ansible/firewall: support loading config from /mnt/permanent/config.d, drop "development" var from ansible (!414) · Merge requests · gfx-ci / CI-tron

clayton craft requested to merge craftyguy/valve-infra:firewall_config.d into master Nov 11, 2022

The only thing "development=true" was used for in ansible was injecting fw config to allow connections to/from qemu, which is only used by vivian. With this series, vivian manages any fw config it requires, and does this by pushing it to /mnt/permanent/config.d/nftables/ when setting up the gateway.

This is also required for running integration tests in CI (!409 (merged)), since we do not want to have to create an images specifically for testing in CI.

Lastly, this allows running vivian without having to build an image first for it, since vivian is now capable of satisfying any requirements itself.

Admin message

ansible/firewall: support loading config from /mnt/permanent/config.d, drop "development" var from ansible

Merge request reports