Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Enable nftables on all lab workers (but not prod yet)

Browse source 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2025-05-14 10:54:47 -07:00
parent a8f984464e
commit 177c2b3f2f
2 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
inventory/group_vars/openqa_lab_workers
View file

@ -7,6 +7,7 @@ ipa_client_sudo_groups:
- sysadmin-qa
ipa_host_group: openqa-lab-workers
ipa_host_group_desc: OpenQA Lab worker hosts
nftables: true
openqa_env: staging
openqa_env_prefix: stg-
# this is because openqa staging isn't really a staging host

1
inventory/group_vars/openqa_tap_workers
View file

@ -5,7 +5,6 @@ nft_custom_rules:
- 'add rule ip filter FORWARD iifname "br0" counter accept'
- 'add rule ip filter FORWARD iifname "{{ openqa_tap_iface }}" oifname "br0" ct state related,established counter accept'
- 'add rule ip filter INPUT iifname "br0" counter accept'
nftables: False
# for iptables rules...maybe other stuff in future? both staging
# and prod workers are in this group
host_group: openqa-tap-workers