Extract port into variable

Author: jovial

doc/source/configuration/cephadm.rst

@@ -344,6 +344,8 @@ should be used in the Kolla Manila configuration e.g.:
 
   manila_cephfs_filesystem_name: manila-cephfs
 
+.. _RGWs-Ceph:
+
 RADOS Gateways
 --------------
 

doc/source/configuration/firewall.rst

@@ -108,6 +108,9 @@ Storage firewalld Configuration
    # - state: enabled
    storage_firewalld_rules: "{{ stackhpc_firewalld_rules }}"
 
+If using RADOS Gateway, you can customise ``stackhpc_ceph_firewalld_radosgw_port`` to match
+the ``rgw_frontend_port`` as documented in :ref:`RGWs-with-Ceph`.
+
 Monitoring firewalld Configuration
 ----------------------------------
 
@@ -234,6 +237,7 @@ The following workaround is needed to prevent VM network traffic from being bloc
 
 .. code-block:: yaml
    :caption: ``seed_hypervisor.yml``
+
    seed_hypervisor_sysctl_parameters:
    # By default this is 1, which causes layer 2 traffic flowing through Linux
    # bridges to pass through iptables. This blocks traffic from VMs (seed, wazuh) to

etc/kayobe/inventory/group_vars/all/firewall

@@ -211,6 +211,10 @@ stackhpc_compute_firewalld_rules_template:
 ###############################################################################
 # Ceph firewalld rules
 
+# Port on which radosgw is exposed.
+# See: https://stackhpc-kayobe-config.readthedocs.io/en/stackhpc-2024.1/configuration/cephadm.html#rados-gateways
+stackhpc_ceph_firewalld_radosgw_port: 8100
+
 stackhpc_ceph_firewalld_rules_template:
   # Ceph Prometheus exporter
   - rules:
@@ -229,7 +233,7 @@ stackhpc_ceph_firewalld_rules_template:
       - service: ceph-mon
         network: "{{ storage_net_name }}"
         state: "{{ 'enabled' if 'mons' in group_names else 'disabled' }}"
-      - port: 8100/tcp
+      - port: "{{ stackhpc_ceph_firewalld_radosgw_port }}/tcp"
         network: "{{ storage_net_name }}"
         state: "{{ 'enabled' if 'rgws' in group_names else 'disabled' }}"
     enabled: "{{ 'ceph' in group_names }}"