Bug 2336863

Summary: When the cephadm agent is deployed, the 4721/tcp port is not opened (firewalld)
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Paul Cuzner <pcuzner>
Component: CephadmAssignee: Shweta Bhosale <shbhosal>
Status: CLOSED ERRATA QA Contact: Sayalee <saraut>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.0CC: akane, cephqe-warriors, kdeb, saraut, tserlin
Target Milestone: ---   
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-19.2.1-86.el9cp Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-06-26 12:20:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul Cuzner 2025-01-10 03:54:04 UTC 
Description of problem:
testing cephadm agent in 8.0 (yes I know it's not GA!) showed that the port cephadm uses is not opened in the firewalld configuration.

Looking at the mgr log shows
Jan 09 14:39:22 ceph-osd01 ceph-mgr[39380]: [cephadm ERROR root] Failed to contact agent on host ceph-osd03: [Errno 113] No route to host
Jan 09 14:39:22 ceph-osd01 ceph-mgr[39380]: log_channel(cephadm) log [ERR] : Failed to contact agent on host ceph-osd03: [Errno 113] No route to host
Jan 09 14:39:22 ceph-osd01 ceph-d4f3914a-ced7-11ef-97cf-6cfe54589f10-mgr-ceph-osd01-rmqmtq[39374]: 2025-01-09T22:39:22.594+0000 7f174828c640 -1 log_channel(cephadm) log [ERR] : Failed to contact agent on host ceph-osd03: [Errno 113] No >
Jan 09 14:39:22 ceph-osd01 ceph-mgr[39380]: [cephadm ERROR root] Failed to contact agent on host ceph-osd04: [Errno 113] No route to host
Jan 09 14:39:22 ceph-osd01 ceph-mgr[39380]: log_channel(cephadm) log [ERR] : Failed to contact agent on host ceph-osd04: [Errno 113] No route to host
Jan 09 14:39:22 ceph-osd01 ceph-d4f3914a-ced7-11ef-97cf-6cfe54589f10-mgr-ceph-osd01-rmqmtq[39374]: 2025-01-09T22:39:22.922+0000 7f174928e640 -1 log_channel(cephadm) log [ERR] : Failed to contact agent on host ceph-osd04: [Errno 113] No >
Jan 09 14:39:23 ceph-osd01 ceph-mgr[39380]: [devicehealth WARNING root] not enough osds to create mgr pool

Opening the port resolves the issue.

Version-Release number of selected component (if applicable):
 19.2.0-55.el9cp

How reproducible:


Steps to Reproduce:
1. Deploy Squid (Ceph 8.0) to nodes with firewalld enabled
2. Enable the agent
3. Check firewall configuration on all nodes

Actual results:
no route to host errors in the agent log and mgr

Expected results:
Agents should be accessible following a deployment

Additional info:
Comment 6 errata-xmlrpc 2025-06-26 12:20:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775