OCF_HEARTBEAT_PORTBL - Online Linux Manual PageSection : 7
Updated : 03/25/2021
Source : resource-agents UNKNOWN
Note : OCF resource agents

NAMEocf_heartbeat_portblock − Block and unblocks access to TCP and UDP ports

SYNOPSISportblock [start | stop | status | monitor | meta−data | validate−all]

DESCRIPTIONResource script for portblock​. It is used to temporarily block ports using iptables​. In addition, it may allow for faster TCP reconnects for clients on failover​. Use that if there are long lived TCP connections to an HA service​. This feature is enabled by setting the tickle_dir parameter and only in concert with action set to unblock​. Note that the tickle ACK function is new as of version 3​.0​.2 and hasn't yet seen widespread use​.

SUPPORTED PARAMETERSprotocol The protocol used to be blocked/unblocked​. (required, string, no default) portno The port number used to be blocked/unblocked​. (required, string, no default) action The action (block/unblock) to be done on the protocol::portno​. (required, string, no default) reset_local_on_unblock_stop If for some reason the long lived server side TCP sessions won't be cleaned up by a reconfiguration/flush/stop of whatever services this portblock protects, they would linger in the connection table, even after the IP is gone and services have been switched over to another node​. An example would be the default NFS kernel server​. These "known" connections may seriously confuse and delay a later switchback​. Enabling this option will cause this agent to try to get rid of these connections by injecting a temporary iptables rule to TCP−reset outgoing packets from the blocked ports, and additionally tickle them locally, just before it starts to DROP incoming packets on "unblock stop"​. (optional, boolean, default false) ip The IP address used to be blocked/unblocked​. (optional, string, default "0​.0​.0​.0/0") tickle_dir The shared or local directory (_must_ be absolute path) which stores the established TCP connections​. (optional, string, no default) sync_script If the tickle_dir is a local directory, then the TCP connection state file has to be replicated to other nodes in the cluster​. It can be csync2 (default), some wrapper of rsync, or whatever​. It takes the file name as a single argument​. For csync2, set it to "csync2 −xv"​. (optional, string, no default)

SUPPORTED ACTIONSThis resource agent supports the following actions (operations): start Starts the resource​. Suggested minimum timeout: 20s​. stop Stops the resource​. Suggested minimum timeout: 20s​. status Performs a status check​. Suggested minimum timeout: 10s​. Suggested interval: 10s​. monitor Performs a detailed status check​. Suggested minimum timeout: 10s​. Suggested interval: 10s​. meta−data Retrieves resource agent metadata (internal use only)​. Suggested minimum timeout: 5s​. validate−all Performs a validation of the resource configuration​. Suggested minimum timeout: 5s​.

EXAMPLE CRM SHELLThe following is an example configuration for a portblock resource using the crm(8) shell: primitive p_portblock ocf:heartbeat:portblock \ params \ protocol=string \ portno=string \ action=string \ op monitor depth="0" timeout="10s" interval="10s"

EXAMPLE PCSThe following is an example configuration for a portblock resource using pcs(8) pcs resource create p_portblock ocf:heartbeat:portblock \ protocol=string \ portno=string \ action=string \ op monitor OCF_CHECK_LEVEL="0" timeout="10s" interval="10s"

SEE ALSO­http://clusterlabs.org/

AUTHORClusterLabs contributors (see the resource agent source for information about individual authors)
0
Johanes Gumabo
Data Size   :   15,089 byte
man-ocf_heartbeat_portblock.7Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   2 / 202,553
Visitor ID   :     :  
Visitor IP   :   18.191.171.136   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.