infra: fix a typo in filename

author Guillaume Abrioux <gabrioux@redhat.com>

Wed, 10 Oct 2018 16:30:26 +0000 (12:30 -0400)

committer Sébastien Han <seb@redhat.com>

Wed, 10 Oct 2018 16:39:04 +0000 (12:39 -0400)
author Guillaume Abrioux <gabrioux@redhat.com>
Wed, 10 Oct 2018 16:30:26 +0000 (12:30 -0400)
committer Sébastien Han <seb@redhat.com>
Wed, 10 Oct 2018 16:39:04 +0000 (12:39 -0400)
diff --git a/roles/ceph-infra/tasks/configure_firewall.yml b/roles/ceph-infra/tasks/configure_firewall.yml

new file mode 100644 (file)

index 0000000..c0e41d8
--- /dev/null
+++ b/roles/ceph-infra/tasks/configure_firewall.yml
@@ -0,0 +1,189 @@
+---
+- name: check firewalld installation on redhat or suse
+  command: rpm -q firewalld
+  args:
+    warn: no
+  register: firewalld_pkg_query
+  ignore_errors: true
+  check_mode: no
+  changed_when: false
+  tags:
+    - firewall
+  when:
+    - not containerized_deployment
+
+- name: start firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+  when:
+    - not firewalld_pkg_query.skipped
+    - firewalld_pkg_query.rc == 0
+      or is_atomic
+
+- name: open monitor ports
+  firewalld:
+    service: ceph-mon
+    zone: "{{ ceph_mon_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  notify: restart firewalld
+  when:
+    - mon_group_name is defined
+    - mon_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- name: open manager ports
+  firewalld:
+    service: ceph
+    zone: "{{ ceph_mgr_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  notify: restart firewalld
+  when:
+    - ceph_release_num[ceph_release] >= ceph_release_num.luminous
+    - mgr_group_name is defined
+    - mgr_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- name: open osd ports
+  firewalld:
+    service: ceph
+    zone: "{{ ceph_osd_firewall_zone }}"
+    source: "{{ item }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  with_items:
+    - "{{ public_network }}"
+    - "{{ cluster_network }}"
+  notify: restart firewalld
+  when:
+    - osd_group_name is defined
+    - osd_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- name: open rgw ports
+  firewalld:
+    port: "{{ radosgw_frontend_port }}/tcp"
+    zone: "{{ ceph_rgw_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  notify: restart firewalld
+  when:
+    - rgw_group_name is defined
+    - rgw_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- name: open mds ports
+  firewalld:
+    service: ceph
+    zone: "{{ ceph_mds_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  notify: restart firewalld
+  when:
+    - mds_group_name is defined
+    - mds_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- name: open nfs ports
+  firewalld:
+    service: nfs
+    zone: "{{ ceph_nfs_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  notify: restart firewalld
+  when:
+    - nfs_group_name is defined
+    - nfs_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- name: open nfs ports (portmapper)
+  firewalld:
+    port: "111/tcp"
+    zone: "{{ ceph_nfs_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  notify: restart firewalld
+  when:
+    - nfs_group_name is defined
+    - nfs_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- name: open restapi ports
+  firewalld:
+    port: "{{ restapi_port }}/tcp"
+    zone: "{{ ceph_restapi_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  notify: restart firewalld
+  when:
+    - restapi_group_name is defined
+    - restapi_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- name: open rbdmirror ports
+  firewalld:
+    service: ceph
+    zone: "{{ ceph_rbdmirror_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  notify: restart firewalld
+  when:
+    - rbdmirror_group_name is defined
+    - rbdmirror_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- name: open iscsi ports
+  firewalld:
+    port: "5001/tcp"
+    zone: "{{ ceph_iscsi_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: false # if true then fails in case firewalld is stopped
+    state: enabled
+  notify: restart firewalld
+  when:
+    - iscsi_group_name is defined
+    - iscsi_group_name in group_names
+    - firewalld_pkg_query.rc == 0
+  tags:
+    - firewall
+
+- meta: flush_handlers
diff --git a/roles/ceph-infra/tasks/configure_firewallyml b/roles/ceph-infra/tasks/configure_firewallyml

deleted file mode 100644 (file)

