As per below I sent this a few weeks ago but didn't get a response from anyone.

Does anyone have any advice/help or a solution to the issue where cephadm 
bootstrap ignores the --skip-firewalld option?

Anestis Kozakis
Systems Administrator  - Multi-Level Security Solutions

P: + 61 2 6122 0205
M: +61 4 88 376 339 

Raytheon Australia
Cybersecurity and Information Assurance
4 Brindabella Cct
Brindabella Business Park
Canberra Airport, ACT 2609 
LinkedIn | Twitter | Facebook | Instagram

-----Original Message-----
From: Kozakis, Anestis <> 
Sent: Friday, September 27, 2024 10:28 AM
To: ceph-users <>
Subject: [External] [ceph-users] cephadm bootstrap ignoring --skip-firewalld

As I mentioned in my earlier e-mail, new to Ceph, and trying to set up 
automation to deploy, configure, and manage a Ceph cluster.

We configure our Firewall rules through SaltStack.

I am passing the -skip-firewalld option to the cephadm bootstrap command, but 
cephadm seems to ignore the option and configures the firewall anyway.

I have even reconfigured the options order to be the same as cephadm boostrap 
-help but it still ignores the option and configures the firewall.  This 
creates issues as it configures the public zone, which we don't want changed.

Below is the command we are using (with obvious settings changed/removed).

cephadm bootstrap --mon-ip --mgr-id --fsid [fsid] 
--ssh-private-key id_rsa --ssh-public-key --ssh-user [user]  
--cluster-network --allow-fqdn-hostname --config=./ceph.conf 
--initial-dashboard-user admin --initial-dashboard-password SuperS3cr3tPassw0rd 
--dashboard-password-noupdate --skip-firewalld --with-centralized-logging 

What am I missing?

Anestis Kozakis
Systems Administrator  - Multi-Level Security Solutions

P: + 61 2 6122 0205
M: +61 4 88 376 339<>

Raytheon Australia
Cybersecurity and Information Assurance
4 Brindabella Cct
Brindabella Business Park
Canberra Airport, ACT 2609<>
LinkedIn<> | 
Twitter<> | 
Facebook<> | 

ceph-users mailing list -- To unsubscribe send an email to
ceph-users mailing list --
To unsubscribe send an email to

Reply via email to