[Csync2] Errors when running csync2
Christopher J Bidwell
cbidwell at usgs.gov
Tue Oct 5 23:17:32 CEST 2010
I think I may have gotten things running with the ssl. I removed the parenthesis and ran csync2 -x and got no errors, it added all of my content to the database however did not sync that content. So in testing if I wanted to sync a directory to another server where that space is empty, theoretically it should copy all of that content over?
--------------
Thanks,
Chris Bidwell, RHCT
Web Admin
Geologic Hazards Team
303-273-8642
cbidwell at usgs.gov
(Sent via Crackberry)
----- Original Message -----
From: Dennis Schafroth [dennis at schafroth.dk]
Sent: 10/05/2010 10:48 PM ZE2
To: Christopher Bidwell
Cc: csync2 at lists.linbit.com
Subject: Re: [Csync2] Errors when running csync2
skip the parentheses in the nossl.
But please understand what I tried to say:
If your csync2 programs can log those message, you will NEVER get SSL support with them. The support code is not compiled in.
Your build seems somewhat fishy. Check the config.h for HAVE_LIBGNUTLS defined, if it isnt there, no SSL support.
So how have you verified that there are SSL support?
cheers
:-Dennis
On 05/10/2010, at 22.33, Christopher J Bidwell wrote:
> Sorry, yes I have verified that they are both compiled with ssl.
>
> Not sure how to force "nossl"
>
> I get a:
> [root at glddb-master etc]# csync2 -xvv
> My hostname is glddb-master.
> Database-File: /var/lib/csync2/glddb-master.db
> Config-File: /etc/csync2.cfg
> Near line 10: syntax error
>
> Where line 10 states: nossl glddb-master (glddb-slave1);
> ----------------
> Thank you,
>
> Chris Bidwell, RHCT
> Red Hat Linux Administrator
>
>
>
> From: Dennis Schafroth <dennis at schafroth.dk>
> To: Christopher J Bidwell <cbidwell at usgs.gov>
> Cc: csync2 at lists.linbit.com
> Date: 10/05/2010 01:47 PM
> Subject: Re: [Csync2] Errors when running csync2
>
>
>
>
> Hi,
>
> I am not sure I am that helpfull but looking at the code, it simply not possible to get that message with HAVE_LIBGNUTLS enabled. From update.c:
>
> #if HAVE_LIBGNUTLS
> conn_printf("SSL\n");
> if ( read_conn_status(0, peername) ) {
> csync_debug(1, "SSL command failed.\n");
> conn_close();
> return -1;
> }
> conn_activate_ssl(0);
> conn_check_peer_cert(peername, 1);
> #else
> csync_debug(0, "ERROR: Config request SSL but this csync2 is built without SSL support.\n");
> csync_error_count++;
> return -1;
> #endif
>
> Similar for the remote in csync2.c which happens on the start:
>
> #ifdef HAVE_LIBGNUTLS
> conn_printf("OK (activating_ssl).\n");
> conn_activate_ssl(1);
>
> if ( !conn_gets(line, 4096) ) return 0;
> cmd = strtok(line, "\t \r\n");
> para = cmd ? strtok(0, "\t \r\n") : 0;
> #else
> conn_printf("This csync2 server is built without SSL support.\n");
> return 0;
> #endif
>
> Could you be running a different version than you actually is doing your ldd check on? ldd `which csync2`
>
> Can you try with
>
> nossl glddb-master glddb-slave1
>
> just to check that your config works without SSL ?
>
> cheers,
> :-Dennis
>
> On 05/10/2010, at 21.22, Christopher J Bidwell wrote:
>
> Just a little bit of insight as to how my setup "should" go.
>
> I have a primary webserver that should feed content to four public webservers.
>
> My contents of my /etc: (this is the same on both my master and my slave servers).
> [@glddb-slave1 etc]# lsl csync2*
> -rw-r--r-- 1 root root 710 Oct 5 2010 csync2.cfg
> -rw------- 1 root root 65 Oct 5 2010 csync2.key_ehp
> -rw-r--r-- 1 root root 774 Oct 5 2010 csync2_ssl_cert.pem
> -rw-r--r-- 1 root root 887 Oct 5 2010 csync2_ssl_key.pem
>
> Here is my configuration file:
> ------------------------------
> # Csync2 Example Configuration File
> # ---------------------------------
> #
> # Please read the documentation:
> # http://oss.linbit.com/csync2/paper.pdf
>
> group mygroup
> {
> host glddb-master (glddb-slave1);
>
> key /etc/csync2.key_ehp;
>
> include /home/www/vhosts/ehp.wr;
> }
> --------------------------
> I figure just for simplicity I'll remove any other complexities until I can at least get communication to work.
