diff options
author | Dimitri Savineau <dsavinea@redhat.com> | 2016-08-05 11:17:23 -0400 |
---|---|---|
committer | Alex Schultz <aschultz@redhat.com> | 2016-12-10 23:35:59 +0000 |
commit | 95fbe9289b0286aa315f78827b21d2374f600850 (patch) | |
tree | 2db62492bff0578f87903b2d9e554ba230ad07ec | |
parent | 53954ff5034c6690a959568ee31eaaf4f5f02979 (diff) |
xinetd: bind only on mysql network
By default galera-monitor xinetd is binding on all the interfaces.
That means that the port 9200 is exposed on the external network.
Because haproxy is using the same network for the backend and the
check we can reuse it for the xinetd binding.
Change-Id: If1a50515593e81f46d67309bdeecbe84c1d0ebe4
-rw-r--r-- | manifests/profile/pacemaker/database/mysql.pp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index edd09bd..e5882e7 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -161,6 +161,7 @@ class tripleo::profile::pacemaker::database::mysql ( unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck', } xinetd::service { 'galera-monitor' : + bind => hiera('mysql_bind_host'), port => '9200', server => '/usr/bin/clustercheck', per_source => 'UNLIMITED', |