1bff2f9fca
We keep port 2181 listening in zookeeper so that we can easily use the zkshell tool to debug and navigate the database. But now that all zuul and nodepool nodes are using tls we don't need to expose this insecure port publicly. Change-Id: I2a5ab8a9aee8f2739953e859ea52e6e9fd440790
13 lines
423 B
YAML
13 lines
423 B
YAML
zookeeper_user: zookeeper
|
|
zookeeper_group: zookeeper
|
|
zookeeper_uid: 10001
|
|
zookeeper_gid: 10001
|
|
iptables_extra_allowed_groups:
|
|
# Secure
|
|
- {'protocol': 'tcp', 'port': '2281', 'group': 'nodepool'}
|
|
- {'protocol': 'tcp', 'port': '2281', 'group': 'zuul'}
|
|
# Zookeeper election
|
|
- {'protocol': 'tcp', 'port': '2888', 'group': 'zookeeper'}
|
|
# Zookeeper leader
|
|
- {'protocol': 'tcp', 'port': '3888', 'group': 'zookeeper'}
|