proxmox/ 000755 000765 000765 00000000000 12264074353 011663 5 ustar 00nico 000000 000000 proxmox/.git 000644 000765 000765 00000000055 12216640455 012446 0 ustar 00nico 000000 000000 gitdir: ../../.git/modules/cookbooks/proxmox
proxmox/.gitignore 000644 000765 000765 00000000005 12216640456 013646 0 ustar 00nico 000000 000000 tmp/
proxmox/attributes/ 000755 000765 000765 00000000000 12255774245 014060 5 ustar 00nico 000000 000000 proxmox/CHANGELOG.md 000644 000765 000765 00000000707 12216640456 013500 0 ustar 00nico 000000 000000 proxmox CHANGELOG
=================
This file is used to list changes made in each version of the proxmox cookbook.
0.1.0
-----
- [your_name] - Initial release of proxmox
- - -
Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.
proxmox/files/ 000755 000765 000765 00000000000 12216654775 012776 5 ustar 00nico 000000 000000 proxmox/Gemfile 000644 000765 000765 00000000342 12216640456 013155 0 ustar 00nico 000000 000000 # A sample Gemfile
source "https://rubygems.org"
gem "foodcritic"
gem "chefspec"
group :developement do
gem "guard"
gem "guard-rspec"
if RUBY_PLATFORM =~ /darwin/i
gem 'rb-fsevent', '~> 0.9.1'
gem 'growl'
end
end
proxmox/Gemfile.lock 000644 000765 000765 00000005505 12216640456 014112 0 ustar 00nico 000000 000000 GEM
remote: https://rubygems.org/
specs:
builder (3.2.2)
chef (11.6.0)
erubis
highline (>= 1.6.9)
json (>= 1.4.4, <= 1.7.7)
mixlib-authentication (>= 1.3.0)
mixlib-cli (~> 1.3.0)
mixlib-config (>= 1.1.2)
mixlib-log (>= 1.3.0)
mixlib-shellout
net-ssh (~> 2.6)
net-ssh-multi (~> 1.1.0)
ohai (>= 0.6.0)
rest-client (>= 1.0.4, < 1.7.0)
yajl-ruby (~> 1.1)
chefspec (2.0.1)
chef (>= 10.0)
erubis
fauxhai (~> 1.1)
minitest-chef-handler (>= 0.6.0)
rspec (~> 2.0)
ci_reporter (1.9.0)
builder (>= 2.1.2)
coderay (1.0.9)
diff-lcs (1.2.4)
erubis (2.7.0)
fauxhai (1.1.1)
httparty
net-ssh
ohai
ffi (1.9.0)
foodcritic (2.2.0)
erubis
gherkin (~> 2.11.7)
nokogiri (~> 1.5.4)
treetop (~> 1.4.10)
yajl-ruby (~> 1.1.0)
formatador (0.2.4)
gherkin (2.11.8)
multi_json (~> 1.3)
growl (1.0.3)
guard (1.8.2)
formatador (>= 0.2.4)
listen (>= 1.0.0)
lumberjack (>= 1.0.2)
pry (>= 0.9.10)
thor (>= 0.14.6)
guard-rspec (3.0.2)
guard (>= 1.8)
rspec (~> 2.13)
highline (1.6.19)
httparty (0.11.0)
multi_json (~> 1.0)
multi_xml (>= 0.5.2)
ipaddress (0.8.0)
json (1.7.7)
listen (1.3.1)
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
rb-kqueue (>= 0.2)
lumberjack (1.0.4)
method_source (0.8.2)
mime-types (1.25)
minitest (4.7.5)
minitest-chef-handler (1.0.1)
chef
ci_reporter
minitest (~> 4.7.3)
mixlib-authentication (1.3.0)
mixlib-log
mixlib-cli (1.3.0)
mixlib-config (1.1.2)
mixlib-log (1.6.0)
mixlib-shellout (1.2.0)
multi_json (1.7.9)
multi_xml (0.5.5)
net-ssh (2.6.8)
net-ssh-gateway (1.2.0)
net-ssh (>= 2.6.5)
net-ssh-multi (1.1)
net-ssh (>= 2.1.4)
net-ssh-gateway (>= 0.99.0)
nokogiri (1.5.10)
ohai (6.18.0)
ipaddress
mixlib-cli
mixlib-config
mixlib-log
mixlib-shellout
systemu
yajl-ruby
polyglot (0.3.3)
pry (0.9.12.2)
coderay (~> 1.0.5)
method_source (~> 0.8)
slop (~> 3.4)
rb-fsevent (0.9.3)
rb-inotify (0.9.1)
ffi (>= 0.5.0)
rb-kqueue (0.2.0)
ffi (>= 0.5.0)
