GitHub puppet-ipset
Puppet module to manage ipset tooling and actual sets

Repo Checks ( 11 of 17 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
passed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Supports Only Current Debian
No translation
failed
Supports Latest Debian
No translation
failed
Supports Only Current Ubuntu
No translation
failed
Supports Latest Ubuntu
No translation
failed
Supports Only Current Centos
No translation
failed
Supports Latest Centos
No translation
failed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
passed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
passed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
passed

Open Pull Requests

Enable using nested arrays for parameter 'set'

This PR will enable using nested arrays for parameter 'set'.

It's required (e.g.) when grouping networks in Hiera.
```
ip4subnetaclass00: '10.0.1.0/24'
ip4
subnetaclass01: '10.0.2.0/24'
ip4subnetsaclass:
- "%{alias('ip4subnetaclass00')}"
- "%{alias('ip4
subnetaclass01')}"

ip4subnetcclass00: '192.168.0.0/24'
ip4
subnetcclass01: '192.168.1.0/24'
ip4subnetscclass:
- "%{alias('ip4subnetcclass00')}"
- "%{alias('ip4
subnetcclass01')}"

ip4subnets:
- "%{alias('ip4
subnetsaclass')}"
- "%{alias('ip4
subnets_cclass')}"

ipset::sets:
ip4subnets:
set: "%{alias('ip4
subnets')}"
type: 'hash:net'
```

Open PR in GitHub
Override DefaultDependencies on ipset service unit

Pull Request (PR) description

The current ipset service unit sets Before=network-pre.target as it is needed before the network to help ensure that the firewall is up and running before anyone might actually try to connect. It has no setting
for DefaultDependencies which means it takes the defaults, one of which is After=sysinit.target.

There are some cases where this can cause a dependency cycle with other units that want to start early in the boot process between networking.service and sysinit.target (for example, cloud-init). This results in one of the offending units being removed and risks startup continuing without ipsets being configured, potentially leaving a firewall open and a host at risk.

The ipset service can safely be run before sysinit.target by setting DefaultDependencies=no with a couple of additional dependencies to handle some of the other implied settings that are removed as a result.

This Pull Request (PR) fixes the following issues

Fixes #63

Open PR in GitHub