Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/voxpupuli/puppet-ipset

Puppet module to manage ipset tooling and actual sets
https://github.com/voxpupuli/puppet-ipset

archlinux-puppet-module centos-puppet-module debian-puppet-module hacktoberfest linux-puppet-module oraclelinux-puppet-module puppet redhat-puppet-module scientific-puppet-module ubuntu-puppet-module

Last synced: about 9 hours ago
JSON representation

Puppet module to manage ipset tooling and actual sets

Host: GitHub
URL: https://github.com/voxpupuli/puppet-ipset
Owner: voxpupuli
License: agpl-3.0
Created: 2019-09-30T14:27:01.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2024-09-20T10:42:27.000Z (3 months ago)
Last Synced: 2024-10-29T14:22:36.822Z (2 months ago)
Topics: archlinux-puppet-module, centos-puppet-module, debian-puppet-module, hacktoberfest, linux-puppet-module, oraclelinux-puppet-module, puppet, redhat-puppet-module, scientific-puppet-module, ubuntu-puppet-module
Language: Ruby
Homepage: https://forge.puppet.com/puppet/ipset
Size: 221 KB
Stars: 0
Watchers: 42
Forks: 18
Open Issues: 6
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

README

        # puppet-ipset

[![Build Status](https://github.com/voxpupuli/puppet-ipset/workflows/CI/badge.svg)](https://github.com/voxpupuli/puppet-ipset/actions?query=workflow%3ACI)

[![Release](https://github.com/voxpupuli/puppet-ipset/actions/workflows/release.yml/badge.svg)](https://github.com/voxpupuli/puppet-ipset/actions/workflows/release.yml)

[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/ipset.svg)](https://forge.puppetlabs.com/puppet/ipset)

[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/ipset.svg)](https://forge.puppetlabs.com/puppet/ipset)

[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/ipset.svg)](https://forge.puppetlabs.com/puppet/ipset)

[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/ipset.svg)](https://forge.puppetlabs.com/puppet/ipset)

[![puppetmodule.info docs](http://www.puppetmodule.info/images/badge.png)](http://www.puppetmodule.info/m/puppet-ipset)

[![AGPL v3 License](https://img.shields.io/github/license/voxpupuli/puppet-ipset.svg)](LICENSE)

## Table of Contents

* [Overview](#overview)

* [Usage](#usage)

  * [Array](#array)

  * [String](#string)

  * [Module file](#module-file)

  * [Local file](#local-file)

* [Reference](#reference)

* [Limitations](#limitations)

* [Changelog](#changelog)

* [Development and Contribution](#development-and-contribution)

* [Thanks](#thanks)

## Overview

This module manages Linux IP sets.

* Checks for current ipset state, before doing any changes to it.

* Applies ipset every time it drifts from target state,

  not only on config file change.

* Handles type changes.

* Autostart support for RHEL 6 and RHEL 7 family (upstart, systemd).

## Usage

### Array

IP sets can be filled from an array data structure.

Typically passed from Hiera.

```puppet

ipset::set { 'foo':

  ensure => present,

  set    => ['1.2.3.4', '5.6.7.8'],

  type   => 'hash:ip',

}

```

### String

You can also pass a pre-formatted string directly, using one entry per line

(with ``\n`` as a separator).

This pattern is practical when generating the IP set entries using a template.

```puppet

ipset::set { 'foo':

  ensure => present,

  set    => "1.2.3.4\n5.6.7.8",

  type   => 'hash:ip',

}

```

### Module file

IP sets content can also be stored in a module file:

```puppet

ipset::set { 'foo':

  ensure => present,

  set    => "puppet:///modules/${module_name}/foo.ipset",

}

```

### Local file

Or using a plain text file stored on the filesystem:

```puppet

file { '/tmp/bar_set_content':

  ensure  => present,

  content => "1.2.3.0/24\n5.6.7.8/32",

}

ipset::set { 'bar':

  ensure    => present,

  set       => 'file:///tmp/bar_set_content',

  type      => 'hash:net',

  subscribe => File['/tmp/bar_set_content'],

}

```

### Unmanaged ipsets

Declare an IP set, without managing its content:

```puppet

ipset::unmanaged { 'baz':

  ensure => present,

  type   => 'hash:net',

}

```

Useful when you have a dynamic process that generates an IP set content,

but still want to define and use it from Puppet.

Warning: When changing IP set attributes (type, options) contents won't be kept, set will be recreated as empty.

## Reference

The module uses puppet-strings for documentation. The result is the

[REFERENCE.md](REFERENCE.md) file.

## Limitations

* Tested on Debian and RedHat-like Linux distributions

* Only **hash** ipsets are supported (this excludes *bitmap* and *list:set*)

## Changelog

See [CHANGELOG](https://github.com/voxpupuli/puppet-ipset/blob/master/CHANGELOG.md)

## Development and Contribution

See [development](https://github.com/voxpupuli/puppet-ipset/blob/master/.github/CONTRIBUTING.md)

## Thanks

This module is a complete rewrite of [sl0m0ZA/ipset](https://github.com/sl0m0ZA/puppet-ipset),

which is a fork of [pmuller/ipset](https://forge.puppet.com/pmuller/ipset),

which was forked from [mighq/ipset](https://github.com/mighq/puppet-ipset),

which was based on [thias/ipset](https://github.com/thias/puppet-ipset).