Feature #44628
closed
cephadm: Add initial firewall management to cephadm
Added by Sebastian Wagner about 4 years ago.
Updated over 3 years ago.
Description
we open both 8080 and 8443 for dashboard even when the default is
https. We should probably do one or the other, not both.
- Tracker changed from Bug to Feature
I'm inclined to just open both, because the dashboard might move between ssl and not ssl. otherwise we need to make the dashboard port as a dependency so that the container is reconfiged..
also note that deploy knows how to open firewall ports, but we never close them again.
yeah, I also don't like to create a new dependency from the dashboard to cephadm
- Priority changed from Normal to Low
User must be able to decide what ports to use (both http/https).
for this, we'll need control and information about the ports all the daemons use. Especially if they're configurable, like the dashboard.
- the monitoring services have a dedicated port
- RGW has a port
- MGR has a port
We need a general way of setting the firewall based on the ports configured by the services.
- Subject changed from cpehadm: firewall: dashboard: we open both 8080 and 8443 to cephadm: Add firewall management to cephadm
- Assignee set to Juan Miguel Olmo Martínez
- Related to Feature #44601: cephadm: Mix of hosts: with and without firewall added
- Pull request ID set to 35594
- Subject changed from cephadm: Add firewall management to cephadm to cephadm: Add initial firewall management to cephadm
- Status changed from New to Resolved
- Target version set to v15.2.5
Also available in: Atom
PDF