From: Sébastien Han <seb@redhat.com>
Date: Fri, 26 Oct 2018 10:12:20 +0000 (+0200)
Subject: fw: update rules for mon/mgr collocation
X-Git-Tag: v4.0.0beta1~149
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=7ac73202f74ec508312a801723f7685d10036ff8;p=ceph-ansible.git

fw: update rules for mon/mgr collocation

Since we now deploy mgr on mon we need to open fw rules so the mgr can
reach out to the osds.

Signed-off-by: Sébastien Han <seb@redhat.com>
---

diff --git a/roles/ceph-infra/tasks/configure_firewall.yml b/roles/ceph-infra/tasks/configure_firewall.yml
index 1ed23dd85..2e4676a58 100644
--- a/roles/ceph-infra/tasks/configure_firewall.yml
+++ b/roles/ceph-infra/tasks/configure_firewall.yml
@@ -21,15 +21,18 @@
     - firewalld_pkg_query.get('rc', 1) == 0
       or is_atomic
 
-- name: open monitor ports
+- name: open monitor and manager ports
   firewalld:
-    service: ceph-mon
-    zone: "{{ ceph_mon_firewall_zone }}"
+    service: "{{ item.service }}"
+    zone: "{{ item.zone }}"
     source: "{{ public_network }}"
     permanent: true
     immediate: true
     state: enabled
   notify: restart firewalld
+  with_items:
+    - { 'service': 'ceph-mon', 'zone': "{{ ceph_mon_firewall_zone }}" }
+    - { 'service': 'ceph', 'zone': "{{ ceph_mgr_firewall_zone }}" }
   when:
     - mon_group_name is defined
     - mon_group_name in group_names