Fix for nmap arguments and grep matching, as well as only running

local_actions once
pull/844/head
Matthew Rees 2016-06-07 13:48:07 +02:00
parent 211ba4a3de
commit f274e142e7
1 changed files with 14 additions and 4 deletions

View File

@ -4,21 +4,24 @@
changed_when: false changed_when: false
failed_when: false failed_when: false
register: nmapexist register: nmapexist
run_once: true
when: check_firewall when: check_firewall
- name: inform that nmap is not present - name: inform that nmap is not present
debug: debug:
msg: "nmap is not installed, can not test if ceph ports are allowed :(" msg: "nmap is not installed, can not test if ceph ports are allowed :("
run_once: true
when: when:
- check_firewall - check_firewall
- nmapexist.rc != 0 - nmapexist.rc != 0
- name: check if monitor port is not filtered - name: check if monitor port is not filtered
local_action: shell set -o pipefail && nmap -p 6789 {{ item }} {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] if hostvars[item]['ansible_' + monitor_interface] is defined else hostvars[item]['monitor_address'] }} | grep -sqo filtered local_action: shell set -o pipefail && nmap -p 6789 {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] if hostvars[item]['ansible_' + monitor_interface] is defined else hostvars[item]['monitor_address'] }} | grep -sqo -e filtered -e '0 hosts up'
changed_when: false changed_when: false
failed_when: false failed_when: false
with_items: "{{ groups[mon_group_name] }}" with_items: "{{ groups[mon_group_name] }}"
register: monportstate register: monportstate
run_once: true
when: when:
- check_firewall - check_firewall
- mon_group_name in group_names - mon_group_name in group_names
@ -28,6 +31,7 @@
fail: fail:
msg: "Please allow port 6789 on your firewall" msg: "Please allow port 6789 on your firewall"
with_items: monportstate.results with_items: monportstate.results
run_once: true
when: when:
- check_firewall - check_firewall
- item is defined and item.has_key('rc') and item.rc == 0 - item is defined and item.has_key('rc') and item.rc == 0
@ -36,11 +40,12 @@
- nmapexist.rc == 0 - nmapexist.rc == 0
- name: check if osd and mds range is not filtered (osd hosts) - name: check if osd and mds range is not filtered (osd hosts)
local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
changed_when: false changed_when: false
failed_when: false failed_when: false
with_items: "{{ groups[osd_group_name] }}" with_items: "{{ groups[osd_group_name] }}"
register: osdrangestate register: osdrangestate
run_once: true
when: when:
- check_firewall - check_firewall
- osd_group_name in group_names - osd_group_name in group_names
@ -50,6 +55,7 @@
fail: fail:
msg: "Please allow range from 6800 to 7300 on your firewall" msg: "Please allow range from 6800 to 7300 on your firewall"
with_items: osdrangestate.results with_items: osdrangestate.results
run_once: true
when: when:
- check_firewall - check_firewall
- item is defined and item.has_key('rc') and item.rc == 0 - item is defined and item.has_key('rc') and item.rc == 0
@ -58,11 +64,12 @@
- nmapexist.rc == 0 - nmapexist.rc == 0
- name: check if osd and mds range is not filtered (mds hosts) - name: check if osd and mds range is not filtered (mds hosts)
local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
changed_when: false changed_when: false
failed_when: false failed_when: false
with_items: "{{ groups[mds_group_name] }}" with_items: "{{ groups[mds_group_name] }}"
register: mdsrangestate register: mdsrangestate
run_once: true
when: when:
- check_firewall - check_firewall
- mds_group_name in group_names - mds_group_name in group_names
@ -72,6 +79,7 @@
fail: fail:
msg: "Please allow range from 6800 to 7300 on your firewall" msg: "Please allow range from 6800 to 7300 on your firewall"
with_items: mdsrangestate.results with_items: mdsrangestate.results
run_once: true
when: when:
- check_firewall - check_firewall
- item is defined and item.has_key('rc') and item.rc == 0 - item is defined and item.has_key('rc') and item.rc == 0
@ -80,11 +88,12 @@
- nmapexist.rc == 0 - nmapexist.rc == 0
- name: check if rados gateway port is not filtered - name: check if rados gateway port is not filtered
local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
changed_when: false changed_when: false
failed_when: false failed_when: false
with_items: "{{ groups[rgw_group_name] }}" with_items: "{{ groups[rgw_group_name] }}"
register: rgwportstate register: rgwportstate
run_once: true
when: when:
- check_firewall - check_firewall
- rgw_group_name in group_names - rgw_group_name in group_names
@ -94,6 +103,7 @@
fail: fail:
msg: "Please allow port {{ radosgw_civetweb_port }} on your firewall" msg: "Please allow port {{ radosgw_civetweb_port }} on your firewall"
with_items: rgwportstate.results with_items: rgwportstate.results
run_once: true
when: when:
- check_firewall - check_firewall
- item is defined and item.has_key('rc') and item.rc == 0 - item is defined and item.has_key('rc') and item.rc == 0