diff --git a/roles/ceph-infra/tasks/configure_firewall.yml b/roles/ceph-infra/tasks/configure_firewall.yml index 6b021986d..f928f1cb9 100644 --- a/roles/ceph-infra/tasks/configure_firewall.yml +++ b/roles/ceph-infra/tasks/configure_firewall.yml @@ -173,65 +173,10 @@ - iscsi_gw_group_name in group_names tags: firewall - - name: open node_exporter port - firewalld: - port: "{{ node_exporter_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled + - name: open dashboard ports + include_tasks: dashboard_firewall.yml when: dashboard_enabled | bool - - block: - - name: open dashboard port - firewalld: - port: "{{ dashboard_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - - - name: open mgr/prometheus port - firewalld: - port: "9283/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - when: - - dashboard_enabled | bool - - mgr_group_name is defined - - (groups.get(mgr_group_name,[]) | length > 0 and mgr_group_name in group_names) or - (groups.get(mgr_group_name,[]) | length == 0 and mon_group_name in group_names) - - - block: - - name: open grafana port - firewalld: - port: "{{ grafana_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - - - name: open prometheus port - firewalld: - port: "{{ prometheus_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - - - name: open alertmanager port - firewalld: - port: "{{ alertmanager_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - when: - - dashboard_enabled | bool - - inventory_hostname in groups.get('grafana-server', []) - - name: open haproxy ports firewalld: port: "{{ haproxy_frontend_port | default(80) }}/tcp" diff --git a/roles/ceph-infra/tasks/dashboard_firewall.yml b/roles/ceph-infra/tasks/dashboard_firewall.yml new file mode 100644 index 000000000..4c3913e1e --- /dev/null +++ b/roles/ceph-infra/tasks/dashboard_firewall.yml @@ -0,0 +1,55 @@ +--- +- name: open node_exporter port + firewalld: + port: "{{ node_exporter_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + +- block: + - name: open dashboard port + firewalld: + port: "{{ dashboard_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + + - name: open mgr/prometheus port + firewalld: + port: "9283/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + when: + - mgr_group_name is defined + - (groups.get(mgr_group_name,[]) | length > 0 and mgr_group_name in group_names) or + (groups.get(mgr_group_name,[]) | length == 0 and mon_group_name in group_names) + +- block: + - name: open grafana port + firewalld: + port: "{{ grafana_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + + - name: open prometheus port + firewalld: + port: "{{ prometheus_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + + - name: open alertmanager port + firewalld: + port: "{{ alertmanager_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + when: inventory_hostname in groups.get('grafana-server', [])