Compilation results for rpki2003.codfw.wmnet: System changes detected
You can retrieve this result from host.json.Catalog differences
Summary
| Total Resources: | 2714 |
|---|---|
| Resources added: | 162 |
| Resources removed: | 88 |
| Resources modified: | 264 |
| Change percentage: | 18.94% |
Resources only in the new catalog
- Nftables::Set[FRACK_NETWORKS]
- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]
- Nftables::File[base]
- Nftables::Set[MONITORING_HOSTS]
- Systemd::Timer::Job[prometheus-node-textfile-check-nft]
- File[/etc/nftables/sets]
- Nftables::Set[ZOOKEEPER_HOSTS_MAIN]
- Class[Profile::Firewall::Nftables_base_sets]
- File[/etc/nftables.conf]
- Nftables::Service[ssh-from-cumin-masters]
- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv6.nft]
- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv4.nft]
- Nftables::Set[INSTALL_HOSTS]
- Systemd::Service[nftables]
- Nftables::Set[KAFKA_BROKERS_LOGGING]
- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv6.nft]
- Logrotate::Conf[prometheus-node-textfile-check-nft]
- File[/etc/nftables/sets/MONITORING_HOSTS_ipv4.nft]
- Nftables::Set[PROMETHEUS_HOSTS]
- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv6.nft]
- File[/etc/nftables/]
- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv4.nft]
- File[/etc/systemd/system/nftables.service.d]
- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]
- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]
- Nftables::Set[AUX_KUBEPODS_NETWORKS]
- File[/etc/nftables/sets/NETWORK_INFRA_ipv4.nft]
- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv4.nft]
- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]
- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]
- File[/etc/nftables/input/10_ssh-from-bastion.nft]
- File[/etc/nftables/notrack]
- File[/etc/nftables/postrouting]
- File[/etc/nftables/sets/CACHES_ipv4.nft]
- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv4.nft]
- Nftables::Set[DOMAIN_NETWORKS]
- File[/etc/nftables/forward]
- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv4.nft]
- File[/etc/nftables/sets/INTERNAL_ipv6.nft]
- File[/etc/nftables/sets/NETWORK_INFRA_ipv6.nft]
- File[/etc/nftables/sets/MONITORING_HOSTS_ipv6.nft]
- File[/etc/nftables/sets/LOAD_BALANCER_HEALTH_CHECKS_ipv6.nft]
- Nftables::Service[rpkivalidator-rtr-acl]
- File[/etc/nftables/sets/LABS_NETWORKS_ipv4.nft]
- Nftables::Set[ANALYTICS_NETWORKS]
- File[/etc/nftables/sets/BASTION_HOSTS_ipv6.nft]
- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/INSTALL_HOSTS_ipv6.nft]
- Nftables::Set[CLOUD_NETWORKS]
- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]
- Systemd::Unit[prometheus-node-textfile-check-nft.service]
- Nftables::Set[LOAD_BALANCER_HEALTH_CHECKS]
- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv6.nft]
- Systemd::Unit[nftables]
- File[/etc/nftables/input/10_full-monitoring-metrics-access-udp.nft]
- Systemd::Syslog[prometheus-node-textfile-check-nft]
- Nftables::Set[MLSERVE_KUBEPODS_NETWORKS]
- File[/etc/nftables/sets/MGMT_NETWORKS_ipv4.nft]
- File[/lib/systemd/system/prometheus-node-textfile-check-nft.service]
- Nftables::Set[PRODUCTION_NETWORKS]
- File[/etc/nftables/sets/KAFKA_BROKERS_MAIN_ipv6.nft]
- File[/etc/nftables/sets/INTERNAL_ipv4.nft]
- File[/etc/nftables/prerouting]
- Nftables::Set[CLOUD_NETWORKS_PUBLIC]
- Nftables::Set[STAGING_KUBEPODS_NETWORKS]
- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv6.nft]
- Exec[unmask_nftables.service]
- Exec[systemd daemon-reload for nftables.service (nftables)]
- Nftables::Set[KAFKA_BROKERS_JUMBO]
- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]
- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv4.nft]
- Nftables::Set[ZOOKEEPER_FLINK_HOSTS]
- Package[nftables]
- File[/etc/nftables/sets/KAFKA_BROKERS_LOGGING_ipv6.nft]
- Nftables::Set[MGMT_NETWORKS]
- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv6.nft]
- Nftables::Service[full-monitoring-metrics-access-udp]
- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv4.nft]
- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv4.nft]
- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv4.nft]
- Nftables::Set[BASTION_HOSTS]
- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/MGMT_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv4.nft]
- File[/etc/systemd/system/nftables.service.d/puppet-override.conf]
- Nftables::Set[LINK_LOCAL]
- File[/etc/nftables/input]
- File[/etc/nftables/sets/BASTION_HOSTS_ipv4.nft]
- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]
- Systemd::Timer[prometheus-node-textfile-check-nft]
- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]
- File[/etc/nftables/100_base_puppet.nft]
- File[/etc/nftables/main.nft]
- Nftables::Set[LABS_NETWORKS]
- Nftables::Set[MW_APPSERVER_NETWORKS]
- File[/etc/nftables/sets/MYSQL_ROOT_CLIENTS_ipv4.nft]
- File[/etc/nftables/sets/LINK_LOCAL_ipv4.nft]
- File[/etc/nftables/sets/LABSTORE_HOSTS_ipv4.nft]
- Nftables::Service[ssh-from-bastion]
- Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]
- File[/etc/nftables/input/10_rpkivalidator-rtr-acl.nft]
- Nftables::Set[CLOUD_PRIVATE_NETWORKS]
- Class[Nftables]
- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv4.nft]
- Nftables::Set[LABSTORE_HOSTS]
- File[/etc/nftables/sets/CUMIN_MASTERS_ipv6.nft]
- File[/etc/nftables/sets/MW_APPSERVER_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/CLOUD_NETWORKS_PUBLIC_ipv4.nft]
- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]
- Nftables::Set[MYSQL_ROOT_CLIENTS]
- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]
- File[/lib/systemd/system/prometheus-node-textfile-check-nft.timer]
- Service[prometheus-node-textfile-check-nft.timer]
- File[/etc/nftables/sets/CLOUD_PRIVATE_NETWORKS_ipv6.nft]
- Nftables::Set[CUMIN_MASTERS]
- File[/etc/nftables/sets/MLSTAGE_KUBEPODS_NETWORKS_ipv4.nft]
- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv6.nft]
- Nftables::Set[CACHES]
- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/CUMIN_MASTERS_ipv4.nft]
- File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]
- Service[nftables]
- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]
- Nftables::Set[INTERNAL]
- File[/etc/nftables/sets/ANALYTICS_NETWORKS_ipv6.nft]
- File[/usr/local/bin/check-nft]
- File[/etc/nftables/sets/FRACK_NETWORKS_ipv4.nft]
- File[/etc/nftables/sets/STAGING_KUBEPODS_NETWORKS_ipv4.nft]
- File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]
- Nftables::Set[DEPLOYMENT_HOSTS]
- Rsyslog::Conf[prometheus-node-textfile-check-nft]
- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]
- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv4.nft]
- Nftables::Set[KAFKAMON_HOSTS]
- File[/etc/nftables/sets/CACHES_ipv6.nft]
- Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]
- Systemd::Service[prometheus-node-textfile-check-nft]
- File[/etc/nftables/sets/DRUID_PUBLIC_HOSTS_ipv6.nft]
