Various fixes for check_firewall task:

- Check for nmap being available was not running as a local_action, when the checks using nmap were
- Various fixes on Ansible 2.x now that the above is working

roles/ceph-common/tasks/checks/check_firewall.yml

@@ -1,6 +1,6 @@
 ---
 - name: check if nmap is installed
-  command: "command -v nmap"
+  local_action: shell command -v nmap
   changed_when: false
   failed_when: false
   register: nmapexist
@@ -17,7 +17,7 @@
   local_action: shell set -o pipefail && nmap -p 6789 {{ item }} {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] }} | grep -sqo filtered
   changed_when: false
   failed_when: false
-  with_items: groups.{{ mon_group_name }}
+  with_items: "{{ groups[mon_group_name] }}"
   register: monportstate
   when:
     - check_firewall
@@ -30,16 +30,16 @@
   with_items: monportstate.results
   when:
     - check_firewall
-    - item.has_key('rc') and item.rc == 0
+    - item is defined and item.has_key('rc') and item.rc == 0
     - mon_group_name is defined
     - mon_group_name in group_names
     - nmapexist.rc == 0
 
-- name: check if osd and mds range is not filtered
+- name: check if osd and mds range is not filtered (osd hosts)
   local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
   changed_when: false
   failed_when: false
-  with_items: groups.{{ osd_group_name }}
+  with_items: "{{ groups[osd_group_name] }}"
   register: osdrangestate
   when:
     - check_firewall
@@ -52,16 +52,16 @@
   with_items: osdrangestate.results
   when:
     - check_firewall
-    - item.has_key('rc') and item.rc == 0
+    - item is defined and item.has_key('rc') and item.rc == 0
     - osd_group_name is defined
     - osd_group_name in group_names
     - nmapexist.rc == 0
 
-- name: check if osd and mds range is not filtered
+- name: check if osd and mds range is not filtered (mds hosts)
   local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
   changed_when: false
   failed_when: false
-  with_items: groups.{{ mds_group_name }}
+  with_items: "{{ groups[mds_group_name] }}"
   register: mdsrangestate
   when:
     - check_firewall
@@ -74,7 +74,7 @@
   with_items: mdsrangestate.results
   when:
     - check_firewall
-    - item.has_key('rc') and item.rc == 0
+    - item is defined and item.has_key('rc') and item.rc == 0
     - mds_group_name is defined
     - mds_group_name in group_names
     - nmapexist.rc == 0
@@ -83,7 +83,7 @@
   local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
   changed_when: false
   failed_when: false
-  with_items: groups.{{ rgw_group_name }}
+  with_items: "{{ groups[rgw_group_name] }}"
   register: rgwportstate
   when:
     - check_firewall
@@ -96,7 +96,7 @@
   with_items: rgwportstate.results
   when:
     - check_firewall
-    - item.has_key('rc') and item.rc == 0
+    - item is defined and item.has_key('rc') and item.rc == 0
     - rgw_group_name is defined
     - rgw_group_name in group_names
     - nmapexist.rc == 0