From 7ac73202f74ec508312a801723f7685d10036ff8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C3=A9bastien=20Han?= Date: Fri, 26 Oct 2018 12:12:20 +0200 Subject: [PATCH] fw: update rules for mon/mgr collocation MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Since we now deploy mgr on mon we need to open fw rules so the mgr can reach out to the osds. Signed-off-by: Sébastien Han --- roles/ceph-infra/tasks/configure_firewall.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/ceph-infra/tasks/configure_firewall.yml b/roles/ceph-infra/tasks/configure_firewall.yml index 1ed23dd85..2e4676a58 100644 --- a/roles/ceph-infra/tasks/configure_firewall.yml +++ b/roles/ceph-infra/tasks/configure_firewall.yml @@ -21,15 +21,18 @@ - firewalld_pkg_query.get('rc', 1) == 0 or is_atomic -- name: open monitor ports +- name: open monitor and manager ports firewalld: - service: ceph-mon - zone: "{{ ceph_mon_firewall_zone }}" + service: "{{ item.service }}" + zone: "{{ item.zone }}" source: "{{ public_network }}" permanent: true immediate: true state: enabled notify: restart firewalld + with_items: + - { 'service': 'ceph-mon', 'zone': "{{ ceph_mon_firewall_zone }}" } + - { 'service': 'ceph', 'zone': "{{ ceph_mgr_firewall_zone }}" } when: - mon_group_name is defined - mon_group_name in group_names -- 2.39.5