<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><br></div><div>skip the parentheses in the nossl. </div><div><br></div><div>But please understand what I tried to say: </div><div><br></div><div>If your csync2 programs can log those message, you will NEVER get SSL support with them. The support code is not compiled in. </div><div><br></div><div>Your build seems somewhat fishy. Check the config.h for HAVE_LIBGNUTLS defined, if it isnt there, no SSL support. </div><div><br></div><div>So how have you verified that there are SSL support? </div><div><br></div><div>cheers </div><div>:-Dennis </div><br><div><div>On 05/10/2010, at 22.33, Christopher J Bidwell wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><font size="2" face="sans-serif">Sorry, yes I have verified that they are
both compiled with ssl.</font>
<br>
<br><font size="2" face="sans-serif">Not sure how to force "nossl"</font>
<br>
<br><font size="2" face="sans-serif">I get a:</font>
<br><font size="2" face="sans-serif">[root@glddb-master etc]# csync2 -xvv</font>
<br><font size="2" face="sans-serif">My hostname is glddb-master.</font>
<br><font size="2" face="sans-serif">Database-File: /var/lib/csync2/glddb-master.db</font>
<br><font size="2" face="sans-serif">Config-File: /etc/csync2.cfg</font>
<br><font size="2" face="sans-serif">Near line 10: syntax error</font>
<br>
<br><font size="2" face="sans-serif">Where line 10 states: nossl glddb-master
(glddb-slave1);</font>
<br><font size="2" face="sans-serif">----------------<br>
Thank you,<br>
<br>
Chris Bidwell, RHCT<br>
Red Hat Linux Administrator<br>
</font>
<br>
<br>
<br>
<table width="100%">
<tbody><tr valign="top">
<td><font size="1" color="#5f5f5f" face="sans-serif">From:</font>
</td><td><font size="1" face="sans-serif">Dennis Schafroth <<a href="mailto:dennis@schafroth.dk">dennis@schafroth.dk</a>></font>
</td></tr><tr valign="top">
<td><font size="1" color="#5f5f5f" face="sans-serif">To:</font>
</td><td><font size="1" face="sans-serif">Christopher J Bidwell <<a href="mailto:cbidwell@usgs.gov">cbidwell@usgs.gov</a>></font>
</td></tr><tr>
<td valign="top"><font size="1" color="#5f5f5f" face="sans-serif">Cc:</font>
</td><td><font size="1" face="sans-serif"><a href="mailto:csync2@lists.linbit.com">csync2@lists.linbit.com</a></font>
</td></tr><tr valign="top">
<td><font size="1" color="#5f5f5f" face="sans-serif">Date:</font>
</td><td><font size="1" face="sans-serif">10/05/2010 01:47 PM</font>
</td></tr><tr valign="top">
<td><font size="1" color="#5f5f5f" face="sans-serif">Subject:</font>
</td><td><font size="1" face="sans-serif">Re: [Csync2] Errors when running csync2</font></td></tr></tbody></table>
<br>
<hr noshade="">
<br>
<br>
<br><font size="3">Hi, </font>
<br>
<br><font size="3">I am not sure I am that helpfull but looking at the code,
it simply not possible to get that message with HAVE_LIBGNUTLS enabled.
