Merge pull request #884 from bshephar/OSPRH-14250

Always load custom nftables rules

roles/edpm_nftables/tasks/configure.yml

@@ -145,18 +145,6 @@
         group: root
         mode: "0600"
 
-    - name: Create a sentinel file when nft rules are changed
-      ansible.builtin.file:
-        path: /etc/nftables/edpm-rules.nft.changed
-        state: touch
-        owner: root
-        group: root
-        mode: "0600"
-      when:
-        - nft_ruleset is defined
-        - nft_ruleset is changed
-
-
 # We cannot use the "validate" parameter from the "template" module, since
 # we don't load the chains before. So let's validate now, with all the things.
 # Remember, the "iptables" compat layout is already loaded at this point.

roles/edpm_nftables/tasks/run.yml

@@ -26,22 +26,12 @@
 - name: Reload custom nftables ruleset files
   become: true
   block:
-    - name: Check if rules are changed
-      ansible.builtin.stat:
-        path: /etc/nftables/edpm-rules.nft.changed
-      register: nft_ruleset_changed
     - name: Reload ruleset
       ansible.builtin.shell: >-
         set -o pipefail;
         cat /etc/nftables/edpm-flushes.nft
         /etc/nftables/edpm-rules.nft
         /etc/nftables/edpm-update-jumps.nft | nft -f -
-      when: nft_ruleset_changed.stat.exists
       register: nft_reload_ruleset
       changed_when: nft_reload_ruleset.rc == 0
       failed_when: nft_reload_ruleset.rc != 0
-  always:
-    - name: Delete nft_ruleset_changed file
-      ansible.builtin.file:
-        path: /etc/nftables/edpm-rules.nft.changed
-        state: absent