From 5ba7d1671ed421995e263f6abf6c2ccffac12422 Mon Sep 17 00:00:00 2001
From: Mike Christie <mchristi@redhat.com>
Date: Tue, 30 Oct 2018 14:03:37 -0500
Subject: [PATCH] igw: open iscsi target port

Open the port the iscsi target uses for iscsi traffic.

Signed-off-by: Mike Christie <mchristi@redhat.com>
---
 roles/ceph-infra/tasks/configure_firewall.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/roles/ceph-infra/tasks/configure_firewall.yml b/roles/ceph-infra/tasks/configure_firewall.yml
index da9f048fc..1ed23dd85 100644
--- a/roles/ceph-infra/tasks/configure_firewall.yml
+++ b/roles/ceph-infra/tasks/configure_firewall.yml
@@ -152,6 +152,22 @@
   tags:
     - firewall
 
+- name: open iscsi target ports
+  firewalld:
+    port: "3260/tcp"
+    zone: "{{ ceph_iscsi_firewall_zone }}"
+    source: "{{ public_network }}"
+    permanent: true
+    immediate: true
+    state: enabled
+  notify: restart firewalld
+  when:
+    - iscsi_gw_group_name is defined
+    - iscsi_gw_group_name in group_names
+    - (firewalld_pkg_query.get('rc', 1) == 0 or is_atomic)
+  tags:
+    - firewall
+
 - name: open iscsi api ports
   firewalld:
     port: "{{ api_port | default(5000) }}/tcp"