Bug 1589146
| Summary: | Ceph-Ansible requires firewalld service to be enabled | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Mike Hackett <mhackett> |
| Component: | Ceph-Ansible | Assignee: | Sébastien Han <shan> |
| Status: | CLOSED ERRATA | QA Contact: | Sidhant Agrawal <sagrawal> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 3.1 | CC: | aschoen, ceph-eng-bugs, ceph-qe-bugs, dfuller, gmeno, hnallurv, kdreyer, mhackett, nthomas, sankarshan, shan |
| Target Milestone: | rc | ||
| Target Release: | 3.1 | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | RHEL: ceph-ansible-3.1.0-0.1.rc10.el7cp Ubuntu: ceph-ansible_3.1.0~rc10-2redhat1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-09-26 18:21:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1581350 | ||
|
Description
Mike Hackett
2018-06-08 13:42:24 UTC
Could you please post a log of the failure? Thanks. I don't need the logs Mike, I guess the current patch handles your request. deployed a cluster with firewalld service stopped and disabled,the playbook runs fine with below all.yml vars.Will move the bz to verified state once ON_QA.
---
dummy:
fetch_directory: ~/ceph-ansible-keys
#configure_firewall: False
ceph_origin: distro
ceph_repository: rhcs
monitor_interface: eno1 # "{{ ceph_mon_docker_interface if ceph_mon_docker_interface != 'interface' else 'interface' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
public_network: 10.8.128.0/21 #"{{ ceph_mon_docker_subnet if ceph_mon_docker_subnet != '0.0.0.0/0' else '0.0.0.0/0' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
Hi leseb,
"Now you can enable or disable the fw configuration by setting
configure_firewall to either true or false."
I have tried the following scenarios
a)
1) stopped the firewalld service and disabled it
2) deployed a ceph cluster with configure_firewall: True
The playbook ran fine but the firewall is disabled ,service was not running.
b)
1) stopped the firewalld service (still enabled)
2) deployed a ceph cluster with configure_firewall: True
The playbook ran fine but the firewalld service was not running.
its not making any difference whether the " configure_firewall: "parameter is set to true or not.
shud the firewalld service need to be running in order for the params " configure_firewall: " to take effect?
can you clarify what exactly the new parameter in all.yml does?
thanks
The new parameter skips the configuration of the firewalling rules. If firewalld is not running, we won't start, we let the firewalld module take care of everything. If you set configure_firewall to True, you must have firewalld running. I've pushed a new PR so we start firewalld if configure_firewall is True Moving to assigned based on the last patch sent. PR 2776 is backported to stable-3.1 upstream - need a new Git tag on stable-3.1 now. ceph-ansible v3.1.0rc10 has the changes for this BZ. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2819 |