Sorry, only the CN of the client cert (which is installed in your heartbeat nodes) should be same as your cluster name.
On 5/12/07, Zhen Huang <[EMAIL PROTECTED]> wrote:
Hi, Benjamin, Please try the certs in the attachment. To use those certs, you have to change the name of your cluster to "MyCluster". Or you can modify the template files in the attachment then use them when you use the certtool (with --template xxx.tmp). Please note that the CN in both client and server cert should be same as the cluster name. Tell me the result. Thanks! On 5/10/07, Benjamin Lawetz <[EMAIL PROTECTED]> wrote: > I've been trying to get the quorum server to work for the past couple of > days. But whenever I launch heartbeat I juste get on the quorumd server > logs: > May 8 14:50:42 quorumd: [10151]: WARN: handshake failed > May 8 14:50:42 quorumd: [10151]: ERROR: on_listen tls handshake failed > > I'm sure it's a stupid problem with the x.509 certificates, but tried and > retried to generate them but to no avail. > > I've tried looking at the heartbeat logs, but there's so much information > and I don't know what I'm looking for. The only part that might match would > be: > > May 8 14:50:44 crmd: [3455]: info: mem_handle_event: Got an event > OC_EV_MS_INVALID from ccm > May 8 14:50:44 crmd: [3455]: info: mem_handle_event: instance=35, nodes=2, > new=2, lost=0, n_idx=0, new_idx=0, old_idx=4 > May 8 14:50:44 crmd: [3455]: info: crmd_ccm_msg_callback: Quorum lost after > event=INVALID (id=35) > May 8 14:50:44 crmd: [3455]: ERROR: do_ccm_update_cache: 2 nodes w/o quorum > > Is there anything essential I might have missed in the certificate > creationg? I followed the direction from here: > http://www.linux-ha.org/QuorumServerGuide > > I set the common name to the name of the cluster (the one that shows up in > /etc/ha.d/quorumd.conf). I did not set a password for the certificates. > Certtool asks alot of questions, answered to the best of my knowledge... > > I will update the wiki once I figure this out ! > > -- > Benjamin > TéliPhone inc. > > > -------------- > N'envoyé pas de courriel à l'adresse qui suit, sinon vous serez > automatiquement mis sur notre liste noire. > [EMAIL PROTECTED] > Do not send an email to the email above or you will automatically be > blacklisted. > > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems > -- Best Regards, Huang Zhen (zhenh) http://www.linux-ha.org/HuangZhen
-- Best Regards, Huang Zhen (zhenh) http://www.linux-ha.org/HuangZhen _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
