Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firewall: configure firewalld if it's already installed on the host (… #2196

Merged
merged 2 commits into from
Dec 12, 2017
Merged

firewall: configure firewalld if it's already installed on the host (… #2196

merged 2 commits into from
Dec 12, 2017

Conversation

eduardegorov
Copy link
Contributor

#2192).

Signed-off-by: Eduard Egorov eduard.egorov@icl-services.com

@eduardegorov eduardegorov mentioned this pull request Nov 17, 2017
Closed
@eduardegorov
firewall: configure firewalld if it's already installed on the host (c…
49d7d94 
…eph#2192).

Signed-off-by: Eduard Egorov <eduard.egorov@icl-services.com>
@leseb leseb added this to the v3.1 milestone Nov 20, 2017
leseb
leseb requested changes Nov 20, 2017
View reviewed changes
Copy link
Member

@leseb leseb left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, this looks good, thanks! However, it'd be nice if this could happen automatically. If we detect firewalld is up and running then we add ceph rules. Can you try that? Basically, users shouldn't have to enable configure_firewall. Thanks!

Also, I think you're missing some of the daemons too (MDS, rbd-mirror etc).

@eduardegorov eduardegorov force-pushed the configure_firewalld_if_exists branch 2 times, most recently from 136f7ef to 710084b Compare November 20, 2017 14:37
@eduardegorov
Copy link
Contributor Author

@leseb , pushed as an additional commit(see above):

  • mds: As far as I understand, mds nodes requires the same range as osd ones. Added.
  • rbd-mirror: didn't find anything useful on this in the internet - are usual osd port ranges fine here too?
  • mgr: it looks like that input ports depend on what kind of plugins are installed, right? Skipped it.
  • iscsi - opened 3260/tcp and 5000/tcp (api?) (took from (https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/2/html/block_device_guide/using_an_iscsi_gateway_technology_preview) )
  • nfs - enabled default 'nfs.xml' service definition (2049/tcp) and 111/tcp port additionally. Do we need UDP ones as well?
  • restapi: used 'restapi_port' variable from 'group_vars/all.yml'

@eduardegorov
firewall: add mds, nfs, restapi and iscsi ports, remove 'configure_fi…
a29e355 
…rewall' variable used for conditional execution. Include the task only on rpm-based systems.

Signed-off-by: Eduard Egorov <eduard.egorov@icl-services.com>
@leseb leseb merged commit a8a2c13 into ceph:master Dec 12, 2017
@leseb leseb mentioned this pull request Aug 20, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guits guits guits approved these changes

@leseb leseb leseb approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
v3.1
Development

Successfully merging this pull request may close these issues.
3 participants
@eduardegorov @leseb @guits