• Stars
    star
    269
  • Rank 152,662 (Top 4 %)
  • Language
    Ruby
  • License
    Apache License 2.0
  • Created over 13 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Puppet Firewall Module

firewall

PR Testing

Table of Contents

  1. Overview - What is the firewall module?
  2. Module description - What does the module do?
  3. Setup - The basics of getting started with firewall
  4. Usage - Configuration and customization options
  5. Reference - An under-the-hood peek at what the module is doing
  6. Limitations - OS compatibility, etc.
  7. Firewall_multi - Arrays for certain parameters
  8. Development - Guide for contributing to the module

Overview

The firewall module lets you manage firewall rules with Puppet.

Module description

PuppetLabs' firewall module introduces the firewall resource, which is used to manage and configure firewall rules from within the Puppet DSL. This module offers support for iptables and ip6tables. The module also introduces the firewallchain resource, which allows you to manage chains or firewall lists and ebtables for bridging support. At the moment, only iptables and ip6tables chains are supported.

The firewall module acts on your running firewall, making immediate changes as the catalog executes. Defining default pre and post rules allows you to provide global defaults for your hosts before and after any custom rules. Defining pre and post rules is also necessary to help you avoid locking yourself out of your own boxes when Puppet runs.

Setup

What firewall affects

  • Every node running a firewall
  • Firewall settings in your system
  • Connection settings for managed nodes
  • Unmanaged resources (get purged)

Setup requirements

Firewall uses Ruby-based providers, so you must enable pluginsync.

Beginning with firewall

In the following two sections, you create new classes and then create firewall rules related to those classes. These steps are optional but provide a framework for firewall rules, which is helpful if you’re just starting to create them.

If you already have rules in place, then you don’t need to do these two sections. However, be aware of the ordering of your firewall rules. The module will dynamically apply rules in the order they appear in the catalog, meaning a deny rule could be applied before the allow rules. This might mean the module hasn’t established some of the important connections, such as the connection to the Puppet server.

The following steps are designed to ensure that you keep your SSH and other connections, primarily your connection to your Puppet server. If you create the pre and post classes described in the first section, then you also need to create the rules described in the second section.

Create the my_fw::pre and my_fw::post Classes

This approach employs a whitelist setup, so you can define what rules you want and everything else is ignored rather than removed.

The code in this section does the following:

  • The 'require' parameter in firewall {} ensures my_fw::pre is run before any other rules.
  • In the my_fw::post class declaration, the 'before' parameter ensures my_fw::post is run after any other rules.

The rules in the pre and post classes are fairly general. These two classes ensure that you retain connectivity and that you drop unmatched packets appropriately. The rules you define in your manifests are likely to be specific to the applications you run.

  1. Add the pre class to my_fw/manifests/pre.pp, and any default rules to your pre.pp file first β€” in the order you want them to run.
class my_fw::pre {
  Firewall {
    require => undef,
  }

  # Default firewall rules
  firewall { '000 accept all icmp':
    proto  => 'icmp',
    action => 'accept',
  }
  -> firewall { '001 accept all to lo interface':
    proto   => 'all',
    iniface => 'lo',
    action  => 'accept',
  }
  -> firewall { '002 reject local traffic not on loopback interface':
    iniface     => '! lo',
    proto       => 'all',
    destination => '127.0.0.1/8',
    action      => 'reject',
  }
  -> firewall { '003 accept related established rules':
    proto  => 'all',
    state  => ['RELATED', 'ESTABLISHED'],
    action => 'accept',
  }
}

The rules in pre allow basic networking (such as ICMP and TCP) and ensure that existing connections are not closed.

  1. Add the post class to my_fw/manifests/post.pp and include any default rules β€” apply these last.
class my_fw::post {
  firewall { '999 drop all':
    proto  => 'all',
    action => 'drop',
    before => undef,
  }
}

Alternatively, the firewallchain type can be used to set the default policy:

firewallchain { 'INPUT:filter:IPv4':
  ensure => present,
  policy => drop,
  before => undef,
}

Create firewall rules

The rules you create here are helpful if you don’t have any existing rules; they help you order your firewall configurations so you don’t lock yourself out of your box.

Rules are persisted automatically between reboots, although there are known issues with ip6tables on older Debian/Ubuntu distributions. There are also known issues with ebtables.

