Check for neutron rules before flushing

Author: jovial

etc/kayobe/ansible/fixes/flush-iptables-legacy.yml

@@ -15,6 +15,18 @@
       ansible.builtin.meta: end_host
       when: "'kolla-neutron_openvswitch_agent-container.service' not in ansible_facts.services"
 
+    - name: Check if neutron legacy iptables rules exist
+      ansible.builtin.shell: |
+        set -euo pipefail
+        {{ container_engine }} exec -u root neutron_openvswitch_agent iptables-legacy-save | grep neutron
+      register: save_result
+      args:
+        executable: /bin/bash
+
+    - name: End play for hosts wheere legacy-iptables is not in use by neutron
+      ansible.builtin.meta: end_host
+      when: save_result.rc != 0
+
     - name: Flush iptables-legacy in neutron_openvswitch_agent container
       ansible.builtin.shell: |
         set -euo pipefail