Project

General

Profile

Feature #44628

cephadm: Add firewall management to cephadm

Added by Sebastian Wagner 4 months ago. Updated 25 days ago.

Status:
New
Priority:
Low
Category:
cephadm
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

we open both 8080 and 8443 for dashboard even when the default is
https. We should probably do one or the other, not both.


Related issues

Related to Orchestrator - Feature #44601: cephadm: Mix of hosts: with and without firewall New
Related to Orchestrator - Feature #44606: cephadm: RGW firewall + static port New

History

#1 Updated by Sebastian Wagner 4 months ago

  • Tracker changed from Bug to Feature

#2 Updated by Sage Weil 4 months ago

I'm inclined to just open both, because the dashboard might move between ssl and not ssl. otherwise we need to make the dashboard port as a dependency so that the container is reconfiged..

also note that deploy knows how to open firewall ports, but we never close them again.

#3 Updated by Sebastian Wagner 4 months ago

yeah, I also don't like to create a new dependency from the dashboard to cephadm

#4 Updated by Sebastian Wagner 4 months ago

  • Priority changed from Normal to Low

#5 Updated by Juan Miguel Olmo Martínez about 2 months ago

User must be able to decide what ports to use (both http/https).

#6 Updated by Sebastian Wagner about 2 months ago

for this, we'll need control and information about the ports all the daemons use. Especially if they're configurable, like the dashboard.

  • the monitoring services have a dedicated port
  • RGW has a port
  • MGR has a port

We need a general way of setting the firewall based on the ports configured by the services.

#7 Updated by Sebastian Wagner about 2 months ago

  • Subject changed from cpehadm: firewall: dashboard: we open both 8080 and 8443 to cephadm: Add firewall management to cephadm

#8 Updated by Juan Miguel Olmo Martínez about 2 months ago

  • Assignee set to Juan Miguel Olmo Martínez

#9 Updated by Sebastian Wagner about 1 month ago

  • Related to Feature #44601: cephadm: Mix of hosts: with and without firewall added

#10 Updated by Sebastian Wagner about 1 month ago

  • Related to Feature #44606: cephadm: RGW firewall + static port added

#11 Updated by Juan Miguel Olmo Martínez 25 days ago

  • Pull request ID set to 35594

Also available in: Atom PDF