- Nftables::Set[DRUID_PUBLIC_HOSTS]
- Systemd::Unmask[nftables.service]
- Prometheus::Node_textfile[check-nft]
- File[/etc/nftables/output]
- File[/etc/nftables/sets/FRACK_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/LINK_LOCAL_ipv6.nft]
- Nftables::Set[NETWORK_INFRA]
- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/SANDBOX_NETWORKS_ipv6.nft]
- Systemd::Unit[prometheus-node-textfile-check-nft.timer]
- File[/etc/nftables/sets/KAFKA_BROKERS_JUMBO_ipv6.nft]
- Nftables::Set[DSE_KUBEPODS_NETWORKS]
- File[/etc/nftables/input/10_full-monitoring-metrics-access-tcp.nft]
- Nftables::Set[KAFKA_BROKERS_MAIN]
- Nftables::Service[full-monitoring-metrics-access-tcp]
- File[/etc/nftables/sets/CLOUD_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/LABS_NETWORKS_ipv6.nft]
- File[/etc/nftables/sets/DSE_KUBEPODS_NETWORKS_ipv4.nft]
- File[/var/log/prometheus-node-textfile-check-nft]
- File[/etc/logrotate.d/prometheus-node-textfile-check-nft]
- File[/etc/rsyslog.d/40-prometheus-node-textfile-check-nft.conf]
- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv6.nft]
- Nftables::Set[SANDBOX_NETWORKS]
Resources only in the old catalog
- Systemd::Override[ferm-service-status-restart]
- Ferm::Conf[defs]
- Rsyslog::Conf[ulogd]
- Systemd::Unit[wmf_auto_restart_ulogd2.service]
- Logrotate::Conf[ulogd]
- Alternatives::Select[iptables]
- File[/var/log/wmf_auto_restart_ulogd2]
- Rsyslog::Conf[wmf_auto_restart_ulogd2]
- Systemd::Service[wmf_auto_restart_ulogd2]
- Exec[update_alternative_iptables]
- Ferm::Rule[log-everything]
- File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]
- File[/etc/ferm/functions.conf]
- Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]
- Package[ulogd2]
- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]
- File[/etc/rsyslog.d/40-ulogd.conf]
- File[/etc/systemd/system/ferm.service.d/ferm-service-status-restart.conf]
- File[/etc/logrotate.d/ulogd]
- Ferm::Rule[drop-blocked-nets]
- Ferm::Conf[main]
- File[/etc/ferm/conf.d/99_dscp-default]
- Class[Ulogd]
- Ferm::Service[rpkivalidator_rtr_acl]
- File[/etc/sudoers.d/nrpe-check_ferm_active]
- Systemd::Syslog[ulogd]
- File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]
- File[/lib/systemd/system/wmf_auto_restart_ulogd2.service]
- File[/etc/ferm/conf.d/00_defs]
- Class[Profile::Firewall::Log::Ferm]
- Nrpe::Check[check_ferm_active]
- File[/etc/ferm/ferm.conf]
- File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]
- Systemd::Unit[nrpe2nodexp-ferm_active.service]
- Prometheus::Alert::Rule[check_ferm_active_bba0a2572329bb500b832470e08b381c]
- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]
- Rsyslog::Conf[nrpe2nodexp-ferm_active]
- File[/etc/ferm/conf.d/02_main]
- Systemd::Syslog[wmf_auto_restart_ulogd2]
- Ferm::Service[full_monitoring_metrics_access_udp]
- Systemd::Timer[nrpe2nodexp-ferm_active]
- File[/etc/ferm/conf.d]
- Logrotate::Conf[wmf_auto_restart_ulogd2]
- File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]
- Systemd::Unit[ferm-ferm-service-status-restart]
- File[/lib/systemd/system/wmf_auto_restart_ulogd2.timer]
- File[/etc/ferm/conf.d/98_log-everything]
- File[/etc/rsyslog.d/40-wmf-auto-restart-ulogd2.conf]
- File[/etc/ferm/conf.d/10_rpkivalidator_rtr_acl]
- Exec[update_alternative_ip6tables]
- Service[ferm]
- Ferm::Service[ssh_from_cumin_masters]
- Systemd::Timer::Job[wmf_auto_restart_ulogd2]
- Systemd::Timer[wmf_auto_restart_ulogd2]
- Ferm::Service[ssh_from_bastion]
- Systemd::Unit[nrpe2nodexp-ferm_active.timer]
- Ferm::Service[full_monitoring_metrics_access_tcp]
- File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_tcp]
- Sudo::User[nrpe-check_ferm_active]
- Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.service (wmf_auto_restart_ulogd2.service)]
- File_line[auto_restart_file_presence_ulogd2]
- Service[wmf_auto_restart_ulogd2.timer]
- Monitoring::Exported_nagios_service[rpki2003 ferm_active]
- File[/etc/systemd/system/ferm.service.d]
- Ferm::Rule[filter_log_filter-bootp]
- Systemd::Unit[wmf_auto_restart_ulogd2.timer]
- File[/etc/default/ferm]
- File[/etc/ferm/conf.d/10_ssh_from_bastion]
- Service[ulogd2]
- Exec[systemd daemon-reload for wmf_auto_restart_ulogd2.timer (wmf_auto_restart_ulogd2.timer)]
- File[/var/log/ulogd]
- Monitoring::Service[ferm_active]
- Nrpe::Plugin[check_ferm]
- File[/etc/nagios/nrpe.d/check_ferm_active.cfg]
- File[/usr/local/lib/nagios/plugins/check_ferm]
- Ferm::Filter_log[filter-bootp]
- Systemd::Service[nrpe2nodexp-ferm_active]
- File[/etc/ferm/conf.d/98_filter_log_filter-bootp]
- File[/etc/ulogd.conf]
- Alternatives::Select[ip6tables]
- File[/etc/logrotate.d/wmf_auto_restart_ulogd2]
- File[/etc/ferm/conf.d/01_drop-blocked-nets]
- Profile::Auto_restarts::Service[ulogd2]
- Service[nrpe2nodexp-ferm_active.timer]
- Nrpe::Monitor_service[ferm_active]
- File[/etc/ferm/conf.d/10_ssh_from_cumin_masters]
- Ferm::Rule[dscp-default]
- Systemd::Timer::Job[nrpe2nodexp-ferm_active]
Resources modified
- File[/etc/modules-load.d/conntrack.conf]
- Parameters differences:
--- File[/etc/modules-load.d/conntrack.conf].orig +++ File[/etc/modules-load.d/conntrack.conf] @@ - ensure => file + ensure => absent
- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]
- Parameters differences:
--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft].orig +++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft.orig +++ /etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft @@ -0,0 +1,7 @@ +# Autogenerated by puppet +set KAFKAMON_HOSTS_ipv4 { + type ipv4_addr + elements = { 10.64.32.11, + 10.192.16.139 + } +}- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft]
- Parameters differences:
--- File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft].orig +++ File[/etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft.orig +++ /etc/nftables/sets/PROMETHEUS_HOSTS_ipv4.nft @@ -0,0 +1,9 @@ +# Autogenerated by puppet +set PROMETHEUS_HOSTS_ipv4 { + type ipv4_addr + elements = { 10.192.16.75, + 10.192.32.67, + 10.192.9.11, + 10.192.39.10 + } +}- File[/etc/nftables/sets/INTERNAL_ipv6.nft]
- Parameters differences:
--- File[/etc/nftables/sets/INTERNAL_ipv6.nft].orig +++ File[/etc/nftables/sets/INTERNAL_ipv6.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/INTERNAL_ipv6.nft.orig +++ /etc/nftables/sets/INTERNAL_ipv6.nft @@ -0,0 +1,15 @@ +# Autogenerated by puppet +set INTERNAL_ipv6 { + type ipv6_addr + flags interval + auto-merge + elements = { 2620:0:860:100::/56, + 2620:0:861:100::/56, + 2620:0:863:100::/56, + 2a02:ec80:300:100::/56, + 2a02:ec80:600:100::/56, + 2a02:ec80:700:100::/56, + 2001:df2:e500:100::/56, + 2a02:ec80:ff00:100::/56 + } +}- Exec[unmask_nftables.service]
- Parameters differences:
--- Exec[unmask_nftables.service].orig +++ Exec[unmask_nftables.service] + onlyif => /bin/readlink -f /etc/systemd/system/nftables.service | grep -q /dev/null + refreshonly => False + command => /bin/systemctl unmask nftables.service
- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]
- Parameters differences:
--- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft].orig +++ File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft.orig +++ /etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft @@ -0,0 +1,189 @@ +# Autogenerated by puppet +set DOMAIN_NETWORKS_ipv4 { + type ipv4_addr + flags interval + auto-merge + elements = { 10.128.0.0/24, + 10.128.1.0/24, + 10.128.2.0/24, + 10.132.0.0/24, + 10.132.2.0/24, + 10.136.0.0/24, + 10.136.1.0/24, + 10.140.0.0/24, + 10.140.1.0/24, + 10.140.2.0/24, + 10.192.0.0/22, + 10.192.10.0/24, + 10.192.11.0/24, + 10.192.12.0/24, + 10.192.13.0/24, + 10.192.14.0/24, + 10.192.15.0/24, + 10.192.16.0/22, + 10.192.20.0/24, + 10.192.21.0/24, + 10.192.22.0/24, + 10.192.23.0/24, + 10.192.24.0/23, + 10.192.26.0/24, + 10.192.27.0/24, + 10.192.28.0/24, + 10.192.29.0/24, + 10.192.30.0/24, + 10.192.31.0/24, + 10.192.32.0/22, + 10.192.36.0/24, + 10.192.37.0/24, + 10.192.38.0/24, + 10.192.39.0/24, + 10.192.4.0/24, + 10.192.40.0/24, + 10.192.41.0/24, + 10.192.42.0/24, + 10.192.43.0/24, + 10.192.44.0/24, + 10.192.45.0/24, + 10.192.46.0/24, + 10.192.47.0/24, + 10.192.48.0/22, + 10.192.5.0/24, + 10.192.52.0/24, + 10.192.56.0/24, + 10.192.57.0/24, + 10.192.58.0/24, + 10.192.59.0/24, + 10.192.6.0/24, + 10.192.64.0/21, + 10.192.7.0/24, + 10.192.72.0/24, + 10.192.76.0/24, + 10.192.8.0/24, + 10.192.80.0/20, + 10.192.9.0/24, + 10.192.96.0/21, + 10.194.0.0/20, + 10.194.128.0/17, + 10.194.16.0/21, + 10.194.61.0/24, + 10.194.62.0/23, + 10.194.64.0/20, + 10.194.80.0/21, + 10.2.1.0/24, + 10.2.2.0/24, + 10.2.3.0/24, + 10.2.4.0/24, + 10.2.5.0/24, + 10.2.6.0/24, + 10.2.7.0/24, + 10.64.0.0/22, + 10.64.130.0/24, + 10.64.131.0/24, + 10.64.132.0/24, + 10.64.133.0/24, + 10.64.134.0/24, + 10.64.135.0/24, + 10.64.136.0/24, + 10.64.137.0/24, + 10.64.138.0/24, + 10.64.139.0/24, + 10.64.140.0/24, + 10.64.141.0/24, + 10.64.142.0/24, + 10.64.143.0/24, + 10.64.144.0/24, + 10.64.145.0/24, + 10.64.148.0/24, + 10.64.149.0/24, + 10.64.150.0/24, + 10.64.151.0/24, + 10.64.152.0/24, + 10.64.153.0/24, + 10.64.154.0/24, + 10.64.155.0/24, + 10.64.156.0/24, + 10.64.157.0/24, + 10.64.158.0/24, + 10.64.159.0/24, + 10.64.16.0/22, + 10.64.160.0/24, + 10.64.161.0/24, + 10.64.162.0/24, + 10.64.163.0/24, + 10.64.164.0/24, + 10.64.165.0/24, + 10.64.166.0/24, + 10.64.167.0/24, + 10.64.169.0/24, + 10.64.170.0/24, + 10.64.171.0/24, + 10.64.172.0/24, + 10.64.173.0/24, + 10.64.174.0/24, + 10.64.175.0/24, + 10.64.176.0/24, + 10.64.177.0/24, + 10.64.178.0/24, + 10.64.179.0/24, + 10.64.180.0/24, + 10.64.181.0/24, + 10.64.182.0/24, + 10.64.183.0/24, + 10.64.184.0/24, + 10.64.185.0/24, + 10.64.186.0/24, + 10.64.187.0/24, + 10.64.188.0/24, + 10.64.189.0/24, + 10.64.190.0/24, + 10.64.20.0/24, + 10.64.21.0/24, + 10.64.24.0/23, + 10.64.32.0/22, + 10.64.36.0/24, + 10.64.48.0/22, + 10.64.5.0/24, + 10.64.53.0/24, + 10.64.64.0/21, + 10.64.72.0/24, + 10.64.76.0/24, + 10.67.0.0/20, + 10.67.128.0/17, + 10.67.16.0/21, + 10.67.24.0/21, + 10.67.32.0/20, + 10.67.64.0/20, + 10.67.80.0/21, + 10.80.0.0/24, + 10.80.1.0/24, + 10.80.2.0/24, + 103.102.166.0/28, + 103.102.166.224/27, + 103.102.166.96/27, + 185.15.58.0/27, + 185.15.58.224/27, + 185.15.58.32/27, + 185.15.59.0/27, + 185.15.59.224/27, + 185.15.59.32/27, + 185.15.59.96/27, + 195.200.68.0/27, + 195.200.68.224/27, + 195.200.68.32/27, + 195.200.68.96/27, + 198.35.26.0/27, + 198.35.26.32/27, + 198.35.26.96/27, + 208.80.152.128/27, + 208.80.153.0/27, + 208.80.153.224/27, + 208.80.153.32/27, + 208.80.153.64/27, + 208.80.153.96/27, + 208.80.154.0/26, + 208.80.154.128/26, + 208.80.154.224/27, + 208.80.154.64/26, + 208.80.155.96/27 + } +}- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft]
- Parameters differences:
--- File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft].orig +++ File[/etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft.orig +++ /etc/nftables/sets/DEPLOYMENT_HOSTS_ipv4.nft @@ -0,0 +1,7 @@ +# Autogenerated by puppet +set DEPLOYMENT_HOSTS_ipv4 { + type ipv4_addr + elements = { 10.64.16.93, + 10.192.32.7 + } +}- File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft]
- Parameters differences:
--- File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft].orig +++ File[/etc/nftables/sets/INSTALL_HOSTS_ipv4.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/INSTALL_HOSTS_ipv4.nft.orig +++ /etc/nftables/sets/INSTALL_HOSTS_ipv4.nft @@ -0,0 +1,12 @@ +# Autogenerated by puppet +set INSTALL_HOSTS_ipv4 { + type ipv4_addr + elements = { 208.80.154.134, + 208.80.153.70, + 185.15.59.101, + 198.35.26.98, + 103.102.166.104, + 185.15.58.7, + 195.200.68.100 + } +}- File[/etc/nftables/sets/CACHES_ipv6.nft]
- Parameters differences:
--- File[/etc/nftables/sets/CACHES_ipv6.nft].orig +++ File[/etc/nftables/sets/CACHES_ipv6.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/CACHES_ipv6.nft.orig +++ /etc/nftables/sets/CACHES_ipv6.nft @@ -0,0 +1,117 @@ +# Autogenerated by puppet +set CACHES_ipv6 { + type ipv6_addr + elements = { 2620:0:861:101:10:64:0:79, + 2620:0:861:101:10:64:0:229, + 2620:0:861:101:10:64:0:14, + 2620:0:861:101:10:64:0:51, + 2620:0:861:102:10:64:16:241, + 2620:0:861:102:10:64:16:94, + 2620:0:861:102:10:64:16:95, + 2620:0:861:102:10:64:16:240, + 2620:0:861:103:10:64:32:14, + 2620:0:861:103:10:64:32:60, + 2620:0:861:103:10:64:32:15, + 2620:0:861:103:10:64:32:65, + 2620:0:861:107:10:64:48:16, + 2620:0:861:107:10:64:48:41, + 2620:0:861:107:10:64:48:27, + 2620:0:861:107:10:64:48:28, + 2620:0:860:113:10:192:23:26, + 2620:0:860:107:10:192:6:20, + 2620:0:860:10d:10:192:12:35, + 2620:0:860:10f:10:192:14:25, + 2620:0:860:100:10:192:4:22, + 2620:0:860:116:10:192:29:26, + 2620:0:860:119:10:192:30:29, + 2620:0:860:11b:10:192:36:19, + 2620:0:860:11f:10:192:40:25, + 2620:0:860:120:10:192:41:21, + 2620:0:860:12b:10:192:56:3, + 2620:0:860:12b:10:192:56:4, + 2620:0:860:12c:10:192:57:3, + 2620:0:860:12d:10:192:58:2, + 2620:0:860:12d:10:192:58:3, + 2620:0:860:12e:10:192:59:2, + 2a02:ec80:300:101:10:80:0:14, + 2a02:ec80:300:102:10:80:1:11, + 2a02:ec80:300:101:10:80:0:13, + 2a02:ec80:300:102:10:80:1:9, + 2a02:ec80:300:101:10:80:0:12, + 2a02:ec80:300:102:10:80:1:7, + 2a02:ec80:300:101:10:80:0:11, + 2a02:ec80:300:102:10:80:1:6, + 2a02:ec80:300:101:10:80:0:10, + 2a02:ec80:300:102:10:80:1:5, + 2a02:ec80:300:101:10:80:0:8, + 2a02:ec80:300:102:10:80:1:4, + 2a02:ec80:300:101:10:80:0:7, + 2a02:ec80:300:102:10:80:1:3, + 2a02:ec80:300:101:10:80:0:6, + 2a02:ec80:300:102:10:80:1:2, + 2620:0:863:101:10:128:0:19, + 2620:0:863:102:10:128:1:27, + 2620:0:863:101:10:128:0:22, + 2620:0:863:102:10:128:1:28, + 2620:0:863:101:10:128:0:25, + 2620:0:863:102:10:128:1:29, + 2620:0:863:101:10:128:0:26, + 2620:0:863:102:10:128:1:31, + 2620:0:863:101:10:128:0:14, + 