case_csync2_Identification_failed.txt
env:
两个kvm vm 做HA
网卡br0 - vm1 eth0 192.168.5.53
- vm2 eth0 192.168.5.54
br0 ip is 192.168.5.20
双机:
192.168.5.53 sles11sp3.suse.com sles11sp3
192.168.5.54 sles11sp3s.suse.com sles11sp3s
csync2安装readme配置后,出现问题Identification failed 错误
sles11sp3:/etc/csync2 # csync2 -xv
Connecting to host sles11sp3s (SSL) ...
While syncing file /etc/corosync/authkey:
ERROR from peer sles11sp3s: Identification failed!
sles11sp3:~ # csync2 -T
ERROR from peer sles11sp3s: Identification failed!
ERROR from peer: Dear 192.168.5.20, please identify first.
L sles11sp3 sles11sp3s /etc/corosync/authkey
TT:
查看源码发现,在csync2 的服务器端调用 getaddrinfo 函数获取IP 地址和收到报文中的IP地址进行匹配,发现不想等,则
报" Identification failed!"
发现在sles11sp3 发起到sles11sp3s 的tcp通信时,tcp的连接目的地址都是192.168.5.20 , 不是192.168.5.54
sles11sp3s:~ # netstat -anlp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3696/sshd
tcp 0 0 192.168.5.54:22 192.168.5.20:58592 ESTABLISHED 3776/1
tcp 0 0 192.168.5.54:22 192.168.5.53:47134 ESTABLISHED 4175/0
tcp 0 0 :::22 :::* LISTEN 3696/sshd
怀疑是主机上(kvm host) 防火墙上配置了地址转换
jun:~ # iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 79 packets, 17429 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * br0 0.0.0.0/0 0.0.0.0/0
果然,修改一下:
jun:~ # iptables -t nat -D POSTROUTING 1
jun:~ # iptables -t nat -I POSTROUTING -o br0 ! -d 192.168.5.0/24 -j MASQUERADE
之后,测试ssh , 正常!
sles11sp3s:~ # netstat -anlp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3696/sshd
tcp 0 0 192.168.5.54:22 192.168.5.53:47134 ESTABLISHED 4175/0
tcp 0 0 :::22 :::* LISTEN 3696/sshd
csync2现在也OK了。
sles11sp3:~ # csync2 -xv
Connecting to host sles11sp3s (SSL) ...
Updating /etc/corosync/authkey on sles11sp3s ...
File is already up to date on peer.
Updating /etc/corosync/corosync.conf on sles11sp3s ...
File is already up to date on peer.
Updating /etc/csync2/csync2.cfg on sles11sp3s ...
File is already up to date on peer.
Updating /etc/csync2/key_hagroup on sles11sp3s ...
File is already up to date on peer.
Updating /etc/drbd.conf on sles11sp3s ...
File is already up to date on peer.
Updating /etc/drbd.d on sles11sp3s ...
File is already up to date on peer.
Updating /etc/drbd.d/global_common.conf on sles11sp3s ...
File is already up to date on peer.
Updating /etc/lvm/lvm.conf on sles11sp3s ...
File is already up to date on peer.
Updating /etc/sysconfig/openais on sles11sp3s ...
File is already up to date on peer.
Updating /etc/sysconfig/pacemaker on sles11sp3s ...
File is already up to date on peer.
Finished with 0 errors.
sles11sp3:~ # csync2 -xv
sles11sp3:~ #
阅读(3158) | 评论(0) | 转发(0) |