Project

General

Profile

Actions
Copy link

Feature #44628

closed

cephadm: Add initial firewall management to cephadm

Added by Sebastian Wagner about 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Juan Miguel Olmo Martínez
Category:
cephadm
Target version:
Ceph - v15.2.5
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:
35594

Description

we open both 8080 and 8443 for dashboard even when the default is
https. We should probably do one or the other, not both.

Related issues 2 (1 open1 closed)

Related to Orchestrator - Feature #44601: cephadm: Mix of hosts: with and without firewallNew

Actions
Related to Orchestrator - Feature #44606: cephadm: RGW firewall + static portResolved

Actions
Actions
Copy link
 #1

Updated by Sebastian Wagner about 4 years ago

  • Tracker changed from Bug to Feature
Actions
Copy link
 #2

Updated by Sage Weil about 4 years ago

I'm inclined to just open both, because the dashboard might move between ssl and not ssl. otherwise we need to make the dashboard port as a dependency so that the container is reconfiged..

also note that deploy knows how to open firewall ports, but we never close them again.

Actions
Copy link
 #3

Updated by Sebastian Wagner about 4 years ago

yeah, I also don't like to create a new dependency from the dashboard to cephadm

Actions
Copy link
 #4

Updated by Sebastian Wagner about 4 years ago

  • Priority changed from Normal to Low
Actions
Copy link
 #5

Updated by Juan Miguel Olmo Martínez almost 4 years ago

User must be able to decide what ports to use (both http/https).

Actions
Copy link
 #6

Updated by Sebastian Wagner almost 4 years ago

for this, we'll need control and information about the ports all the daemons use. Especially if they're configurable, like the dashboard.

  • the monitoring services have a dedicated port
  • RGW has a port
  • MGR has a port

We need a general way of setting the firewall based on the ports configured by the services.

Actions
Copy link
 #7

Updated by Sebastian Wagner almost 4 years ago

  • Subject changed from cpehadm: firewall: dashboard: we open both 8080 and 8443 to cephadm: Add firewall management to cephadm
Actions
Copy link
 #8

Updated by Juan Miguel Olmo Martínez almost 4 years ago

  • Assignee set to Juan Miguel Olmo Martínez
Actions
Copy link
 #9

Updated by Sebastian Wagner almost 4 years ago

  • Related to Feature #44601: cephadm: Mix of hosts: with and without firewall added
Actions
Copy link
 #10

Updated by Sebastian Wagner almost 4 years ago

  • Related to Feature #44606: cephadm: RGW firewall + static port added
Actions
Copy link
 #11

Updated by Juan Miguel Olmo Martínez almost 4 years ago

  • Pull request ID set to 35594
Actions
Copy link
 #12

Updated by Sebastian Wagner over 3 years ago

  • Subject changed from cephadm: Add firewall management to cephadm to cephadm: Add initial firewall management to cephadm
  • Status changed from New to Resolved
  • Target version set to v15.2.5
Actions
Copy link

Also available in: Atom PDF