Project

General

Profile

Feature #44628

cephadm: Add initial firewall management to cephadm

Added by Sebastian Wagner 9 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Low
Category:
cephadm
Target version:
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

we open both 8080 and 8443 for dashboard even when the default is
https. We should probably do one or the other, not both.


Related issues

Related to Orchestrator - Feature #44601: cephadm: Mix of hosts: with and without firewall New
Related to Orchestrator - Feature #44606: cephadm: RGW firewall + static port New

History

#1 Updated by Sebastian Wagner 9 months ago

  • Tracker changed from Bug to Feature

#2 Updated by Sage Weil 9 months ago

I'm inclined to just open both, because the dashboard might move between ssl and not ssl. otherwise we need to make the dashboard port as a dependency so that the container is reconfiged..

also note that deploy knows how to open firewall ports, but we never close them again.

#3 Updated by Sebastian Wagner 9 months ago

yeah, I also don't like to create a new dependency from the dashboard to cephadm

#4 Updated by Sebastian Wagner 8 months ago

  • Priority changed from Normal to Low

#5 Updated by Juan Miguel Olmo Martínez 7 months ago

User must be able to decide what ports to use (both http/https).

#6 Updated by Sebastian Wagner 6 months ago

for this, we'll need control and information about the ports all the daemons use. Especially if they're configurable, like the dashboard.

  • the monitoring services have a dedicated port
  • RGW has a port
  • MGR has a port

We need a general way of setting the firewall based on the ports configured by the services.

#7 Updated by Sebastian Wagner 6 months ago

  • Subject changed from cpehadm: firewall: dashboard: we open both 8080 and 8443 to cephadm: Add firewall management to cephadm

#8 Updated by Juan Miguel Olmo Martínez 6 months ago

  • Assignee set to Juan Miguel Olmo Martínez

#9 Updated by Sebastian Wagner 6 months ago

  • Related to Feature #44601: cephadm: Mix of hosts: with and without firewall added

#10 Updated by Sebastian Wagner 6 months ago

  • Related to Feature #44606: cephadm: RGW firewall + static port added

#11 Updated by Juan Miguel Olmo Martínez 6 months ago

  • Pull request ID set to 35594

#12 Updated by Sebastian Wagner 3 months ago

  • Subject changed from cephadm: Add firewall management to cephadm to cephadm: Add initial firewall management to cephadm
  • Status changed from New to Resolved
  • Target version set to v15.2.5

Also available in: Atom PDF