{"host": "cephosd1001.eqiad.wmnet", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3437, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "Class[Profile::Tlsproxy::Envoy]", "parameters": "--- Class[Profile::Tlsproxy::Envoy].orig\n+++ Class[Profile::Tlsproxy::Envoy]\n\n@@\n-    firewall_srange => ['db1208.eqiad.wmnet']\n+    firewall_srange => ['db1208.eqiad.wmnet', 'wdqs1029.eqiad.wmnet', 'wdqs1030.eqiad.wmnet', 'wdqs1031.eqiad.wmnet', 'wdqs1032.eqiad.wmnet']\n"}, {"resource": "File[/etc/nftables/input/10_envoy_tls_termination.nft]", "content": "--- /etc/nftables/input/10_envoy_tls_termination.nft.orig\n+++ /etc/nftables/input/10_envoy_tls_termination.nft\n@@ -1,3 +1,4 @@\n # Managed by puppet\n # \n-ip saddr { 10.64.0.163 } tcp dport { 443 } accept\n+ip saddr { 10.64.0.12, 10.64.0.163, 10.64.16.34, 10.64.32.8, 10.64.48.8 } tcp dport { 443 } accept\n+ip6 saddr { 2620:0:861:101:10:64:0:12, 2620:0:861:102:10:64:16:34, 2620:0:861:103:10:64:32:8, 2620:0:861:107:10:64:48:8 } tcp dport { 443 } accept"}, {"resource": "Ferm::Service[envoy_tls_termination]", "parameters": "--- Ferm::Service[envoy_tls_termination].orig\n+++ Ferm::Service[envoy_tls_termination]\n\n@@\n-    srange => ['db1208.eqiad.wmnet']\n+    srange => ['db1208.eqiad.wmnet', 'wdqs1029.eqiad.wmnet', 'wdqs1030.eqiad.wmnet', 'wdqs1031.eqiad.wmnet', 'wdqs1032.eqiad.wmnet']\n"}, {"resource": "File[/etc/nftables/notrack/10_envoy_tls_termination.nft]", "content": "--- /etc/nftables/notrack/10_envoy_tls_termination.nft.orig\n+++ /etc/nftables/notrack/10_envoy_tls_termination.nft\n@@ -1,3 +1,4 @@\n # Managed by puppet\n # \n-ip saddr { 10.64.0.163 } tcp dport { 443 } notrack\n+ip saddr { 10.64.0.12, 10.64.0.163, 10.64.16.34, 10.64.32.8, 10.64.48.8 } tcp dport { 443 } notrack\n+ip6 saddr { 2620:0:861:101:10:64:0:12, 2620:0:861:102:10:64:16:34, 2620:0:861:103:10:64:32:8, 2620:0:861:107:10:64:48:8 } tcp dport { 443 } notrack"}, {"resource": "Nftables::Service[envoy_tls_termination]", "parameters": "--- Nftables::Service[envoy_tls_termination].orig\n+++ Nftables::Service[envoy_tls_termination]\n\n@@\n-    src_ips => ['10.64.0.163']\n+    src_ips => ['10.64.0.12', '10.64.0.163', '10.64.16.34', '10.64.32.8', '10.64.48.8', '2620:0:861:101:10:64:0:12', '2620:0:861:102:10:64:16:34', '2620:0:861:103:10:64:32:8', '2620:0:861:107:10:64:48:8']\n"}, {"resource": "Firewall::Service[envoy_tls_termination]", "parameters": "--- Firewall::Service[envoy_tls_termination].orig\n+++ Firewall::Service[envoy_tls_termination]\n\n@@\n-    srange => ['db1208.eqiad.wmnet']\n+    srange => ['db1208.eqiad.wmnet', 'wdqs1029.eqiad.wmnet', 'wdqs1030.eqiad.wmnet', 'wdqs1031.eqiad.wmnet', 'wdqs1032.eqiad.wmnet']\n"}], "perc_changed": "0.17%"}, "core": {"total": 3437, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/etc/nftables/input/10_envoy_tls_termination.nft]", "content": "--- /etc/nftables/input/10_envoy_tls_termination.nft.orig\n+++ /etc/nftables/input/10_envoy_tls_termination.nft\n@@ -1,3 +1,4 @@\n # Managed by puppet\n # \n-ip saddr { 10.64.0.163 } tcp dport { 443 } accept\n+ip saddr { 10.64.0.12, 10.64.0.163, 10.64.16.34, 10.64.32.8, 10.64.48.8 } tcp dport { 443 } accept\n+ip6 saddr { 2620:0:861:101:10:64:0:12, 2620:0:861:102:10:64:16:34, 2620:0:861:103:10:64:32:8, 