#mds_group_name: mdss
#restapi_group_name: restapis
+# If check_firewall is true, then ansible will try to determine if the
+# Ceph ports are blocked by a firewall. If the machine running ansible
+# cannot reach the Ceph ports for some other reason, you may need or
+# want to set this to False to skip those checks.
+#check_firewall: True
+
# This variable determines if ceph packages can be updated. If False, the
# package resources will use "state=present". If True, they will use
# "state=latest".
mds_group_name: mdss\r
restapi_group_name: restapis\r
\r
-# This variable determines if ceph packages can be updated. If False, the
-# package resources will use "state=present". If True, they will use
-# "state=latest".
-upgrade_ceph_packages: False
-
+# If check_firewall is true, then ansible will try to determine if the\r
+# Ceph ports are blocked by a firewall. If the machine running ansible\r
+# cannot reach the Ceph ports for some other reason, you may need or\r
+# want to set this to False to skip those checks.\r
+check_firewall: True\r
+\r
+# This variable determines if ceph packages can be updated. If False, the\r
+# package resources will use "state=present". If True, they will use\r
+# "state=latest".\r
+upgrade_ceph_packages: False\r
+\r
# /!\ EITHER ACTIVE ceph_stable OR ceph_stable_ice OR ceph_dev /!\\r
\r
debian_package_dependencies:\r
# ENTERPRISE VERSION ICE (old, prior to the 1.3)\r
ceph_stable_ice: false # use Inktank Ceph Enterprise\r
#ceph_stable_ice_url: https://download.inktank.com/enterprise\r
-# these two variables are used in `with_items` and starting
-# with ansible 2.0 these need to be defined even if the tasks's
-# `when` clause doesn't evaluate to true
-ceph_stable_ice_temp_path: /opt/ICE/ceph-repo/
-ceph_stable_ice_kmod: 3.10-0.1.20140702gitdc9ac62.el7.x86_64
+# these two variables are used in `with_items` and starting\r
+# with ansible 2.0 these need to be defined even if the tasks's\r
+# `when` clause doesn't evaluate to true\r
+ceph_stable_ice_temp_path: /opt/ICE/ceph-repo/\r
+ceph_stable_ice_kmod: 3.10-0.1.20140702gitdc9ac62.el7.x86_64\r
#ceph_stable_ice_distro: rhel7 # Please check the download website for the supported versions.\r
#ceph_stable_ice_version: 1.2.2\r
#ceph_stable_ice_kmod_version: 1.2\r
changed_when: false
failed_when: false
register: nmapexist
+ when: check_firewall
- name: inform that nmap is not present
debug:
msg: "nmap is not installed, can not test if ceph ports are allowed :("
- when: nmapexist.rc != 0
+ when:
+ check_firewall and
+ nmapexist.rc != 0
- name: check if monitor port is not filtered
- local_action: shell nmap -p 6789 {{ item }} {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] }} | grep -sqo filtered
+ local_action: shell set -o pipefail && nmap -p 6789 {{ item }} {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] }} | grep -sqo filtered
changed_when: false
failed_when: false
with_items: groups.{{ mon_group_name }}
register: monportstate
when:
+ check_firewall and
mon_group_name in group_names and
nmapexist.rc == 0
msg: "Please allow port 6789 on your firewall"
with_items: monportstate.results
when:
+ check_firewall and
item.rc == 0 and
mon_group_name is defined and
mon_group_name in group_names and
nmapexist.rc == 0
- name: check if osd and mds range is not filtered
- local_action: shell nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
+ local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
changed_when: false
failed_when: false
with_items: groups.{{ osd_group_name }}
register: osdrangestate
when:
+ check_firewall and
osd_group_name in group_names and
nmapexist.rc == 0
msg: "Please allow range from 6800 to 7300 on your firewall"
with_items: osdrangestate.results
when:
+ check_firewall and
item.rc == 0 and
osd_group_name is defined and
osd_group_name in group_names and
nmapexist.rc == 0
- name: check if osd and mds range is not filtered
- local_action: shell nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
+ local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
changed_when: false
failed_when: false
with_items: groups.{{ mds_group_name }}
register: mdsrangestate
when:
+ check_firewall and
mds_group_name in group_names and
nmapexist.rc == 0
msg: "Please allow range from 6800 to 7300 on your firewall"
with_items: mdsrangestate.results
when:
+ check_firewall and
item.rc == 0 and
mds_group_name is defined and
mds_group_name in group_names and
nmapexist.rc == 0
- name: check if rados gateway port is not filtered
- local_action: shell nmap -p {{ radosgw_civetweb_port }} {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
+ local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
changed_when: false
failed_when: false
with_items: groups.rgws
register: rgwportstate
when:
+ check_firewall and
rgw_group_name in group_names and
nmapexist.rc == 0
msg: "Please allow port {{ radosgw_civetweb_port }} on your firewall"
with_items: rgwportstate.results
when:
+ check_firewall and
item.rc == 0 and
rgw_group_name is defined and
rgw_group_name in group_names and
projects / ceph-ansible.git / commitdiff