From 95fbe9289b0286aa315f78827b21d2374f600850 Mon Sep 17 00:00:00 2001
From: Dimitri Savineau <dsavinea@redhat.com>
Date: Fri, 5 Aug 2016 11:17:23 -0400
Subject: xinetd: bind only on mysql network

By default galera-monitor xinetd is binding on all the interfaces.
That means that the port 9200 is exposed on the external network.
Because haproxy is using the same network for the backend and the
check we can reuse it for the xinetd binding.

Change-Id: If1a50515593e81f46d67309bdeecbe84c1d0ebe4
---
 manifests/profile/pacemaker/database/mysql.pp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'manifests/profile/pacemaker/database/mysql.pp')

diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index edd09bd..e5882e7 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -161,6 +161,7 @@ class tripleo::profile::pacemaker::database::mysql (
       unless  => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck',
     }
     xinetd::service { 'galera-monitor' :
+      bind           => hiera('mysql_bind_host'),
       port           => '9200',
       server         => '/usr/bin/clustercheck',
       per_source     => 'UNLIMITED',
-- 
cgit 1.2.3-korg