From: Sébastien Han Date: Mon, 4 Jun 2018 02:40:14 +0000 (+0800) Subject: ceph-common: add firewall rules for ceph-mgr X-Git-Tag: v3.2.0beta1~58 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=db50aec13d1575db0ab7df3a802353a508c55f3f;p=ceph-ansible.git ceph-common: add firewall rules for ceph-mgr Prior to this commit the firewall tasks were not opening the ceph-mgr ports. This would lead to unclean configuration since the ceph-mgr daemons can not connect to the OSDs. Thi commit opens the right ports on the ceph-mgr nodes to talk with the OSDs. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1526400 Signed-off-by: Sébastien Han --- diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample index f80452dd0..754ffd194 100644 --- a/group_vars/all.yml.sample +++ b/group_vars/all.yml.sample @@ -63,6 +63,7 @@ dummy: # Open ports on corresponding nodes if firewall is installed on it #ceph_mon_firewall_zone: public +#ceph_mgr_firewall_zone: public #ceph_osd_firewall_zone: public #ceph_rgw_firewall_zone: public #ceph_mds_firewall_zone: public diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample index 45b7e3ed1..10157571a 100644 --- a/group_vars/rhcs.yml.sample +++ b/group_vars/rhcs.yml.sample @@ -63,6 +63,7 @@ fetch_directory: ~/ceph-ansible-keys # Open ports on corresponding nodes if firewall is installed on it #ceph_mon_firewall_zone: public +#ceph_mgr_firewall_zone: public #ceph_osd_firewall_zone: public #ceph_rgw_firewall_zone: public #ceph_mds_firewall_zone: public diff --git a/roles/ceph-common/tasks/misc/configure_firewall_rpm.yml b/roles/ceph-common/tasks/misc/configure_firewall_rpm.yml index f6da3cb4f..b422a4763 100644 --- a/roles/ceph-common/tasks/misc/configure_firewall_rpm.yml +++ b/roles/ceph-common/tasks/misc/configure_firewall_rpm.yml @@ -25,6 +25,22 @@ tags: - firewall +- name: open manager ports + firewalld: + service: ceph + zone: "{{ ceph_mgr_firewall_zone }}" + permanent: true + immediate: false # if true then fails in case firewalld is stopped + state: enabled + notify: restart firewalld + when: + - ceph_release_num[ceph_release] >= ceph_release_num.luminous + - mgr_group_name is defined + - mgr_group_name in group_names + - firewalld_pkg_query.rc == 0 + tags: + - firewall + - name: open osd ports firewalld: service: ceph diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml index eb74c4964..4f0090910 100644 --- a/roles/ceph-defaults/defaults/main.yml +++ b/roles/ceph-defaults/defaults/main.yml @@ -55,6 +55,7 @@ check_firewall: False # Open ports on corresponding nodes if firewall is installed on it ceph_mon_firewall_zone: public +ceph_mgr_firewall_zone: public ceph_osd_firewall_zone: public ceph_rgw_firewall_zone: public ceph_mds_firewall_zone: public