From 665366a72b720d2eee61aba8b3108e12747db767 Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@harshavardhana.net>
Date: Thu, 5 Jun 2014 13:17:24 -0700
Subject: geo-rep/gverify: Never use ping to check for host reachability

On many linux distributions with iptables enabled, ICMP traffic
is usually dropped even when port 22 is open for SSH service

So practically `ping` is an unreliable command

~~~
root@rhs1:/var/log/glusterfs # gluster volume geo-replication geo-test \
                          17.16.10.1::geo-test-slave create push-pem force
172.16.10.1 not reachable.
geo-replication command failed
~~~

~~~
root@rhs1:/var/log/glusterfs # ping 172.16.10.1
PING rhs2.sjc.redhat.com (172.16.10.1) 56(84) bytes of data.
From rhs2.sjc.redhat.com (172.16.10.1) icmp_seq=1 Destination Host Prohibited
...
...
~~~

~~~
root@rhs2:/var/log/glusterfs # service iptables status | grep 22
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
root@rhs2:/var/log/glusterfs # service iptables status | grep icmp-host-prohibited
25   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
~~~

Change-Id: I33206ca071aa5d755c0762f7c486da222ec3c7db
BUG: 1105337
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/7997
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Aravinda VK <avishwan@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
---
 geo-replication/src/gverify.sh | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'geo-replication/src/gverify.sh')

diff --git a/geo-replication/src/gverify.sh b/geo-replication/src/gverify.sh
index 89eceb8f3ef..f2295649571 100755
--- a/geo-replication/src/gverify.sh
+++ b/geo-replication/src/gverify.sh
@@ -100,16 +100,35 @@ function slave_stats()
     echo $status
 }
 
+function ping_host ()
+{
+    ### Use bash internal socket support
+    {
+        exec 400<>/dev/tcp/$1/$2
+        if [ $? -ne '0' ]; then
+            return 1;
+        else
+            exec 400>&-
+            return 0;
+        fi
+    } 1>&2 2>/dev/null
+}
 
 function main()
 {
     log_file=$5
     > $log_file
 
+    SSH_PORT=22
     # Use FORCE_BLOCKER flag in the error message to differentiate
     # between the errors which the force command should bypass
 
-    ping -w 5 $3;
+    # Test tcp connection to port 22, this is necessary since `ping`
+    # does not work on all environments where 'ssh' is allowed but
+    # ICMP is filterd
+
+    ping_host $3 ${SSH_PORT}
+
     if [ $? -ne 0 ]; then
         echo "FORCE_BLOCKER|$3 not reachable." > $log_file
         exit 1;
-- 
cgit