From update.c: </font>
<br>
<br><font size="3">#if HAVE_LIBGNUTLS</font>
<br><font size="3">
conn_printf("SSL\n");</font>
<br><font size="3">if ( read_conn_status(0, peername) ) {</font>
<br><font size="3">
csync_debug(1, "SSL command failed.\n");</font>
<br><font size="3">
conn_close();</font>
<br><font size="3">
return -1;</font>
<br><font size="3">
}</font>
<br><font size="3">
conn_activate_ssl(0);</font>
<br><font size="3">
conn_check_peer_cert(peername, 1);</font>
<br><font size="3">#else</font>
<br><font size="3">
csync_debug(0, "ERROR: Config request SSL but this csync2 is built
without SSL support.\n");</font>
<br><font size="3">
csync_error_count++;</font>
<br><font size="3">
return -1;</font>
<br><font size="3">#endif</font>
<br>
<br><font size="3">Similar for the remote in csync2.c which happens on the
start: </font>
<br>
<br><font size="3">#ifdef HAVE_LIBGNUTLS</font>
<br><font size="3">
conn_printf("OK (activating_ssl).\n");</font>
<br><font size="3">
conn_activate_ssl(1);</font>
<br>
<br><font size="3">
if ( !conn_gets(line, 4096) ) return 0;</font>
<br><font size="3">
cmd = strtok(line, "\t \r\n");</font>
<br><font size="3">
para = cmd ? strtok(0, "\t \r\n")
: 0;</font>
<br><font size="3">#else</font>
<br><font size="3">
conn_printf("This csync2 server is built
without SSL support.\n");</font>
<br><font size="3">
return 0;</font>
<br><font size="3">#endif</font>
<br>
<br><font size="3">Could you be running a different version than you actually
is doing your ldd check on? ldd `which csync2` </font>
<br>
<br><font size="3">Can you try with</font>
<br>
<br><font size="3">nossl </font><font size="2"> </font><font size="3">glddb-master
glddb-slave1</font><font size="2"> </font>
<br>
<br><font size="3">just to check that your config works without SSL ?</font>
<br>
<br><font size="3">cheers, </font>
<br><font size="3">:-Dennis </font>
<br>
<br><font size="3">On 05/10/2010, at 21.22, Christopher J Bidwell wrote:</font>
<br>
<br><font size="2" face="sans-serif">Just a little bit of insight as to how
my setup "should" go. </font><font size="3"><br>
</font><font size="2" face="sans-serif"><br>
I have a primary webserver that should feed content to four public webservers.
</font><font size="3"> <br>
</font><font size="2" face="sans-serif"><br>
My contents of my /etc: (this is the same on both my master and my
slave servers).</font><font size="3"> </font><font size="2" face="sans-serif"><br>
[@glddb-slave1 etc]# lsl csync2*</font><font size="3"> </font><font size="2" face="sans-serif"><br>
-rw-r--r-- 1 root root 710 Oct 5 2010 csync2.cfg</font><font size="3">
</font><font size="2" face="sans-serif"><br>
-rw------- 1 root root 65 Oct 5 2010 csync2.key_ehp</font><font size="3">
</font><font size="2" face="sans-serif"><br>
-rw-r--r-- 1 root root 774 Oct 5 2010 csync2_ssl_cert.pem</font><font size="3">
</font><font size="2" face="sans-serif"><br>
-rw-r--r-- 1 root root 887 Oct 5 2010 csync2_ssl_key.pem</font><font size="3">
<br>
</font><font size="2" face="sans-serif"><br>
Here is my configuration file:</font><font size="3"> </font><font size="2" face="sans-serif"><br>
------------------------------</font><font size="3"> </font><font size="2" face="sans-serif"><br>
# Csync2 Example Configuration File</font><font size="3"> </font><font size="2" face="sans-serif"><br>
# ---------------------------------</font><font size="3"> </font><font size="2" face="sans-serif"><br>
#</font><font size="3"> </font><font size="2" face="sans-serif"><br>
# Please read the documentation:</font><font size="3"> </font><font size="2" face="sans-serif"><br>
# </font><a href="http://oss.linbit.com/csync2/paper.pdf"><font size="2" color="blue" face="sans-serif"><u>http://oss.linbit.com/csync2/paper.pdf</u></font></a><font size="3">
<br>
</font><font size="2" face="sans-serif"><br>
group mygroup</font><font size="3"> </font><font size="2" face="sans-serif"><br>
{</font><font size="3"> </font><font size="2" face="sans-serif"><br>
host glddb-master (glddb-slave1);</font><font size="3">
<br>
</font><font size="2" face="sans-serif"><br>
key /etc/csync2.key_ehp;</font><font size="3">
<br>
</font><font size="2" face="sans-serif"><br>
include /home/www/vhosts/ehp.wr;</font><font size="3">
</font><font size="2" face="sans-serif"><br>
}</font><font size="3"> </font><font size="2" face="sans-serif"><br>
--------------------------</font><font size="3"> </font><font size="2" face="sans-serif"><br>
I figure just for simplicity I'll remove any other complexities until I
can at least get communication to work.</font><font size="3"> <br>
</font><font size="2" face="sans-serif"><br>
