common: remove check_firewall code

Check firewall isn't working as expected and might break deployments.
This part of the code will be reworked soon.

Let's focus on configure_firewall code for now.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1541840

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>

group_vars/all.yml.sample

@@ -56,12 +56,6 @@ dummy:
 #iscsi_gw_group_name: iscsigws
 #mgr_group_name: mgrs
 
-# If check_firewall is true, then ansible will try to determine if the
-# Ceph ports are blocked by a firewall. If the machine running ansible
-# cannot reach the Ceph ports for some other reason, you may need or
-# want to set this to False to skip those checks.
-#check_firewall: False
-
 # If configure_firewall is true, then ansible will try to configure the
 # appropriate firewalling rules so that Ceph daemons can communicate
 # with each others.

group_vars/rhcs.yml.sample

@@ -56,12 +56,6 @@ fetch_directory: ~/ceph-ansible-keys
 #iscsi_gw_group_name: iscsigws
 #mgr_group_name: mgrs
 
-# If check_firewall is true, then ansible will try to determine if the
-# Ceph ports are blocked by a firewall. If the machine running ansible
-# cannot reach the Ceph ports for some other reason, you may need or
-# want to set this to False to skip those checks.
-#check_firewall: False
-
 # If configure_firewall is true, then ansible will try to configure the
 # appropriate firewalling rules so that Ceph daemons can communicate
 # with each others.

roles/ceph-common/tasks/checks/check_firewall.yml

@@ -1,117 +0,0 @@
----
-- name: check if nmap is installed
-  local_action:
-    module: command
-      command -v nmap
-  changed_when: false
-  failed_when: false
-  register: nmapexist
-  run_once: true
-  check_mode: no
-
-- name: inform that nmap is not present
-  debug:
-      msg: "nmap is not installed, can not test if ceph ports are allowed :("
-  run_once: true
-  when:
-    - nmapexist.rc != 0
-
-- name: check if monitor port is not filtered
-  local_action:
-    module: shell
-      set -o pipefail && nmap -p 6789 {{ hostvars[inventory_hostname]['ansible_' + monitor_interface]['ipv4']['address'] if hostvars[inventory_hostname]['ansible_' + monitor_interface] is defined else hostvars[inventory_hostname]['monitor_address'] }} | grep -sqo -e filtered -e '0 hosts up'
-  changed_when: false
-  failed_when: false
-  register: monportstate
-  check_mode: no
-  when:
-    - mon_group_name in group_names
-    - nmapexist.rc == 0
-
-- name: fail if monitor port is filtered
-  fail:
-      msg: "Please allow port 6789 on your firewall"
-  when:
-    - mon_group_name in group_names
-    - nmapexist.rc == 0
-    - monportstate.rc == 0
-
-- name: check if osd and mds range is not filtered (osd hosts)
-  local_action:
-    module: shell
-      set -o pipefail && nmap -p 6800-7300 {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
-  changed_when: false
-  failed_when: false
-  register: osdrangestate
-  check_mode: no
-  when:
-    - osd_group_name in group_names
-    - nmapexist.rc == 0
-
-- name: fail if osd and mds range is filtered (osd hosts)
-  fail:
-      msg: "Please allow range from 6800 to 7300 on your firewall"
-  when:
-    - osd_group_name in group_names
-    - nmapexist.rc == 0
-    - osdrangestate.rc == 0
-
-- name: check if osd and mds range is not filtered (mds hosts)
-  local_action:
-    module: shell
-      set -o pipefail && nmap -p 6800-7300 {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
-  changed_when: false
-  failed_when: false
-  register: mdsrangestate
-  check_mode: no
-  when:
-    - mds_group_name in group_names
-    - nmapexist.rc == 0
-
-- name: fail if osd and mds range is filtered (mds hosts)
-  fail:
-      msg: "Please allow range from 6800 to 7300 on your firewall"
-  when:
-    - mds_group_name in group_names
-    - nmapexist.rc == 0
-    - mdsrangestate.rc == 0
-
-- name: check if rados gateway port is not filtered
-  local_action:
-    module: shell
-      set -o pipefail && nmap -p {{ radosgw_frontend_port }} {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
-  changed_when: false
-  failed_when: false
-  register: rgwportstate
-  check_mode: no
-  when:
-    - rgw_group_name in group_names
-    - nmapexist.rc == 0
-
-- name: fail if rados gateway port is filtered
-  fail:
-      msg: "Please allow port {{ radosgw_frontend_port }} on your firewall"
-  when:
-    - rgw_group_name in group_names
-    - nmapexist.rc == 0
-    - rgwportstate.rc == 0
-
-- name: check if NFS ports are not filtered
-  local_action:
-    module: shell
-      set -o pipefail && nmap -p 111,2049 {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
-  changed_when: false
-  failed_when: false
-  register: nfsportstate
-  check_mode: no
-  when:
-    - nfs_group_name in group_names
-    - nmapexist.rc == 0
-
-- name: fail if NFS ports are filtered
-  fail:
-      msg: "Please allow ports 111 and 2049 on your firewall"
-  when:
-    - nfs_group_name in group_names
-    - nmapexist.rc == 0
-    - nfsportstate.rc == 0

roles/ceph-common/tasks/main.yml

@@ -53,11 +53,6 @@
   tags:
     - always
 
-- name: include_tasks checks/check_firewall.yml
-  include_tasks: checks/check_firewall.yml
-  when:
-    - check_firewall
-
 - name: include_tasks misc/configure_firewall_rpm.yml
   include_tasks: misc/configure_firewall_rpm.yml
   when:

roles/ceph-defaults/defaults/main.yml

@@ -48,12 +48,6 @@ client_group_name: clients
 iscsi_gw_group_name: iscsigws
 mgr_group_name: mgrs
 
-# If check_firewall is true, then ansible will try to determine if the
-# Ceph ports are blocked by a firewall. If the machine running ansible
-# cannot reach the Ceph ports for some other reason, you may need or
-# want to set this to False to skip those checks.
-check_firewall: False
-
 # If configure_firewall is true, then ansible will try to configure the
 # appropriate firewalling rules so that Ceph daemons can communicate
 # with each others.