rest-client (1.6.7)
mime-types (>= 1.16)
rspec (2.14.1)
rspec-core (~> 2.14.0)
rspec-expectations (~> 2.14.0)
rspec-mocks (~> 2.14.0)
rspec-core (2.14.5)
rspec-expectations (2.14.2)
diff-lcs (>= 1.1.3, < 2.0)
rspec-mocks (2.14.3)
slop (3.4.6)
systemu (2.5.2)
thor (0.18.1)
treetop (1.4.15)
polyglot
polyglot (>= 0.3.1)
yajl-ruby (1.1.0)
PLATFORMS
ruby
DEPENDENCIES
chefspec
foodcritic
growl
guard
guard-rspec
rb-fsevent (~> 0.9.1)
proxmox/Guardfile 000644 000765 000765 00000000243 12216640456 013507 0 ustar 00nico 000000 000000 guard :rspec do
watch(%r{^spec/.+_spec\.rb$})
watch(%r{^recipes/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
watch('spec/spec_helper.rb') { "spec" }
end
proxmox/metadata.json 000644 000765 000765 00000003721 12264074353 014341 0 ustar 00nico 000000 000000 {
"name": "proxmox",
"description": "Installs/Configures proxmox",
"long_description": "proxmox Cookbook\n================\nTODO: Enter the cookbook description here.\n\ne.g.\nThis cookbook makes your favorite breakfast sandwhich.\n\nRequirements\n------------\nTODO: List your cookbook requirements. Be sure to include any requirements this cookbook has on platforms, libraries, other cookbooks, packages, operating systems, etc.\n\ne.g.\n#### packages\n- `toaster` - proxmox needs toaster to brown your bagel.\n\nAttributes\n----------\nTODO: List you cookbook attributes here.\n\ne.g.\n#### proxmox::default\n
\n \n Key | \n Type | \n Description | \n Default | \n
\n \n ['proxmox']['bacon'] | \n Boolean | \n whether to include bacon | \n true | \n
\n
\n\nUsage\n-----\n#### proxmox::default\nTODO: Write usage instructions for each cookbook.\n\ne.g.\nJust include `proxmox` in your node's `run_list`:\n\n```json\n{\n \"name\":\"my_node\",\n \"run_list\": [\n \"recipe[proxmox]\"\n ]\n}\n```\n\nContributing\n------------\nTODO: (optional) If this is a public cookbook, detail the process for contributing. If this is a private cookbook, remove this section.\n\ne.g.\n1. Fork the repository on Github\n2. Create a named feature branch (like `add_component_x`)\n3. Write you change\n4. Write tests for your change (if applicable)\n5. Run the tests, ensuring they all pass\n6. Submit a Pull Request using Github\n\nLicense and Authors\n-------------------\nAuthors: TODO: List authors\n",
"maintainer": "ReHost - Nicolas Ledez",
"maintainer_email": "chef-cookbook@ledez.net",
"license": "Apache v2.0",
"platforms": {
},
"dependencies": {
},
"recommendations": {
},
"suggestions": {
},
"conflicting": {
},
"providing": {
},
"replacing": {
},
"attributes": {
},
"groupings": {
},
"recipes": {
},
"version": "0.1.4"
} proxmox/metadata.rb 000644 000765 000765 00000000440 12264067224 013765 0 ustar 00nico 000000 000000 name 'proxmox'
maintainer 'ReHost - Nicolas Ledez'
maintainer_email 'chef-cookbook@ledez.net'
license 'Apache v2.0'
description 'Installs/Configures proxmox'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.4'
proxmox/README.md 000644 000765 000765 00000002657 12216640456 013154 0 ustar 00nico 000000 000000 proxmox Cookbook
================
TODO: Enter the cookbook description here.
e.g.
