From: Michaela Lang <milang@redhat.com>
Date: Tue, 24 Oct 2023 11:24:44 +0000 (+0200)
Subject: added check for `--skip-firewalld` to section on adding
X-Git-Tag: v19.0.0~128^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=fca3a61ce231f6498e961432b07692117cdd59ae;p=ceph.git

added check for `--skip-firewalld` to section on adding
 explicit Ports to firewalld

Signed-off-by: Michaela Lang <milang@redhat.com>
---

diff --git a/src/cephadm/cephadm.py b/src/cephadm/cephadm.py
index a64b0b49404d..d8a938c659ef 100755
--- a/src/cephadm/cephadm.py
+++ b/src/cephadm/cephadm.py
@@ -2976,10 +2976,11 @@ def deploy_daemon(
     update_firewalld(ctx, daemon_form_create(ctx, ident))
 
     # Open ports explicitly required for the daemon
-    if endpoints:
-        fw = Firewalld(ctx)
-        fw.open_ports([e.port for e in endpoints] + fw.external_ports.get(daemon_type, []))
-        fw.apply_rules()
+    if not ('skip_firewalld' in ctx and ctx.skip_firewalld):
+        if endpoints:
+            fw = Firewalld(ctx)
+            fw.open_ports([e.port for e in endpoints] + fw.external_ports.get(daemon_type, []))
+            fw.apply_rules()
 
     # If this was a reconfig and the daemon is not a Ceph daemon, restart it
     # so it can pick up potential changes to its configuration files