Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux-HA: Dev

[PATCH] portblock RA: fix invalid exit codes on monitor

  

 
Linux-HA dev RSS feed   Index | Next | Previous | View Threaded


florian.haas at linbit

Jun 17, 2009, 10:58 AM

Post #1 of 3 (719 views)
Permalink
[PATCH] portblock RA: fix invalid exit codes on monitor
# HG changeset patch
# User Florian Haas <florian.haas [at] linbit>
# Date 1245261520 -7200
# Node ID 745a1249a4fe091db1a9f3896a8333f77e396bc8
# Parent dc4898020fd3558af5338f7637b02205be159460
portblock RA: fix invalid exit codes on monitor

IptablesStatus() returns 1 ($OCF_ERR_GENERIC) whenever the iptables
rule is not configured. This breaks probes whenever a resource which
is expected to be stopped, is in fact stopped.

Also, this patch removes a pointless function wrapper and uses
$OCF_RESOURCE_INSTANCE for the ha_pseudo_resource state file name.

diff -r dc4898020fd3 -r 745a1249a4fe resources/OCF/portblock
--- a/resources/OCF/portblock Wed Jun 17 19:58:40 2009 +0200
+++ b/resources/OCF/portblock Wed Jun 17 19:58:40 2009 +0200
@@ -23,7 +23,7 @@

usage()
{
- cat <<-!USAGE >&2
+ cat <<END >&2
usage: $CMD {start|stop|status|monitor|meta-data|validate-all}

$CMD is used to temporarily block ports using iptables.
@@ -53,7 +53,7 @@

NOTE: iptables is linux-specific...

- !USAGE
+END
}

meta_data() {
@@ -122,12 +122,6 @@
#
#

-# pseudo_resource filename operation
-pseudo_resource()
-{
- ha_pseudo_resource $*
-}
-
#iptables_spec {udp|tcp} portno,portno
iptables_spec()
{
@@ -152,48 +146,54 @@
SayActive()
{
echo "$CMD DROP rule for INPUT chain [$*] is running (OK)"
- return 0
}

SayConsideredActive()
{
echo "$CMD DROP rule for INPUT chain [$*] considered to be running (OK)"
- return 0
}

SayInactive()
{
echo "$CMD DROP rule for INPUT chain [$*] is inactive"
- return 1
}

#IptablesStatus {udp|tcp} portno,portno {block|unblock}
-IptablesStatus()
-{
- activewords="$CMD $1 $2 is running (OK)"
- if
- chain_isactive "$1" "$2"
- then
- case $3 in
- block) SayActive $*;;
- *) SayInactive $*;;
- esac
- else
- case $3 in
- block)
- if
- pseudo_resource "$RSCNAME" status
- then
- SayConsideredActive $*
+IptablesStatus() {
+ local rc
+ rc=$OCF_ERR_GENERIC
+ activewords="$CMD $1 $2 is running (OK)"
+ if chain_isactive "$1" "$2"; then
+ case $3 in
+ block)
+ SayActive $*
+ rc=$OCF_SUCCESS
+ ;;
+ *)
+ SayInactive $*
+ rc=$OCF_NOT_RUNNING
+ ;;
+ esac
+ else
+ case $3 in
+ block)
+ if pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
+ SayConsideredActive $*
+ rc=$OCF_SUCCESS
else
- SayInactive $*
- fi;;
-
- *) SayActive $*;;
- esac
- fi
-
- return $?
+ SayInactive $*
+ rc=$OCF_NOT_RUNNING
+ fi
+ ;;
+
+ *)
+ SayActive $*
+ rc=$OCF_SUCCESS
+ ;;
+ esac
+ fi
+
+ return $rc
}

#IptablesBLOCK {udp|tcp} portno,portno
@@ -227,7 +227,7 @@
#IptablesStart {udp|tcp} portno,portno {block|unblock}
IptablesStart()
{
- pseudo_resource "$RSCNAME" start
+ ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" start
case $3 in
block) IptablesBLOCK "$@";;
unblock) IptablesUNBLOCK "$@";;
@@ -240,7 +240,7 @@
#IptablesStop {udp|tcp} portno,portno {block|unblock}
IptablesStop()
{
- pseudo_resource "$RSCNAME" stop
+ ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" stop
case $3 in
block) IptablesUNBLOCK "$@";;
unblock) IptablesBLOCK "$@";;
@@ -333,8 +333,6 @@
portno=$OCF_RESKEY_portno
action=$OCF_RESKEY_action

