[Csync2] ERROR from peer http0: Identification failed!
Lars Ellenberg
lars.ellenberg at linbit.com
Wed Feb 2 17:22:24 CET 2011
On Wed, Feb 02, 2011 at 02:50:13PM +0000, Alex Cartwright wrote:
> If by 'ok' you mean the same content on each host, yes. However I have
> just tried something because the /etc/hosts file on the new firewall
> was slightly different. Essentially this server has 2 IP addresses, an
> external IP address and then an RFC1918 address (all the other servers
> also have an RFC1918 address behind this server). I have managed to
> fix my issue by simply adding in the line '192.168.0.254 fw0' to
> /etc/hosts. This is what it now looks like:
>
> $ cat /etc/hosts
> 127.0.0.1 localhost
> 77.107.82.34 fw0.rrltd.net fw0
>
> # Firewall, again
> 192.168.0.254 fw0
>
> # load balancers
> 192.168.0.1 lb0
>
> # HTTP
> 192.168.0.2 http0
>
> # NAS
> 192.168.0.3 nas0
>
> So while now I do have 2 entries for fw0, it has resolved the issue.
> Why I do not know, and I'm not quite sure why csync2 even cares about
> that, but it fixed it.
csync2 does a TCP connect to its respective peer, then they both
introduce themselves to each other on that channel, using their
hostnames.
Both then do a forward lookup of that hostname, and if that does not
resolve to the respective remote ip address, that is rejected.
We do that to avoid accidentally syncing with the wrong peer
and causing, ahum, major inconvenience.
Depending on your setup, forward lookup usually involves looking
at /etc/hosts, so that's why this influences csync2 "authentication".
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
More information about the Csync2
mailing list