ceph-mgr: Open port 9283

author Zack Cerza <zack@redhat.com>

Tue, 7 Aug 2018 18:32:59 +0000 (11:32 -0700)

committer Zack Cerza <zack@redhat.com>

Wed, 8 Aug 2018 21:20:13 +0000 (14:20 -0700)
author Zack Cerza <zack@redhat.com>
Tue, 7 Aug 2018 18:32:59 +0000 (11:32 -0700)
committer Zack Cerza <zack@redhat.com>
Wed, 8 Aug 2018 21:20:13 +0000 (14:20 -0700)
diff --git a/ansible/roles/ceph-mgr/tasks/configure_firewall.yml b/ansible/roles/ceph-mgr/tasks/configure_firewall.yml

new file mode 100644 (file)

index 0000000..40905b8
--- /dev/null
+++ b/ansible/roles/ceph-mgr/tasks/configure_firewall.yml
@@ -0,0 +1,19 @@
+---
+- name: Check firewalld status
+  shell: "systemctl show firewalld | grep UnitFileState"
+  register: firewalld_status
+  failed_when: false
+  changed_when: false
+  tags:
+    - skip_ansible_lint
+
+- name: Open port for the mgr prometheus module
+  firewalld:
+    port: "{{ item }}"
+    zone: "{{ firewalld_zone }}"
+    state: enabled
+    immediate: true
+    permanent: true
+  with_items:
+    - 9283/tcp
+  when: "'enabled' in firewalld_status.stdout"
diff --git a/ansible/roles/ceph-mgr/tasks/main.yml b/ansible/roles/ceph-mgr/tasks/main.yml

index 0a3617f430fadc9a88efabeaecad7fb45ef19b11..e19fe7c23aa4e662983cb237fc6d83e007339027 100644 (file)
--- a/ansible/roles/ceph-mgr/tasks/main.yml
+++ b/ansible/roles/ceph-mgr/tasks/main.yml
@@ -7,6 +7,10 @@
    meta: end_play
    when: backend.metrics != 'mgr' or backend.storage != 'prometheus'
  
+- import_tasks: configure_firewall.yml
+  tags:
+    - firewall
+
  - name: Check to see if the mgr is containerized
    command: "docker inspect {{ item }}"
    with_items:
author	Zack Cerza <zack@redhat.com>
	Tue, 7 Aug 2018 18:32:59 +0000 (11:32 -0700)
committer	Zack Cerza <zack@redhat.com>
	Wed, 8 Aug 2018 21:20:13 +0000 (14:20 -0700)
ansible/roles/ceph-mgr/tasks/configure_firewall.yml	[new file with mode: 0644]	patch \| blob
ansible/roles/ceph-mgr/tasks/main.yml		patch \| blob \| history