2017-11-20 22:11:38 +08:00
|
|
|
---
|
|
|
|
|
- name: check firewalld installation on redhat or suse
|
|
|
|
|
command: rpm -q firewalld
|
|
|
|
|
args:
|
|
|
|
|
warn: no
|
|
|
|
|
register: firewalld_pkg_query
|
|
|
|
|
ignore_errors: true
|
|
|
|
|
check_mode: no
|
|
|
|
|
changed_when: false
|
|
|
|
|
tags:
|
|
|
|
|
- firewall
|
2018-10-10 01:38:51 +08:00
|
|
|
when:
|
|
|
|
|
- not containerized_deployment
|
2017-11-20 22:11:38 +08:00
|
|
|
|
2018-06-16 03:53:47 +08:00
|
|
|
- name: start firewalld
|
|
|
|
|
service:
|
|
|
|
|
name: firewalld
|
|
|
|
|
state: started
|
|
|
|
|
enabled: yes
|
|
|
|
|
when:
|
2018-10-16 21:09:48 +08:00
|
|
|
- firewalld_pkg_query.get('rc', 1) == 0
|
2018-10-10 01:38:51 +08:00
|
|
|
or is_atomic
|
2018-06-16 03:53:47 +08:00
|
|
|
|
2017-11-20 22:11:38 +08:00
|
|
|
- name: open monitor ports
|
|
|
|
|
firewalld:
|
|
|
|
|
service: ceph-mon
|
|
|
|
|
zone: "{{ ceph_mon_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ public_network }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2017-11-20 22:11:38 +08:00
|
|
|
state: enabled
|
|
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- mon_group_name is defined
|
|
|
|
|
- mon_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2017-11-20 22:11:38 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
2018-06-04 10:40:14 +08:00
|
|
|
|
|
|
|
|
- name: open manager ports
|
|
|
|
|
firewalld:
|
|
|
|
|
service: ceph
|
|
|
|
|
zone: "{{ ceph_mgr_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ public_network }}"
|
2018-06-04 10:40:14 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2018-06-04 10:40:14 +08:00
|
|
|
state: enabled
|
|
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- mgr_group_name is defined
|
|
|
|
|
- mgr_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2018-06-04 10:40:14 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
2017-11-20 22:11:38 +08:00
|
|
|
|
|
|
|
|
- name: open osd ports
|
|
|
|
|
firewalld:
|
|
|
|
|
service: ceph
|
|
|
|
|
zone: "{{ ceph_osd_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ item }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2017-11-20 22:11:38 +08:00
|
|
|
state: enabled
|
2018-10-10 01:35:17 +08:00
|
|
|
with_items:
|
|
|
|
|
- "{{ public_network }}"
|
|
|
|
|
- "{{ cluster_network }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- osd_group_name is defined
|
|
|
|
|
- osd_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2017-11-20 22:11:38 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
|
|
|
|
|
|
|
|
|
- name: open rgw ports
|
|
|
|
|
firewalld:
|
2018-07-27 23:46:38 +08:00
|
|
|
port: "{{ radosgw_frontend_port }}/tcp"
|
2017-11-20 22:11:38 +08:00
|
|
|
zone: "{{ ceph_rgw_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ public_network }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2017-11-20 22:11:38 +08:00
|
|
|
state: enabled
|
|
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- rgw_group_name is defined
|
|
|
|
|
- rgw_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2017-11-20 22:11:38 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
|
|
|
|
|
|
|
|
|
- name: open mds ports
|
|
|
|
|
firewalld:
|
|
|
|
|
service: ceph
|
|
|
|
|
zone: "{{ ceph_mds_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ public_network }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2017-11-20 22:11:38 +08:00
|
|
|
state: enabled
|
|
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- mds_group_name is defined
|
|
|
|
|
- mds_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2017-11-20 22:11:38 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
|
|
|
|
|
|
|
|
|
- name: open nfs ports
|
|
|
|
|
firewalld:
|
|
|
|
|
service: nfs
|
|
|
|
|
zone: "{{ ceph_nfs_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ public_network }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2017-11-20 22:11:38 +08:00
|
|
|
state: enabled
|
|
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- nfs_group_name is defined
|
|
|
|
|
- nfs_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2017-11-20 22:11:38 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
|
|
|
|
|
|
|
|
|
- name: open nfs ports (portmapper)
|
|
|
|
|
firewalld:
|
|
|
|
|
port: "111/tcp"
|
|
|
|
|
zone: "{{ ceph_nfs_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ public_network }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2017-11-20 22:11:38 +08:00
|
|
|
state: enabled
|
|
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- nfs_group_name is defined
|
|
|
|
|
- nfs_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2017-11-20 22:11:38 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
|
|
|
|
|
|
|
|
|
- name: open restapi ports
|
|
|
|
|
firewalld:
|
|
|
|
|
port: "{{ restapi_port }}/tcp"
|
|
|
|
|
zone: "{{ ceph_restapi_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ public_network }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2017-11-20 22:11:38 +08:00
|
|
|
state: enabled
|
|
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- restapi_group_name is defined
|
|
|
|
|
- restapi_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2017-11-20 22:11:38 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
|
|
|
|
|
|
|
|
|
- name: open rbdmirror ports
|
|
|
|
|
firewalld:
|
|
|
|
|
service: ceph
|
|
|
|
|
zone: "{{ ceph_rbdmirror_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ public_network }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2017-11-20 22:11:38 +08:00
|
|
|
state: enabled
|
|
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- rbdmirror_group_name is defined
|
|
|
|
|
- rbdmirror_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2017-11-20 22:11:38 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
|
|
|
|
|
|
|
|
|
- name: open iscsi ports
|
|
|
|
|
firewalld:
|
2018-10-31 02:54:03 +08:00
|
|
|
port: "5000/tcp"
|
2017-11-20 22:11:38 +08:00
|
|
|
zone: "{{ ceph_iscsi_firewall_zone }}"
|
2018-10-10 01:35:17 +08:00
|
|
|
source: "{{ public_network }}"
|
2017-11-20 22:11:38 +08:00
|
|
|
permanent: true
|
2018-10-23 15:49:50 +08:00
|
|
|
immediate: true
|
2017-11-20 22:11:38 +08:00
|
|
|
state: enabled
|
|
|
|
|
notify: restart firewalld
|
|
|
|
|
when:
|
|
|
|
|
- iscsi_group_name is defined
|
|
|
|
|
- iscsi_group_name in group_names
|
2018-10-16 21:09:48 +08:00
|
|
|
- (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
|
2017-11-20 22:11:38 +08:00
|
|
|
tags:
|
|
|
|
|
- firewall
|
|
|
|
|
|
|
|
|
|
- meta: flush_handlers
|
