* Modification in OpenVZ's configuration file notify the 'vz' service.

* Set an option to manage iptables modules in OpenVZ configuration.
2015-02-03 16:28:07 +01:00 · 2015-02-03 16:28:07 +01:00 · 875afdd9c0
parent 71312b261f
commit 875afdd9c0
5 changed files with 9 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,6 +8,8 @@

 ##### Changes
 * The network management for an OpenVZ CT now works for all Debian family and not only Debian >=7.
+* Modification in OpenVZ's configuration file notify the 'vz' service.
+* Set an option to manage iptables modules in OpenVZ configuration.

 ---------------------------------------
 ### 0.2.0 - 2015/01/27
--- a/manifests/hypervisor.pp
+++ b/manifests/hypervisor.pp
@ -58,6 +58,7 @@ class proxmox::hypervisor (
  $pve_modules_file_content   = $proxmox::params::pve_modules_file_content,
  $vz_config_file_path        = $proxmox::params::vz_config_file_path,
  $vz_config_file_tpl         = $proxmox::params::vz_config_file_tpl,
+  $vz_iptables_modules        = $proxmox::params::vz_iptables_modules,
  $vz_service_name            = $proxmox::params::vz_service_name,
  $vz_service_manage          = $proxmox::params::vz_service_manage,
  $vz_service_enabled         = $proxmox::params::vz_service_enabled,
--- a/manifests/hypervisor/config.pp
+++ b/manifests/hypervisor/config.pp
@ -36,6 +36,7 @@ class proxmox::hypervisor::config {
    file { "${proxmox::hypervisor::vz_config_file_path}":
      ensure  => present,
      content => template("${proxmox::hypervisor::vz_config_file_tpl}"),
+      notify  => Service["${proxmox::hypervisor::vz_service_name}"],
    }

  }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -41,6 +41,7 @@ class proxmox::params {
        # OpenVZ configuration
        $vz_config_file_path        = '/etc/vz/vz.conf'
        $vz_config_file_tpl         = 'proxmox/hypervisor/vz.conf.erb'
+        $vz_iptables_modules        = true
        $vz_service_name            = 'vz'
        $vz_service_manage          = true
        $vz_service_enabled         = true
--- a/templates/hypervisor/vz.conf.erb
+++ b/templates/hypervisor/vz.conf.erb
@ -41,7 +41,11 @@ VE_PRIVATE=/var/lib/vz/private/$VEID
 VZWDOG="no"

 ## IPv4 iptables kernel modules to be enabled in CTs by default
+<% if scope.lookupvar('proxmox::hypervisor::vz_iptables_modules') == true -%>
 IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
+<% else -%>
+IPTABLES=""
+<% end -%>
 ## IPv4 iptables kernel modules to be loaded by init.d/vz script
 IPTABLES_MODULES="$IPTABLES"