-RSCNAME=${CMD}_${protocol}_${portno}_${action}
-
case $1 in
start)
IptablesStart $protocol $portno $action
diff -r dc4898020fd3 -r 745a1249a4fe resources/heartbeat/portblock.in
--- a/resources/heartbeat/portblock.in Wed Jun 17 19:58:40 2009 +0200
+++ b/resources/heartbeat/portblock.in Wed Jun 17 19:58:40 2009 +0200
@@ -27,7 +27,7 @@
export OCF_RESKEY_action OCF_RESKEY_portno OCF_RESKEY_action

OCF_TYPE=portblock
-OCF_RESOURCE_INSTANCE=${OCF_TYPE}_$1_$2
+OCF_RESOURCE_INSTANCE=${OCF_TYPE}_$1_$2_$3
export OCF_TYPE OCF_RESOURCE_INSTANCE

ra_execocf $4
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/


florian.haas at linbit

Jun 18, 2009, 1:27 AM

Post #2 of 3 (623 views)
Permalink
[PATCH] portblock RA: fix invalid exit codes on monitor [In reply to]
# HG changeset patch
# User Florian Haas <florian.haas [at] linbit>
# Date 1245313456 -7200
# Node ID 5df5240e463e4e5ce2903312ba094957717d66dc
# Parent ee16ba77a95bd290d833ead3b1181297fe8e5f14
portblock RA: fix invalid exit codes on monitor

IptablesStatus() returns 1 ($OCF_ERR_GENERIC) whenever the iptables
rule is not configured. This breaks probes whenever a resource which
is expected to be stopped, is in fact stopped.

Also, this patch removes a pointless function wrapper and uses
$OCF_RESOURCE_INSTANCE for the ha_pseudo_resource state file name.

This is a fix of the fix I submitted yesterday. :) The original patch
still had a residual call to pseudo_resource.

This updated patch also removes another obsolete comment.

diff -r ee16ba77a95b -r 5df5240e463e resources/OCF/portblock
--- a/resources/OCF/portblock Thu Jun 18 10:24:16 2009 +0200
+++ b/resources/OCF/portblock Thu Jun 18 10:24:16 2009 +0200
@@ -23,7 +23,7 @@

usage()
{
- cat <<-!USAGE >&2
+ cat <<END >&2
usage: $CMD {start|stop|status|monitor|meta-data|validate-all}

$CMD is used to temporarily block ports using iptables.
@@ -53,7 +53,7 @@

NOTE: iptables is linux-specific...

- !USAGE
+END
}

meta_data() {
@@ -115,18 +115,6 @@
# This is because we expect an "unblock" resource to come along
# and disable us -- but we're still in some sense active...
#
-# So, we track the state here using the pseudo_resource() function.
-#
-# The psuedo_resource function should be moved into the functions
-# available to resources so other resource scripts could use it...
-#
-#
-
-# pseudo_resource filename operation
-pseudo_resource()
-{
- ha_pseudo_resource $*
-}

#iptables_spec {udp|tcp} portno,portno
iptables_spec()
@@ -152,48 +140,54 @@
SayActive()
{
echo "$CMD DROP rule for INPUT chain [$*] is running (OK)"
- return 0
}

SayConsideredActive()
{
echo "$CMD DROP rule for INPUT chain [$*] considered to be running (OK)"
- return 0
}

SayInactive()
{
echo "$CMD DROP rule for INPUT chain [$*] is inactive"
- return 1
}

#IptablesStatus {udp|tcp} portno,portno {block|unblock}
-IptablesStatus()
-{
- activewords="$CMD $1 $2 is running (OK)"
- if
- chain_isactive "$1" "$2"
- then
- case $3 in
- block) SayActive $*;;
- *) SayInactive $*;;
- esac
- else
- case $3 in
- block)
- if
- pseudo_resource "$RSCNAME" status
- then
- SayConsideredActive $*
+IptablesStatus() {
+ local rc
+ rc=$OCF_ERR_GENERIC
+ activewords="$CMD $1 $2 is running (OK)"
+ if chain_isactive "$1" "$2"; then
+ case $3 in
+ block)
+ SayActive $*
+ rc=$OCF_SUCCESS
+ ;;
+ *)
+ SayInactive $*
+ rc=$OCF_NOT_RUNNING
+ ;;
+ esac
+ else
+ case $3 in
+ block)
+ if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
+ SayConsideredActive $*
+ rc=$OCF_SUCCESS
else
- SayInactive $*
- fi;;
-
- *) SayActive $*;;
- esac
- fi
-
- return $?
+ SayInactive $*
+ rc=$OCF_NOT_RUNNING
+ fi
+ ;;
+
+ *)
+ SayActive $*
+ rc=$OCF_SUCCESS
+ ;;
+ esac
+ fi
+
+ return $rc
}

