[Csync2] Errors when running csync2
Dennis Schafroth
dennis at schafroth.dk
Tue Oct 5 21:47:50 CEST 2010
Hi,
I am not sure I am that helpfull but looking at the code, it simply not possible to get that message with HAVE_LIBGNUTLS enabled. From update.c:
#if HAVE_LIBGNUTLS
conn_printf("SSL\n");
if ( read_conn_status(0, peername) ) {
csync_debug(1, "SSL command failed.\n");
conn_close();
return -1;
}
conn_activate_ssl(0);
conn_check_peer_cert(peername, 1);
#else
csync_debug(0, "ERROR: Config request SSL but this csync2 is built without SSL support.\n");
csync_error_count++;
return -1;
#endif
Similar for the remote in csync2.c which happens on the start:
#ifdef HAVE_LIBGNUTLS
conn_printf("OK (activating_ssl).\n");
conn_activate_ssl(1);
if ( !conn_gets(line, 4096) ) return 0;
cmd = strtok(line, "\t \r\n");
para = cmd ? strtok(0, "\t \r\n") : 0;
#else
conn_printf("This csync2 server is built without SSL support.\n");
return 0;
#endif
Could you be running a different version than you actually is doing your ldd check on? ldd `which csync2`
Can you try with
nossl glddb-master glddb-slave1
just to check that your config works without SSL ?
cheers,
:-Dennis
On 05/10/2010, at 21.22, Christopher J Bidwell wrote:
> Just a little bit of insight as to how my setup "should" go.
>
> I have a primary webserver that should feed content to four public webservers.
>
> My contents of my /etc: (this is the same on both my master and my slave servers).
> [@glddb-slave1 etc]# lsl csync2*
> -rw-r--r-- 1 root root 710 Oct 5 2010 csync2.cfg
> -rw------- 1 root root 65 Oct 5 2010 csync2.key_ehp
> -rw-r--r-- 1 root root 774 Oct 5 2010 csync2_ssl_cert.pem
> -rw-r--r-- 1 root root 887 Oct 5 2010 csync2_ssl_key.pem
>
> Here is my configuration file:
> ------------------------------
> # Csync2 Example Configuration File
> # ---------------------------------
> #
> # Please read the documentation:
> # http://oss.linbit.com/csync2/paper.pdf
>
> group mygroup
> {
> host glddb-master (glddb-slave1);
>
> key /etc/csync2.key_ehp;
>
> include /home/www/vhosts/ehp.wr;
> }
> --------------------------
> I figure just for simplicity I'll remove any other complexities until I can at least get communication to work.
>
> I run csync2 -iivvv and I get this:
> ----------------------------
> [glddb-slave1 csync2]# csync2 -iivvv
> Csync2 daemon running. Waiting for connections.
> <11462> New connection from 192.168.1.132:43675.
> Peer>
>
> From the master server I type:
> [root at glddb-master sbin]# csync2 -xvv
> My hostname is glddb-master.
> Database-File: /var/lib/csync2/glddb-master.db
> Config-File: /etc/csync2.cfg
> Running recursive check for / ...
> SQL: SELECT filename from file where filename = '/' or 1 ORDER BY filename
> SQL Query finished.
> Checking /* ..
> Don't check at all: /var
> Don't check at all: /usr
> Don't check at all: /tmp
> Don't check at all: /tftpboot
> Don't check at all: /sys
> Don't check at all: /srv
> Don't check at all: /selinux
> Don't check at all: /sbin
> Don't check at all: /root
> Don't check at all: /proc
> Don't check at all: /opt
> Don't check at all: /net
> Don't check at all: /mnt
> Don't check at all: /misc
> Don't check at all: /media
> Don't check at all: /lost+found
> Don't check at all: /lib
> Checking /home/* ..
> Checking /home/www/* ..
> Don't check at all: /home/www/ehp.wr
> Don't check at all: /home/mysql
> Don't check at all: /etc
> Don't check at all: /dev
> Don't check at all: /chroot
> Don't check at all: /boot
> Don't check at all: /bin
> Don't check at all: /.autorelabel
> Don't check at all: /.autofsck
> SQL: SELECT peername FROM dirty GROUP BY peername ORDER BY random()
> SQL Query finished.
> SQL: SELECT filename, myname, force FROM dirty WHERE peername = 'glddb-slave1' ORDER by filename ASC
> SQL Query finished.
> Connecting to host glddb-slave1 (SSL) ...
> ERROR: Config request SSL but this csync2 is built without SSL support.
> ERROR: Connection to remote host failed.
> Host stays in dirty state. Try again later...
> SQL: SELECT command, logfile FROM action GROUP BY command, logfile
> SQL Query finished.
> Finished with 2 errors.
> ----------------------------------------
> I know that slave1 is compiled with SSL:
> [root at glddb-slave1 sbin]# ldd csync2
> linux-gate.so.1 => (0x00a5e000)
> libgnutls-openssl.so.26 => /usr/lib/libgnutls-openssl.so.26 (0x00e35000)
> libsqlite.so.0 => /usr/lib/libsqlite.so.0 (0x009f0000)
> libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00183000)
> libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x036f0000)
> libdl.so.2 => /lib/libdl.so.2 (0x0030a000)
> libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x009c2000)
> libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00110000)
> libc.so.6 => /lib/libc.so.6 (0x0030f000)
> libz.so.1 => /usr/lib/libz.so.1 (0x00120000)
> /lib/ld-linux.so.2 (0x00166000)
>
> Not sure what I'm missing.
> ----------------
> Thank you,
> Chris
>
>
>
> From: Fabricio Cannini <fcannini at gmail.com>
> To: csync2 at lists.linbit.com
> Date: 10/05/2010 12:50 PM
> Subject: Re: [Csync2] Errors when running csync2
> Sent by: csync2-bounces at lists.linbit.com
>
>
>
>
> On Tuesday 05 October 2010 14:53:47 you wrote:
>
> > Also, you should use the same key and ssl cert on both hosts.
> > ( Took me quite a while to figure this one out )
> >
> > [ ]'s
>
> > Okay, so each host shouldn't generate its own ssl cert?
> > --------------
> > Thanks,
>
> i'm using csync2 1.34 in a HPC cluster, and that's how i made it to work;
> Copying the key and ssl cert generated on the head node to all nodes.
> After that, it went fine.
>
> [ ]'s
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
>
>
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/csync2/attachments/20101005/9763037c/attachment-0001.htm>
More information about the Csync2
mailing list