# want to set this to False to skip those checks.
#check_firewall: False
+# Note: this task will only configure pre-installed firewall
+#configure_firewall: False
+#ceph_mon_firewall_zone: dmz
+#ceph_osd_firewall_zone: dmz
+#ceph_rgw_firewall_zone: dmz
############
# PACKAGES #
# want to set this to False to skip those checks.
#check_firewall: False
+# Note: this task will only configure pre-installed firewall
+#configure_firewall: False
+#ceph_mon_firewall_zone: dmz
+#ceph_osd_firewall_zone: dmz
+#ceph_rgw_firewall_zone: dmz
############
# PACKAGES #
--- /dev/null
+---
+- name: restart firewalld
+ service:
+ name: firewalld
+ state: restarted
+ enabled: yes
# Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
static: False
+- name: include misc/configure_firewall.yml
+ include: misc/configure_firewall.yml
+ when:
+ - configure_firewall
+ # Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
+ static: False
+
- name: include misc/system_tuning.yml
include: misc/system_tuning.yml
when:
--- /dev/null
+---
+- name: check firewalld installation on redhat
+ command: rpm -q firewalld
+ register: firewalld
+ ignore_errors: true
+ always_run: true
+ changed_when: false
+ when: ansible_os_family == 'RedHat'
+ tags:
+ - firewall
+
+- name: open monitor ports
+ firewalld:
+ service: ceph-mon
+ zone: "{{ ceph_mon_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - mon_group_name is defined
+ - mon_group_name in group_names
+ - firewalld.rc == 0
+ tags:
+ - firewall
+
+- name: open osd ports
+ firewalld:
+ service: ceph
+ zone: "{{ ceph_osd_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - osd_group_name is defined
+ - osd_group_name in group_names
+ - firewalld.rc == 0
+ tags:
+ - firewall
+
+- name: open rgw ports
+ firewalld:
+ port: "{{ radosgw_civetweb_port }}/tcp"
+ zone: "{{ ceph_rgw_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - rgw_group_name is defined
+ - rgw_group_name in group_names
+ - firewalld.rc == 0
+ tags:
+ - firewall
+
+- meta: flush_handlers
# want to set this to False to skip those checks.
check_firewall: False
+# Note: this task will only configure pre-installed firewall
+configure_firewall: False
+ceph_mon_firewall_zone: dmz
+ceph_osd_firewall_zone: dmz
+ceph_rgw_firewall_zone: dmz
############
# PACKAGES #
projects / ceph-ansible.git / commitdiff