  1. Use the following code to set up the default parameters for all of the firewall rules that you will establish later. These defaults will ensure that the pre and post classes are run in the correct order and avoid locking you out of your box during the first Puppet run.
Firewall {
  before  => Class['my_fw::post'],
  require => Class['my_fw::pre'],
}
  1. Declare the my_fw::pre and my_fw::post classes to satisfy dependencies. You can declare these classes using an external node classifier or the following code:
class { ['my_fw::pre', 'my_fw::post']: }
  1. Include the firewall class to ensure the correct packages are installed:
class { 'firewall': }
  1. If you want to remove unmanaged firewall rules, add the following code to set up a metatype to purge unmanaged firewall resources in your site.pp or another top-scope file. This will clear any existing rules and make sure that only rules defined in Puppet exist on the machine.
resources { 'firewall':
  purge => true,
}

To purge unmanaged firewall chains, add:

resources { 'firewallchain':
  purge => true,
}

Internal chains can not be deleted. In order to avoid all the confusing Warning/Notice messages when using purge => true, like these ones:

Notice: Compiled catalog for blonde-height.delivery.puppetlabs.net in environment production in 0.05 seconds
Warning: Firewallchain[INPUT:mangle:IPv4](provider=iptables_chain): Attempting to destroy internal chain INPUT:mangle:IPv4
Notice: /Stage[main]/Main/Firewallchain[INPUT:mangle:IPv4]/ensure: removed
Warning: Firewallchain[FORWARD:mangle:IPv4](provider=iptables_chain): Attempting to destroy internal chain FORWARD:mangle:IPv4
Notice: /Stage[main]/Main/Firewallchain[FORWARD:mangle:IPv4]/ensure: removed
Warning: Firewallchain[OUTPUT:mangle:IPv4](provider=iptables_chain): Attempting to destroy internal chain OUTPUT:mangle:IPv4
Notice: /Stage[main]/Main/Firewallchain[OUTPUT:mangle:IPv4]/ensure: removed
Warning: Firewallchain[POSTROUTING:mangle:IPv4](provider=iptables_chain): Attempting to destroy internal chain POSTROUTING:mangle:IPv4
Notice: /Stage[main]/Main/Firewallchain[POSTROUTING:mangle:IPv4]/ensure: removed

Please create firewallchains for every internal chain. Here is an example:

firewallchain { 'POSTROUTING:mangle:IPv6':
  ensure  => present,
}

resources { 'firewallchain':
  purge => true,
}

Note: If there are unmanaged rules in unmanaged chains, it will take a second Puppet run for the firewall chain to be purged.

Note: If you need more fine-grained control about which unmananged rules get removed, investigate the purge and ignore_foreign parameters available in firewallchain.

Upgrading

Use these steps if you already have a version of the firewall module installed.

From version 0.2.0 and more recent

Upgrade the module with the puppet module tool as normal:

puppet module upgrade puppetlabs/firewall

Usage

There are two kinds of firewall rules you can use with firewall: default rules and application-specific rules. Default rules apply to general firewall settings, whereas application-specific rules manage firewall settings for a specific application, node, etc.

All rules employ a numbering system in the resource's title that is used for ordering. When titling your rules, make sure you prefix the rule with a number, for example, '000 accept all icmp requests'. 000 runs first, 999 runs last.

Note: The ordering range 9000-9999 is reserved for unmanaged rules. Do not specify any firewall rules in this range.

Default rules

You can place default rules in either my_fw::pre or my_fw::post, depending on when you would like them to run. Rules placed in the pre class will run first, and rules in the post class, last.

In iptables, the title of the rule is stored using the comment feature of the underlying firewall subsystem. Values must match '/^\d+[[:graph:][:space:]]+$/'.

Examples of default rules

Basic accept ICMP request example:

firewall { '000 accept all icmp requests':
  proto  => 'icmp',
  action => 'accept',
}

Drop all:

firewall { '999 drop all other requests':
  action => 'drop',
}

Example of an IPv6 rule

IPv6 rules can be specified using the ip6tables provider:

firewall { '006 Allow inbound SSH (v6)':
  dport    => 22,
  proto    => 'tcp',
  action   => 'accept',
  provider => 'ip6tables',
}

Application-specific rules

Puppet doesn't care where you define rules, and this means that you can place your firewall resources as close to the applications and services that you manage as you wish. If you use the roles and profiles pattern then it makes sense to create your firewall rules in the profiles, so they remain close to the services managed by the profile.

