diff --git a/roles/filesystem/handlers/main.yml b/roles/filesystem/handlers/main.yml
index c5b9df81..7928432f 100644
--- a/roles/filesystem/handlers/main.yml
+++ b/roles/filesystem/handlers/main.yml
@@ -6,3 +6,8 @@
 
 - name: Re-export shares
   ansible.builtin.command: exportfs -rav  # noqa no-changed-when
+
+- name: Restart firewalld
+  ansible.builtin.service:
+    name: firewalld
+    state: restarted
diff --git a/roles/filesystem/tasks/main.yml b/roles/filesystem/tasks/main.yml
index 1818dd5a..c2ce377c 100644
--- a/roles/filesystem/tasks/main.yml
+++ b/roles/filesystem/tasks/main.yml
@@ -4,12 +4,14 @@
     name: nfs-server
     state: started
     enabled: true
+  when: slurm_role == "mgmt" and ansible_local.citc.csp == "openstack"
 
 - name: Create shared FS
   ansible.builtin.file:
     path: /shared
     state: directory
     mode: o=rwx,g=rx,o=rx
+  when: slurm_role == "mgmt" and ansible_local.citc.csp == "openstack"
 
 # TODO mount a Cinder volume
 - name: Config nfs server
@@ -20,9 +22,18 @@
   notify:
     - Reload nfs-server
     - Re-export shares
+  when: slurm_role == "mgmt" and ansible_local.citc.csp == "openstack"
+
+- name: Open NFS port in firewall
+  ansible.posix.firewalld:
+    port: 2049
+    permanent: true
+    state: enabled
+  notify: Restart firewalld
 
 - name: Flush handlers
   ansible.builtin.meta: flush_handlers
+  when: slurm_role == "mgmt" and ansible_local.citc.csp == "openstack"
 
 - name: Install nfs-utils
   ansible.builtin.yum: