1OCF_HEARTBEAT_PORTBL(7)       OCF resource agents      OCF_HEARTBEAT_PORTBL(7)
2
3
4

NAME

6       ocf_heartbeat_portblock - Block and unblocks access to TCP and UDP
7       ports
8

SYNOPSIS

10       portblock [start | stop | status | monitor | meta-data | validate-all]
11

DESCRIPTION

13       Resource script for portblock. It is used to temporarily block ports
14       using iptables. In addition, it may allow for faster TCP reconnects for
15       clients on failover. Use that if there are long lived TCP connections
16       to an HA service. This feature is enabled by setting the tickle_dir
17       parameter and only in concert with action set to unblock. Note that the
18       tickle ACK function is new as of version 3.0.2 and hasn't yet seen
19       widespread use.
20

SUPPORTED PARAMETERS

22       protocol
23           The protocol used to be blocked/unblocked.  (required, string, no
24           default)
25
26       portno
27           The port number used to be blocked/unblocked.  (required, integer,
28           no default)
29
30       action
31           The action (block/unblock) to be done on the protocol::portno.
32           (required, string, no default)
33
34       ip
35           The IP address used to be blocked/unblocked.  (optional, string,
36           default 0.0.0.0/0)
37
38       tickle_dir
39           The shared or local directory (_must_ be absolute path) which
40           stores the established TCP connections.  (optional, string, no
41           default)
42
43       sync_script
44           If the tickle_dir is a local directory, then the TCP connection
45           state file has to be replicated to other nodes in the cluster. It
46           can be csync2 (default), some wrapper of rsync, or whatever. It
47           takes the file name as a single argument. For csync2, set it to
48           "csync2 -xv".  (optional, string, no default)
49

SUPPORTED ACTIONS

51       This resource agent supports the following actions (operations):
52
53       start
54           Starts the resource. Suggested minimum timeout: 20.
55
56       stop
57           Stops the resource. Suggested minimum timeout: 20.
58
59       status
60           Performs a status check. Suggested minimum timeout: 10. Suggested
61           interval: 10.
62
63       monitor
64           Performs a detailed status check. Suggested minimum timeout: 10.
65           Suggested interval: 10.
66
67       meta-data
68           Retrieves resource agent metadata (internal use only). Suggested
69           minimum timeout: 5.
70
71       validate-all
72           Performs a validation of the resource configuration. Suggested
73           minimum timeout: 5.
74

EXAMPLE

76       The following is an example configuration for a portblock resource
77       using the crm(8) shell:
78
79           primitive p_portblock ocf:heartbeat:portblock \
80             params \
81               protocol=string \
82               portno=integer \
83               action=string \
84             op monitor depth="0" timeout="10" interval="10"
85

SEE ALSO

87       http://www.linux-ha.org/wiki/portblock_(resource_agent)
88

AUTHOR

90       Linux-HA contributors (see the resource agent source for information
91       about individual authors)
92
93
94
95resource-agents 3.9.2             07/08/2011           OCF_HEARTBEAT_PORTBL(7)
Impressum