koji_builder: use iptables backend for libvirt
In f41+ libvirt defaults to using nftables if both it and iptables are installed, but it doesn't seem to work with imagefactory/oz virt instances and our iptables setup. So, lets revert back to iptables for now. We can switch back if we can fix the incompatiblity, switch builders to nftables, or stop using oz/IF Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
73db9ea127
commit
f5089257fd
2 changed files with 46 additions and 0 deletions
29
roles/koji_builder/files/network.conf
Normal file
29
roles/koji_builder/files/network.conf
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
# Master configuration file for the network driver.
|
||||
# All settings described here are optional - if omitted, sensible
|
||||
# defaults are used.
|
||||
|
||||
# firewall_backend:
|
||||
#
|
||||
# determines which subsystem to use to setup firewall packet
|
||||
# filtering rules for virtual networks.
|
||||
#
|
||||
# Supported settings:
|
||||
#
|
||||
# iptables - use iptables commands to construct the firewall
|
||||
# nftables - use nft commands to construct the firewall
|
||||
#
|
||||
# If firewall_backend isn't configured, libvirt will choose the
|
||||
# first available backend from the following list:
|
||||
#
|
||||
# [nftables, iptables]
|
||||
#
|
||||
# If no backend is available on the host, then the network driver
|
||||
# will fail to start, and an error will be logged.
|
||||
#
|
||||
# (NB: switching from one backend to another while there are active
|
||||
# virtual networks *is* supported. The change will take place the
|
||||
# next time that libvirtd/virtnetworkd is restarted - all existing
|
||||
# virtual networks will have their old firewalls removed, and then
|
||||
# reloaded using the new backend.)
|
||||
#
|
||||
firewall_backend = "iptables"
|
||||
|
|
@ -236,6 +236,23 @@
|
|||
- koji_builder
|
||||
when: env != "staging"
|
||||
|
||||
# install libvirt/network.conf
|
||||
#
|
||||
# The default in f41+ is to use nftables, but it's not compatible with the
|
||||
# iptables setup we are using on the builders for some reason.
|
||||
# So, switch back to iptables until we switch to nftables, or move everying
|
||||
# away from oz/Imagefactory so we don't need virt instances for image builds
|
||||
# anymore.
|
||||
|
||||
- name: install libvirt/network.conf
|
||||
copy: src=network.conf dest=/etc/libvirt/network.conf
|
||||
notify:
|
||||
- restart virtnetworkd
|
||||
- restart libvirtd
|
||||
tags:
|
||||
- koji_builder
|
||||
when: env != "staging"
|
||||
|
||||
#
|
||||
# On primary we want to make a /mnt/koji link to /mnt/fedora_koji/koji
|
||||
#
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue