nettest does not validate whether ports are open

[l-mb]

There could be firewall rules or others interfering.

Maybe running quick iperf3 tests or similar against the ports that we expect the nodes to use (from ceph.conf)?

[oms4suse]

I suspect that this could be very expensive due to combinatorial explosion if its any more than just checking the state of the firewall on each node.

Could you please expand your thoughts a little?

[oms4suse]

How about a different test? How about we run nmap to all nodes from one node of each node type? Would this solve your issue?

[l-mb]

I didn't mean to run a full iperf3 test against all ports we use, just to check if a TCP connect goes through. I'd not want to pull in nmap for such a simple test.

[oms4suse]

Ok so to get this clear in my head:

(1) detect if ceph is running and shut down if so.
(2) Start netcat as a server on each port on each node, corresponding to service type.
(3) Call netcat to talk to each port on each node from each node.
(4) Start ceph on each node.

Is that the summary?

[l-mb]

Wait, why would you shutdown Ceph? No - though detecting this and warning is a good idea. You'd not want a diagnosis tool to disrupt cluster operation.

netcat is a good option, yes.

[oms4suse]

I don want to make the test for firewall invasive, but to do this I suspect it has to be invasive.

2 different processes cant bind to the same port, so you cant test a message passed the firewall if another process is bound to the port.

I am also concerned about the runtime of such a test.

[jan--f]

Closing since nettest componentis currently being re-written.