ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

infra: refact dashboard firewall rules 

- There is no need to open ports 3000, 8234, 9283 on all nodes.
- Add missing rule for alertmanager (port 9093)

Closes: #4023

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
pull/4046/head
Guillaume Abrioux 2019-05-22 16:31:21 +02:00
parent a2b6f44665
commit 14f5fc3c86
1 changed files with 35 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
roles/ceph-infra/tasks/configure_firewall.yml
View File

@ -155,18 +155,19 @@
- iscsi_gw_group_name in group_names
tags: firewall
- block:
- name: open grafana port
firewalld:
port: "3000/tcp"
zone: "{{ ceph_dashboard_firewall_zone }}"
permanent: true
immediate: true
state: enabled
- name: open node_exporter port
firewalld:
port: "9100/tcp"
zone: "{{ ceph_dashboard_firewall_zone }}"
permanent: true
immediate: true
state: enabled
when: dashboard_enabled | bool
- name: open node_exporter port
- block:
- name: open dashboard port
firewalld:
port: "9100/tcp"
port: "{{ dashboard_port }}/tcp"
zone: "{{ ceph_dashboard_firewall_zone }}"
permanent: true
immediate: true
@ -179,6 +180,19 @@
permanent: true
immediate: true
state: enabled
when:
- dashboard_enabled | bool
- mgr_group_name is defined
- mgr_group_name in group_names
- block:
- name: open grafana port
firewalld:
port: "3000/tcp"
zone: "{{ ceph_dashboard_firewall_zone }}"
permanent: true
immediate: true
state: enabled
- name: open dashboard port
firewalld:
@ -187,6 +201,16 @@
permanent: true
immediate: true
state: enabled
when: dashboard_enabled
- name: open alertmanager port
firewalld:
port: "9093/tcp"
zone: "{{ ceph_dashboard_firewall_zone }}"
permanent: true
immediate: true
state: enabled
when:
- dashboard_enabled | bool
- inventory_hostname in groups.get('grafana-server', [])
- meta: flush_handlers