)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"2e076516ad0a25ec40beacc246e073302e4a5c73","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"f4865060_4e3401e8","updated":"2026-03-18 13:58:58.000000000","message":"OK, I\u0027m happy with this. I gave up trying to install iptables-legacy in the container to make it easier to flush the rules. This failed because we don\u0027t have epel enabled.","commit_id":"995416869f4074cb4352e1753b158e5e12a1de5b"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"b734dcd536588eb500a15470f4f9991652c5695c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"7ee6ea4a_9ea90c4c","updated":"2026-03-20 16:07:52.000000000","message":"Looks good I think","commit_id":"6e77e8a6828a43277a6c24e8565912b0a7782242"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"267f086816d87145ebb9124b5312e33d10f4eab5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"8cb5e5e4_0a31f9ed","updated":"2026-03-27 09:30:22.000000000","message":"recheck: mirrors playing up","commit_id":"bc638acab491f6f4e0c46a958ccc43fa8982ff4d"}],"docker/base/Dockerfile.j2":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"243acc15478194e7a48926542dff483f84ec8905","unresolved":true,"context_lines":[{"line_number":160,"context_line":"    {% set base_centos_yum_repos_to_disable \u003d ["},{"line_number":161,"context_line":"        \u0027centos-ceph-squid\u0027,"},{"line_number":162,"context_line":"        \u0027centos-nfv-openvswitch\u0027,"},{"line_number":163,"context_line":"        \u0027epel\u0027,"},{"line_number":164,"context_line":"        \u0027influxdb\u0027,"},{"line_number":165,"context_line":"        \u0027opensearch-2.x\u0027,"},{"line_number":166,"context_line":"        \u0027opensearch-dashboards-2.x\u0027,"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"db35be06_8a550903","side":"PARENT","line":163,"updated":"2026-03-25 05:41:28.000000000","message":"Why? We don\u0027t disable it, and then we enable? Doesn\u0027t make any sense.","commit_id":"7b4dddce681980af06d67d54d900d56e72ea4937"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"afa0983a86a10a9d2d060967b0b2873d95e1e191","unresolved":true,"context_lines":[{"line_number":160,"context_line":"    {% set base_centos_yum_repos_to_disable \u003d ["},{"line_number":161,"context_line":"        \u0027centos-ceph-squid\u0027,"},{"line_number":162,"context_line":"        \u0027centos-nfv-openvswitch\u0027,"},{"line_number":163,"context_line":"        \u0027epel\u0027,"},{"line_number":164,"context_line":"        \u0027influxdb\u0027,"},{"line_number":165,"context_line":"        \u0027opensearch-2.x\u0027,"},{"line_number":166,"context_line":"        \u0027opensearch-dashboards-2.x\u0027,"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"c6ca787c_ad328a1a","side":"PARENT","line":163,"in_reply_to":"0b1393f4_10323980","updated":"2026-03-25 16:50:16.000000000","message":"I think the best course of action is:\n1) Install peel\n2) Install dumb-init\n3) Disable EPEL\n4) Enable it only in the container that needs it via enable_extra_repos()","commit_id":"7b4dddce681980af06d67d54d900d56e72ea4937"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"6c4c32f861a938ea6e2164752df08074c45f6761","unresolved":false,"context_lines":[{"line_number":160,"context_line":"    {% set base_centos_yum_repos_to_disable \u003d ["},{"line_number":161,"context_line":"        \u0027centos-ceph-squid\u0027,"},{"line_number":162,"context_line":"        \u0027centos-nfv-openvswitch\u0027,"},{"line_number":163,"context_line":"        \u0027epel\u0027,"},{"line_number":164,"context_line":"        \u0027influxdb\u0027,"},{"line_number":165,"context_line":"        \u0027opensearch-2.x\u0027,"},{"line_number":166,"context_line":"        \u0027opensearch-dashboards-2.x\u0027,"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"1962c805_05eec8bb","side":"PARENT","line":163,"in_reply_to":"c6ca787c_ad328a1a","updated":"2026-03-27 11:46:12.000000000","message":"Done","commit_id":"7b4dddce681980af06d67d54d900d56e72ea4937"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"32d6f1b608fe8ef2d013ea8400e1d0fe47962287","unresolved":true,"context_lines":[{"line_number":160,"context_line":"    {% set base_centos_yum_repos_to_disable \u003d ["},{"line_number":161,"context_line":"        \u0027centos-ceph-squid\u0027,"},{"line_number":162,"context_line":"        \u0027centos-nfv-openvswitch\u0027,"},{"line_number":163,"context_line":"        \u0027epel\u0027,"},{"line_number":164,"context_line":"        \u0027influxdb\u0027,"},{"line_number":165,"context_line":"        \u0027opensearch-2.x\u0027,"},{"line_number":166,"context_line":"        \u0027opensearch-dashboards-2.x\u0027,"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"0b1393f4_10323980","side":"PARENT","line":163,"in_reply_to":"db35be06_8a550903","updated":"2026-03-25 16:38:25.000000000","message":"I did try a variant that removed the explicit enable:\n\nhttps://review.opendev.org/c/openstack/kolla/+/981096/6/docker/base/Dockerfile.j2\n\nbut that didn\u0027t work. I thought disabling than enabling was weirder. Enabling twice doesn\u0027t really matter. Do you you have a suggestion that would be better?","commit_id":"7b4dddce681980af06d67d54d900d56e72ea4937"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"243acc15478194e7a48926542dff483f84ec8905","unresolved":true,"context_lines":[{"line_number":192,"context_line":""},{"line_number":193,"context_line":"{% block base_redhat_binary_versionlock %}{% endblock %}"},{"line_number":194,"context_line":""},{"line_number":195,"context_line":"{# NOTE(mnasiadka): In EL10 we install dumb-init from epel. In EL9 we install