From f274e142e745a1a105e13c675ee8531b3dd26119 Mon Sep 17 00:00:00 2001 From: Matthew Rees Date: Tue, 7 Jun 2016 13:48:07 +0200 Subject: [PATCH] Fix for nmap arguments and grep matching, as well as only running local_actions once --- .../tasks/checks/check_firewall.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/roles/ceph-common/tasks/checks/check_firewall.yml b/roles/ceph-common/tasks/checks/check_firewall.yml index b2e351544..5366380e3 100644 --- a/roles/ceph-common/tasks/checks/check_firewall.yml +++ b/roles/ceph-common/tasks/checks/check_firewall.yml @@ -4,21 +4,24 @@ changed_when: false failed_when: false register: nmapexist + run_once: true when: check_firewall - name: inform that nmap is not present debug: msg: "nmap is not installed, can not test if ceph ports are allowed :(" + run_once: true when: - check_firewall - nmapexist.rc != 0 - name: check if monitor port is not filtered - local_action: shell set -o pipefail && nmap -p 6789 {{ item }} {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] if hostvars[item]['ansible_' + monitor_interface] is defined else hostvars[item]['monitor_address'] }} | grep -sqo filtered + local_action: shell set -o pipefail && nmap -p 6789 {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] if hostvars[item]['ansible_' + monitor_interface] is defined else hostvars[item]['monitor_address'] }} | grep -sqo -e filtered -e '0 hosts up' changed_when: false failed_when: false with_items: "{{ groups[mon_group_name] }}" register: monportstate + run_once: true when: - check_firewall - mon_group_name in group_names @@ -28,6 +31,7 @@ fail: msg: "Please allow port 6789 on your firewall" with_items: monportstate.results + run_once: true when: - check_firewall - item is defined and item.has_key('rc') and item.rc == 0 @@ -36,11 +40,12 @@ - nmapexist.rc == 0 - name: check if osd and mds range is not filtered (osd hosts) - local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered + local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up' changed_when: false failed_when: false with_items: "{{ groups[osd_group_name] }}" register: osdrangestate + run_once: true when: - check_firewall - osd_group_name in group_names @@ -50,6 +55,7 @@ fail: msg: "Please allow range from 6800 to 7300 on your firewall" with_items: osdrangestate.results + run_once: true when: - check_firewall - item is defined and item.has_key('rc') and item.rc == 0 @@ -58,11 +64,12 @@ - nmapexist.rc == 0 - name: check if osd and mds range is not filtered (mds hosts) - local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered + local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up' changed_when: false failed_when: false with_items: "{{ groups[mds_group_name] }}" register: mdsrangestate + run_once: true when: - check_firewall - mds_group_name in group_names @@ -72,6 +79,7 @@ fail: msg: "Please allow range from 6800 to 7300 on your firewall" with_items: mdsrangestate.results + run_once: true when: - check_firewall - item is defined and item.has_key('rc') and item.rc == 0 @@ -80,11 +88,12 @@ - nmapexist.rc == 0 - name: check if rados gateway port is not filtered - local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered + local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up' changed_when: false failed_when: false with_items: "{{ groups[rgw_group_name] }}" register: rgwportstate + run_once: true when: - check_firewall - rgw_group_name in group_names @@ -94,6 +103,7 @@ fail: msg: "Please allow port {{ radosgw_civetweb_port }} on your firewall" with_items: rgwportstate.results + run_once: true when: - check_firewall - item is defined and item.has_key('rc') and item.rc == 0 -- 2.39.5