Re: [Linux-HA] quorumd: Problem with certificates
Did you use the correct cn (certificate attribute cn must be equal to the cluster name)? If you use the cluster name mycluster and your quorum server could be reached with a special name (dont remeber it know, but you can strace it easyly) you can also use quorumdtest as a clien test program to validate the tsl communication. Best regards Fabian Michael Schwartzkopff schrieb: Hi, I tried to set up a quorumd according to: http://www.linux-ha.org/QuorumServerGuide But all the quorumd keeps telling me (in the logfiles is): quorumd: [3019]: WARN: handshake failed quorumd: [3019]: ERROR: on_listen tls handshake failed I tried to create the certificates with certool several times, also tried to create it with tinyca. No success. Any hint what I am doing wrong? Are there sample certificates to use? Thanks for any hint in the right direction. ___ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
Re: [Linux-HA] quorumd: Problem with certificates
Am Donnerstag, 7. Februar 2008 10:47 schrieb [EMAIL PROTECTED]: Did you use the correct cn (certificate attribute cn must be equal to the cluster name)? If you use the cluster name mycluster and your quorum server could be reached with a special name (dont remeber it know, but you can strace it easyly) you can also use quorumdtest as a clien test program to validate the tsl communication. Best regards Fabian Well, xen02:~# /usr/lib/heartbeat/quorumdtest Segmentation fault -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [EMAIL PROTECTED] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 ___ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
Re: [Linux-HA] quorumd: Problem with certificates
Hi, On Thu, Feb 07, 2008 at 12:33:58PM +0100, Michael Schwartzkopff wrote: Am Donnerstag, 7. Februar 2008 10:47 schrieb [EMAIL PROTECTED]: Did you use the correct cn (certificate attribute cn must be equal to the cluster name)? If you use the cluster name mycluster and your quorum server could be reached with a special name (dont remeber it know, but you can strace it easyly) you can also use quorumdtest as a clien test program to validate the tsl communication. Best regards Fabian Well, xen02:~# /usr/lib/heartbeat/quorumdtest Segmentation fault Can you provide a backtrace. Thanks, Dejan -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [EMAIL PROTECTED] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht M?nchen HRB 114375 Gesch?ftsf?hrer: G?nter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 ___ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems ___ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
Re: [Linux-HA] quorumd: Problem with certificates
Am Donnerstag, 7. Februar 2008 13:03 schrieb Dejan Muhamedagic: Well, xen02:~# /usr/lib/heartbeat/quorumdtest Segmentation fault Can you provide a backtrace. Hi, I don't know if this help you but here is the bt from gdb: xen02:~# cat backtrace.log #0 0x0804902a in ?? () #1 0x08049661 in _IO_stdin_used () #2 0x0001 in ?? () #3 0x0006 in ?? () #4 0x0001 in ?? () #5 0x in ?? () Please instuct me how I can help you further. Please also see Bug 1829. Perhaps communication should ge on there. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [EMAIL PROTECTED] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 ___ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
Re: [Linux-HA] quorumd: Problem with certificates
Hi, On Sat, Feb 02, 2008 at 09:09:41PM +0100, Michael Schwartzkopff wrote: Am Samstag, 2. Februar 2008 14:16 schrieb Michael Schwartzkopff: Hi, I tried to set up a quorumd according to: http://www.linux-ha.org/QuorumServerGuide But all the quorumd keeps telling me (in the logfiles is): quorumd: [3019]: WARN: handshake failed quorumd: [3019]: ERROR: on_listen tls handshake failed I tried to create the certificates with certool several times, also tried to create it with tinyca. No success. Any hint what I am doing wrong? Are there sample certificates to use? Thanks for any hint in the right direction. Hi, I found the thread from May 9th of this list. Somebody having the same problems. I used the sample certificates of that post, but still no success. Strange! You can test the TLS communication using the openssl tools (openssl s_client/s_server). They should tell you what's wrong. One typical problem is name resolution, i.e. the parties communicating have to resolve to exactly the names in the certificates (reverse name resolution). Thanks, Dejan What I did: 1) ca-cert.pem, server-cert.pem and server-key.pem to quorum server. No crl was included in the samples. 2) quorumd.conf of the quorum server cluster MyCluster version 2_0_8 interval1000 timeout 5000 takeover3000 giveup 2000 nodenum 3 weight 300 3) on the quorum server: /usr/lib/heartbeat/quorumd 4) ca-cert.prm, client-cert.prm adn client-key.pem to node1 added the following lines to ha.cf: cluster MyCluster quorum_server quorumsrv 5) on the node: export ha_quorum=quorumd /usr/lib/heartbeat/heartbeat After 30 sec I get the ERROR message in the log file on the quorum server about TLS handshake. Any idea what I did wrong? -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [EMAIL PROTECTED] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht M?nchen HRB 114375 Gesch?ftsf?hrer: G?nter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 ___ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems ___ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
Re: [Linux-HA] quorumd: Problem with certificates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Schwartzkopff wrote: Hi, I tried to set up a quorumd according to: http://www.linux-ha.org/QuorumServerGuide But all the quorumd keeps telling me (in the logfiles is): quorumd: [3019]: WARN: handshake failed quorumd: [3019]: ERROR: on_listen tls handshake failed I tried to create the certificates with certool several times, also tried to create it with tinyca. No success. Any hint what I am doing wrong? Are there sample certificates to use? Thanks for any hint in the right direction. a really nice set of shell scripts created by the makers of openvpn is what i recommend. grab the openvpn source from http://openvpn.net/release/openvpn-2.0.9.tar.gz , untar it, and grab the easyrsa directory. its pretty self explanatory. openvpn docs on using easyrsa: http://openvpn.net/easyrsa.html regards, _Terry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHpLz9k7bV+uVfpEwRAvu2AKDEslZhsf2O82E97/6SJLoOKQxoUgCg8JNI PqOrVPtT2UZsUPvLOGYXwak= =wVwX -END PGP SIGNATURE- ___ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
Re: [Linux-HA] quorumd: Problem with certificates
Am Samstag, 2. Februar 2008 14:16 schrieb Michael Schwartzkopff: Hi, I tried to set up a quorumd according to: http://www.linux-ha.org/QuorumServerGuide But all the quorumd keeps telling me (in the logfiles is): quorumd: [3019]: WARN: handshake failed quorumd: [3019]: ERROR: on_listen tls handshake failed I tried to create the certificates with certool several times, also tried to create it with tinyca. No success. Any hint what I am doing wrong? Are there sample certificates to use? Thanks for any hint in the right direction. Hi, I found the thread from May 9th of this list. Somebody having the same problems. I used the sample certificates of that post, but still no success. Strange! What I did: 1) ca-cert.pem, server-cert.pem and server-key.pem to quorum server. No crl was included in the samples. 2) quorumd.conf of the quorum server cluster MyCluster version 2_0_8 interval1000 timeout 5000 takeover3000 giveup 2000 nodenum 3 weight 300 3) on the quorum server: /usr/lib/heartbeat/quorumd 4) ca-cert.prm, client-cert.prm adn client-key.pem to node1 added the following lines to ha.cf: cluster MyCluster quorum_server quorumsrv 5) on the node: export ha_quorum=quorumd /usr/lib/heartbeat/heartbeat After 30 sec I get the ERROR message in the log file on the quorum server about TLS handshake. Any idea what I did wrong? -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [EMAIL PROTECTED] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 ___ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems