'csync2 -x' reports wrong SSL X509 certificate; while trying to remove the old certificate leads to 'Local csync2 database not found' error
This document (7021205) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise High Availability Extension 12
SUSE Linux Enterprise High Availability Extension 11
SUSE Linux Enterprise High Availability Extension 11
Situation
csync2 -x is used to synchronize files among nodes within a cluster. If for some reason peer node was re-created but still have the same hostname, running 'csync2 -x' reports following error:
# csync2 -x
'Peer did provide a wrong SSL X509 certificate'
Normal procedure to remedy this issue is to run `csync2-rm-ssl-cert $PEERNAME` to remove old entries.
However, following error could be seen:
HOST:~ # csync2-rm-ssl-cert HOST2
Local csync2 database (/var/lib/csync2/HOST1.db3) not found.
# csync2 -x
'Peer did provide a wrong SSL X509 certificate'
Normal procedure to remedy this issue is to run `csync2-rm-ssl-cert $PEERNAME` to remove old entries.
However, following error could be seen:
HOST:~ # csync2-rm-ssl-cert HOST2
Local csync2 database (/var/lib/csync2/HOST1.db3) not found.
Resolution
Either using the following command to remove the old entry :(NOTE: for SLES12, VERSION=3)
# echo "DELETE FROM x509_cert WHERE peername='HOST2';" |sqlite${VERSION} /var/lib/csync2/$(echo $HOSTNAME | tr [:upper:] [:lower:]).db${VERSION}
or create a symbol link in /var/lib/csync2 directory as
# ln -s host1.db3 HOST1.db3
# echo "DELETE FROM x509_cert WHERE peername='HOST2';" |sqlite${VERSION} /var/lib/csync2/$(echo $HOSTNAME | tr [:upper:] [:lower:]).db${VERSION}
or create a symbol link in /var/lib/csync2 directory as
# ln -s host1.db3 HOST1.db3
Cause
When csync2 creates local database it uses all lower-case characters. If hostname contains upper-case letter, the discrepancy would cause this database not found error.
Following command can be used to list all the recorded `peername's:
# echo "SELECT peername FROM x509_cert;" |sqlite${VERSION} /var/lib/csync2/$(echo $HOSTNAME | tr [:upper:] [:lower:]).db${VERSION}
Following command can be used to list all the recorded `peername's:
# echo "SELECT peername FROM x509_cert;" |sqlite${VERSION} /var/lib/csync2/$(echo $HOSTNAME | tr [:upper:] [:lower:]).db${VERSION}
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7021205
- Creation Date: 16-Aug-2017
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise High Availability Extension
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
