Do not fail if /usr/sbin/nft is not present

In change Ia4a2a58aada3b893fa23e04722f0a7d77e05a981 we added some rules to forcefully cleanup nftables in case those were changed outside our control. Turns out that some Centos8 CI jobs do not have it installed. Let's not fail in that cases. Change-Id: I693d2b3c9de7135416d809b625cff62184a10668 Closes-Bug: #1870095
2020-04-01 16:47:01 +02:00 · 2020-04-01 16:47:01 +02:00 · aa019cdd5d
commit aa019cdd5d
parent d6728fa3b6
1 changed files with 1 additions and 1 deletions
--- a/deployment/tripleo-firewall/tripleo-firewall-baremetal-ansible.yaml
+++ b/deployment/tripleo-firewall/tripleo-firewall-baremetal-ansible.yaml
@ -73,7 +73,7 @@ outputs:
            - when: nftablesconf is changed
              block:
                - name: Flush Nftables rules when nftables.conf changed
-                  command: /usr/sbin/nft flush ruleset
+                  shell: if [[ -x /usr/sbin/nft ]]; then /usr/sbin/nft flush ruleset; fi
                - name: Restart iptables to restore firewall after flushing nftables
                  systemd:
                    state: reloaded