From a4ab8293c697e829d41f7d656ae5000c183220fa Mon Sep 17 00:00:00 2001
From: Zack Cerza <zack@redhat.com>
Date: Tue, 7 Aug 2018 11:32:59 -0700
Subject: [PATCH] ceph-mgr: Open port 9283

https://github.com/ceph/cephmetrics/issues/213

Signed-off-by: Zack Cerza <zack@redhat.com>
---
 .../ceph-mgr/tasks/configure_firewall.yml     | 19 +++++++++++++++++++
 ansible/roles/ceph-mgr/tasks/main.yml         |  4 ++++
 2 files changed, 23 insertions(+)
 create mode 100644 ansible/roles/ceph-mgr/tasks/configure_firewall.yml

diff --git a/ansible/roles/ceph-mgr/tasks/configure_firewall.yml b/ansible/roles/ceph-mgr/tasks/configure_firewall.yml
new file mode 100644
index 0000000..40905b8
--- /dev/null
+++ b/ansible/roles/ceph-mgr/tasks/configure_firewall.yml
@@ -0,0 +1,19 @@
+---
+- name: Check firewalld status
+  shell: "systemctl show firewalld | grep UnitFileState"
+  register: firewalld_status
+  failed_when: false
+  changed_when: false
+  tags:
+    - skip_ansible_lint
+
+- name: Open port for the mgr prometheus module
+  firewalld:
+    port: "{{ item }}"
+    zone: "{{ firewalld_zone }}"
+    state: enabled
+    immediate: true
+    permanent: true
+  with_items:
+    - 9283/tcp
+  when: "'enabled' in firewalld_status.stdout"
diff --git a/ansible/roles/ceph-mgr/tasks/main.yml b/ansible/roles/ceph-mgr/tasks/main.yml
index 0a3617f..e19fe7c 100644
--- a/ansible/roles/ceph-mgr/tasks/main.yml
+++ b/ansible/roles/ceph-mgr/tasks/main.yml
@@ -7,6 +7,10 @@
   meta: end_play
   when: backend.metrics != 'mgr' or backend.storage != 'prometheus'
 
+- import_tasks: configure_firewall.yml
+  tags:
+    - firewall
+
 - name: Check to see if the mgr is containerized
   command: "docker inspect {{ item }}"
   with_items:
-- 
2.47.3