* Remove OpenVZ configuration for the Hypervisor.
This commit is contained in:
parent
e9874b890f
commit
82391f5dd5
|
@ -10,3 +10,4 @@
|
|||
* Now use "proxmox4::…" instead of "proxmox::…"
|
||||
* Doesn't need a specific kernel like ProxmoxV3. There is only a 4.x kernel.
|
||||
* The PVE Kernel is newer than the default Debian one, so doesn't need grub-set-default anymore.
|
||||
* Remove OpenVZ configuration for the Hypervisor.
|
||||
|
|
15
README.md
15
README.md
|
@ -21,7 +21,7 @@
|
|||
|
||||
## Overview
|
||||
|
||||
The proxmox module provide a simple way to manage Proxmox hypervisor and OpenVZ network's configuration with Puppet.
|
||||
The proxmox module provide a simple way to manage Proxmox hypervisor configuration with Puppet.
|
||||
|
||||
## Module Description
|
||||
|
||||
|
@ -39,9 +39,6 @@ The proxmox module automates installing Proxmox on Debian systems.
|
|||
* Users and group permissions for WebGUI.
|
||||
* WebGUI's service (pveproxy).
|
||||
* Kernel modules loaded at the boot time.
|
||||
* OpenVZ's configuration file.
|
||||
* OpenVZ's service.
|
||||
* OpenVZ CT network's configuration.
|
||||
|
||||
### Beginning with Proxmox
|
||||
|
||||
|
@ -189,7 +186,7 @@ proxmox4::hypervisor::user { 'marvin':
|
|||
#### proxmox4::hypervisor
|
||||
|
||||
* `ve_pkg_ensure`: What to set the Virtual Environnment package to. Can be 'present', 'absent' or 'version'. Defaults to 'present'.
|
||||
* `ve_pkg_name`: The list of VirtualEnvironnment packages. Can be an array [ 'proxmox-ve-2.6.32', 'ksm-control-daemon', 'vzprocps', 'open-iscsi', 'bootlogd', 'pve-firmware' ].
|
||||
* `ve_pkg_name`: The list of VirtualEnvironnment packages. Can be an array [ 'proxmox-ve', 'ksm-control-daemon', 'open-iscsi', 'pve-firmware' ].
|
||||
* `kernel_pkg_name`: The list of packages to install the new PVE kernel. Can be an array [ 'pve-kernel-4.2.6-1-pve', '...' ].
|
||||
* `rec_pkg_name`: The list of recommended and usefull packages for Proxmox. Can be an array [ 'ntp', 'ssh', 'lvm2', 'bridge-utils' ].
|
||||
* `old_pkg_ensure`: What to set useless packages (non recommended, previous kernel, ...). Can be 'present' or 'absent'. Defaults to 'absent'.
|
||||
|
@ -206,12 +203,6 @@ proxmox4::hypervisor::user { 'marvin':
|
|||
* `pve_modules_list`: The list of additionnal modules to load at boot time.
|
||||
* `pve_modules_file_path`: The configuration file that will contain the modules list. Defaults to '/etc/modules-load.d/proxmox.conf'.
|
||||
* `pve_modules_file_content`: Template file used to generate the previous configuration file. Defaults to 'proxmox/hypervisor/proxmox_modules.conf.erb'.
|
||||
* `vz_config_file_path`: Path of the main OpenVZ's configuration file. Defaults to '/etc/vz/vz.conf'.
|
||||
* `vz_config_file_tpl`: Template file use to generate the OpenVZ's configuration file. Defaults to 'proxmox/hypervisor/vz.conf.erb'.
|
||||
* `vz_iptables_modules`: If set to 'true', OpenVZ will share a list of iptables modules to the containers. Can be 'true' or 'false'. Defaults to 'true'.
|
||||
* `vz_service_name`: The OpenVZ's service name. Defaults to 'vz'.
|
||||
* `vz_service_manage`: If set to 'true', Puppet will manage the OpenVZ's service. Can be 'true' or 'false'. Defaults to 'true'.
