kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

modify nodes and bundles for new nftables syntax

Browse source
This commit is contained in:
Franzi 2021-06-03 13:59:15 +02:00
parent ecb67d012b
commit d569b00960
Signed by: kunsi
GPG key ID: 12E3D2136B818350
30 changed files with 172 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

21
bundles/vmhost/items.py
View file

@ -3,3 +3,24 @@ files = {
'mode': '0755',
},
}
if node.has_bundle('nftables'):
# libvirt on debian depends on either iptables or firewalld. Since
# we're managing firewall rules using bundlewrap, we don't want either
# of thos to interfere. So we install firewalld, then ensure it is
# never running. After that, we ensure the bundlewrap managed rules
# are active.
svc_systemd['firewalld'] = {
'running': False,
'enabled': False,
'masked': True,
'needs': {
'pkg_apt:firewalld',
},
'needed_by': {
'svc_systemd:nftables',
},
'triggers': {
'svc_systemd:nftables:reload',
},
}

7
bundles/vmhost/metadata.py
View file

@ -28,3 +28,10 @@ if node.os == 'debian' and node.os_version[0] < 11:
if node.has_bundle('zfs'):
defaults['apt']['packages']['libvirt-daemon-driver-storage-zfs'] = {}
if node.has_bundle('nftables'):
defaults['apt']['packages']['firewalld'] = {
'needed_by': {
'pkg_apt:libvirt-daemon-system',
},
}