Fix nftables Salt state for oneshot service type #7

New issue

Closed

opened 2026-03-01 02:29:57 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented 2026-03-01 02:29:57 +00:00

Owner

Copy link

Plan

plan-2026-02-26-salt-host-management — Phase 3 bug fix

Repo

pal-e-platform — Forgejo (private)

User Story

As a platform operator
I need the firewall Salt state to run without false failures
So that highstate output is trustworthy

Acceptance Criteria

When I run salt-call state.apply firewall
Then all states succeed (0 failures)
And nftables rules are loaded
And the service is enabled for boot

Additional Information

nftables is Type=oneshot — it loads rules and exits. service.running reports false failure because the service is "dead" after loading. Fix: use service.enabled + cmd.wait to reload on config change.

See bug-nftables-service-running-oneshot in pal-e-docs.

Checklist

• PR opened
• 0 failures on salt-call state.apply firewall

Related

• bug-nftables-service-running-oneshot in pal-e-docs
• PR #6 introduced this

### Plan `plan-2026-02-26-salt-host-management` — Phase 3 bug fix ### Repo `pal-e-platform` — Forgejo (private) ### User Story As a platform operator I need the firewall Salt state to run without false failures So that highstate output is trustworthy ### Acceptance Criteria When I run `salt-call state.apply firewall` Then all states succeed (0 failures) And nftables rules are loaded And the service is enabled for boot ### Additional Information nftables is `Type=oneshot` — it loads rules and exits. `service.running` reports false failure because the service is "dead" after loading. Fix: use `service.enabled` + `cmd.wait` to reload on config change. See `bug-nftables-service-running-oneshot` in pal-e-docs. ### Checklist - [ ] PR opened - [ ] 0 failures on `salt-call state.apply firewall` ### Related - `bug-nftables-service-running-oneshot` in pal-e-docs - PR #6 introduced this

forgejo_admin referenced this issue from a commit 2026-03-01 02:30:43 +00:00

Fix nftables Salt state for Type=oneshot service

forgejo_admin closed this issue 2026-03-03 04:15:40 +00:00

forgejo_admin referenced this issue 2026-03-15 03:35:24 +00:00

Phase 8a: Platform namespace NetworkPolicies in Terraform #76

forgejo_admin referenced this issue 2026-03-28 05:48:30 +00:00

Cross-repo worktree isolation for parallel agents #188

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

3-westside-ai-assistant-netpol

188-cross-repo-worktree-isolation-for-parall

111-fix-keycloak-probe

86-fix-rotate-woodpecker-api-token-in-salt

71-feat-deploy-pyrra-slo-manager-with-servi

64-hotfix-woodpecker-oauth-login-broken-for

18-fix-grafana-duplicate-default-datasource-v2

18-fix-grafana-duplicate-default-datasource

13-fix-cnpg-all-parameters

No results found.

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

  

status:approved

QA passed, awaiting merge approval

  

status:in-progress

Dev agent is actively working

  

status:needs-fix

QA found issues, back to dev

  

status:qa

PR submitted, awaiting QA review

  

type:bug

Bug fix

  

type:devops

Infrastructure/CI/config work

  

type:feature

New functionality

No labels

domain:backend

domain:devops

domain:frontend

status:approved

status:in-progress

status:needs-fix

status:qa

type:bug

type:devops

type:feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/pal-e-platform#7

No description provided.