>
> I run csync2 -iivvv and I get this:
> ----------------------------
> [glddb-slave1 csync2]# csync2 -iivvv
> Csync2 daemon running. Waiting for connections.
> <11462> New connection from 192.168.1.132:43675.
> Peer>
>
> From the master server I type:
> [root at glddb-master sbin]# csync2 -xvv
> My hostname is glddb-master.
> Database-File: /var/lib/csync2/glddb-master.db
> Config-File: /etc/csync2.cfg
> Running recursive check for / ...
> SQL: SELECT filename from file where filename = '/' or 1 ORDER BY filename
> SQL Query finished.
> Checking /* ..
> Don't check at all: /var
> Don't check at all: /usr
> Don't check at all: /tmp
> Don't check at all: /tftpboot
> Don't check at all: /sys
> Don't check at all: /srv
> Don't check at all: /selinux
> Don't check at all: /sbin
> Don't check at all: /root
> Don't check at all: /proc
> Don't check at all: /opt
> Don't check at all: /net
> Don't check at all: /mnt
> Don't check at all: /misc
> Don't check at all: /media
> Don't check at all: /lost+found
> Don't check at all: /lib
> Checking /home/* ..
> Checking /home/www/* ..
> Don't check at all: /home/www/ehp.wr
> Don't check at all: /home/mysql
> Don't check at all: /etc
> Don't check at all: /dev
> Don't check at all: /chroot
> Don't check at all: /boot
> Don't check at all: /bin
> Don't check at all: /.autorelabel
> Don't check at all: /.autofsck
> SQL: SELECT peername FROM dirty GROUP BY peername ORDER BY random()
> SQL Query finished.
> SQL: SELECT filename, myname, force FROM dirty WHERE peername = 'glddb-slave1' ORDER by filename ASC
> SQL Query finished.
> Connecting to host glddb-slave1 (SSL) ...
> ERROR: Config request SSL but this csync2 is built without SSL support.
> ERROR: Connection to remote host failed.
> Host stays in dirty state. Try again later...
> SQL: SELECT command, logfile FROM action GROUP BY command, logfile
> SQL Query finished.
> Finished with 2 errors.
> ----------------------------------------
> I know that slave1 is compiled with SSL:
> [root at glddb-slave1 sbin]# ldd csync2
> linux-gate.so.1 => (0x00a5e000)
> libgnutls-openssl.so.26 => /usr/lib/libgnutls-openssl.so.26 (0x00e35000)
> libsqlite.so.0 => /usr/lib/libsqlite.so.0 (0x009f0000)
> libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00183000)
> libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x036f0000)
> libdl.so.2 => /lib/libdl.so.2 (0x0030a000)
> libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x009c2000)
> libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00110000)
> libc.so.6 => /lib/libc.so.6 (0x0030f000)
> libz.so.1 => /usr/lib/libz.so.1 (0x00120000)
> /lib/ld-linux.so.2 (0x00166000)
>
> Not sure what I'm missing.
> ----------------
> Thank you,
> Chris
>
>
> From: Fabricio Cannini <fcannini at gmail.com>
> To: csync2 at lists.linbit.com
> Date: 10/05/2010 12:50 PM
> Subject: Re: [Csync2] Errors when running csync2
> Sent by: csync2-bounces at lists.linbit.com
>
>
>
>
>
> On Tuesday 05 October 2010 14:53:47 you wrote:
>
> > Also, you should use the same key and ssl cert on both hosts.
> > ( Took me quite a while to figure this one out )
> >
> > [ ]'s
>
> > Okay, so each host shouldn't generate its own ssl cert?
> > --------------
> > Thanks,
>
> i'm using csync2 1.34 in a HPC cluster, and that's how i made it to work;
> Copying the key and ssl cert generated on the head node to all nodes.
> After that, it went fine.
>
> [ ]'s
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
>
>
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/csync2/attachments/20101005/272b375c/attachment-0001.htm>
More information about the Csync2
mailing list