ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

infra: refact dashboard firewall rules 

- There is no need to open ports 3000, 8234, 9283 on all nodes.
- Add missing rule for alertmanager (port 9093)

Closes: #4023

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 14f5fc3c86)
pull/4169/head
Guillaume Abrioux 2019-05-22 16:31:21 +02:00 committed by Dimitri Savineau
parent 28e1ce0d8c
commit df0d146166
1 changed files with 35 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
roles/ceph-infra/tasks/configure_firewall.yml
View File

@ -155,18 +155,19 @@
- iscsi_gw_group_name in group_names - iscsi_gw_group_name in group_names
tags: firewall tags: firewall
- block: - name: open node_exporter port
- name: open grafana port firewalld:
firewalld: port: "9100/tcp"
port: "3000/tcp" zone: "{{ ceph_dashboard_firewall_zone }}"
zone: "{{ ceph_dashboard_firewall_zone }}" permanent: true
permanent: true immediate: true
immediate: true state: enabled
state: enabled when: dashboard_enabled | bool
- name: open node_exporter port - block:
- name: open dashboard port
firewalld: firewalld:
port: "9100/tcp" port: "{{ dashboard_port }}/tcp"
zone: "{{ ceph_dashboard_firewall_zone }}" zone: "{{ ceph_dashboard_firewall_zone }}"
permanent: true permanent: true
immediate: true immediate: true
@ -179,6 +180,19 @@
permanent: true permanent: true
immediate: true immediate: true
state: enabled state: enabled
when:
- dashboard_enabled | bool
- mgr_group_name is defined
- mgr_group_name in group_names
- block:
- name: open grafana port
firewalld:
port: "3000/tcp"
zone: "{{ ceph_dashboard_firewall_zone }}"
permanent: true
immediate: true
state: enabled
- name: open dashboard port - name: open dashboard port
firewalld: firewalld:
@ -187,7 +201,17 @@
permanent: true permanent: true
immediate: true immediate: true
state: enabled state: enabled
when: dashboard_enabled
- name: open alertmanager port
firewalld:
port: "9093/tcp"
zone: "{{ ceph_dashboard_firewall_zone }}"
permanent: true
immediate: true
state: enabled
when:
- dashboard_enabled | bool
- inventory_hostname in groups.get('grafana-server', [])
- name: open haproxy ports - name: open haproxy ports
firewalld: firewalld: