#Replace ping with curl to support OpenShift security restrictions

Description:
In OpenShift, the ping utility fails by default due to restricted security policies. This is because:

OpenShift enforces a default SecurityContextConstraints (SCC) policy that:
Disallows CAP_NET_RAW (required by ping)
Runs containers as non-root users
These constraints prevent the use of ICMP-based tools like ping
Problem:
Current logic uses ping to test network connectivity (e.g., ping ), which fails in OpenShift environments with:

ping: permission denied (are you root?)
Proposed Solution:
Replace ping with curl, nc, or other TCP-based tools that do not require CAP_NET_RAW. These tools are compatible with OpenShift’s restricted SCC policies and provide similar connectivity validation.

Example Replacement:

curl -sSf http://: || echo "unreachable"

or
nc -z

Benefits:

Works in OpenShift clusters without needing elevated privileges or custom SCCs
Improves portability and compliance with Kubernetes security standards
Simplifies deployment in enterprise and cloud-native environments
Environment Affected:

OpenShift 4.x+
Any cluster using restricted or default SCCs
Request:
Update relevant scripts/configuration to use TCP-based connectivity checks instead of ping.

Thanks for creating the issue, @waxen perch ping is currently used as an availability check and if the system is available as a means to collect the response time so we can show that in the Metadata dashboard like so

nc -z can answer the availability question and we should be able to time the execution of nc to collect the response time

Okay, how can we introduce this in harvest ?

we'll add it soon. Need to check that nc is available everywhere and then change the code

What about a native go connect ? That would be platform agnostic, is it possible in the current architecture ?

we investigated that earlier and didn't find a satisfactory solution. It should be doable though. There are lots of open-source options https://github.com/go-ping/ping, https://github.com/prometheus-community/pro-bing, https://github.com/tatsushid/go-fastping, but if I recall, some bring in 3rd party dependencies we don't want, some are abandoned, some only work on certain platforms, etc. We try to keep Harvest 3rd party dependencies to a minimum to reduce supply chain attacks and general maintenance

I believe all of the Go options have caveats like this https://github.com/prometheus-community/pro-bing?tab=readme-ov-file#linux

I was thinking something kind of stupid like measuring the time to a network connect, but that’s probably a naive approach !

Hi @waxen perch we've replaced ping in the latest nightly build. If you get a chance, give it a try, and let us know how it works for you. https://github.com/NetApp/harvest/releases/tag/nightly

Sure, will check and keep you guys posted.

This feature is also included in latest release https://github.com/NetApp/harvest/releases/tag/v25.08.1
You can upgrade to that.