From d248f6bf8de1c2d6bc1cc7f49a4f4b0a72c39f80 Mon Sep 17 00:00:00 2001
From: Dimitri Savineau <dsavinea@redhat.com>
Date: Tue, 10 Mar 2020 22:41:27 -0400
Subject: [PATCH] ceph-infra: open radosgw ports for multi instances

When using the radosgw multi instances configuration then the firewall
rules aren't adapted to that setup.
We only open the port according to the radosgw_frontend_port variable
so only the first radosgw instance port will be opened in the firewall
configuration.
We should instead iterate over the rgw_instances list.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit e8bf0a0cf2fdd9d02e442b6778b8b3f76a1c9473)
---
 roles/ceph-infra/tasks/configure_firewall.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/ceph-infra/tasks/configure_firewall.yml b/roles/ceph-infra/tasks/configure_firewall.yml
index 3d566b73b..c43919c08 100644
--- a/roles/ceph-infra/tasks/configure_firewall.yml
+++ b/roles/ceph-infra/tasks/configure_firewall.yml
@@ -129,11 +129,12 @@
 
     - name: open rgw ports
       firewalld:
-        port: "{{ radosgw_frontend_port }}/tcp"
+        port: "{{ item.radosgw_frontend_port }}/tcp"
         zone: "{{ ceph_rgw_firewall_zone }}"
         permanent: true
         immediate: true
         state: enabled
+      loop: "{{ rgw_instances }}"
       when:
         - rgw_group_name is defined
         - rgw_group_name in group_names
-- 
2.39.5