]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ansible.git/commit
projects / ceph-ansible.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 63d7824) | patch
Improve firewall checks 558/head
authorChris St. Pierre <chris.a.st.pierre@gmail.com>
Tue, 23 Feb 2016 16:27:55 +0000 (10:27 -0600)
committerChris St. Pierre <chris.a.st.pierre@gmail.com>
Tue, 23 Feb 2016 17:38:25 +0000 (11:38 -0600)
commit53af359c658d1841e06673c6e459988dbeef7441
tree32a311c7689ae510997b4301c89e58c79e20e6aatree | snapshot
parent63d7824c9c1eec4e15c210c08fa89cba9c881e5dcommit | diff
Improve firewall checks

The firewall checks can fail for any number of reasons -- e.g., the
ceph cluster hostnames are unresolvable from the ansible host, or the
ports are filtered by some intermediate hop, etc. Make two changes to
make those checks better:

* Set pipefail when running the checks, so if nmap itself fails the
  command will be marked as 'failed'. Specifically, this fixes the
  case where the hostnames cannot be resolved.
* Add a new variable, check_firewall, which can be used to disable
  checks entirely. Specifically, this fixes the case where some
  intermediate firewall filters the ports, so nmap returns "filtered".
group_vars/all.sample diff | blob | history
roles/ceph-common/defaults/main.yml diff | blob | history
roles/ceph-common/tasks/checks/check_firewall.yml diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.