iptables-legacy. #}"},{"line_number":196,"context_line":"{% if base_package_type \u003d\u003d \u0027rpm\u0027 %}"},{"line_number":197,"context_line":"RUN dnf config-manager --enable epel"},{"line_number":198,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"a7a0909f_f7e13e1c","line":195,"updated":"2026-03-25 05:41:28.000000000","message":"```suggestion\n{# NOTE(mnasiadka): EPEL is required for dumb-init in EL10 and iptables-legacy in EL9 #}\n```","commit_id":"6e77e8a6828a43277a6c24e8565912b0a7782242"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"32d6f1b608fe8ef2d013ea8400e1d0fe47962287","unresolved":false,"context_lines":[{"line_number":192,"context_line":""},{"line_number":193,"context_line":"{% block base_redhat_binary_versionlock %}{% endblock %}"},{"line_number":194,"context_line":""},{"line_number":195,"context_line":"{# NOTE(mnasiadka): In EL10 we install dumb-init from epel. In EL9 we install iptables-legacy. #}"},{"line_number":196,"context_line":"{% if base_package_type \u003d\u003d \u0027rpm\u0027 %}"},{"line_number":197,"context_line":"RUN dnf config-manager --enable epel"},{"line_number":198,"context_line":"{% endif %}"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"c1080646_1202b78b","line":195,"in_reply_to":"a7a0909f_f7e13e1c","updated":"2026-03-25 16:38:25.000000000","message":"Fix applied.","commit_id":"6e77e8a6828a43277a6c24e8565912b0a7782242"}],"releasenotes/notes/fixes-missing-iptables-nft-fd71eeee04c9345e.yaml":[{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"b57459ff9d091383be4ca49a8967b04d20a74955","unresolved":true,"context_lines":[{"line_number":24,"context_line":"    If you are updating to this release or newer, no action is required."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"    If you wish to continue using legacy iptables, the environment variable"},{"line_number":27,"context_line":"    ``KOLLA_LEGACY_IPTABLES`` can be used to force this. This only works when"},{"line_number":28,"context_line":"    using Centos Stream 9 or Rocky 9 containers unless you provide your own"},{"line_number":29,"context_line":"    iptables-legacy package; this is because iptables-legacy is not published"},{"line_number":30,"context_line":"    in EPEL 10. The recommendation is to switch to nftables."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"cb4a68c0_04325403","line":27,"updated":"2026-03-18 11:39:09.000000000","message":"I missed that this is disabled for centos and rocky...","commit_id":"7b83f6514576f8a95ef32be7cebb446d40154d16"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"2fe65b21947597534e31cc66a6f95dba04390e4f","unresolved":false,"context_lines":[{"line_number":24,"context_line":"    If you are updating to this release or newer, no action is required."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"    If you wish to continue using legacy iptables, the environment variable"},{"line_number":27,"context_line":"    ``KOLLA_LEGACY_IPTABLES`` can be used to force this. This only works when"},{"line_number":28,"context_line":"    using Centos Stream 9 or Rocky 9 containers unless you provide your own"},{"line_number":29,"context_line":"    iptables-legacy package; this is because iptables-legacy is not published"},{"line_number":30,"context_line":"    in EPEL 10. The recommendation is to switch to nftables."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"216280c1_4e00a1c6","line":27,"in_reply_to":"cb4a68c0_04325403","updated":"2026-03-18 11:59:44.000000000","message":"I\u0027ve dropped all mentions of KOLLA_IPTABLES_LEGACY. Technically we could support it on RHEL9 based distros, but seems more hassle than it is worth.","commit_id":"7b83f6514576f8a95ef32be7cebb446d40154d16"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"b734dcd536588eb500a15470f4f9991652c5695c","unresolved":true,"context_lines":[{"line_number":1,"context_line":"upgrade:"},{"line_number":2,"context_line":"  - |"},{"line_number":3,"context_line":"    On Rocky9 on CentOS Stream 9 based installations, VMs may be using legacy"},{"line_number":4,"context_line":"    iptables rules if you installed or upgraded before this release. You can"},{"line_number":5,"context_line":"    check by running ``iptables-legacy-save`` inside of the"},{"line_number":6,"context_line":"    ``neutron_openvswitch_agent`` container and looking for neutron rules."}],"source_content_type":"text/x-yaml","patch_set":7,"id":"0c55fdc8_41a5a015","line":3,"range":{"start_line":3,"start_character":14,"end_line":3,"end_character":16},"updated":"2026-03-20 16:07:52.000000000","message":"```suggestion\n    On Rocky9 or CentOS Stream 9 based installations, VMs may be using legacy\n```","commit_id":"6e77e8a6828a43277a6c24e8565912b0a7782242"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"115d9574a19b6cdb5094b6d193e8d88683dc0417","unresolved":false,"context_lines":[{"line_number":1,"context_line":"upgrade:"},{"line_number":2,"context_line":"  - |"},{"line_number":3,"context_line":"    On Rocky9 on CentOS Stream 9 based installations, VMs may be using legacy"},{"line_number":4,"context_line":"    iptables rules if you installed or upgraded before this release. You can"},{"line_number":5,"context_line":"    check by running ``iptables-legacy-save`` inside of the"},{"line_number":6,"context_line":"    ``neutron_openvswitch_agent`` container and looking for neutron rules."}],"source_content_type":"text/x-yaml","patch_set":7,"id":"4c51c467_7474d2c2","line":3,"range":{"start_line":3,"start_character":14,"end_line":3,"end_character":16},"in_reply_to":"0c55fdc8_41a5a015","updated":"2026-03-20 16:29:18.000000000","message":"Fix applied.","commit_id":"6e77e8a6828a43277a6c24e8565912b0a7782242"}]}