I run csync2 -iivvv and I get this:</font><font size="3"> </font><font size="2" face="sans-serif"><br>
----------------------------</font><font size="3"> </font><font size="2" face="sans-serif"><br>
[glddb-slave1 csync2]# csync2 -iivvv</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Csync2 daemon running. Waiting for connections.</font><font size="3"> </font><font size="2" face="sans-serif"><br>
<11462> New connection from 192.168.1.132:43675.</font><font size="3">
</font><font size="2" face="sans-serif"><br>
Peer> </font><font size="3"><br>
</font><font size="2" face="sans-serif"><br>
From the master server I type:</font><font size="3"> </font><font size="2" face="sans-serif"><br>
[root@glddb-master sbin]#<b> csync2 -xvv</b></font><font size="3"> </font><font size="2" face="sans-serif"><br>
My hostname is glddb-master.</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Database-File: /var/lib/csync2/glddb-master.db</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Config-File: /etc/csync2.cfg</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Running recursive check for / ...</font><font size="3"> </font><font size="2" face="sans-serif"><br>
SQL: SELECT filename from file where filename = '/' or 1 ORDER BY filename</font><font size="3">
</font><font size="2" face="sans-serif"><br>
SQL Query finished.</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Checking /* ..</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /var</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /usr</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /tmp</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /tftpboot</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /sys</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /srv</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /selinux</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /sbin</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /root</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /proc</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /opt</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /net</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /mnt</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /misc</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /media</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /lost+found</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /lib</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Checking /home/* ..</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Checking /home/www/* ..</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /home/www/ehp.wr</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /home/mysql</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /etc</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /dev</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /chroot</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /boot</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /bin</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /.autorelabel</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Don't check at all: /.autofsck</font><font size="3"> </font><font size="2" face="sans-serif"><br>
SQL: SELECT peername FROM dirty GROUP BY peername ORDER BY random()</font><font size="3">
</font><font size="2" face="sans-serif"><br>
SQL Query finished.</font><font size="3"> </font><font size="2" face="sans-serif"><br>
SQL: SELECT filename, myname, force FROM dirty WHERE peername = 'glddb-slave1'
ORDER by filename ASC</font><font size="3"> </font><font size="2" face="sans-serif"><br>
SQL Query finished.</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Connecting to host glddb-slave1 (SSL) ...</font><font size="3"> </font><font size="2" face="sans-serif"><b><br>
ERROR: Config request SSL but this csync2 is built without SSL support.</b></font><font size="3">
</font><font size="2" face="sans-serif"><br>
ERROR: Connection to remote host failed.</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Host stays in dirty state. Try again later...</font><font size="3"> </font><font size="2" face="sans-serif"><br>
SQL: SELECT command, logfile FROM action GROUP BY command, logfile</font><font size="3">
</font><font size="2" face="sans-serif"><br>
SQL Query finished.</font><font size="3"> </font><font size="2" face="sans-serif"><br>
Finished with 2 errors.</font><font size="3"> </font><font size="2" face="sans-serif"><br>
----------------------------------------</font><font size="3"> </font><font size="2" face="sans-serif"><br>
