Description of problem: ======================= Samba deployment fails when firewalld is enabled on the server. Note: The issue occurs both with and without clustering. Scenario 1: Samba Deployment with Clustering Enabled & firewalld Enabled ==> Fail ================================================================================== # systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled) Active: active (running) since Mon 2025-02-17 11:07:57 UTC; 33s ago Docs: man:firewalld(1) Main PID: 3874212 (firewalld) Tasks: 2 (limit: 407871) Memory: 27.0M CPU: 370ms CGroup: /system.slice/firewalld.service └─3874212 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid Feb 17 11:07:57 argo012 systemd[1]: Starting firewalld - dynamic firewall daemon... Feb 17 11:07:57 argo012 systemd[1]: Started firewalld - dynamic firewall daemon. # ceph smb cluster create smb1 user --define_user_pass user1%passwd --placement label:smb --clustering default --public_addrs 10.8.131.254/21 { "resource": { "resource_type": "ceph.smb.cluster", "cluster_id": "smb1", "auth_mode": "user", "intent": "present", "user_group_settings": [ { "source_type": "resource", "ref": "smb1ajycysxa" } ], "placement": { "label": "smb" }, "clustering": "default", "public_addrs": [ { "address": "10.8.131.254/21" } ] }, "state": "created", "additional_results": [ { "resource": { "resource_type": "ceph.smb.usersgroups", "users_groups_id": "smb1ajycysxa", "intent": "present", "values": { "users": [ { "name": "user1", "password": "passwd" } ], "groups": [] }, "linked_to_cluster": "smb1" }, "state": "created", "success": true } ], "success": true } # ceph smb share create smb1 share1 cephfs / --subvolume smb/sv1 <=== Command Not Proceeding Scenario 2: Samba Deployment with Clustering Disabled & firewalld Enabled ==> Fail =================================================================================== # systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled) Active: active (running) since Mon 2025-02-17 11:07:57 UTC; 33s ago Docs: man:firewalld(1) Main PID: 3874212 (firewalld) Tasks: 2 (limit: 407871) Memory: 27.0M CPU: 370ms CGroup: /system.slice/firewalld.service └─3874212 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid Feb 17 11:07:57 argo012 systemd[1]: Starting firewalld - dynamic firewall daemon... Feb 17 11:07:57 argo012 systemd[1]: Started firewalld - dynamic firewall daemon. # ceph smb cluster create smb1 user --define_user_pass user1%passwd --placement label:smb --clustering never { "resource": { "resource_type": "ceph.smb.cluster", "cluster_id": "smb1", "auth_mode": "user", "intent": "present", "user_group_settings": [ { "source_type": "resource", "ref": "smb1pyadeclt" } ], "placement": { "label": "smb" }, "clustering": "never", "public_addrs": [] }, "state": "created", "additional_results": [ { "resource": { "resource_type": "ceph.smb.usersgroups", "users_groups_id": "smb1pyadeclt", "intent": "present", "values": { "users": [ { "name": "user1", "password": "passwd" } ], "groups": [] }, "linked_to_cluster": "smb1" }, "state": "created", "success": true } ], "success": true } # ceph smb share create smb1 share1 cephfs / --subvolume smb/sv1 <=== Command Not Proceeding Scenario 3: Samba Deployment with Clustering Enabled & firewalld Disabled ==> Pass =================================================================================== # systemctl status firewalld ○ firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) # ceph smb cluster create smb1 user --define_user_pass user1%passwd --placement label:smb --clustering default --public_addrs 10.8.131.254/21 { "resource": { "resource_type": "ceph.smb.cluster", "cluster_id": "smb1", "auth_mode": "user", "intent": "present", "user_group_settings": [ { "source_type": "resource", "ref": "smb1ajycysxa" } ], "placement": { "label": "smb" }, "clustering": "default", "public_addrs": [ { "address": "10.8.131.254/21" } ] }, "state": "created", "additional_results": [ { "resource": { "resource_type": "ceph.smb.usersgroups", "users_groups_id": "smb1ajycysxa", "intent": "present", "values": { "users": [ { "name": "user1", "password": "passwd" } ], "groups": [] }, "linked_to_cluster": "smb1" }, "state": "created", "success": true } ], "success": true } # ceph smb share create smb1 share1 cephfs / --subvolume smb/sv1 { "resource": { "resource_type": "ceph.smb.share", "cluster_id": "smb1", "share_id": "share1", "intent": "present", "name": "share1", "readonly": false, "browseable": true, "cephfs": { "volume": "cephfs", "path": "/", "subvolumegroup": "smb", "subvolume": "sv1", "provider": "samba-vfs" } }, "state": "created", "success": true } # ceph orch ls | grep smb.smb1 smb.smb1 3/3 3s ago 26s label:smb # ceph orch ls | grep smb.smb1 # ceph orch ls | grep smb.smb1 smb.smb1 3/3 4s ago 27s label:smb # smbclient -U user1%passwd //10.8.131.254/share1 -c ls . D 0 Thu Feb 13 19:44:56 2025 .. D 0 Thu Feb 13 19:44:56 2025 4633575424 blocks of size 1024. 4633522176 blocks available Version-Release number of selected component (if applicable): =============================================================== 19.2.0-53 How reproducible: ================== Always Steps to Reproduce: ==================== 1.Enable firewalld 2.Deploy smb services Actual results: ================ Unable to deploy smb services (share create command stuck) Expected results: ================= SMB service should deploy Additional info: