cephadm: Add initial firewall management to cephadm
we open both 8080 and 8443 for dashboard even when the default is
https. We should probably do one or the other, not both.
#2 Updated by Sage Weil over 2 years ago
I'm inclined to just open both, because the dashboard might move between ssl and not ssl. otherwise we need to make the dashboard port as a dependency so that the container is reconfiged..
also note that deploy knows how to open firewall ports, but we never close them again.
#6 Updated by Sebastian Wagner over 2 years ago
for this, we'll need control and information about the ports all the daemons use. Especially if they're configurable, like the dashboard.
- the monitoring services have a dedicated port
- RGW has a port
- MGR has a port
We need a general way of setting the firewall based on the ports configured by the services.