2620:0:863:102:10:128:1:35, + 2620:0:863:101:10:128:0:21, + 2620:0:863:102:10:128:1:36, + 2620:0:863:101:10:128:0:24, + 2620:0:863:102:10:128:1:10, + 2620:0:863:101:10:128:0:37, + 2620:0:863:102:10:128:1:12, + 2001:df2:e500:101:10:132:0:17, + 2001:df2:e500:101:10:132:0:18, + 2001:df2:e500:101:10:132:0:19, + 2001:df2:e500:101:10:132:0:24, + 2001:df2:e500:101:10:132:0:29, + 2001:df2:e500:101:10:132:0:30, + 2001:df2:e500:101:10:132:0:34, + 2001:df2:e500:101:10:132:0:35, + 2001:df2:e500:101:10:132:0:36, + 2001:df2:e500:101:10:132:0:37, + 2001:df2:e500:101:10:132:0:38, + 2001:df2:e500:101:10:132:0:25, + 2001:df2:e500:101:10:132:0:26, + 2001:df2:e500:101:10:132:0:27, + 2001:df2:e500:101:10:132:0:28, + 2001:df2:e500:101:10:132:0:16, + 2a02:ec80:600:101:10:136:0:6, + 2a02:ec80:600:102:10:136:1:6, + 2a02:ec80:600:101:10:136:0:7, + 2a02:ec80:600:102:10:136:1:7, + 2a02:ec80:600:101:10:136:0:8, + 2a02:ec80:600:102:10:136:1:8, + 2a02:ec80:600:101:10:136:0:9, + 2a02:ec80:600:102:10:136:1:9, + 2a02:ec80:600:101:10:136:0:10, + 2a02:ec80:600:102:10:136:1:10, + 2a02:ec80:600:101:10:136:0:11, + 2a02:ec80:600:102:10:136:1:11, + 2a02:ec80:600:101:10:136:0:12, + 2a02:ec80:600:102:10:136:1:12, + 2a02:ec80:600:101:10:136:0:13, + 2a02:ec80:600:102:10:136:1:13, + 2a02:ec80:700:101:10:140:0:3, + 2a02:ec80:700:102:10:140:1:4, + 2a02:ec80:700:101:10:140:0:4, + 2a02:ec80:700:102:10:140:1:5, + 2a02:ec80:700:101:10:140:0:5, + 2a02:ec80:700:102:10:140:1:6, + 2a02:ec80:700:101:10:140:0:6, + 2a02:ec80:700:102:10:140:1:7, + 2a02:ec80:700:101:10:140:0:7, + 2a02:ec80:700:102:10:140:1:8, + 2a02:ec80:700:101:10:140:0:8, + 2a02:ec80:700:102:10:140:1:9, + 2a02:ec80:700:101:10:140:0:9, + 2a02:ec80:700:102:10:140:1:10, + 2a02:ec80:700:101:10:140:0:10, + 2a02:ec80:700:102:10:140:1:11 + } +}- File[/var/log/prometheus-node-textfile-check-nft]
- Parameters differences:
--- File[/var/log/prometheus-node-textfile-check-nft].orig +++ File[/var/log/prometheus-node-textfile-check-nft] + force => True + mode => 0755 + owner => root + ensure => directory + group => root + backup => False
- Systemd::Timer::Job[prometheus-node-textfile-check-nft]
- Parameters differences:
--- Systemd::Timer::Job[prometheus-node-textfile-check-nft].orig +++ Systemd::Timer::Job[prometheus-node-textfile-check-nft] + user => root + private_tmp => False + send_mail => False + send_mail_to => root@rpki2003.codfw.wmnet + command => /usr/local/bin/check-nft + monitoring_contact_groups => admins + logfile_perms => all + ignore_errors => False + syslog_force_stop => True + description => Systemd timer to gather node metrics for check-nft + send_mail_only_on_error => True + interval => {'start': 'OnCalendar', 'interval': '*:0/30'} + logfile_group => root + logfile_basedir => /var/log + monitoring_enabled => False + ensure => present + fixed_random_delay => False + logging_enabled => True + syslog_match_startswith => True + monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state + environment => {} + logfile_name => syslog.log + success_exit_status => []- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]
- Parameters differences:
--- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft].orig +++ File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft.orig +++ /etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft @@ -0,0 +1,11 @@ +# Autogenerated by puppet +set ZOOKEEPER_FLINK_HOSTS_ipv6 { + type ipv6_addr + elements = { 2620:0:861:102:10:64:16:9, + 2620:0:861:101:10:64:0:8, + 2620:0:861:103:10:64:32:41, + 2620:0:860:102:10:192:16:227, + 2620:0:860:103:10:192:32:179, + 2620:0:860:104:10:192:48:219 + } +}- Class[Ulogd]
- Parameters differences:
--- Class[Ulogd].orig +++ Class[Ulogd] - pcap_file => /var/log/ulog/ulogd.pcap - oprint_logfile => /var/log/ulog/oprint.log - logfile => syslog - syslog_facility => local7 - gprint_logfile => /var/log/ulog/gprint.log - nfct => [] - json_nfct_logfile => /var/log/ulog/ulogd_nfct.json - xml_directory => /var/log/ulog/ - acct => [] - nacct_file => /var/log/ulog/nacct.log - json_logfile => /var/log/ulog/ulogd.json - ensure => present - log_level => info - logemu_nfct_logfile => /var/log/ulog/syslogemu_nfct.log - syslog_level => info - sync => True - logemu_logfile => /var/log/ulog/syslogemu.log - config_file => /etc/ulogd.conf - nflog => ['SYSLOG']
- Systemd::Syslog[ulogd]
- Parameters differences:
--- Systemd::Syslog[ulogd].orig +++ Systemd::Syslog[ulogd] - programname_comparison => startswith - ensure => present - group => root - readable_by => user - log_filename => syslog.log - base_dir => /var/log - force_stop => True - owner => root
- Nftables::Set[CLOUD_NETWORKS_PUBLIC]
- Parameters differences:
--- Nftables::Set[CLOUD_NETWORKS_PUBLIC].orig +++ Nftables::Set[CLOUD_NETWORKS_PUBLIC] + hosts => ['185.15.56.0/25', '185.15.56.160/28', '185.15.57.0/29', '185.15.57.16/29', '185.15.57.24/29', '2a02:ec80:a000:4000::/64', '2a02:ec80:a100:4000::/64'] + ensure => present
- Class[Ferm]
- Parameters differences:
--- Class[Ferm].orig +++ Class[Ferm] @@ - ensure => present + ensure => absent
- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]
- Parameters differences:
--- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft].orig +++ File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft.orig +++ /etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft @@ -0,0 +1,11 @@ +# Autogenerated by puppet +set ZOOKEEPER_HOSTS_MAIN_ipv6 { + type ipv6_addr + elements = { 2620:0:861:101:10:64:0:207, + 2620:0:861:102:10:64:16:110, + 2620:0:861:107:10:64:48:154, + 2620:0:860:102:10:192:16:45, + 2620:0:860:103:10:192:32:52, + 2620:0:860:104:10:192:48:59 + } +}- Systemd::Service[wmf_auto_restart_ulogd2]
- Parameters differences:
--- Systemd::Service[wmf_auto_restart_ulogd2].orig +++ Systemd::Service[wmf_auto_restart_ulogd2] - restart => False - ensure => present - monitoring_enabled => False - require => Systemd::Unit[wmf_auto_restart_ulogd2.service] - monitoring_critical => False - migration_task => T407130 - monitoring_contact_group => admins - service_params => {} - override => False - unit_type => timer- Ferm::Rule[log-everything]
- Parameters differences:
--- Ferm::Rule[log-everything].orig +++ Ferm::Rule[log-everything] - domain => (ip ip6) - rule => NFLOG mod limit limit 1/second limit-burst 5 nflog-prefix "[fw-in-drop]"; - chain => INPUT - ensure => present - prio => 98 - table => filter - desc =>
- Package[ulogd2]
- Parameters differences:
--- Package[ulogd2].orig +++ Package[ulogd2] - provider => apt - ensure => installed
- Ferm::Service[rpkivalidator_rtr_acl]
- Parameters differences:
--- Ferm::Service[rpkivalidator_rtr_acl].orig +++ Ferm::Service[rpkivalidator_rtr_acl] - src_sets => ['NETWORK_INFRA', 'MGMT_NETWORKS'] - notrack => False - ensure => present - unrestricted_access => False - proto => tcp - prio => 10 - port => 3323 - desc => RPKI to router port
