openstack
/
openstack-ansible
Code Issues Proposed changes

Override galera_monitoring_allowed_source 

By default, the galera_monitoring_allowed_source is secured in the
galera_role to have no external access.

We haproxy and galera nodes need to access the mysql check xinetd tool,
so we override it here.

Change-Id: Ib6f67e002fcd288caf278adfe717b3ccb4440ce5
This commit is contained in:
Jean-Philippe Evrard 2017-11-30 09:27:29 +00:00
parent d784bea5ec
commit 0f521b5d6d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/galera_all.yml
View File

@ -30,7 +30,7 @@ galera_disable_privatedevices: "{{ ((properties.is_metal | default(false)) | boo
# By default galera_monitoring xinetd app is open to 0.0.0.0/0
# This makes sure the monitoring is only restricted to the necessary nodes:
# the load balancers, and the galera nodes.
galera_monitoring_allowed_source: "{% for node in galera_cluster_members + groups['haproxy_all'] %}{{ node }} {% endfor %}"
galera_monitoring_allowed_source: "{% for node in groups['galera_all'] + groups['haproxy_all'] %}{{ hostvars[node]['ansible_host'] }} {% endfor %} 127.0.0.1"
# Galera sessions are long lived, so if we do endpoint maintenance we will
# force kill the sessions to force a failover to the active endpoint.