I know that slave1 is compiled with SSL:</font><font size="3"> </font><font size="2" face="sans-serif"><br>
[root@glddb-slave1 sbin]# ldd csync2</font><font size="3"> </font><font size="2" face="sans-serif"><br>
linux-gate.so.1 => (0x00a5e000)</font><font size="3">
</font><font size="2" face="sans-serif"><br>
libgnutls-openssl.so.26 => /usr/lib/libgnutls-openssl.so.26
(0x00e35000)</font><font size="3"> </font><font size="2" face="sans-serif"><br>
libsqlite.so.0 => /usr/lib/libsqlite.so.0
(0x009f0000)</font><font size="3"> </font><font size="2" face="sans-serif"><br>
libgnutls.so.26 => /usr/lib/libgnutls.so.26
(0x00183000)</font><font size="3"> </font><font size="2" face="sans-serif"><br>
libgcrypt.so.11 => /usr/lib/libgcrypt.so.11
(0x036f0000)</font><font size="3"> </font><font size="2" face="sans-serif"><br>
libdl.so.2 => /lib/libdl.so.2 (0x0030a000)</font><font size="3">
</font><font size="2" face="sans-serif"><br>
libgpg-error.so.0 => /usr/lib/libgpg-error.so.0
(0x009c2000)</font><font size="3"> </font><font size="2" face="sans-serif"><br>
libtasn1.so.3 => /usr/lib/libtasn1.so.3
(0x00110000)</font><font size="3"> </font><font size="2" face="sans-serif"><br>
libc.so.6 => /lib/libc.so.6 (0x0030f000)</font><font size="3">
</font><font size="2" face="sans-serif"><br>
libz.so.1 => /usr/lib/libz.so.1 (0x00120000)</font><font size="3">
</font><font size="2" face="sans-serif"><br>
/lib/ld-linux.so.2 (0x00166000)</font><font size="3">
<br>
</font><font size="2" face="sans-serif"><br>
Not sure what I'm missing.</font><font size="3"> </font><font size="2" face="sans-serif"><br>
----------------<br>
Thank you,<br>
Chris</font><font size="3"><br>
<br>
<br>
</font>
<table width="100%">
<tbody><tr valign="top">
<td width="18%"><font size="1" color="#5f5f5f" face="sans-serif">From:</font><font size="3">
</font>
</td><td width="81%"><font size="1" face="sans-serif">Fabricio Cannini <</font><a href="mailto:fcannini@gmail.com"><font size="1" color="blue" face="sans-serif"><u>fcannini@gmail.com</u></font></a><font size="1" face="sans-serif">></font><font size="3">
</font>
</td></tr><tr valign="top">
<td><font size="1" color="#5f5f5f" face="sans-serif">To:</font><font size="3">
</font>
</td><td><a href="mailto:csync2@lists.linbit.com"><font size="1" color="blue" face="sans-serif"><u>csync2@lists.linbit.com</u></font></a><font size="3">
</font>
</td></tr><tr valign="top">
<td><font size="1" color="#5f5f5f" face="sans-serif">Date:</font><font size="3">
</font>
</td><td><font size="1" face="sans-serif">10/05/2010 12:50 PM</font><font size="3">
</font>
</td></tr><tr valign="top">
<td><font size="1" color="#5f5f5f" face="sans-serif">Subject:</font><font size="3">
</font>
</td><td><font size="1" face="sans-serif">Re: [Csync2] Errors when running csync2</font><font size="3">
</font>
</td></tr><tr valign="top">
<td><font size="1" color="#5f5f5f" face="sans-serif">Sent by:</font><font size="3">
</font>
</td><td><a href="mailto:csync2-bounces@lists.linbit.com"><font size="1" color="blue" face="sans-serif"><u>csync2-bounces@lists.linbit.com</u></font></a></td></tr></tbody></table>
<br><font size="3"><br>
</font>
<hr noshade=""><font size="3"><br>
<br>
</font><tt><font size="2"><br>
On Tuesday 05 October 2010 14:53:47 you wrote:<br>
<br>
> Also, you should use the same key and ssl cert on both hosts.<br>
> ( Took me quite a while to figure this one out )<br>
> <br>
> [ ]'s<br>
<br>
> Okay, so each host shouldn't generate its own ssl cert?<br>
> --------------<br>
> Thanks,<br>
<br>
i'm using csync2 1.34 in a HPC cluster, and that's how i made it to work;<br>
Copying the key and ssl cert generated on the head node to all nodes.<br>
After that, it went fine.<br>
<br>
[ ]'s<br>
_______________________________________________<br>
Csync2 mailing list</font></tt><tt><font size="2" color="blue"><u><br>
</u></font></tt><a href="mailto:Csync2@lists.linbit.com"><tt><font size="2" color="blue"><u>Csync2@lists.linbit.com</u></font></tt></a><font size="3" color="blue"><u><br>
</u></font><a href="http://lists.linbit.com/mailman/listinfo/csync2"><tt><font size="2" color="blue"><u>http://lists.linbit.com/mailman/listinfo/csync2</u></font></tt></a><font size="3"><br>
<br>
<br>
_______________________________________________<br>
Csync2 mailing list</font><font size="3" color="blue"><u><br>
</u></font><a href="mailto:Csync2@lists.linbit.com"><font size="3" color="blue"><u>Csync2@lists.linbit.com</u></font></a><font size="3"><br>
</font><a href="http://lists.linbit.com/mailman/listinfo/csync2"><font size="3">http://lists.linbit.com/mailman/listinfo/csync2</font></a>
<br>
<br>
<br></blockquote></div><br></body></html>