cephadm: Add firewall management to cephadm
we open both 8080 and 8443 for dashboard even when the default is
https. We should probably do one or the other, not both.
I'm inclined to just open both, because the dashboard might move between ssl and not ssl. otherwise we need to make the dashboard port as a dependency so that the container is reconfiged..
also note that deploy knows how to open firewall ports, but we never close them again.
#6 Updated by Sebastian Wagner about 2 months ago
for this, we'll need control and information about the ports all the daemons use. Especially if they're configurable, like the dashboard.
- the monitoring services have a dedicated port
- RGW has a port
- MGR has a port
We need a general way of setting the firewall based on the ports configured by the services.