From f4c261ef9023d006cabfac28b45e7820bb132ceb Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Mon, 16 Dec 2019 11:00:35 -0500 Subject: [PATCH] ceph-infra: move dashboard into a dedicated file Instead of using multiple dashboard_enabled condition in the configure_firewall file we could just have the condition once and include the dedicated tasks list. Signed-off-by: Dimitri Savineau --- roles/ceph-infra/tasks/configure_firewall.yml | 59 +------------------ roles/ceph-infra/tasks/dashboard_firewall.yml | 55 +++++++++++++++++ 2 files changed, 57 insertions(+), 57 deletions(-) create mode 100644 roles/ceph-infra/tasks/dashboard_firewall.yml diff --git a/roles/ceph-infra/tasks/configure_firewall.yml b/roles/ceph-infra/tasks/configure_firewall.yml index b98d5fadad..02e400fd13 100644 --- a/roles/ceph-infra/tasks/configure_firewall.yml +++ b/roles/ceph-infra/tasks/configure_firewall.yml @@ -173,65 +173,10 @@ - iscsi_gw_group_name in group_names tags: firewall - - name: open node_exporter port - firewalld: - port: "{{ node_exporter_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled + - name: open dashboard ports + include_tasks: dashboard_firewall.yml when: dashboard_enabled | bool - - block: - - name: open dashboard port - firewalld: - port: "{{ dashboard_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - - - name: open mgr/prometheus port - firewalld: - port: "9283/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - when: - - dashboard_enabled | bool - - mgr_group_name is defined - - (groups.get(mgr_group_name,[]) | length > 0 and mgr_group_name in group_names) or - (groups.get(mgr_group_name,[]) | length == 0 and mon_group_name in group_names) - - - block: - - name: open grafana port - firewalld: - port: "{{ grafana_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - - - name: open prometheus port - firewalld: - port: "{{ prometheus_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - - - name: open alertmanager port - firewalld: - port: "{{ alertmanager_port }}/tcp" - zone: "{{ ceph_dashboard_firewall_zone }}" - permanent: true - immediate: true - state: enabled - when: - - dashboard_enabled | bool - - inventory_hostname in groups.get('grafana-server', []) - - name: open haproxy ports firewalld: port: "{{ haproxy_frontend_port | default(80) }}/tcp" diff --git a/roles/ceph-infra/tasks/dashboard_firewall.yml b/roles/ceph-infra/tasks/dashboard_firewall.yml new file mode 100644 index 0000000000..4c3913e1ea --- /dev/null +++ b/roles/ceph-infra/tasks/dashboard_firewall.yml @@ -0,0 +1,55 @@ +--- +- name: open node_exporter port + firewalld: + port: "{{ node_exporter_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + +- block: + - name: open dashboard port + firewalld: + port: "{{ dashboard_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + + - name: open mgr/prometheus port + firewalld: + port: "9283/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + when: + - mgr_group_name is defined + - (groups.get(mgr_group_name,[]) | length > 0 and mgr_group_name in group_names) or + (groups.get(mgr_group_name,[]) | length == 0 and mon_group_name in group_names) + +- block: + - name: open grafana port + firewalld: + port: "{{ grafana_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + + - name: open prometheus port + firewalld: + port: "{{ prometheus_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + + - name: open alertmanager port + firewalld: + port: "{{ alertmanager_port }}/tcp" + zone: "{{ ceph_dashboard_firewall_zone }}" + permanent: true + immediate: true + state: enabled + when: inventory_hostname in groups.get('grafana-server', [])