{"host": "gitlab2002.wikimedia.org", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3458, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "Class[Profile::Gitlab]", "parameters": "--- Class[Profile::Gitlab].orig\n+++ Class[Profile::Gitlab]\n\n@@\n-    nginx_listen_addresses => ['208.80.153.8', '2620:0:860:1:208:80:153:8']\n+    nginx_listen_addresses => ['208.80.153.8', '2620:0:860:1:208:80:153:8', '127.0.0.1', '::1']\n"}, {"resource": "Envoyproxy::Conf[cluster_local_port_443]"}, {"resource": "Envoyproxy::Cluster[cluster_local_port_443]"}, {"resource": "Class[Profile::Tlsproxy::Envoy]", "parameters": "--- Class[Profile::Tlsproxy::Envoy].orig\n+++ Class[Profile::Tlsproxy::Envoy]\n\n+    upstream_sni  => gitlab-replica-b.wikimedia.org\n@@\n-    upstream_addr => gitlab2002.wikimedia.org\n+    upstream_addr => 127.0.0.1\n"}, {"resource": "File[/etc/gitlab/gitlab.rb]", "content": "--- /etc/gitlab/gitlab.rb.orig\n+++ /etc/gitlab/gitlab.rb\n@@ -58,7 +58,7 @@\n nginx['redirect_http_to_https'] = false\n nginx['ssl_certificate'] = \"/etc/acmecerts/gitlab/live/ec-prime256v1.chained.crt\"\n nginx['ssl_certificate_key'] = \"/etc/acmecerts/gitlab/live/ec-prime256v1.key\"\n-nginx['listen_addresses'] = [\"208.80.153.8\", \"[2620:0:860:1:208:80:153:8]\"]\n+nginx['listen_addresses'] = [\"208.80.153.8\", \"[2620:0:860:1:208:80:153:8]\", \"127.0.0.1\", \"[::1]\"]\n \n # Nginx access logging in JSON - see https://phabricator.wikimedia.org/T274462\n #"}, {"resource": "Class[Gitlab]", "parameters": "--- Class[Gitlab].orig\n+++ Class[Gitlab]\n\n@@\n-    nginx_listen_addresses => ['208.80.153.8', '2620:0:860:1:208:80:153:8']\n+    nginx_listen_addresses => ['208.80.153.8', '2620:0:860:1:208:80:153:8', '127.0.0.1', '::1']\n"}, {"resource": "Envoyproxy::Tls_terminator[8443]", "parameters": "--- Envoyproxy::Tls_terminator[8443].orig\n+++ Envoyproxy::Tls_terminator[8443]\n\n@@\n-    upstreams => [{'server_names': ['*'], 'cert_path': None, 'key_path': None, 'upstream_port': 443, 'upstream_addr': 'gitlab2002.wikimedia.org', 'upstream_tls': True}]\n+    upstreams => [{'server_names': ['*'], 'cert_path': None, 'key_path': None, 'upstream_port': 443, 'upstream_addr': '127.0.0.1', 'upstream_tls': True, 'upstream_sni': 'gitlab-replica-b.wikimedia.org'}]\n"}, {"resource": "File[/etc/envoy/clusters.d/00-cluster_local_port_443.yaml]", "content": "--- /etc/envoy/clusters.d/00-cluster_local_port_443.yaml.orig\n+++ /etc/envoy/clusters.d/00-cluster_local_port_443.yaml\n@@ -16,12 +16,13 @@\n     - endpoint:\n         address:\n           socket_address:\n-            address: gitlab2002.wikimedia.org\n+            address: 127.0.0.1\n             port_value: 443\n transport_socket:\n   name: envoy.transport_sockets.tls\n   typed_config:\n     \"@type\": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext\n+    sni: gitlab-replica-b.wikimedia.org\n     common_tls_context:\n       validation_context:\n         trusted_ca:"}], "perc_changed": "0.23%"}, "core": {"total": 3458, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/etc/envoy/clusters.d/00-cluster_local_port_443.yaml]", "content": "--- /etc/envoy/clusters.d/00-cluster_local_port_443.yaml.orig\n+++ /etc/envoy/clusters.d/00-cluster_local_port_443.yaml\n@@ -16,12 +16,13 @@\n     - endpoint:\n         address:\n           socket_address:\n-            address: gitlab2002.wikimedia.org\n+            address: 127.0.0.1\n             port_value: 443\n transport_socket:\n   name: envoy.transport_sockets.tls\n   typed_config:\n     \"@type\": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext\n+    sni: gitlab-replica-b.wikimedia.org\n     