[BUG] - AzureLinux has invalid `/etc/sysconfig/nftables.conf` file which result in failed systemd unit `nftables.service`

[grzesuav]

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

1. Exec into the node
2. systemctl status nftables.service - it will be in failed state
3. on systemctl restart nftables.service you will see

   root [ / ]# journalctl -u nftables.service
   Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J systemd[1]: Starting Netfilter Tables...
   Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J nft[3510903]: /etc/sysconfig/nftables.conf:8:1-1: Error: syntax error, unexpected junk
   Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J nft[3510903]: # start by calling: 'nft list ruleset >/etc/sysconfig/nftables.conf'.
   Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J nft[3510903]: ^
   Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J systemd[1]: nftables.service: Main process exited, code=exited, status=1/FAILURE
   Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J systemd[1]: nftables.service: Failed with result 'exit-code'.
   Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J systemd[1]: Failed to start Netfilter Tables.
   root [ / ]#

4. Looking at problematic file

   root [ / ]# cat -A /etc/sysconfig/nftables.conf
   # Uncomment the include statement here to load the default config sample$
   # in /etc/nftables for nftables service.$
   $
   #include "/etc/nftables/main.nft"$
   $
   # To customize, either edit the samples in /etc/nftables, append further$
   # commands to the end of this file or overwrite it after first service$
   # start by calling: 'nft list ruleset >/etc/sysconfig/nftables.conf'.root [ / ]#

   seems like there is no newline at the end of the file which is main reason for the problem

Expected behavior It works our of the box Screenshots If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

• Kubernetes version [e.g. 1.27.3]
• AzureLinux Linux aks-xxxx 5.15.145.2-1.cm2 #1 SMP Wed Jan 17 15:39:07 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Additional context To fix the issue, you need to clear out the content of the file, i.e. by running the command as in nftables.service unit - nft list ruleset >/etc/sysconfig/nftables.conf

which clears out the content of the file.

After this, when service is restarted with systemctl, is is green

[grzesuav]

Small notice, when running nft list ruleset >/etc/sysconfig/nftables.conf it complains that operations is not permitted, but it clears out the content anyway:

and after restart it works:

[grzesuav]

actually found https://github.com/microsoft/azurelinux/issues/7301

[suhuruli]

Thanks for the tag Aritra and @grzesuav for tagging the corresponding fix for this. This should get pushed out with an upcoming update.