)]}'
{"tripleo_ansible/roles/tripleo-firewall/handlers/main.yml":[{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"6ae5d7e20a16006057abab85919af1316f0c26d5","unresolved":false,"context_lines":[{"line_number":23,"context_line":"- name: Save firewall rules ipv6"},{"line_number":24,"context_line":"  command: /usr/libexec/iptables/ip6tables.init save"},{"line_number":25,"context_line":"  become: true"},{"line_number":26,"context_line":"  listen: Save firewall rules"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"- name: Enable tripleo-iptables service (and do a daemon-reload systemd)"},{"line_number":29,"context_line":"  systemd:"}],"source_content_type":"text/x-yaml","patch_set":9,"id":"7faddb67_8b3266a6","line":26,"updated":"2019-08-16 20:48:41.000000000","message":"We need the following logic post save\n\nhttps://github.com/openstack/puppet-tripleo/blob/master/manifests/firewall.pp#L158-L194","commit_id":"33669499f950799f20edad8fab659be31f217442"},{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"70f247b410da38ba644a3d8c29a350b55d65b044","unresolved":false,"context_lines":[{"line_number":23,"context_line":"- name: Save firewall rules ipv6"},{"line_number":24,"context_line":"  command: /usr/libexec/iptables/ip6tables.init save"},{"line_number":25,"context_line":"  become: true"},{"line_number":26,"context_line":"  listen: Save firewall rules"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"- name: Enable tripleo-iptables service (and do a daemon-reload systemd)"},{"line_number":29,"context_line":"  systemd:"}],"source_content_type":"text/x-yaml","patch_set":9,"id":"7faddb67_0b1e760b","line":26,"in_reply_to":"7faddb67_8b3266a6","updated":"2019-08-16 20:49:24.000000000","message":"oh nm i see the follow up patch has this logic","commit_id":"33669499f950799f20edad8fab659be31f217442"}],"tripleo_ansible/roles/tripleo-firewall/tasks/main.yml":[{"author":{"_account_id":6816,"name":"Jesse Pretorius","email":"jesse@odyssey4.me","username":"jesse-pretorius"},"change_message_id":"f010930d0749190b2749490e15d176691c5aee8a","unresolved":false,"context_lines":[{"line_number":19,"context_line":"- name: Gather variables for each operating system"},{"line_number":20,"context_line":"  include_vars: \"{{ item }}\""},{"line_number":21,"context_line":"  with_first_found:"},{"line_number":22,"context_line":"    - skip: true"},{"line_number":23,"context_line":"      files:"},{"line_number":24,"context_line":"        - \"{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml\""},{"line_number":25,"context_line":"        - \"{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml\""}],"source_content_type":"text/x-yaml","patch_set":8,"id":"7faddb67_f79e6352","line":22,"range":{"start_line":22,"start_character":6,"end_line":22,"end_character":16},"updated":"2019-08-16 16:38:11.000000000","message":"Is this skip intentional? The package install task will fail if this is skipped because the appropriate file is not available for the target distro, so perhaps this argument should be removed?","commit_id":"1ac8745b138bb041a2104af26003055545a294a3"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"69dc0ea57336e5babd7544625ead1ac11bf87169","unresolved":false,"context_lines":[{"line_number":19,"context_line":"- name: Gather variables for each operating system"},{"line_number":20,"context_line":"  include_vars: \"{{ item }}\""},{"line_number":21,"context_line":"  with_first_found:"},{"line_number":22,"context_line":"    - skip: true"},{"line_number":23,"context_line":"      files:"},{"line_number":24,"context_line":"        - \"{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml\""},{"line_number":25,"context_line":"        - \"{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml\""}],"source_content_type":"text/x-yaml","patch_set":8,"id":"7faddb67_5a043ec6","line":22,"range":{"start_line":22,"start_character":6,"end_line":22,"end_character":16},"in_reply_to":"7faddb67_f79e6352","updated":"2019-08-16 17:05:24.000000000","message":"Done","commit_id":"1ac8745b138bb041a2104af26003055545a294a3"}],"tripleo_ansible/roles/tripleo-firewall/tasks/tripleo_firewall_add.yml":[{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"dfbba598fbbbbfac6b260c789e79e19a8ccbd7f5","unresolved":false,"context_lines":[{"line_number":25,"context_line":"- name: