diff --git a/csync2-README.quickstart b/csync2-README.quickstart index 20f6a1c..f08ad79 100644 --- a/csync2-README.quickstart +++ b/csync2-README.quickstart @@ -29,6 +29,13 @@ can replace them with your own if you like. The files are : /etc/csync2/csync2_ssl_key.pem /etc/csync2/csync2_ssl_cert.pem +Note that the common name (CN) in each node's SSL certificate must be the +same, or the SSL connection will fail. If you ever replace a node, and its +SSL key changes, existing nodes will still have a cached copy of the old key, +and the connection will fail. To remove the old key from an existing node's +cache, run the following command on each existing node: + csync2-rm-ssl-cert + The csync2 service is disabled by default. To start it on both your hosts : chkconfig csync2 on chkconfig --level 345 xinetd on diff --git a/csync2-rm-ssl-cert b/csync2-rm-ssl-cert new file mode 100644 index 0000000..cf8143a --- /dev/null +++ b/csync2-rm-ssl-cert @@ -0,0 +1,45 @@ +#!/bin/bash + +if [ $# -eq 0 -o "$1" = "-h" ]; then + cat < + +Options: + -h Display this usage information + +END + exit 0 +fi + +DBFILE=/var/lib/csync2/$(hostname).db +if [ ! -f "$DBFILE" ]; then + echo "Local csync2 database ($DBFILE) not found." + exit 1 +fi + +# Strip double and single quotes from hostname so they can't interfere with the SQL +PEERNAME=$(echo $1 | sed -e "s/['\"]//g") + +certcount() +{ + echo "SELECT COUNT(peername) FROM x509_cert WHERE peername='$1';" | sqlite $DBFILE +} + +if [ $(certcount "$PEERNAME") -eq 0 ]; then + echo "Certificate for '$PEERNAME' not in local database." + exit 0 +fi + +echo "DELETE FROM x509_cert WHERE peername='$PEERNAME';" | sqlite $DBFILE + +if [ $(certcount "$PEERNAME") -ne 0 ]; then + echo "Error removing certificate for '$PEERNAME' from local database." + exit 1 +fi + +echo "Certificate for '$PEERNAME' removed from local database." + diff --git a/csync2.changes b/csync2.changes index 77175f8..c7888b4 100644 --- a/csync2.changes +++ b/csync2.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Wed Oct 26 09:19:16 UTC 2011 - tserong@suse.com + +- Remove explicit lib dependencies from spec file + +------------------------------------------------------------------- +Tue Sep 20 12:41:40 UTC 2011 - tserong@suse.com + +- Add csync2-rm-ssl-cert helper script (bnc#709811) + +------------------------------------------------------------------- +Sun Sep 18 00:06:31 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + ------------------------------------------------------------------- Tue Jun 8 00:59:40 UTC 2010 - tserong@novell.com diff --git a/csync2.spec b/csync2.spec index bd2a62d..4bb9484 100644 --- a/csync2.spec +++ b/csync2.spec @@ -1,7 +1,7 @@ # -# spec file for package csync2 (Version 1.34) +# spec file for package csync2 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,12 +20,13 @@ Summary: Cluster synchronization tool Name: csync2 Version: 1.34 -Release: 1 +Release: 2 Group: Productivity/Clustering/HA License: GPLv2+ ; LGPLv2.1+ Url: http://oss.linbit.com/csync2/ Source0: http://oss.linbit.com/csync2/%{name}-%{version}.tar.gz Source1: csync2-README.quickstart +Source2: csync2-rm-ssl-cert Patch0: csync2-fix-xinetd.patch Patch1: fix-missing-sentinels.diff %if 0%{?suse_version} > 1120 @@ -34,7 +35,7 @@ BuildRequires: pkg-config %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires(post): openssl -Requires: xinetd libgnutls26 libgnutls-extra26 gnutls sqlite2 librsync libtasn1-3 +Requires: xinetd gnutls sqlite2 BuildRequires: bison flex libgnutls-devel libgnutls-extra-devel librsync libtasn1-devel sqlite2-devel %description @@ -44,12 +45,6 @@ setups with much more than just 2 hosts, handle file deletions and can detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs and server farms. - - -Authors: --------- - Clifford Wolf - %prep %setup -q %patch0 -p1 -b .fix-xinetd @@ -64,17 +59,14 @@ install -p -m 644 %{SOURCE1} README.quickstart make %{?_smp_mflags} %install -rm -rf %{buildroot} make install DESTDIR=%{buildroot} mkdir -p %{buildroot}%{_var}/lib/csync2 install -p -D -m 644 csync2.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/csync2 +install -p -m 755 %{SOURCE2} %{buildroot}%{_sbindir}/csync2-rm-ssl-cert # We need these empty files to be able to %%ghost them touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_key.pem touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem -%clean -rm -rf %{buildroot} - %post umask 077 if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_key.pem ]; then @@ -112,6 +104,7 @@ fi %ghost %config %{_sysconfdir}/csync2/csync2_ssl_cert.pem %{_sbindir}/csync2 %{_sbindir}/csync2-compare +%{_sbindir}/csync2-rm-ssl-cert %{_mandir}/man1/csync2.1* %dir %{_var}/lib/csync2/