Hi, On Sat, Feb 02, 2008 at 09:09:41PM +0100, Michael Schwartzkopff wrote: > Am Samstag, 2. Februar 2008 14:16 schrieb Michael Schwartzkopff: > > Hi, > > > > I tried to set up a quorumd according to: > > http://www.linux-ha.org/QuorumServerGuide > > > > But all the quorumd keeps telling me (in the logfiles is): > > quorumd: [3019]: WARN: handshake failed > > quorumd: [3019]: ERROR: on_listen tls handshake failed > > > > I tried to create the certificates with certool several times, also tried > > to create it with tinyca. No success. Any hint what I am doing wrong? Are > > there sample certificates to use? > > > > Thanks for any hint in the right direction. > > Hi, > > I found the thread from May 9th of this list. Somebody having the same > problems. I used the sample certificates of that post, but still no success. > Strange!
You can test the TLS communication using the openssl tools (openssl s_client/s_server). They should tell you what's wrong. One typical problem is name resolution, i.e. the parties communicating have to resolve to exactly the names in the certificates (reverse name resolution). Thanks, Dejan > What I did: > 1) ca-cert.pem, server-cert.pem and server-key.pem to quorum server. No crl > was included in the samples. > 2) quorumd.conf of the quorum server > cluster MyCluster > version 2_0_8 > interval 1000 > timeout 5000 > takeover 3000 > giveup 2000 > nodenum 3 > weight 300 > 3) on the quorum server: > /usr/lib/heartbeat/quorumd & > > 4) ca-cert.prm, client-cert.prm adn client-key.pem to node1 > added the following lines to ha.cf: > cluster MyCluster > quorum_server quorumsrv > > 5) on the node: > export ha_quorum=quorumd > /usr/lib/heartbeat/heartbeat > > After 30 sec I get the ERROR message in the log file on the quorum server > about TLS handshake. Any idea what I did wrong? > > -- > Dr. Michael Schwartzkopff > MultiNET Services GmbH > Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany > Tel: +49 - 89 - 45 69 11 0 > Fax: +49 - 89 - 45 69 11 21 > mob: +49 - 174 - 343 28 75 > > mail: [EMAIL PROTECTED] > web: www.multinet.de > > Sitz der Gesellschaft: 85630 Grasbrunn > Registergericht: Amtsgericht M?nchen HRB 114375 > Gesch?ftsf?hrer: G?nter Jurgeneit, Hubert Martens > > --- > > PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B > Skype: misch42 > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
