From 5e10a9160c96b238d788b1b196a4c3e80ba6a8bd Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Tue, 23 Dec 2025 17:13:56 -0800 Subject: [PATCH] ansible-test: disable xt_comment testcase for iptables (#86365) Signed-off-by: Abhijeet Kasurde --- .../iptables/tasks/chain_management.yml | 6 ++-- .../targets/iptables/tasks/main.yml | 27 ++--------------- .../targets/iptables/tasks/xt_comment.yml | 30 +++++++++++++++++++ 3 files changed, 36 insertions(+), 27 deletions(-) create mode 100644 test/integration/targets/iptables/tasks/xt_comment.yml diff --git a/test/integration/targets/iptables/tasks/chain_management.yml b/test/integration/targets/iptables/tasks/chain_management.yml index dae4103a2c..a7e3ed581b 100644 --- a/test/integration/targets/iptables/tasks/chain_management.yml +++ b/test/integration/targets/iptables/tasks/chain_management.yml @@ -52,7 +52,8 @@ source: 0.0.0.0 destination: 0.0.0.0 jump: DROP - comment: "FOOBAR-CHAIN RULE" + # FIXME: Enable when xt_comment is working on RHEL 10 + #comment: "FOOBAR-CHAIN RULE" - name: get the state of the iptable rules after rule is added to foobar chain become: true @@ -63,7 +64,8 @@ assert: that: - result is not failed - - '"FOOBAR-CHAIN RULE" in result.stdout' + # FIXME: Enable when xt_comment is working on RHEL 10 + # - '"FOOBAR-CHAIN RULE" in result.stdout' - name: flush the foobar chain become: true diff --git a/test/integration/targets/iptables/tasks/main.yml b/test/integration/targets/iptables/tasks/main.yml index ec88ab7711..8db7ce427f 100644 --- a/test/integration/targets/iptables/tasks/main.yml +++ b/test/integration/targets/iptables/tasks/main.yml @@ -35,29 +35,6 @@ # prevent attempts to upgrade the kernel and install kernel modules for a non-running kernel version exclude: "{{ 'kernel-core' if ansible_distribution == 'RedHat' else omit }}" -- name: install xt_comment for iptables `-m comment` tests on RHEL 10 - dnf: - name: - - kernel-modules-extra-{{ ansible_facts.kernel }} - state: present - exclude: - # prevent attempts to upgrade the kernel and install kernel modules for a non-running kernel version - - kernel-core - when: ansible_distribution == 'RedHat' - -- name: Use iptables with unnecessary extension match - iptables: - chain: INPUT - source: 8.8.8.8 - jump: DROP - match: comment - comment: Here to include an extension - register: unnecessary_extension - -- name: Assert success - assert: - that: - - unnecessary_extension is success - - unnecessary_extension.rule.count('-m comment') == 1 - +# FIXME: Disabling this test for now as it is not working on RHEL 10 +# - import_tasks: xt_comment.yml - import_tasks: chain_management.yml diff --git a/test/integration/targets/iptables/tasks/xt_comment.yml b/test/integration/targets/iptables/tasks/xt_comment.yml new file mode 100644 index 0000000000..d4c93cb6ba --- /dev/null +++ b/test/integration/targets/iptables/tasks/xt_comment.yml @@ -0,0 +1,30 @@ +--- +# test code for the iptables module +# Copyright: (c) Contributors to the Ansible project +# Copyright: (c) 2021, Éloi Rivard +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: install xt_comment for iptables `-m comment` tests on RHEL 10 + dnf: + name: + - kernel-modules-extra-{{ ansible_facts.kernel }} + state: present + exclude: + # prevent attempts to upgrade the kernel and install kernel modules for a non-running kernel version + - kernel-core + when: ansible_distribution == 'RedHat' + +- name: Use iptables with unnecessary extension match + iptables: + chain: INPUT + source: 8.8.8.8 + jump: DROP + match: comment + comment: Here to include an extension + register: unnecessary_extension + +- name: Assert success + assert: + that: + - unnecessary_extension is success + - unnecessary_extension.rule.count('-m comment') == 1