From eedb679db95b281b2be0199d48876b8af64ea3a0 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Wed, 1 Apr 2020 16:47:01 +0200
Subject: [PATCH] Do not fail if /usr/sbin/nft is not present

In change Ia4a2a58aada3b893fa23e04722f0a7d77e05a981 we added some rules
to forcefully cleanup nftables in case those were changed outside our
control. Turns out that some Centos8 CI jobs do not have it installed.
Let's not fail in that cases.

Change-Id: I693d2b3c9de7135416d809b625cff62184a10668
Closes-Bug: #1870095
(cherry picked from commit aa019cdd5d84b6678395c18ff536b804a8b10005)
---
 .../tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
index 502845f33f..d08c3d56d3 100644
--- a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
+++ b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
@@ -79,7 +79,7 @@ outputs:
             - when: nftablesconf is changed
               block:
                 - name: Flush Nftables rules when nftables.conf changed
-                  command: /usr/sbin/nft flush ruleset
+                  shell: if [[ -x /usr/sbin/nft ]]; then /usr/sbin/nft flush ruleset; fi
                 - name: Restart iptables to restore firewall after flushing nftables
                   systemd:
                     state: reloaded