[Csync2] Ubuntu 12.04 csync2 SSL broken?
Alex Zimmerman
azimmerman at everettcc.edu
Sat Dec 5 01:42:57 CET 2015
Hello,
I am in the process of setting up my first csync2 webserver cluster and it
is going pretty well, except I cannot seem to get the servers to
communicate when I enable SSL.
Before filing a bug report, I just want to make sure I am doing everything
correctly.
I am running the latest Ubuntu 12.04 package version of csync2
(1.34-2.2build1).
1. First I install the csync2 package on both servers in the cluster.
Server1# sudo apt-get install csync2
Server2# sudo apt-get install csync2
2. Then I create the certificate file on the primary server.
Server1# sudo openssl genrsa -out /etc/csync2_ssl_key.pem 1024
Server1# sudo openssl req -new -subj '/C=US/ST=Washington/L=Everett' -key
csync2_ssl_key.pem -out csync2_ssl_cert.csr
Server1# sudo openssl x509 -req -days 600 -in csync2_ssl_cert.csr -signkey
csync2_ssl_key.pem -out csync2_ssl_cert.pem
3. After having setup the certificates, I create the csync2 key by
performing the following:
Server1# sudo csync2 -k /etc/csync2_ssl_cert.key
4. Next, I edit the configuration file at /etc/csync2.cfg as follows.
group website {
host Server1;
host Server2;
key /etc/csync2_ssl_cert.key;
include /var/www/;
include /opt/coldfusion10/cfusion/CustomTags;
include /opt/coldfusion10/cfcs;
auto none;
}
5. Two additional host specific configuration files are then required.
/etc/csync2_Server1.cfg:
group server1 {
host Server1;
host (Server2);
key /etc/csync2_ssl_cert.key;
include /var/www/;
include /opt/coldfusion10/cfusion/CustomTags;
include /opt/coldfusion10/cfcs;
auto none;
}
/etc/csync2_Server2.cfg:
group Server2 {
host Server2;
host (Server1);
key /etc/csync2_ssl_cert.key;
include /var/www/;
include /opt/coldfusion10/cfusion/CustomTags;
include /opt/coldfusion10/cfcs;
auto none;
}
6. I copy all the configs and certs the first server to rest of the servers:
Server1# sudo scp /etc/csync2* admin at Server2:/etc/
7. Then I copy the directories I specified in the csync2.cfg over scp so
they are identical before we begin.
8. Once that is done, I try to run a test by running the following commands.
Server2# sudo csync2 -iii -vvvv
Server1# sudo csync2 -T -vvvv
*---------**Screen Output** Server2--------*
Server2# sudo csync2 -iii -vvvv
Csync2 daemon running. Waiting for connections.
<6905> New connection from 192.168.57.13:46993.
Peer> SSL\n
Local> OK (activating_ssl).\n
<6905> Establishing SSL connection failed.
*-------End-------*
*-------Screen Output Server1-------*
Server1# sudo csync2 -T -vvvv
My hostname is Server1.
Database-File: /var/lib/csync2/Server1.db
Config-File: /etc/csync2.cfg
Running in-sync check for Server1 <-> Server2.
Connecting to host Server2 (SSL) ...
Local> SSL\n
Peer> OK (activating_ssl).\n
Establishing SSL connection failed.
*-------End-------*
Like I mentioned earlier, if I remove SSL it starts working fine.
Am I missing a step in my setup? or is there another location or log I
should be looking at?
Any help would be greatly appreciated.
Thank you!
[image: Everett Community College] <http://www.everettcc.edu/>
Alex Zimmerman / Information Technology Specialist III
Web Data & Development Services / Enterprise Services / Information
Security
Direct line:(425) 259-8724 / Help Desk:(425)388 9333
email: azimmerman at everettcc.edu [image: Twitter]
<http://www.twitter.com/liquidspikes> [image: Linkedin]
<http://www.linkedin.com/in/alexzimmerman/>
*How did I do? Please take a minute to help us improve our IT service by
completing the *
*IT Feedback Survey. <http://goo.gl/J3nGC> (http://goo.gl/J3nGC
<http://goo.gl/J3nGC>)*
*Thank you!*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/csync2/attachments/20151204/bb6d2376/attachment.htm>
More information about the Csync2
mailing list