[Csync2] Ubuntu 12.04 csync2 SSL broken?

Alex Zimmerman azimmerman at everettcc.edu
Sat Dec 12 01:46:59 CET 2015 

Awesome this worked great!

Thank you!


*Alex Zimmerman* / Information Technology Specialist IV

*Web Data & Development Services / Enterprise Services / Information
Security*[image: Twitter] <http://www.twitter.com/liquidspikes>  [image:
Linkedin] <http://www.linkedin.com/in/alexzimmerman/>
------------------------------


*Direct line: (425)259-8724 <4252598724>IT HelpDesk: (425)388-9333
<4253889333>Email: azimmerman at everettcc.edu <azimmerman at everettcc.edu>*

*How did I do?*
Please take a minute to help us improve by completing the IT Feedback
Survey. (http://goo.gl/J3nGC) Thank you![image: Everett CC logo]
<http://www.everettcc.edu>


On Mon, Dec 7, 2015 at 3:08 AM, Rabin Yasharzadehe <rabin at isoc.org.il>
wrote:

> I had this problem, there is a bug with openssl when using CN, skip this
> part when creating the csr file.
>
>    - see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501289
>
>
>
>
> --
> Rabin
>
> On Sat, Dec 5, 2015 at 2:42 AM, Alex Zimmerman <azimmerman at everettcc.edu>
> wrote:
>
>> Hello,
>>
>> I am in the process of setting up my first csync2 webserver cluster and
>> it is going pretty well, except I cannot seem to get the servers to
>> communicate when I enable SSL.
>>
>> Before filing a bug report, I just want to make sure I am doing
>> everything correctly.
>> I am running the latest Ubuntu 12.04 package version of csync2
>> (1.34-2.2build1).
>>
>> 1. First I install the csync2 package on both servers in the cluster.
>>
>> Server1# sudo apt-get install csync2
>> Server2# sudo apt-get install csync2
>>
>> 2. Then I create the certificate file on the primary server.
>>
>> Server1# sudo openssl genrsa -out /etc/csync2_ssl_key.pem 1024
>>
>> Server1# sudo openssl req -new -subj '/C=US/ST=Washington/L=Everett' -key
>> csync2_ssl_key.pem -out csync2_ssl_cert.csr
>>
>> Server1# sudo openssl x509 -req -days 600 -in csync2_ssl_cert.csr
>> -signkey csync2_ssl_key.pem -out csync2_ssl_cert.pem
>>
>> 3. After having setup the certificates, I create the csync2 key by
>> performing the following:
>>
>> Server1# sudo csync2 -k /etc/csync2_ssl_cert.key
>>
>> 4. Next, I edit the configuration file at /etc/csync2.cfg as follows.
>>
>> group website {
>> host Server1;
>> host Server2;
>>  key /etc/csync2_ssl_cert.key;
>>  include /var/www/;
>>  include /opt/coldfusion10/cfusion/CustomTags;
>>  include /opt/coldfusion10/cfcs;
>>  auto none;
>> }
>>
>> 5. Two additional host specific configuration files are then required.
>>
>> /etc/csync2_Server1.cfg:
>>
>> group server1 {
>>   host Server1;
>>   host (Server2);
>>   key /etc/csync2_ssl_cert.key;
>>   include /var/www/;
>>   include /opt/coldfusion10/cfusion/CustomTags;
>>   include /opt/coldfusion10/cfcs;
>>   auto none;
>> }
>>
>> /etc/csync2_Server2.cfg:
>>
>> group Server2 {
>>   host Server2;
>>   host (Server1);
>>   key /etc/csync2_ssl_cert.key;
>>   include /var/www/;
>>   include /opt/coldfusion10/cfusion/CustomTags;
>>   include /opt/coldfusion10/cfcs;
>>   auto none;
>> }
>>
>> 6. I copy all the configs and certs the first server to rest of the
>> servers:
>>
>> Server1# sudo scp /etc/csync2* admin at Server2:/etc/
>>
>> 7. Then I copy the directories I specified in the csync2.cfg over scp so
>> they are identical before we begin.
>>
>> 8. Once that is done, I try to run a test by running the following
>> commands.
>>
>> Server2# sudo csync2 -iii -vvvv
>> Server1# sudo csync2 -T -vvvv
>>
>> *---------**Screen Output** Server2--------*
>> Server2# sudo csync2 -iii -vvvv
>> Csync2 daemon running. Waiting for connections.
>> <6905> New connection from 192.168.57.13:46993.
>> Peer> SSL\n
>> Local> OK (activating_ssl).\n
>> <6905> Establishing SSL connection failed.
>> *-------End-------*
>>
>> *-------Screen Output Server1-------*
>> Server1# sudo csync2 -T -vvvv
>> My hostname is Server1.
>> Database-File: /var/lib/csync2/Server1.db
>> Config-File:   /etc/csync2.cfg
>> Running in-sync check for Server1 <-> Server2.
>> Connecting to host Server2 (SSL) ...
>> Local> SSL\n
>> Peer> OK (activating_ssl).\n
>> Establishing SSL connection failed.
>> *-------End-------*
>>
>> Like I mentioned earlier, if I remove SSL it starts working fine.
>> Am I missing a step in my setup? or is there another location or log I
>> should be looking at?
>>
>> Any help would be greatly appreciated.
>>
>> Thank you!
>>
>> [image: Everett Community College] <http://www.everettcc.edu/>
>> Alex Zimmerman / Information Technology Specialist III
>> Web Data & Development Services / Enterprise Services / Information
>> Security
>> Direct line:(425) 259-8724 / Help Desk:(425)388 9333
>> email: azimmerman at everettcc.edu  [image: Twitter]
>> <http://www.twitter.com/liquidspikes>  [image: Linkedin]
>> <http://www.linkedin.com/in/alexzimmerman/>
>> *How did I do? Please take a minute to help us improve our IT service by
>> completing the *
>> *IT Feedback Survey. <http://goo.gl/J3nGC> (http://goo.gl/J3nGC
>> <http://goo.gl/J3nGC>)*
>> *Thank you!*
>>
>> _______________________________________________
>> Csync2 mailing list
>> Csync2 at lists.linbit.com
>> http://lists.linbit.com/mailman/listinfo/csync2
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/csync2/attachments/20151211/18bcd233/attachment.htm>

More information about the Csync2 mailing list