index c0e41d8..0000000
--- a/roles/ceph-infra/tasks/configure_firewallyml
+++ /dev/null
@@ -1,189 +0,0 @@
----
-- name: check firewalld installation on redhat or suse
-  command: rpm -q firewalld
-  args:
-    warn: no
-  register: firewalld_pkg_query
-  ignore_errors: true
-  check_mode: no
-  changed_when: false
-  tags:
-    - firewall
-  when:
-    - not containerized_deployment
-
-- name: start firewalld
-  service:
-    name: firewalld
-    state: started
-    enabled: yes
-  when:
-    - not firewalld_pkg_query.skipped
-    - firewalld_pkg_query.rc == 0
-      or is_atomic
-
-- name: open monitor ports
-  firewalld:
-    service: ceph-mon
-    zone: "{{ ceph_mon_firewall_zone }}"
-    source: "{{ public_network }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  notify: restart firewalld
-  when:
-    - mon_group_name is defined
-    - mon_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- name: open manager ports
-  firewalld:
-    service: ceph
-    zone: "{{ ceph_mgr_firewall_zone }}"
-    source: "{{ public_network }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  notify: restart firewalld
-  when:
-    - ceph_release_num[ceph_release] >= ceph_release_num.luminous
-    - mgr_group_name is defined
-    - mgr_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- name: open osd ports
-  firewalld:
-    service: ceph
-    zone: "{{ ceph_osd_firewall_zone }}"
-    source: "{{ item }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  with_items:
-    - "{{ public_network }}"
-    - "{{ cluster_network }}"
-  notify: restart firewalld
-  when:
-    - osd_group_name is defined
-    - osd_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- name: open rgw ports
-  firewalld:
-    port: "{{ radosgw_frontend_port }}/tcp"
-    zone: "{{ ceph_rgw_firewall_zone }}"
-    source: "{{ public_network }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  notify: restart firewalld
-  when:
-    - rgw_group_name is defined
-    - rgw_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- name: open mds ports
-  firewalld:
-    service: ceph
-    zone: "{{ ceph_mds_firewall_zone }}"
-    source: "{{ public_network }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  notify: restart firewalld
-  when:
-    - mds_group_name is defined
-    - mds_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- name: open nfs ports
-  firewalld:
-    service: nfs
-    zone: "{{ ceph_nfs_firewall_zone }}"
-    source: "{{ public_network }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  notify: restart firewalld
-  when:
-    - nfs_group_name is defined
-    - nfs_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- name: open nfs ports (portmapper)
-  firewalld:
-    port: "111/tcp"
-    zone: "{{ ceph_nfs_firewall_zone }}"
-    source: "{{ public_network }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  notify: restart firewalld
-  when:
-    - nfs_group_name is defined
-    - nfs_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- name: open restapi ports
-  firewalld:
-    port: "{{ restapi_port }}/tcp"
-    zone: "{{ ceph_restapi_firewall_zone }}"
-    source: "{{ public_network }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  notify: restart firewalld
-  when:
-    - restapi_group_name is defined
-    - restapi_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- name: open rbdmirror ports
-  firewalld:
-    service: ceph
-    zone: "{{ ceph_rbdmirror_firewall_zone }}"
-    source: "{{ public_network }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  notify: restart firewalld
-  when:
-    - rbdmirror_group_name is defined
-    - rbdmirror_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- name: open iscsi ports
-  firewalld:
-    port: "5001/tcp"
-    zone: "{{ ceph_iscsi_firewall_zone }}"
-    source: "{{ public_network }}"
-    permanent: true
-    immediate: false # if true then fails in case firewalld is stopped
-    state: enabled
-  notify: restart firewalld
-  when:
-    - iscsi_group_name is defined
-    - iscsi_group_name in group_names
-    - firewalld_pkg_query.rc == 0
-  tags:
-    - firewall
-
-- meta: flush_handlers
author	Guillaume Abrioux <gabrioux@redhat.com>
	Wed, 10 Oct 2018 16:30:26 +0000 (12:30 -0400)
committer	Sébastien Han <seb@redhat.com>
	Wed, 10 Oct 2018 16:39:04 +0000 (12:39 -0400)
roles/ceph-infra/tasks/configure_firewall.yml	[new file with mode: 0644]	patch \| blob
roles/ceph-infra/tasks/configure_firewallyml	[deleted file]	patch \| blob \| history