From c11d1f6574e60cf13c0a1c3dbd17c76a86120645 Mon Sep 17 00:00:00 2001
From: Jack Hodgkiss <identity@jackhodgkiss.uk>
Date: Tue, 10 Dec 2024 14:31:55 +0000
Subject: [PATCH] feat: add `ceph-mon` service to `osds` hosts firewall

---
 etc/kayobe/inventory/group_vars/all/firewall                  | 2 +-
 .../notes/add-ceph-mon-firewall-to-osds-fc6233b3db6ade7a.yaml | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/add-ceph-mon-firewall-to-osds-fc6233b3db6ade7a.yaml

diff --git a/etc/kayobe/inventory/group_vars/all/firewall b/etc/kayobe/inventory/group_vars/all/firewall
index 488e95b65..da87a53ce 100644
--- a/etc/kayobe/inventory/group_vars/all/firewall
+++ b/etc/kayobe/inventory/group_vars/all/firewall
@@ -232,7 +232,7 @@ stackhpc_ceph_firewalld_rules_template:
         state: enabled
       - service: ceph-mon
         network: "{{ storage_net_name }}"
-        state: "{{ 'enabled' if 'mons' in group_names else 'disabled' }}"
+        state: "{{ 'enabled' if ('mons' in group_names or 'osds' in group_names) else 'disabled' }}"
       - port: "{{ stackhpc_ceph_firewalld_radosgw_port }}/tcp"
         network: "{{ storage_net_name }}"
         state: "{{ 'enabled' if 'rgws' in group_names else 'disabled' }}"
diff --git a/releasenotes/notes/add-ceph-mon-firewall-to-osds-fc6233b3db6ade7a.yaml b/releasenotes/notes/add-ceph-mon-firewall-to-osds-fc6233b3db6ade7a.yaml
new file mode 100644
index 000000000..9b4dbc11a
--- /dev/null
+++ b/releasenotes/notes/add-ceph-mon-firewall-to-osds-fc6233b3db6ade7a.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Add `ceph-mon` as a `firewalld` service rule to hosts of `osds`.