Am 05.09.2012 16:55, schrieb Art -kwaak- van Breemen:
> To describe it better: it's: host nodename(@address); Where you use
> the @address if nodename itself does not resolv to the right ip
> address. address can be an ip address, or a resolvable hostname.
now that's an interesting insight, thank you!
To try that, I changed the beginning of csync2.cfg to:
> nossl 172.31.* 172.31.*;
> nossl leihnix*h* leihnix*h*;
>
> group cfg_sync-etc {
> host leihnix6h1@172.31.1.16;
> host leihnix5h1@172.31.1.11;
and turned /etc/hosts back to:
> 172.31.1.11 leihnix5h1
> 172.31.1.16 leihnix6h1
>
> 127.0.0.1 localhost
>
> 192.168.1.11 leihnix5h1
> 192.168.1.16 leihnix6h1
Which results in the following error:
> SQL: SELECT filename, myname, force FROM dirty WHERE peername =
> '172.31.1.11' ORDER by filename ASC
> SQL Query finished.
> Connecting to host 172.31.1.11 (SSL) ...
> Local> SSL\n
> Peer> OK (activating_ssl).\n
> Establishing SSL connection failed.
> SQL: COMMIT TRANSACTION
although
- 1. I have disabled ssl using nossl directive in csync2.cfg
- 2. SSL worked using the default NIC.
What wonders me most is that the nossl directive is ignored.
Ignoring the certificate is most probably because the SSL certificate is
matched against the address, not against the hostname (which feels
somewhat senseless to me).
Any experience on how to make it work via IP or interface name?
If not, Lars' workaround isn't too bad :)
Regards
Nils Stöckmann
_______________________________________________
Csync2 mailing list
Csync2@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/csync2
