'csync2 -x' reports wrong SSL X509 certificate; while trying to remove the old certificate leads to 'Local csync2 database not found' error

This document (7021205) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise High Availability Extension 12
SUSE Linux Enterprise High Availability Extension 11

Situation

csync2 -x is used to synchronize files among nodes within a cluster. If for some reason peer node was re-created but still have the same hostname, running 'csync2 -x' reports following error:
    # csync2 -x
  'Peer did provide a wrong SSL X509 certificate'


    Normal procedure to remedy this issue is to run `csync2-rm-ssl-cert $PEERNAME` to remove old entries.  
    However, following error could be seen:
  HOST:~ # csync2-rm-ssl-cert HOST2
  Local csync2 database (/var/lib/csync2/HOST1.db3) not found.


Resolution

    Either using the following command to remove the old entry :(NOTE: for SLES12, VERSION=3)
    # echo "DELETE FROM x509_cert WHERE peername='HOST2';" |sqlite${VERSION} /var/lib/csync2/$(echo $HOSTNAME | tr [:upper:] [:lower:]).db${VERSION}
    or create a symbol link in /var/lib/csync2 directory as
    # ln -s host1.db3 HOST1.db3

Cause

    When csync2 creates local database it uses all lower-case characters. If hostname contains upper-case letter, the discrepancy would cause this database not found error.

    Following command can be used to list all the recorded `peername's:
  # echo "SELECT peername FROM x509_cert;" |sqlite${VERSION} /var/lib/csync2/$(echo $HOSTNAME | tr [:upper:] [:lower:]).db${VERSION}

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7021205
  • Creation Date: 16-Aug-2017
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise High Availability Extension

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center