mirror of https://github.com/ceph/ceph-ansible.git
Fix for nmap arguments and grep matching, as well as only running
local_actions oncepull/844/head
parent
211ba4a3de
commit
f274e142e7
|
@ -4,21 +4,24 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
register: nmapexist
|
register: nmapexist
|
||||||
|
run_once: true
|
||||||
when: check_firewall
|
when: check_firewall
|
||||||
|
|
||||||
- name: inform that nmap is not present
|
- name: inform that nmap is not present
|
||||||
debug:
|
debug:
|
||||||
msg: "nmap is not installed, can not test if ceph ports are allowed :("
|
msg: "nmap is not installed, can not test if ceph ports are allowed :("
|
||||||
|
run_once: true
|
||||||
when:
|
when:
|
||||||
- check_firewall
|
- check_firewall
|
||||||
- nmapexist.rc != 0
|
- nmapexist.rc != 0
|
||||||
|
|
||||||
- name: check if monitor port is not filtered
|
- name: check if monitor port is not filtered
|
||||||
local_action: shell set -o pipefail && nmap -p 6789 {{ item }} {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] if hostvars[item]['ansible_' + monitor_interface] is defined else hostvars[item]['monitor_address'] }} | grep -sqo filtered
|
local_action: shell set -o pipefail && nmap -p 6789 {{ hostvars[item]['ansible_' + monitor_interface]['ipv4']['address'] if hostvars[item]['ansible_' + monitor_interface] is defined else hostvars[item]['monitor_address'] }} | grep -sqo -e filtered -e '0 hosts up'
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
with_items: "{{ groups[mon_group_name] }}"
|
with_items: "{{ groups[mon_group_name] }}"
|
||||||
register: monportstate
|
register: monportstate
|
||||||
|
run_once: true
|
||||||
when:
|
when:
|
||||||
- check_firewall
|
- check_firewall
|
||||||
- mon_group_name in group_names
|
- mon_group_name in group_names
|
||||||
|
@ -28,6 +31,7 @@
|
||||||
fail:
|
fail:
|
||||||
msg: "Please allow port 6789 on your firewall"
|
msg: "Please allow port 6789 on your firewall"
|
||||||
with_items: monportstate.results
|
with_items: monportstate.results
|
||||||
|
run_once: true
|
||||||
when:
|
when:
|
||||||
- check_firewall
|
- check_firewall
|
||||||
- item is defined and item.has_key('rc') and item.rc == 0
|
- item is defined and item.has_key('rc') and item.rc == 0
|
||||||
|
@ -36,11 +40,12 @@
|
||||||
- nmapexist.rc == 0
|
- nmapexist.rc == 0
|
||||||
|
|
||||||
- name: check if osd and mds range is not filtered (osd hosts)
|
- name: check if osd and mds range is not filtered (osd hosts)
|
||||||
local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
|
local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
with_items: "{{ groups[osd_group_name] }}"
|
with_items: "{{ groups[osd_group_name] }}"
|
||||||
register: osdrangestate
|
register: osdrangestate
|
||||||
|
run_once: true
|
||||||
when:
|
when:
|
||||||
- check_firewall
|
- check_firewall
|
||||||
- osd_group_name in group_names
|
- osd_group_name in group_names
|
||||||
|
@ -50,6 +55,7 @@
|
||||||
fail:
|
fail:
|
||||||
msg: "Please allow range from 6800 to 7300 on your firewall"
|
msg: "Please allow range from 6800 to 7300 on your firewall"
|
||||||
with_items: osdrangestate.results
|
with_items: osdrangestate.results
|
||||||
|
run_once: true
|
||||||
when:
|
when:
|
||||||
- check_firewall
|
- check_firewall
|
||||||
- item is defined and item.has_key('rc') and item.rc == 0
|
- item is defined and item.has_key('rc') and item.rc == 0
|
||||||
|
@ -58,11 +64,12 @@
|
||||||
- nmapexist.rc == 0
|
- nmapexist.rc == 0
|
||||||
|
|
||||||
- name: check if osd and mds range is not filtered (mds hosts)
|
- name: check if osd and mds range is not filtered (mds hosts)
|
||||||
local_action: shell set -o pipefail && nmap -p 6800-7300 {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
|
local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
with_items: "{{ groups[mds_group_name] }}"
|
with_items: "{{ groups[mds_group_name] }}"
|
||||||
register: mdsrangestate
|
register: mdsrangestate
|
||||||
|
run_once: true
|
||||||
when:
|
when:
|
||||||
- check_firewall
|
- check_firewall
|
||||||
- mds_group_name in group_names
|
- mds_group_name in group_names
|
||||||
|
@ -72,6 +79,7 @@
|
||||||
fail:
|
fail:
|
||||||
msg: "Please allow range from 6800 to 7300 on your firewall"
|
msg: "Please allow range from 6800 to 7300 on your firewall"
|
||||||
with_items: mdsrangestate.results
|
with_items: mdsrangestate.results
|
||||||
|
run_once: true
|
||||||
when:
|
when:
|
||||||
- check_firewall
|
- check_firewall
|
||||||
- item is defined and item.has_key('rc') and item.rc == 0
|
- item is defined and item.has_key('rc') and item.rc == 0
|
||||||
|
@ -80,11 +88,12 @@
|
||||||
- nmapexist.rc == 0
|
- nmapexist.rc == 0
|
||||||
|
|
||||||
- name: check if rados gateway port is not filtered
|
- name: check if rados gateway port is not filtered
|
||||||
local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ item }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo filtered
|
local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ hostvars[item]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up'
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
with_items: "{{ groups[rgw_group_name] }}"
|
with_items: "{{ groups[rgw_group_name] }}"
|
||||||
register: rgwportstate
|
register: rgwportstate
|
||||||
|
run_once: true
|
||||||
when:
|
when:
|
||||||
- check_firewall
|
- check_firewall
|
||||||
- rgw_group_name in group_names
|
- rgw_group_name in group_names
|
||||||
|
@ -94,6 +103,7 @@
|
||||||
fail:
|
fail:
|
||||||
msg: "Please allow port {{ radosgw_civetweb_port }} on your firewall"
|
msg: "Please allow port {{ radosgw_civetweb_port }} on your firewall"
|
||||||
with_items: rgwportstate.results
|
with_items: rgwportstate.results
|
||||||
|
run_once: true
|
||||||
when:
|
when:
|
||||||
- check_firewall
|
- check_firewall
|
||||||
- item is defined and item.has_key('rc') and item.rc == 0
|
- item is defined and item.has_key('rc') and item.rc == 0
|
||||||
|
|
Loading…
Reference in New Issue