firewall disabling?

[bengland2]

with ceph-ansible stable-3.1 branch I found this necessary at end of pre-config.yml:

- hosts: all
  become: yes
  tasks:
  - name: disable firewall
    shell: "(systemctl stop firewalld && systemctl disable firewalld) || (systemctl stop iptables && systemctl disable iptables)"

but maybe newer version of ceph-ansible handles this now?

[batrick]

@leseb this shouldn't be necessary, right? pre-config.yaml in ceph-linode is run before running the ceph-ansible playbooks.

[leseb]

If firewalld is present then rules will be configured during the deployment.

[bengland2]

not in stable-3.1 ceph-ansible, maybe in newer version?

[leseb]

@bengland2 see https://github.com/ceph/ceph-ansible/pull/2196

[bengland2]

@leseb, although this commit was done almost a year ago, I'm using RHCS 3.latest z-stream to reproduce a customer problem and the commit wasn't backported to it. AFAIK latest RHCS z-stream release for non-cointainerized Ceph is:

http://download-node-02.eng.bos.redhat.com/rel-eng/RHCEPH-3.0-RHEL-7-20180806.0/

which contains:

ceph-ansible-3.0.39-1.el7cp.noarch.rpm

which doesn't have this fix.

[leseb]

@bengland2 you're using 3.0 not 3.1 that's why.

[leseb]

Since you mentioned 3.1 I thought you were using one of the rc.

[bengland2]

@leseb exactly, but if I'm going to use ceph-linode to reproduce customer problems, some of which will happen on RHCS 3.0, then I need ceph-linode to either disable the firewall or put holes in it for Ceph.

[bengland2]

fair enough, I did mention stable 3.1 above. My bad.

[bengland2]

closing this since it's a temporary problem until RHCS 3.1 comes out, I can do the firewall stuff .