From 9bb8c85bafc870ca5dfee9b799e99e11c23a7e14 Mon Sep 17 00:00:00 2001
From: Matthew Rees <matthew.rees@secate.com>
Date: Sat, 4 Jun 2016 09:03:22 +0200
Subject: [PATCH] Various fixes for check_firewall task: - Check for nmap being
 available was not running as a local_action, when the checks using nmap were
 - Various fixes on Ansible 2.x now that the above is working

---
 .../tasks/checks/check_firewall.yml           | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/roles/ceph-common/tasks/checks/check_firewall.yml b/roles/ceph-common/tasks/checks/check_firewall.yml
index 09ca920ec..c5742cc17 100644
--- a/roles/ceph-common/tasks/checks/check_firewall.yml
+++ b/roles/ceph-common/tasks/checks/check_firewall.yml
@@ -1,6 +1,6 @@
 ---
 - name: check if nmap is installed
-  command: "command -v nmap"
+  local_action: shell command -v nmap
   changed_when: false
   failed_when: false
   register: nmapexist
@@ -17,7 +17,7 @@
   local_action: shell set -o pipefail && nmap -p 6789 {{ item }} {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] }} | grep -sqo filtered
   changed_when: false
   failed_when: false
-  with_items: groups.{{ mon_group_name }}
+  with_items: "{{ groups[mon_group_name] }}"
   register: monportstate
   when:
     - check_firewall
@@ -30,16 +30,16 @@
   with_items: monportstate.results
   when:
     - check_firewall
-    - item.has_key('rc') and item.rc == 0
+    - item is defined and item.has_key('rc') and item.rc == 0
     - mon_group_name is defined
     - mon_group_name in group_names
     - nmapexist.rc == 0
 
-- name: check if osd and mds range is not filtered
+- name: check if osd and mds range is not filtered (osd hosts)
   local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
   changed_when: false
   failed_when: false
-  with_items: groups.{{ osd_group_name }}
+  with_items: "{{ groups[osd_group_name] }}"
   register: osdrangestate
   when:
     - check_firewall
@@ -52,16 +52,16 @@
   with_items: osdrangestate.results
   when:
     - check_firewall
-    - item.has_key('rc') and item.rc == 0
+    - item is defined and item.has_key('rc') and item.rc == 0
     - osd_group_name is defined
     - osd_group_name in group_names
     - nmapexist.rc == 0
 
-- name: check if osd and mds range is not filtered
+- name: check if osd and mds range is not filtered (mds hosts)
   local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
   changed_when: false
   failed_when: false
-  with_items: groups.{{ mds_group_name }}
+  with_items: "{{ groups[mds_group_name] }}"
   register: mdsrangestate
   when:
     - check_firewall
@@ -74,7 +74,7 @@
   with_items: mdsrangestate.results
   when:
     - check_firewall
-    - item.has_key('rc') and item.rc == 0
+    - item is defined and item.has_key('rc') and item.rc == 0
     - mds_group_name is defined
     - mds_group_name in group_names
     - nmapexist.rc == 0
@@ -83,7 +83,7 @@
   local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
   changed_when: false
   failed_when: false
-  with_items: groups.{{ rgw_group_name }}
+  with_items: "{{ groups[rgw_group_name] }}"
   register: rgwportstate
   when:
     - check_firewall
@@ -96,7 +96,7 @@
   with_items: rgwportstate.results
   when:
     - check_firewall
-    - item.has_key('rc') and item.rc == 0
+    - item is defined and item.has_key('rc') and item.rc == 0
     - rgw_group_name is defined
     - rgw_group_name in group_names
     - nmapexist.rc == 0