From 4deb546ffd67ac8f05d2788150764a26b5671b87 Mon Sep 17 00:00:00 2001
From: Redouane Kachach <rkachach@redhat.com>
Date: Tue, 26 Apr 2022 12:30:38 +0200
Subject: [PATCH] mgr/cephadm: adding logic to close ports when removing a
 daemon Fixes: https://tracker.ceph.com/issues/52906

Signed-off-by: Redouane Kachach <rkachach@redhat.com>
---
 src/cephadm/cephadm             | 15 +++++++++++++++
 src/pybind/mgr/cephadm/serve.py | 10 +++++++---
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm
index 0de6dc4e523b3..a946ab240c463 100755
--- a/src/cephadm/cephadm
+++ b/src/cephadm/cephadm
@@ -6867,6 +6867,18 @@ def command_rm_daemon(ctx):
     else:
         call_throws(ctx, ['rm', '-rf', data_dir])
 
+    if 'tcp_ports' in ctx and ctx.tcp_ports is not None:
+        ports: List[int] = [int(p) for p in ctx.tcp_ports.split()]
+        try:
+            fw = Firewalld(ctx)
+            fw.close_ports(ports)
+            fw.apply_rules()
+        except RuntimeError as e:
+            # in case we cannot close the ports we will remove
+            # the daemon but keep them open.
+            logger.warning(f' Error when trying to close ports: {e}')
+
+
 ##################################
 
 
@@ -8513,6 +8525,9 @@ def _get_parser():
         required=True,
         action=CustomValidation,
         help='daemon name (type.id)')
+    parser_rm_daemon.add_argument(
+        '--tcp-ports',
+        help='List of tcp ports to close in the host firewall')
     parser_rm_daemon.add_argument(
         '--fsid',
         required=True,
diff --git a/src/pybind/mgr/cephadm/serve.py b/src/pybind/mgr/cephadm/serve.py
index 4c031f3b50c90..b6b4211e78a77 100644
--- a/src/pybind/mgr/cephadm/serve.py
+++ b/src/pybind/mgr/cephadm/serve.py
@@ -1196,11 +1196,15 @@ class CephadmServe:
         with set_exception_subject('service', daemon.service_id(), overwrite=True):
 
             self.mgr.cephadm_services[daemon_type_to_service(daemon_type)].pre_remove(daemon)
-
             # NOTE: we are passing the 'force' flag here, which means
             # we can delete a mon instances data.
-            args = ['--name', name, '--force']
-            self.log.info('Removing daemon %s from %s' % (name, host))
+            dd = self.mgr.cache.get_daemon(daemon.daemon_name)
+            if dd.ports:
+                args = ['--name', name, '--force', '--tcp-ports', ' '.join(map(str, dd.ports))]
+            else:
+                args = ['--name', name, '--force']
+
+            self.log.info('Removing daemon %s from %s -- ports %s' % (name, host, dd.ports))
             out, err, code = self.mgr.wait_async(self._run_cephadm(
                 host, name, 'rm-daemon', args))
             if not code:
-- 
2.39.5