csync2/csync2-README.quickstart

57 lines
1.9 KiB
Plaintext
Raw Normal View History

Getting started with csync2 :
There's no need to define the port for csync2 in /etc/services, although the
manual says so. Port 30865/tcp is defined in /etc/xinetd.d/csync2. All commands
detailed here need to be executed as root, so be extra careful.
The config file for csync2 is /etc/csync2/csync2.cfg. Here is an example :
mygroup {
host host1;
host host2;
key /etc/csync2/mygroup.key;
include /etc/csync2/csync2.cfg;
include /etc/testfile;
}
This will sync the csync2 configuration and /etc/testfile between host1 and
host2. Create the file on host1. Note that hostnames need to be the FQDN
returned by "hostname".
Generate the pre-shared key used for authentication :
csync2 -k /etc/csync2/mygroup.key
Copy the configuration file and the pre-shared key to host2:
scp /etc/csync2/csync2.cfg /etc/csync2/mygroup.key host2:/etc/csync2/
The SSL key and certificate are generated upon package installation, but you
can replace them with your own if you like. The files are :
/etc/csync2/csync2_ssl_key.pem
/etc/csync2/csync2_ssl_cert.pem
Note that the common name (CN) in each node's SSL certificate must be the
same, or the SSL connection will fail. If you ever replace a node, and its
SSL key changes, existing nodes will still have a cached copy of the old key,
and the connection will fail. To remove the old key from an existing node's
cache, run the following command on each existing node:
csync2-rm-ssl-cert <replaced-hostname>
The csync2 service is disabled by default. To start it on both your hosts :
chkconfig csync2 on
chkconfig --level 345 xinetd on
service xinetd restart
If you are running iptables, you need to open tcp port 30865 on both hosts so
that the other host can connect.
Now you should be able to run and initial verbose sync on both hosts :
csync2 -xv
Once everything looks good, you can add a file with the following line as
/etc/cron.d/csync2 or add it to /etc/crontab :
*/5 * * * * root csync2 -x
Happy syncing!