Compilation results for cloudweb2002-dev.wikimedia.org: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3047
Resources added:	8
Resources removed:	4
Resources modified:	12
Change percentage:	0.79%

Resources only in the new catalog

Firewall::Service[memcached_for_mcrouter]
Firewall::Service[mcrouter]
Firewall::Client[skip_mcrouter_cloudweb_conntrack_out]
Ferm::Client[skip_mcrouter_cloudweb_conntrack_out]
Nftables::Client[skip_mcrouter_cloudweb_conntrack_out]
File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out_client]
Nftables::Service[memcached_for_mcrouter]
Nftables::Service[mcrouter]

Resources only in the old catalog

File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_in]
Ferm::Rule[skip_mcrouter_cloudweb_conntrack_out]
Ferm::Rule[skip_mcrouter_cloudweb_conntrack_in]
File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out]

Resources modified

Firewall::Service[mcrouter]

Parameters differences:

--- Firewall::Service[mcrouter].orig
+++ Firewall::Service[mcrouter]

+    notrack             => True
+    desc                => Allow connections to mcrouter
+    proto               => tcp
+    ensure              => present
+    unrestricted_access => False
+    prio                => 10
+    port                => 11213
+    srange              => ['cloudweb2002-dev.wikimedia.org']

File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out_client]

Parameters differences:

--- File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out_client].orig
+++ File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out_client]

+    tag     => ferm
+    mode    => 0400
+    group   => root
+    notify  => Service[ferm]
+    require => File[/etc/ferm/conf.d]
+    ensure  => present
+    owner   => root

Content differences:

--- /etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out_client.orig
+++ /etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out_client
@@ -0,0 +1,8 @@
+# Autogenerated by puppet. DO NOT EDIT BY HAND!
+#
+# Skip outgoing connection tracking for mcrouter
+&CLIENT(tcp, 11213);
+
+
+
+&NO_TRACK_CLIENT(tcp, 11213);

File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_in]

Parameters differences:

--- File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_in].orig
+++ File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_in]

-    tag     => ferm
-    mode    => 0400
-    group   => root
-    notify  => Service[ferm]
-    require => File[/etc/ferm/conf.d]
-    ensure  => present
-    owner   => root

Content differences:

--- /etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_in.orig
+++ /etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_in
@@ -1,11 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 10_skip_mcrouter_cloudweb_conntrack_in: Skip incoming connection tracking for mcrouter
-
-domain (ip ip6) {
-	table raw {
-		chain PREROUTING {
-			proto tcp dport (11213) NOTRACK;
-		}
-	}
-}

Ferm::Rule[skip_mcrouter_cloudweb_conntrack_out]

Parameters differences:

--- Ferm::Rule[skip_mcrouter_cloudweb_conntrack_out].orig
+++ Ferm::Rule[skip_mcrouter_cloudweb_conntrack_out]

-    rule   => proto tcp sport (11213) NOTRACK;
-    domain => (ip ip6)
-    prio   => 10
-    chain  => OUTPUT
-    desc   => Skip outgoing connection tracking for mcrouter
-    ensure => present
-    table  => raw

Nftables::Service[memcached_for_mcrouter]

Parameters differences:

--- Nftables::Service[memcached_for_mcrouter].orig
+++ Nftables::Service[memcached_for_mcrouter]

+    notrack             => True
+    desc                => Allow connections to memcached
+    proto               => tcp
+    ensure              => present
+    unrestricted_access => False
+    prio                => 10
+    port                => 11000
+    src_ips             => ['208.80.153.41', '2620:0:860:2:208:80:153:41']

Ferm::Client[skip_mcrouter_cloudweb_conntrack_out]

Parameters differences:

--- Ferm::Client[skip_mcrouter_cloudweb_conntrack_out].orig
+++ Ferm::Client[skip_mcrouter_cloudweb_conntrack_out]

+    notrack           => True
+    desc              => Skip outgoing connection tracking for mcrouter
+    proto             => tcp
+    ensure            => present
+    prio              => 10
+    drange            => []
+    port              => 11213
+    skip_output_chain => False

Nftables::Client[skip_mcrouter_cloudweb_conntrack_out]

Parameters differences:

--- Nftables::Client[skip_mcrouter_cloudweb_conntrack_out].orig
+++ Nftables::Client[skip_mcrouter_cloudweb_conntrack_out]

+    prio              => 10
+    port              => 11213
+    proto             => tcp
+    notrack           => True
+    desc              => Skip outgoing connection tracking for mcrouter
+    ensure            => present
+    skip_output_chain => False

Firewall::Service[memcached_for_mcrouter]

Parameters differences:

--- Firewall::Service[memcached_for_mcrouter].orig
+++ Firewall::Service[memcached_for_mcrouter]

+    notrack             => True
+    desc                => Allow connections to memcached
+    proto               => tcp
+    ensure              => present
+    unrestricted_access => False
+    prio                => 10
+    port                => 11000
+    srange              => ['cloudweb2002-dev.wikimedia.org']

Ferm::Rule[skip_mcrouter_cloudweb_conntrack_in]

Parameters differences:

--- Ferm::Rule[skip_mcrouter_cloudweb_conntrack_in].orig
+++ Ferm::Rule[skip_mcrouter_cloudweb_conntrack_in]

-    rule   => proto tcp dport (11213) NOTRACK;
-    domain => (ip ip6)
-    prio   => 10
-    chain  => PREROUTING
-    desc   => Skip incoming connection tracking for mcrouter
-    ensure => present
-    table  => raw

Nftables::Service[mcrouter]

Parameters differences:

--- Nftables::Service[mcrouter].orig
+++ Nftables::Service[mcrouter]

+    notrack             => True
+    desc                => Allow connections to mcrouter
+    proto               => tcp
+    ensure              => present
+    unrestricted_access => False
+    prio                => 10
+    port                => 11213
+    src_ips             => ['208.80.153.41', '2620:0:860:2:208:80:153:41']

File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out]

Parameters differences:

--- File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out].orig
+++ File[/etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out]

-    tag     => ferm
-    mode    => 0400
-    group   => root
-    notify  => Service[ferm]
-    require => File[/etc/ferm/conf.d]
-    ensure  => present
-    owner   => root

Content differences:

--- /etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out.orig
+++ /etc/ferm/conf.d/10_skip_mcrouter_cloudweb_conntrack_out
@@ -1,11 +0,0 @@
-# Autogenerated by puppet. DO NOT EDIT BY HAND!
-#
-# 10_skip_mcrouter_cloudweb_conntrack_out: Skip outgoing connection tracking for mcrouter
-
-domain (ip ip6) {
-	table raw {
-		chain OUTPUT {
-			proto tcp sport (11213) NOTRACK;
-		}
-	}
-}

Firewall::Client[skip_mcrouter_cloudweb_conntrack_out]

Parameters differences:

--- Firewall::Client[skip_mcrouter_cloudweb_conntrack_out].orig
+++ Firewall::Client[skip_mcrouter_cloudweb_conntrack_out]

+    prio              => 10
+    port              => 11213
+    proto             => tcp
+    notrack           => True
+    desc              => Skip outgoing connection tracking for mcrouter
+    ensure            => present
+    skip_output_chain => False

Compilation results for cloudweb2002-dev.wikimedia.org: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources only in the old catalog

Resources modified

Relevant files