Bug 2270948 - [cephadm](BUG): honor --skip-firewalld in section Open ports explicitly required for the daemon
Summary: [cephadm](BUG): honor --skip-firewalld in section Open ports explicitly requi...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: Cephadm
Version: 7.1
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
: 7.1z4
Assignee: Adam King
QA Contact: hacharya
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-03-22 10:12 UTC by Michaela Lang
Modified: 2025-05-07 12:47 UTC (History)
9 users (show)

Fixed In Version: ceph-18.2.1-306.el9cp
Doc Type: Bug Fix
Doc Text:
.Bootstrap with skip-firewalld no longer triggers firewall log messages Previously, cephadm ignored the --skip-firewalld option during bootstrap and attempted firewall operations. As a result, it logged messages about being unable to open firewall ports, even when the user explicitly requested to skip firewall configuration. With this fix, cephadm recognizes the --skip-firewalld flag and no longer attempts firewall-related operations during bootstrap. The misleading log messages no longer appear.
Clone Of:
Environment:
Last Closed: 2025-05-07 12:47:05 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github ceph ceph pull 54158 0 None Merged [cephadm](BUG): honor --skip-firewalld in section Open ports explicitly required for the daemon 2024-05-16 09:47:49 UTC
Red Hat Issue Tracker RHCEPH-8611 0 None None None 2024-03-22 10:13:57 UTC
Red Hat Product Errata RHSA-2025:4664 0 None None None 2025-05-07 12:47:09 UTC

Description Michaela Lang 2024-03-22 10:12:23 UTC 
Description of problem:
with firewalld absent of a system the --skip-firewalld option is not honored for none firewall service defined daemon (eq. rgw)

Version-Release number of selected component (if applicable):
5.x, 6.x, 7.x

How reproducible:
always

Steps to Reproduce:
1. remove firewalld package from the system
2. install ceph through cephadm using --skip-firewalld


Actual results:
```
DEBUG firewalld does not appear to be present
DEBUG Not possible to enable service <rgw>. firewalld.service is not available
DEBUG firewalld does not appear to be present
DEBUG Not possible to open ports <[10443]>. firewalld.service is not available
```


Expected results:
Ceph installation


Additional info:
This behavior is coming from the Open ports explicitly required for the daemon code section which does not check for the flag.

We already submitted an Upstream patch which was accepted and merged. 
We need downstream patching please.
https://github.com/ceph/ceph/pull/54158
Comment 24 errata-xmlrpc 2025-05-07 12:47:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:4664
Note You need to log in before you can comment on or make changes to this bug.