Bug 1526400 - [RFE] Configure firewalld by default
Summary: [RFE] Configure firewalld by default
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: Ceph-Ansible
Version: 3.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: 3.2
Assignee: Guillaume Abrioux
QA Contact: subhash
Bara Ancincova
URL:
Whiteboard:
: 1508004 (view as bug list)
Depends On:
Blocks: 1629656
TreeView+ depends on / blocked
 
Reported: 2017-12-15 11:29 UTC by Sébastien Han
Modified: 2019-01-03 19:01 UTC (History)
15 users (show)

Fixed In Version: RHEL: ceph-ansible-3.2.0-0.1.beta8.el7cp Ubuntu: ceph-ansible_3.2.0~beta8-2redhat1
Doc Type: Enhancement
Doc Text:
.Ansible now configures `firewalld` by default The `ceph-ansible` utility now configures the `firewalld` service by default when creating a new cluster. Previously, it only checked if required ports were opened or closed, but it did not configure any firewall rules.
Clone Of:
Environment:
Last Closed: 2019-01-03 19:01:20 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github ceph ceph-ansible pull 2196 0 'None' closed firewall: configure firewalld if it's already installed on the host (… 2020-04-29 03:57:37 UTC
Github ceph ceph-ansible pull 2686 0 'None' closed ceph-common: add firewall rules for ceph-mgr 2020-04-29 03:57:37 UTC
Github ceph ceph-ansible pull 3248 0 'None' closed defaults: set default `configure_firewall` to `True` 2020-04-29 03:57:39 UTC
Red Hat Bugzilla 1589146 0 high CLOSED Ceph-Ansible requires firewalld service to be enabled 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2019:0020 0 None None None 2019-01-03 19:01:49 UTC

Internal Links: 1589146

Description Sébastien Han 2017-12-15 11:29:39 UTC 
Description of problem:

Currently, ceph-ansible only checks for ports opened/closed but does not configure any firewall rules.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

ceph-ansible should configure firewall rules if firewalld is present.

Additional info:
Comment 4 Ken Dreyer (Red Hat) 2018-04-16 23:11:52 UTC 
*** Bug 1508004 has been marked as a duplicate of this bug. ***
Comment 5 Sébastien Han 2018-05-18 11:30:24 UTC 
Present in v3.1.0rc3.
Comment 7 Sébastien Han 2018-06-07 08:20:11 UTC 
Moving this back to ASSIGNED since https://github.com/ceph/ceph-ansible/pull/2686 is not in the release yet.
Comment 8 Ken Dreyer (Red Hat) 2018-07-10 17:50:53 UTC 
Is https://github.com/ceph/ceph-ansible/pull/2686 all we need in stable-3.1? https://github.com/ceph/ceph-ansible/issues/2692 points at a couple other things.
Comment 9 Christina Meno 2018-07-11 14:11:55 UTC 
Seb. Would you please clear up the confusion here?
Comment 10 Ken Dreyer (Red Hat) 2018-07-24 21:53:31 UTC 
It's unclear what needs to be backported, so I'm re-targeting this RFE to 3.2.
Comment 14 Sébastien Han 2018-09-25 15:21:08 UTC 
Present in https://github.com/ceph/ceph-ansible/releases/tag/v3.2.0beta2
Comment 18 Sébastien Han 2018-10-18 09:19:22 UTC 
Assigning to Guillaume, he did most of the testing and code on this.
Comment 24 subhash 2018-10-25 06:12:05 UTC 
moving back to assigned as firewall rules aren't showing up in > iptables -L -vnx ,firewall-cmd --reload ensures rules are listed.

Version: ceph-ansible-3.2.0-0.1.beta7.el7cp.noarch
Comment 25 Sébastien Han 2018-10-25 11:13:08 UTC 
I believe this fix is in beta8, can you update your ceph-ansible version?
Thanks.
Comment 33 errata-xmlrpc 2019-01-03 19:01:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0020
Note You need to log in before you can comment on or make changes to this bug.