This is an example of firewall rules in a profile:

class profile::apache {
  include apache
  apache::vhost { 'mysite':
    ensure => present,
  }

  firewall { '100 allow http and https access':
    dport  => [80, 443],
    proto  => 'tcp',
    action => 'accept',
  }
}

Rule inversion

Firewall rules may be inverted by prefixing the value of a parameter by "! ". If the value is an array, then every item in the array must be prefixed as iptables does not understand inverting a single value.

Parameters that understand inversion are: connmark, ctstate, destination, dport, dst_range, dst_type, iniface, outiface, port, proto, source, sport, src_range and src_type.

Examples:

firewall { '001 disallow esp protocol':
  action => 'accept',
  proto  => '! esp',
}

firewall { '002 drop NEW external website packets with FIN/RST/ACK set and SYN unset':
  chain     => 'INPUT',
  state     => 'NEW',
  action    => 'drop',
  proto     => 'tcp',
  sport     => ['! http', '! 443'],
  source    => '! 10.0.0.0/8',
  tcp_flags => '! FIN,SYN,RST,ACK SYN',
}

Additional uses for the firewall module

You can apply firewall rules to specific nodes. Usually, you should put the firewall rule in another class and apply that class to a node. Apply a rule to a node as follows:

node 'some.node.com' {
  firewall { '111 open port 111':
    dport => 111,
  }
}

You can also do more complex things with the firewall resource. This example sets up static NAT for the source network 10.1.2.0/24:

firewall { '100 snat for network foo2':
  chain    => 'POSTROUTING',
  jump     => 'MASQUERADE',
  proto    => 'all',
  outiface => 'eth0',
  source   => '10.1.2.0/24',
  table    => 'nat',
}

You can also change the TCP MSS value for VPN client traffic:

firewall { '110 TCPMSS for VPN clients':
  chain     => 'FORWARD',
  table     => 'mangle',
  source    => '10.0.2.0/24',
  proto     => 'tcp',
  tcp_flags => 'SYN,RST SYN',
  mss       => '1361:1541',
  set_mss   => '1360',
  jump      => 'TCPMSS',
}

The following will mirror all traffic sent to the server to a secondary host on the LAN with the TEE target:

firewall { '503 Mirror traffic to IDS':
  proto   => 'all',
  jump    => 'TEE',
  gateway => '10.0.0.2',
  chain   => 'PREROUTING',
  table   => 'mangle',
}

The following example creates a new chain and forwards any port 5000 access to it.

firewall { '100 forward to MY_CHAIN':
  chain   => 'INPUT',
  jump    => 'MY_CHAIN',
}

# The namevar here is in the format chain_name:table:protocol
firewallchain { 'MY_CHAIN:filter:IPv4':
  ensure  => present,
}

firewall { '100 my rule':
  chain   => 'MY_CHAIN',
  action  => 'accept',
  proto   => 'tcp',
  dport   => 5000,
}

Setup NFLOG for a rule.

firewall {'666 for NFLOG':
  proto           => 'all',
  jump            => 'NFLOG',
  nflog_group     => 3,
  nflog_prefix    => 'nflog-test',
  nflog_size      => 256,
  nflog_threshold => 1,
}

Duplicate rule behaviour

It is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This configuration is not supported by the firewall module.

In the event of a duplicate rule, the module will by default display a warning message notifying the user that it has found a duplicate but will continue to update the resource.

This behaviour is configurable via the onduplicaterulebehaviour parameter. Users can choose from the following behaviours:

  • ignore - The duplicate rule is ignored and any updates to the resource will continue unaffected.
  • warn - The duplicate rule is logged as a warning and any updates to the resource will continue unaffected.
  • error - The duplicate rule is logged as an error and any updates to the resource will be skipped.

With either the ignore or warn (default) behaviour, Puppet may create another duplicate rule. To prevent this behavior and report the resource as failing during the Puppet run, specify the error behaviour.

Additional information

Access the inline documentation:

puppet describe firewall

Or

puppet doc -r type
(and search for firewall)

Reference

For information on the classes and types, see the REFERENCE.md. For information on the facts, see below.

Facts:

Fact: ip6tables_version

A Facter fact that can be used to determine what the default version of ip6tables is for your operating system/distribution.

Fact: iptables_version

A Facter fact that can be used to determine what the default version of iptables is for your operating system/distribution.