Ensure chains exist"},{"line_number":26,"context_line":"  shell: |-"},{"line_number":27,"context_line":"    EXIT_CODE\u003d0"},{"line_number":28,"context_line":"    if ! iptables --list \"test-chain\"; then"},{"line_number":29,"context_line":"      iptables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":30,"context_line":"      EXIT_CODE\u003d99"},{"line_number":31,"context_line":"    fi"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_a1446c48","line":28,"range":{"start_line":28,"start_character":25,"end_line":28,"end_character":37},"updated":"2019-08-13 11:38:04.000000000","message":"why it\u0027s \"test-chain\" hardcoded?","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"3987b3875a583273c1ed0d2dc3afac0b0357ec66","unresolved":false,"context_lines":[{"line_number":25,"context_line":"- name: Ensure chains exist"},{"line_number":26,"context_line":"  shell: |-"},{"line_number":27,"context_line":"    EXIT_CODE\u003d0"},{"line_number":28,"context_line":"    if ! iptables --list \"test-chain\"; then"},{"line_number":29,"context_line":"      iptables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":30,"context_line":"      EXIT_CODE\u003d99"},{"line_number":31,"context_line":"    fi"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_79f70c5b","line":28,"range":{"start_line":28,"start_character":25,"end_line":28,"end_character":37},"in_reply_to":"7faddb67_a1446c48","updated":"2019-08-13 14:42:22.000000000","message":"this is an oversight.","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"dfbba598fbbbbfac6b260c789e79e19a8ccbd7f5","unresolved":false,"context_lines":[{"line_number":29,"context_line":"      iptables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":30,"context_line":"      EXIT_CODE\u003d99"},{"line_number":31,"context_line":"    fi"},{"line_number":32,"context_line":"    if ! iptables --list \"test-chain\"; then"},{"line_number":33,"context_line":"      ip6tables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":34,"context_line":"      EXIT_CODE\u003d99"},{"line_number":35,"context_line":"    fi"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_41757897","line":32,"range":{"start_line":32,"start_character":25,"end_line":32,"end_character":37},"updated":"2019-08-13 11:38:04.000000000","message":"ditto","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"3987b3875a583273c1ed0d2dc3afac0b0357ec66","unresolved":false,"context_lines":[{"line_number":29,"context_line":"      iptables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":30,"context_line":"      EXIT_CODE\u003d99"},{"line_number":31,"context_line":"    fi"},{"line_number":32,"context_line":"    if ! iptables --list \"test-chain\"; then"},{"line_number":33,"context_line":"      ip6tables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":34,"context_line":"      EXIT_CODE\u003d99"},{"line_number":35,"context_line":"    fi"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_1994d8e7","line":32,"range":{"start_line":32,"start_character":25,"end_line":32,"end_character":37},"in_reply_to":"7faddb67_41757897","updated":"2019-08-13 14:42:22.000000000","message":"Done","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"35120b0eba187995778a0d5330f214b0428c9ae2","unresolved":false,"context_lines":[{"line_number":51,"context_line":"    comment: \"{{ item[\u0027rule_name\u0027] }} ipv4\""},{"line_number":52,"context_line":"    jump: \"{{ item[\u0027rule\u0027][\u0027jump\u0027] | default(\u0027ACCEPT\u0027) }}\""},{"line_number":53,"context_line":"    ctstate: \"{{ item[\u0027rule\u0027][\u0027ctstate\u0027] | default(\u0027NEW\u0027) }}\""},{"line_number":54,"context_line":"    ip_version: ipv4"},{"line_number":55,"context_line":"    state: \"present\""},{"line_number":56,"context_line":"  loop: \"{{ (item[\u0027rule\u0027][\u0027dport\u0027] is iterable) | ternary(item[\u0027rule\u0027][\u0027dport\u0027], [item[\u0027rule\u0027][\u0027dport\u0027]]) }}\""},{"line_number":57,"context_line":"  loop_control:"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_a1bf8ca8","line":54,"range":{"start_line":54,"start_character":4,"end_line":54,"end_character":20},"updated":"2019-08-13 12:02:16.000000000","message":"if these tasks are different by only ipv version, could