* Add many modules (mainly for iptables) to load at startup (sea README.md).

CHANGELOG.md

@@ -8,6 +8,7 @@
 * (#9) Add a puppetlabs-firewall rule.
 * (#3) Add a new class and subclass: proxmox::vm::openvz to manage OpenVZ CT.
 * (#3) Add a new fact to calculate venet's network with /24 instead of /32.)
+* Add many modules (mainly for iptables) to load at startup (sea README.md).
 
 ---------------------------------------
 

README.md

@@ -14,9 +14,10 @@
     * [Classes](#classes)
     * [Defined types](#defined-types)
     * [Parameters](#parameters)
-6. [Limitations](#limitations)
-7. [Development](#development)
-8. [License](#license)
+6. [Other notes](#other-notes)
+7. [Limitations](#limitations)
+8. [Development](#development)
+9. [License](#license)
 
 ## Overview
 
@@ -50,6 +51,9 @@ To begin using proxmox module with default parameters, declare the hypervisor's
 ```
 include proxmox::hypervisor
 ```
+**Note**: The module will automatically reboot the system on the PVE Kernel. You will need to start again the puppet agent.
+
+#### KVM only
 
 If you will use only KVM you can have a most recent kernel with:
 ```
@@ -58,7 +62,13 @@ class { 'proxmox::hypervisor':
 }
 ```
 
-**Note**: The module will automatically reboot the system on the PVE Kernel. You will need to start again the puppet agent.
+#### Disable additionnal modules
+Disable all additionnal modules load at the boot time:
+```
+class { 'proxmox::hypervisor':
+  pve_modules_list => [ '' ],
+}
+```
 
 ### VM
 
@@ -140,6 +150,38 @@ proxmox::hypervisor::user { 'marvin':
 * `network_service_manage`: If set to 'true', Puppet will manage the network's service. Can be 'true' or 'false'. Defaults to 'true'.
 * `network_service_enabled`: If set to 'true', Puppet will ensure the network's service is running. Can be 'true' or 'false'. Defaults to 'true'.
 
+Other notes
+-----------
+By default `proxmox::hypervisor` comes with several modules kernel load at boot time. Mainly iptables's modules to allow it in the OpenVZ CT.
+
+The default modules list:
+* `iptable_filter`
+* `iptable_mangle`
+* `iptable_nat`
+* `ipt_length` (=xt_length)
+* `ipt_limit` (=xt_limit)
+* `ipt_LOG`
+* `ipt_MASQUERADE`
+* `ipt_multiport` (=xt_multiport)
+* `ipt_owner` (=xt_owner)
+* `ipt_recent` (=xt_recent)
+* `ipt_REDIRECT`
+* `ipt_REJECT`
+* `ipt_state` (=xt_state)
+* `ipt_TCPMSS` (=xt_TCPMSS)
+* `ipt_tcpmss` (=xt_tcpmss)
+* `ipt_TOS`
+* `ipt_tos`
+* `ip_conntrack` (=nf_conntrack)
+* `ip_nat_ftp` (=nf_nat_ftp)
+* `xt_iprange`
+* `xt_comment`
+* `ip6table_filter`
+* `ip6table_mangle`
+* `ip6t_REJECT' `
+
+See [hypervisor usage](#hypervisor) if you want to disable it or [parameters](#parameters) if you want to edit this list.
+
 Limitations
 -----------
 

manifests/params.pp

@@ -34,7 +34,7 @@ class proxmox::params {
         $pveproxy_service_enabled   = true
 
         # Manage additionnals modules
-        $pve_modules_list           = [ 'xt_iprange', 'xt_comment' ]
+        $pve_modules_list           = [ 'iptable_filter', 'iptable_mangle', 'iptable_nat', 'ipt_length', 'ipt_limit', 'ipt_LOG', 'ipt_MASQUERADE', 'ipt_multiport', 'ipt_owner', 'ipt_recent', 'ipt_REDIRECT', 'ipt_REJECT', 'ipt_state', 'ipt_TCPMSS', 'ipt_tcpmss', 'ipt_TOS', 'ipt_tos', 'ip_conntrack', 'ip_nat_ftp', 'xt_iprange', 'xt_comment', 'ip6table_filter', 'ip6table_mangle', 'ip6t_REJECT' ]
         $pve_modules_file_path      = '/etc/modules-load.d/proxmox.conf'
         $pve_modules_file_content   = 'proxmox/hypervisor/proxmox_modules.conf.erb'