Bug 1526400

Summary: [RFE] Configure firewalld by default
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Sébastien Han <shan>
Component: Ceph-AnsibleAssignee: Guillaume Abrioux <gabrioux>
Status: CLOSED ERRATA QA Contact: subhash <vpoliset>
Severity: medium Docs Contact: Bara Ancincova <bancinco>
Priority: medium    
Version: 3.0CC: adeza, aschoen, ceph-eng-bugs, edonnell, gabrioux, gmeno, hnallurv, kdreyer, nlevine, nthomas, rperiyas, sankarshan, shan, tserlin, vpoliset
Target Milestone: rcKeywords: FutureFeature
Target Release: 3.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: RHEL: ceph-ansible-3.2.0-0.1.beta8.el7cp Ubuntu: ceph-ansible_3.2.0~beta8-2redhat1 Doc Type: Enhancement
Doc Text:
.Ansible now configures `firewalld` by default The `ceph-ansible` utility now configures the `firewalld` service by default when creating a new cluster. Previously, it only checked if required ports were opened or closed, but it did not configure any firewall rules.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-03 19:01:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1629656    

Description Sébastien Han 2017-12-15 11:29:39 UTC 
Description of problem:

Currently, ceph-ansible only checks for ports opened/closed but does not configure any firewall rules.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

ceph-ansible should configure firewall rules if firewalld is present.

Additional info:
Comment 4 Ken Dreyer (Red Hat) 2018-04-16 23:11:52 UTC 
*** Bug 1508004 has been marked as a duplicate of this bug. ***
Comment 5 Sébastien Han 2018-05-18 11:30:24 UTC 
Present in v3.1.0rc3.
Comment 7 Sébastien Han 2018-06-07 08:20:11 UTC 
Moving this back to ASSIGNED since https://github.com/ceph/ceph-ansible/pull/2686 is not in the release yet.
Comment 8 Ken Dreyer (Red Hat) 2018-07-10 17:50:53 UTC 
Is https://github.com/ceph/ceph-ansible/pull/2686 all we need in stable-3.1? https://github.com/ceph/ceph-ansible/issues/2692 points at a couple other things.
Comment 9 Christina Meno 2018-07-11 14:11:55 UTC 
Seb. Would you please clear up the confusion here?
Comment 10 Ken Dreyer (Red Hat) 2018-07-24 21:53:31 UTC 
It's unclear what needs to be backported, so I'm re-targeting this RFE to 3.2.
Comment 14 Sébastien Han 2018-09-25 15:21:08 UTC 
Present in https://github.com/ceph/ceph-ansible/releases/tag/v3.2.0beta2
Comment 18 Sébastien Han 2018-10-18 09:19:22 UTC 
Assigning to Guillaume, he did most of the testing and code on this.
Comment 24 subhash 2018-10-25 06:12:05 UTC 
moving back to assigned as firewall rules aren't showing up in > iptables -L -vnx ,firewall-cmd --reload ensures rules are listed.

Version: ceph-ansible-3.2.0-0.1.beta7.el7cp.noarch
Comment 25 Sébastien Han 2018-10-25 11:13:08 UTC 
I believe this fix is in beta8, can you update your ceph-ansible version?
Thanks.
Comment 33 errata-xmlrpc 2019-01-03 19:01:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0020