ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

infra: add firewall configuration for containerized deployment 

firewalld is available on atomic so there is no reason to not apply
firewall configuration.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
pull/3215/head
Guillaume Abrioux 2018-10-09 13:38:51 -04:00 committed by mergify[bot]
parent 0fb8812e47
commit f8a7ffb085
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/ceph-infra/tasks/configure_firewall_rpm.yml → roles/ceph-infra/tasks/configure_firewallyml
View File

@ -9,6 +9,8 @@
changed_when: false
tags:
- firewall
when:
- not containerized_deployment
- name: start firewalld
service:
@ -16,7 +18,9 @@
state: started
enabled: yes
when:
- not firewalld_pkg_query.skipped
- firewalld_pkg_query.rc == 0
or is_atomic
- name: open monitor ports
firewalld:

6
roles/ceph-infra/tasks/main.yml
View File

@ -1,6 +1,6 @@
---
- name: include_tasks configure_firewall_rpm.yml
include_tasks: configure_firewall_rpm.yml
- name: include_tasks configure_firewall.yml
include_tasks: configure_firewall.yml
when:
- configure_firewall
- ansible_os_family in ['RedHat', 'Suse']
@ -15,4 +15,4 @@
include_tasks: "ntp_rpm.yml"
when:
- ansible_os_family in ['RedHat', 'Suse']
- ntp_service_enabled
- ntp_service_enabled

1
site-docker.yml.sample
View File

@ -54,6 +54,7 @@
- role: ceph-defaults
tags: [with_pkg, fetch_container_image]
- role: ceph-validate
- role: ceph-infra
- role: ceph-handler
- role: ceph-docker-common
tags: [with_pkg, fetch_container_image]