This cookbook makes your favorite breakfast sandwhich.
Requirements
------------
TODO: List your cookbook requirements. Be sure to include any requirements this cookbook has on platforms, libraries, other cookbooks, packages, operating systems, etc.
e.g.
#### packages
- `toaster` - proxmox needs toaster to brown your bagel.
Attributes
----------
TODO: List you cookbook attributes here.
e.g.
#### proxmox::default
Key |
Type |
Description |
Default |
['proxmox']['bacon'] |
Boolean |
whether to include bacon |
true |
Usage
-----
#### proxmox::default
TODO: Write usage instructions for each cookbook.
e.g.
Just include `proxmox` in your node's `run_list`:
```json
{
"name":"my_node",
"run_list": [
"recipe[proxmox]"
]
}
```
Contributing
------------
TODO: (optional) If this is a public cookbook, detail the process for contributing. If this is a private cookbook, remove this section.
e.g.
1. Fork the repository on Github
2. Create a named feature branch (like `add_component_x`)
3. Write you change
4. Write tests for your change (if applicable)
5. Run the tests, ensuring they all pass
6. Submit a Pull Request using Github
License and Authors
-------------------
Authors: TODO: List authors
proxmox/recipes/ 000755 000765 000765 00000000000 12255774245 013324 5 ustar 00nico 000000 000000 proxmox/spec/ 000755 000765 000765 00000000000 12216640456 012615 5 ustar 00nico 000000 000000 proxmox/templates/ 000755 000765 000765 00000000000 12234551653 013661 5 ustar 00nico 000000 000000 proxmox/templates/default/ 000755 000765 000765 00000000000 12235161273 015301 5 ustar 00nico 000000 000000 proxmox/templates/default/params.erb 000644 000765 000765 00000000443 12234657356 017272 0 ustar 00nico 000000 000000 #
# Shorewall version 3.2 - Params File
#
# /etc/shorewall/params
#
#
###############################################################################
NET_IF=eth0
VZ_NETS="<%= @vz_network %>/24"
ADMIN=<%= @ip_admin.join(',') %>
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
proxmox/templates/default/routestopped.erb 000644 000765 000765 00000001331 12234656476 020543 0 ustar 00nico 000000 000000 #
# Shorewall version 4.0 - Sample Routestopped File for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-routestopped"
##############################################################################
#INTERFACE HOST(S) OPTIONS
#eth1 -
proxmox/templates/default/rules.erb 000644 000765 000765 00000003054 12235161272 017126 0 ustar 00nico 000000 000000 #
# Shorewall version 4.0 - Sample Rules File for two-interface configuration.
# Copyright (C) 2006,2007 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-rules"
#############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
MySSH(ACCEPT) all $FW
Proxmox(ACCEPT) all $FW
Nagios(ACCEPT) net:$ADMIN $FW
SSH(ACCEPT) net:$ADMIN $FW
Ping(ACCEPT) all all
# <%= @ip_root %> # Root
SHELL cat /etc/shorewall/rules.d.root/*.rules 2> /dev/null || true
<% if @ip_staging %># <%= @ip_staging %> # Staging
SHELL cat /etc/shorewall/rules.d.staging/*.rules 2> /dev/null || true
<% end %>
<% if @ip_production %># <%= @ip_production %> # Production
SHELL cat /etc/shorewall/rules.d.production/*.rules 2> /dev/null || true
<% end %>
# VM
SHELL cat /etc/shorewall/rules.d.vm/*.rules 2> /dev/null || true
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
proxmox/spec/default_spec.rb 000644 000765 000765 00000000324 12216640456 015577 0 ustar 00nico 000000 000000 require 'chefspec'
describe 'proxmox::default' do
chef_run = ChefSpec::ChefRunner.new
chef_run.converge 'proxmox::default'
it "should deploy a proxmox server" do
#runner = expect(chef_run)
end
end
