OCF_HEARTBEAT_PORTBL(7)

NAME

ocf_heartbeat_portblock - Block and unblocks access to TCP and UDP
ports

SYNOPSIS

portblock [start | stop | status | monitor | meta-data | validate-all]

DESCRIPTION

Resource script for portblock. It is used to temporarily block ports
using iptables. In addition, it may allow for faster TCP reconnects for clients on failover. Use that if there are long lived TCP connections
to an HA service. This feature is enabled by setting the tickle_dir
parameter and only in concert with action set to unblock. Note that the tickle ACK function is new as of version 3.0.2 and hasn't yet seen
widespread use.

SUPPORTED PARAMETERS

protocol
The protocol used to be blocked/unblocked. (required, string, no
default)
portno
The port number used to be blocked/unblocked. (required, integer,
no default)
action
The action (block/unblock) to be done on the protocol::portno.
(required, string, no default)
ip
The IP address used to be blocked/unblocked. (optional, string,
default 0.0.0.0/0)
tickle_dir
The shared or local directory (_must_ be absolute path) which
stores the established TCP connections. (optional, string, no
default)
sync_script
If the tickle_dir is a local directory, then the TCP connection
state file has to be replicated to other nodes in the cluster. It
can be csync2 (default), some wrapper of rsync, or whatever. It
takes the file name as a single argument. For csync2, set it to
"csync2 -xv". (optional, string, no default)

SUPPORTED ACTIONS

This resource agent supports the following actions (operations):

start
Starts the resource. Suggested minimum timeout: 20.
stop
Stops the resource. Suggested minimum timeout: 20.
status
Performs a status check. Suggested minimum timeout: 10. Suggested
interval: 10.
monitor
Performs a detailed status check. Suggested minimum timeout: 10.
Suggested interval: 10.
meta-data
Retrieves resource agent metadata (internal use only). Suggested
minimum timeout: 5.
validate-all
Performs a validation of the resource configuration. Suggested
minimum timeout: 5.

EXAMPLE

The following is an example configuration for a portblock resource
using the crm(8) shell:
primitive example_portblock ocf:heartbeat:portblock \
params \
protocol=string \
portno=integer \
action=string \
op monitor depth="0" timeout="10" interval="10"

SEE ALSO

http://www.linux-ha.org/wiki/portblock_(resource_agent)

AUTHOR

Linux-HA contributors (see the resource agent source for information about individual authors)

resource-agents 1.0.3 05/04/2010 OCF_HEARTBEAT_PORTBL(7)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout