Where did the copy of cephadm you're using for the bootstrap come from? I'm aware of a bug around that flag (https://tracker.ceph.com/issues/54137) but that fix should have come in some time ago. I've seen some people, especially if they're using the distros version of the cephadm package, end up with an old copy. On Wed, Oct 16, 2024 at 4:58 PM Kozakis, Anestis < Anestis.Kozakis@xxxxxxxxxxxxxxx> wrote: > As per below I sent this a few weeks ago but didn't get a response from > anyone. > > Does anyone have any advice/help or a solution to the issue where cephadm > bootstrap ignores the --skip-firewalld option? > > Anestis Kozakis > Systems Administrator - Multi-Level Security Solutions > > P: + 61 2 6122 0205 > M: +61 4 88 376 339 > anestis.kozakis@xxxxxxxxxxxxxxx > > Raytheon Australia > Cybersecurity and Information Assurance > 4 Brindabella Cct > Brindabella Business Park > Canberra Airport, ACT 2609 > > www.raytheonaustralia.com.au > LinkedIn | Twitter | Facebook | Instagram > > -----Original Message----- > From: Kozakis, Anestis <Anestis.Kozakis@xxxxxxxxxxxxxxx> > Sent: Friday, September 27, 2024 10:28 AM > To: ceph-users <ceph-users@xxxxxxx> > Subject: [External] cephadm bootstrap ignoring > --skip-firewalld > > As I mentioned in my earlier e-mail, new to Ceph, and trying to set up > automation to deploy, configure, and manage a Ceph cluster. > > We configure our Firewall rules through SaltStack. > > I am passing the -skip-firewalld option to the cephadm bootstrap command, > but cephadm seems to ignore the option and configures the firewall anyway. > > I have even reconfigured the options order to be the same as cephadm > boostrap -help but it still ignores the option and configures the > firewall. This creates issues as it configures the public zone, which we > don't want changed. > > Below is the command we are using (with obvious settings changed/removed). > > cephadm bootstrap --mon-ip 10.0.0.0 --mgr-id host.domain.name --fsid > [fsid] --ssh-private-key id_rsa --ssh-public-key id_rsa.pub --ssh-user > [user] --cluster-network 192.168.0.0/25 --allow-fqdn-hostname > --config=./ceph.conf --initial-dashboard-user admin > --initial-dashboard-password SuperS3cr3tPassw0rd > --dashboard-password-noupdate --skip-firewalld --with-centralized-logging > --apply-spec=spec.yaml > > What am I missing? > > Anestis Kozakis > Systems Administrator - Multi-Level Security Solutions > > P: + 61 2 6122 0205 > M: +61 4 88 376 339 > anestis.kozakis@xxxxxxxxxxxxxxx<mailto:anestis.kozakis@xxxxxxxxxxxxxxx> > > Raytheon Australia > Cybersecurity and Information Assurance > 4 Brindabella Cct > Brindabella Business Park > Canberra Airport, ACT 2609 > > www.raytheonaustralia.com.au<http://www.raytheonaustralia.com.au/> > LinkedIn<https://au.linkedin.com/company/raytheon-australia> | Twitter< > https://twitter.com/RaytheonAU> | Facebook< > https://www.facebook.com/RaytheonAustralia> | Instagram< > https://www.instagram.com/raytheonaustralia/> > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an > email to ceph-users-leave@xxxxxxx > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |