* Modification in OpenVZ's configuration file notify the 'vz' service.
* Set an option to manage iptables modules in OpenVZ configuration.
This commit is contained in:
parent
71312b261f
commit
875afdd9c0
|
@ -8,6 +8,8 @@
|
||||||
|
|
||||||
##### Changes
|
##### Changes
|
||||||
* The network management for an OpenVZ CT now works for all Debian family and not only Debian >=7.
|
* The network management for an OpenVZ CT now works for all Debian family and not only Debian >=7.
|
||||||
|
* Modification in OpenVZ's configuration file notify the 'vz' service.
|
||||||
|
* Set an option to manage iptables modules in OpenVZ configuration.
|
||||||
|
|
||||||
---------------------------------------
|
---------------------------------------
|
||||||
### 0.2.0 - 2015/01/27
|
### 0.2.0 - 2015/01/27
|
||||||
|
|
|
@ -58,6 +58,7 @@ class proxmox::hypervisor (
|
||||||
$pve_modules_file_content = $proxmox::params::pve_modules_file_content,
|
$pve_modules_file_content = $proxmox::params::pve_modules_file_content,
|
||||||
$vz_config_file_path = $proxmox::params::vz_config_file_path,
|
$vz_config_file_path = $proxmox::params::vz_config_file_path,
|
||||||
$vz_config_file_tpl = $proxmox::params::vz_config_file_tpl,
|
$vz_config_file_tpl = $proxmox::params::vz_config_file_tpl,
|
||||||
|
$vz_iptables_modules = $proxmox::params::vz_iptables_modules,
|
||||||
$vz_service_name = $proxmox::params::vz_service_name,
|
$vz_service_name = $proxmox::params::vz_service_name,
|
||||||
$vz_service_manage = $proxmox::params::vz_service_manage,
|
$vz_service_manage = $proxmox::params::vz_service_manage,
|
||||||
$vz_service_enabled = $proxmox::params::vz_service_enabled,
|
$vz_service_enabled = $proxmox::params::vz_service_enabled,
|
||||||
|
|
|
@ -36,6 +36,7 @@ class proxmox::hypervisor::config {
|
||||||
file { "${proxmox::hypervisor::vz_config_file_path}":
|
file { "${proxmox::hypervisor::vz_config_file_path}":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
content => template("${proxmox::hypervisor::vz_config_file_tpl}"),
|
content => template("${proxmox::hypervisor::vz_config_file_tpl}"),
|
||||||
|
notify => Service["${proxmox::hypervisor::vz_service_name}"],
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,6 +41,7 @@ class proxmox::params {
|
||||||
# OpenVZ configuration
|
# OpenVZ configuration
|
||||||
$vz_config_file_path = '/etc/vz/vz.conf'
|
$vz_config_file_path = '/etc/vz/vz.conf'
|
||||||
$vz_config_file_tpl = 'proxmox/hypervisor/vz.conf.erb'
|
$vz_config_file_tpl = 'proxmox/hypervisor/vz.conf.erb'
|
||||||
|
$vz_iptables_modules = true
|
||||||
$vz_service_name = 'vz'
|
$vz_service_name = 'vz'
|
||||||
$vz_service_manage = true
|
$vz_service_manage = true
|
||||||
$vz_service_enabled = true
|
$vz_service_enabled = true
|
||||||
|
|
|
@ -41,7 +41,11 @@ VE_PRIVATE=/var/lib/vz/private/$VEID
|
||||||
VZWDOG="no"
|
VZWDOG="no"
|
||||||
|
|
||||||
## IPv4 iptables kernel modules to be enabled in CTs by default
|
## IPv4 iptables kernel modules to be enabled in CTs by default
|
||||||
|
<% if scope.lookupvar('proxmox::hypervisor::vz_iptables_modules') == true -%>
|
||||||
IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
|
IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
|
||||||
|
<% else -%>
|
||||||
|
IPTABLES=""
|
||||||
|
<% end -%>
|
||||||
## IPv4 iptables kernel modules to be loaded by init.d/vz script
|
## IPv4 iptables kernel modules to be loaded by init.d/vz script
|
||||||
IPTABLES_MODULES="$IPTABLES"
|
IPTABLES_MODULES="$IPTABLES"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue