mirror of https://github.com/ceph/ceph-ansible.git
infra: refact dashboard firewall rules
- There is no need to open ports 3000, 8234, 9283 on all nodes.
- Add missing rule for alertmanager (port 9093)
Closes: #4023
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 14f5fc3c86
)
pull/4169/head
parent
28e1ce0d8c
commit
df0d146166
|
@ -155,18 +155,19 @@
|
|||
- iscsi_gw_group_name in group_names
|
||||
tags: firewall
|
||||
|
||||
- block:
|
||||
- name: open grafana port
|
||||
firewalld:
|
||||
port: "3000/tcp"
|
||||
zone: "{{ ceph_dashboard_firewall_zone }}"
|
||||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
- name: open node_exporter port
|
||||
firewalld:
|
||||
port: "9100/tcp"
|
||||
zone: "{{ ceph_dashboard_firewall_zone }}"
|
||||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
when: dashboard_enabled | bool
|
||||
|
||||
- name: open node_exporter port
|
||||
- block:
|
||||
- name: open dashboard port
|
||||
firewalld:
|
||||
port: "9100/tcp"
|
||||
port: "{{ dashboard_port }}/tcp"
|
||||
zone: "{{ ceph_dashboard_firewall_zone }}"
|
||||
permanent: true
|
||||
immediate: true
|
||||
|
@ -179,6 +180,19 @@
|
|||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
when:
|
||||
- dashboard_enabled | bool
|
||||
- mgr_group_name is defined
|
||||
- mgr_group_name in group_names
|
||||
|
||||
- block:
|
||||
- name: open grafana port
|
||||
firewalld:
|
||||
port: "3000/tcp"
|
||||
zone: "{{ ceph_dashboard_firewall_zone }}"
|
||||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
|
||||
- name: open dashboard port
|
||||
firewalld:
|
||||
|
@ -187,7 +201,17 @@
|
|||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
when: dashboard_enabled
|
||||
|
||||
- name: open alertmanager port
|
||||
firewalld:
|
||||
port: "9093/tcp"
|
||||
zone: "{{ ceph_dashboard_firewall_zone }}"
|
||||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
when:
|
||||
- dashboard_enabled | bool
|
||||
- inventory_hostname in groups.get('grafana-server', [])
|
||||
|
||||
- name: open haproxy ports
|
||||
firewalld:
|
||||
|
|
Loading…
Reference in New Issue