Puppet module to manage ipset tooling and actual sets
AGPL-3.0 License
This module manages Linux IP sets.
IP sets can be filled from an array data structure. Typically passed from Hiera.
ipset::set { 'foo':
ensure => present,
set => ['1.2.3.4', '5.6.7.8'],
type => 'hash:ip',
}
You can also pass a pre-formatted string directly, using one entry per line
(with \n
as a separator).
This pattern is practical when generating the IP set entries using a template.
ipset::set { 'foo':
ensure => present,
set => "1.2.3.4\n5.6.7.8",
type => 'hash:ip',
}
IP sets content can also be stored in a module file:
ipset::set { 'foo':
ensure => present,
set => "puppet:///modules/${module_name}/foo.ipset",
}
Or using a plain text file stored on the filesystem:
file { '/tmp/bar_set_content':
ensure => present,
content => "1.2.3.0/24\n5.6.7.8/32",
}
ipset::set { 'bar':
ensure => present,
set => 'file:///tmp/bar_set_content',
type => 'hash:net',
subscribe => File['/tmp/bar_set_content'],
}
Declare an IP set, without managing its content:
ipset::unmanaged { 'baz':
ensure => present,
type => 'hash:net',
}
Useful when you have a dynamic process that generates an IP set content, but still want to define and use it from Puppet.
Warning: When changing IP set attributes (type, options) contents won't be kept, set will be recreated as empty.
The module uses puppet-strings for documentation. The result is the REFERENCE.md file.
See CHANGELOG
See development
This module is a complete rewrite of sl0m0ZA/ipset, which is a fork of pmuller/ipset, which was forked from mighq/ipset, which was based on thias/ipset.