Bug 1526400 - [RFE] Configure firewalld by default
Summary: [RFE] Configure firewalld by default
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: Ceph-Ansible
Version: 3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 3.2
Assignee: Guillaume Abrioux
QA Contact: subhash
Bara Ancincova
: 1508004 (view as bug list)
Depends On:
Blocks: 1629656
TreeView+ depends on / blocked
Reported: 2017-12-15 11:29 UTC by leseb
Modified: 2019-01-03 19:01 UTC (History)
15 users (show)

Fixed In Version: RHEL: ceph-ansible-3.2.0-0.1.beta8.el7cp Ubuntu: ceph-ansible_3.2.0~beta8-2redhat1
Doc Type: Enhancement
Doc Text:
.Ansible now configures `firewalld` by default The `ceph-ansible` utility now configures the `firewalld` service by default when creating a new cluster. Previously, it only checked if required ports were opened or closed, but it did not configure any firewall rules.
Clone Of:
Last Closed: 2019-01-03 19:01:20 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github ceph ceph-ansible pull 2196 'None' 'closed' 'firewall: configure firewalld if it''s already installed on the host (…' 2019-11-12 10:39:36 UTC
Github ceph ceph-ansible pull 2686 'None' 'closed' 'ceph-common: add firewall rules for ceph-mgr' 2019-11-12 10:39:35 UTC
Github ceph ceph-ansible pull 3248 'None' 'closed' 'defaults: set default `configure_firewall` to `True`' 2019-11-12 10:39:36 UTC
Red Hat Bugzilla 1589146 'high' 'CLOSED' 'Ceph-Ansible requires firewalld service to be enabled' 2019-11-12 10:39:35 UTC
Red Hat Product Errata RHBA-2019:0020 None None None 2019-01-03 19:01:49 UTC

Internal Links: 1589146

Description leseb 2017-12-15 11:29:39 UTC
Description of problem:

Currently, ceph-ansible only checks for ports opened/closed but does not configure any firewall rules.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

ceph-ansible should configure firewall rules if firewalld is present.

Additional info:

Comment 4 Ken Dreyer (Red Hat) 2018-04-16 23:11:52 UTC
*** Bug 1508004 has been marked as a duplicate of this bug. ***

Comment 5 leseb 2018-05-18 11:30:24 UTC
Present in v3.1.0rc3.

Comment 7 leseb 2018-06-07 08:20:11 UTC
Moving this back to ASSIGNED since https://github.com/ceph/ceph-ansible/pull/2686 is not in the release yet.

Comment 8 Ken Dreyer (Red Hat) 2018-07-10 17:50:53 UTC
Is https://github.com/ceph/ceph-ansible/pull/2686 all we need in stable-3.1? https://github.com/ceph/ceph-ansible/issues/2692 points at a couple other things.

Comment 9 Christina Meno 2018-07-11 14:11:55 UTC
Seb. Would you please clear up the confusion here?

Comment 10 Ken Dreyer (Red Hat) 2018-07-24 21:53:31 UTC
It's unclear what needs to be backported, so I'm re-targeting this RFE to 3.2.

Comment 18 leseb 2018-10-18 09:19:22 UTC
Assigning to Guillaume, he did most of the testing and code on this.

Comment 24 subhash 2018-10-25 06:12:05 UTC
moving back to assigned as firewall rules aren't showing up in > iptables -L -vnx ,firewall-cmd --reload ensures rules are listed.

Version: ceph-ansible-3.2.0-0.1.beta7.el7cp.noarch

Comment 25 leseb 2018-10-25 11:13:08 UTC
I believe this fix is in beta8, can you update your ceph-ansible version?

Comment 33 errata-xmlrpc 2019-01-03 19:01:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.