[Pacemaker] ]: WARN: ping_write: Wrote -1 of 39 chars: Operation not permitted
Lars Ellenberg
lars.ellenberg at linbit.com
Wed May 26 04:33:06 EDT 2010
On Wed, May 26, 2010 at 08:33:53AM +0200, Andrew Beekhof wrote:
> On Thu, May 20, 2010 at 4:58 PM, Koch, Sebastian
> <Sebastian.Koch at netzwerk.de> wrote:
> > Hi,
> >
> >
> >
> > if i enable a IPTABLES Rule
> >
> >
> >
> > iptables -A OUTPUT -p icmp -d 10.1.1.162 -j DROP
> >
> >
> >
> > to block access to my Gateway 10.1.162 to test my pingd resource, i am
> > getting that error. I googled around as this looks for me like pingd aint
> > got the permission to write down the result of the ping test, but i didnt
> > find anything.
>
> Sounds like a reasonable conclusion.
> I'd expect some sort of error if the node was unreachable.
No, it's just the result of that iptables rule.
root at soda:~# strace -e sendmsg ping -c1 -w1 10.9.9.8
PING 10.9.9.8 (10.9.9.8) 56(84) bytes of data.
sendmsg(3, {...}, 0) = 64
root at soda:~# iptables -I OUTPUT -p icmp -d 10.9.9.8 -j DROP
root at soda:~# strace -e sendmsg ping -c1 -w1 10.9.9.8
PING 10.9.9.8 (10.9.9.8) 56(84) bytes of data.
sendmsg(3, {...}, 0) = -1 EPERM (Operation not permitted)
ping: sendmsg: Operation not permitted
There ;-)
I admit it is "unexpected" for a -j DROP, but that's the way it is.
> Btw. You really should think about moving to ocf:pacemaker:ping
> instead of pingd.
> The new agent uses the ping binary from your system and is therefore
> more reliable.
In this case, it will "fail" in just the same way.
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
More information about the Pacemaker
mailing list