- Systemd::Unit[nrpe2nodexp-ferm_active.service]
- Parameters differences:
--- Systemd::Unit[nrpe2nodexp-ferm_active.service].orig +++ Systemd::Unit[nrpe2nodexp-ferm_active.service] - unit => nrpe2nodexp-ferm_active.service - restart => False - ensure => present - override_filename => puppet-override.conf - require => ['Class[Systemd]'] - override => False
- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]
- Parameters differences:
--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft].orig +++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft.orig +++ /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft @@ -0,0 +1,9 @@ +# Autogenerated by puppet +set MLSERVE_KUBEPODS_NETWORKS_ipv6 { + type ipv6_addr + flags interval + auto-merge + elements = { 2620:0:861:300::/64, + 2620:0:860:300::/64 + } +}- Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS]
- Parameters differences:
--- Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS].orig +++ Nftables::Set[MLSTAGE_KUBEPODS_NETWORKS] + hosts => ['10.194.61.0/24', '2620:0:860:302::/64'] + ensure => present
- File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]
- Parameters differences:
--- File[/etc/nftables/input/10_ssh-from-cumin-masters.nft].orig +++ File[/etc/nftables/input/10_ssh-from-cumin-masters.nft] + notify => ['Service[nftables]'] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + require => ['Nftables::Set[CUMIN_MASTERS]']
- Content differences:
--- /etc/nftables/input/10_ssh-from-cumin-masters.nft.orig +++ /etc/nftables/input/10_ssh-from-cumin-masters.nft @@ -0,0 +1,4 @@ +# Managed by puppet +# +ip saddr @CUMIN_MASTERS_ipv4 tcp dport { 22 } accept +ip6 saddr @CUMIN_MASTERS_ipv6 tcp dport { 22 } accept- File[/var/log/ulogd]
- Parameters differences:
--- File[/var/log/ulogd].orig +++ File[/var/log/ulogd] - force => True - mode => 0755 - owner => root - ensure => directory - group => root - backup => False
- Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]
- Parameters differences:
--- Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS].orig +++ Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS] + hosts => ['10.67.128.0/17', '2620:0:861:cabe::/64', '10.194.128.0/17', '2620:0:860:cabe::/64'] + ensure => present
- Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]
- Parameters differences:
--- Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)].orig +++ Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)] - refreshonly => True - command => /bin/systemctl daemon-reload - before => ['Service[ferm]']
- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]
- Parameters differences:
--- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)].orig +++ Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)] + refreshonly => True + command => /bin/systemctl daemon-reload
- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]
- Parameters differences:
--- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft].orig +++ File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft.orig +++ /etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft @@ -0,0 +1,7 @@ +# Autogenerated by puppet +set KAFKAMON_HOSTS_ipv6 { + type ipv6_addr + elements = { 2620:0:861:103:10:64:32:11, + 2620:0:860:102:10:192:16:139 + } +}- Service[nftables]
- Parameters differences:
--- Service[nftables].orig +++ Service[nftables] + hasrestart => True + restart => /usr/bin/systemctl reload nftables + enable => True + ensure => running
- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]
- Parameters differences:
--- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft].orig +++ File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft.orig +++ /etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft @@ -0,0 +1,9 @@ +# Autogenerated by puppet +set WIKIKUBE_KUBEPODS_NETWORKS_ipv4 { + type ipv4_addr + flags interval + auto-merge + elements = { 10.67.128.0/17, + 10.194.128.0/17 + } +}- File[/usr/local/lib/nagios/plugins/check_ferm]
- Parameters differences:
--- File[/usr/local/lib/nagios/plugins/check_ferm].orig +++ File[/usr/local/lib/nagios/plugins/check_ferm] - source => puppet:///modules/base/firewall/check_ferm - mode => 0555 - owner => root - ensure => file - group => root - tag => nrpe::plugin - require => File[/usr/local/lib/nagios/plugins/]
- Systemd::Timer::Job[nrpe2nodexp-ferm_active]
- Parameters differences:
--- Systemd::Timer::Job[nrpe2nodexp-ferm_active].orig +++ Systemd::Timer::Job[nrpe2nodexp-ferm_active] - user => nagios - private_tmp => False - send_mail => False - send_mail_to => root@rpki2003.codfw.wmnet - splay => 600 - group => prometheus-node-exporter - command => /usr/local/bin/nrpe2nodexp --alert-rule-hash "bba0a2572329bb500b832470e08b381c" --timeout 10 --check-command "check_ferm_active" - monitoring_contact_groups => admins - logfile_perms => all - ignore_errors => True - description => execution of nrpe2nodexp for the check_ferm_active command. - syslog_force_stop => True - send_mail_only_on_error => True - interval => [{'start': 'OnUnitInactiveSec', 'interval': '10min'}] - logfile_group => root - logfile_basedir => /var/log - monitoring_enabled => False - ensure => present - fixed_random_delay => True - syslog_identifier => nrpe2nodexp-ferm_active - logging_enabled => False - syslog_match_startswith => True - monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state - environment => {} - logfile_name => syslog.log - success_exit_status => []- Logrotate::Conf[ulogd]
- Parameters differences:
--- Logrotate::Conf[ulogd].orig +++ Logrotate::Conf[ulogd] - ensure => present
- Alternatives::Select[iptables]
- Parameters differences:
--- Alternatives::Select[iptables].orig +++ Alternatives::Select[iptables] - require => Package[iptables] - path => /usr/sbin/iptables-legacy
- Exec[update_alternative_iptables]
- Parameters differences:
--- Exec[update_alternative_iptables].orig +++ Exec[update_alternative_iptables] - command => /usr/bin/update-alternatives --force --set iptables /usr/sbin/iptables-legacy - unless => /usr/bin/update-alternatives --query iptables | /bin/grep 'Value: /usr/sbin/iptables-legacy'
- Class[Firewall]
- Parameters differences:
--- Class[Firewall].orig +++ Class[Firewall] @@ - provider => ferm + provider => nftables
- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]
- Parameters differences:
--- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)].orig +++ Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)] - refreshonly => True - command => /bin/systemctl daemon-reload - before => ['Service[nrpe2nodexp-ferm_active.timer]']
- File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]
- Parameters differences:
