--- - name: check if nmap is installed local_action: shell command -v nmap changed_when: false failed_when: false register: nmapexist run_once: true check_mode: no - name: inform that nmap is not present debug: msg: "nmap is not installed, can not test if ceph ports are allowed :(" run_once: true when: - nmapexist.rc != 0 - name: check if monitor port is not filtered local_action: shell set -o pipefail && nmap -p 6789 {{ hostvars[inventory_hostname]['ansible_' + monitor_interface]['ipv4']['address'] if hostvars[inventory_hostname]['ansible_' + monitor_interface] is defined else hostvars[inventory_hostname]['monitor_address'] }} | grep -sqo -e filtered -e '0 hosts up' changed_when: false failed_when: false register: monportstate check_mode: no when: - mon_group_name in group_names - nmapexist.rc == 0 - name: fail if monitor port is filtered fail: msg: "Please allow port 6789 on your firewall" when: - mon_group_name in group_names - nmapexist.rc == 0 - monportstate.rc == 0 - name: check if osd and mds range is not filtered (osd hosts) local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up' changed_when: false failed_when: false register: osdrangestate check_mode: no when: - osd_group_name in group_names - nmapexist.rc == 0 - name: fail if osd and mds range is filtered (osd hosts) fail: msg: "Please allow range from 6800 to 7300 on your firewall" when: - osd_group_name in group_names - nmapexist.rc == 0 - osdrangestate.rc == 0 - name: check if osd and mds range is not filtered (mds hosts) local_action: shell set -o pipefail && nmap -p 6800-7300 {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up' changed_when: false failed_when: false register: mdsrangestate check_mode: no when: - mds_group_name in group_names - nmapexist.rc == 0 - name: fail if osd and mds range is filtered (mds hosts) fail: msg: "Please allow range from 6800 to 7300 on your firewall" when: - mds_group_name in group_names - nmapexist.rc == 0 - mdsrangestate.rc == 0 - name: check if rados gateway port is not filtered local_action: shell set -o pipefail && nmap -p {{ radosgw_civetweb_port }} {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up' changed_when: false failed_when: false register: rgwportstate check_mode: no when: - rgw_group_name in group_names - nmapexist.rc == 0 - name: fail if rados gateway port is filtered fail: msg: "Please allow port {{ radosgw_civetweb_port }} on your firewall" when: - rgw_group_name in group_names - nmapexist.rc == 0 - rgwportstate.rc == 0 - name: check if NFS ports are not filtered local_action: shell set -o pipefail && nmap -p 111,2049 {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} | grep -sqo -e filtered -e '0 hosts up' changed_when: false failed_when: false register: nfsportstate check_mode: no when: - nfs_group_name in group_names - nmapexist.rc == 0 - name: fail if NFS ports are filtered fail: msg: "Please allow ports 111 and 2049 on your firewall" when: - nfs_group_name in group_names - nmapexist.rc == 0 - nfsportstate.rc == 0