proxmox/recipes/default.rb 000644 000765 000765 00000004034 12242362256 015265 0 ustar 00nico 000000 000000 #
# Cookbook Name:: proxmox
# Recipe:: default
#
# Copyright 2013, ReHost
#
# All rights reserved - Do Not Redistribute
#
%w{bind9utils bind9}.each do |pkg|
package pkg do
action :purge
end
end
package "dnsmasq"
if node['proxmox']['lvm']
directory "/var/lib/vz" do
action :create
end
LV = `lvs --noheadings`
VG = `vgs --noheadings`
volumes = LV.split(/\n/).map { |v| v.split(/ +/)[1] }
vg = VG.split(/\n/).map { |v| v.split(/ +/)[1] }.uniq[0]
unless volumes.include? 'vz'
Chef::Log.info "Need to create vz lv"
bash "create-/dev/#{vg}/vz" do
code <<-EOH
/sbin/lvcreate -L 10G --name vz #{vg} && /sbin/mkfs.ext3 /dev/#{vg}/vz
/bin/mv /var/lib/vz /var/lib/vz.bak ; /bin/mkdir /var/lib/vz
EOH
end
mount "/var/lib/vz" do
fstype "ext3"
device "/dev/#{vg}/vz"
options "defaults,noatime,nodiratime"
action [:mount, :enable]
end
bash "finish-with-/var/lib/vz.bak-move" do
code "/bin/mv /var/lib/vz.bak/* /var/lib/vz/ ; /bin/rmdir /var/lib/vz.bak"
end
end
end
file '/etc/grub.d/06_OVHkernel' do
action :delete
end
cookbook_file '/etc/sysctl.d/disableipv6.conf' do
mode '0444'
owner 'root'
group 'root'
end
cookbook_file '/etc/grub.d/10_linux' do
source '10_linux'
mode '0555'
owner 'root'
group 'root'
end
cookbook_file '/etc/apt/sources.list.d/pve-enterprise.list' do
source 'pve-enterprise.list'
mode '0444'
owner 'root'
group 'root'
end
apt_repository 'proxmox' do
uri 'http://download.proxmox.com/debian'
distribution "wheezy"
components [ "pve" ]
key "http://download.proxmox.com/debian/key.asc"
end
node['proxmox']['packages-stage1'].each do |pkg|
package pkg do
action :install
end
end
ruby_block "Check if pve kernel is running" do
block do
unless node['kernel']['release'] =~ /-pve$/
Chef::Application.fatal!("Need to reboot")
exit 0
end
end
end
node['proxmox']['packages'].each do |pkg|
package pkg do
action :install
options '-o Dpkg::Options::="--force-confold"'
end
end
proxmox/recipes/fw.rb 000644 000765 000765 00000002407 12235456534 014264 0 ustar 00nico 000000 000000 #
# Cookbook Name:: proxmox
# Recipe:: fw
#
# Copyright 2013, ReHost
#
# All rights reserved - Do Not Redistribute
#
package 'shorewall'
%w{
interfaces masq modules
policy shorewall shorewall.conf zones
macro.MySSH macro.Nagios macro.Proxmox
}.each do |filename|
cookbook_file "/etc/shorewall/#{ filename }" do
source "shorewall/#{filename}"
owner 'root'
group 'root'
mode '0444'
end
end
cookbook_file "/etc/default/shorewall" do
source "shorewall/shorewall"
owner 'root'
group 'root'
mode '0444'
end
%w{ params routestopped rules }.each do |filename|
template "/etc/shorewall/#{ filename }" do
source "#{filename}.erb"
owner 'root'
group 'root'
mode '0444'
variables({
:vz_network => node['proxmox']['network']['vz'],
:ip_admin => node['proxmox']['ip']['admin'],
:ip_root => node['proxmox']['ip']['root'],
:ip_staging => node['proxmox']['ip']['staging'],
:ip_production => node['proxmox']['ip']['production'],
})
end
end
%w{ root staging production vm }.each do |directory|
directory "/etc/shorewall/rules.d.#{directory}" do
owner 'root'
group 'root'
mode '0755'
end
end
service 'shorewall' do
supports :restart => true
action [:enable, :start]
end
proxmox/files/default/ 000755 000765 000765 00000000000 12235456451 014412 5 ustar 00nico 000000 000000 proxmox/files/default/10_linux 000755 000765 000765 00000013422 12216654775 016011 0 ustar 00nico 000000 000000 #! /bin/sh
set -e
# grub-mkconfig helper script.
# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
#
# GRUB is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# GRUB is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GRUB. If not, see .