--- File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp].orig +++ File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp] - notify => Service[ferm] - mode => 0400 - owner => root - ensure => present - group => root - tag => ferm - require => File[/etc/ferm/conf.d]
- Content differences:
--- /etc/ferm/conf.d/10_full_monitoring_metrics_access_udp.orig +++ /etc/ferm/conf.d/10_full_monitoring_metrics_access_udp @@ -1,6 +0,0 @@ -# Autogenerated by puppet. DO NOT EDIT BY HAND! -# -# -&R_SERVICE(udp, 1:65535, (10.192.16.75 10.192.32.67 10.192.39.10 10.192.9.11 208.80.153.42 208.80.154.78 2620:0:860:102:10:192:16:75 2620:0:860:103:10:192:32:67 2620:0:860:10a:10:192:9:11 2620:0:860:11e:10:192:39:10 2620:0:860:2:208:80:153:42 2620:0:861:3:208:80:154:78)); - -
- Class[Profile::Firewall::Log::Ferm]
- Parameters differences:
--- Class[Profile::Firewall::Log::Ferm].orig +++ Class[Profile::Firewall::Log::Ferm] - log_rate => 1/second - log_burst => 5 - separate_file => True
- Nftables::Set[PRODUCTION_NETWORKS]
- Parameters differences:
--- Nftables::Set[PRODUCTION_NETWORKS].orig +++ Nftables::Set[PRODUCTION_NETWORKS] + hosts => ['10.128.0.0/24', '10.128.1.0/24', '10.128.2.0/24', '10.132.0.0/24', '10.132.2.0/24', '10.136.0.0/24', '10.136.1.0/24', '10.140.0.0/24', '10.140.1.0/24', '10.140.2.0/24', '10.192.0.0/22', '10.192.10.0/24', '10.192.11.0/24', '10.192.12.0/24', '10.192.13.0/24', '10.192.14.0/24', '10.192.15.0/24', '10.192.16.0/22', '10.192.20.0/24', '10.192.21.0/24', '10.192.22.0/24', '10.192.23.0/24', '10.192.24.0/23', '10.192.26.0/24', '10.192.27.0/24', '10.192.28.0/24', '10.192.29.0/24', '10.192.30.0/24', '10.192.31.0/24', '10.192.32.0/22', '10.192.36.0/24', '10.192.37.0/24', '10.192.38.0/24', '10.192.39.0/24', '10.192.4.0/24', '10.192.40.0/24', '10.192.41.0/24', '10.192.42.0/24', '10.192.43.0/24', '10.192.44.0/24', '10.192.45.0/24', '10.192.46.0/24', '10.192.47.0/24', '10.192.48.0/22', '10.192.5.0/24', '10.192.52.0/24', '10.192.56.0/24', '10.192.57.0/24', '10.192.58.0/24', '10.192.59.0/24', '10.192.6.0/24', '10.192.64.0/21', '10.192.7.0/24', '10.192.72.0/24', '10.192.76.0/24', '10.192.8.0/24', '10.192.80.0/20', '10.192.9.0/24', '10.192.96.0/21', '10.194.0.0/20', '10.194.128.0/17', '10.194.16.0/21', '10.194.61.0/24', '10.194.62.0/23', '10.194.64.0/20', '10.194.80.0/21', '10.2.1.0/24', '10.2.2.0/24', '10.2.3.0/24', '10.2.4.0/24', '10.2.5.0/24', '10.2.6.0/24', '10.2.7.0/24', '10.64.0.0/22', '10.64.130.0/24', '10.64.131.0/24', '10.64.132.0/24', '10.64.133.0/24', '10.64.134.0/24', '10.64.135.0/24', '10.64.136.0/24', '10.64.137.0/24', '10.64.138.0/24', '10.64.139.0/24', '10.64.140.0/24', '10.64.141.0/24', '10.64.142.0/24', '10.64.143.0/24', '10.64.144.0/24', '10.64.145.0/24', '10.64.148.0/24', '10.64.149.0/24', '10.64.150.0/24', '10.64.151.0/24', '10.64.152.0/24', '10.64.153.0/24', '10.64.154.0/24', '10.64.155.0/24', '10.64.156.0/24', '10.64.157.0/24', '10.64.158.0/24', '10.64.159.0/24', '10.64.16.0/22', '10.64.160.0/24', '10.64.161.0/24', '10.64.162.0/24', '10.64.163.0/24', '10.64.164.0/24', '10.64.165.0/24', '10.64.166.0/24', '10.64.167.0/24', '10.64.169.0/24', '10.64.170.0/24', '10.64.171.0/24', '10.64.172.0/24', '10.64.173.0/24', '10.64.174.0/24', '10.64.175.0/24', '10.64.176.0/24', '10.64.177.0/24', '10.64.178.0/24', '10.64.179.0/24', '10.64.180.0/24', '10.64.181.0/24', '10.64.182.0/24', '10.64.183.0/24', '10.64.184.0/24', '10.64.185.0/24', '10.64.186.0/24', '10.64.187.0/24', '10.64.188.0/24', '10.64.189.0/24', '10.64.190.0/24', '10.64.20.0/24', '10.64.21.0/24', '10.64.24.0/23', '10.64.32.0/22', '10.64.36.0/24', '10.64.48.0/22', '10.64.5.0/24', '10.64.53.0/24', '10.64.64.0/21', '10.64.72.0/24', '10.64.76.0/24', '10.67.0.0/20', '10.67.128.0/17', '10.67.16.0/21', '10.67.24.0/21', '10.67.32.0/20', '10.67.64.0/20', '10.67.80.0/21', '10.80.0.0/24', '10.80.1.0/24', '10.80.2.0/24', '103.102.166.0/28', '103.102.166.224/27', '103.102.166.96/27', '185.15.58.0/27', '185.15.58.224/27', '185.15.58.32/27', '185.15.59.0/27', '185.15.59.224/27', '185.15.59.32/27', '185.15.59.96/27', '195.200.68.0/27', '195.200.68.224/27', '195.200.68.32/27', '195.200.68.96/27', '198.35.26.0/27', '198.35.26.32/27', '198.35.26.96/27', '198.35.26.96/27', '2001:df2:e500:101::/64', '2001:df2:e500:103::/64', '2001:df2:e500:1::/64', '2001:df2:e500:3::/64', '2001:df2:e500:ed1a::/64', '208.80.152.128/27', '208.80.153.0/27', '208.80.153.224/27', '208.80.153.32/27', '208.80.153.64/27', '208.80.153.96/27', '208.80.154.0/26', '208.80.154.128/26', '208.80.154.224/27', '208.80.154.64/26', '208.80.155.96/27', '2620:0:860:100::/64', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '2620:0:860:105::/64', '2620:0:860:106::/64', '2620:0:860:107::/64', '2620:0:860:108::/64', '2620:0:860:109::/64', '2620:0:860:10a::/64', '2620:0:860:10b::/64', '2620:0:860:10c::/64', '2620:0:860:10d::/64', '2620:0:860:10e::/64', '2620:0:860:10f::/64', '2620:0:860:110::/64', '2620:0:860:111::/64', '2620:0:860:112::/64', '2620:0:860:113::/64', '2620:0:860:114::/64', '2620:0:860:115::/64', '2620:0:860:116::/64', '2620:0:860:118::/64', '2620:0:860:119::/64', '2620:0:860:11a::/64', '2620:0:860:11b::/64', '2620:0:860:11c::/64', '2620:0:860:11d::/64', '2620:0:860:11e::/64', '2620:0:860:11f::/64', '2620:0:860:120::/64', '2620:0:860:121::/64', '2620:0:860:122::/64', '2620:0:860:123::/64', '2620:0:860:124::/64', '2620:0:860:125::/64', '2620:0:860:126::/64', '2620:0:860:127::/64', '2620:0:860:12b::/64', '2620:0:860:12c::/64', '2620:0:860:12d::/64', '2620:0:860:12e::/64', '2620:0:860:140::/64', '2620:0:860:1::/64', '2620:0:860:2::/64', '2620:0:860:300::/64', '2620:0:860:301::/64', '2620:0:860:302::/64', '2620:0:860:303::/64', '2620:0:860:304::/64', '2620:0:860:305::/64', '2620:0:860:307::/64', '2620:0:860:308::/64', '2620:0:860:3::/64', '2620:0:860:4::/64', '2620:0:860:5::/64', '2620:0:860:babe::/64', '2620:0:860:babf::/64', '2620:0:860:cabe::/64', '2620:0:860:cabf::/64', '2620:0:860:ed1a::/64', '2620:0:861:100::/64', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:104::/64', '2620:0:861:105::/64', '2620:0:861:106::/64', '2620:0:861:107::/64', '2620:0:861:108::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10c::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:110::/64', '2620:0:861:111::/64', '2620:0:861:112::/64', '2620:0:861:113::/64', '2620:0:861:114::/64', '2620:0:861:115::/64', '2620:0:861:116::/64', '2620:0:861:117::/64', '2620:0:861:118::/64', '2620:0:861:119::/64', '2620:0:861:11a::/64', '2620:0:861:11c::/64', '2620:0:861:11d::/64', '2620:0:861:11e::/64', '2620:0:861:11f::/64', '2620:0:861:120::/64', '2620:0:861:121::/64', '2620:0:861:122::/64', '2620:0:861:123::/64', '2620:0:861:124::/64', '2620:0:861:125::/64', '2620:0:861:126::/64', '2620:0:861:127::/64', '2620:0:861:128::/64', '2620:0:861:129::/64', '2620:0:861:12a::/64', '2620:0:861:12b::/64', '2620:0:861:12c::/64', '2620:0:861:12d::/64', '2620:0:861:12e::/64', '2620:0:861:12f::/64', '2620:0:861:131::/64', '2620:0:861:132::/64', '2620:0:861:133::/64', '2620:0:861:134::/64', '2620:0:861:135::/64', '2620:0:861:136::/64', '2620:0:861:137::/64', '2620:0:861:138::/64', '2620:0:861:139::/64', '2620:0:861:13a::/64', '2620:0:861:13b::/64', '2620:0:861:13c::/64', '2620:0:861:13d::/64', '2620:0:861:13e::/64', '2620:0:861:13f::/64', '2620:0:861:140::/64', '2620:0:861:141::/64', '2620:0:861:142::/64', '2620:0:861:143::/64', '2620:0:861:144::/64', '2620:0:861:145::/64', '2620:0:861:1::/64', '2620:0:861:2::/64', '2620:0:861:300::/64', '2620:0:861:301::/116', '2620:0:861:302::/64', '2620:0:861:303::/116', '2620:0:861:304::/116', '2620:0:861:305::/64', '2620:0:861:3::/64', '2620:0:861:4::/64', '2620:0:861:babe::/64', '2620:0:861:babf::/116', '2620:0:861:cabe::/64', '2620:0:861:cabf::/116', '2620:0:861:ed1a::/64', '2620:0:863:101::/64', '2620:0:863:102::/64', '2620:0:863:103::/64', '2620:0:863:1::/64', '2620:0:863:2::/64', '2620:0:863:3::/64', '2620:0:863:ed1a::/64', '2a02:ec80:300:101::/64', '2a02:ec80:300:102::/64', '2a02:ec80:300:103::/64', '2a02:ec80:300:1::/64', '2a02:ec80:300:2::/64', '2a02:ec80:300:3::/64', '2a02:ec80:300:ed1a::/64', '2a02:ec80:600:101::/64', '2a02:ec80:600:102::/64', '2a02:ec80:600:1::/64', '2a02:ec80:600:2::/64', '2a02:ec80:600:ed1a::/64', '2a02:ec80:700:101::/64', '2a02:ec80:700:102::/64', '2a02:ec80:700:103::/64', '2a02:ec80:700:1::/64', '2a02:ec80:700:2::/64', '2a02:ec80:700:3::/64', '2a02:ec80:700:ed1a::/64'] + ensure => present
- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]
- Parameters differences:
--- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft].orig +++ File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft.orig +++ /etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft @@ -0,0 +1,9 @@ +# Autogenerated by puppet +set MLSERVE_KUBEPODS_NETWORKS_ipv4 { + type ipv4_addr + flags interval + auto-merge + elements = { 10.67.16.0/21, + 10.194.16.0/21 + } +}- Nftables::Set[MW_APPSERVER_NETWORKS]
- Parameters differences:
--- Nftables::Set[MW_APPSERVER_NETWORKS].orig +++ Nftables::Set[MW_APPSERVER_NETWORKS] + hosts => ['10.64.0.0/22', '10.64.130.0/24', '10.64.131.0/24', '10.64.132.0/24', '10.64.133.0/24', '10.64.134.0/24', '10.64.135.0/24', '10.64.136.0/24', '10.64.141.0/24', '10.64.152.0/24', '10.64.154.0/24', '10.64.156.0/24', '10.64.158.0/24', '10.64.16.0/22', '10.64.160.0/24', '10.64.162.0/24', '10.64.164.0/24', '10.64.166.0/24', '10.64.169.0/24', '10.64.171.0/24', '10.64.173.0/24', '10.64.175.0/24', '10.64.177.0/24', '10.64.179.0/24', '10.64.181.0/24', '10.64.183.0/24', '10.64.185.0/24', '10.64.187.0/24', '10.64.189.0/24', '10.64.32.0/22', '10.64.48.0/22', '2620:0:861:101::/64', '2620:0:861:102::/64', '2620:0:861:103::/64', '2620:0:861:107::/64', '2620:0:861:109::/64', '2620:0:861:10a::/64', '2620:0:861:10b::/64', '2620:0:861:10c::/64', '2620:0:861:10d::/64', '2620:0:861:10e::/64', '2620:0:861:10f::/64', '2620:0:861:113::/64', '2620:0:861:119::/64', '2620:0:861:120::/64', '2620:0:861:122::/64', '2620:0:861:124::/64', '2620:0:861:126::/64', '2620:0:861:128::/64', '2620:0:861:12a::/64', '2620:0:861:12c::/64', '2620:0:861:12e::/64', '2620:0:861:131::/64', '2620:0:861:133::/64', '2620:0:861:135::/64', '2620:0:861:137::/64', '2620:0:861:139::/64', '2620:0:861:13b::/64', '2620:0:861:13d::/64', '2620:0:861:13f::/64', '2620:0:861:142::/64', '2620:0:861:144::/64', '10.192.0.0/22', '10.192.10.0/24', '10.192.11.0/24', '10.192.12.0/24', '10.192.13.0/24', '10.192.14.0/24', '10.192.15.0/24', '10.192.16.0/22', '10.192.21.0/24', '10.192.22.0/24', '10.192.23.0/24', '10.192.26.0/24', '10.192.27.0/24', '10.192.28.0/24', '10.192.29.0/24', '10.192.30.0/24', '10.192.31.0/24', '10.192.32.0/22', '10.192.36.0/24', '10.192.37.0/24', '10.192.38.0/24', '10.192.39.0/24', '10.192.4.0/24', '10.192.40.0/24', '10.192.41.0/24', '10.192.42.0/24', '10.192.43.0/24', '10.192.44.0/24', '10.192.45.0/24', '10.192.46.0/24', '10.192.47.0/24', '10.192.48.0/22', '10.192.5.0/24', '10.192.52.0/24', '10.192.56.0/24', '10.192.57.0/24', '10.192.58.0/24', '10.192.59.0/24', '10.192.6.0/24', '10.192.7.0/24', '10.192.8.0/24', '10.192.9.0/24', '2620:0:860:100::/64', '2620:0:860:101::/64', '2620:0:860:102::/64', '2620:0:860:103::/64', '2620:0:860:104::/64', '2620:0:860:105::/64', '2620:0:860:106::/64', '2620:0:860:107::/64', '2620:0:860:108::/64', '2620:0:860:109::/64', '2620:0:860:10a::/64', '2620:0:860:10b::/64', '2620:0:860:10c::/64', '2620:0:860:10d::/64', '2620:0:860:10e::/64', '2620:0:860:10f::/64', '2620:0:860:110::/64', '2620:0:860:111::/64', '2620:0:860:112::/64', '2620:0:860:113::/64', '2620:0:860:114::/64', '2620:0:860:115::/64', '2620:0:860:116::/64', '2620:0:860:119::/64', '2620:0:860:11a::/64', '2620:0:860:11b::/64', '2620:0:860:11c::/64', '2620:0:860:11d::/64', '2620:0:860:11e::/64', '2620:0:860:11f::/64', '2620:0:860:120::/64', '2620:0:860:121::/64', '2620:0:860:122::/64', '2620:0:860:123::/64', '2620:0:860:124::/64', '2620:0:860:125::/64', '2620:0:860:126::/64', '2620:0:860:127::/64', '2620:0:860:12b::/64', '2620:0:860:12c::/64', '2620:0:860:12d::/64', '2620:0:860:12e::/64', '10.192.64.0/21', '10.192.96.0/21', '10.194.128.0/17', '10.194.16.0/21', '10.194.61.0/24', '10.194.80.0/21', '10.64.64.0/21', '10.67.128.0/17', '10.67.16.0/21', '10.67.24.0/21', '10.67.80.0/21', '2620:0:860:300::/64', '2620:0:860:302::/64', '2620:0:860:305::/64', '2620:0:860:308::/64', '2620:0:860:babe::/64', '2620:0:860:cabe::/64', '2620:0:861:300::/64', '2620:0:861:302::/64', '2620:0:861:305::/64', '2620:0:861:babe::/64', '2620:0:861:cabe::/64', '208.80.154.0/26', '208.80.154.128/26', '208.80.154.64/26', '208.80.155.96/27', '2620:0:861:1::/64', '2620:0:861:2::/64', '2620:0:861:3::/64', '2620:0:861:4::/64', '208.80.153.0/27', '208.80.153.32/27', '208.80.153.64/27', '208.80.153.96/27', '2620:0:860:1::/64', '2620:0:860:2::/64', '2620:0:860:3::/64', '2620:0:860:4::/64'] + ensure => present
- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]
- Parameters differences:
--- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)].orig +++ Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)] + refreshonly => True + command => /bin/systemctl daemon-reload + before => ['Service[prometheus-node-textfile-check-nft.timer]']
- Nrpe::Plugin[check_ferm]
- Parameters differences:
--- Nrpe::Plugin[check_ferm].orig +++ Nrpe::Plugin[check_ferm] - source => puppet:///modules/base/firewall/check_ferm - ensure => present
- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]
- Parameters differences:
--- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft].orig +++ File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft.orig +++ /etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft @@ -0,0 +1,9 @@ +# Autogenerated by puppet +set AUX_KUBEPODS_NETWORKS_ipv4 { + type ipv4_addr + flags interval + auto-merge + elements = { 10.67.80.0/21, + 10.194.80.0/21 + } +}- Nftables::Set[INSTALL_HOSTS]
