diff options
author | Harshavardhana <harsha@harshavardhana.net> | 2014-06-05 13:17:24 -0700 |
---|---|---|
committer | Venky Shankar <vshankar@redhat.com> | 2014-06-12 05:48:23 -0700 |
commit | 665366a72b720d2eee61aba8b3108e12747db767 (patch) | |
tree | 844dc7a65db29ec5e532a2b4c3e7cbe3bf077406 | |
parent | 073264c63185c1b3af41c2b1ca6749fcd36a5e94 (diff) |
geo-rep/gverify: Never use ping to check for host reachability
On many linux distributions with iptables enabled, ICMP traffic
is usually dropped even when port 22 is open for SSH service
So practically `ping` is an unreliable command
~~~
root@rhs1:/var/log/glusterfs # gluster volume geo-replication geo-test \
17.16.10.1::geo-test-slave create push-pem force
172.16.10.1 not reachable.
geo-replication command failed
~~~
~~~
root@rhs1:/var/log/glusterfs # ping 172.16.10.1
PING rhs2.sjc.redhat.com (172.16.10.1) 56(84) bytes of data.
From rhs2.sjc.redhat.com (172.16.10.1) icmp_seq=1 Destination Host Prohibited
...
...
~~~
~~~
root@rhs2:/var/log/glusterfs # service iptables status | grep 22
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
root@rhs2:/var/log/glusterfs # service iptables status | grep icmp-host-prohibited
25 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
~~~
Change-Id: I33206ca071aa5d755c0762f7c486da222ec3c7db
BUG: 1105337
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/7997
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Aravinda VK <avishwan@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
-rwxr-xr-x | geo-replication/src/gverify.sh | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/geo-replication/src/gverify.sh b/geo-replication/src/gverify.sh index 89eceb8f3ef..f2295649571 100755 --- a/geo-replication/src/gverify.sh +++ b/geo-replication/src/gverify.sh @@ -100,16 +100,35 @@ function slave_stats() echo $status } +function ping_host () +{ + ### Use bash internal socket support + { + exec 400<>/dev/tcp/$1/$2 + if [ $? -ne '0' ]; then + return 1; + else + exec 400>&- + return 0; + fi + } 1>&2 2>/dev/null +} function main() { log_file=$5 > $log_file + SSH_PORT=22 # Use FORCE_BLOCKER flag in the error message to differentiate # between the errors which the force command should bypass - ping -w 5 $3; + # Test tcp connection to port 22, this is necessary since `ping` + # does not work on all environments where 'ssh' is allowed but + # ICMP is filterd + + ping_host $3 ${SSH_PORT} + if [ $? -ne 0 ]; then echo "FORCE_BLOCKER|$3 not reachable." > $log_file exit 1; |