it be just a loop parameter?","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"75eab83cea56df7f3c137db0ade0c13daf73b081","unresolved":false,"context_lines":[{"line_number":51,"context_line":"    comment: \"{{ item[\u0027rule_name\u0027] }} ipv4\""},{"line_number":52,"context_line":"    jump: \"{{ item[\u0027rule\u0027][\u0027jump\u0027] | default(\u0027ACCEPT\u0027) }}\""},{"line_number":53,"context_line":"    ctstate: \"{{ item[\u0027rule\u0027][\u0027ctstate\u0027] | default(\u0027NEW\u0027) }}\""},{"line_number":54,"context_line":"    ip_version: ipv4"},{"line_number":55,"context_line":"    state: \"present\""},{"line_number":56,"context_line":"  loop: \"{{ (item[\u0027rule\u0027][\u0027dport\u0027] is iterable) | ternary(item[\u0027rule\u0027][\u0027dport\u0027], [item[\u0027rule\u0027][\u0027dport\u0027]]) }}\""},{"line_number":57,"context_line":"  loop_control:"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_f9d21cd1","line":54,"range":{"start_line":54,"start_character":4,"end_line":54,"end_character":20},"in_reply_to":"7faddb67_a1bf8ca8","updated":"2019-08-13 14:41:25.000000000","message":"We\u0027d need a nested loop, I felt it was cleaner to use two separate tasks, however, I could used with_nested to achieve that.","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"dfbba598fbbbbfac6b260c789e79e19a8ccbd7f5","unresolved":false,"context_lines":[{"line_number":76,"context_line":"  loop_control:"},{"line_number":77,"context_line":"    loop_var: port"},{"line_number":78,"context_line":"  notify:"},{"line_number":79,"context_line":"    - Save firewall rules"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_a15d4c16","line":79,"range":{"start_line":79,"start_character":6,"end_line":79,"end_character":25},"updated":"2019-08-13 11:38:04.000000000","message":"I suppose it\u0027s \"Save firewall rules ipv6\"","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"35120b0eba187995778a0d5330f214b0428c9ae2","unresolved":false,"context_lines":[{"line_number":76,"context_line":"  loop_control:"},{"line_number":77,"context_line":"    loop_var: port"},{"line_number":78,"context_line":"  notify:"},{"line_number":79,"context_line":"    - Save firewall rules"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_e1c5843e","line":79,"range":{"start_line":79,"start_character":6,"end_line":79,"end_character":25},"in_reply_to":"7faddb67_a15d4c16","updated":"2019-08-13 12:02:16.000000000","message":"Oh, I see you run both handlers when \"Save firewall rules\", you can ignore this comment","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":28223,"name":"Cedric Jeanneret","display_name":"cjeanner (Tengu)","email":"cjeanner@redhat.com","username":"cjeanner"},"change_message_id":"23f251810b513e4e971fda6c3cb807b3f733f4f7","unresolved":false,"context_lines":[{"line_number":29,"context_line":"      iptables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":30,"context_line":"      EXIT_CODE\u003d99"},{"line_number":31,"context_line":"    fi"},{"line_number":32,"context_line":"    if ! iptables --list \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\"; then"},{"line_number":33,"context_line":"      ip6tables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":34,"context_line":"      EXIT_CODE\u003d99"},{"line_number":35,"context_line":"    fi"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"7faddb67_b5e578de","line":32,"range":{"start_line":32,"start_character":9,"end_line":32,"end_character":17},"updated":"2019-08-14 07:58:45.000000000","message":"ip6tables","commit_id":"1e9ca2a39c02378ebe308002c78dc581bb38cee4"},{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"237ef52fdcbfc85af037d43b6701609594bf91d4","unresolved":false,"context_lines":[{"line_number":29,"context_line":"      iptables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":30,"context_line":"      EXIT_CODE\u003d99"},{"line_number":31,"context_line":"    fi"},{"line_number":32,"context_line":"    if ! iptables --list \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\"; then"},{"line_number":33,"context_line":"      ip6tables -N \"{{ item[\u0027rule\u0027][\u0027chain\u0027] }}\""},{"line_number":34,"context_line":"      EXIT_CODE\u003d99"},{"line_number":35,"context_line":"    