Override galera_monitoring_allowed_source
By default, the galera_monitoring_allowed_source is secured in the galera_role to have no external access. We haproxy and galera nodes need to access the mysql check xinetd tool, so we override it here. Change-Id: Ib6f67e002fcd288caf278adfe717b3ccb4440ce5
This commit is contained in:
parent
d784bea5ec
commit
0f521b5d6d
|
@ -30,7 +30,7 @@ galera_disable_privatedevices: "{{ ((properties.is_metal | default(false)) | boo
|
|||
# By default galera_monitoring xinetd app is open to 0.0.0.0/0
|
||||
# This makes sure the monitoring is only restricted to the necessary nodes:
|
||||
# the load balancers, and the galera nodes.
|
||||
galera_monitoring_allowed_source: "{% for node in galera_cluster_members + groups['haproxy_all'] %}{{ node }} {% endfor %}"
|
||||
galera_monitoring_allowed_source: "{% for node in groups['galera_all'] + groups['haproxy_all'] %}{{ hostvars[node]['ansible_host'] }} {% endfor %} 127.0.0.1"
|
||||
|
||||
# Galera sessions are long lived, so if we do endpoint maintenance we will
|
||||
# force kill the sessions to force a failover to the active endpoint.
|
||||
|
|
Loading…
Reference in New Issue