2016-01-08 23:36:31 +08:00
|
|
|
---
|
|
|
|
- name: check if nmap is installed
|
2016-12-28 16:21:23 +08:00
|
|
|
local_action: shell command -v nmap
|
2016-01-08 23:36:31 +08:00
|
|
|
changed_when: false
|
|
|
|
failed_when: false
|
|
|
|
register: nmapexist
|
2016-06-07 19:48:07 +08:00
|
|
|
run_once: true
|
2017-10-25 22:53:34 +08:00
|
|
|
check_mode: no
|
2016-01-08 23:36:31 +08:00
|
|
|
|
2016-01-11 00:22:17 +08:00
|
|
|
- name: inform that nmap is not present
|
|
|
|
debug:
|
|
|
|
msg: "nmap is not installed, can not test if ceph ports are allowed :("
|
2016-06-07 19:48:07 +08:00
|
|
|
run_once: true
|
2016-02-24 00:27:55 +08:00
|
|
|
when:
|
2016-05-09 22:08:33 +08:00
|
|
|
- nmapexist.rc != 0
|
2016-01-08 23:36:31 +08:00
|
|
|
|
|
|
|
- name: check if monitor port is not filtered
|
2016-06-07 22:50:43 +08:00
|
|
|
local_action: shell set -o pipefail && nmap -p 6789 {{ hostvars[inventory_hostname]['ansible_' + monitor_interface]['ipv4']['address'] if hostvars[inventory_hostname]['ansible_' + monitor_interface] is defined else hostvars[inventory_hostname]['monitor_address'] }} | grep -sqo -e filtered -e '0 hosts up'
|
2016-01-08 23:36:31 +08:00
|
|
|
changed_when: false
|
|
|
|
failed_when: false
|
|
|
|
register: monportstate
|
2017-10-25 22:53:34 +08:00
|
|
|
check_mode: no
|
2016-01-11 00:22:17 +08:00
|
|
|
when:
|
2016-05-09 22:08:33 +08:00
|
|
|
- mon_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
2016-01-08 23:36:31 +08:00
|
|
|
|
|
|
|
- name: fail if monitor port is filtered
|
|
|
|
fail:
|
|
|
|
msg: "Please allow port 6789 on your firewall"
|
|
|
|
when:
|
2016-05-09 22:08:33 +08:00
|
|
|
- mon_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
2016-06-22 22:10:16 +08:00
|
|
|
- monportstate.rc == 0
|
2016-01-08 23:36:31 +08:00
|
|
|
|
2016-06-04 15:03:22 +08:00
|
|
|
- name: check if osd and mds range is not filtered (osd hosts)
|
2016-06-07 22:27:07 +08:00
|
|
|
local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
|
2016-01-08 23:36:31 +08:00
|
|
|
changed_when: false
|
|
|
|
failed_when: false
|
|
|
|
register: osdrangestate
|
2017-10-25 22:53:34 +08:00
|
|
|
check_mode: no
|
2016-01-11 00:22:17 +08:00
|
|
|
when:
|
2016-05-09 22:08:33 +08:00
|
|
|
- osd_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
2016-01-08 23:36:31 +08:00
|
|
|
|
|
|
|
- name: fail if osd and mds range is filtered (osd hosts)
|
|
|
|
fail:
|
|
|
|
msg: "Please allow range from 6800 to 7300 on your firewall"
|
|
|
|
when:
|
2016-05-09 22:08:33 +08:00
|
|
|
- osd_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
2016-06-22 22:10:16 +08:00
|
|
|
- osdrangestate.rc == 0
|
2016-01-08 23:36:31 +08:00
|
|
|
|
2016-06-04 15:03:22 +08:00
|
|
|
- name: check if osd and mds range is not filtered (mds hosts)
|
2016-06-07 22:27:07 +08:00
|
|
|
local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
|
2016-01-08 23:36:31 +08:00
|
|
|
changed_when: false
|
|
|
|
failed_when: false
|
|
|
|
register: mdsrangestate
|
2017-10-25 22:53:34 +08:00
|
|
|
check_mode: no
|
2016-01-11 00:22:17 +08:00
|
|
|
when:
|
2016-05-09 22:08:33 +08:00
|
|
|
- mds_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
2016-01-08 23:36:31 +08:00
|
|
|
|
|
|
|
- name: fail if osd and mds range is filtered (mds hosts)
|
|
|
|
fail:
|
|
|
|
msg: "Please allow range from 6800 to 7300 on your firewall"
|
|
|
|
when:
|
2016-05-09 22:08:33 +08:00
|
|
|
- mds_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
2016-06-22 22:10:16 +08:00
|
|
|
- mdsrangestate.rc == 0
|
2016-01-08 23:36:31 +08:00
|
|
|
|
|
|
|
- name: check if rados gateway port is not filtered
|
2016-06-07 22:27:07 +08:00
|
|
|
local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
|
2016-01-08 23:36:31 +08:00
|
|
|
changed_when: false
|
|
|
|
failed_when: false
|
|
|
|
register: rgwportstate
|
2017-10-25 22:53:34 +08:00
|
|
|
check_mode: no
|
2016-01-11 00:22:17 +08:00
|
|
|
when:
|
2016-05-09 22:08:33 +08:00
|
|
|
- rgw_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
2016-01-08 23:36:31 +08:00
|
|
|
|
|
|
|
- name: fail if rados gateway port is filtered
|
|
|
|
fail:
|
|
|
|
msg: "Please allow port {{ radosgw_civetweb_port }} on your firewall"
|
|
|
|
when:
|
2016-05-09 22:08:33 +08:00
|
|
|
- rgw_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
2016-06-22 22:10:16 +08:00
|
|
|
- rgwportstate.rc == 0
|
2016-05-06 02:20:03 +08:00
|
|
|
|
|
|
|
- name: check if NFS ports are not filtered
|
|
|
|
local_action: shell set -o pipefail && nmap -p 111,2049 {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
|
|
|
|
changed_when: false
|
|
|
|
failed_when: false
|
|
|
|
register: nfsportstate
|
2017-10-25 22:53:34 +08:00
|
|
|
check_mode: no
|
2016-05-06 02:20:03 +08:00
|
|
|
when:
|
|
|
|
- nfs_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
|
|
|
|
|
|
|
- name: fail if NFS ports are filtered
|
|
|
|
fail:
|
|
|
|
msg: "Please allow ports 111 and 2049 on your firewall"
|
|
|
|
when:
|
|
|
|
- nfs_group_name in group_names
|
|
|
|
- nmapexist.rc == 0
|
2016-06-22 22:10:16 +08:00
|
|
|
- nfsportstate.rc == 0
|