{"host": "contint1002.wikimedia.org", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3693, "only_in_self": [], "only_in_other": ["Class[Profile::Ci::Proxy_jenkins_ext]", "File[/etc/apache2/jenkins_proxy_ext]"], "resource_diffs": [{"resource": "Class[Profile::Ci::Proxy_jenkins_ext]", "parameters": "--- Class[Profile::Ci::Proxy_jenkins_ext].orig\n+++ Class[Profile::Ci::Proxy_jenkins_ext]\n\n+    host     => jenkins.discovery.wmnet\n+    prefix   => /jenkins\n+    tls_port => 1443\n"}, {"resource": "File[/etc/apache2/jenkins_proxy_ext]", "content": "--- /etc/apache2/jenkins_proxy_ext.orig\n+++ /etc/apache2/jenkins_proxy_ext\n@@ -0,0 +1,70 @@\n+#####################################################################\n+### THIS FILE IS MANAGED BY PUPPET\n+### puppet:///modules/contint/apache/proxy_jenkins_ext\n+#####################################################################\n+# vim: filetype=apache\n+\n+ProxyPass       /jenkins https://jenkins.discovery.wmnet:1443/jenkins nocanon\n+ProxyPassReverse    /jenkins https://jenkins.discovery.wmnet:1443/jenkins\n+ProxyRequests       Off\n+\n+# Note the proxy file is included in the <VirtualHost> section and thus applies\n+# to every sites (integration docroot, zuul status) beside just Jenkins. But\n+# that should cause any problem.\n+AllowEncodedSlashes NoDecode\n+\n+# Local reverse proxy authorization override\n+# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Debian)\n+\n+<Proxy https://jenkins.discovery.wmnet:1443/jenkins*>\n+\n+    # user agent blacklisting for Jenkins\n+    SetEnvIf User-Agent 80legs bad_browser\n+    SetEnvIf User-Agent bingbot bad_browser\n+    SetEnvIf User-Agent Baiduspider bad_browser\n+    SetEnvIf User-Agent JikeSpider bad_browser\n+    SetEnvIf User-Agent SISTRIX bad_browser\n+    SetEnvIf User-Agent Sogou bad_browser\n+    SetEnvIf User-Agent Sosospider bad_browser\n+    SetEnvIf User-Agent TweetmemeBot bad_browser\n+    SetEnvIf User-Agent ZumBot bad_browser\n+\n+    # Jenkins is behind cache_text, the API calls lacks cache headers and their\n+    # 4xx errors ends up being cached which causes troubles when\n+    #\n+    # Jenkins job builder creates a job (it check whether a job exists by\n+    # hitting the API, which cache a 404, then checks whether the job got\n+    # successfullyy created and fails beacuse it is server the cached 404).\n+    SetEnvIf Request_URI .*/api/json.* NO_CACHE\n+    Header set Cache-Control \"no-cache,must-revalidate\" env=NO_CACHE\n+\n+    # Fresnel produces huge json traces we want to keep compressed but we need\n+    # to be able to drag'n drop them in Chrome console which requires\n+    # application/json type - T249268\n+    SetEnvIf Request_URI \"^/jenkins/.*fresnel.*\\.json\\.gz$\" JSON_GZ\n+    Header set Content-Type application/json env=JSON_GZ\n+    Header set Content-Encoding gzip env=JSON_GZ\n+\n+    # Network Error Logging (NEL) headers - T303725\n+    Header always set Report-To '{\"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{\"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0\"}]}'\n+    Header always set NEL '{\"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}'\n+\n+    # Prevent access to certain URLs - T63964\n+    SetEnvIf Request_URI ^/jenkins/computer/.*/builds DENY_BUILDS_ACCESS\n+    SetEnvIf Request_URI ^/jenkins/user/.*/builds DENY_BUILDS_ACCESS\n+    SetEnvIf Request_URI ^/jenkins/view/.*/builds DENY_BUILDS_ACCESS\n+\n+    # Blacklist RSS feeds entirely\n+    SetEnvIf Request_URI ^/jenkins/.*/rss(All|Failed|Latest) DENY_BUILDS_ACCESS\n+\n+    # SECURITY-991 - T219991\n+    SetEnvIf Request_URI ^/jenkins/descriptorByName/hudson.plugins.gearman.GearmanPluginConfig/testConnection DENY_GEARMAN_TEST_CONFIG\n+\n+    <RequireAll>\n+      Require all granted\n+      Require not env bad_browser\n+      Require not env DENY_BUILDS_ACCESS\n+      Require not env DENY_GEARMAN_TEST_CONFIG\n+    </RequireAll>\n+\n+</Proxy>", "parameters": "--- File[/etc/apache2/jenkins_proxy_ext].orig\n+++ File[/etc/apache2/jenkins_proxy_ext]\n\n+    owner => root\n+    mode  => 0444\n+    group => root\n"}], "perc_changed": "0.11%"}, "core": {"total": 3693, "only_in_self": [], "only_in_other": ["File[/etc/apache2/jenkins_proxy_ext]"], "resource_diffs": [], "perc_changed": "0.03%"}, "main": {"total": 3693, "only_in_self": [], "only_in_other": ["Class[Profile::Ci::Proxy_jenkins_ext]", "File[/etc/apache2/jenkins_proxy_ext]"], "resource_diffs": [], "perc_changed": "0.05%"}}}