aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/pacemaker
diff options
context:
space:
mode:
authorDimitri Savineau <dsavinea@redhat.com>2016-08-05 11:17:23 -0400
committerAlex Schultz <aschultz@redhat.com>2016-12-10 23:35:59 +0000
commit95fbe9289b0286aa315f78827b21d2374f600850 (patch)
tree2db62492bff0578f87903b2d9e554ba230ad07ec /manifests/profile/pacemaker
parent53954ff5034c6690a959568ee31eaaf4f5f02979 (diff)
xinetd: bind only on mysql network
By default galera-monitor xinetd is binding on all the interfaces. That means that the port 9200 is exposed on the external network. Because haproxy is using the same network for the backend and the check we can reuse it for the xinetd binding. Change-Id: If1a50515593e81f46d67309bdeecbe84c1d0ebe4
Diffstat (limited to 'manifests/profile/pacemaker')
-rw-r--r--manifests/profile/pacemaker/database/mysql.pp1
1 files changed, 1 insertions, 0 deletions
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index edd09bd..e5882e7 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -161,6 +161,7 @@ class tripleo::profile::pacemaker::database::mysql (
unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck',
}
xinetd::service { 'galera-monitor' :
+ bind => hiera('mysql_bind_host'),
port => '9200',
server => '/usr/bin/clustercheck',
per_source => 'UNLIMITED',