summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarshavardhana <harsha@harshavardhana.net>2014-06-05 13:17:24 -0700
committerVenky Shankar <vshankar@redhat.com>2014-06-12 05:48:23 -0700
commit665366a72b720d2eee61aba8b3108e12747db767 (patch)
tree844dc7a65db29ec5e532a2b4c3e7cbe3bf077406
parent073264c63185c1b3af41c2b1ca6749fcd36a5e94 (diff)
geo-rep/gverify: Never use ping to check for host reachability
On many linux distributions with iptables enabled, ICMP traffic is usually dropped even when port 22 is open for SSH service So practically `ping` is an unreliable command ~~~ root@rhs1:/var/log/glusterfs # gluster volume geo-replication geo-test \ 17.16.10.1::geo-test-slave create push-pem force 172.16.10.1 not reachable. geo-replication command failed ~~~ ~~~ root@rhs1:/var/log/glusterfs # ping 172.16.10.1 PING rhs2.sjc.redhat.com (172.16.10.1) 56(84) bytes of data. From rhs2.sjc.redhat.com (172.16.10.1) icmp_seq=1 Destination Host Prohibited ... ... ~~~ ~~~ root@rhs2:/var/log/glusterfs # service iptables status | grep 22 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 root@rhs2:/var/log/glusterfs # service iptables status | grep icmp-host-prohibited 25 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ~~~ Change-Id: I33206ca071aa5d755c0762f7c486da222ec3c7db BUG: 1105337 Signed-off-by: Harshavardhana <harsha@harshavardhana.net> Reviewed-on: http://review.gluster.org/7997 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Aravinda VK <avishwan@redhat.com> Reviewed-by: Venky Shankar <vshankar@redhat.com> Tested-by: Venky Shankar <vshankar@redhat.com>
-rwxr-xr-xgeo-replication/src/gverify.sh21
1 files changed, 20 insertions, 1 deletions
diff --git a/geo-replication/src/gverify.sh b/geo-replication/src/gverify.sh
index 89eceb8f3ef..f2295649571 100755
--- a/geo-replication/src/gverify.sh
+++ b/geo-replication/src/gverify.sh
@@ -100,16 +100,35 @@ function slave_stats()
echo $status
}
+function ping_host ()
+{
+ ### Use bash internal socket support
+ {
+ exec 400<>/dev/tcp/$1/$2
+ if [ $? -ne '0' ]; then
+ return 1;
+ else
+ exec 400>&-
+ return 0;
+ fi
+ } 1>&2 2>/dev/null
+}
function main()
{
log_file=$5
> $log_file
+ SSH_PORT=22
# Use FORCE_BLOCKER flag in the error message to differentiate
# between the errors which the force command should bypass
- ping -w 5 $3;
+ # Test tcp connection to port 22, this is necessary since `ping`
+ # does not work on all environments where 'ssh' is allowed but
+ # ICMP is filterd
+
+ ping_host $3 ${SSH_PORT}
+
if [ $? -ne 0 ]; then
echo "FORCE_BLOCKER|$3 not reachable." > $log_file
exit 1;