|
||||
* `vz_service_enabled`: If set to 'true', Puppet will ensure the OpenVZ's service is running. Can be 'true' or 'false'. Defaults to 'true'.
|
||||
* `labs_firewall_rule`: If set to 'true', Puppet will set a iptable rule to allow WebGUI and VNC's port access. Can be 'true' or 'false'. Defaults to 'false'.
|
||||
* `cluster_master_ip`: The ip address of the "master" node that will create the cluster. Must be an IP address. Defaults to 'undef'.
|
||||
* `cluster_name`: The cluster's name. Defaults to 'undef'.
|
||||
|
@ -227,7 +218,7 @@ proxmox4::hypervisor::user { 'marvin':
|
|||
|
||||
Other notes
|
||||
-----------
|
||||
By default `proxmox4::hypervisor` comes with several modules kernel load at boot time. Mainly iptables's modules to allow it in the OpenVZ CT.
|
||||
By default `proxmox4::hypervisor` comes with several modules kernel load at boot time. Mainly iptables's modules to allow it in the CT.
|
||||
|
||||
The default modules list:
|
||||
* `iptable_filter`
|
||||
|
|
|
@ -53,12 +53,6 @@ class proxmox4::hypervisor (
|
|||
$pve_modules_list = $proxmox4::params::pve_modules_list,
|
||||
$pve_modules_file_path = $proxmox4::params::pve_modules_file_path,
|
||||
$pve_modules_file_content = $proxmox4::params::pve_modules_file_content,
|
||||
$vz_config_file_path = $proxmox4::params::vz_config_file_path,
|
||||
$vz_config_file_tpl = $proxmox4::params::vz_config_file_tpl,
|
||||
$vz_iptables_modules = $proxmox4::params::vz_iptables_modules,
|
||||
$vz_service_name = $proxmox4::params::vz_service_name,
|
||||
$vz_service_manage = $proxmox4::params::vz_service_manage,
|
||||
$vz_service_enabled = $proxmox4::params::vz_service_enabled,
|
||||
$labs_firewall_rule = $proxmox4::params::labs_firewall_rule,
|
||||
$cluster_master_ip = undef,
|
||||
$cluster_name = undef,
|
||||
|
|
|
@ -33,13 +33,6 @@ class proxmox4::hypervisor::config {
|
|||
onlyif => 'grep "if (data.status !== \'Active\') {" /usr/share/pve-manager/ext4/pvemanagerlib.js',
|
||||
}
|
||||
|
||||
## OpenVZ configuration
|
||||
file { $proxmox4::hypervisor::vz_config_file_path:
|
||||
ensure => present,
|
||||
content => template($proxmox4::hypervisor::vz_config_file_tpl),
|
||||
notify => Service[$proxmox4::hypervisor::vz_service_name],
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if $proxmox4::hypervisor::labs_firewall_rule == true {
|
||||
|
|
|
@ -11,13 +11,6 @@ class proxmox4::hypervisor::service {
|
|||
$pveproxy_service_ensure = 'stopped'
|
||||
}
|
||||
|
||||
if $proxmox4::hypervisor::vz_service_enabled == true {
|
||||
$vz_service_ensure = 'running'
|
||||
} else {
|
||||
$vz_service_ensure = 'stopped'
|
||||
}
|
||||
|
||||
|
||||
if $::is_proxmox == 'true' {
|
||||
|
||||
if $proxmox4::hypervisor::pveproxy_service_manage == true {
|
||||
|
@ -29,15 +22,6 @@ class proxmox4::hypervisor::service {
|
|||
}
|
||||
}
|
||||
|
||||
if $proxmox4::hypervisor::vz_service_manage == true {
|
||||
service { $proxmox4::hypervisor::vz_service_name:
|
||||
ensure => $vz_service_ensure,
|
||||
enable => $proxmox4::hypervisor::pveproxy_service_enabled,
