2154794 – [RFE] Check iptables config and alert/modify to users if there are any incompatible configs before/while installation

Bug 2154794 - [RFE] Check iptables config and alert/modify to users if there are any incompatible configs before/while installation

Summary: [RFE] Check iptables config and alert/modify to users if there are any incomp...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Cephadm
Sub Component:
Version:	5.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	7.0
Assignee:	Adam King
QA Contact:	Manisha Saini
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-12-19 09:43 UTC by Vasishta
Modified:	2023-07-06 17:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-07-06 17:35:41 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-5818	0	None	None	None	2022-12-19 09:54:41 UTC

Description Vasishta 2022-12-19 09:43:18 UTC

Description of problem:
Check iptables config and alert/modify to users if there are any incompatible configs before proceeding to installation to help users to know the risks and mitigate them properly.

Context - BZ 2152986
We configured a cluster using cephadm and after sometime one of the node had to be rebooted. which caused iptales services to be restarted.

>> -A INPUT -j REJECT --reject-with icmp-host-prohibited
above rule in /etc/sysconfig/iptables caused OSDs to go down.

This RFE is to track enhancement to cephadm/cephadm-ansible to check ipconfigs *which are not compatible to run ceph cluster* and warn/modify about iptable config and help users to have cluster running seamless.

Version-Release number of selected component (if applicable):
<latest>

Expected results:
cephadm to check iptables and its config and warn/modify users about possible implications about incompatible rules to the users before cluster configuration.

Additional info:
BZ 2152986 has more details about the implications of one of the incompatible rule and https://bugzilla.redhat.com/show_bug.cgi?id=2152986#c22 has related conversation.
HAve filed BZ 2154752 to cover this from documentation until we have it implemented by cephadm/cephadm-ansible.

Note You need to log in before you can comment on or make changes to this bug.