Actually move to nftables for any host with nftables: true (nothing atm). #2482

Merged

ryanlerch merged 1 commit from nft-swap into main 2025-03-03 21:22:46 +00:00

Conversation 16 Commits 1 Files changed 1 +2

james commented 2025-02-18 20:19:07 +00:00

Contributor

Copy link

I think this should be everything to get things installed, when a host has the nftables variable set to true.

I'm pretty sure I've missed at least something minor, but we could start testing a staging machine and see what happens.

I think this should be everything to get things installed, when a host has the nftables variable set to true. I'm pretty sure I've missed at least something minor, but we could start testing a staging machine and see what happens.

zuul commented 2025-02-18 20:48:14 +00:00

First-time contributor

Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/f4532e84b0e04ef3ac5e1b3070d8807e

• fi-ansible-lint-diff : FAILURE in 2m 35s
• fi-yamllint-diff : SUCCESS in 2m 27s

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci https://fedora.softwarefactory-project.io/zuul/buildset/f4532e84b0e04ef3ac5e1b3070d8807e - [fi-ansible-lint-diff ](https://fedora.softwarefactory-project.io/zuul/build/9340793dd94a496da57b13efaa223c90) : FAILURE in 2m 35s - [fi-yamllint-diff ](https://fedora.softwarefactory-project.io/zuul/build/9991e0dec6e643a7b798143a368f5e13) : SUCCESS in 2m 27s

zlopez commented 2025-02-19 08:03:20 +00:00

Contributor

Copy link

LGTM +1

LGTM +1

kevin commented 2025-02-19 19:23:37 +00:00

Contributor

Copy link

Shoud this be nftables for the tag?

Shoud this be nftables for the tag?

kevin commented 2025-02-19 19:30:06 +00:00

Contributor

Copy link

Oh, I updated roles/koji_builder/templates/osbuildapi-update.sh can you fold in the changes to the nft one?

Also, I am quite possibly missing it, but do we have anywhere that copies the templates to the host for nftables service to use?

Oh, I updated roles/koji_builder/templates/osbuildapi-update.sh can you fold in the changes to the nft one? Also, I am quite possibly missing it, but do we have anywhere that copies the templates to the host for nftables service to use?

james commented 2025-02-24 15:48:35 +00:00

Author

Contributor

Copy link

I used the iptables tag because I figured that might be used as a generic thing to say "this is firewall stuff" ... I can easily create a nftables tag if you know it won't cause extra changes.

The e7b50aaee4 change is just to not remove old entries anymore? The change I did was to comment out the flush line.

I used the iptables tag because I figured that might be used as a generic thing to say "this is firewall stuff" ... I can easily create a nftables tag if you know it won't cause extra changes. The e7b50aaee469fdded0ea650c7e7f4dd06e929609 change is just to not remove old entries anymore? The change I did was to comment out the flush line.

james commented 2025-02-25 14:19:50 +00:00

Author

Contributor

Copy link

1 new commit added

• Don't flush old osbuildapi entries in nftables land either.

**1 new commit added** * ``Don't flush old osbuildapi entries in nftables land either.``

zuul commented 2025-02-25 14:22:58 +00:00

First-time contributor

Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/4ef6279d11444ad481a756fb81478980

• fi-ansible-lint-diff : FAILURE in 2m 48s
• fi-yamllint-diff : SUCCESS in 2m 38s

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci https://fedora.softwarefactory-project.io/zuul/buildset/4ef6279d11444ad481a756fb81478980 - [fi-ansible-lint-diff ](https://fedora.softwarefactory-project.io/zuul/build/901825f161a64c5087720acd3c8426de) : FAILURE in 2m 48s - [fi-yamllint-diff ](https://fedora.softwarefactory-project.io/zuul/build/ea30c87be86049509ec6450e30d2ff6a) : SUCCESS in 2m 38s

kevin commented 2025-03-03 19:08:17 +00:00

Contributor

Copy link

nftables tag might be better... it's not a huge deal tho.

Yeah, just stops removing entries and swapping new one in, just keeps adding to the one existing one.

nftables tag might be better... it's not a huge deal tho. Yeah, just stops removing entries and swapping new one in, just keeps adding to the one existing one.

james commented 2025-03-03 19:43:06 +00:00

Author

Contributor

Copy link

1 new commit added

• Actually install the nftable template file.

**1 new commit added** * ``Actually install the nftable template file.``

zuul commented 2025-03-03 19:46:01 +00:00

First-time contributor

Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/2e4c3baf887e484187978ad21acafab6

• fi-ansible-lint-diff : FAILURE in 2m 38s
• fi-yamllint-diff : SUCCESS in 2m 30s

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci https://fedora.softwarefactory-project.io/zuul/buildset/2e4c3baf887e484187978ad21acafab6 - [fi-ansible-lint-diff ](https://fedora.softwarefactory-project.io/zuul/build/bacc46fcd2ce4b00ae8c3eaa587352c1) : FAILURE in 2m 38s - [fi-yamllint-diff ](https://fedora.softwarefactory-project.io/zuul/build/952af6cd1b5f4726baa49771039d7e17) : SUCCESS in 2m 30s

james commented 2025-03-03 21:17:44 +00:00

Author

Contributor

Copy link

2 new commits added

• Move staging builders to nftables.
• Add new osbuildapi-update-nft.cron entries, and get it installed when nftables.

**2 new commits added** * ``Move staging builders to nftables.`` * ``Add new osbuildapi-update-nft.cron entries, and get it installed when nftables.``

kevin commented 2025-03-03 21:20:40 +00:00

Contributor

Copy link

rebased onto c9b9086535

rebased onto c9b9086535ff04050f9fd48760c3981193a8d9be

kevin commented 2025-03-03 21:20:47 +00:00

Contributor

Copy link

rebased onto c9b9086535

rebased onto c9b9086535ff04050f9fd48760c3981193a8d9be

kevin commented 2025-03-03 21:22:28 +00:00

Contributor

Copy link

ok, lets give it a go!

ok, lets give it a go!

kevin commented 2025-03-03 21:22:50 +00:00

Contributor

Copy link

Pull-Request has been merged by kevin

Pull-Request has been merged by kevin

zuul commented 2025-03-03 21:26:07 +00:00

First-time contributor

Copy link

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/f33e315a7b134e90afe8049bd6489101

• fi-ansible-lint-diff : FAILURE in 5m 09s
• fi-yamllint-diff : SUCCESS in 2m 40s

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci https://fedora.softwarefactory-project.io/zuul/buildset/f33e315a7b134e90afe8049bd6489101 - [fi-ansible-lint-diff ](https://fedora.softwarefactory-project.io/zuul/build/28a8ee64b1a34d86861b6ee7c026c55b) : FAILURE in 5m 09s - [fi-yamllint-diff ](https://fedora.softwarefactory-project.io/zuul/build/a1eba536d9b9456c896d0f03e12f9a9c) : SUCCESS in 2m 40s

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

freeze-break-request

  

post-freeze

No labels

freeze-break-request

post-freeze

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

4 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Infrastructure/ansible#2482

No description provided.