|
||||
hasstatus => true,
|
||||
hasrestart => true,
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -3,10 +3,10 @@
|
|||
class proxmox4::params {
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '7.0') >= 0 {
|
||||
if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8.0') >= 0 {
|
||||
# Virtual Environment packages
|
||||
$ve_pkg_ensure = 'present'
|
||||
$ve_pkg_name = [ 'proxmox-ve-2.6.32', 'ksm-control-daemon', 'vzprocps', 'open-iscsi', 'bootlogd', 'pve-firmware' ]
|
||||
$ve_pkg_name = [ 'proxmox-ve', 'ksm-control-daemon', 'open-iscsi', 'pve-firmware' ]
|
||||
|
||||
# PVE Kernel
|
||||
$kernel_pkg_name = [ 'pve-kernel-4.2.6-1-pve' ]
|
||||
|
@ -36,14 +36,6 @@ class proxmox4::params {
|
|||
$pve_modules_file_path = '/etc/modules-load.d/proxmox.conf'
|
||||
$pve_modules_file_content = 'proxmox/hypervisor/proxmox_modules.conf.erb'
|
||||
|
||||
# OpenVZ configuration
|
||||
$vz_config_file_path = '/etc/vz/vz.conf'
|
||||
$vz_config_file_tpl = 'proxmox/hypervisor/vz.conf.erb'
|
||||
$vz_iptables_modules = true
|
||||
$vz_service_name = 'vz'
|
||||
$vz_service_manage = true
|
||||
$vz_service_enabled = true
|
||||
|
||||
# Firewall
|
||||
$labs_firewall_rule = false
|
||||
|
||||
|
|
|
@ -1,56 +0,0 @@
|
|||
## Global parameters
|
||||
VIRTUOZZO=yes
|
||||
LOCKDIR=/var/lib/vz/lock
|
||||
DUMPDIR=/var/lib/vz/dump
|
||||
VE0CPUUNITS=1000
|
||||
|
||||
## Logging parameters
|
||||
LOGGING=yes
|
||||
LOGFILE=/var/log/vzctl.log
|
||||
LOG_LEVEL=0
|
||||
VERBOSE=0
|
||||
|
||||
## Disk quota parameters
|
||||
DISK_QUOTA=yes
|
||||
VZFASTBOOT=no
|
||||
|
||||
# Disable module loading. If set, vz initscript does not load any modules.
|
||||
#MODULES_DISABLED=yes
|
||||
|
||||
# The name of the device whose IP address will be used as source IP for CT.
|
||||
# By default automatically assigned.
|
||||
#VE_ROUTE_SRC_DEV="eth0"
|
||||
|
||||
# Controls which interfaces to send ARP requests and modify ARP tables on.
|
||||
NEIGHBOUR_DEVS=detect
|
||||
|
||||
## Fail if there is another machine in the network with the same IP
|
||||
ERROR_ON_ARPFAIL="no"
|
||||
|
||||
## Template parameters
|
||||
TEMPLATE=/var/lib/vz/template
|
||||
|
||||
## Defaults for containers
|
||||
VE_ROOT=/var/lib/vz/root/$VEID
|
||||
VE_PRIVATE=/var/lib/vz/private/$VEID
|
||||
|
||||
## Filesystem layout for new CTs: either simfs (default) or ploop
|
||||
#VE_LAYOUT=ploop
|
||||
|
||||
## Load vzwdog module
|
||||
VZWDOG="no"
|
||||
|
||||
## IPv4 iptables kernel modules to be enabled in CTs by default
|
||||
<% if scope.lookupvar('proxmox4::hypervisor::vz_iptables_modules') == true -%>
|
||||
IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
|
||||
<% else -%>
|
||||
IPTABLES=""
|
||||
<% end -%>
|
||||
## IPv4 iptables kernel modules to be loaded by init.d/vz script
|
||||
IPTABLES_MODULES="$IPTABLES"
|
||||
|
||||
## Enable IPv6
|
||||
IPV6="yes"
|
||||
|
||||
## IPv6 ip6tables kernel modules
|
||||
IP6TABLES="ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT"
|
Loading…
Reference in New Issue