On Wed, May 26, 2010 at 08:33:53AM +0200, Andrew Beekhof wrote:
> On Thu, May 20, 2010 at 4:58 PM, Koch, Sebastian
> <sebastian.k...@netzwerk.de> wrote:
> > Hi,
> >
> >
> >
> > if i enable a IPTABLES Rule
> >
> >
> >
> > iptables -A OUTPUT -p icmp -d 10.1.1.162 -j DROP
> >
> >
> >
> > to block access to my Gateway 10.1.162 to test my pingd resource, i am
> > getting that error. I googled around as this looks for me like pingd aint
> > got the permission to write down the result of the ping test, but i didnt
> > find anything.
>
> Sounds like a reasonable conclusion.
> I'd expect some sort of error if the node was unreachable.
No, it's just the result of that iptables rule.
r...@soda:~# strace -e sendmsg ping -c1 -w1 10.9.9.8
PING 10.9.9.8 (10.9.9.8) 56(84) bytes of data.
sendmsg(3, {...}, 0) = 64
r...@soda:~# iptables -I OUTPUT -p icmp -d 10.9.9.8 -j DROP
r...@soda:~# strace -e sendmsg ping -c1 -w1 10.9.9.8
PING 10.9.9.8 (10.9.9.8) 56(84) bytes of data.
sendmsg(3, {...}, 0) = -1 EPERM (Operation not permitted)
ping: sendmsg: Operation not permitted
There ;-)
I admit it is "unexpected" for a -j DROP, but that's the way it is.
> Btw. You really should think about moving to ocf:pacemaker:ping
> instead of pingd.
> The new agent uses the ping binary from your system and is therefore
> more reliable.
In this case, it will "fail" in just the same way.
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
