Starting Friday Feb 6th 23:30 UTC, puppet runs on instance of the integration labs project started failing. The instances puppet agent point to integration-puppetmaster.eqiad.wmflabs but timeout connecting to it.
@coren found out that adding a security rule to allow the puppet TCP port (8140) fixed the issue for the integration project. The deployment-project uses a local puppet master but works just fine without any additional security rule.
Original ticket: T88960
Seems something got changes on Friday. Maybe the security rules for the integration project ended up being corrupted for some reason and might miss some sane default. I always though the security rules applied to the project and not to communications between instances of the same project.
Other peoples reported strange behavior as well. I don't have a log though.