diff --git a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml index d08c3d56d3..393c8c1dbd 100644 --- a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml +++ b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml @@ -68,35 +68,16 @@ outputs: include ::tripleo::firewall host_prep_tasks: - list_concat: - - - name: Prevent Nftables to set up any rules - copy: - dest: /etc/sysconfig/nftables.conf - content: | - # This file has been explicitely emptied and disabled by TripleO - # so that nftables and iptables do not race each other - register: nftablesconf - - when: nftablesconf is changed - block: - - name: Flush Nftables rules when nftables.conf changed - shell: if [[ -x /usr/sbin/nft ]]; then /usr/sbin/nft flush ruleset; fi - - name: Restart iptables to restore firewall after flushing nftables - systemd: - state: reloaded - name: "{{item}}" - loop: - - iptables.service - - ip6tables.service - - if: - - no_ctlplane - - - - name: Ensure ctlplane subnet is set - fail: - msg: | - No CIDRs found in the ctlplane network tags. - Please refer to the documentation in order to - set the correct network tags in DeployedServerPortMap. - - null + if: + - no_ctlplane + - + name: Ensure ctlplane subnet is set + fail: + msg: | + No CIDRs found in the ctlplane network tags. + Please refer to the documentation in order to + set the correct network tags in DeployedServerPortMap. + - null deploy_steps_tasks: - when: step|int == 0