From 875afdd9c04bdbc588fd5c27998a3ca95624b560 Mon Sep 17 00:00:00 2001 From: Gardouille Date: Tue, 3 Feb 2015 16:28:07 +0100 Subject: [PATCH] * Modification in OpenVZ's configuration file notify the 'vz' service. * Set an option to manage iptables modules in OpenVZ configuration. --- CHANGELOG.md | 2 ++ manifests/hypervisor.pp | 1 + manifests/hypervisor/config.pp | 1 + manifests/params.pp | 1 + templates/hypervisor/vz.conf.erb | 4 ++++ 5 files changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50bc125..60f2529 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ ##### Changes * The network management for an OpenVZ CT now works for all Debian family and not only Debian >=7. +* Modification in OpenVZ's configuration file notify the 'vz' service. +* Set an option to manage iptables modules in OpenVZ configuration. --------------------------------------- ### 0.2.0 - 2015/01/27 diff --git a/manifests/hypervisor.pp b/manifests/hypervisor.pp index 20d303e..aca08b8 100644 --- a/manifests/hypervisor.pp +++ b/manifests/hypervisor.pp @@ -58,6 +58,7 @@ class proxmox::hypervisor ( $pve_modules_file_content = $proxmox::params::pve_modules_file_content, $vz_config_file_path = $proxmox::params::vz_config_file_path, $vz_config_file_tpl = $proxmox::params::vz_config_file_tpl, + $vz_iptables_modules = $proxmox::params::vz_iptables_modules, $vz_service_name = $proxmox::params::vz_service_name, $vz_service_manage = $proxmox::params::vz_service_manage, $vz_service_enabled = $proxmox::params::vz_service_enabled, diff --git a/manifests/hypervisor/config.pp b/manifests/hypervisor/config.pp index 83a23a2..1869fa5 100644 --- a/manifests/hypervisor/config.pp +++ b/manifests/hypervisor/config.pp @@ -36,6 +36,7 @@ class proxmox::hypervisor::config { file { "${proxmox::hypervisor::vz_config_file_path}": ensure => present, content => template("${proxmox::hypervisor::vz_config_file_tpl}"), + notify => Service["${proxmox::hypervisor::vz_service_name}"], } } diff --git a/manifests/params.pp b/manifests/params.pp index 9fbcc24..69aba8f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -41,6 +41,7 @@ class proxmox::params { # OpenVZ configuration $vz_config_file_path = '/etc/vz/vz.conf' $vz_config_file_tpl = 'proxmox/hypervisor/vz.conf.erb' + $vz_iptables_modules = true $vz_service_name = 'vz' $vz_service_manage = true $vz_service_enabled = true diff --git a/templates/hypervisor/vz.conf.erb b/templates/hypervisor/vz.conf.erb index 61f26da..52a9588 100644 --- a/templates/hypervisor/vz.conf.erb +++ b/templates/hypervisor/vz.conf.erb @@ -41,7 +41,11 @@ VE_PRIVATE=/var/lib/vz/private/$VEID VZWDOG="no" ## IPv4 iptables kernel modules to be enabled in CTs by default +<% if scope.lookupvar('proxmox::hypervisor::vz_iptables_modules') == true -%> IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp" +<% else -%> +IPTABLES="" +<% end -%> ## IPv4 iptables kernel modules to be loaded by init.d/vz script IPTABLES_MODULES="$IPTABLES"