2336863 – When the cephadm agent is deployed, the 4721/tcp port is not opened (firewalld)

Bug 2336863 - When the cephadm agent is deployed, the 4721/tcp port is not opened (firewalld)

Summary: When the cephadm agent is deployed, the 4721/tcp port is not opened (firewalld)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Cephadm
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	8.1
Assignee:	Shweta Bhosale
QA Contact:	Sayalee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-01-10 03:54 UTC by Paul Cuzner
Modified:	2025-06-26 12:20 UTC (History)
CC List:	5 users (show)
Fixed In Version:	ceph-19.2.1-86.el9cp
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2025-06-26 12:20:39 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-10420	0	None	None	None	2025-01-10 03:54:26 UTC
Red Hat Product Errata	RHSA-2025:9775	0	None	None	None	2025-06-26 12:20:42 UTC

Description Paul Cuzner 2025-01-10 03:54:04 UTC

Description of problem:
testing cephadm agent in 8.0 (yes I know it's not GA!) showed that the port cephadm uses is not opened in the firewalld configuration.

Looking at the mgr log shows
Jan 09 14:39:22 ceph-osd01 ceph-mgr[39380]: [cephadm ERROR root] Failed to contact agent on host ceph-osd03: [Errno 113] No route to host
Jan 09 14:39:22 ceph-osd01 ceph-mgr[39380]: log_channel(cephadm) log [ERR] : Failed to contact agent on host ceph-osd03: [Errno 113] No route to host
Jan 09 14:39:22 ceph-osd01 ceph-d4f3914a-ced7-11ef-97cf-6cfe54589f10-mgr-ceph-osd01-rmqmtq[39374]: 2025-01-09T22:39:22.594+0000 7f174828c640 -1 log_channel(cephadm) log [ERR] : Failed to contact agent on host ceph-osd03: [Errno 113] No >
Jan 09 14:39:22 ceph-osd01 ceph-mgr[39380]: [cephadm ERROR root] Failed to contact agent on host ceph-osd04: [Errno 113] No route to host
Jan 09 14:39:22 ceph-osd01 ceph-mgr[39380]: log_channel(cephadm) log [ERR] : Failed to contact agent on host ceph-osd04: [Errno 113] No route to host
Jan 09 14:39:22 ceph-osd01 ceph-d4f3914a-ced7-11ef-97cf-6cfe54589f10-mgr-ceph-osd01-rmqmtq[39374]: 2025-01-09T22:39:22.922+0000 7f174928e640 -1 log_channel(cephadm) log [ERR] : Failed to contact agent on host ceph-osd04: [Errno 113] No >
Jan 09 14:39:23 ceph-osd01 ceph-mgr[39380]: [devicehealth WARNING root] not enough osds to create mgr pool

Opening the port resolves the issue.

Version-Release number of selected component (if applicable):
 19.2.0-55.el9cp

How reproducible:


Steps to Reproduce:
1. Deploy Squid (Ceph 8.0) to nodes with firewalld enabled
2. Enable the agent
3. Check firewall configuration on all nodes

Actual results:
no route to host errors in the agent log and mgr

Expected results:
Agents should be accessible following a deployment

Additional info:

Comment 6 errata-xmlrpc 2025-06-26 12:20:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775

Note You need to log in before you can comment on or make changes to this bug.