search

CiscoCloud / distributive

Unit testing for the cloud
Apache License 2.0
147 stars 20 forks source link

'Port' check does not check for ipv6 ports #127

Closed Zogg closed 8 years ago

Zogg commented 8 years ago

Currently 'port' check only checks ipv4 open ports, while many services are listening on ipv6 address. 'Port' check should check if the port is open in both ranges: ipv4 and ipv6.

langston-barrett commented 8 years ago

Definitely. We should have port, portv4, and portv6 checks.

ryane commented 8 years ago

I think this might be an issue with the vault-ssl branch on mantl (https://github.com/CiscoCloud/microservices-infrastructure/pull/1045). When you deploy that, there is a failing health check for Distributive vault Health Checks:

time="2016-01-30T01:54:30Z" level=info msg="Creating checklist(s)..." path="/etc/distributive.d/vault.json" type=file 
time="2016-01-30T01:54:30Z" level=info msg="Running checklist: vault health check" 
time="2016-01-30T01:54:30Z" level=info msg="Check passed" name="vault installation" type=installed 
time="2016-01-30T01:54:30Z" level=info msg="Check failed" name="vault systemd service file present" type=file 
time="2016-01-30T01:54:30Z" level=info msg="Check passed" name="vault systemd service enabled" type=systemctlLoaded 
time="2016-01-30T01:54:30Z" level=info msg="Check failed" name="vault port open" type=port 
time="2016-01-30T01:54:30Z" level=warning msg="Check(s) failed, printing checklist report" checklist="vault health check" report="↴\nTotal: 4\nPassed: 2\nFailed: 2\nNo such file or directory: /usr/lib/systemd/system/vault.service\nPort not open:\n\tSpecified: 8200\n\tActual: 15050, 8400, 8500, 8500, 53, 22, 8600, 25, 43290, 54810, 8500, 8500, 8500, 45879, 8500, 8500, 8500, 8500, 8500, 8500, 8500, 43456, 42761, 8500, 44358, 8500, 41331, 45861, 42866, 8500, 56564, 8500, 8500, 8500, 8500, 8500, 8500, 8500, 45857, 60226, 8500, 8500, 8500, 8500, 15050, 15050, 8500, 8500, 8500, 8500"

But, 8200 is available:

# curl https://localhost:8200/v1/sys/init
{"initialized":true}
# sudo netstat -anlp | grep 8200
tcp6       0      0 :::8200                 :::*                    LISTEN      17628/vault
langston-barrett commented 8 years ago

The port check works by seeing if it can connect to the specified port on localhost, so I wonder if the connection is just rejected due to some kind of security mechanism or similar. We might just want to remove that check for Vault.

langston-barrett commented 8 years ago

As per my last comment, I don't think this is a bug in distributive.