common_tls_context:\n       validation_context:\n         trusted_ca:"}, {"resource": "File[/etc/gitlab/gitlab.rb]", "content": "--- /etc/gitlab/gitlab.rb.orig\n+++ /etc/gitlab/gitlab.rb\n@@ -58,7 +58,7 @@\n nginx['redirect_http_to_https'] = false\n nginx['ssl_certificate'] = \"/etc/acmecerts/gitlab/live/ec-prime256v1.chained.crt\"\n nginx['ssl_certificate_key'] = \"/etc/acmecerts/gitlab/live/ec-prime256v1.key\"\n-nginx['listen_addresses'] = [\"208.80.153.8\", \"[2620:0:860:1:208:80:153:8]\"]\n+nginx['listen_addresses'] = [\"208.80.153.8\", \"[2620:0:860:1:208:80:153:8]\", \"127.0.0.1\", \"[::1]\"]\n \n # Nginx access logging in JSON - see https://phabricator.wikimedia.org/T274462\n #"}], "perc_changed": "0.06%"}, "main": {"total": 3458, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "Class[Gitlab]", "parameters": "--- Class[Gitlab].orig\n+++ Class[Gitlab]\n\n@@\n-    nginx_listen_addresses => ['208.80.153.8', '2620:0:860:1:208:80:153:8']\n+    nginx_listen_addresses => ['208.80.153.8', '2620:0:860:1:208:80:153:8', '127.0.0.1', '::1']\n"}, {"resource": "Envoyproxy::Tls_terminator[8443]", "parameters": "--- Envoyproxy::Tls_terminator[8443].orig\n+++ Envoyproxy::Tls_terminator[8443]\n\n@@\n-    upstreams => [{'server_names': ['*'], 'cert_path': None, 'key_path': None, 'upstream_port': 443, 'upstream_addr': 'gitlab2002.wikimedia.org', 'upstream_tls': True}]\n+    upstreams => [{'server_names': ['*'], 'cert_path': None, 'key_path': None, 'upstream_port': 443, 'upstream_addr': '127.0.0.1', 'upstream_tls': True, 'upstream_sni': 'gitlab-replica-b.wikimedia.org'}]\n"}, {"resource": "File[/etc/envoy/clusters.d/00-cluster_local_port_443.yaml]", "content": "--- /etc/envoy/clusters.d/00-cluster_local_port_443.yaml.orig\n+++ /etc/envoy/clusters.d/00-cluster_local_port_443.yaml\n@@ -16,12 +16,13 @@\n     - endpoint:\n         address:\n           socket_address:\n-            address: gitlab2002.wikimedia.org\n+            address: 127.0.0.1\n             port_value: 443\n transport_socket:\n   name: envoy.transport_sockets.tls\n   typed_config:\n     \"@type\": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext\n+    sni: gitlab-replica-b.wikimedia.org\n     common_tls_context:\n       validation_context:\n         trusted_ca:"}, {"resource": "Class[Profile::Gitlab]", "parameters": "--- Class[Profile::Gitlab].orig\n+++ Class[Profile::Gitlab]\n\n@@\n-    nginx_listen_addresses => ['208.80.153.8', '2620:0:860:1:208:80:153:8']\n+    nginx_listen_addresses => ['208.80.153.8', '2620:0:860:1:208:80:153:8', '127.0.0.1', '::1']\n"}, {"resource": "Envoyproxy::Conf[cluster_local_port_443]"}, {"resource": "Envoyproxy::Cluster[cluster_local_port_443]"}, {"resource": "Class[Profile::Tlsproxy::Envoy]", "parameters": "--- Class[Profile::Tlsproxy::Envoy].orig\n+++ Class[Profile::Tlsproxy::Envoy]\n\n+    upstream_sni  => gitlab-replica-b.wikimedia.org\n@@\n-    upstream_addr => gitlab2002.wikimedia.org\n+    upstream_addr => 127.0.0.1\n"}, {"resource": "File[/etc/gitlab/gitlab.rb]", "content": "--- /etc/gitlab/gitlab.rb.orig\n+++ /etc/gitlab/gitlab.rb\n@@ -58,7 +58,7 @@\n nginx['redirect_http_to_https'] = false\n nginx['ssl_certificate'] = \"/etc/acmecerts/gitlab/live/ec-prime256v1.chained.crt\"\n nginx['ssl_certificate_key'] = \"/etc/acmecerts/gitlab/live/ec-prime256v1.key\"\n-nginx['listen_addresses'] = [\"208.80.153.8\", \"[2620:0:860:1:208:80:153:8]\"]\n+nginx['listen_addresses'] = [\"208.80.153.8\", \"[2620:0:860:1:208:80:153:8]\", \"127.0.0.1\", \"[::1]\"]\n \n # Nginx access logging in JSON - see https://phabricator.wikimedia.org/T274462\n #"}], "perc_changed": "0.23%"}}}