1OCF_HEARTBEAT_PORTBL(7)       OCF resource agents      OCF_HEARTBEAT_PORTBL(7)
2
3
4

NAME

6       ocf_heartbeat_portblock - Block and unblocks access to TCP and UDP
7       ports
8

SYNOPSIS

10       portblock [start | stop | status | monitor | meta-data | validate-all]
11

DESCRIPTION

13       Resource script for portblock. It is used to temporarily block ports
14       using iptables. In addition, it may allow for faster TCP reconnects for
15       clients on failover. Use that if there are long lived TCP connections
16       to an HA service. This feature is enabled by setting the tickle_dir
17       parameter and only in concert with action set to unblock. Note that the
18       tickle ACK function is new as of version 3.0.2 and hasn't yet seen
19       widespread use.
20

SUPPORTED PARAMETERS

22       protocol
23           The protocol used to be blocked/unblocked.
24
25           (required, string, no default)
26
27       portno
28           The port number used to be blocked/unblocked.
29
30           (required, string, no default)
31
32       action
33           The action (block/unblock) to be done on the protocol::portno.
34
35           (required, string, no default)
36
37       reset_local_on_unblock_stop
38           If for some reason the long lived server side TCP sessions won't be
39           cleaned up by a reconfiguration/flush/stop of whatever services
40           this portblock protects, they would linger in the connection table,
41           even after the IP is gone and services have been switched over to
42           another node.
43
44           An example would be the default NFS kernel server.
45
46           These "known" connections may seriously confuse and delay a later
47           switchback.
48
49           Enabling this option will cause this agent to try to get rid of
50           these connections by injecting a temporary iptables rule to
51           TCP-reset outgoing packets from the blocked ports, and additionally
52           tickle them locally, just before it starts to DROP incoming packets
53           on "unblock stop".
54
55           (optional, boolean, default false)
56
57       ip
58           The IP address used to be blocked/unblocked.
59
60           (optional, string, default "0.0.0.0/0")
61
62       tickle_dir
63           The shared or local directory (_must_ be absolute path) which
64           stores the established TCP connections.
65
66           (optional, string, no default)
67
68       sync_script
69           If the tickle_dir is a local directory, then the TCP connection
70           state file has to be replicated to other nodes in the cluster. It
71           can be csync2 (default), some wrapper of rsync, or whatever. It
72           takes the file name as a single argument. For csync2, set it to
73           "csync2 -xv".
74
75           (optional, string, no default)
76

SUPPORTED ACTIONS

78       This resource agent supports the following actions (operations):
79
80       start
81           Starts the resource. Suggested minimum timeout: 20s.
82
83       stop
84           Stops the resource. Suggested minimum timeout: 20s.
85
86       status
87           Performs a status check. Suggested minimum timeout: 10s. Suggested
88           interval: 10s.
89
90       monitor
91           Performs a detailed status check. Suggested minimum timeout: 10s.
92           Suggested interval: 10s.
93
94       meta-data
95           Retrieves resource agent metadata (internal use only). Suggested
96           minimum timeout: 5s.
97
98       validate-all
99           Performs a validation of the resource configuration. Suggested
100           minimum timeout: 5s.
101

EXAMPLE CRM SHELL

103       The following is an example configuration for a portblock resource
104       using the crm(8) shell:
105
106           primitive p_portblock ocf:heartbeat:portblock \
107             params \
108               protocol=string \
109               portno=string \
110               action=string \
111             op monitor depth="0" timeout="10s" interval="10s"
112

EXAMPLE PCS

114       The following is an example configuration for a portblock resource
115       using pcs(8)
116
117           pcs resource create p_portblock ocf:heartbeat:portblock \
118             protocol=string \
119             portno=string \
120             action=string \
121             op monitor depth="0" timeout="10s" interval="10s"
122

SEE ALSO

124       http://clusterlabs.org/
125

AUTHOR

127       ClusterLabs contributors (see the resource agent source for information
128       about individual authors)
129
130
131
132resource-agents UNKNOWN           03/15/2019           OCF_HEARTBEAT_PORTBL(7)
Impressum