GitHub puppet-ipset
Puppet module to manage ipset tooling and actual sets

Repo Checks ( 18 of 28 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
passed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Operatingsystems
No translation
passed
Supports Only Current Debian
No translation
passed
Supports Latest Debian
No translation
failed
Supports Only Current Ubuntu
No translation
passed
Supports Latest Ubuntu
No translation
failed
Supports Only Current Redhat
No translation
passed
Supports Latest Redhat
No translation
failed
Supports Only Current Centos
No translation
passed
Supports Latest Centos
No translation
failed
Supports Only Current Oraclelinux
No translation
passed
Supports Latest Oraclelinux
No translation
failed
Supports Only Current Scientific
No translation
passed
Supports Latest Scientific
No translation
failed
Supports Only Current Virtuozzolinux
No translation
passed
Supports Latest Virtuozzolinux
No translation
failed
Supports Only Current Archlinux
No translation
failed
Supports Latest Archlinux
No translation
failed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
failed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
passed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
passed

Open Pull Requests

Enable using nested arrays for parameter 'set'

This PR will enable using nested arrays for parameter 'set'.

It's required (e.g.) when grouping networks in Hiera.
```
ip4subnetaclass00: '10.0.1.0/24'
ip4
subnetaclass01: '10.0.2.0/24'
ip4subnetsaclass:
- "%{alias('ip4subnetaclass00')}"
- "%{alias('ip4
subnetaclass01')}"

ip4subnetcclass00: '192.168.0.0/24'
ip4
subnetcclass01: '192.168.1.0/24'
ip4subnetscclass:
- "%{alias('ip4subnetcclass00')}"
- "%{alias('ip4
subnetcclass01')}"

ip4subnets:
- "%{alias('ip4
subnetsaclass')}"
- "%{alias('ip4
subnets_cclass')}"

ipset::sets:
ip4subnets:
set: "%{alias('ip4
subnets')}"
type: 'hash:net'
```

Open PR in GitHub
Update ipset_sync for newer kernels

Allow ipset_sync script to work with ipset 7.8 and newer, by ignoring the variables when checking the configuration

Pull Request (PR) description

This patch makes ipset_sync ignore the bucketsize and initval parameters. Without it, the module wants to recreate the ipset on every Puppet run. I made diff ignore whitespace as well to reduce sed space tricks required.

I tried to add bucketsize as an actual settable option to the module, which may be nice, but unfortunately stops working on older kernels, and because the module sorts the parameters in $opt_string, it also does not match the order ipset save provides.

Diff result on my recent system before this patch:
```

< create vallumd hash:ip family inet maxelem 65536 timeout 3600 bucketsize 12 initval 0xd52632d0

create vallumd hash:ip family inet maxelem 65536 timeout 3600
```

Open PR in GitHub
Override DefaultDependencies on ipset service unit

Pull Request (PR) description

The current ipset service unit sets Before=network-pre.target as it is needed before the network to help ensure that the firewall is up and running before anyone might actually try to connect. It has no setting
for DefaultDependencies which means it takes the defaults, one of which is After=sysinit.target.

There are some cases where this can cause a dependency cycle with other units that want to start early in the boot process between networking.service and sysinit.target (for example, cloud-init). This results in one of the offending units being removed and risks startup continuing without ipsets being configured, potentially leaving a firewall open and a host at risk.

The ipset service can safely be run before sysinit.target by setting DefaultDependencies=no with a couple of additional dependencies to handle some of the other implied settings that are removed as a result.

This Pull Request (PR) fixes the following issues

Fixes #63

Open PR in GitHub
Enable RHEL/CentOS 8 support
enhancement

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

<!--
Replace this comment with a description of your pull request.
-->

This Pull Request (PR) fixes the following issues

<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->

Open PR in GitHub
Enable CentOS/RHEL 8 support, stop triggering sync exec when nothing changes
modulesync 5.3.0
modulesync

modulesync 5.3.0

Open PR in GitHub