2620:0:861:107:10:64:48:8 } tcp dport { 443 } accept"}, {"resource": "File[/etc/nftables/notrack/10_envoy_tls_termination.nft]", "content": "--- /etc/nftables/notrack/10_envoy_tls_termination.nft.orig\n+++ /etc/nftables/notrack/10_envoy_tls_termination.nft\n@@ -1,3 +1,4 @@\n # Managed by puppet\n # \n-ip saddr { 10.64.0.163 } tcp dport { 443 } notrack\n+ip saddr { 10.64.0.12, 10.64.0.163, 10.64.16.34, 10.64.32.8, 10.64.48.8 } tcp dport { 443 } notrack\n+ip6 saddr { 2620:0:861:101:10:64:0:12, 2620:0:861:102:10:64:16:34, 2620:0:861:103:10:64:32:8, 2620:0:861:107:10:64:48:8 } tcp dport { 443 } notrack"}], "perc_changed": "0.06%"}, "main": {"total": 3437, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "Class[Profile::Tlsproxy::Envoy]", "parameters": "--- Class[Profile::Tlsproxy::Envoy].orig\n+++ Class[Profile::Tlsproxy::Envoy]\n\n@@\n-    firewall_srange => ['db1208.eqiad.wmnet']\n+    firewall_srange => ['db1208.eqiad.wmnet', 'wdqs1029.eqiad.wmnet', 'wdqs1030.eqiad.wmnet', 'wdqs1031.eqiad.wmnet', 'wdqs1032.eqiad.wmnet']\n"}, {"resource": "File[/etc/nftables/input/10_envoy_tls_termination.nft]", "content": "--- /etc/nftables/input/10_envoy_tls_termination.nft.orig\n+++ /etc/nftables/input/10_envoy_tls_termination.nft\n@@ -1,3 +1,4 @@\n # Managed by puppet\n # \n-ip saddr { 10.64.0.163 } tcp dport { 443 } accept\n+ip saddr { 10.64.0.12, 10.64.0.163, 10.64.16.34, 10.64.32.8, 10.64.48.8 } tcp dport { 443 } accept\n+ip6 saddr { 2620:0:861:101:10:64:0:12, 2620:0:861:102:10:64:16:34, 2620:0:861:103:10:64:32:8, 2620:0:861:107:10:64:48:8 } tcp dport { 443 } accept"}, {"resource": "File[/etc/nftables/notrack/10_envoy_tls_termination.nft]", "content": "--- /etc/nftables/notrack/10_envoy_tls_termination.nft.orig\n+++ /etc/nftables/notrack/10_envoy_tls_termination.nft\n@@ -1,3 +1,4 @@\n # Managed by puppet\n # \n-ip saddr { 10.64.0.163 } tcp dport { 443 } notrack\n+ip saddr { 10.64.0.12, 10.64.0.163, 10.64.16.34, 10.64.32.8, 10.64.48.8 } tcp dport { 443 } notrack\n+ip6 saddr { 2620:0:861:101:10:64:0:12, 2620:0:861:102:10:64:16:34, 2620:0:861:103:10:64:32:8, 2620:0:861:107:10:64:48:8 } tcp dport { 443 } notrack"}, {"resource": "Nftables::Service[envoy_tls_termination]", "parameters": "--- Nftables::Service[envoy_tls_termination].orig\n+++ Nftables::Service[envoy_tls_termination]\n\n@@\n-    src_ips => ['10.64.0.163']\n+    src_ips => ['10.64.0.12', '10.64.0.163', '10.64.16.34', '10.64.32.8', '10.64.48.8', '2620:0:861:101:10:64:0:12', '2620:0:861:102:10:64:16:34', '2620:0:861:103:10:64:32:8', '2620:0:861:107:10:64:48:8']\n"}, {"resource": "Ferm::Service[envoy_tls_termination]", "parameters": "--- Ferm::Service[envoy_tls_termination].orig\n+++ Ferm::Service[envoy_tls_termination]\n\n@@\n-    srange => ['db1208.eqiad.wmnet']\n+    srange => ['db1208.eqiad.wmnet', 'wdqs1029.eqiad.wmnet', 'wdqs1030.eqiad.wmnet', 'wdqs1031.eqiad.wmnet', 'wdqs1032.eqiad.wmnet']\n"}, {"resource": "Firewall::Service[envoy_tls_termination]", "parameters": "--- Firewall::Service[envoy_tls_termination].orig\n+++ Firewall::Service[envoy_tls_termination]\n\n@@\n-    srange => ['db1208.eqiad.wmnet']\n+    srange => ['db1208.eqiad.wmnet', 'wdqs1029.eqiad.wmnet', 'wdqs1030.eqiad.wmnet', 'wdqs1031.eqiad.wmnet', 'wdqs1032.eqiad.wmnet']\n"}], "perc_changed": "0.17%"}}}