Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c]", "Rsyslog::Conf[nrpe2nodexp-ferm_active]", "Rsyslog::Conf[ulogd]", "Rsyslog::Conf[wmf_auto_restart_ulogd2]", "Service[ferm]", "Service[nrpe2nodexp-ferm_active.timer]", "Service[ulogd2]", "Service[wmf_auto_restart_ulogd2.timer]", "Sudo::User[nrpe-check_ferm_active]", "Systemd::Override[ferm-service-status-restart]", "Systemd::Service[nrpe2nodexp-ferm_active]", "Systemd::Service[wmf_auto_restart_ulogd2]", "Systemd::Syslog[ulogd]", "Systemd::Syslog[wmf_auto_restart_ulogd2]", "Systemd::Timer::Job[nrpe2nodexp-ferm_active]", "Systemd::Timer::Job[wmf_auto_restart_ulogd2]", "Systemd::Timer[nrpe2nodexp-ferm_active]", "Systemd::Timer[wmf_auto_restart_ulogd2]", "Systemd::Unit[ferm-ferm-service-status-restart]", "Systemd::Unit[nrpe2nodexp-ferm_active.service]", "Systemd::Unit[nrpe2nodexp-ferm_active.timer]", "Systemd::Unit[wmf_auto_restart_ulogd2.service]", "Systemd::Unit[wmf_auto_restart_ulogd2.timer]"], "only_in_other": ["Class[Nftables]", "Class[Profile::Firewall::Nftables_base_sets]", "Exec[systemd daemon-reload for nftables.service (nftables)]", "Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]", "Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]", "Exec[unmask_nftables.service]", "File[/etc/logrotate.d/prometheus-node-textfile-check-nft]", "File[/etc/nftables.conf]", "File[/etc/nftables/100_base_puppet.nft]", "File[/etc/nftables/]", "File[/etc/nftables/forward]", "File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]", "File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]", "File[/etc/nftables/input/10_mariadb_internal.nft]", "File[/etc/nftables/input/10_orchestrator.nft]", "File[/etc/nftables/input/10_parsercache_mariadb_dba.nft]", "File[/etc/nftables/input/10_ssh-from-bastion.nft]", "File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]", "File[/etc/nftables/input]", "File[/etc/nftables/main.nft]", "File[/etc/nftables/notrack/10_mariadb_internal.nft]", "File[/etc/nftables/notrack/10_orchestrator.nft]", "File[/etc/nftables/notrack]", "File[/etc/nftables/output]", "File[/etc/nftables/postrouting]", "File[/etc/nftables/prerouting]", "File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/CACHES_ipv4.nft]", "File[/etc/nftables/sets/CACHES_ipv6.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]", "File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]", "File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/INTERNAL_ipv4.nft]", "File[/etc/nftables/sets/INTERNAL_ipv6.nft]", "File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]", "File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]", "File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]", "File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]", "File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]", "File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]", "File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]", "File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]", "File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]", "File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]", "File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]", "File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]", "File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]", "File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]", "File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]", "File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]", "File[/etc/nftables/sets]", "File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf]", "File[/etc/systemd/system/nftables.service.d/puppet-override.conf]", "File[/etc/systemd/system/nftables.service.d]", "File[/lib/systemd/system/prometheus-node-textfile-check-nft.service]", "File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer]", "File[/usr/local/bin/check-nft]", "File[/var/log/prometheus-node-textfile-check-nft]", "Logrotate::Conf[prometheus-node-textfile-check-nft]", "Nftables::File[base]", "Nftables::Service[full-monitoring-metrics-access-tcp]", "Nftables::Service[full-monitoring-metrics-access-udp]", "Nftables::Service[mariadb_internal]", "Nftables::Service[orchestrator]", "Nftables::Service[parsercache_mariadb_dba]", "Nftables::Service[ssh-from-bastion]", "Nftables::Service[ssh-from-cumin-masters]", "Nftables::Set[ANALYTICS_NETWORKS]", "Nftables::Set[AUX_KUBEPODS_NETWORKS]", "Nftables::Set[BASTION_HOSTS]", "Nftables::Set[CACHES]", "Nftables::Set[CLOUD_NETWORKS]", "Nftables::Set[CLOUD_NETWORKS_PUBLIC]", "Nftables::Set[CLOUD_PRIVATE_NETWORKS]", "Nftables::Set[CUMIN_MASTERS]", "Nftables::Set[DEPLOYMENT_HOSTS]", "Nftables::Set[DOMAIN_NETWORKS]", "Nftables::Set[DRUID_PUBLIC_HOSTS]", "Nftables::Set[DSE_KUBEPODS_NETWORKS]", "Nftables::Set[FRACK_NETWORKS]", "Nftables::Set[INSTALL_HOSTS]", "Nftables::Set[INTERNAL]", "Nftables::Set[KAFKAMON_HOSTS]", "Nftables::Set[KAFKA_BROKERS_JUMBO]", "Nftables::Set[KAFKA_BROKERS_LOGGING]", "Nftables::Set[KAFKA_BROKERS_MAIN]", "Nftables::Set[LABSTORE_HOSTS]", "Nftables::Set[LABS_NETWORKS]", "Nftables::Set[LINK_LOCAL]", "Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS]", "Nftables::Set[MGMT_NETWORKS]", "Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]", "Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]", "Nftables::Set[MONITORING_HOSTS]", "Nftables::Set[MW_APPSERVER_NETWORKS]", "Nftables::Set[MYSQL_ROOT_CLIENTS]", "Nftables::Set[NETWORK_INFRA]", "Nftables::Set[PRODUCTION_NETWORKS]", "Nftables::Set[PROMETHEUS_HOSTS]", "Nftables::Set[SANDBOX_NETWORKS]", "Nftables::Set[STAGING_KUBEPODS_NETWORKS]", "Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]", "Nftables::Set[ZOOKEEPER_FLINK_HOSTS]", "Nftables::Set[ZOOKEEPER_HOSTS_MAIN]", "Package[nftables]", "Prometheus::Node_textfile[check-nft]", "Rsyslog::Conf[prometheus-node-textfile-check-nft]", "Service[nftables]", "Service[prometheus-node-textfile-check-nft.timer]", "Systemd::Service[nftables]", "Systemd::Service[prometheus-node-textfile-check-nft]", "Systemd::Syslog[prometheus-node-textfile-check-nft]", "Systemd::Timer::Job[prometheus-node-textfile-check-nft]", "Systemd::Timer[prometheus-node-textfile-check-nft]", "Systemd::Unit[nftables]", "Systemd::Unit[prometheus-node-textfile-check-nft.service]", "Systemd::Unit[prometheus-node-textfile-check-nft.timer]", "Systemd::Unmask[nftables.service]"], "resource_diffs": [{"resource": "Package[iptables]", "parameters": "--- Package[iptables].orig\n+++ Package[iptables]\n\n@@\n-    ensure => installed\n+    ensure => absent\n"}, {"resource": "Class[Profile::Apt]", "parameters": "--- Class[Profile::Apt].orig\n+++ Class[Profile::Apt]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[wmf-mariadb1011]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-common]', 'Package[monitoring-plugins-contrib]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[prometheus-mysqld-exporter]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[wmf-mariadb1011]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-common]', 'Package[monitoring-plugins-contrib]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[prometheus-mysqld-exporter]']\n"}, {"resource": "Class[Adduser]", "parameters": "--- Class[Adduser].orig\n+++ Class[Adduser]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[ulogd2]', 'Package[conntrack]', 'Package[wmf-mariadb1011]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-common]', 'Package[monitoring-plugins-contrib]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[prometheus-mysqld-exporter]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[starship]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[linux-sysctl-defaults]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[perccli]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[wmf-mariadb1011]', 'Package[percona-toolkit]', 'Package[grc]', 'Package[mariadb-backup]', 'Package[python3-wmfmariadbpy]', 'Package[wmfmariadbpy-common]', 'Package[monitoring-plugins-contrib]', 'Package[ruby-concurrent]', 'Package[ruby]', 'Package[libruby]', 'Package[puppet-agent]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[prometheus-mysqld-exporter]']\n"}, {"resource": "File[/etc/ferm]", "parameters": "--- File[/etc/ferm].orig\n+++ File[/etc/ferm]\n\n@@\n-    ensure => directory\n+    ensure => absent\n"}, {"resource": "File[/etc/modules-load.d/conntrack.conf]", "parameters": "--- File[/etc/modules-load.d/conntrack.conf].orig\n+++ File[/etc/modules-load.d/conntrack.conf]\n\n@@\n-    ensure => file\n+    ensure => absent\n"}, {"resource": "File[/etc/ferm/conf.d/00_defs_requestctl]", "parameters": "--- File[/etc/ferm/conf.d/00_defs_requestctl].orig\n+++ File[/etc/ferm/conf.d/00_defs_requestctl]\n\n@@\n-    ensure => file\n+    ensure => absent\n"}, {"resource": "Package[ferm]", "parameters": "--- Package[ferm].orig\n+++ Package[ferm]\n\n@@\n-    ensure => installed\n+    ensure => purged\n"}, {"resource": "File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml]", "parameters": "--- File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml].orig\n+++ File[/etc/confd/conf.d/_etc_ferm_conf.d_00_defs_requestctl.toml]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Ferm]", "parameters": "--- Class[Ferm].orig\n+++ Class[Ferm]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/usr/local/sbin/ferm-status]", "parameters": "--- File[/usr/local/sbin/ferm-status].orig\n+++ File[/usr/local/sbin/ferm-status]\n\n@@\n-    ensure => file\n+    ensure => absent\n"}, {"resource": "Confd::File[/etc/ferm/conf.d/00_defs_requestctl]", "parameters": "--- Confd::File[/etc/ferm/conf.d/00_defs_requestctl].orig\n+++ Confd::File[/etc/ferm/conf.d/00_defs_requestctl]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Firewall]", "parameters": "--- Class[Firewall].orig\n+++ Class[Firewall]\n\n@@\n-    provider => ferm\n+    provider => nftables\n"}, {"resource": "File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl]", "parameters": "--- File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl].orig\n+++ File[/etc/confd/templates/_etc_ferm_conf.d_00_defs_requestctl.tmpl]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Class[Profile::Firewall]", "parameters": "--- Class[Profile::Firewall].orig\n+++ Class[Profile::Firewall]\n\n@@\n-    provider => ferm\n+    provider => nftables\n"}], "perc_changed": "8.82%"}}}