prefix="/usr"
exec_prefix="${prefix}"
datarootdir="${prefix}/share"
. "${datarootdir}/grub/grub-mkconfig_lib"
export TEXTDOMAIN=grub
export TEXTDOMAINDIR="${datarootdir}/locale"
CLASS="--class gnu-linux --class gnu --class os"
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
OS=GNU/Linux
else
OS="${GRUB_DISTRIBUTOR} GNU/Linux"
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1) ${CLASS}"
fi
# loop-AES arranges things so that /dev/loop/X can be our root device, but
# the initrds that Linux uses don't like that.
case ${GRUB_DEVICE} in
/dev/loop/*|/dev/loop[0-9])
GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"`
# We can't cope with devices loop-mounted from files here.
case ${GRUB_DEVICE} in
/dev/*) ;;
*) exit 0 ;;
esac
;;
esac
if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \
|| ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \
|| uses_abstraction "${GRUB_DEVICE}" lvm; then
LINUX_ROOT_DEVICE=${GRUB_DEVICE}
else
LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
fi
if [ "x`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2>/dev/null || true`" = xbtrfs ] \
|| [ "x`stat -f --printf=%T /`" = xbtrfs ]; then
rootsubvol="`make_system_path_relative_to_its_root /`"
rootsubvol="${rootsubvol#/}"
if [ "x${rootsubvol}" != x ]; then
GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}"
fi
fi
linux_entry ()
{
os="$1"
version="$2"
recovery="$3"
args="$4"
if ${recovery} ; then
title="$(gettext_quoted "%s, with Linux %s (recovery mode)")"
else
title="$(gettext_quoted "%s, with Linux %s")"
fi
printf "menuentry '${title}' ${CLASS} {\n" "${os}" "${version}"
if ! ${recovery} ; then
save_default_entry | sed -e "s/^/\t/"
fi
# Use ELILO's generic "efifb" when it's known to be available.
# FIXME: We need an interface to select vesafb in case efifb can't be used.
if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then
cat << EOF
load_video
EOF
else
if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then
cat << EOF
load_video
EOF
fi
cat << EOF
set gfxpayload=$GRUB_GFXPAYLOAD_LINUX
EOF
fi
cat << EOF
insmod gzio
EOF
if [ x$dirname = x/ ]; then
if [ -z "${prepare_root_cache}" ]; then
prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | sed -e "s/^/\t/")"
fi
printf '%s\n' "${prepare_root_cache}"
else
if [ -z "${prepare_boot_cache}" ]; then
prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | sed -e "s/^/\t/")"
fi
printf '%s\n' "${prepare_boot_cache}"
fi
message="$(gettext_printf "Loading Linux %s ..." ${version})"
cat << EOF
echo '$message'
linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
EOF
if test -n "${initrd}" ; then
message="$(gettext_printf "Loading initial ramdisk ...")"
cat << EOF
echo '$message'
initrd ${rel_dirname}/${initrd}
EOF
fi
cat << EOF
}
EOF
}
case x`uname -m` in
xi?86 | xx86_64)
list=`for i in /boot/vmlinuz-*-pve ; do
if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
done` ;;
*)
list=`for i in /boot/vmlinuz-*-pve ; do
if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
done` ;;
esac
prepare_boot_cache=
prepare_root_cache=
while [ "x$list" != "x" ] ; do
linux=`version_find_latest $list`
echo "Found linux image: $linux" >&2
basename=`basename $linux`
dirname=`dirname $linux`
rel_dirname=`make_system_path_relative_to_its_root $dirname`
version=`echo $basename | sed -e "s,^[^0-9]*-,,g"`
alt_version=`echo $version | sed -e "s,\.old$,,g"`
linux_root_device_thisversion="${LINUX_ROOT_DEVICE}"
initrd=
for i in "initrd.img-${version}" "initrd-${version}.img" \
"initrd-${version}" "initramfs-${version}.img" \
"initrd.img-${alt_version}" "initrd-${alt_version}.img" \
"initrd-${alt_version}" "initramfs-${alt_version}.img" \
"initramfs-genkernel-${version}" \
"initramfs-genkernel-${alt_version}"; do
if test -e "${dirname}/${i}" ; then
initrd="$i"
break
fi
done
config=
for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
if test -e "${i}" ; then
config="${i}"
