[Csync2] Errors when running csync2

Dennis Schafroth dennis at schafroth.dk
Tue Oct 5 22:48:27 CEST 2010 

skip the parentheses in the nossl. 

But please understand what I tried to say: 

If your csync2 programs can log those message, you will NEVER get SSL support with them. The support code is not compiled in. 

Your build seems somewhat fishy. Check the config.h for HAVE_LIBGNUTLS defined, if it isnt there, no SSL support. 

So how have you verified that there are SSL support? 

cheers 
:-Dennis 

On 05/10/2010, at 22.33, Christopher J Bidwell wrote:

> Sorry, yes I have verified that they are both compiled with ssl. 
> 
> Not sure how to force "nossl" 
> 
> I get a: 
> [root at glddb-master etc]# csync2 -xvv 
> My hostname is glddb-master. 
> Database-File: /var/lib/csync2/glddb-master.db 
> Config-File:   /etc/csync2.cfg 
> Near line 10: syntax error 
> 
> Where line 10 states:  nossl glddb-master (glddb-slave1); 
> ----------------
> Thank you,
> 
> Chris Bidwell, RHCT
> Red Hat Linux Administrator
> 
> 
> 
> From:	Dennis Schafroth <dennis at schafroth.dk>
> To:	Christopher J Bidwell <cbidwell at usgs.gov>
> Cc:	csync2 at lists.linbit.com
> Date:	10/05/2010 01:47 PM
> Subject:	Re: [Csync2] Errors when running csync2
> 
> 
> 
> 
> Hi, 
> 
> I am not sure I am that helpfull but looking at the code, it simply not possible to get that message with HAVE_LIBGNUTLS enabled. From update.c:   
> 
> #if HAVE_LIBGNUTLS 
>                 conn_printf("SSL\n"); 
> if ( read_conn_status(0, peername) ) { 
>                         csync_debug(1, "SSL command failed.\n"); 
>                         conn_close(); 
>                         return -1; 
>                 } 
>                 conn_activate_ssl(0); 
>                 conn_check_peer_cert(peername, 1); 
> #else 
>                 csync_debug(0, "ERROR: Config request SSL but this csync2 is built without SSL support.\n"); 
>                 csync_error_count++; 
>                 return -1; 
> #endif 
> 
> Similar for the remote in csync2.c which happens on the start: 
> 
> #ifdef HAVE_LIBGNUTLS 
>                         conn_printf("OK (activating_ssl).\n"); 
>                         conn_activate_ssl(1); 
> 
>                         if ( !conn_gets(line, 4096) ) return 0; 
>                         cmd = strtok(line, "\t \r\n"); 
>                         para = cmd ? strtok(0, "\t \r\n") : 0; 
> #else 
>                         conn_printf("This csync2 server is built without SSL support.\n"); 
>                         return 0; 
> #endif 
> 
> Could you be running a different version than you actually is doing your ldd check on? ldd `which csync2` 
> 
> Can you try with 
> 
> nossl  glddb-master glddb-slave1   
> 
> just to check that your config works without SSL ? 
> 
> cheers, 
> :-Dennis 
> 
> On 05/10/2010, at 21.22, Christopher J Bidwell wrote: 
> 
> Just a little bit of insight as to how my setup "should" go. 
> 
> I have a primary webserver that should feed content to four public webservers.   
> 
> My contents of my /etc:  (this is the same on both my master and my slave servers). 
> [@glddb-slave1 etc]# lsl csync2* 
> -rw-r--r-- 1 root root 710 Oct  5  2010 csync2.cfg 
> -rw------- 1 root root  65 Oct  5  2010 csync2.key_ehp 
> -rw-r--r-- 1 root root 774 Oct  5  2010 csync2_ssl_cert.pem 
> -rw-r--r-- 1 root root 887 Oct  5  2010 csync2_ssl_key.pem 
> 
> Here is my configuration file: 
> ------------------------------ 
> # Csync2 Example Configuration File 
> # --------------------------------- 
> # 
> # Please read the documentation: 
> # http://oss.linbit.com/csync2/paper.pdf 
> 
> group mygroup 
> { 
>         host glddb-master (glddb-slave1); 
> 
>         key /etc/csync2.key_ehp; 
> 
>         include /home/www/vhosts/ehp.wr; 
> } 
> -------------------------- 
