|
| 1 | +Getting started with Csync^2^ |
| 2 | +============================= |
| 3 | + |
| 4 | +All commands detailed here need to be executed as root, so be extra careful. |
| 5 | + |
| 6 | +The config file for Csync^2^ is `/etc/csync2/csync2.cfg`. Here is an example: |
| 7 | + |
| 8 | +.... |
| 9 | +mygroup { |
| 10 | + host host1; |
| 11 | + host host2; |
| 12 | + key /etc/csync2/mygroup.key; |
| 13 | + include /etc/csync2/csync2.cfg; |
| 14 | + include /etc/testfile; |
| 15 | +} |
| 16 | +.... |
| 17 | + |
| 18 | +This will sync the Csync^2^ configuration and `/etc/testfile` between `host1` and |
| 19 | +`host2`. Create the file on `host1`. Note that hostnames should typically be the FQDN |
| 20 | +returned by `hostname` footnote:[ |
| 21 | +Technically correct: when talking to a peer, Csync^2^ "introduces" itself with |
| 22 | +its "hostname"; the peer then does a forward name lookup on this provided name, |
| 23 | +and double checks that the client address returned by the `getpeername()` |
| 24 | +socket api matches this forward lookup for the introduction.]. |
| 25 | + |
| 26 | +Generate the pre-shared key used for authentication: |
| 27 | +``` |
| 28 | + csync2 -k /etc/csync2/mygroup.key |
| 29 | +``` |
| 30 | + |
| 31 | +Copy the configuration file and the pre-shared key to host2: |
| 32 | +``` |
| 33 | + scp /etc/csync2/csync2.cfg /etc/csync2/mygroup.key host2:/etc/csync2/ |
| 34 | +``` |
| 35 | + |
| 36 | +The SSL key and certificate may be generated upon package installation, |
| 37 | +but you can create your own if you like. The files are: |
| 38 | +``` |
| 39 | + /etc/csync2/csync2_ssl_key.pem |
| 40 | + /etc/csync2/csync2_ssl_cert.pem |
| 41 | +``` |
| 42 | + |
| 43 | +Note that the common name (CN) in each node's SSL certificate should match |
| 44 | +the hostname, or the SSL connection may fail. If you ever replace a node, and its |
| 45 | +SSL key changes, existing nodes will still have a cached copy of the old key, |
| 46 | +and the connection will fail. To remove the old key from an existing node's |
| 47 | +cache, run the following command on each existing node: |
| 48 | +``` |
| 49 | + csync2 --ls-ssl-cert <some-hostname> |
| 50 | + csync2 --rm-ssl-cert <replaced-hostname> |
| 51 | +``` |
| 52 | + |
| 53 | +The Csync^2^ service is disabled by default. To start it on both your hosts |
| 54 | +using systemd (preferred): |
| 55 | +``` |
| 56 | + systemctl enable csync2.socket |
| 57 | + systemctl start csync2.socket |
| 58 | +``` |
| 59 | + |
| 60 | +If you would prefer to do it the old way with xinetd, run: |
| 61 | +``` |
| 62 | + chkconfig csync2 on |
| 63 | + chkconfig --level 345 xinetd on |
| 64 | + service xinetd restart |
| 65 | +``` |
| 66 | + |
| 67 | +If you are running iptables, you need to open tcp port 30865 on both hosts so |
| 68 | +that the other host can connect. |
| 69 | + |
| 70 | +Now you should be able to run and initial verbose sync on both hosts: |
| 71 | +``` |
| 72 | + csync2 -xv |
| 73 | +``` |
| 74 | + |
| 75 | +Once everything looks good, you can add a file with the following line as |
| 76 | +`/etc/cron.d/csync2` or add it to `/etc/crontab`: |
| 77 | +``` |
| 78 | +*/5 * * * * root csync2 -x |
| 79 | +``` |
| 80 | +
|
| 81 | +Happy syncing! |
| 82 | +
|
0 commit comments