Description of problem: Prior to RHCS 3.1, firewalld service could be disabled. As of RHCS 3.1, ceph-ansible will fail unless it finds the service running. Enabling firewalld service should be optional and not required as customers running some internal stage/test environments do not enable firewalld. Our 3.0 docs actually mention that enabling firewalld is optional: https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/installation_guide_for_red_hat_enterprise_linux/#configuring-a-firewall-for-red-hat-ceph-storage Version-Release number of selected component (if applicable): RHCS 3.1
Could you please post a log of the failure? Thanks.
I don't need the logs Mike, I guess the current patch handles your request.
deployed a cluster with firewalld service stopped and disabled,the playbook runs fine with below all.yml vars.Will move the bz to verified state once ON_QA. --- dummy: fetch_directory: ~/ceph-ansible-keys #configure_firewall: False ceph_origin: distro ceph_repository: rhcs monitor_interface: eno1 # "{{ ceph_mon_docker_interface if ceph_mon_docker_interface != 'interface' else 'interface' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1 public_network: 10.8.128.0/21 #"{{ ceph_mon_docker_subnet if ceph_mon_docker_subnet != '0.0.0.0/0' else '0.0.0.0/0' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1 Hi leseb, "Now you can enable or disable the fw configuration by setting configure_firewall to either true or false." I have tried the following scenarios a) 1) stopped the firewalld service and disabled it 2) deployed a ceph cluster with configure_firewall: True The playbook ran fine but the firewall is disabled ,service was not running. b) 1) stopped the firewalld service (still enabled) 2) deployed a ceph cluster with configure_firewall: True The playbook ran fine but the firewalld service was not running. its not making any difference whether the " configure_firewall: "parameter is set to true or not. shud the firewalld service need to be running in order for the params " configure_firewall: " to take effect? can you clarify what exactly the new parameter in all.yml does? thanks
The new parameter skips the configuration of the firewalling rules. If firewalld is not running, we won't start, we let the firewalld module take care of everything. If you set configure_firewall to True, you must have firewalld running. I've pushed a new PR so we start firewalld if configure_firewall is True
Moving to assigned based on the last patch sent.
PR 2776 is backported to stable-3.1 upstream - need a new Git tag on stable-3.1 now.
ceph-ansible v3.1.0rc10 has the changes for this BZ.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2819