From: Michaela Lang <milang@redhat.com>
Date: Tue, 24 Oct 2023 11:24:44 +0000 (+0200)
Subject: added check for `--skip-firewalld` to section on adding
X-Git-Tag: v18.2.5~425^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=a1f4302e20110c1e8c7d38aad9bd19ef0f2397e1;p=ceph.git

added check for `--skip-firewalld` to section on adding
 explicit Ports to firewalld

Signed-off-by: Michaela Lang <milang@redhat.com>
---

diff --git a/src/cephadm/cephadm.py b/src/cephadm/cephadm.py
index c718106400f1..87f46a2b59ab 100755
--- a/src/cephadm/cephadm.py
+++ b/src/cephadm/cephadm.py
@@ -3976,10 +3976,11 @@ def deploy_daemon(ctx: CephadmContext, fsid: str, daemon_type: str,
     update_firewalld(ctx, daemon_type)
 
     # Open ports explicitly required for the daemon
-    if endpoints:
-        fw = Firewalld(ctx)
-        fw.open_ports([e.port for e in endpoints] + fw.external_ports.get(daemon_type, []))
-        fw.apply_rules()
+    if not ('skip_firewalld' in ctx and ctx.skip_firewalld):
+        if endpoints:
+            fw = Firewalld(ctx)
+            fw.open_ports([e.port for e in endpoints] + fw.external_ports.get(daemon_type, []))
+            fw.apply_rules()
 
     # If this was a reconfig and the daemon is not a Ceph daemon, restart it
     # so it can pick up potential changes to its configuration files