ctdb-scripts: Track connections for all ports for public IPs

Currently TCP ports like NFS lock manager are not tracked.  It is
easier to track all connections than to add a configuration system to
try to track specified ports, so do that.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jerry Heyman <jheyman@ddn.com>

diff --git a/ctdb/config/events/legacy/10.interface.script b/ctdb/config/events/legacy/10.interface.script
index 4535bcd4a8b75991e9650e5fb5870ef5748ae1fc..8d2d6968a1db41f654fd868014f2c8dbdbab83d7 100755 (executable)
--- a/ctdb/config/events/legacy/10.interface.script
+++ b/ctdb/config/events/legacy/10.interface.script
@@ -244,7 +244,7 @@ ipreallocated)
 monitor)
        monitor_interfaces || exit 1
 
-       update_tickles 2049
+       update_tickles
        ;;
 esac
 

diff --git a/ctdb/config/functions b/ctdb/config/functions
index 8fd20cfdb859d1bbb831fb99756ca16905706b90..ad191ac44686974f777582764056d56cec24a9ec 100755 (executable)
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -1181,8 +1181,6 @@ nfs_callout()
 
 update_tickles()
 {
-       _port="$1"
-
        tickledir="${CTDB_SCRIPT_VARDIR}/tickles"
        mkdir -p "$tickledir"
 
@@ -1191,17 +1189,16 @@ update_tickles()
                return
        fi
 
-       # IPs and port as ss filters
+       # IPs ss filter
        _ip_filter=""
        while read -r _ip; do
                _ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]"
        done <"$CTDB_MY_PUBLIC_IPS_CACHE"
-       _port_filter="sport == :${_port}"
 
        # Record our current tickles in a temporary file
-       _my_tickles="${tickledir}/${_port}.tickles.$$"
+       _my_tickles="${tickledir}/all.tickles.$$"
        while read -r _i; do
-               $CTDB -X gettickles "$_i" "$_port" |
+               $CTDB -X gettickles "$_i" |
                        awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }'
        done <"$CTDB_MY_PUBLIC_IPS_CACHE" |
                sort >"$_my_tickles"
@@ -1210,12 +1207,10 @@ update_tickles()
        # This temporary file is in CTDB's private state directory and
        # $$ is used to avoid a very rare race involving CTDB's script
        # debugging.  No security issue, nothing to see here...
-       _my_connections="${tickledir}/${_port}.connections.$$"
-       # Parentheses are needed around the filters for precedence but
+       _my_connections="${tickledir}/all.connections.$$"
+       # Parentheses are needed around the IP filter for precedence but
        # the parentheses can't be empty!
-       ss -tnH state established \
-               "${_ip_filter:+( ${_ip_filter} )}" \
-               "${_port_filter:+( ${_port_filter} )}" |
+       ss -tnH state established "${_ip_filter:+( ${_ip_filter} )}" |
                awk '{print $4, $3}' |
                sort >"$_my_connections"