#IptablesBLOCK {udp|tcp} portno,portno
@@ -227,7 +221,7 @@
#IptablesStart {udp|tcp} portno,portno {block|unblock}
IptablesStart()
{
- pseudo_resource "$RSCNAME" start
+ ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" start
case $3 in
block) IptablesBLOCK "$@";;
unblock) IptablesUNBLOCK "$@";;
@@ -240,7 +234,7 @@
#IptablesStop {udp|tcp} portno,portno {block|unblock}
IptablesStop()
{
- pseudo_resource "$RSCNAME" stop
+ ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" stop
case $3 in
block) IptablesUNBLOCK "$@";;
unblock) IptablesBLOCK "$@";;
@@ -333,8 +327,6 @@
portno=$OCF_RESKEY_portno
action=$OCF_RESKEY_action

-RSCNAME=${CMD}_${protocol}_${portno}_${action}
-
case $1 in
start)
IptablesStart $protocol $portno $action
diff -r ee16ba77a95b -r 5df5240e463e resources/heartbeat/portblock.in
--- a/resources/heartbeat/portblock.in Thu Jun 18 10:24:16 2009 +0200
+++ b/resources/heartbeat/portblock.in Thu Jun 18 10:24:16 2009 +0200
@@ -27,7 +27,7 @@
export OCF_RESKEY_action OCF_RESKEY_portno OCF_RESKEY_action

OCF_TYPE=portblock
-OCF_RESOURCE_INSTANCE=${OCF_TYPE}_$1_$2
+OCF_RESOURCE_INSTANCE=${OCF_TYPE}_$1_$2_$3
export OCF_TYPE OCF_RESOURCE_INSTANCE

ra_execocf $4
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/


dejanmm at fastmail

Jun 18, 2009, 3:28 AM

Post #3 of 3 (618 views)
Permalink
Re: [PATCH] portblock RA: fix invalid exit codes on monitor [In reply to]
Applied.