fi"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"7faddb67_9bb66a8a","line":32,"range":{"start_line":32,"start_character":9,"end_line":32,"end_character":17},"in_reply_to":"7faddb67_b5e578de","updated":"2019-08-14 13:11:11.000000000","message":"Cedric, it\u0027s fixed in next patch: https://review.opendev.org/#/c/676003/5/tripleo_ansible/roles/tripleo-firewall/tasks/tripleo_firewall_add.yml","commit_id":"1e9ca2a39c02378ebe308002c78dc581bb38cee4"}],"tripleo_ansible/roles/tripleo-firewall/tasks/tripleo_firewall_remove.yml":[{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"dfbba598fbbbbfac6b260c789e79e19a8ccbd7f5","unresolved":false,"context_lines":[{"line_number":27,"context_line":"    jump: \"{{ item[\u0027rule\u0027][\u0027jump\u0027] | default(\u0027ACCEPT\u0027) }}\""},{"line_number":28,"context_line":"    ctstate: \"{{ item[\u0027rule\u0027][\u0027ctstate\u0027] | default(\u0027NEW\u0027) }}\""},{"line_number":29,"context_line":"    ip_version: ipv4"},{"line_number":30,"context_line":"    state: \"absent\""},{"line_number":31,"context_line":"  loop: \"{{ (item[\u0027rule\u0027][\u0027dport\u0027] is iterable) | ternary(item[\u0027rule\u0027][\u0027dport\u0027], [item[\u0027rule\u0027][\u0027dport\u0027]]) }}\""},{"line_number":32,"context_line":"  loop_control:"},{"line_number":33,"context_line":"    loop_var: port"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_e1a824da","line":30,"range":{"start_line":30,"start_character":0,"end_line":30,"end_character":19},"updated":"2019-08-13 11:38:04.000000000","message":"is it idempotent? will it fail if there is no such rule?","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"75eab83cea56df7f3c137db0ade0c13daf73b081","unresolved":false,"context_lines":[{"line_number":27,"context_line":"    jump: \"{{ item[\u0027rule\u0027][\u0027jump\u0027] | default(\u0027ACCEPT\u0027) }}\""},{"line_number":28,"context_line":"    ctstate: \"{{ item[\u0027rule\u0027][\u0027ctstate\u0027] | default(\u0027NEW\u0027) }}\""},{"line_number":29,"context_line":"    ip_version: ipv4"},{"line_number":30,"context_line":"    state: \"absent\""},{"line_number":31,"context_line":"  loop: \"{{ (item[\u0027rule\u0027][\u0027dport\u0027] is iterable) | ternary(item[\u0027rule\u0027][\u0027dport\u0027], [item[\u0027rule\u0027][\u0027dport\u0027]]) }}\""},{"line_number":32,"context_line":"  loop_control:"},{"line_number":33,"context_line":"    loop_var: port"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_b938243b","line":30,"range":{"start_line":30,"start_character":0,"end_line":30,"end_character":19},"in_reply_to":"7faddb67_e1a824da","updated":"2019-08-13 14:41:25.000000000","message":"This is idempotent. That said, I am removing this task, combining it using a state map in a subsequent review: https://review.opendev.org/#/c/676003/2/tripleo_ansible/roles/tripleo-firewall/tasks/tripleo_firewall_add.yml","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"dfbba598fbbbbfac6b260c789e79e19a8ccbd7f5","unresolved":false,"context_lines":[{"line_number":51,"context_line":"  loop_control:"},{"line_number":52,"context_line":"    loop_var: port"},{"line_number":53,"context_line":"  notify:"},{"line_number":54,"context_line":"    - Save firewall rules"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_21a71c0e","line":54,"range":{"start_line":54,"start_character":6,"end_line":54,"end_character":25},"updated":"2019-08-13 11:38:04.000000000","message":"Save firewall rules ipv6","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"75eab83cea56df7f3c137db0ade0c13daf73b081","unresolved":false,"context_lines":[{"line_number":51,"context_line":"  loop_control:"},{"line_number":52,"context_line":"    loop_var: port"},{"line_number":53,"context_line":"  notify:"},{"line_number":54,"context_line":"    - Save firewall rules"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_d95ac081","line":54,"range":{"start_line":54,"start_character":6,"end_line":54,"end_character":25},"in_reply_to":"7faddb67_21a71c0e","updated":"2019-08-13 14:41:25.000000000","message":"Its using a notify, that will save all rules. This has also been iterated on in this review https://review.opendev.org/#/c/676003/2/tripleo_ansible/roles/tripleo-firewall/handlers/main.yml","commit_id":"b5600f60752825fc484b44b2edba713d03068f9b"}]}