Fact: iptables_persistent_version

Retrieves the version of iptables-persistent from your OS. This is a Debian/Ubuntu specific fact.

Limitations

For an extensive list of supported operating systems, see metadata.json

SLES

The socket parameter is not supported on SLES. In this release it will cause the catalog to fail with iptables failures, rather than correctly warn you that the features are unusable.

Oracle Enterprise Linux

The socket and owner parameters are unsupported on Oracle Enterprise Linux when the "Unbreakable" kernel is used. These may function correctly when using the stock RedHat kernel instead. Declaring either of these parameters on an unsupported system will result in iptable rules failing to apply.

Passing firewall parameter values as arrays with firewall_multi module

You might sometimes need to pass arrays, such as arrays of source or destination addresses, to some parameters in contexts where iptables itself does not allow arrays.

A community module, alexharvey-firewall_multi, provides a defined type wrapper to spawn firewall resources for arrays of certain inputs.

For example:

firewall_multi { '100 allow http and https access':
  source => [
    '10.0.10.0/24',
    '10.0.12.0/24',
    '10.1.1.128',
  ],
  dport  => [80, 443],
  proto  => 'tcp',
  action => 'accept',
}

For more information see the documentation at alexharvey-firewall_multi.

Known issues

MCollective causes PE to reverse firewall rule order

Firewall rules appear in reverse order if you use MCollective to run Puppet in Puppet Enterprise 2016.1, 2015.3, 2015.2, or 3.8.x.

If you use MCollective to kick off Puppet runs (mco puppet runonce -I agent.example.com) while also using the puppetlabs/firewall module, your firewall rules might be listed in reverse order.

In many firewall configurations, the last rule drops all packets. If the rule order is reversed, this rule is listed first and network connectivity fails.

To prevent this issue, do not use MCollective to kick off Puppet runs. Use any of the following instead:

  • Run puppet agent -t on the command line.
  • Use a cron job.
  • Click Run Puppet in the console.

condition parameter

The condition parameter requires xtables-addons to be installed locally. For ubuntu distributions xtables-addons-common package can be installed by running command: apt-get install xtables-addons-common or running a manifest:

package { 'xtables-addons-common':
  ensure => 'latest',
}

For other distributions (RedHat, Debian, Centos etc) manual installation of the xtables-addons package is required.

Reporting Issues

Please report any bugs in the Puppetlabs JIRA issue tracker:

https://tickets.puppetlabs.com/projects/MODULES/issues

Development

Acceptance tests for this module leverage puppet_litmus. To run the acceptance tests follow the instructions here. You can also find a tutorial and walkthrough of using Litmus and the PDK on YouTube.

If you run into an issue with this module, or if you would like to request a feature, please file a ticket. Every Monday the Puppet IA Content Team has office hours in the Puppet Community Slack, alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC).

If you have problems getting this module up and running, please contact Support.

If you submit a change to this module, be sure to regenerate the reference documentation as follows:

puppet strings generate --format markdown --out REFERENCE.md

Testing

Make sure you have:

  • rake
  • bundler

Install the necessary gems:

bundle install

And run the tests from the root of the source code:

bundle exec rake parallel_spec

See also .travis.yml for information on running the acceptance and other tests.

More Repositories

1

puppet

Server automation framework and application
Ruby
7,082
star
2

showoff

Don't just present; interact with your audience!
JavaScript
932
star
3

r10k

Smarter Puppet deployment
Ruby
800
star
4

facter

Collect and display system facts
Ruby
603
star
5

trapperkeeper

A services framework for Clojure / JVM applications.
Clojure
586
star
6

bolt

Bolt is an open source orchestration tool that automates the manual work it takes to maintain your infrastructure on an as-needed basis or as part of a greater orchestration workflow. It can be installed on your local workstation and connects directly to remote nodes with SSH or WinRM, so you are not required to install any agent software.
Ruby
459
star
7

puppetlabs-mysql

MySQL Puppet Module / Manifests + Types & Providers
Ruby
385
star
8

puppetlabs-apache

Puppet module for the Apache httpd server, maintained by Puppet, Inc.
Ruby
365
star
9