break
fi
done
initramfs=
if test -n "${config}" ; then
initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"`
fi
if test -n "${initrd}" ; then
echo "Found initrd image: ${dirname}/${initrd}" >&2
elif test -z "${initramfs}" ; then
# "UUID=" magic is parsed by initrd or initramfs. Since there's
# no initrd or builtin initramfs, it can't work here.
linux_root_device_thisversion=${GRUB_DEVICE}
fi
linux_entry "${OS}" "${version}" false \
"${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then
linux_entry "${OS}" "${version}" true \
"single ${GRUB_CMDLINE_LINUX}"
fi
list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
done
proxmox/files/default/disableipv6.conf 000644 000765 000765 00000000041 12235226334 017457 0 ustar 00nico 000000 000000 net.ipv6.conf.all.disable_ipv6=1
proxmox/files/default/pve-enterprise.list 000644 000765 000765 00000000102 12217030643 020237 0 ustar 00nico 000000 000000 # deb https://enterprise.proxmox.com/debian wheezy pve-enterprise
proxmox/files/default/shorewall/ 000755 000765 000765 00000000000 12235450470 016405 5 ustar 00nico 000000 000000 proxmox/files/default/shorewall/interfaces 000644 000765 000765 00000001562 12234554045 020461 0 ustar 00nico 000000 000000 #
# Shorewall version 4.0 - Sample Interfaces File for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-interfaces"
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net $NET_IF - tcpflags,proxyarp=1
vz venet0 - logmartians=0,routefilter=0,nets=($VZ_NETS),routeback,bridge
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
proxmox/files/default/shorewall/macro.MySSH 000644 000765 000765 00000000541 12234551500 020366 0 ustar 00nico 000000 000000 #
# Shorewall version 3.4 - JabberSecure (ssl) Macro
#
# macro.MySSH
#
# This macro accepts my SSH traffic
#
###############################################################################
#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/
# PORT(S) PORT(S) LIMIT GROUP
PARAM - - tcp 223
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
proxmox/files/default/shorewall/macro.Nagios 000644 000765 000765 00000000643 12234551500 020646 0 ustar 00nico 000000 000000 # Shorewall version 4 - Nagios Macro
#
# /etc/shorewall/macro.Nagios
#
# This macro handles Nagios Plugin
#
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
# PORT(S) PORT(S) LIMIT GROUP
PARAM - - tcp 5666
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
proxmox/files/default/shorewall/macro.Proxmox 000644 000765 000765 00000000640 12235161211 021074 0 ustar 00nico 000000 000000 # Shorewall version 4 - Nagios Proxmox
#
# /etc/shorewall/macro.Proxmox
#
# This macro handles Proxmox
#
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
# PORT(S) PORT(S) LIMIT GROUP
PARAM - - tcp 8006
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
proxmox/files/default/shorewall/masq 000644 000765 000765 00000001430 12234554133 017267 0 ustar 00nico 000000 000000 #
# Shorewall version 4.0 - Sample Masq file for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-masq"
###############################################################################
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8,\
169.254.0.0/16,\
172.16.0.0/12,\
192.168.0.0/16
proxmox/files/default/shorewall/modules 000644 000765 000765 00000007567 12234551500 020012 0 ustar 00nico 000000 000000 #
