Commit d09500ca authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

mariadb: do not open holes in the firewall for mariadb

We always run mariadb on the host where the service is located which
requires a mariadb database.
parent 0d2e6e50
......@@ -46,12 +46,3 @@
- name: install zabbix mysql config
template: dest=/etc/zabbix/ owner=zabbix-agent group=zabbix-agent mode=0600
# the source addresses here could be tightened up more, but it's far better
# than having mariadb open to the world
- name: open firewall holes to other infrastructure hosts
firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}} immediate=yes
with_items: "{{ groups['all'] }}"
when: configure_firewall
- firewall
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment