Home Explore Help
Register Sign In
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2
Files Issues 0 Pull Requests 0
Browse Source

nftables: Don't purge iptables on docker and KVM hosts

  libvirt-daemon-system sadly depends on iptables since Debian Bullseye so we
  have to keep iptables installed, as it otherwise removes the package which
  contains the systemd files to start the libvirt daemon :-/

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
Maximilian Wilhelm 1 year ago
parent
57645b4099
commit
db28535889
2 changed files with 9 additions and 1 deletions
Split View Show Diff Stats
  1. 3 0
      _modules/ffho.py
  2. 6 1
      nftables/init.sls

+ 3 - 0
_modules/ffho.py
View File 

@@ -8,3 +8,6 @@ def re_search (pattern, string, flags = 0):
 
 
 def is_bool (value):
 
 	return type (value) == bool
 
+
 
+def any_item_in_list (items, list):
 
+	return len(set(items).intersection(set(list))) != 0

+ 6 - 1
nftables/init.sls
View File 

@@ -22,11 +22,16 @@ nftables:
 
    - watch_in:
 
      - service: nftables
 
 
+
 
+{% set no_purge_roles = ['docker', 'kvm'] %}
 
+{% set roles = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', [])%}
 
+{% set not_purge_iptables = salt['ffho.any_item_in_list'](no_purge_roles, roles) %}
 
+
 
 purge-iptables:
 
   pkg.purged:
 
     - pkgs:
 
       - iptables-persistent
 
-  {%- if not 'docker' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
 
+  {%- if not not_purge_iptables %}
 
       - iptables
 
   {%- endif %}