| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
[bug] Augeas is still needed
Without including `augeas` puppet would complain:
Error: Could not find resource 'Class[Augeas]' for relationship on
'Class[Shorewall::Base]' on node default
See merge request !6
|
|
Without including `augeas` puppet would complain:
Error: Could not find resource 'Class[Augeas]' for relationship on
'Class[Shorewall::Base]' on node default
|
|
Immerda changes
See merge request !5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remove 'require augeas' (#4396)
Because the puppet 'require' keyword actually instantiates a class,
having 'require augeas' in base.pp means that you cannot instantiate the
augeas class anywhere else in your manifests, for example with some
optional parameters to the class. If you do, you will get a duplicate
definition error.
The README already says that the augeas module is required. It seems
better that this is managed outside of the module, allowing for
class parameter flexibility.
See merge request !3
|
|
'master'
Feature/mangle support multiple rules with same action
This allows one to support multiple networks in libvirt.
See merge request !4
|
|
That is, make the resource's title more unique by including the destination
interface in it, and accordingly pass the desired action via the new,
dedicated parameter.
|
|
Previously, it was using $name, which prevented adding multiple mangle
rules that share a common ACTION, with different parameters.
|
|
|
|
|
|
|
|
Because the puppet 'require' keyword actually instantiates a class,
having 'require augeas' in base.pp means that you cannot instantiate the
augeas class anywhere else in your manifests, for example with some
optional parameters to the class. If you do, you will get a duplicate
definition error.
The README already says that the augeas module is required. It seems
better that this is managed outside of the module, allowing for
class parameter flexibility.
|
|
|
|
|
|
Fix dhcp for libvirt
This branch uses the mangle table support added by the feature/Add_support_for_mangle_table branch to fix the libvirt DHCP when broken by recent kernel. It fills the checksum of this kind of packets on the libvirt interface.
This patch shouldn't break older setup, and is implemented so that it can be disabled.
See merge request !2
|
|
Add support for mangle table.
When using the kernel from Debian Wheezy-backports (3.16.0-0.bpo.4-amd64), we encoutered a bug where shorewall was breaking the libvirt DHCP if restarted after it.
It seems that one has to add a rule in the POSTROUTING chain of the mangle table to --checksum-fill the DHCP packets for them to be properly catch by the VMs DHCP clients.
So we had to add support of the mangle table to the shared puppet module to fix that.
This patch does just that, and is meant to be used by the other branch I'll propose after.
See merge request !1
|
|
On newer kernel (tested on 3.16), the libvirt and shorewall iptables
rules have conflicts that need to be fixed by enabling back
--checksum-fill on $vmz, otherwise the VMs can't get a DHCP lease.
|
|
|
|
|
|
|
|
|
|
|
|
|