puppetlabs-stdlib

Puppet Labs Standard Library module
Ruby
350
star
10

hiera

Lightweight Pluggable Hierarchical Database
Ruby
295
star
11

puppetdb

Centralized Puppet Storage
Clojure
290
star
12

puppetserver

Server automation framework and application
Clojure
280
star
13

puppetlabs-postgresql

Puppet module for managing PostgreSQL
Ruby
228
star
14

puppet-docs

Curated Puppet Documentation
HTML
223
star
15

pdk

The shortest path to better modules: Puppet Development Kit; Download:
Ruby
217
star
16

control-repo

A control repository template
Ruby
197
star
17

pupperware

Container fun time lives here.
Ruby
183
star
18

puppetlabs-concat

File concatenation system for Puppet
Ruby
171
star
19

puppet-vagrant-boxes

Veewee definitions for a set of generic vagrant boxes
Shell
153
star
20

puppetlabs-ntp

Puppet module to manage the NTP service
Ruby
145
star
21

puppetlabs-lvm

Puppet Module to manage LVM
Ruby
126
star
22

puppetlabs_spec_helper

A set of shared spec helpers specific to Puppetlabs projects
Ruby
121
star
23

best-practices

Best practice docs created by the Puppet Customer Success team
CSS
120
star
24

puppetlabs-packer

Packer templates to build images for vSphere
PowerShell
119
star
25

puppetlabs-java

Puppet Module to manage Java
Ruby
103
star
26

puppet-syntax-vim

Puppet language syntax highlighting for Vim
Vim Script
102
star
27

puppet-specifications

Specification of the Puppet Language, Catalog, Extension points
Ruby
97
star
28

vault-plugin-secrets-oauthapp

OAuth 2.0 secrets plugin for HashiCorp Vault supporting a variety of grant types
Go
94
star
29

puppetlabs-kubernetes

This module install and configures a Kubernetes cluster
Ruby
92
star
30

puppet-strings

The next generation Puppet documentation extraction and presentation tool.
Ruby
89
star
31

puppet_litmus

Providing a simple command line tool for puppet content creators, to enable simple and complex test deployments.
Ruby
88
star
32

puppetlabs-docker

The Puppet Docker repository
Ruby
87
star
33

cpp-hocon

A C++ port of the Typesafe Config library.
C++
83
star
34

education-builds

Bootstrap CentOS training VMs from scratch. Now with true versioning!
Ruby
82
star
35

puppet-vscode

Puppet Editing. Redefined.
TypeScript
79
star
36

vmpooler

Provide configurable 'pools' of instantly-available (running) virtual machines
Ruby
75
star
37

tasks-hands-on-lab

Deprecated: Please see http://bolt.guide to follow our Bolt tutorial!
Shell
73
star
38

puppetlabs-inifile

Resource types for managing settings in INI files
Ruby
70
star
39

hiera-puppet

Puppet function and data backend for Hiera
Ruby
60
star
40

leatherman

A collection of C++ and CMake utility libraries.
C++
57
star
41

puppet-rfc

Puppet RFC Repository
Ruby
55
star
42

puppetlabs-f5

Puppet Management of F5 Network Devices.
53
star
43

puppetlabs-puppetdb

A puppet module for installing and managing puppetdb
Ruby
52
star
44

relay

Event-driven workflows for DevOps automation
Go
52
star
45

puppetserver-helm-chart

The Helm Chart for Puppet Server
Mustache
51
star
46

puppetlabs-powershell

powershell provider for the Puppet exec resource type
Ruby
50
star
47

puppetlabs-rsync

rsync module
Ruby
49
star
48

puppet-agent

All of the directions for building a puppet agent package.
Ruby
48
star
49

homebrew-puppet

A tap for Puppet macOS package distribution
Ruby
45
star
50

pdk-templates

The main template repo for the Puppet Development Kit https://github.com/puppetlabs/pdk
HTML
43
star
51

docs-archive

An archive of old documentation for Puppet, PE, CD4PE, Pipelines, and their related components. No longer updated, for reference only.
HTML
42
star
52

puppet-editor-services

Puppet Language Server for editors
Ruby
41
star
53

puppetlabs-puppet_agent

Module for managing Puppet-Agent
Ruby
40
star
54

puppetlabs-tomcat

PuppetLabs Tomcat module
Ruby
38
star
55

kream

Kubernetes Rules Everything Around Me. A development environment for the Puppet/kubernetes module
Ruby
38
star
56

packaging

Packaging automation for Puppet software
Ruby
37
star
57

rubocop-i18n

RuboCop rules for detecting and autocorrecting undecorated strings for i18n (gettext and rails-i18n)
Ruby
36
star
58

