VoIP, Linux, Security & much more fun
If you need any help regarding these subjects do not hesitate about sending me a text

Today I got a comment from a dear customer: I don't see rsync crontab. And I told him: There is no rsync, we use CSync2. He currently has a Load balanced FusionPBX cluster with two VoIP servers with file synchronization. Servers verify each other each two minutes. And I must say, it is really nice.

In this post, I am going to describe how to configure and how to do a simple config.

Create Certificates and Keys

CSync2 needs some self-signed certificates to authenticate the nodes and shared keys to crypt information. To create the certificate do the following command:

openssl genrsa -out /etc/csync2_ssl_key.pem 1024
openssl req -batch -new -key /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.csr
openssl x509 -req -days 3600 -in /etc/csync2_ssl_cert.csr -signkey /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.pem

Any self-signed certificate will work. Note that the name is hardcoded in the system, so you must put it in the exact path and exact name.

To create the shared private key do:

csync2 -k /etc/csync2.key

Again, the path and name are hardcoded. Copy the certificates and shared keys to all your servers.

Configuration of the Cluster

The configuration file can be named as you want; it is group specific. In this example its name is /etc/csync2.cfg. Here it is the example I will explain.

group ClusterSync
    host jessica.inside-out.xyz;
    host abril.inside-out.xyz;
    host josue.inside-out.xyz;
    host elija.inside-out.xyz;
    key /etc/csync2.key;
    include /var/lib/something;
    include /var/spool/something;
    exclude *~ .*;
    action {
        pattern /var/spool/someting/file1;
        pattern /var/lib/something/file2;
        exec "/sbin/service service1 stop ; /sbin/service service1 start";

Host parameter must specify the label of the server. The hostname must be resolvable, so you may want to put DNS fqdn's or add entries in the /etc/hosts file. It is up to you how to proceed. The key parameter shows the key file done in the last step. The shared key only applies to the current group, so you can have more than one key used in different groups. Include and exclude are self-explained, you can use CLI syntax (*, ?). The action is triggered when a file that matches the pattern is synced, and of course, exec is the command like to run. Try always to put the absolute path as I am not sure if the PATH environment variable is filled correctly. Actions can be labeled with the do-local flag (inside the action {}), this means the command specified will be run on the host who is getting the update (usually it runs on the server who sends the update).

You don't need to configure xinetd service, the RPM I provide already does that. You may need to install xinetd or to start it.

Do your first Sync and Crontab

You can specify host files as slaves like this: host (jessica.inside-out.xyz). This means they are slaves, the current server will only get files from that server, but it won't send (one-way synchronization).

Execute csync2 -x to start your sync. You can add the -v to read the messages. Add this like as a crontab in all your servers.

Remember, CSync2 uses port 30865/tcp. So, you should configure your firewall to allow traffic both ways.


blog comments powered by Disqus
If you need more help than the free one provided here...