From: Guillaume Abrioux Date: Wed, 10 Oct 2018 16:30:26 +0000 (-0400) Subject: infra: fix a typo in filename X-Git-Tag: v3.2.0beta4 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=678e1553285124c8c30e97f746613d5587701acc;p=ceph-ansible.git infra: fix a typo in filename configure_firewall is missing its dot. Signed-off-by: Guillaume Abrioux --- diff --git a/roles/ceph-infra/tasks/configure_firewall.yml b/roles/ceph-infra/tasks/configure_firewall.yml new file mode 100644 index 000000000..c0e41d823 --- /dev/null +++ b/roles/ceph-infra/tasks/configure_firewall.yml @@ -0,0 +1,189 @@ +--- +- name: check firewalld installation on redhat or suse + command: rpm -q firewalld + args: + warn: no + register: firewalld_pkg_query + ignore_errors: true + check_mode: no + changed_when: false + tags: + - firewall + when: + - not containerized_deployment + +- name: start firewalld + service: + name: firewalld + state: started + enabled: yes + when: + - not firewalld_pkg_query.skipped + - firewalld_pkg_query.rc == 0 + or is_atomic + +- name: open monitor ports + firewalld: + service: ceph-mon + zone: "{{ ceph_mon_firewall_zone }}" + source: "{{ public_network }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - mon_group_name is defined + - mon_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- name: open manager ports + firewalld: + service: ceph + zone: "{{ ceph_mgr_firewall_zone }}" + source: "{{ public_network }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - ceph_release_num[ceph_release] >= ceph_release_num.luminous + - mgr_group_name is defined + - mgr_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- name: open osd ports + firewalld: + service: ceph + zone: "{{ ceph_osd_firewall_zone }}" + source: "{{ item }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + with_items: + - "{{ public_network }}" + - "{{ cluster_network }}" + notify: restart firewalld + when: + - osd_group_name is defined + - osd_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- name: open rgw ports + firewalld: + port: "{{ radosgw_frontend_port }}/tcp" + zone: "{{ ceph_rgw_firewall_zone }}" + source: "{{ public_network }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - rgw_group_name is defined + - rgw_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- name: open mds ports + firewalld: + service: ceph + zone: "{{ ceph_mds_firewall_zone }}" + source: "{{ public_network }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - mds_group_name is defined + - mds_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- name: open nfs ports + firewalld: + service: nfs + zone: "{{ ceph_nfs_firewall_zone }}" + source: "{{ public_network }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - nfs_group_name is defined + - nfs_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- name: open nfs ports (portmapper) + firewalld: + port: "111/tcp" + zone: "{{ ceph_nfs_firewall_zone }}" + source: "{{ public_network }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - nfs_group_name is defined + - nfs_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- name: open restapi ports + firewalld: + port: "{{ restapi_port }}/tcp" + zone: "{{ ceph_restapi_firewall_zone }}" + source: "{{ public_network }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - restapi_group_name is defined + - restapi_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- name: open rbdmirror ports + firewalld: + service: ceph + zone: "{{ ceph_rbdmirror_firewall_zone }}" + source: "{{ public_network }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - rbdmirror_group_name is defined + - rbdmirror_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- name: open iscsi ports + firewalld: + port: "5001/tcp" + zone: "{{ ceph_iscsi_firewall_zone }}" + source: "{{ public_network }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - iscsi_group_name is defined + - iscsi_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + +- meta: flush_handlers diff --git a/roles/ceph-infra/tasks/configure_firewallyml b/roles/ceph-infra/tasks/configure_firewallyml deleted file mode 100644 index c0e41d823..000000000 --- a/roles/ceph-infra/tasks/configure_firewallyml +++ /dev/null @@ -1,189 +0,0 @@ ---- -- name: check firewalld installation on redhat or suse - command: rpm -q firewalld - args: - warn: no - register: firewalld_pkg_query - ignore_errors: true - check_mode: no - changed_when: false - tags: - - firewall - when: - - not containerized_deployment - -- name: start firewalld - service: - name: firewalld - state: started - enabled: yes - when: - - not firewalld_pkg_query.skipped - - firewalld_pkg_query.rc == 0 - or is_atomic - -- name: open monitor ports - firewalld: - service: ceph-mon - zone: "{{ ceph_mon_firewall_zone }}" - source: "{{ public_network }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - notify: restart firewalld - when: - - mon_group_name is defined - - mon_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- name: open manager ports - firewalld: - service: ceph - zone: "{{ ceph_mgr_firewall_zone }}" - source: "{{ public_network }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - notify: restart firewalld - when: - - ceph_release_num[ceph_release] >= ceph_release_num.luminous - - mgr_group_name is defined - - mgr_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- name: open osd ports - firewalld: - service: ceph - zone: "{{ ceph_osd_firewall_zone }}" - source: "{{ item }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - with_items: - - "{{ public_network }}" - - "{{ cluster_network }}" - notify: restart firewalld - when: - - osd_group_name is defined - - osd_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- name: open rgw ports - firewalld: - port: "{{ radosgw_frontend_port }}/tcp" - zone: "{{ ceph_rgw_firewall_zone }}" - source: "{{ public_network }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - notify: restart firewalld - when: - - rgw_group_name is defined - - rgw_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- name: open mds ports - firewalld: - service: ceph - zone: "{{ ceph_mds_firewall_zone }}" - source: "{{ public_network }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - notify: restart firewalld - when: - - mds_group_name is defined - - mds_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- name: open nfs ports - firewalld: - service: nfs - zone: "{{ ceph_nfs_firewall_zone }}" - source: "{{ public_network }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - notify: restart firewalld - when: - - nfs_group_name is defined - - nfs_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- name: open nfs ports (portmapper) - firewalld: - port: "111/tcp" - zone: "{{ ceph_nfs_firewall_zone }}" - source: "{{ public_network }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - notify: restart firewalld - when: - - nfs_group_name is defined - - nfs_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- name: open restapi ports - firewalld: - port: "{{ restapi_port }}/tcp" - zone: "{{ ceph_restapi_firewall_zone }}" - source: "{{ public_network }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - notify: restart firewalld - when: - - restapi_group_name is defined - - restapi_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- name: open rbdmirror ports - firewalld: - service: ceph - zone: "{{ ceph_rbdmirror_firewall_zone }}" - source: "{{ public_network }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - notify: restart firewalld - when: - - rbdmirror_group_name is defined - - rbdmirror_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- name: open iscsi ports - firewalld: - port: "5001/tcp" - zone: "{{ ceph_iscsi_firewall_zone }}" - source: "{{ public_network }}" - permanent: true - immediate: false # if true then fails in case firewalld is stopped - state: enabled - notify: restart firewalld - when: - - iscsi_group_name is defined - - iscsi_group_name in group_names - - firewalld_pkg_query.rc == 0 - tags: - - firewall - -- meta: flush_handlers