From 17dd4a6b67e4c28c7cdbb1350906211f3d951721 Mon Sep 17 00:00:00 2001
From: Zack Cerza <zack@redhat.com>
Date: Wed, 8 Aug 2018 14:19:07 -0700
Subject: [PATCH] ceph-prometheus: Open port 9090

https://github.com/ceph/cephmetrics/issues/214

Signed-off-by: Zack Cerza <zack@redhat.com>
---
 .../tasks/configure_firewall.yml              | 19 +++++++++++++++++++
 ansible/roles/ceph-prometheus/tasks/main.yml  |  4 ++++
 2 files changed, 23 insertions(+)
 create mode 100644 ansible/roles/ceph-prometheus/tasks/configure_firewall.yml

diff --git a/ansible/roles/ceph-prometheus/tasks/configure_firewall.yml b/ansible/roles/ceph-prometheus/tasks/configure_firewall.yml
new file mode 100644
index 0000000..fb4ad61
--- /dev/null
+++ b/ansible/roles/ceph-prometheus/tasks/configure_firewall.yml
@@ -0,0 +1,19 @@
+---
+- name: Check firewalld status
+  shell: "systemctl show firewalld | grep UnitFileState"
+  register: firewalld_status
+  failed_when: false
+  changed_when: false
+  tags:
+    - skip_ansible_lint
+
+- name: Open port for prometheus
+  firewalld:
+    port: "{{ item }}"
+    zone: "{{ firewalld_zone }}"
+    state: enabled
+    immediate: true
+    permanent: true
+  with_items:
+    - 9090/tcp
+  when: "'enabled' in firewalld_status.stdout"
diff --git a/ansible/roles/ceph-prometheus/tasks/main.yml b/ansible/roles/ceph-prometheus/tasks/main.yml
index 6c58e61..7079c37 100644
--- a/ansible/roles/ceph-prometheus/tasks/main.yml
+++ b/ansible/roles/ceph-prometheus/tasks/main.yml
@@ -7,6 +7,10 @@
   meta: end_play
   when: backend.metrics != 'mgr' or backend.storage != 'prometheus'
 
+- import_tasks: configure_firewall.yml
+  tags:
+    - firewall
+
 - name: Create prometheus data directory
   file:
     path: "{{ prometheus.data_dir }}"
-- 
2.47.3