Bug 2270948

Summary: [cephadm](BUG): honor --skip-firewalld in section Open ports explicitly required for the daemon
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Michaela Lang <milang>
Component: CephadmAssignee: Adam King <adking>
Status: CLOSED ERRATA QA Contact: hacharya
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.1CC: adam.king, adking, bhkaur, bkunal, cephqe-warriors, hacharya, saraut, tserlin, vdas
Target Milestone: ---   
Target Release: 7.1z4   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ceph-18.2.1-306.el9cp Doc Type: Bug Fix
Doc Text:
.Bootstrap with skip-firewalld no longer triggers firewall log messages Previously, cephadm ignored the --skip-firewalld option during bootstrap and attempted firewall operations. As a result, it logged messages about being unable to open firewall ports, even when the user explicitly requested to skip firewall configuration. With this fix, cephadm recognizes the --skip-firewalld flag and no longer attempts firewall-related operations during bootstrap. The misleading log messages no longer appear.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2025-05-07 12:47:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michaela Lang 2024-03-22 10:12:23 UTC 
Description of problem:
with firewalld absent of a system the --skip-firewalld option is not honored for none firewall service defined daemon (eq. rgw)

Version-Release number of selected component (if applicable):
5.x, 6.x, 7.x

How reproducible:
always

Steps to Reproduce:
1. remove firewalld package from the system
2. install ceph through cephadm using --skip-firewalld


Actual results:
```
DEBUG firewalld does not appear to be present
DEBUG Not possible to enable service <rgw>. firewalld.service is not available
DEBUG firewalld does not appear to be present
DEBUG Not possible to open ports <[10443]>. firewalld.service is not available
```


Expected results:
Ceph installation


Additional info:
This behavior is coming from the Open ports explicitly required for the daemon code section which does not check for the flag.

We already submitted an Upstream patch which was accepted and merged. 
We need downstream patching please.
https://github.com/ceph/ceph/pull/54158
Comment 24 errata-xmlrpc 2025-05-07 12:47:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:4664