# Shorewall version 4 - Modules File
#
# /usr/share/shorewall/modules
#
# This file loads the modules that may be needed by the firewall.
#
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
# dependency order. i.e., if M2 depends on M1 then you must load M1
# before you load M2.
#
# If you need to modify this file, copy it to /etc/shorewall and modify the
# copy.
#
###############################################################################
#
# Essential Modules
#
loadmodule nfnetlink
loadmodule x_tables
loadmodule ip_tables
loadmodule iptable_filter
loadmodule iptable_mangle
loadmodule ip_conntrack
loadmodule nf_conntrack
loadmodule nf_conntrack_ipv4
loadmodule iptable_nat
loadmodule xt_state
loadmodule xt_tcpudp
loadmodule ipt_LOG
#
# Other xtables modules
#
loadmodule xt_CLASSIFY
loadmodule xt_connmark
loadmodule xt_CONNMARK
loadmodule xt_conntrack
loadmodule xt_dccp
loadmodule xt_dscp
loadmodule xt_DSCP
loadmodule xt_hashlimit
loadmodule xt_helper
loadmodule xt_ipp2p
loadmodule xt_iprange
loadmodule xt_length
loadmodule xt_limit
loadmodule xt_mac
loadmodule xt_mark
loadmodule xt_MARK
loadmodule xt_multiport
loadmodule xt_NFLOG
loadmodule xt_NFQUEUE
loadmodule xt_owner
loadmodule xt_physdev
loadmodule xt_pkttype
loadmodule xt_tcpmss
loadmodule xt_IPMARK
loadmodule xt_TPROXY
#
# Helpers
#
loadmodule ip_conntrack_amanda
loadmodule ip_conntrack_ftp
loadmodule ip_conntrack_h323
loadmodule ip_conntrack_irc
loadmodule ip_conntrack_netbios_ns
loadmodule ip_conntrack_pptp
loadmodule ip_conntrack_sip
loadmodule ip_conntrack_tftp
loadmodule ip_nat_amanda
loadmodule ip_nat_ftp
loadmodule ip_nat_h323
loadmodule ip_nat_irc
loadmodule ip_nat_pptp
loadmodule ip_nat_sip
loadmodule ip_nat_snmp_basic
loadmodule ip_nat_tftp
loadmodule ip_set
loadmodule ip_set_iphash
loadmodule ip_set_ipmap
loadmodule ip_set_macipmap
loadmodule ip_set_portmap
#
# Ipset
#
loadmodule ip_set
loadmodule ip_set_iphash
loadmodule ip_set_ipmap
loadmodule ip_set_ipporthash
loadmodule ip_set_iptree
loadmodule ip_set_iptreemap
loadmodule ip_set_macipmap
loadmodule ip_set_nethash
loadmodule ip_set_portmap
loadmodule ipt_SET
loadmodule ipt_set
#
# 2.6.20+ helpers
#
loadmodule nf_conntrack_ftp ports=21,2121
loadmodule nf_conntrack_h323
loadmodule nf_conntrack_irc
loadmodule nf_conntrack_netbios_ns
loadmodule nf_conntrack_netlink
loadmodule nf_conntrack_pptp
loadmodule nf_conntrack_proto_gre
loadmodule nf_conntrack_proto_sctp
loadmodule nf_conntrack_sip
loadmodule nf_conntrack_tftp
loadmodule nf_conntrack_sane
loadmodule nf_nat_amanda
loadmodule nf_nat_ftp
loadmodule nf_nat_h323
loadmodule nf_nat_irc
loadmodule nf_nat
loadmodule nf_nat_pptp
loadmodule nf_nat_proto_gre
loadmodule nf_nat_sip
loadmodule nf_nat_snmp_basic
loadmodule nf_nat_tftp
#
# Traffic Shaping
#
loadmodule sch_sfq
loadmodule sch_ingress
loadmodule sch_hfsc
loadmodule sch_htb
loadmodule cls_u32
loadmodule cls_fw
loadmodule cls_flow
loadmodule act_police
#
# Extensions
#
loadmodule ipt_addrtype
loadmodule ipt_ah
loadmodule ipt_CLASSIFY
loadmodule ipt_CLUSTERIP
loadmodule ipt_comment
loadmodule ipt_connmark
loadmodule ipt_CONNMARK
loadmodule ipt_conntrack
loadmodule ipt_dscp
loadmodule ipt_DSCP
loadmodule ipt_ecn
loadmodule ipt_ECN
loadmodule ipt_esp
loadmodule ipt_hashlimit
loadmodule ipt_helper
loadmodule ipt_ipp2p
loadmodule ipt_iprange
loadmodule ipt_length
loadmodule ipt_limit
loadmodule ipt_LOG
loadmodule ipt_mac
loadmodule ipt_mark
loadmodule ipt_MARK
loadmodule ipt_MASQUERADE
loadmodule ipt_multiport
loadmodule ipt_NETMAP
loadmodule ipt_NOTRACK
loadmodule ipt_owner
loadmodule ipt_physdev
loadmodule ipt_pkttype
loadmodule ipt_policy
loadmodule ipt_realm
loadmodule ipt_recent
loadmodule ipt_REDIRECT
loadmodule ipt_REJECT
loadmodule ipt_SAME
loadmodule ipt_sctp
loadmodule ipt_set
loadmodule ipt_state
loadmodule ipt_tcpmss
loadmodule ipt_TCPMSS
loadmodule ipt_tos
loadmodule ipt_TOS
loadmodule ipt_ttl
loadmodule ipt_TTL
loadmodule ipt_ULOG
proxmox/files/default/shorewall/policy 000644 000765 000765 00000001533 12234667374 017645 0 ustar 00nico 000000 000000 #
# Shorewall version 4.0 - Sample Policy File for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-policy"
###############################################################################
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
fw all ACCEPT