> I figure just for simplicity I'll remove any other complexities until I can at least get communication to work. 
> 
> I run csync2 -iivvv and I get this: 
> ---------------------------- 
> [glddb-slave1 csync2]# csync2 -iivvv 
> Csync2 daemon running. Waiting for connections. 
> <11462> New connection from 192.168.1.132:43675. 
> Peer> 
> 
> From the master server I type: 
> [root at glddb-master sbin]# csync2 -xvv 
> My hostname is glddb-master. 
> Database-File: /var/lib/csync2/glddb-master.db 
> Config-File:   /etc/csync2.cfg 
> Running recursive check for / ... 
> SQL: SELECT filename from file where filename = '/' or 1 ORDER BY filename 
> SQL Query finished. 
> Checking /* .. 
> Don't check at all: /var 
> Don't check at all: /usr 
> Don't check at all: /tmp 
> Don't check at all: /tftpboot 
> Don't check at all: /sys 
> Don't check at all: /srv 
> Don't check at all: /selinux 
> Don't check at all: /sbin 
> Don't check at all: /root 
> Don't check at all: /proc 
> Don't check at all: /opt 
> Don't check at all: /net 
> Don't check at all: /mnt 
> Don't check at all: /misc 
> Don't check at all: /media 
> Don't check at all: /lost+found 
> Don't check at all: /lib 
> Checking /home/* .. 
> Checking /home/www/* .. 
> Don't check at all: /home/www/ehp.wr 
> Don't check at all: /home/mysql 
> Don't check at all: /etc 
> Don't check at all: /dev 
> Don't check at all: /chroot 
> Don't check at all: /boot 
> Don't check at all: /bin 
> Don't check at all: /.autorelabel 
> Don't check at all: /.autofsck 
> SQL: SELECT peername FROM dirty GROUP BY peername ORDER BY random() 
> SQL Query finished. 
> SQL: SELECT filename, myname, force FROM dirty WHERE peername = 'glddb-slave1' ORDER by filename ASC 
> SQL Query finished. 
> Connecting to host glddb-slave1 (SSL) ... 
> ERROR: Config request SSL but this csync2 is built without SSL support. 
> ERROR: Connection to remote host failed. 
> Host stays in dirty state. Try again later... 
> SQL: SELECT command, logfile FROM action GROUP BY command, logfile 
> SQL Query finished. 
> Finished with 2 errors. 
> ---------------------------------------- 
> I know that slave1 is compiled with SSL: 
> [root at glddb-slave1 sbin]# ldd csync2 
>        linux-gate.so.1 =>  (0x00a5e000) 
>        libgnutls-openssl.so.26 => /usr/lib/libgnutls-openssl.so.26 (0x00e35000) 
>        libsqlite.so.0 => /usr/lib/libsqlite.so.0 (0x009f0000) 
>        libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00183000) 
>        libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x036f0000) 
>        libdl.so.2 => /lib/libdl.so.2 (0x0030a000) 
>        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x009c2000) 
>        libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00110000) 
>        libc.so.6 => /lib/libc.so.6 (0x0030f000) 
>        libz.so.1 => /usr/lib/libz.so.1 (0x00120000) 
>        /lib/ld-linux.so.2 (0x00166000) 
> 
> Not sure what I'm missing. 
> ----------------
> Thank you,
> Chris
> 
> 
> From:	Fabricio Cannini <fcannini at gmail.com>
> To:	csync2 at lists.linbit.com
> Date:	10/05/2010 12:50 PM
> Subject:	Re: [Csync2] Errors when running csync2
> Sent by:	csync2-bounces at lists.linbit.com
> 
> 
> 
> 
> 
> On Tuesday 05 October 2010 14:53:47 you wrote:
> 
> > Also, you should use the same key and ssl cert on both hosts.
> > ( Took me quite a while to figure this one out )
> > 
> > [ ]'s
> 
> > Okay, so each host shouldn't generate its own ssl cert?
> > --------------
> > Thanks,
> 
> i'm using csync2 1.34 in a HPC cluster, and that's how i made it to work;
> Copying the key and ssl cert generated on the head node to all nodes.
> After that, it went fine.
> 
> [ ]'s
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
> 
> 
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/csync2/attachments/20101005/b47d72e5/attachment-0001.htm>

More information about the Csync2 mailing list