__ipset: ignore ipset errors when non-existing item is removed, or item is added twice.

We might choose to include human readable hostnames, rather than ip addresses. In these cases, we are unable to correctly detect membership, but ipset will resolve and error on duplicate. the sets contain ip addresses and not resolvable names, gencode-remote will produce output, but ipset will eventually resolve to ip addresses/check for real membership. For example: __ipset good-sites --type hash:ip --add cdi.st or: __ipset blocked-sites --type hash:ip --del cdi.st
2021-01-09 09:34:01 +00:00 · 2021-01-09 09:34:01 +00:00 · e5099d32f3
commit e5099d32f3
parent c43bd0eed5
1 changed files with 2 additions and 2 deletions
--- a/cdist/conf/type/__ipset/gencode-remote
+++ b/cdist/conf/type/__ipset/gencode-remote
@ -55,7 +55,7 @@ if [ "$state_should" = "present" ]; then
    if [ -f "$p/add" ]; then
        while read -r value; do
            if ! grep -q "$value" "$e/content"; then
-                echo "ipset add $name $value"
+                echo "ipset -! add $name $value"
                needToSave=1
            fi
        done < "$p/add"
@ -64,7 +64,7 @@ if [ "$state_should" = "present" ]; then
    if [ -f "$p/del" ]; then
        while read -r value; do
            if grep -q "$value" "$e/content"; then
-                echo "ipset del $name $value"
+                echo "ipset -! del $name $value"
                needToSave=1
            fi
        done < "$p/del"