* Add many modules (mainly for iptables) to load at startup (sea README.md).
This commit is contained in:
parent
f2138eca84
commit
563f6192a1
|
@ -8,6 +8,7 @@
|
|||
* (#9) Add a puppetlabs-firewall rule.
|
||||
* (#3) Add a new class and subclass: proxmox::vm::openvz to manage OpenVZ CT.
|
||||
* (#3) Add a new fact to calculate venet's network with /24 instead of /32.)
|
||||
* Add many modules (mainly for iptables) to load at startup (sea README.md).
|
||||
|
||||
---------------------------------------
|
||||
|
||||
|
|
50
README.md
50
README.md
|
@ -14,9 +14,10 @@
|
|||
* [Classes](#classes)
|
||||
* [Defined types](#defined-types)
|
||||
* [Parameters](#parameters)
|
||||
6. [Limitations](#limitations)
|
||||
7. [Development](#development)
|
||||
8. [License](#license)
|
||||
6. [Other notes](#other-notes)
|
||||
7. [Limitations](#limitations)
|
||||
8. [Development](#development)
|
||||
9. [License](#license)
|
||||
|
||||
## Overview
|
||||
|
||||
|
@ -50,6 +51,9 @@ To begin using proxmox module with default parameters, declare the hypervisor's
|
|||
```
|
||||
include proxmox::hypervisor
|
||||
```
|
||||
**Note**: The module will automatically reboot the system on the PVE Kernel. You will need to start again the puppet agent.
|
||||
|
||||
#### KVM only
|
||||
|
||||
If you will use only KVM you can have a most recent kernel with:
|
||||
```
|
||||
|
@ -58,7 +62,13 @@ class { 'proxmox::hypervisor':
|
|||
}
|
||||
```
|
||||
|
||||
**Note**: The module will automatically reboot the system on the PVE Kernel. You will need to start again the puppet agent.
|
||||
#### Disable additionnal modules
|
||||
Disable all additionnal modules load at the boot time:
|
||||
```
|
||||
class { 'proxmox::hypervisor':
|
||||
pve_modules_list => [ '' ],
|
||||
}
|
||||
```
|
||||
|
||||
### VM
|
||||
|
||||
|
@ -140,6 +150,38 @@ proxmox::hypervisor::user { 'marvin':
|
|||
* `network_service_manage`: If set to 'true', Puppet will manage the network's service. Can be 'true' or 'false'. Defaults to 'true'.
|
||||
* `network_service_enabled`: If set to 'true', Puppet will ensure the network's service is running. Can be 'true' or 'false'. Defaults to 'true'.
|
||||
|
||||
Other notes
|
||||
-----------
|
||||
By default `proxmox::hypervisor` comes with several modules kernel load at boot time. Mainly iptables's modules to allow it in the OpenVZ CT.
|
||||
|
||||
The default modules list:
|
||||
* `iptable_filter`
|
||||
* `iptable_mangle`
|
||||
* `iptable_nat`
|
||||
* `ipt_length` (=xt_length)
|
||||
* `ipt_limit` (=xt_limit)
|
||||
* `ipt_LOG`
|
||||
* `ipt_MASQUERADE`
|
||||
* `ipt_multiport` (=xt_multiport)
|
||||
* `ipt_owner` (=xt_owner)
|
||||
* `ipt_recent` (=xt_recent)
|
||||
* `ipt_REDIRECT`
|
||||
* `ipt_REJECT`
|
||||
* `ipt_state` (=xt_state)
|
||||
* `ipt_TCPMSS` (=xt_TCPMSS)
|
||||
* `ipt_tcpmss` (=xt_tcpmss)
|
||||
* `ipt_TOS`
|
||||
* `ipt_tos`
|
||||
* `ip_conntrack` (=nf_conntrack)
|
||||
* `ip_nat_ftp` (=nf_nat_ftp)
|
||||
* `xt_iprange`
|
||||
* `xt_comment`
|
||||
* `ip6table_filter`
|
||||
* `ip6table_mangle`
|
||||
* `ip6t_REJECT' `
|
||||
|
||||
See [hypervisor usage](#hypervisor) if you want to disable it or [parameters](#parameters) if you want to edit this list.
|
||||
|
||||
Limitations
|
||||
-----------
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ class proxmox::params {
|
|||
$pveproxy_service_enabled = true
|
||||
|
||||
# Manage additionnals modules
|
||||
$pve_modules_list = [ 'xt_iprange', 'xt_comment' ]
|
||||
$pve_modules_list = [ 'iptable_filter', 'iptable_mangle', 'iptable_nat', 'ipt_length', 'ipt_limit', 'ipt_LOG', 'ipt_MASQUERADE', 'ipt_multiport', 'ipt_owner', 'ipt_recent', 'ipt_REDIRECT', 'ipt_REJECT', 'ipt_state', 'ipt_TCPMSS', 'ipt_tcpmss', 'ipt_TOS', 'ipt_tos', 'ip_conntrack', 'ip_nat_ftp', 'xt_iprange', 'xt_comment', 'ip6table_filter', 'ip6table_mangle', 'ip6t_REJECT' ]
|
||||
$pve_modules_file_path = '/etc/modules-load.d/proxmox.conf'
|
||||
$pve_modules_file_content = 'proxmox/hypervisor/proxmox_modules.conf.erb'
|
||||
|
||||
|
|
Loading…
Reference in New Issue