pc.run()
deploy_daemon_units(fsid, uid, gid, daemon_type, daemon_id, c)
+ update_firewalld(daemon_type)
def deploy_daemon_units(fsid, uid, gid, daemon_type, daemon_id, c,
enable=True, start=True):
if start:
call_throws(['systemctl', 'start', unit_name])
+def update_firewalld(daemon_type):
+ if args.skip_firewalld:
+ return
+ cmd = find_executable('firewall-cmd')
+ if not cmd:
+ logger.debug('firewalld does not appear to be present')
+ return
+ (enabled, state) = check_unit('firewalld.service')
+ if not enabled:
+ logger.debug('firewalld.service is not enabled')
+ return
+
+ fw_services = []
+ fw_ports = []
+ if daemon_type == 'mon':
+ fw_services.append('ceph-mon')
+ elif daemon_type in ['mgr', 'mds', 'osd']:
+ fw_services.append('ceph')
+ if daemon_type == 'mgr':
+ fw_ports.append(8080) # dashboard
+ fw_ports.append(8443) # dashboard
+ fw_ports.append(9283) # prometheus
+
+ for svc in fw_services:
+ out, err, ret = call([cmd, '--permanent', '--query-service', svc])
+ if ret:
+ logger.info('Enabling firewalld service %s in current zone...' % svc)
+ out, err, ret = call([cmd, '--permanent', '--add-service', svc])
+ if ret:
+ raise RuntimeError('unable to add service %s to current zone:' %
+ (svc, err))
+ else:
+ logger.debug('firewalld service %s is enabled in current zone' % svc)
+ for port in fw_ports:
+ port = str(port) + '/tcp'
+ out, err, ret = call([cmd, '--permanent', '--query-port', port])
+ if ret:
+ logger.info('Enabling firewalld port %s in current zone...' % port)
+ out, err, ret = call([cmd, '--permanent', '--add-port', port])
+ if ret:
+ raise RuntimeError('unable to add port %s to current zone: %s' %
+ (port, err))
+ else:
+ logger.debug('firewalld port %s is enabled in current zone' % port)
+ call_throws([cmd, '--reload'])
+
def install_base_units(fsid):
# type: (str) -> None
"""
mon_c = get_container(fsid, 'mon', mon_id)
deploy_daemon_units(fsid, uid, gid, 'mon', mon_id, mon_c)
+ update_firewalld(daemon_type)
# client.admin key + config to issue various CLI commands
tmp_admin_keyring = tempfile.NamedTemporaryFile(mode='w')
deploy_daemon_units(fsid, uid, gid, daemon_type, daemon_id, c,
enable=True, # unconditionally enable the new unit
start=(state == 'running'))
+ update_firewalld(daemon_type)
+
else:
raise Error('adoption of style %s not implemented' % args.style)
'--legacy-dir',
default='/',
help='base directory for legacy daemon data')
+ parser_adopt.add_argument(
+ '--skip-firewalld',
+ action='store_true',
+ help='Do not configure firewalld')
parser_rm_daemon = subparsers.add_parser(
'rm-daemon', help='remove daemon instance')
'--skip-pull',
action='store_true',
help='do not pull the latest image before bootstrapping')
+ parser_bootstrap.add_argument(
+ '--skip-firewalld',
+ action='store_true',
+ help='Do not configure firewalld')
parser_bootstrap.add_argument(
'--allow-overwrite',
action='store_true',
parser_deploy.add_argument(
'--osd-fsid',
help='OSD uuid, if creating an OSD container')
+ parser_deploy.add_argument(
+ '--skip-firewalld',
+ action='store_true',
+ help='Do not configure firewalld')
return parser
projects / ceph.git / commitdiff