All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- NEW: cfnetwork::dnssec option to control systemd-resolved DNSSEC
- CHANGED: to allow dash in domain names
- CHANGED: cfnetwork::ipset to also force fetching hosts
- FIXED: host names to allow underscores and hyphens (DNS assumption)
- FIXED: to update resolved.conf for systemd-resolved
- CHANGED: updated for Ubuntu 18.04 Bionic support
- FIXED: to define cfnetwork::dns_servers for systemd-resolved case
- FIXED: to define http, https and cfhttp inside cfnetwork
- NEW: cfnetwork::hosts_locality feature
- NEW: cfnetwork::prefer_ipv4 feature
- CHANGED: remove silent for sysctl what leads to implicit issues
- FIXED: improved bridge sysctl handling
- FIXED: added post-modprobe delay to workaround sysctl failures due to race condition
- FIXED: to remove 0/0 & ::/0 implicit routes from DHCP interfaces (fixes cffirehol logic)
- CHANGED: improved DNS service security with ipset:localnet
- NEW: ipset:localnet feature
- FIXED: minor Puppet 5 issue in sort_ipv
- CHANGED: not to set deprecated 'net.ipv4.tcp_tw_recycle'
- FIXED: to excluded bundler-related stuff
- FIXED: not to show warning forced DNSSEC disable, unless dnsmasq is used
- FIXED: to forcibly disable DNSSEC for <Stretch & <Xenial due to bug in dnsmasq
- FIXED: added missing DNSSEC root anchor to dnsmasq config
- NEW: Puppet 5.x support
- NEW: Ubuntu Zesty support
- Fixed 'cfsystem::bind_address' to support undefined 'local' face
- BROKEN
- Andded 'cfnetwork:firewall' anchor
- Added a new 'cfnetwork::bind_address' API to properly retrieve iface bind address
- Deprecated 'cf_get_iface_address'
- Added automatic creation of host entries for each interface and additional addresses
- Added cfnetwork::hosts parameter
- Added cfnetwork:pre-firewall anchor
- Added fetch of exported host entries used in firewall
- Changed to allow failed to resolve DNS entries in firewall config not to break bootstrap
- Changed prune of unknown /etc/hosts entries
- Improved cf_location/cf_location_pool support on initial deployment when facts are not set (lookup of cfsystem parameters)
- Changed $firewall_provider to 'auto' by default
- Minor improvement for error reporting of internal features
- Allowed to specify expected DHCP address range as firewall hint
- Fixed to allow DNS queries to all destinations if DNS servers are not set
- Changed to use dnsmasq instead of abandoned pdnsd NOTE: dnsmasq has no recursive resolver
- Renamed '$recurse' to '$local' to better reflect dnsmasq behavior
- Disabling IPv6 DHCP, if IPv6 = 'auto'
- Much better support for IPv6 now
- Small redesign of cfnetwork::iface parameters
extra_routes&extra_addressesare deprecated nowaddress- can list multiple addresses nowgateway- can list multiple entries (one for IPv4 and one for IPv6)routes- any additional routes
- Fixed
routes/extra_routesparamter type for Struct case - Improved handling of DHCP interfaces
- Fixed to use IPv6 "auto" method, if 'static' is missing IP address
- Implemented support for ipsets
- Automatic newer puppet-lint fixes
- Fixed puppet-lint and metadata-json-lint warnings
- Enforced strict parameter types
- Fixed minor rare issue with new Puppet 4.6.x release
- Added an explicit dependency of resolv.conf on pdnsd
- Updated supported OS list
- Minor fixes for strict mode
- Fixed systems with kernel 3.18+ to load br_netfilter to properly setup sysctl
- Fixed issue of missing default parameters in DB of exported port/host. It is a workaround for: PUP-6014
- Fixed pdnsd to serve /etc/hosts entries for all domains
- Fixed to properly refresh pdnsd on new exported host getting added
- Fixed to fully generate resolv.conf overriding all dynamic changes
- Changed sysctl configuration to use PuppetLabs approved augeas module
- Fixed outdated root DNS server list in pdnsd config
- Fixed cfnetwork::iface:extra_routes to support plain string, but not only arrays
- Fixed to enforce current DNS settings in /etc/resolv.conf
- Added hiera.yaml version 4 support
- Fixed to use 'local' instead of 'lo' interface for DNS service
- Fixed error with DHCP interfaces
- Added possibility to provide custom debian interface template
- Changed to export resources by default (requires PuppetDB)
Initial release