etc/init.d/vz*: use separate IPTABLES_MODULES variable
This commit tries to untangle the mess caused by the fact that the IPTABLES
parameter in global vz.conf(5) configuration file was used for two purposes:
1. Set the list of kernel modules to load before loading OpenVZ modules.
2. Set the default IPTABLES/--iptables values for containers.
Now, not all iptables modules are recognized by vzctl (and have a dedicated
bit in iptables_mask passed on to the kernel). So in case you need to use
functionality (1) but the module is not recognized by vzctl, you get the
following warning (totally harmless, but pretty annoying):
Warning: Unknown iptable module: ipt_iprange, skipped
We solve this by having two separate variables in vz.conf:
IPTABLES: default for IPTABLES/--iptables value for CTs
IPTABLES_MODULES: list of kernel modules to preload
Now, to retain backward compatibility, we use IPTABLES for list
of modules to load if IPTABLES_MODULES is empty.
While at it, also
- document it in vz.conf(5) man page
- add the module loading functionality to vz-gentoo initscript
http://bugzilla.openvz.org/1814
Reported-by: Curtis <curtis@isparks.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
4 files changed