On Wed, May 26, 2010 at 10:33 AM, Lars Ellenberg
<lars.ellenb...@linbit.com> wrote:
> On Wed, May 26, 2010 at 08:33:53AM +0200, Andrew Beekhof wrote:
>> On Thu, May 20, 2010 at 4:58 PM, Koch, Sebastian
>> <sebastian.k...@netzwerk.de> wrote:
>> > Hi,
>> >
>> >
>> >
>> > if i enable a IPTABLES Rule
>> >
>> >
>> >
>> > iptables -A OUTPUT -p icmp -d 10.1.1.162 -j DROP
>> >
>> >
>> >
>> > to block access to my Gateway 10.1.162 to test my pingd resource, i am
>> > getting that error. I googled around as this looks for me like pingd aint
>> > got the permission to write down the result of the ping test, but i didnt
>> > find anything.
>>
>> Sounds like a reasonable conclusion.
>> I'd expect some sort of error if the node was unreachable.
>
> No, it's just the result of that iptables rule.
Oh absolutely.
I meant to imply that the error message was "normal" given the scenario.
>
> r...@soda:~# strace -e sendmsg ping -c1 -w1 10.9.9.8
> PING 10.9.9.8 (10.9.9.8) 56(84) bytes of data.
> sendmsg(3, {...}, 0) = 64
>
> r...@soda:~# iptables -I OUTPUT -p icmp -d 10.9.9.8 -j DROP
> r...@soda:~# strace -e sendmsg ping -c1 -w1 10.9.9.8
> PING 10.9.9.8 (10.9.9.8) 56(84) bytes of data.
> sendmsg(3, {...}, 0) = -1 EPERM (Operation not permitted)
> ping: sendmsg: Operation not permitted
>
> There ;-)
>
> I admit it is "unexpected" for a -j DROP, but that's the way it is.
>
>> Btw. You really should think about moving to ocf:pacemaker:ping
>> instead of pingd.
>> The new agent uses the ping binary from your system and is therefore
>> more reliable.
>
> In this case, it will "fail" in just the same way.
Yep, you just won't get the cryptic ERROR log message (which is a good thing).
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