vz fw ACCEPT
vz net ACCEPT
net all DROP info
all fw REJECT info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
proxmox/files/default/shorewall/shorewall 000644 000765 000765 00000001140 12234552052 020322 0 ustar 00nico 000000 000000 # prevent startup with default configuration
# set the following varible to 1 in order to allow Shorewall to start
startup=1
# If your Shorewall configuration requires detection of the ip address of a ppp
# interface, you must list such interfaces in "wait_interface" to get Shorewall
# to wait until the interface is configured. Otherwise the script will fail
# because it won't be able to detect the IP address.
#
# Example:
# wait_interface="ppp0"
# or
# wait_interface="ppp0 ppp1"
# or, if you have defined in /etc/shorewall/params
# wait_interface=
#
# Startup options
#
OPTIONS=""
# EOF
proxmox/files/default/shorewall/shorewall.conf 000644 000765 000765 00000011600 12234556425 021260 0 ustar 00nico 000000 000000 ###############################################################################
#
# Shorewall version 4.0 - Sample shorewall.conf for two-interface
# configuration.
# Copyright (C) 2006,2007 by the Shorewall Team
# 2011 by Thomas M. Eastep
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#
# For information about the settings in this file, type "man shorewall.conf"
#
# The manpage is also online at
# http://shorewall.net/manpages/shorewall.conf.html
#
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
STARTUP_ENABLED=Yes # Custom
###############################################################################
# V E R B O S I T Y
###############################################################################
VERBOSITY=1
###############################################################################
# L O G G I N G
###############################################################################
BLACKLIST_LOGLEVEL=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL=info
###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
PERL=/usr/bin/perl
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=
TC=
###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
ACCEPT_DEFAULT="none"
DROP_DEFAULT="Drop"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Reject"
###############################################################################
# R S H / R C P C O M M A N D S
###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
###############################################################################
# F I R E W A L L O P T I O N S
###############################################################################
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTO_COMMENT=Yes
AUTOMAKE=No
BLACKLISTNEWONLY=Yes
CLAMPMSS=Yes
CLEAR_TC=Yes
COMPLETE=No
DISABLE_IPV6=Yes # Custom
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
LOAD_HELPERS_ONLY=Yes
LEGACY_FASTSTART=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX=ko
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=1
OPTIMIZE_ACCOUNTING=No
REQUIRE_INTERFACE=No
RESTORE_DEFAULT_ROUTE=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes # Custom
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
################################################################################
# L E G A C Y O P T I O N
# D O N O T D E L E T E O R A L T E R
################################################################################
IPSECFILE=zones
#LAST LINE -- DO NOT REMOVE
proxmox/files/default/shorewall/zones 000644 000765 000765 00000001477 12234554757 017513 0 ustar 00nico 000000 000000 #
# Shorewall version 4.0 - Sample Zones File for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-zones"
###############################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
# OPTIONS OPTIONS
fw firewall
net ipv4
vz ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
proxmox/attributes/default.rb 000644 000765 000765 00000000542 12235223713 016015 0 ustar 00nico 000000 000000 #
# Cookbook Name:: rehost-proxmox
# Recipe:: default
#
# Copyright 2013, ReHost
#
# All rights reserved - Do Not Redistribute
#
default['proxmox']['packages-stage1'] = %w{pve-firmware pve-kernel-2.6.32-23-pve pve-headers-2.6.32-23-pve}
default['proxmox']['packages'] = %w{proxmox-ve-2.6.32 ksm-control-daemon vzprocps}
default['proxmox']['lvm'] = true