fw: update rules for mon/mgr collocation

Since we now deploy mgr on mon we need to open fw rules so the mgr can
reach out to the osds.

Signed-off-by: Sébastien Han <seb@redhat.com>

diff --git a/roles/ceph-infra/tasks/configure_firewall.yml b/roles/ceph-infra/tasks/configure_firewall.yml
index 1ed23dd85b5f0e66f4501bc26ad8d007bf89f46d..2e4676a5880f0a28482116ae56f8fedb623f6f8d 100644 (file)
--- a/roles/ceph-infra/tasks/configure_firewall.yml
+++ b/roles/ceph-infra/tasks/configure_firewall.yml
@@ -21,15 +21,18 @@
     - firewalld_pkg_query.get('rc', 1) == 0
       or is_atomic
 
-- name: open monitor ports
+- name: open monitor and manager ports
   firewalld:
-    service: ceph-mon
-    zone: "{{ ceph_mon_firewall_zone }}"
+    service: "{{ item.service }}"
+    zone: "{{ item.zone }}"
     source: "{{ public_network }}"
     permanent: true
     immediate: true
     state: enabled
   notify: restart firewalld
+  with_items:
+    - { 'service': 'ceph-mon', 'zone': "{{ ceph_mon_firewall_zone }}" }
+    - { 'service': 'ceph', 'zone': "{{ ceph_mgr_firewall_zone }}" }
   when:
     - mon_group_name is defined
     - mon_group_name in group_names