on RHEL-9 there is no iptables package, we need to install
iptables-nft package here.
In CentOS Stream-9 and Fedora-34 onwards iptables-nft package
is available.[1]
But we also need to support other distros, so we are introducing
iptables_packages var and distro specific var files (having different
name) for installing iptables package.
[1]. https://pkgs.org/download/iptables-nft
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: I8d5d3182996fc1e83b7f4f7eb99cf4c347d6ef1f
This reverts commit 46b7b6e1c9.
This didn't end up changing the incidence of the iptables-save command
task failures.
Change-Id: I02e725d7330bc9b438a9864ea49510cca7fee524
Previously to persist the filewall we were including the
persistent-firewall role. This seems to occasionally break because the
second invocation of the role (on multinode jobs after setting up the
multinode bridge) fails with an RC of -13 when listing ipv4 iptables
roles. Then when we try to write them to disk the variable is empty.
One thought is that dynamically loading the role multiple times may be
confusing ansible. Use import_role to statically load the role instead
and see if this helps.
Change-Id: I2458f8eb4c2e4638336fa14e436e13b5a2263cce
We configured iptables rules but did not persist them.
This meant that rules would be flushed when restarting iptables or
the instance.
Change-Id: I9d90f55323a33d6a0f0dda1f7ab25d10984fa6cb
This adds nodes in a multi-node job to each other's firewalls so that
they can communicate with each other without restrictions.
Change-Id: Ic9eda6b951c5ecf5997fe9da3338980f2a8121b0