Cheers,

Dejan

On Thu, Jun 18, 2009 at 10:27:51AM +0200, Florian Haas wrote:
> # HG changeset patch
> # User Florian Haas <florian.haas [at] linbit>
> # Date 1245313456 -7200
> # Node ID 5df5240e463e4e5ce2903312ba094957717d66dc
> # Parent ee16ba77a95bd290d833ead3b1181297fe8e5f14
> portblock RA: fix invalid exit codes on monitor
>
> IptablesStatus() returns 1 ($OCF_ERR_GENERIC) whenever the iptables
> rule is not configured. This breaks probes whenever a resource which
> is expected to be stopped, is in fact stopped.
>
> Also, this patch removes a pointless function wrapper and uses
> $OCF_RESOURCE_INSTANCE for the ha_pseudo_resource state file name.
>
> This is a fix of the fix I submitted yesterday. :) The original patch
> still had a residual call to pseudo_resource.
>
> This updated patch also removes another obsolete comment.
>
> diff -r ee16ba77a95b -r 5df5240e463e resources/OCF/portblock
> --- a/resources/OCF/portblock Thu Jun 18 10:24:16 2009 +0200
> +++ b/resources/OCF/portblock Thu Jun 18 10:24:16 2009 +0200
> @@ -23,7 +23,7 @@
>
> usage()
> {
> - cat <<-!USAGE >&2
> + cat <<END >&2
> usage: $CMD {start|stop|status|monitor|meta-data|validate-all}
>
> $CMD is used to temporarily block ports using iptables.
> @@ -53,7 +53,7 @@
>
> NOTE: iptables is linux-specific...
>
> - !USAGE
> +END
> }
>
> meta_data() {
> @@ -115,18 +115,6 @@
> # This is because we expect an "unblock" resource to come along
> # and disable us -- but we're still in some sense active...
> #
> -# So, we track the state here using the pseudo_resource() function.
> -#
> -# The psuedo_resource function should be moved into the functions
> -# available to resources so other resource scripts could use it...
> -#
> -#
> -
> -# pseudo_resource filename operation
> -pseudo_resource()
> -{
> - ha_pseudo_resource $*
> -}
>
> #iptables_spec {udp|tcp} portno,portno
> iptables_spec()
> @@ -152,48 +140,54 @@
> SayActive()
> {
> echo "$CMD DROP rule for INPUT chain [$*] is running (OK)"
> - return 0
> }
>
> SayConsideredActive()
> {
> echo "$CMD DROP rule for INPUT chain [$*] considered to be running (OK)"
> - return 0
> }
>
> SayInactive()
> {
> echo "$CMD DROP rule for INPUT chain [$*] is inactive"
> - return 1
> }
>
> #IptablesStatus {udp|tcp} portno,portno {block|unblock}
> -IptablesStatus()
> -{
> - activewords="$CMD $1 $2 is running (OK)"
> - if
> - chain_isactive "$1" "$2"
> - then
> - case $3 in
> - block) SayActive $*;;
> - *) SayInactive $*;;
> - esac
> - else
> - case $3 in
> - block)
> - if
> - pseudo_resource "$RSCNAME" status
> - then
> - SayConsideredActive $*
> +IptablesStatus() {
> + local rc
> + rc=$OCF_ERR_GENERIC
> + activewords="$CMD $1 $2 is running (OK)"
> + if chain_isactive "$1" "$2"; then
> + case $3 in
> + block)
> + SayActive $*
> + rc=$OCF_SUCCESS
> + ;;
> + *)
> + SayInactive $*
> + rc=$OCF_NOT_RUNNING
> + ;;
> + esac
> + else
> + case $3 in
> + block)
> + if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
> + SayConsideredActive $*
> + rc=$OCF_SUCCESS
> else
> - SayInactive $*
> - fi;;
> -
> - *) SayActive $*;;
> - esac
> - fi
> -
> - return $?
> + SayInactive $*
> + rc=$OCF_NOT_RUNNING
> + fi
> + ;;
> +
> + *)
> + SayActive $*
> + rc=$OCF_SUCCESS
> + ;;
> + esac
> + fi
> +
> + return $rc
> }
>
> #IptablesBLOCK {udp|tcp} portno,portno
> @@ -227,7 +221,7 @@
> #IptablesStart {udp|tcp} portno,portno {block|unblock}
> IptablesStart()
> {
> - pseudo_resource "$RSCNAME" start
> + ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" start
> case $3 in
> block) IptablesBLOCK "$@";;
> unblock) IptablesUNBLOCK "$@";;
> @@ -240,7 +234,7 @@
> #IptablesStop {udp|tcp} portno,portno {block|unblock}
> IptablesStop()
> {
> - pseudo_resource "$RSCNAME" stop
> + ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" stop
> case $3 in
> block) IptablesUNBLOCK "$@";;
> unblock) IptablesBLOCK "$@";;
> @@ -333,8 +327,6 @@
> portno=$OCF_RESKEY_portno
> action=$OCF_RESKEY_action
>
> -RSCNAME=${CMD}_${protocol}_${portno}_${action}
> -
> case $1 in
> start)
> IptablesStart $protocol $portno $action
> diff -r ee16ba77a95b -r 5df5240e463e resources/heartbeat/portblock.in
> --- a/resources/heartbeat/portblock.in Thu Jun 18 10:24:16 2009 +0200
> +++ b/resources/heartbeat/portblock.in Thu Jun 18 10:24:16 2009 +0200
> @@ -27,7 +27,7 @@
> export OCF_RESKEY_action OCF_RESKEY_portno OCF_RESKEY_action
>
> OCF_TYPE=portblock
> -OCF_RESOURCE_INSTANCE=${OCF_TYPE}_$1_$2
> +OCF_RESOURCE_INSTANCE=${OCF_TYPE}_$1_$2_$3
> export OCF_TYPE OCF_RESOURCE_INSTANCE
>
> ra_execocf $4
> _______________________________________________________
> Linux-HA-Dev: Linux-HA-Dev [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Linux-HA dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.