This module manages Linux IP sets.
- Checks for current ipset state, before doing any changes to it.
- Applies ipset every time it drifts from target state, not only on config file change.
- Handles type changes.
- Autostart support for RHEL 6 and RHEL 7 family (upstart, systemd).
IP sets can be filled from an array data structure. Typically passed from Hiera.
ipset::set { 'foo':
ensure => present,
set => ['1.2.3.4', '5.6.7.8'],
type => 'hash:ip',
}You can also pass a pre-formatted string directly, using one entry per line
(with \n as a separator).
This pattern is practical when generating the IP set entries using a template.
ipset::set { 'foo':
ensure => present,
set => "1.2.3.4\n5.6.7.8",
type => 'hash:ip',
}IP sets content can also be stored in a module file:
ipset::set { 'foo':
ensure => present,
set => "puppet:///modules/${module_name}/foo.ipset",
}Or using a plain text file stored on the filesystem:
file { '/tmp/bar_set_content':
ensure => present,
content => "1.2.3.0/24\n5.6.7.8/32",
}
ipset::set { 'bar':
ensure => present,
set => 'file:///tmp/bar_set_content',
type => 'hash:net',
subscribe => File['/tmp/bar_set_content'],
}Declare an IP set, without managing its content:
ipset::unmanaged { 'baz':
ensure => present,
type => 'hash:net',
}Useful when you have a dynamic process that generates an IP set content, but still want to define and use it from Puppet.
Warning: When changing IP set attributes (type, options) contents won't be kept, set will be recreated as empty.
The module uses puppet-strings for documentation. The result is the REFERENCE.md file.
- Tested on Debian and RedHat-like Linux distributions
- Only hash ipsets are supported (this excludes bitmap and list:set)
See CHANGELOG
See development
This module is a complete rewrite of sl0m0ZA/ipset, which is a fork of pmuller/ipset, which was forked from mighq/ipset, which was based on thias/ipset.
