From 9db0d36614c5abdb0ccb02ff6b300bc0d277f672 Mon Sep 17 00:00:00 2001
From: yatinkarel <ykarel@redhat.com>
Date: Fri, 10 Jul 2020 11:22:18 +0530
Subject: [PATCH] Revert "[train/backport] Prevent nftables to interfere with
 tripleo firewall"

This reverts commit c3b24599d7055c4dead110d25d7479eca7a557fe.

Revert "Do not fail if /usr/sbin/nft is not present"

This reverts commit eedb679db95b281b2be0199d48876b8af64ea3a0.

The nftables rules are not enabled now after [1] so reverting
the original changes which are not needed.

[1] https://git.centos.org/rpms/nftables/c/3730f48

Related-Bug: #1870095
Related-Bug: #1869166
Closes-Bug: #1887112
Change-Id: Ib3309cbbd6f2ca300ec205528402a3836a6f34df
---
 .../tripleo-firewall-baremetal-puppet.yaml    | 39 +++++--------------
 1 file changed, 10 insertions(+), 29 deletions(-)

diff --git a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
index d08c3d56d3..393c8c1dbd 100644
--- a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
+++ b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
@@ -68,35 +68,16 @@ outputs:
         include ::tripleo::firewall
 
       host_prep_tasks:
-        list_concat:
-          - - name: Prevent Nftables to set up any rules
-              copy:
-                dest: /etc/sysconfig/nftables.conf
-                content: |
-                  # This file has been explicitely emptied and disabled by TripleO
-                  # so that nftables and iptables do not race each other
-              register: nftablesconf
-            - when: nftablesconf is changed
-              block:
-                - name: Flush Nftables rules when nftables.conf changed
-                  shell: if [[ -x /usr/sbin/nft ]]; then /usr/sbin/nft flush ruleset; fi
-                - name: Restart iptables to restore firewall after flushing nftables
-                  systemd:
-                    state: reloaded
-                    name: "{{item}}"
-                  loop:
-                     - iptables.service
-                     - ip6tables.service
-          - if:
-            - no_ctlplane
-            - -
-                name: Ensure ctlplane subnet is set
-                fail:
-                msg: |
-                  No CIDRs found in the ctlplane network tags.
-                  Please refer to the documentation in order to
-                  set the correct network tags in DeployedServerPortMap.
-            - null
+        if:
+        - no_ctlplane
+        -
+          name: Ensure ctlplane subnet is set
+          fail:
+            msg: |
+              No CIDRs found in the ctlplane network tags.
+              Please refer to the documentation in order to
+              set the correct network tags in DeployedServerPortMap.
+        - null
 
       deploy_steps_tasks:
         - when: step|int == 0