Chinaunix首页 | 论坛 | 博客
  • 博客访问: 4611168
  • 博文数量: 385
  • 博客积分: 21208
  • 博客等级: 上将
  • 技术积分: 4393
  • 用 户 组: 普通用户
  • 注册时间: 2006-09-30 13:40
文章分类

全部博文(385)

文章存档

2015年(1)

2014年(3)

2012年(16)

2011年(42)

2010年(1)

2009年(2)

2008年(34)

2007年(188)

2006年(110)

分类: LINUX

2014-06-12 11:49:16

case_csync2_Identification_failed.txt

env:
两个kvm vm 做HA

网卡br0 -   vm1 eth0 192.168.5.53
               -   vm2 eth0 192.168.5.54

br0 ip is  192.168.5.20               
               
双机:
192.168.5.53    sles11sp3.suse.com  sles11sp3
192.168.5.54    sles11sp3s.suse.com sles11sp3s

csync2安装readme配置后,出现问题Identification failed 错误
sles11sp3:/etc/csync2 # csync2 -xv
Connecting to host sles11sp3s (SSL) ...
While syncing file /etc/corosync/authkey:
ERROR from peer sles11sp3s: Identification failed!
 
 

sles11sp3:~ # csync2 -T
ERROR from peer sles11sp3s: Identification failed!
ERROR from peer: Dear 192.168.5.20, please identify first.
L    sles11sp3    sles11sp3s    /etc/corosync/authkey

TT:
查看源码发现,在csync2 的服务器端调用 getaddrinfo 函数获取IP 地址和收到报文中的IP地址进行匹配,发现不想等,则
报" Identification failed!"

发现在sles11sp3 发起到sles11sp3s 的tcp通信时,tcp的连接目的地址都是192.168.5.20 , 不是192.168.5.54
sles11sp3s:~ # netstat -anlp | grep :22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3696/sshd           
tcp        0      0 192.168.5.54:22         192.168.5.20:58592      ESTABLISHED 3776/1              
tcp        0      0 192.168.5.54:22         192.168.5.53:47134      ESTABLISHED 4175/0              
tcp        0      0 :::22                   :::*                    LISTEN      3696/sshd   

怀疑是主机上(kvm host) 防火墙上配置了地址转换

jun:~ # iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 79 packets, 17429 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      br0     0.0.0.0/0            0.0.0.0/0           

果然,修改一下:
jun:~ # iptables -t nat -D POSTROUTING  1
jun:~ # iptables -t nat -I POSTROUTING  -o br0 ! -d  192.168.5.0/24   -j MASQUERADE

之后,测试ssh , 正常!
sles11sp3s:~ # netstat -anlp | grep :22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3696/sshd    
tcp        0      0 192.168.5.54:22         192.168.5.53:47134      ESTABLISHED 4175/0              
tcp        0      0 :::22                   :::*                    LISTEN      3696/sshd   

csync2现在也OK了。

sles11sp3:~ # csync2 -xv
Connecting to host sles11sp3s (SSL) ...
Updating /etc/corosync/authkey on sles11sp3s ...
File is already up to date on peer.
Updating /etc/corosync/corosync.conf on sles11sp3s ...
File is already up to date on peer.
Updating /etc/csync2/csync2.cfg on sles11sp3s ...
File is already up to date on peer.
Updating /etc/csync2/key_hagroup on sles11sp3s ...
File is already up to date on peer.
Updating /etc/drbd.conf on sles11sp3s ...
File is already up to date on peer.
Updating /etc/drbd.d on sles11sp3s ...
File is already up to date on peer.
Updating /etc/drbd.d/global_common.conf on sles11sp3s ...
File is already up to date on peer.
Updating /etc/lvm/lvm.conf on sles11sp3s ...
File is already up to date on peer.
Updating /etc/sysconfig/openais on sles11sp3s ...
File is already up to date on peer.
Updating /etc/sysconfig/pacemaker on sles11sp3s ...
File is already up to date on peer.
Finished with 0 errors.
sles11sp3:~ # csync2 -xv
sles11sp3:~ #





 

阅读(3158) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~