nssm

Puppet fork of the NSSM source code from https://git.nssm.cc/nssm/nssm.git
C++
36
star
59

puppetlabs-java_ks

Uses a combination of keytool and openssl to manage entries in a Java keystore
Ruby
35
star
60

gatling-puppet-load-test

Scala
34
star
61

ruby-hocon

A Ruby port of the Typesafe Config library.
Ruby
34
star
62

netdev_stdlib

Netdev is a vendor-neutral network abstraction framework maintained by Puppet, Inc
Ruby
30
star
63

puppetlabs-sshkeys

Puppet Labs SSH Public Keys
Shell
30
star
64

puppetlabs-peadm

A Puppet module defining Bolt plans used to automate Puppet Enterprise deployments
Puppet
30
star
65

tasks-playground

Deprecated: Please check out https://bolt.guide to learn about Bolt, or see the project at https://github.com/puppetlabs/bolt
Shell
27
star
66

puppetlabs-node_encrypt

Encrypt secrets inside Puppet catalogs and reports
Ruby
27
star
67

structured-logging

Write data structures to your logs from clojure
Clojure
27
star
68

puppet-resource_api

This library provides a simple way to write new native resources for https://puppet.com.
Ruby
27
star
69

puppetlabs-reboot

Reboot type and provider
Ruby
26
star
70

vanagon

All of your packages will fit into this van with this one simple trick.
Ruby
26
star
71

vmfloaty

A CLI helper tool for Puppet vmpooler to help you stay afloat
Ruby
25
star
72

puppetlabs-registry

Puppet Module for managing the Windows Registry through custom types and providers
Ruby
25
star
73

puppet-syntax-emacs

Puppet language syntax highlighting for Emacs
Emacs Lisp
25
star
74

pxp-agent

PCP eXecution Protocol Agent
C++
22
star
75

puppetlabs-acl

ACL (Access Control List) module
Ruby
20
star
76

clj-i18n

Clojure i18n library and utilities
Clojure
20
star
77

puppetlabs-transition

Transition module
Ruby
20
star
78

puppetlabs-sslcertificate

Puppet module to manage SSL Certificates on WIndows Server 2008 and upwards
Ruby
20
star
79

puppetlabs-accounts

Account management module
Ruby
19
star
80

provision

Simple tasks to provision and tear_down containers / instances and virtual machines.
Ruby
19
star
81

cppbestpractices

Collection of C++ Best Practices at Puppet Labs
C++
19
star
82

clj-kitchensink

Library of utility functions for clojure
Clojure
19
star
83

jvm-ssl-utils

SSL certificate management on the JVM
Clojure
18
star
84

net_http_unix

AF_UNIX domain socket support on top of Ruby's Net::HTTP libraries
Ruby
18
star
85

design-system

A resource for creating user interfaces based on brand, UX, and dev principles
JavaScript
18
star
86

puppet-eucalyptus

Install and management tools for Eucalyptus built with Puppet
Puppet
17
star
87

puppet-classify

A ruby library to interface with the classifier service
Ruby
17
star
88

puppetdb-cli

PuppetDB CLI Tooling
Go
16
star
89

puppetlabs-rcfiles

Customizations for vim, shell, screen, ruby, etc... The goal is to quickly provide an efficient working environment.
Vim Script
16
star
90

puppetlabs-motd

Simple motd module
Ruby
16
star
91

relay-core

Kubernetes-based execution engine
Go
16
star
92

trapperkeeper-webserver-jetty9

Trapperkeeper webservice service (jetty9 implementation).
Clojure
16
star
93

clj-http-client

HTTP client library wrapping Apache HttpAsyncClient
Clojure
15
star
94

bolt-examples

Puppet
15
star
95

puppet-vro-starter_content

Shell
15
star
96

facter-ng

Collect and display system facts
Ruby
15
star
97

ruby-pwsh

A ruby gem for interacting with PowerShell
Ruby
15
star
98

cisco_ios

Cisco IOS Catalyst module
Ruby
14
star
99

learn-to-be-a-puppet-engineer

In this repository we map out skills that our PSE should have, we try link to existing documentation or blog posts, or if they don't exist, create it.
CSS
14
star
100

puppet-gatling-jenkins-plugin

A Jenkins plugin that extends the gatling library
HTML
14
star