- Parameters differences:
--- Nftables::Set[INSTALL_HOSTS].orig +++ Nftables::Set[INSTALL_HOSTS] + hosts => ['208.80.154.134', '208.80.153.70', '185.15.59.101', '198.35.26.98', '103.102.166.104', '185.15.58.7', '195.200.68.100', '2620:0:861:2:208:80:154:134', '2620:0:860:3:208:80:153:70', '2a02:ec80:300:3:185:15:59:101', '2620:0:863:3:198:35:26:98', '2001:df2:e500:3:103:102:166:104', '2a02:ec80:600:1:185:15:58:7', '2a02:ec80:700:3:195:200:68:100'] + ensure => present
- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]
- Parameters differences:
--- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft].orig +++ File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft] + mode => 0444 + owner => root + ensure => present + group => root + tag => nft + notify => ['Service[nftables]']
- Content differences:
--- /etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft.orig +++ /etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft @@ -0,0 +1,189 @@ +# Autogenerated by puppet +set PRODUCTION_NETWORKS_ipv4 { + type ipv4_addr + flags interval + auto-merge + elements = { 10.128.0.0/24, + 10.128.1.0/24, + 10.128.2.0/24, + 10.132.0.0/24, + 10.132.2.0/24, + 10.136.0.0/24, + 10.136.1.0/24, + 10.140.0.0/24, + 10.140.1.0/24, + 10.140.2.0/24, + 10.192.0.0/22, + 10.192.10.0/24, + 10.192.11.0/24, + 10.192.12.0/24, + 10.192.13.0/24, + 10.192.14.0/24, + 10.192.15.0/24, + 10.192.16.0/22, + 10.192.20.0/24, + 10.192.21.0/24, + 10.192.22.0/24, + 10.192.23.0/24, + 10.192.24.0/23, + 10.192.26.0/24, + 10.192.27.0/24, + 10.192.28.0/24, + 10.192.29.0/24, + 10.192.30.0/24, + 10.192.31.0/24, + 10.192.32.0/22, + 10.192.36.0/24, + 10.192.37.0/24, + 10.192.38.0/24, + 10.192.39.0/24, + 10.192.4.0/24, + 10.192.40.0/24, + 10.192.41.0/24, + 10.192.42.0/24, + 10.192.43.0/24, + 10.192.44.0/24, + 10.192.45.0/24, + 10.192.46.0/24, + 10.192.47.0/24, + 10.192.48.0/22, + 10.192.5.0/24, + 10.192.52.0/24, + 10.192.56.0/24, + 10.192.57.0/24, + 10.192.58.0/24, + 10.192.59.0/24, + 10.192.6.0/24, + 10.192.64.0/21, + 10.192.7.0/24, + 10.192.72.0/24, + 10.192.76.0/24, + 10.192.8.0/24, + 10.192.80.0/20, + 10.192.9.0/24, + 10.192.96.0/21, + 10.194.0.0/20, + 10.194.128.0/17, + 10.194.16.0/21, + 10.194.61.0/24, + 10.194.62.0/23, + 10.194.64.0/20, + 10.194.80.0/21, + 10.2.1.0/24, + 10.2.2.0/24, + 10.2.3.0/24, + 10.2.4.0/24, + 10.2.5.0/24, + 10.2.6.0/24, + 10.2.7.0/24, + 10.64.0.0/22, + 10.64.130.0/24, + 10.64.131.0/24, + 10.64.132.0/24, + 10.64.133.0/24, + 10.64.134.0/24, + 10.64.135.0/24, + 10.64.136.0/24, + 10.64.137.0/24, + 10.64.138.0/24, + 10.64.139.0/24, + 10.64.140.0/24, + 10.64.141.0/24, + 10.64.142.0/24, + 10.64.143.0/24, + 10.64.144.0/24, + 10.64.145.0/24, + 10.64.148.0/24, + 10.64.149.0/24, + 10.64.150.0/24, + 10.64.151.0/24, + 10.64.152.0/24, + 10.64.153.0/24, + 10.64.154.0/24, + 10.64.155.0/24, + 10.64.156.0/24, + 10.64.157.0/24, + 10.64.158.0/24, + 10.64.159.0/24, + 10.64.16.0/22, + 10.64.160.0/24, + 10.64.161.0/24, + 10.64.162.0/24, + 10.64.163.0/24, + 10.64.164.0/24, + 10.64.165.0/24, + 10.64.166.0/24, + 10.64.167.0/24, + 10.64.169.0/24, + 10.64.170.0/24, + 10.64.171.0/24, + 10.64.172.0/24, + 10.64.173.0/24, + 10.64.174.0/24, + 10.64.175.0/24, + 10.64.176.0/24, + 10.64.177.0/24, + 10.64.178.0/24, + 10.64.179.0/24, + 10.64.180.0/24, + 10.64.181.0/24, + 10.64.182.0/24, + 10.64.183.0/24, + 10.64.184.0/24, + 10.64.185.0/24, + 10.64.186.0/24, + 10.64.187.0/24, + 10.64.188.0/24, + 10.64.189.0/24, + 10.64.190.0/24, + 10.64.20.0/24, + 10.64.21.0/24, + 10.64.24.0/23, + 10.64.32.0/22, + 10.64.36.0/24, + 10.64.48.0/22, + 10.64.5.0/24, + 10.64.53.0/24, + 10.64.64.0/21, + 10.64.72.0/24, + 10.64.76.0/24, + 10.67.0.0/20, + 10.67.128.0/17, + 10.67.16.0/21, + 10.67.24.0/21, + 10.67.32.0/20, + 10.67.64.0/20, + 10.67.80.0/21, + 10.80.0.0/24, + 10.80.1.0/24, + 10.80.2.0/24, + 103.102.166.0/28, + 103.102.166.224/27, + 103.102.166.96/27, + 185.15.58.0/27, + 185.15.58.224/27, + 185.15.58.32/27, + 185.15.59.0/27, + 185.15.59.224/27, + 185.15.59.32/27, + 185.15.59.96/27, + 195.200.68.0/27, + 195.200.68.224/27, + 195.200.68.32/27, + 195.200.68.96/27, + 198.35.26.0/27, + 198.35.26.32/27, + 198.35.26.96/27, + 208.80.152.128/27, + 208.80.153.0/27, + 208.80.153.224/27, + 208.80.153.32/27, + 208.80.153.64/27, + 208.80.153.96/27, + 208.80.154.0/26, + 208.80.154.128/26, + 208.80.154.224/27, + 208.80.154.64/26, + 208.80.155.96/27 + } +}- File[/etc/ferm/functions.conf]
- Parameters differences:
--- File[/etc/ferm/functions.conf].orig +++ File[/etc/ferm/functions.conf] - source => puppet:///modules/ferm/functions.conf - notify => Service[ferm] - mode => 0400 - owner => root - ensure => file - group => root - require => Package[ferm]
- File[/etc/nftables/sets/CACHES_ipv4.nft]
- File[/etc/nftables/sets/CACHES_ipv4.nft]
- Content differences:
- File[/etc/nftables/sets/PRODUCTION_NETWORKS_ipv4.nft]
- Content differences:
- File[/etc/nftables/sets/AUX_KUBEPODS_NETWORKS_ipv4.nft]
- Nrpe::Plugin[check_ferm]
- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.timer (prometheus-node-textfile-check-nft.timer)]
- Content differences:
- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv4.nft]
- Nftables::Set[PRODUCTION_NETWORKS]
- Content differences:
- File[/etc/ferm/conf.d/10_full_monitoring_metrics_access_udp]
- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]
- Class[Firewall]
- Exec[update_alternative_iptables]
- Alternatives::Select[iptables]
- Logrotate::Conf[ulogd]
- Systemd::Timer::Job[nrpe2nodexp-ferm_active]
- Content differences:
- File[/etc/nftables/sets/WIKIKUBE_KUBEPODS_NETWORKS_ipv4.nft]
- Content differences:
- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv6.nft]
- Exec[systemd daemon-reload for prometheus-node-textfile-check-nft.service (prometheus-node-textfile-check-nft.service)]
- Exec[systemd daemon-reload for ferm.service (ferm-ferm-service-status-restart)]
- Nftables::Set[WIKIKUBE_KUBEPODS_NETWORKS]
- Content differences:
- File[/etc/nftables/input/10_ssh-from-cumin-masters.nft]
- Content differences:
- File[/etc/nftables/sets/MLSERVE_KUBEPODS_NETWORKS_ipv6.nft]
- Systemd::Unit[nrpe2nodexp-ferm_active.service]
- Ferm::Service[rpkivalidator_rtr_acl]
- Package[ulogd2]
- Ferm::Rule[log-everything]
- Content differences:
- File[/etc/nftables/sets/ZOOKEEPER_HOSTS_MAIN_ipv6.nft]
- Class[Ferm]
- Nftables::Set[CLOUD_NETWORKS_PUBLIC]
- Systemd::Syslog[ulogd]
- Content differences:
- File[/etc/nftables/sets/ZOOKEEPER_FLINK_HOSTS_ipv6.nft]
- Systemd::Timer::Job[prometheus-node-textfile-check-nft]
- Content differences:
- Content differences:
- Content differences:
- Content differences:
- File[/etc/nftables/sets/DOMAIN_NETWORKS_ipv4.nft]
- Content differences:
- Content differences:
- Content differences:
- File[/etc/nftables/sets/KAFKAMON_HOSTS_ipv4.nft]
- Parameters differences: