Bug 2154794

Summary: [RFE] Check iptables config and alert/modify to users if there are any incompatible configs before/while installation
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Vasishta <vashastr>
Component: CephadmAssignee: Adam King <adking>
Status: CLOSED WONTFIX QA Contact: Manisha Saini <msaini>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.3CC: bhubbard, cephqe-warriors, saraut
Target Milestone: ---Keywords: FutureFeature
Target Release: 7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-06 17:35:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vasishta 2022-12-19 09:43:18 UTC 
Description of problem:
Check iptables config and alert/modify to users if there are any incompatible configs before proceeding to installation to help users to know the risks and mitigate them properly.

Context - BZ 2152986
We configured a cluster using cephadm and after sometime one of the node had to be rebooted. which caused iptales services to be restarted.

>> -A INPUT -j REJECT --reject-with icmp-host-prohibited
above rule in /etc/sysconfig/iptables caused OSDs to go down.

This RFE is to track enhancement to cephadm/cephadm-ansible to check ipconfigs *which are not compatible to run ceph cluster* and warn/modify about iptable config and help users to have cluster running seamless.

Version-Release number of selected component (if applicable):
<latest>

Expected results:
cephadm to check iptables and its config and warn/modify users about possible implications about incompatible rules to the users before cluster configuration.

Additional info:
BZ 2152986 has more details about the implications of one of the incompatible rule and https://bugzilla.redhat.com/show_bug.cgi?id=2152986#c22 has related conversation.
HAve filed BZ 2154752 to cover this from documentation until we have it implemented by cephadm/cephadm-ansible.