7b92a07fb4
Currently the integrated build fails with the existing value of galera_monitoring_allowed_source. This can be simplified while still staying secure by default by giving no access to the xinetd service, unless explicitly defined. The xinetd whitelist can accept hostnames, so we document this feature in defaults, and simplify the role. Change-Id: Ibb2c5b90c79899036e5bcf9717a3b51cf5ec6b70
21 lines
501 B
Django/Jinja
21 lines
501 B
Django/Jinja
# default: on
|
|
# description: mysqlchk
|
|
# {{ ansible_managed }}
|
|
service mysqlchk
|
|
{
|
|
disable = no
|
|
flags = REUSE
|
|
socket_type = stream
|
|
port = 9200
|
|
wait = no
|
|
user = nobody
|
|
server = /usr/local/bin/clustercheck
|
|
log_on_failure += USERID
|
|
{% if galera_monitoring_allowed_source is defined %}
|
|
only_from = {{ galera_monitoring_allowed_source }}
|
|
{% else %}
|
|
no_access
|
|
{% endif %}
|
|
per_source = UNLIMITED
|
|
}
|