ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

infra: add firewall configuration for containerized deployment 

firewalld is available on atomic so there is no reason to not apply
firewall configuration.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
pull/3215/head
Guillaume Abrioux 2018-10-09 13:38:51 -04:00 committed by mergify[bot]
parent 0fb8812e47
commit f8a7ffb085
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/ceph-infra/tasks/configure_firewall_rpm.yml → roles/ceph-infra/tasks/configure_firewallyml
View File

@ -9,6 +9,8 @@
changed_when: false changed_when: false
tags: tags:
- firewall - firewall
when:
- not containerized_deployment
- name: start firewalld - name: start firewalld
service: service:
@ -16,7 +18,9 @@
state: started state: started
enabled: yes enabled: yes
when: when:
- not firewalld_pkg_query.skipped
- firewalld_pkg_query.rc == 0 - firewalld_pkg_query.rc == 0
or is_atomic
- name: open monitor ports - name: open monitor ports
firewalld: firewalld:

4
roles/ceph-infra/tasks/main.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: include_tasks configure_firewall_rpm.yml - name: include_tasks configure_firewall.yml
include_tasks: configure_firewall_rpm.yml include_tasks: configure_firewall.yml
when: when:
- configure_firewall - configure_firewall
- ansible_os_family in ['RedHat', 'Suse'] - ansible_os_family in ['RedHat', 'Suse']

1
site-docker.yml.sample
View File

@ -54,6 +54,7 @@
- role: ceph-defaults - role: ceph-defaults
tags: [with_pkg, fetch_container_image] tags: [with_pkg, fetch_container_image]
- role: ceph-validate - role: ceph-validate
- role: ceph-infra
- role: ceph-handler - role: ceph-handler
- role: ceph-docker-common - role: ceph-docker-common
tags: [with_pkg, fetch_container_image] tags: [with_pkg, fetch_container_image]