Remove nftables cron and disable service, when using iptables (for backout).

Signed-off-by: James Antill <james@and.org>
2025-03-31 09:44:44 -04:00 · 2025-03-31 09:44:44 -04:00 · 50d04f6e95
commit 50d04f6e95
parent af90bbb6c5
2 changed files with 17 additions and 0 deletions
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -271,6 +271,16 @@
  - baseiptables|bool
  - nftables

+- name: Nftables service disabled
+  service: name=nftables state=started enabled=false
+  tags:
+  - iptables
+  - service
+  - base
+  when:
+  - baseiptables|bool
+  - not nftables
+
 - name: Ip6tables
  ansible.builtin.template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes
  with_first_found:
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@ -415,6 +415,13 @@
  - koji_builder
  - koji_builder/osbuildapi

+- name: Remove cron job to run osbuild api ip update script every minute. (nftables)
+  ansible.builtin.file: path=/etc/cron.d/osbuildapi-update-nft.cron state=absent
+  when: not nftables
+  tags:
+  - koji_builder
+  - koji_builder/osbuildapi
+
 - name: Create override dir for systemd-nspawn containers config
  ansible.builtin.file:
    state: directory