From 7c670efbfe67a9ace71223e3ad0a682005465f1d Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 24 Apr 2025 13:51:09 -0700
Subject: [PATCH] openqa: do not do the nftables switch on these until we have
 more time for testing

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/openqa_tap_workers | 1 +
 inventory/group_vars/openqa_workers     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/inventory/group_vars/openqa_tap_workers b/inventory/group_vars/openqa_tap_workers
index 3a27f7e555..5c0a2fb4a5 100644
--- a/inventory/group_vars/openqa_tap_workers
+++ b/inventory/group_vars/openqa_tap_workers
@@ -5,6 +5,7 @@ nft_custom_rules:
   - 'add rule ip filter FORWARD iifname "br0" counter accept'
   - 'add rule ip filter FORWARD iifname "{{ openqa_tap_iface }}" oifname "br0" ct state related,established counter accept'
   - 'add rule ip filter INPUT iifname "br0" counter accept'
+nftables: False
 # for iptables rules...maybe other stuff in future? both staging
 # and prod workers are in this group
 host_group: openqa-tap-workers
diff --git a/inventory/group_vars/openqa_workers b/inventory/group_vars/openqa_workers
index 99860f52d4..f7c3d89726 100644
--- a/inventory/group_vars/openqa_workers
+++ b/inventory/group_vars/openqa_workers
@@ -7,6 +7,7 @@ ipa_client_sudo_groups:
   - sysadmin-qa
 ipa_host_group: openqa-workers
 ipa_host_group_desc: OpenQA worker hosts
+nftables: False
 openqa_env: production
 openqa_env_prefix:
 # this is because openqa staging isn't really a staging host