zuul/zuul-jobs
Code Issues Proposed changes

Add clear-firewall role

Browse Source 
Some jobs need to start with a clean slate of firewall rules so that
they can manage their own rules. Add a simple role that clears out
everything.

Change-Id: I92d3b02a6bd4f19460294ca5293dfbbd67bfd295
This commit is contained in:
Monty Taylor 2019-07-25 12:40:04 -04:00 committed by James E. Blair
parent a796a2cf48
commit 4a9d8b32e2
4 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/source/general-roles.rst
View File

@ -7,6 +7,7 @@ General Purpose Roles
.. zuul:autorole:: add-sshkey .. zuul:autorole:: add-sshkey
.. zuul:autorole:: bindep .. zuul:autorole:: bindep
.. zuul:autorole:: buildset-artifacts-location .. zuul:autorole:: buildset-artifacts-location
.. zuul:autorole:: clear-firewall
.. zuul:autorole:: configure-mirrors .. zuul:autorole:: configure-mirrors
.. zuul:autorole:: copy-build-sshkey .. zuul:autorole:: copy-build-sshkey
.. zuul:autorole:: download-artifact .. zuul:autorole:: download-artifact

5
roles/clear-firewall/README.rst Normal file
View File

@ -0,0 +1,5 @@
Clear firewall rules from test nodes
Some test workloads manage all of their own firewall rules, and
pre-existing firewall rules can pollute the system. This role
clears out firewall rules for both ipv4 and ipv6.

20
roles/clear-firewall/tasks/main.yaml Normal file
View File

@ -0,0 +1,20 @@
- name: Clear iptables rules
become: true
shell: |
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -t nat -F
ip6tables -t mangle -F
ip6tables -F
ip6tables -X
iptables -L
ip6tables -L

10
zuul-tests.d/general-roles-jobs.yaml
View File

@ -214,6 +214,15 @@
- name: ubuntu-xenial - name: ubuntu-xenial
label: ubuntu-xenial label: ubuntu-xenial
- job:
name: zuul-jobs-test-clear-firewall
description: Test the clear-firewall role
files:
- roles/clear-firewall/.*
run: test-playbooks/simple-role-test.yaml
vars:
role_name: clear-firewall
- job: - job:
name: zuul-jobs-test-dstat-graph name: zuul-jobs-test-dstat-graph
description: Test the dstat-graph roles description: Test the dstat-graph roles
@ -444,6 +453,7 @@
- zuul-jobs-test-base-roles-ubuntu-bionic - zuul-jobs-test-base-roles-ubuntu-bionic
- zuul-jobs-test-base-roles-ubuntu-trusty - zuul-jobs-test-base-roles-ubuntu-trusty
- zuul-jobs-test-base-roles-ubuntu-xenial - zuul-jobs-test-base-roles-ubuntu-xenial
- zuul-jobs-test-clear-firewall
- zuul-jobs-test-dstat-graph - zuul-jobs-test-dstat-graph
- zuul-jobs-test-multinode-roles-centos-7 - zuul-jobs-test-multinode-roles-centos-7
- zuul-jobs-test-multinode-roles-debian-stretch - zuul-jobs-test-multinode-roles-debian-stretch